This article is shared from the Huawei Cloud Community " Huawei Cloud WebAssembly code static symbolic execution technology achieves new breakthroughs, and the related paper was accepted by the top software engineering conference ISSTA2023 and won the Outstanding Paper Award ", author: Huawei Cloud Software Analysis Lab.
WebAssembly (Wasm) was originally developed by W3C's Mozilla, Google, Microsoft, Apple and other famous companies. It was originally used as a high-performance execution engine for in-browser applications. Because of Wasm's high performance, multi-language support, security and portability, Wasm is also moving from the Web to the cloud, edge and embedded, becoming a hot spot for software innovation. In view of the superior characteristics of Wasm, industry experts unanimously predict that the Wasm language will be more and more widely used in cloud computing scenarios. However, for Wasm, the industry currently lacks a mature and efficient static symbolic execution engine, and the current symbolic execution path search technology is usually too rough. It mainly supports the global search strategy of the entire program, but different code blocks may be suitable for different local strategies. This This makes Wasm's defect discovery more challenging. Static symbolic execution technology is a crucial technology in the field of program analysis. It can find software defects in software source code. In order to fill this gap in the industry, related analysis and optimization methods have been receiving continuous attention in academia and industry. However, symbolic execution suffers from path explosion problems. In practice, users often need to utilize various search strategies to guide symbolic execution to achieve their analysis goals and reduce path explosion, but existing symbolic execution methods based on search or guidance are usually too crude, and they mainly support the global view of the entire program. Search strategies, but different code blocks may be suitable for different local strategies. For WebAssembly (Wasm), there is currently no mature and efficient symbolic execution engine.
In response to the above problems, Huawei Cloud PaaS Technology Innovation LAB teamed up with the research team of Professor Guo Yao and Assistant Professor Li Ding of Peking University to develop a static symbolic execution engine service Eunomia for WasmWebAssembly code incubation that can be implemented in industrial scenarios. The corresponding paper of this work "Eunomia: Enabling User-Specified Fine-Grained Search in Symbolically Executing WebAssembly Binaries" has been accepted by ISSTA 2023, the top software engineering conference, in the 2023 ACM International Symposium on Software Testing and Analysis 2023, ACM ISSTA 2023), published a paper titled "Eunomia: Enabling User-Specified Fine-Grained Search in Symbolically Executing WebAssembly Binaries" and won the "ACM SIGSOFT Distinguished Paper Award" at the conference. The first author of the paper is He Ningyu, a 2019 doctoral student in the School of Computer Science, Peking University.
Figure 1 ACM SIGSOFT Outstanding Paper Award Certificate
Wasm is a new intermediate language paradigm widely used in the field of ubiquitous computing. It can provide a unified ubiquitous application execution environment for C/C++, Go and other languages. Wasm has been widely used in network applications, blockchain applications, and serverless applications. However, the existing symbolic execution engine for Wasm does not fully support the Wasm interface (WASI), resulting in a limited application scope. The research team designed a domain-specific language (DSL) AES Script based on the characteristics of the Wasm language. This language allows users to formally introduce prior knowledge into the program under test. Through the Wasm symbolic execution engine proposed and implemented by the author based on user fine-grained knowledge guidance, compared with the current cutting-edge work, this work can improve the efficiency of static symbolic execution analysis for the Wasm language by one to two orders of magnitude, and has been successfully applied in practical applications. Multiple 0-Day vulnerabilities were discovered in and systems, proving the effectiveness of this work and pointing out a new research direction for subsequent work.
Figure 2 The framework and workflow diagram of the thesis work
Experimental results show that Eunomia is significantly better than Manticore in terms of the number of cases that successfully trigger logic bombs and timeouts on the Logic Bomb benchmark test set. In all 12 categories, Eunomia performs better in logic bombs focusing on symbolic memory, floating point numbers, and external library functions. For analyzing real-world applications, the results are shown in the third and fourth columns of Table 2. We can see that out of 8 applications, Manticore can only complete the analysis of 3 applications in 2 hours, while the number of Eunomia is 5. Furthermore, it is easy to observe that compared to Manticore, Eunomia is one to two orders of magnitude more efficient and discovers 2 new vulnerabilities.
The PaaS Technology Innovation Lab is affiliated to Huawei Cloud and is committed to comprehensively utilizing software analysis, data mining, machine learning and other technologies to provide software developers with the core engine and smart brain of the next generation of intelligent R&D tool services. We will focus on hard-core capabilities in the field of software engineering, continue to build R&D tools, and continue to deliver high-value business features! Join us and create a new "realm" of research and development!
Click to follow and learn about Huawei Cloud’s new technologies as soon as possible~
OpenAI opens ChatGPT Voice Vite 5 for free to all users. It is officially released . Operator's magic operation: disconnecting the network in the background, deactivating broadband accounts, forcing users to change optical modems. Microsoft open source Terminal Chat programmers tampered with ETC balances and embezzled more than 2.6 million yuan a year. Used by the father of Redis Pure C language code implements the Telegram Bot framework. If you are an open source project maintainer, how far can you endure this kind of reply? Microsoft Copilot Web AI will be officially launched on December 1, supporting Chinese OpenAI. Former CEO and President Sam Altman & Greg Brockman joined Microsoft. Broadcom announced the successful acquisition of VMware.