Geodesic
Extended grammar-based fuzzing algorithm for JavaScript Engines
Prikladnaya Diskretnaya Matematika. Supplement, no. 14 (2021), pp. 140-146.

Voir la notice de l'article provenant de la source Math-Net.Ru

JavaScript engine security continues to be critical for user safety. Unfortunately, modern fuzzing algorithms cover only a small part of the entire engine. JavaScript engine requires highly structured input — JavaScript programs that are syntactically and semantically correct. The most of generated input struggle to pass syntax and semantic correctness checks. In this paper, we describe the extension of the grammar-based fuzzing algorithm. We propose a way of describing grammar for fuzzing using a set of JavaScript source codes. Grammars constructed with our method cover larger part of JavaScript language in comparison with grammars created by describing grammar rules. Another change of the basic algorithm is controlling the context in the mutation process. It allows filtering a lot of inputs that don't give new results. Our experiments show that the improved algorithm has increased speed of finding new paths in the target program.
Keywords: fuzzing, JavaScript. 
@article{PDMA_2021_14_a31,
     author = {M. S. Nedyak},
     title = {Extended grammar-based fuzzing algorithm for {JavaScript} {Engines}},
     journal = {Prikladnaya Diskretnaya Matematika. Supplement},
     pages = {140--146},
     publisher = {mathdoc},
     number = {14},
     year = {2021},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDMA_2021_14_a31/}
}
TY  - JOUR
AU  - M. S. Nedyak
TI  - Extended grammar-based fuzzing algorithm for JavaScript Engines
JO  - Prikladnaya Diskretnaya Matematika. Supplement
PY  - 2021
SP  - 140
EP  - 146
IS  - 14
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDMA_2021_14_a31/
LA  - ru
ID  - PDMA_2021_14_a31
ER  - 
%0 Journal Article
%A M. S. Nedyak
%T Extended grammar-based fuzzing algorithm for JavaScript Engines
%J Prikladnaya Diskretnaya Matematika. Supplement
%D 2021
%P 140-146
%N 14
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDMA_2021_14_a31/
%G ru
%F PDMA_2021_14_a31
M. S. Nedyak. Extended grammar-based fuzzing algorithm for JavaScript Engines. Prikladnaya Diskretnaya Matematika. Supplement, no. 14 (2021), pp. 140-146. http://geodesic.mathdoc.fr/item/PDMA_2021_14_a31/

[1] Domato Fuzzer, , 2021 https://github.com/googleprojectzero/domato/blob/master/README.md

[2] Dharma Fuzzer, , 2021 https://github.com/MozillaSecurity/dharma/blob/master/README.md

[3] Aschermann C., NAUTILUS: Fishing for Deep Bugs with Grammars, , 2021 https://www.syssec.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2018/12/17/NDSS19-Nautilus.pdf

[4] Aho A. V., Lam M. S., Sethi R., Ullman J. D., Compilers: Principles, Techniques, and Tools, Addison Wesley, 2007 | Zbl

[5] Virtualnaya mashina JavaScript SpiderMonkey, , 2021 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey

[6] Virtualnaya mashina JavaScript ChakraCore, , 2021 https://github.com/chakra-core/ChakraCore

[7] , 2021 https://github.com/MashaSamoylova/DFuzzer/blob/master/README.md