Research On Differential Fuzzing Testing For Embedded JavaScript Engine

With its dynamic,interactive,and cross-platform features,JavaScript has become a programming language widely used in embedded Io T devices.Various embedded JavaScript engines have been developed in large numbers to interpret and execute JavaScript programs on Io T devices.However,due to the varying level of programmers and deviations in understanding JavaScript engine design specifications,the developed JavaScript engine has security defects,functional defects,and performance defects.Security defects will expose embedded devices to security risks,and functional defects will affect JavaScript programs’ correct operation.The performance defects of embedded JavaScript engines will consume limited computing resources in vain and cause energy waste in low-power embedded devices.Black box differential fuzzing testing is currently the primary way to find the defects mentioned above of JavaScript engines,but the existing differential fuzzing testing method has two problems.On the one hand,differential fuzzing testing mainly focuses on security defects and functional defects but ignores performance defects.On the other hand,the complicated test cases and many repeated test results in the differential fuzzing test results increase the cost of manually analyzing the test results.In response to the above problems,the research content of this article is as follows:(1)This thesis proposes a performance defect detection-oriented differential fuzzing testing method to find more JavaScript engine performance defects.This thesis improves the quality of generated test cases and the detection method design to achieve this goal.In terms of ensuring the quality of generated test cases,we first extract JavaScript functions with correct syntax and relatively complete semantics from the open-source code library.Then we call the extracted functions and pass parameters to get test cases.Finally,we mutate test cases on the level of the abstract syntax tree to make it have the ability to detect performance defects.In terms of defect detection method design,we improve the current differential fuzzing testing method to capture the performance defects triggered by test cases.(2)This thesis proposes a test case simplification method based on the abstract syntax tree and a test result filter method based on multi-dimensional features,which are used to simplify the complex test cases and reduce the repetition rate of test results.Test case simplification makes complex test cases simple and facilitates a quick understanding of defects.The test result filtering will delete the repeated test results to avoid wasting human resources caused by analyzing the repeated test results.(3)We designed and implemented the JSDiff prototype system and introduce the system module division and primary algorithm design in detail.At the same time,we evaluate the JSDiff system from multiple angles.And JSDiff system found 71 defects in total,of which43 confirmed.The experimental results show that the method proposed in this thesis not only has good defect detection ability on performance defect,functional defect,and safety defect,but also can effectively reduce the cost of manually analyzing test results.