Fuzzing WebAssembly compilers using optimization rules

Abstract

WebAssembly is a new programming language that is supported by modern Web browsers. It is gaining attention for its safety, portability, and high performance. WebAssembly runtimes boost speed by compiling the programs into machine code, but bugs in the compilers can break an application developer’s assumptions or induce a security problem by allowing attackers to escape the sandbox. In this research, we propose ORGFuzz, a new differential fuzzer for WebAssembly compilers. Our fuzzer efficiently tests optimization routines by generating test cases with the guidance of compiler optimization rules. Also, we propose a differential fuzzing-aware test case generation method that exposes semantic bugs to the results. With these two methods, ORGFuzz achieved 91.39% rule coverage on optimization rules, finding a total of 10 previously unknown bugs in two engines including one CVE.