Probabilistic Obfuscation through Covert Channels
HeuiChan Lim
Saumya Debray
Department of Computer Science
University of Arizona
Tucson, AZ 85721, U.S.A.
Abstract
Many widely-deployed modern programming systems use
just-in-time (JIT) compilers to improve performance. The
size and complexity of JIT-based systems, combined with
the dynamic nature of JIT-compiler optimizations, make it
challenging to locate and fix JIT compiler bugs quickly. At
the same time, JIT compiler bugs can result in exploitable
security vulnerabilities, making rapid bug localization important.
Existing work on automated bug localization focuses on
static code, i.e., code that is not generated at runtime, and so
cannot handle bugs in JIT compilers that generate incorrect
code during optimization. This paper describes an approach
to automated bug localization in JIT compilers, down to the
level of distinct optimization phases, starting with a single
initial Proof-of-Concept (PoC) input that demonstrates the
bug. Experiments using a prototype implementation of our
ideas on Google’s V8 JavaScript interpreter and TurboFan
JIT compiler demonstrates that it can successfully identify
buggy optimization phases.