Metamong: Detecting Render-Update Bugs in Web Browsers through Fuzzing.
European Software Engineering Conference(2023)
摘要
A render-update bug arises when a web browser produces an
erroneous rendering output due to incorrect rendering updates.
Such render-update bugs seriously harm the usability and reliability
of web browsers. However, we find that detecting render-update bugs
is challenging because the render-update bug is a semantic bug -
given a rendering result, it is difficult to determine if it is
correct due to the complex rendering specification of DOM and CSS.
Thus, unlike memory corruption bugs, the incorrect rendering output
does not raise the violation or crash. In practice, render-update
bug detection relies on the time-prohibitive manual analysis of domain
experts to determine the bug. This paper proposes Metamong, an automated framework to detect
render-update bugs without false positive issues via differential fuzz
testing. Metamong features two key components: (i) page mutator, and
(ii) render-update oracle. The page mutator generates render-update
operations, which change the content of the web page, to trigger a
render-update bug. The render-update oracle exploits an HTML standard
rule, so-called yielding, to produce the correct rendering result of
a given web page. Combining these components, Metamong creates two
HTML files where each constructs the same web page, but only one of
them induces the render-update. It then uses differential testing to
compare their rendering outputs to determine a bug. We implemented
a prototype of Metamong, which performs differential fuzz testing on
popular browsers, Chrome and Firefox. By far, Metamong identified 19
new render-update bugs, 17 in Chrome and two in Firefox. All of those
have been confirmed by each browser vendor and five are already fixed,
demonstrating the practical effectiveness of Metamong in identifying
render-update bugs.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要