TL;DR
COMFORT is a deep learning-based fuzzing framework that automatically generates JavaScript test cases from ECMAScript specifications to detect conformance bugs across multiple JS engines, significantly improving bug discovery and fixing.
Contribution
It introduces a novel compiler fuzzing approach leveraging deep learning and formal specifications to automatically generate conformance test cases for JavaScript engines.
Findings
Discovered 158 unique JS engine bugs in 200 hours of testing.
115 bugs have been fixed by developers.
21 test cases are now part of the official ECMAScript test suite.
Abstract
JavaScript (JS) is a popular, platform-independent programming language. To ensure the interoperability of JS programs across different platforms, the implementation of a JS engine should conform to the ECMAScript standard. However, doing so is challenging as there are many subtle definitions of API behaviors, and the definitions keep evolving. We present COMFORT, a new compiler fuzzing framework for detecting JS engine bugs and behaviors that deviate from the ECMAScript standard. COMFORT leverages the recent advance in deep learning-based language models to automatically generate JS test code. As a departure from prior fuzzers, COMFORT utilizes the well-structured ECMAScript specifications to automatically generate test data along with the test programs to expose bugs that could be overlooked by the developers or manually written test cases. COMFORT then applies differential testing…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
