Scripting languages like JavaScript are being integrated into
commercial software to support easy file modification. For example,
Adobe Acrobat accepts JavaScript to dynamically manipulate PDF
files. To bridge the gap between the high-level scripts and the
low-level languages (like C/C++) used to implement the software, a
binding layer is necessary to transfer data and transform
representations. However, due to the complexity of two sides, the
binding code is prone to inconsistent semantics and security holes,
which lead to severe vulnerabilities. Existing efforts for testing
binding code merely focus on the script side, and thus miss bugs
that require special program native inputs. In this paper, the
researchers propose cooperative mutation, which modifies both the
script code and the program native input to trigger bugs in binding
code.
Read more https://packetstormsecurity.com/files/167160/xucooper.pdf
