OptFuzz: Optimization Path Guided Fuzzing for JavaScript JIT Compilers
Jiming Wang, Yan Kang, Chenggang Wu, Yuhao Hu, Yuanming Lai, Mengyao Xie, Charles Zhang, Tao Li, Zhe Wang
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
This talk introduces **OptFuzz**, a novel fuzzing system designed to uncover vulnerabilities within JavaScript Just-In-Time (JIT) compilers by specifically targeting their optimization paths. Presented by Jiming Wang at USENIX Security '24, OptFuzz addresses a critical gap in traditional fuzzing methodologies, which often prove inefficient in thoroughly testing the complex optimization logic inherent in modern JIT engines. Given that JavaScript engines are fundamental components of web browsers, PDF readers, and numerous other applications, the security of their JIT compilers is paramount.
AI review
This work introduces OptFuzz, a novel fuzzing system that intelligently targets JavaScript JIT compiler optimization paths using the "Optimization Trunk Pass" (OPD Pass) concept. By solving the critical seed explosion problem and providing granular feedback, it demonstrates superior bug-finding capabilities, including 26 confirmed CVEs. This is a significant advancement in JIT compiler security research.