Research On Java Script Engine Bug Detection Method Based On Standard Document Analysis

JavaScript is a popular,platform-independent programming language.In order to ensure the interoperability of JavaScript programs on different platforms,the implementation of the JavaScript interpreter(i.e.,engine)must conform to the ECMAScript-262 standard.However,the frequent changes of the standard make it difficult for engine developers to make timely updates,so that the JavaScript engine has behaviors that do not meet the standards,that is,conformance bugs.Conformance bugs will not only cause correct JavaScript scripts to get wrong results after running,but also may cause abnormal JavaScript programs that can run normally under a certain platform to migrate to other platforms,seriously endangering the stability and extensibility of JavaScript programs.In order to effectively detect the conformance bugs of the JavaScript engine,this thesis designs an automated bug detection method based on standard document analysis and differential fuzzing.The main research contents are as follows:(1)This thesis adopts the idea of differential fuzzing,by constructing a large number of test cases and inputting them to multiple JavaScript engines for execution,monitoring the execution results of the engines,and performing differential analysis on them,to obtain suspicious test cases that trigger the inconsistent behavior of engines,finally,artificial analysis was carried out on suspicious cases to determine whether to trigger the engine bug.With a high degree of automation and only a small amount of manual intervention,this method can be applied to the continuous automatic bug detection of JavaScript engines.(2)Taking advantage of the guiding role of ECMAScript-262 standard for conformance bug detection,this thesis designs a test case mutation method based on standard document analysis,which can automatically parse effective semantic information from standard documents to improve mutation orientation of test cases,the test cases after mutation can cover more branches of the engine,thereby triggering more engine conformance bugs and improving detection efficiency.(3)This thesis designs and implements a prototype system of conformance bug detection,ESfunfuzz,and uses it to perform bug detection in the current four mainstream JavaScript engines in a real environment.A total of 22 conformance bugs of various engines have been successfully detected,19 of which have been confirmed by the engine developers.The experimental results show that the automated testing method based on standard documents is effective and reliable.