Characterizing and Detecting WebAssembly Runtime Bugs-Reference-Cited by-同舟云学术

Characterizing and Detecting WebAssembly Runtime Bugs

Published:2023-12-21 Issue:2 Volume:33 Page:1-29
ISSN:1049-331X
Container-title:ACM Transactions on Software Engineering and Methodology
language:en
Short-container-title:ACM Trans. Softw. Eng. Methodol.

Author:

Zhang Yixuan¹^ORCID,Cao Shangtong²^ORCID,Wang Haoyu³^ORCID,Chen Zhenpeng⁴^ORCID,Luo Xiapu⁵^ORCID,Mu Dongliang³^ORCID,Ma Yun⁶^ORCID,Huang Gang⁷^ORCID,Liu Xuanzhe¹^ORCID

Affiliation:

1. Key Laboratory of High Confidence Software Technologies (Peking University), Ministry of Education; School of Computer Science, Peking University, China

2. Beijing University of Posts and Telecommunications, China

3. Huazhong University of Science and Technology, China

4. University College London, UK

5. The Hong Kong Polytechnic University, China

6. Key Laboratory of High Confidence Software Technologies (Peking University), Ministry of Education; Institute for Artificial Intelligence, Peking University, China

7. School of Computer Science, Peking University; National Key Laboratory of Data Space Technology and System, China

Abstract

WebAssembly (abbreviated WASM) has emerged as a promising language of the Web and also been used for a wide spectrum of software applications such as mobile applications and desktop applications. These applications, named WASM applications, commonly run in WASM runtimes. Bugs in WASM runtimes are frequently reported by developers and cause the crash of WASM applications. However, these bugs have not been well studied. To fill in the knowledge gap, we present a systematic study to characterize and detect bugs in WASM runtimes. We first harvest a dataset of 311 real-world bugs from hundreds of related posts on GitHub. Based on the collected high-quality bug reports, we distill 31 bug categories of WASM runtimes and summarize their common fix strategies. Furthermore, we develop a pattern-based bug detection framework to automatically detect bugs in WASM runtimes. We apply the detection framework to seven popular WASM runtimes and successfully uncover 60 bugs that have never been reported previously, among which 13 have been confirmed and 9 have been fixed by runtime developers.

Funder

National Key R&D Program of China

National Natural Science Foundation of China

Beijing Outstanding Young Scientist Program

Center for Data Space Technology and System, Peking University

ERC Advanced Grant

Hong Kong RGC Project

Publisher

Association for Computing Machinery (ACM)

Subject

Software

Link

https://dl.acm.org/doi/pdf/10.1145/3624743

Reference79 articles.

1. Nicolas Falliere. 2018. Reverse Engineering WebAssembly. https://www.pnfsoftware.com/reversing-wasm.pdf

2. Wasmer. 2019. wasmer issue 830. https://github.com/wasmerio/wasmer/issues/830

3. Bytecode Alliance. 2020. WAMR issue 1144. https://github.com/bytecodealliance/wasm-micro-runtime/issues/1144

4. Wasmer. 2020. wasmer issue 1263. https://github.com/wasmerio/wasmer/issues/1263

5. Bytecode Alliance. 2020. wasmtime issue 2347. https://github.com/bytecodealliance/wasmtime/issues/2347

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Wapplique: Testing WebAssembly Runtime via Execution Context-Aware Bytecode Mutation;Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis;2024-09-11

2. Characterizing and Detecting WebAssembly Runtime Bugs;ACM Transactions on Software Engineering and Methodology;2023-12-21

3. A Comprehensive Study of Bugs in Embedded WebAssembly Virtual Machines;2023 3rd International Conference on Computer Science, Electronic Information Engineering and Intelligent Control Technology (CEI);2023-12-15

4. Enabling Trusted TEE-as-a-Service Models with Privacy Preserving Automatons;2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom);2023-12-04

5. WADIFF: A Differential Testing Framework for WebAssembly Runtimes;2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE);2023-09-11