TY - GEN
T1 - ZendDiff
T2 - 2025 40th IEEE/ACM International Conference on Automated Software Engineering, ASE 2025
AU - Jiang, Yuancheng
AU - Wang, Jianing
AU - Liu, Qiange
AU - Fu, Yeqi
AU - Mao, Jian
AU - Yap, Roland H.C.
AU - Liang, Zhenkai
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - The PHP interpreter, powering over 70% of web-sites on the internet, plays a crucial role in web development. Existing approaches to finding bugs in PHP primarily focus on detecting explicit security issues through crashes or sanitizer-based oracles, but fail to identify logic bugs that can silently lead to incorrect results. We observe that the introduction of Just-In-Time (JIT) compilation mode in PHP presents an opportunity for differential testing, as it provides an alternative implementation of the same language specification. We propose, ZendDiff, an automatic differential testing framework that effectively detects logic bugs in the PHP interpreter by comparing JIT and non-JIT execution results. Our differential testing incorporates three techniques: program state probing for fine-grained execution state comparison, JIT-aware program mutation to sufficiently exercise JIT functionality, and dual verification to handle non-deterministic behaviors in PHP programs. Our experimental results demonstrate that ZendDiffoutperforms the official test suite used in PHP's continuous integration, achieving higher code coverage and executing more Zend opcodes. Through ablation studies, we validate the effectiveness of these techniques. To date, ZendDiffhas identified 51 previously unknown logic bugs in the PHP interpreter, with 37 already fixed and 3 confirmed by the PHP maintainers. ZendDiffhas been acknowledged by the PHP community and offers a practical tool for automatically discovering logic bugs in the PHP interpreter.
AB - The PHP interpreter, powering over 70% of web-sites on the internet, plays a crucial role in web development. Existing approaches to finding bugs in PHP primarily focus on detecting explicit security issues through crashes or sanitizer-based oracles, but fail to identify logic bugs that can silently lead to incorrect results. We observe that the introduction of Just-In-Time (JIT) compilation mode in PHP presents an opportunity for differential testing, as it provides an alternative implementation of the same language specification. We propose, ZendDiff, an automatic differential testing framework that effectively detects logic bugs in the PHP interpreter by comparing JIT and non-JIT execution results. Our differential testing incorporates three techniques: program state probing for fine-grained execution state comparison, JIT-aware program mutation to sufficiently exercise JIT functionality, and dual verification to handle non-deterministic behaviors in PHP programs. Our experimental results demonstrate that ZendDiffoutperforms the official test suite used in PHP's continuous integration, achieving higher code coverage and executing more Zend opcodes. Through ablation studies, we validate the effectiveness of these techniques. To date, ZendDiffhas identified 51 previously unknown logic bugs in the PHP interpreter, with 37 already fixed and 3 confirmed by the PHP maintainers. ZendDiffhas been acknowledged by the PHP community and offers a practical tool for automatically discovering logic bugs in the PHP interpreter.
KW - PHP interpreter
KW - differential testing
KW - just-in-time compilation
KW - logic bug detection
KW - software testing
UR - https://www.scopus.com/pages/publications/105034687631
U2 - 10.1109/ASE63991.2025.00095
DO - 10.1109/ASE63991.2025.00095
M3 - 会议稿件
AN - SCOPUS:105034687631
T3 - Proceedings - 2025 40th IEEE/ACM International Conference on Automated Software Engineering, ASE 2025
SP - 1095
EP - 1106
BT - Proceedings - 2025 40th IEEE/ACM International Conference on Automated Software Engineering, ASE 2025
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 16 November 2025 through 20 November 2025
ER -