Title: Program Synthesis for Fuzzing in the Perspective of Programming Language Characteristics

Date: Wednesday, April 10, 2024

Time: 1:00 PM EST

Location: Zoom Virtual Link

Soyeon Park

Ph.D. Student

School of Computer Science & School of Cybersecurity and Privacy

College of Computing

Georgia Institute of Technology

Committee:

Dr. Taesoo Kim (Advisor) - School of Computer Science & School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Alessandro Orso - School of Computer Science, Georgia Institute of Technology

Dr. Qirun Zhang - School of Computer Science, Georgia Institute of Technology 

Dr. Brendan D. Saltaformaggio - School of Computer Science & School of Cybersecurity and Privacy & School of Electrical and Computer Engineering, Georgia Institute of Technology

Dr. Jiyong Jang – IBM Research

Abstract:

Fuzzing has emerged as a practical method for discovering bugs in software testing. With the help of coverage feedback, fuzzing has been working well by providing random or semi-structured data to programs that take binary and slightly structured inputs in order to identify bugs. However, fuzzing programs that take heavily structured input, such as program code, necessitates program synthesis that takes programming language characteristics, like interpreters and compilers, into account. Additionally, generating fuzzing harnesses for open-source libraries based on their code requires a thorough understanding of programming language characteristics.

In this thesis, we first present our experience in synthesizing JavaScript programs to test JavaScript interpreters. We propose a new technique called an aspect-preserving mutation, which stochastically preserves desirable properties, referred to as aspects, that are considered essential for reaching vulnerabilities during mutation. The aspect preservation is demonstrated through two mutation strategies designed with JavaScript characteristics: structure and type preservation. Using this technique, we discovered 48 high-impact bugs in widely used JavaScript interpreters.

Moreover, we discuss two program synthesis efforts to test the Rust programming language. Rust is a community-driven programming language that emphasizes memory safety and performance. Libraries and compilers are essential components of the Rust ecosystem and testing them for correctness is crucial. To address this issue, we introduce an automated tool to generate fuzzing harnesses for Rust libraries without manual effort. Furthermore, we propose a Large Language Model (LLM)-assisted tool for synthesizing Rust programs to test Rust compilers based on specifications and examples. This tool leverages LLMs’ capabilities to generate comprehensive test cases targeting compiler misbehavior. As a result, we discovered 82 unique bugs in Rust libraries and four unique bugs in Rust compilers.