@inproceedings{1db99741980b480f87f971247c03b4ec,
title = "WasmFuzzer: A Fuzzer for WebAssembly Virtual Machines",
abstract = "WebAssembly is a fast, safe, and portable low-level language suitable for diverse application scenarios. And The WebAssembly virtual machines are widely used by Web browsers or Blockchain platforms as execution engine. When there is a bug in the implementation of the Wasm virtual machine, the execution of WebAssembly may lead to errors or vulnerability in the application. Due to the grammar checks by WASM VMs, fuzzing at the binary level is ineffective to expose the bugs because most inputs cannot reach the deep logic within the WASM VM. In this work, we propose WasmFuzzer, a bytecode level fuzzing tool for WASM VMs. WasmFuzzer proposes to generate initial seeds for Fuzzing at the Wasm bytecode level and it also designs a systematic set of mutation operators for Wasm bytecode. Furthermore, WasmFuzzer proposes an adaptive mutation strategy to search for the best mutation operators for different fuzzing targets. Our evaluation on 3 real-life Wasm VMs shows that WasmFuzzer can significantly outperform AFL in terms of both code coverage and unique crash.",
keywords = "fuzzing, Virtual Machine, WebAssembly",
author = "Bo Jiang and Zichao Li and Yuhe Huang and Zhenyu Zhang and Chan, {W. K.}",
year = "2022",
month = jul,
doi = "10.18293/SEKE2022-165",
language = "English",
isbn = "9781891706547",
series = "Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE",
publisher = "KSI Research Inc.",
pages = "537--542",
booktitle = "SEKE 2022 - Proceedings of the 34th International Conference on Software Engineering and Knowledge Engineering",
note = "34th International Conference on Software Engineering and Knowledge Engineering, SEKE 2022 ; Conference date: 01-07-2022 Through 10-07-2022",
}