该文探讨了使用保留语义的突变(aspect-preserving mutation)来 fuzz JavaScript 引擎,尤其是针对 JIT 编译器的漏洞。作者指出,传统方法难以发现依赖特定输入特性的缺陷,如POC exploits和单元测试中的问题。文章提出了结构保留和类型保留两种突变策略,旨在减少运行时错误并提高找寻潜在漏洞的效率。
这篇文章是基于已有的单元测试,以及POC exploits来找JS引擎中的bug(主要是JIT的bug)。它假设了一个前提,如果程序在一种input下出了bug,那么它会很有可能在相似的input下出现新的bug(文中特意拿黑客举例,黑客特别喜欢去找和已有的缺陷类似的缺陷)。
啥是POC exploit:
- A proof of concept (PoC) exploit is a non-harmful attack against a computer or network. PoC exploits are not meant to cause harm, but to show security weaknesses within software.
- 就是说它是一段程序,这段程序能暴露出软件的安全性漏洞。感觉类似于导致bug的test case。
啥是JIT:
- Wiki: Just-in-time (JIT) compilation (also dynamic translation or run-time compilations) is a way of executing computer code that involves compilation during execution of a program – at run time – rather than before execution.
- Stackoverflow: A JIT compiler runs after the program has started and compiles the code (usually bytecode or some kind of VM instructions) on the fly (or just-i
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
