Leveraging diversity to find bugs in JavaScript engines

LIMA, Igor Simões de Oliveira

Leveraging diversity to find bugs in JavaScript engines

Detalhes bibliográficos
Ano de defesa:	2020
Autor(a) principal:	LIMA, Igor Simões de Oliveira
Orientador(a):	d'AMORIM, Marcelo Bezerra
Banca de defesa:	Não Informado pela instituição
Tipo de documento:	Dissertação
Tipo de acesso:	Acesso aberto
Idioma:	eng
Instituição de defesa:	Universidade Federal de Pernambuco
Programa de Pós-Graduação:	Programa de Pos Graduacao em Ciencia da Computacao
Departamento:	Não Informado pela instituição
País:	Brasil
Palavras-chave em Português:	Engenharia de software JavaScript
Link de acesso:	https://repositorio.ufpe.br/handle/123456789/38478
Resumo:	JavaScript is a very popular programming language today with several implementations competing for market dominance. Although a specification document and a conformance test suite exist to guide engine development, bugs occur and have important practical consequences. This work evaluates the importance of different techniques to find functional bugs in JavaScript engines. For that, we explored two existing techniques—test transplantation and cross-engine differential testing. The first technique runs test suites of a given engine in another engine. The second technique fuzzes existing inputs and then compares the output produced by different engines with a differential oracle. We considered engines from four major players in our experiments–V8, SpiderMonkey, ChakraCore, and JavaScriptCore. We present a tool capable of running tests on any javascript engine and obtaining reports based on the test output. It was possible to run the four engines in a test suite extracted from open-source projects, using the two techniques mentioned and we analyzed the behavior of each engine, classifying the output as a bug or not. The results indicate that both techniques revealed several bugs, many of which confirmed by developers. Overall, we reported 50 bugs in this study. Of which, 36 were confirmed by developers and 29 were fixed. To sum, our results show that the techniques are easy to apply and very effective in finding bugs in complex software, such as JavaScript engines.

Metadados do item

id	UFPE_2f1d3fb39fe3ab58cdbe7c318f5bc601
oai_identifier_str	oai:repositorio.ufpe.br:123456789/38478
network_acronym_str	UFPE
network_name_str	Repositório Institucional da UFPE
repository_id_str
spelling	LIMA, Igor Simões de Oliveirahttp://lattes.cnpq.br/2282992454648401http://lattes.cnpq.br/3762670242328435d'AMORIM, Marcelo Bezerra2020-11-03T20:15:09Z2020-11-03T20:15:09Z2020-01-17LIMA, Igor Simões de Oliveira. Leveraging diversity to find bugs in JavaScript engines. 2020. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de Pernambuco, Recife, 2020.https://repositorio.ufpe.br/handle/123456789/38478JavaScript is a very popular programming language today with several implementations competing for market dominance. Although a specification document and a conformance test suite exist to guide engine development, bugs occur and have important practical consequences. This work evaluates the importance of different techniques to find functional bugs in JavaScript engines. For that, we explored two existing techniques—test transplantation and cross-engine differential testing. The first technique runs test suites of a given engine in another engine. The second technique fuzzes existing inputs and then compares the output produced by different engines with a differential oracle. We considered engines from four major players in our experiments–V8, SpiderMonkey, ChakraCore, and JavaScriptCore. We present a tool capable of running tests on any javascript engine and obtaining reports based on the test output. It was possible to run the four engines in a test suite extracted from open-source projects, using the two techniques mentioned and we analyzed the behavior of each engine, classifying the output as a bug or not. The results indicate that both techniques revealed several bugs, many of which confirmed by developers. Overall, we reported 50 bugs in this study. Of which, 36 were confirmed by developers and 29 were fixed. To sum, our results show that the techniques are easy to apply and very effective in finding bugs in complex software, such as JavaScript engines.CAPESFACEPEAtualmente, o JavaScript é uma linguagem de programação muito popular, com várias implementações competindo pelo domínio do mercado. Embora exista um documento de especificação e um conjunto de testes de conformidade para orientar o desenvolvimento do motor (do inglês, engine), bugs ocorrem e têm importantes consequências práticas. Este trabalho avalia a importância do uso de diferentes técnicas para encontrar erros funcionais nos motores JavaScript. Para isso, exploramos duas técnicas de testes existentes - teste de transplante e teste diferencial entre motores. A primeira técnica executa suítes de teste de um determinado mecanismo em outro mecanismo. A segunda técnica aplica fuzzing nas entradas de teste e depois compara o resultado produzido em diferentes motores através de um oráculo diferencial. Consideramos os quatro principais motores da atualidade em nossos experimentos - V8, SpiderMonkey, ChakraCore e JavaScriptCore. Apresentamos uma ferramenta capaz de executar testes em qualquer motor javascript e obter relatórios baseado na saída dos testes. Com esta ferramenta, foi possível executar os quatro motores em uma suíte de testes extraídos de projetos open-source, utilizando as duas técnicas citadas e analisamos o comportamento de cada motor, classificando a saída como um bug ou não. Os resultados indicam que ambas as técnicas revelaram vários bugs, muitos dos quais já foram confirmados pelos desenvolvedores. No geral, relatamos 50 bugs neste estudo. Dos quais, 36 foram confirmados pelos desenvolvedores e 29 foram corrigidos. Em resumo, nossos resultados mostram que as técnicas são fáceis de aplicar e são muito eficazes para encontrar bugs em softwares complexos, como motores JavaScript.engUniversidade Federal de PernambucoPrograma de Pos Graduacao em Ciencia da ComputacaoUFPEBrasilAttribution-NonCommercial-NoDerivs 3.0 Brazilhttp://creativecommons.org/licenses/by-nc-nd/3.0/br/info:eu-repo/semantics/openAccessEngenharia de softwareJavaScriptLeveraging diversity to find bugs in JavaScript enginesinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesismestradoreponame:Repositório Institucional da UFPEinstname:Universidade Federal de Pernambuco (UFPE)instacron:UFPECC-LICENSElicense_rdflicense_rdfapplication/rdf+xml; charset=utf-8811https://repositorio.ufpe.br/bitstream/123456789/38478/2/license_rdfe39d27027a6cc9cb039ad269a5db8e34MD52LICENSElicense.txtlicense.txttext/plain; charset=utf-82310https://repositorio.ufpe.br/bitstream/123456789/38478/3/license.txtbd573a5ca8288eb7272482765f819534MD53ORIGINALDISSERTAÇÃO Igor Simões de Oliveira Lima.pdfDISSERTAÇÃO Igor Simões de Oliveira Lima.pdfapplication/pdf1225054https://repositorio.ufpe.br/bitstream/123456789/38478/1/DISSERTA%c3%87%c3%83O%20Igor%20Sim%c3%b5es%20de%20Oliveira%20Lima.pdfe86254940e65b1a34075f0a4bcaf0daeMD51TEXTDISSERTAÇÃO Igor Simões de Oliveira Lima.pdf.txtDISSERTAÇÃO Igor Simões de Oliveira Lima.pdf.txtExtracted texttext/plain102889https://repositorio.ufpe.br/bitstream/123456789/38478/4/DISSERTA%c3%87%c3%83O%20Igor%20Sim%c3%b5es%20de%20Oliveira%20Lima.pdf.txt32e73fdef4d0d52eb28de52a1d71e540MD54THUMBNAILDISSERTAÇÃO Igor Simões de Oliveira Lima.pdf.jpgDISSERTAÇÃO Igor Simões de Oliveira Lima.pdf.jpgGenerated Thumbnailimage/jpeg1209https://repositorio.ufpe.br/bitstream/123456789/38478/5/DISSERTA%c3%87%c3%83O%20Igor%20Sim%c3%b5es%20de%20Oliveira%20Lima.pdf.jpg240fa15376b58dc2ee87e22a636d5b8bMD55123456789/384782020-11-04 02:16:57.583oai:repositorio.ufpe.br:123456789/38478TGljZW7Dp2EgZGUgRGlzdHJpYnVpw6fDo28gTsOjbyBFeGNsdXNpdmEKClRvZG8gZGVwb3NpdGFudGUgZGUgbWF0ZXJpYWwgbm8gUmVwb3NpdMOzcmlvIEluc3RpdHVjaW9uYWwgKFJJKSBkZXZlIGNvbmNlZGVyLCDDoCBVbml2ZXJzaWRhZGUgRmVkZXJhbCBkZSBQZXJuYW1idWNvIChVRlBFKSwgdW1hIExpY2Vuw6dhIGRlIERpc3RyaWJ1acOnw6NvIE7Do28gRXhjbHVzaXZhIHBhcmEgbWFudGVyIGUgdG9ybmFyIGFjZXNzw612ZWlzIG9zIHNldXMgZG9jdW1lbnRvcywgZW0gZm9ybWF0byBkaWdpdGFsLCBuZXN0ZSByZXBvc2l0w7NyaW8uCgpDb20gYSBjb25jZXNzw6NvIGRlc3RhIGxpY2Vuw6dhIG7Do28gZXhjbHVzaXZhLCBvIGRlcG9zaXRhbnRlIG1hbnTDqW0gdG9kb3Mgb3MgZGlyZWl0b3MgZGUgYXV0b3IuCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwoKTGljZW7Dp2EgZGUgRGlzdHJpYnVpw6fDo28gTsOjbyBFeGNsdXNpdmEKCkFvIGNvbmNvcmRhciBjb20gZXN0YSBsaWNlbsOnYSBlIGFjZWl0w6EtbGEsIHZvY8OqIChhdXRvciBvdSBkZXRlbnRvciBkb3MgZGlyZWl0b3MgYXV0b3JhaXMpOgoKYSkgRGVjbGFyYSBxdWUgY29uaGVjZSBhIHBvbMOtdGljYSBkZSBjb3B5cmlnaHQgZGEgZWRpdG9yYSBkbyBzZXUgZG9jdW1lbnRvOwpiKSBEZWNsYXJhIHF1ZSBjb25oZWNlIGUgYWNlaXRhIGFzIERpcmV0cml6ZXMgcGFyYSBvIFJlcG9zaXTDs3JpbyBJbnN0aXR1Y2lvbmFsIGRhIFVGUEU7CmMpIENvbmNlZGUgw6AgVUZQRSBvIGRpcmVpdG8gbsOjbyBleGNsdXNpdm8gZGUgYXJxdWl2YXIsIHJlcHJvZHV6aXIsIGNvbnZlcnRlciAoY29tbyBkZWZpbmlkbyBhIHNlZ3VpciksIGNvbXVuaWNhciBlL291IGRpc3RyaWJ1aXIsIG5vIFJJLCBvIGRvY3VtZW50byBlbnRyZWd1ZSAoaW5jbHVpbmRvIG8gcmVzdW1vL2Fic3RyYWN0KSBlbSBmb3JtYXRvIGRpZ2l0YWwgb3UgcG9yIG91dHJvIG1laW87CmQpIERlY2xhcmEgcXVlIGF1dG9yaXphIGEgVUZQRSBhIGFycXVpdmFyIG1haXMgZGUgdW1hIGPDs3BpYSBkZXN0ZSBkb2N1bWVudG8gZSBjb252ZXJ0w6otbG8sIHNlbSBhbHRlcmFyIG8gc2V1IGNvbnRlw7pkbywgcGFyYSBxdWFscXVlciBmb3JtYXRvIGRlIGZpY2hlaXJvLCBtZWlvIG91IHN1cG9ydGUsIHBhcmEgZWZlaXRvcyBkZSBzZWd1cmFuw6dhLCBwcmVzZXJ2YcOnw6NvIChiYWNrdXApIGUgYWNlc3NvOwplKSBEZWNsYXJhIHF1ZSBvIGRvY3VtZW50byBzdWJtZXRpZG8gw6kgbyBzZXUgdHJhYmFsaG8gb3JpZ2luYWwgZSBxdWUgZGV0w6ltIG8gZGlyZWl0byBkZSBjb25jZWRlciBhIHRlcmNlaXJvcyBvcyBkaXJlaXRvcyBjb250aWRvcyBuZXN0YSBsaWNlbsOnYS4gRGVjbGFyYSB0YW1iw6ltIHF1ZSBhIGVudHJlZ2EgZG8gZG9jdW1lbnRvIG7Do28gaW5mcmluZ2Ugb3MgZGlyZWl0b3MgZGUgb3V0cmEgcGVzc29hIG91IGVudGlkYWRlOwpmKSBEZWNsYXJhIHF1ZSwgbm8gY2FzbyBkbyBkb2N1bWVudG8gc3VibWV0aWRvIGNvbnRlciBtYXRlcmlhbCBkbyBxdWFsIG7Do28gZGV0w6ltIG9zIGRpcmVpdG9zIGRlCmF1dG9yLCBvYnRldmUgYSBhdXRvcml6YcOnw6NvIGlycmVzdHJpdGEgZG8gcmVzcGVjdGl2byBkZXRlbnRvciBkZXNzZXMgZGlyZWl0b3MgcGFyYSBjZWRlciDDoApVRlBFIG9zIGRpcmVpdG9zIHJlcXVlcmlkb3MgcG9yIGVzdGEgTGljZW7Dp2EgZSBhdXRvcml6YXIgYSB1bml2ZXJzaWRhZGUgYSB1dGlsaXrDoS1sb3MgbGVnYWxtZW50ZS4gRGVjbGFyYSB0YW1iw6ltIHF1ZSBlc3NlIG1hdGVyaWFsIGN1am9zIGRpcmVpdG9zIHPDo28gZGUgdGVyY2Vpcm9zIGVzdMOhIGNsYXJhbWVudGUgaWRlbnRpZmljYWRvIGUgcmVjb25oZWNpZG8gbm8gdGV4dG8gb3UgY29udGXDumRvIGRvIGRvY3VtZW50byBlbnRyZWd1ZTsKZykgU2UgbyBkb2N1bWVudG8gZW50cmVndWUgw6kgYmFzZWFkbyBlbSB0cmFiYWxobyBmaW5hbmNpYWRvIG91IGFwb2lhZG8gcG9yIG91dHJhIGluc3RpdHVpw6fDo28gcXVlIG7Do28gYSBVRlBFLCBkZWNsYXJhIHF1ZSBjdW1wcml1IHF1YWlzcXVlciBvYnJpZ2HDp8O1ZXMgZXhpZ2lkYXMgcGVsbyByZXNwZWN0aXZvIGNvbnRyYXRvIG91IGFjb3Jkby4KCkEgVUZQRSBpZGVudGlmaWNhcsOhIGNsYXJhbWVudGUgbyhzKSBub21lKHMpIGRvKHMpIGF1dG9yIChlcykgZG9zIGRpcmVpdG9zIGRvIGRvY3VtZW50byBlbnRyZWd1ZSBlIG7Do28gZmFyw6EgcXVhbHF1ZXIgYWx0ZXJhw6fDo28sIHBhcmEgYWzDqW0gZG8gcHJldmlzdG8gbmEgYWzDrW5lYSBjKS4KRepositório InstitucionalPUBhttps://repositorio.ufpe.br/oai/requestattena@ufpe.bropendoar:22212020-11-04T05:16:57Repositório Institucional da UFPE - Universidade Federal de Pernambuco (UFPE)false
dc.title.pt_BR.fl_str_mv	Leveraging diversity to find bugs in JavaScript engines
title	Leveraging diversity to find bugs in JavaScript engines
spellingShingle	Leveraging diversity to find bugs in JavaScript engines LIMA, Igor Simões de Oliveira Engenharia de software JavaScript
title_short	Leveraging diversity to find bugs in JavaScript engines
title_full	Leveraging diversity to find bugs in JavaScript engines
title_fullStr	Leveraging diversity to find bugs in JavaScript engines
title_full_unstemmed	Leveraging diversity to find bugs in JavaScript engines
title_sort	Leveraging diversity to find bugs in JavaScript engines
author	LIMA, Igor Simões de Oliveira
author_facet	LIMA, Igor Simões de Oliveira
author_role	author
dc.contributor.authorLattes.pt_BR.fl_str_mv	http://lattes.cnpq.br/2282992454648401
dc.contributor.advisorLattes.pt_BR.fl_str_mv	http://lattes.cnpq.br/3762670242328435
dc.contributor.author.fl_str_mv	LIMA, Igor Simões de Oliveira
dc.contributor.advisor1.fl_str_mv	d'AMORIM, Marcelo Bezerra
contributor_str_mv	d'AMORIM, Marcelo Bezerra
dc.subject.por.fl_str_mv	Engenharia de software JavaScript
topic	Engenharia de software JavaScript
description	JavaScript is a very popular programming language today with several implementations competing for market dominance. Although a specification document and a conformance test suite exist to guide engine development, bugs occur and have important practical consequences. This work evaluates the importance of different techniques to find functional bugs in JavaScript engines. For that, we explored two existing techniques—test transplantation and cross-engine differential testing. The first technique runs test suites of a given engine in another engine. The second technique fuzzes existing inputs and then compares the output produced by different engines with a differential oracle. We considered engines from four major players in our experiments–V8, SpiderMonkey, ChakraCore, and JavaScriptCore. We present a tool capable of running tests on any javascript engine and obtaining reports based on the test output. It was possible to run the four engines in a test suite extracted from open-source projects, using the two techniques mentioned and we analyzed the behavior of each engine, classifying the output as a bug or not. The results indicate that both techniques revealed several bugs, many of which confirmed by developers. Overall, we reported 50 bugs in this study. Of which, 36 were confirmed by developers and 29 were fixed. To sum, our results show that the techniques are easy to apply and very effective in finding bugs in complex software, such as JavaScript engines.
publishDate	2020
dc.date.accessioned.fl_str_mv	2020-11-03T20:15:09Z
dc.date.available.fl_str_mv	2020-11-03T20:15:09Z
dc.date.issued.fl_str_mv	2020-01-17
dc.type.status.fl_str_mv	info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv	info:eu-repo/semantics/masterThesis
format	masterThesis
status_str	publishedVersion
dc.identifier.citation.fl_str_mv	LIMA, Igor Simões de Oliveira. Leveraging diversity to find bugs in JavaScript engines. 2020. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de Pernambuco, Recife, 2020.
dc.identifier.uri.fl_str_mv	https://repositorio.ufpe.br/handle/123456789/38478
identifier_str_mv	LIMA, Igor Simões de Oliveira. Leveraging diversity to find bugs in JavaScript engines. 2020. Dissertação (Mestrado em Ciência da Computação) – Universidade Federal de Pernambuco, Recife, 2020.
url	https://repositorio.ufpe.br/handle/123456789/38478
dc.language.iso.fl_str_mv	eng
language	eng
dc.rights.driver.fl_str_mv	Attribution-NonCommercial-NoDerivs 3.0 Brazil http://creativecommons.org/licenses/by-nc-nd/3.0/br/ info:eu-repo/semantics/openAccess
rights_invalid_str_mv	Attribution-NonCommercial-NoDerivs 3.0 Brazil http://creativecommons.org/licenses/by-nc-nd/3.0/br/
eu_rights_str_mv	openAccess
dc.publisher.none.fl_str_mv	Universidade Federal de Pernambuco
dc.publisher.program.fl_str_mv	Programa de Pos Graduacao em Ciencia da Computacao
dc.publisher.initials.fl_str_mv	UFPE
dc.publisher.country.fl_str_mv	Brasil
publisher.none.fl_str_mv	Universidade Federal de Pernambuco
dc.source.none.fl_str_mv	reponame:Repositório Institucional da UFPE instname:Universidade Federal de Pernambuco (UFPE) instacron:UFPE
instname_str	Universidade Federal de Pernambuco (UFPE)
instacron_str	UFPE
institution	UFPE
reponame_str	Repositório Institucional da UFPE
collection	Repositório Institucional da UFPE
bitstream.url.fl_str_mv	https://repositorio.ufpe.br/bitstream/123456789/38478/2/license_rdf https://repositorio.ufpe.br/bitstream/123456789/38478/3/license.txt https://repositorio.ufpe.br/bitstream/123456789/38478/1/DISSERTA%c3%87%c3%83O%20Igor%20Sim%c3%b5es%20de%20Oliveira%20Lima.pdf https://repositorio.ufpe.br/bitstream/123456789/38478/4/DISSERTA%c3%87%c3%83O%20Igor%20Sim%c3%b5es%20de%20Oliveira%20Lima.pdf.txt https://repositorio.ufpe.br/bitstream/123456789/38478/5/DISSERTA%c3%87%c3%83O%20Igor%20Sim%c3%b5es%20de%20Oliveira%20Lima.pdf.jpg
bitstream.checksum.fl_str_mv	e39d27027a6cc9cb039ad269a5db8e34 bd573a5ca8288eb7272482765f819534 e86254940e65b1a34075f0a4bcaf0dae 32e73fdef4d0d52eb28de52a1d71e540 240fa15376b58dc2ee87e22a636d5b8b
bitstream.checksumAlgorithm.fl_str_mv	MD5 MD5 MD5 MD5 MD5
repository.name.fl_str_mv	Repositório Institucional da UFPE - Universidade Federal de Pernambuco (UFPE)
repository.mail.fl_str_mv	attena@ufpe.br
_version_	1862741703009501184

Leveraging diversity to find bugs in JavaScript engines

Registros relacionados