PyRTFuzz: Detecting Bugs in Python Runtimes via Two-Level Collaborative Fuzzing

Wen Li, Haoran Yang, Xiapu Luo, Long Cheng, Haipeng Cai

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

Abstract

Given the widespread use of Python and its sustaining impact, the security and reliability of the Python runtime system is highly and broadly critical. Yet with real-world bugs in Python runtimes being continuously and increasingly reported, technique/tool support for automated detection of such bugs is still largely lacking. In this paper, we present PyRTFuzz, a novel fuzzing technique/tool for holistically testing Python runtimes including the language interpreter and its runtime libraries. PyRTFuzz combines generationand mutation-based fuzzing at the compiler- and application-testing level, respectively, as enabled by static/dynamic analysis for extracting runtime API descriptions, a declarative, specification language for valid and diverse Python code generation, and a custom type-guided mutation strategy for format/structure-aware application input generation. We implemented PyRTFuzz for the primary Python implementation (CPython) and applied it to three versions of the runtime. Our experiments revealed 61 new, demonstrably exploitable bugs including those in the interpreter and most in the runtime libraries. Our results also demonstrated the promising scalability and cost-effectiveness of PyRTFuzz and its great potential for further bug discovery. The two-level collaborative fuzzing methodology instantiated in PyRTFuzz may also apply to other language runtimes especially those of interpreted languages.
Original languageEnglish
Title of host publicationProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
Pages1645–1659
Publication statusPublished - Nov 2023

Fingerprint

Dive into the research topics of 'PyRTFuzz: Detecting Bugs in Python Runtimes via Two-Level Collaborative Fuzzing'. Together they form a unique fingerprint.

Cite this