Wasm runtime is a fundamental component in the Wasm ecosystem, as it directly impacts whether Wasm applications can be executed as expected. Bugs in Wasm runtime bugs are frequently reported, thus our research community has made a few attempts to design automated testing frameworks for detecting bugs in Wasm runtimes. However, existing testing frameworks are limited by the quality of test cases, i.e., they face challenges of generating both semantic-rich and syntactic-correct Wasm binaries, thus complicated bugs cannot be triggered. In this work, we present WRTester, a novel differential testing framework that can generated complicated Wasm test cases by disassembling and assembling of real-world Wasm binaries, which can trigger hidden inconsistencies among Wasm runtimes. For further pinpointing the root causes of unexpected behaviors, we design a runtime-agnostic root cause location method to accurately locate bugs. Extensive evaluation suggests that WRTester outperforms SOTA techniques in terms of both efficiency and effectiveness. We have uncovered 33 unique bugs in popular Wasm runtimes, among which 25 have been confirmed.

翻译：Wasm运行时是Wasm生态系统中的基础组件，直接影响Wasm应用能否按预期执行。Wasm运行时缺陷频繁被报告，因此研究社区已尝试设计自动化测试框架来检测Wasm运行时中的缺陷。然而，现有测试框架受限于测试用例的质量，即面临生成语义丰富且语法正确的Wasm二进制的挑战，导致复杂缺陷无法被触发。本文提出WRTester，一种新颖的差异测试框架，通过对真实世界Wasm二进制进行反汇编与汇编操作生成复杂Wasm测试用例，从而触发Wasm运行时间的隐藏不一致性。为精准定位异常行为的根本原因，我们设计了一种运行时无关的根本原因定位方法以准确识别缺陷。实验评估表明，WRTester在效率和有效性上均优于当前最先进的技术。我们已发现流行Wasm运行时中的33个独特缺陷，其中25个已获确认。