Browser extensions are popular to enhance users' browsing experience. By design, they
have access to security-and privacy-critical APIs to perform tasks that web applications …

Grey-box fuzzing is an evolutionary process, which maintains and evolves a population of
test cases with the help of a fitness function. Fitness functions used by current grey-box …

We present a novel fuzzing technique, FuzzJIT, for exposing JIT compiler bugs in JavaScript
engines, based on our insight that JIT compilers shall only speed up the execution but never …

We present grey-box concolic testing, a novel path-based test case generation method that
combines the best of both white-box and grey-box fuzzing. At a high level, our technique …

JavaScript runtime systems include some specialized programming interfaces, called
binding layers. Binding layers translate data representations between JavaScript and unsafe …

JavaScript has become an essential part of the Internet infrastructure, and today's interactive
web applications would be inconceivable without this programming language. On the …

Mutation-based fuzzing is one of the most popular approaches to discover vulnerabilities in
a program. To alleviate the inefficiency of mutation-based fuzzing incurred by high …

JavaScript engines have been shown prone to security vulnerabilities, which can lead to
serious consequences due to their popularity. Fuzzing is an effective testing technique to …

Today's digital communication relies on complex protocols and specifications for
exchanging structured messages and data. Communication naturally involves two …

This paper introduces the novel concept of compilation space, which facilitates the thorough
validation of just-in-time (JIT) compilers in modern language virtual machines (LVMs). The …