CN113806217A - Kernel testing method and device - Google Patents

Kernel testing method and device Download PDF

Info

Publication number
CN113806217A
CN113806217A CN202110931803.9A CN202110931803A CN113806217A CN 113806217 A CN113806217 A CN 113806217A CN 202110931803 A CN202110931803 A CN 202110931803A CN 113806217 A CN113806217 A CN 113806217A
Authority
CN
China
Prior art keywords
system call
initial system
initial
test
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110931803.9A
Other languages
Chinese (zh)
Inventor
施鹤远
王润哲
傅滢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba China Co Ltd
Alibaba Cloud Computing Ltd
Original Assignee
Alibaba China Co Ltd
Alibaba Cloud Computing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba China Co Ltd, Alibaba Cloud Computing Ltd filed Critical Alibaba China Co Ltd
Priority to CN202110931803.9A priority Critical patent/CN113806217A/en
Publication of CN113806217A publication Critical patent/CN113806217A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Quality & Reliability (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The embodiment of the specification provides a kernel testing method and a kernel testing device, wherein the kernel testing method comprises the following steps: the method comprises the steps of obtaining an application program of a target application, starting the application program in the running environment of the target application, obtaining an application process running the application program, calling a sampling tool to sample the type and frequency of initial system calls executed by the application process, determining test weights corresponding to different initial system calls according to sampling results, screening target system calls according to the test weights, and testing an operating system kernel of the target application based on the target system calls, wherein the target system calls are at least one of the initial system calls.

Description

Kernel testing method and device
Technical Field
The embodiment of the specification relates to the technical field of computers, in particular to a kernel testing method.
Background
The operating system is system software for managing computer hardware and software resources, the kernel is the core of the operating system, various bottom layer hardware is abstracted and packaged, interfaces are exposed for user programs to use, the kernel is different from user mode programs, the kernel runs in the kernel mode with the highest authority, and once a security vulnerability occurs, the whole operating system and the user programs are directly influenced. Fuzzy testing is an automated software testing technology, and the core idea of the fuzzy testing is to automatically or semi-automatically generate random data to be input into a target program and detect program exception so as to find out possible program errors, which is one of common vulnerability mining technologies.
The input of the fuzz testing technology for the kernel of the operating system is generally a program consisting of an interface provided by the kernel for an upper layer, namely a system call sequence. The method comprises the following steps that a good system calling sequence is provided, the system calling has a dependency relationship, the behavior of the system calling A can influence the behavior of the system calling B, and the behavior is expressed in two points, namely the system calling is generally robust, parameters and kernel states can be checked before core logic, and the parameters and the kernel states can be directly returned without rules so as to protect the kernel; secondly, the system call selects specific executed branches and logic according to different parameters and kernel states. Therefore, generating an effective and legal system call sequence can improve the code coverage of the test, and is more likely to find potential defects and vulnerabilities, thereby improving the efficiency of the fuzz test.
Disclosure of Invention
In view of this, the embodiments of the present disclosure provide a kernel testing method. One or more embodiments of the present disclosure also relate to a kernel testing apparatus, a computing device, a computer-readable storage medium, and a computer program, so as to solve the technical deficiencies of the prior art.
According to a first aspect of embodiments of the present specification, there is provided a kernel testing method, including:
acquiring an application program of a target application, and starting the application program in the running environment of the target application;
acquiring an application process running the application program, and calling a sampling tool to sample the type and frequency of initial system calls executed by the application process;
determining test weights corresponding to different initial system calls according to sampling results, screening target system calls according to the test weights, and testing an operating system kernel of the target application based on the target system calls, wherein the target system calls are at least one of the initial system calls.
Optionally, the determining test weights corresponding to different initial system calls according to the sampling result includes:
and calling a target linear regression function to process the type and frequency sampling values of the initial system call in the sampling result, and generating test weights corresponding to different initial system calls.
Optionally, the invoking a target linear regression function processes the type and frequency sampling value of the initial system call in the sampling result, and generates test weights corresponding to different initial system calls, including:
calculating initial weight corresponding to each type of initial system call according to the target linear regression function and the frequency sampling value of each initial system call in the sampling result;
and generating a test weight corresponding to each type of initial system call based on the initial weight and the first preset interval.
Optionally, the calculating an initial weight corresponding to each type of initial system call according to the target linear regression function and the frequency sampling value of each initial system call in the sampling result includes:
and inputting the frequency sampling value corresponding to each type of initial system call into a target linear regression function for processing, and generating an initial weight corresponding to each type of initial system call.
Optionally, the generating a test weight corresponding to each type of initial system call based on the initial weight and a first preset interval includes:
determining a first boundary value according to a first preset interval, wherein the first boundary value belongs to the first preset interval;
and performing product operation on the initial weight corresponding to the initial system call of each type and the first boundary value to generate a test weight corresponding to the initial system call of each type.
Optionally, the kernel testing method further includes:
sorting frequency sampling values of different initial system calls in the sampling result, and selecting a first frequency sampling value and a second frequency sampling value according to the sorting result;
and based on the first frequency sampling value and the second frequency sampling value, carrying out standardization processing on the frequency sampling values called by different initial systems to generate corresponding standardization processing results.
Optionally, the normalizing the frequency sampling values of different initial system calls based on the first frequency sampling value and the second frequency sampling value to generate corresponding normalization processing results includes:
determining a second boundary value according to a second preset interval, and determining an interval length value of the second preset interval, wherein the second boundary value belongs to the second preset interval;
determining a first difference value of a frequency sampling value of each initial system call and the second frequency sampling value, and determining a second difference value of the first frequency sampling value and the second frequency sampling value;
determining the ratio of the first difference to the second difference, and performing product operation on the ratio and the interval length value;
and taking the difference between the product operation result and the second boundary value as a normalization processing result corresponding to each initial system call.
Optionally, the determining test weights corresponding to different initial system calls according to the sampling result includes:
inputting the frequency sampling value corresponding to each initial system call into a target linear regression function for processing, and generating an initial weight corresponding to the standardized processing result of each initial system call;
determining a first boundary value according to a first preset interval, wherein the first boundary value belongs to the first preset interval;
and performing product operation on the initial weight corresponding to the standardized processing result of each initial system call and the first boundary value to generate a test weight corresponding to the standardized processing result of each initial system call.
Optionally, the kernel testing method further includes:
determining a naming format of a system calling name corresponding to the fuzzy test tool;
and converting different types of initial system calls in the sampling result according to the naming format, and performing associated storage on the conversion results of the different types of initial system calls and the corresponding test weights.
Optionally, the screening a target system call according to the test weight and testing an operating system kernel of the target application based on the target system call include:
inquiring initial system call of the target application and test weight corresponding to the initial system call, and screening the initial system call according to the test weight to obtain target system call;
and generating a test case based on the target system call, and testing the operating system kernel of the target application based on the test case.
According to a second aspect of embodiments herein, there is provided a core test apparatus including:
the system comprises an acquisition module, a storage module and a display module, wherein the acquisition module is configured to acquire an application program of a target application and start the application program in a running environment of the target application;
the sampling module is configured to acquire an application process running the application program and call a sampling tool to sample the type and frequency of initial system calls executed by the application process;
the test module is configured to determine test weights corresponding to different initial system calls according to a sampling result, screen a target system call according to the test weights, and test an operating system kernel of the target application based on the target system call, wherein the target system call is at least one of the initial system calls.
According to a third aspect of embodiments herein, there is provided a computing device comprising:
a memory and a processor;
the memory is to store computer-executable instructions, and the processor is to execute the computer-executable instructions to:
acquiring an application program of a target application, and starting the application program in the running environment of the target application;
acquiring an application process running the application program, and calling a sampling tool to sample the type and frequency of initial system calls executed by the application process;
determining test weights corresponding to different initial system calls according to sampling results, screening target system calls according to the test weights, and testing an operating system kernel of the target application based on the target system calls, wherein the target system calls are at least one of the initial system calls.
According to a fourth aspect of embodiments herein, there is provided a computer-readable storage medium storing computer-executable instructions that, when executed by a processor, implement the steps of any one of the core testing methods.
According to a fifth aspect of embodiments herein, there is provided a computer program, wherein the computer program, when executed in a computer, causes the computer to perform the steps of the kernel testing method described above.
In one embodiment of the present description, an application program of a target application is acquired, the application program is started in an operating environment of the target application, an application process for running the application program is acquired, a sampling tool is called to sample types and frequencies of initial system calls executed by the application process, test weights corresponding to different initial system calls are determined according to sampling results, the target system calls are screened according to the test weights, and an operating system kernel of the target application is tested based on the target system calls, where the target system calls are at least one of the initial system calls.
In the embodiment of the specification, the initial system call executed in the running process of the application program of the target application is sampled, and the test weights of the initial system calls of different types are determined according to the type and execution frequency of the initial system call contained in the sampling result, so that the target system call for performing the fuzzy test on the kernel of the operating system of the target application is screened according to the test weights, and the kernel fuzzy test is performed by screening the target system call in such a way, so that the accuracy of the test result is favorably ensured, and the test efficiency is favorably improved.
Drawings
FIG. 1 is a flow chart of a kernel testing method provided in an embodiment of the present specification;
FIG. 2 is a graphical illustration of a sigmoid function provided by one embodiment of the present disclosure;
FIG. 3 is a flowchart illustrating a process of a kernel testing method according to an embodiment of the present disclosure;
FIG. 4 is a schematic structural diagram of a core testing apparatus according to an embodiment of the present disclosure;
fig. 5 is a block diagram of a computing device according to an embodiment of the present disclosure.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, as those skilled in the art will be able to make and use the present disclosure without departing from the spirit and scope of the present disclosure.
The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present specification refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It will be understood that, although the terms first, second, etc. may be used herein in one or more embodiments to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first can also be referred to as a second and, similarly, a second can also be referred to as a first without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
First, the noun terms to which one or more embodiments of the present specification relate are explained.
Kernel fuzzing test: a method for detecting kernel code defects of an operating system. The method triggers the abnormal state of the operating system by randomly generating, mutating, executing and the like the system calling sequence, thereby detecting the kernel code defect of the operating system.
Seed: a test case generated by a fuzz testing tool through operations of mutation, generation and the like, wherein one seed consists of a system calling sequence. The type, sequence, and specific parameters of each system call input will directly affect the composition of the seed.
And (3) system calling: the kernel mode and the user mode provided by the operating system are interactive interfaces. Under the kernel fuzzy test scene, the system call is a basic unit forming a seed.
System call enable: a manner in which the system call participates in the fuzz test is determined. In this way it can be decided whether a certain system call is involved in the fuzz test.
System call weight: a manner in which the system call participates in the fuzz test is determined. The possibility that the system call is used as a basic unit to form a seed and participate in the fuzzy test is determined through the method, wherein the weight reflects the participation degree of each system call in the kernel fuzzy test, and the weight has a direct influence on the test effect of the fuzzy test.
In the present specification, a kernel testing method is provided, and the present specification relates to a kernel testing apparatus, a computing device, and a computer-readable storage medium, which are described in detail in the following embodiments one by one.
Fig. 1 shows a flowchart of a kernel testing method according to an embodiment of the present specification, which specifically includes the following steps.
Step 102, acquiring an application program of a target application, and starting the application program in a running environment of the target application.
Specifically, the target application may be one of a plurality of applications that provide different services to the user; the application program of the target application is a computer program that is run in the running environment of the operating system in order to accomplish a certain task or tasks in the target application.
In practical applications, the running environment of the target application includes, but is not limited to, a physical machine, a virtual machine, a container, or the like.
Before the fuzz testing is performed on the kernel of the operating system of the target application, the embodiment of the present specification may determine the target system call for performing the fuzz testing according to the sampling result by running the application program of the target application and sampling the type and frequency of the initial system call used in the running process of the application program, so as to achieve the purpose of improving the fuzz testing efficiency.
And 104, acquiring the application process running the application program, and calling a sampling tool to sample the type and frequency of initial system calls executed by the application process.
Specifically, a Process (Process) is a program that is already running in a computer, is a basic unit for a system to perform resource allocation and scheduling, and is the basis of an operating system structure. A process is the basic execution entity of a program; a process is an instance of a running application, several processes may be associated with the same program, and each process may run independently, either synchronously or asynchronously.
An application is an ordered collection of instructions and data that does not have any running meaning by itself, whereas an application process is a one-time execution of an application on a processor.
In a specific application, the function of the application program can be implemented by a process, in a system supporting multithreading, the function of the application program can also be implemented by multithreading concurrently, and the process or the thread can execute a system call (syscall) as required in the running process, namely, call the syscall.
In the embodiments provided in the following description, the kernel testing method provided in the embodiments of the present description is implemented in a Linux system as an example, and since a process and a thread are unified and have no difference between the thread and the process in the Linux, the thread is generally considered to be a lightweight process sharing a data space, so in the description of the following embodiments, a process expression is mainly used without explicit distinction.
Since the main function of the operating system is to provide a good environment for managing hardware resources and for application developers to make applications more compatible, to this end, the kernel provides a series of multi-kernel functions with predefined functions, presented to the user through a set of interfaces called system calls (system calls). The system calls the request of the application program to the kernel, calls the corresponding kernel function to complete the required processing, and returns the processing result to the application program.
Therefore, in the process of running the application program, the type and the use times of the initial system call used by the application program can be determined in a sampling mode through a sampling tool, so that the test weights corresponding to different initial system calls for performing kernel fuzz testing are determined according to the sampling result.
In practice, the sampling tool includes, but is not limited to, perf, syscount tools.
And 106, determining test weights corresponding to different initial system calls according to sampling results, screening target system calls according to the test weights, and testing the operating system kernel of the target application based on the target system calls, wherein the target system calls are at least one of the initial system calls.
Specifically, as described above, after sampling the type and frequency (number of times of use) of the initial system call used in the running process of the application program to obtain a sampling result, the test weights corresponding to different initial system calls for performing the kernel fuzzy test can be determined according to the sampling result; the test weight can be proportional to the number of times of use, and the more the number of times of use, the greater the corresponding test weight.
After the test weights corresponding to different initial system calls are determined, the target system call for kernel fuzzy test can be screened according to the test weights. When kernel fuzzy test is carried out, the test cases need to be used for covering the system call covered by the application program of the target application as much as possible, so that the test cases are generated based on the target system call by determining the test weights corresponding to different initial system calls and screening the initial system calls with larger test weights as the target system calls, so that the test cases consistent with the behavior of the application program of the target application are generated with higher probability, the kernel fuzzy test efficiency is improved, and the accuracy of the test result is improved.
During specific implementation, the test weights corresponding to different initial system calls are determined according to the sampling result, namely, a target linear regression function is called to process the type and frequency sampling values of the initial system calls in the sampling result, and the test weights corresponding to the different initial system calls are generated.
Further, a target linear regression function is called to process the type and frequency sampling values of the initial system call in the sampling result, and test weights corresponding to different initial system calls are generated, which can be specifically realized by the following method:
calculating initial weight corresponding to each type of initial system call according to the target linear regression function and the frequency sampling value of each initial system call in the sampling result;
and generating a test weight corresponding to each type of initial system call based on the initial weight and the first preset interval.
Further, calculating an initial weight corresponding to each type of initial system call according to the target linear regression function and the frequency sampling value of each initial system call in the sampling result, including:
and inputting the frequency sampling value corresponding to each type of initial system call into a target linear regression function for processing, and generating an initial weight corresponding to each type of initial system call.
Specifically, the target linear regression function may be a sigmoid function, the type and frequency sampling value of the initial system call in the sampling result are processed by calling the sigmoid function, and specifically, an initial weight corresponding to each type of system call is calculated according to the sigmoid function and the frequency sampling value of each type of initial system call in the sampling result, and the initial weight is mapped to a first preset interval to generate a test weight corresponding to each type of initial system call.
The initial weight corresponding to each type of system call is calculated according to the sigmoid function and the frequency sampling value of each type of initial system call in the sampling result, and specifically, the frequency sampling value corresponding to each type of initial system call in the sampling result is input into an expression of the sigmoid function for calculation to generate the initial weight corresponding to each type of initial system call.
In practical application, the expression of the sigmoid function is shown as formula (1).
Figure BDA0003211421520000071
Wherein z can be used to characterize each initial system call, σ (z) can be used to characterize the initial weight, and x can be used to characterize the frequency sample value of each initial system call; and inputting the frequency sampling value corresponding to any type of initial system call in the sampling result into the formula (1), namely performing normalization processing on the frequency sampling value of the type of initial system call to obtain the initial weight corresponding to the type of initial system call.
Further, after generating the initial weight corresponding to each type of initial system call, the test weight corresponding to each type of initial system call may be generated based on the initial weight and the first preset interval, and may specifically be implemented in the following manner:
determining a first boundary value according to a first preset interval, wherein the first boundary value belongs to the first preset interval;
and performing product operation on the initial weight corresponding to the initial system call of each type and the first boundary value to generate a test weight corresponding to the initial system call of each type.
Specifically, the first preset interval may be [1,1000], and thus, the first boundary value may be 1000; after the initial weight corresponding to each type of initial system call is generated, the initial weight corresponding to each type of initial system call may be mapped to a first preset interval through formula (2) to generate a test weight corresponding to each type of initial system call.
wzSigma (z)' 1000 equation (2)
Wherein, wzThe test weight corresponding to each initial system call can be characterized; after the initial weight corresponding to each type of initial system call is processed using equation (2), the initial weight can be mapped to [1,1000]Within this interval, the test weight corresponding to each type of initial system call is obtained.
In practical application, the first preset interval may be determined according to actual requirements, and is not limited herein, after the first preset interval is determined, the right boundary value of the first preset interval may be used as the first boundary value, and the initial weight corresponding to the initial system call of each type is multiplied by the first boundary value, so as to generate the test weight corresponding to the initial system call of each type.
In specific implementation, after the test weight corresponding to each type of initial system call is determined according to the sigmoid function and the first preset interval, the different types of initial system calls can be standardized according to the frequency sampling value corresponding to each type of initial system call, so that the test weights of the different types of initial system calls are represented based on the standardized processing result by using a curve corresponding to the sigmoid function, and the method can be specifically realized by the following steps:
sorting frequency sampling values of different initial system calls in the sampling result, and selecting a first frequency sampling value and a second frequency sampling value according to the sorting result;
and based on the first frequency sampling value and the second frequency sampling value, carrying out standardization processing on the frequency sampling values called by different initial systems to generate corresponding standardization processing results.
Further, based on the first frequency sampling value and the second frequency sampling value, normalizing the frequency sampling values of different initial system calls to generate a corresponding normalization result, including:
determining a second boundary value according to a second preset interval, and determining an interval length value of the second preset interval, wherein the second boundary value belongs to the second preset interval;
determining a first difference value of a frequency sampling value of each initial system call and the second frequency sampling value, and determining a second difference value of the first frequency sampling value and the second frequency sampling value;
determining the ratio of the first difference to the second difference, and performing product operation on the ratio and the interval length value;
and taking the difference between the product operation result and the second boundary value as a normalization processing result corresponding to each initial system call.
Specifically, in the embodiments of the present description, in order to express the test weights of different types of initial system calls by using the curve corresponding to the same sigmoid function, the ordinate of the sigmoid function is used to represent the value of the test weight, and the abscissa is used to represent different initial system calls, therefore, each initial system call is normalized according to the frequency sampling value of different initial system calls, so that the normalization result corresponds to the abscissa of the sigmoid function, and the position of the abscissa corresponding to different normalization results can represent one type of initial system call.
In practical application, after the sampling result is obtained, the frequency sampling values of different initial system calls in the sampling result can be sequenced, and the first frequency sampling value and the second frequency sampling value are selected according to the sequencing result; if the frequency sampling values are sorted in the descending order, the first frequency sampling value can be the frequency sampling value arranged at the first bit in the sorting result, and the second frequency sampling value can be the frequency sampling value arranged at the last bit in the sorting result; after the first frequency sampling value and the second frequency sampling value are determined, the frequency sampling values of different initial system calls can be standardized.
In addition, the second preset interval may be [ -10,10], after the second preset interval is determined, the second boundary value determined according to the second preset interval may be a right boundary value of the second preset interval, that is, 10, and the interval length value of the determined second preset interval is 20, and after the second boundary value and the interval length value are determined, the corresponding standardized processing result of each initial system call may be obtained according to the formula (3).
Figure BDA0003211421520000081
Wherein s iszFor characterizing the normalization process result of each initial system call, x for characterizing the frequency sample values of each initial system call, xmaxCharacterizing the first frequency sample value, xminRepresenting a second frequency sampling value; x-xminI.e. the first difference, x, between the frequency sample value of each initial system call and the second frequency sample valuemax-xminThe first difference value of the first frequency sampling value and the second frequency sampling value is obtained; and performing product operation on the ratio of the first difference value to the second difference value and the interval length value, and subtracting the product operation result from the right boundary value to generate a standardized processing result of each initial system call.
In practical applications, the second preset interval may be determined according to actual requirements, and is not limited herein.
In addition, after the normalization processing result of each initial system call is generated, if the test weights of different types of initial system calls need to be represented by using the curve of the sigmoid function, the normalization or normalization processing needs to be performed on the initial weight of each initial system call, which can be specifically realized by the following method:
inputting the frequency sampling value corresponding to each initial system call into a target linear regression function for processing, and generating an initial weight corresponding to the standardized processing result of each initial system call;
determining a first boundary value according to a first preset interval, wherein the first boundary value belongs to the first preset interval;
and performing product operation on the initial weight corresponding to the standardized processing result of each initial system call and the first boundary value to generate a test weight corresponding to the standardized processing result of each initial system call.
Specifically, mapping the frequency sampling value of each type of initial system call to a second preset interval is equivalent to performing standardization processing on the frequency sampling value of each type of initial system call so as to correspond the processing result to the abscissa of the sigmoid function; besides, the normalization processing is performed on the frequency sampling value, the normalization or normalization processing is also performed on the initial weight of the initial system call.
The initial weight corresponding to the normalization processing result of each type of initial system call is calculated according to the sigmoid function and the frequency sampling value of each type of initial system call in the sampling result, and specifically, the frequency sampling value corresponding to each type of initial system call in the sampling result can be input into an expression of the sigmoid function for calculation to generate the initial weight corresponding to the normalization processing result of each type of initial system call.
In practical application, the expression of the sigmoid function is shown in formula (4).
Figure BDA0003211421520000091
Wherein s iszThe result of the normalization process, σ(s), used to characterize each initial system callz) The initial weight corresponding to the standardized processing result for representing each type of initial system call, and x can be used for representing the frequency sampling value of each initial system call; and inputting the frequency sampling value corresponding to any type of initial system call in the sampling result into the formula (4), namely performing normalization processing on the frequency sampling value of the type of initial system call to obtain the initial weight corresponding to the normalization processing result of the type of initial system call.
In addition, the first preset interval may be [1,1000], and thus, the first boundary value may be 1000; after the initial weight corresponding to the normalization processing result of each type of initial system call is generated, the initial weight corresponding to the normalization processing result of each type of initial system call may be mapped to a first preset interval through formula (5) to generate the test weight corresponding to the normalization processing result of each type of initial system call.
Figure BDA0003211421520000092
Wherein the content of the first and second substances,
Figure BDA0003211421520000093
a test weight corresponding to a normalization processing result that can be used to characterize each initial system call; after the initial weight corresponding to the normalization processing result of each type of initial system call is processed by using the formula (5), the initial weight can be mapped to [1,1000]]Within this interval, the test weight corresponding to the normalization processing result of each type of initial system call is obtained.
After obtaining the test weight corresponding to the normalization processing result of each type of initial system call and the normalization processing result of each initial system call, the normalization processing result of each type of initial system call and the test weight corresponding to the normalization processing result of each initial system call may be mapped to the graph of the sigmoid function, a graph of the sigmoid function provided in the embodiment of the present specification is shown in fig. 2, each point in the graph represents one type of initial system call, the abscissa of the normalization processing result of each initial system call is in the interval [ -10,10], the ordinate (test weight) of each initial system call is in the interval [0,1000] (the abscissa of fig. 2 represents the number of times of execution of the normalization system call, and the ordinate represents the weight of the system call), and the curve value corresponding to the abscissa of the normalization processing result of any type of initial system call in the graph of the sigmoid function is the graph value Type initial system call test weight.
In addition, after sampling frequency sampling values of various types of initial system calls are obtained, the naming format of the system call name corresponding to the fuzzy test tool can be determined;
and converting different types of initial system calls in the sampling result according to the naming format, and performing associated storage on the conversion results of the different types of initial system calls and the corresponding test weights.
Specifically, in the fuzz testing process, the system call configuration item of the testing tool and the initial system call extracted by the sampling tool have a certain difference in name format, and therefore format conversion needs to be performed. In the embodiment of the present description, the initial system call name in the sampling result may be converted into a system call name that meets the configuration specification of the fuzzy test tool in a text conversion manner. Specifically, format conversion can be performed on the names of various types of initial system calls in the sampling result according to the template corresponding to the system call name of the fuzzy test tool.
After the conversion is finished, the conversion results of different types of initial system calls and the corresponding test weights thereof can be stored in an associated manner, and the system call names and the test weights thereof conforming to the fuzzy test configuration format can be input into a fuzzy test json configuration file in a dictionary manner, wherein the representation form is as follows: { system call name: system call weight }.
Based on this, the target system call is screened according to the test weight, and the operating system kernel of the target application is tested based on the target system call, which can be specifically realized by the following modes:
inquiring initial system call of the target application and test weight corresponding to the initial system call, and screening the initial system call according to the test weight to obtain target system call;
and generating a test case based on the target system call, and testing the operating system kernel of the target application based on the test case.
Specifically, when kernel fuzzy testing is performed, a test case needs to be constructed by using system calls, and the test case needs to cover the position (position of a code) where an application program of a target application is executed as accurately as possible, so that to ensure the coverage rate, a target system call with a large weight needs to be selected to construct the test case, and when target system call screening is performed, an initial system call of the target application and a test weight corresponding to the initial system call can be queried in a fuzzy test json configuration file, screening is performed according to a query result, one, two or more target system calls with a large weight are obtained, and then the test case is generated based on the target system calls to test the kernel of the operating system of the target application.
In one embodiment of the present description, an application program of a target application is acquired, the application program is started in an operating environment of the target application, an application process for running the application program is acquired, a sampling tool is called to sample types and frequencies of initial system calls executed by the application process, test weights corresponding to different initial system calls are determined according to sampling results, the target system calls are screened according to the test weights, and an operating system kernel of the target application is tested based on the target system calls, where the target system calls are at least one of the initial system calls.
In the embodiment of the specification, the target system call is automatically selected for the fuzzy test by sampling the initial system call used in the application program execution process, so that the automation level of the fuzzy test system call selection is improved; the current enabling mode is replaced by the weighting mode, so that the flexibility of calling and selecting the fuzzy test system is improved, the system calling and selecting with finer granularity is realized, and the fuzzy test is more suitable for the running environment of an actual application program; in addition, because the automatic weight generation is carried out based on the application program execution system calling frequency, the complexity of manual configuration caused by the conversion from the enabling mode to the weight mode is avoided.
In the embodiment of the specification, the initial system call executed in the running process of the application program of the target application is sampled, and the test weights of the initial system calls of different types are determined according to the type and execution frequency of the initial system call contained in the sampling result, so that the target system call for performing the fuzzy test on the kernel of the operating system of the target application is screened according to the test weights, and the kernel fuzzy test is performed by screening the target system call in such a way, so that the accuracy of the test result is favorably ensured, and the test efficiency is favorably improved.
The following will further describe the kernel testing method with reference to fig. 3 by taking an application of the kernel testing method provided in this specification to perform kernel fuzz testing on an operating system of application a as an example. Fig. 3 shows a flowchart of a processing procedure of a kernel testing method according to an embodiment of the present specification, which specifically includes the following steps.
Step 302, acquiring an application program of application a, and starting the application program in the running environment of application a.
And step 304, acquiring the application process running the application program, and calling a sampling tool to sample the initial system call executed by the application process.
And step 306, determining frequency sampling values of different types of initial system calls according to the sampling result.
And 308, determining test weights corresponding to different types of initial system calls according to the frequency sampling values.
At step 310, format conversion is initiated for the system call.
Specifically, a naming format of a system call name corresponding to the fuzzy test tool is determined, and different types of initial system calls in the sampling result are converted according to the naming format.
In step 312, initial system call weight configuration is performed.
And performing associated storage on the conversion results of the different types of initial system calls and the corresponding test weights.
And step 314, fuzzing test.
Specifically, an initial system call of an application A and a test weight corresponding to the initial system call are inquired, the initial system call is screened according to the test weight to obtain a target system call, a test case is generated based on the target system call, and an A operating system kernel of the application is tested based on the test case.
In the embodiment of the description, the initial system call executed in the running process of the application program of the application A is sampled, and the test weights of the initial system calls of different types are determined according to the type and the execution frequency of the initial system call contained in the sampling result, so that the target system call for performing the fuzzy test on the kernel of the operating system of the application A is screened according to the test weights, and the kernel fuzzy test is performed by screening the target system call in such a way, thereby being beneficial to ensuring the accuracy of the test result and improving the test efficiency.
Corresponding to the above method embodiment, the present specification further provides an embodiment of a core testing apparatus, and fig. 4 shows a schematic structural diagram of the core testing apparatus provided in an embodiment of the present specification. As shown in fig. 4, the apparatus includes:
an obtaining module 402 configured to obtain an application program of a target application and start the application program in a running environment of the target application;
a sampling module 404, configured to acquire an application process running the application program, and invoke a sampling tool to sample the type and frequency of an initial system call executed by the application process;
the testing module 406 is configured to determine testing weights corresponding to different initial system calls according to a sampling result, screen a target system call according to the testing weights, and test an operating system kernel of the target application based on the target system call, where the target system call is at least one of the initial system calls.
Optionally, the testing module 406 is further configured to invoke a target linear regression function to process the type and frequency sampling values of the initial system call in the sampling result, and generate testing weights corresponding to different initial system calls.
Optionally, the test module 406 includes:
the calculation submodule is configured to calculate an initial weight corresponding to each type of initial system call according to the target linear regression function and the frequency sampling value of each initial system call in the sampling result;
and the generating submodule is configured to generate a test weight corresponding to each type of initial system call based on the initial weight and a first preset interval.
Optionally, the calculation sub-module is further configured to:
and inputting the frequency sampling value corresponding to each type of initial system call into a target linear regression function for processing, and generating an initial weight corresponding to each type of initial system call.
Optionally, the generation submodule is further configured to:
determining a first boundary value according to a first preset interval, wherein the first boundary value belongs to the first preset interval;
and performing product operation on the initial weight corresponding to the initial system call of each type and the first boundary value to generate a test weight corresponding to the initial system call of each type.
Optionally, the core testing apparatus further includes:
the sequencing module is configured to sequence the frequency sampling values of different initial system calls in the sampling result, and select a first frequency sampling value and a second frequency sampling value according to the sequencing result;
and the standardization processing module is configured to standardize the frequency sampling values of different initial system calls based on the first frequency sampling value and the second frequency sampling value, and generate corresponding standardization processing results.
Optionally, the normalization processing module is further configured to:
determining a second boundary value according to a second preset interval, and determining an interval length value of the second preset interval, wherein the second boundary value belongs to the second preset interval;
determining a first difference value of a frequency sampling value of each initial system call and the second frequency sampling value, and determining a second difference value of the first frequency sampling value and the second frequency sampling value;
determining the ratio of the first difference to the second difference, and performing product operation on the ratio and the interval length value;
and taking the difference between the product operation result and the second boundary value as a normalization processing result corresponding to each initial system call.
Optionally, the test module 406 is further configured to:
inputting the frequency sampling value corresponding to each initial system call into a target linear regression function for processing, and generating an initial weight corresponding to the standardized processing result of each initial system call;
determining a first boundary value according to a first preset interval, wherein the first boundary value belongs to the first preset interval;
and performing product operation on the initial weight corresponding to the standardized processing result of each initial system call and the first boundary value to generate a test weight corresponding to the standardized processing result of each initial system call.
Optionally, the core testing apparatus further includes:
the determining module is configured to determine a naming format of a system call name corresponding to the fuzz testing tool;
and the conversion module is configured to convert different types of initial system calls in the sampling result according to the naming format, and store the conversion result of the different types of initial system calls and the corresponding test weights in an associated manner.
Optionally, the test module 406 is further configured to:
inquiring initial system call of the target application and test weight corresponding to the initial system call, and screening the initial system call according to the test weight to obtain target system call;
and generating a test case based on the target system call, and testing the operating system kernel of the target application based on the test case.
The above is a schematic scheme of the core testing apparatus of this embodiment. It should be noted that the technical solution of the core testing apparatus and the technical solution of the core testing method belong to the same concept, and details that are not described in detail in the technical solution of the core testing apparatus can be referred to the description of the technical solution of the core testing method.
FIG. 5 illustrates a block diagram of a computing device 500 provided in accordance with one embodiment of the present description. The components of the computing device 500 include, but are not limited to, a memory 510 and a processor 520. Processor 520 is coupled to memory 510 via bus 530, and database 550 is used to store data.
Computing device 500 also includes access device 540, access device 540 enabling computing device 500 to communicate via one or more networks 560. Examples of such networks include the Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), or a combination of communication networks such as the internet. The access device 540 may include one or more of any type of network interface, e.g., a Network Interface Card (NIC), wired or wireless, such as an IEEE802.11 Wireless Local Area Network (WLAN) wireless interface, a worldwide interoperability for microwave access (Wi-MAX) interface, an ethernet interface, a Universal Serial Bus (USB) interface, a cellular network interface, a bluetooth interface, a Near Field Communication (NFC) interface, and so forth.
In one embodiment of the present description, the above-described components of computing device 500, as well as other components not shown in FIG. 5, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device architecture shown in FIG. 5 is for purposes of example only and is not limiting as to the scope of the present description. Those skilled in the art may add or replace other components as desired.
Computing device 500 may be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), mobile phone (e.g., smartphone), wearable computing device (e.g., smartwatch, smartglasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 500 may also be a mobile or stationary server.
The processor 520 is configured to execute computer-executable instructions, which when executed by the processor implement the steps of the kernel testing method described above.
The above is an illustrative scheme of a computing device of the present embodiment. It should be noted that the technical solution of the computing device and the technical solution of the kernel test method belong to the same concept, and details that are not described in detail in the technical solution of the computing device can be referred to the description of the technical solution of the kernel test method.
An embodiment of the present specification further provides a computer-readable storage medium storing computer-executable instructions, which when executed by a processor implement the steps of the above-mentioned kernel testing method.
The above is an illustrative scheme of a computer-readable storage medium of the present embodiment. It should be noted that the technical solution of the storage medium belongs to the same concept as the technical solution of the above-mentioned core test method, and details that are not described in detail in the technical solution of the storage medium can be referred to the description of the technical solution of the above-mentioned core test method.
An embodiment of the present specification further provides a computer program, wherein when the computer program is executed in a computer, the computer is caused to execute the steps of the kernel testing method.
The above is an illustrative scheme of a computer program of the present embodiment. It should be noted that the technical solution of the computer program and the technical solution of the kernel test method belong to the same concept, and details that are not described in detail in the technical solution of the computer program can be referred to the description of the technical solution of the kernel test method.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The computer instructions comprise computer program code which may be in the form of source code, object code, an executable file or some intermediate form, or the like. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts, but those skilled in the art should understand that the present embodiment is not limited by the described acts, because some steps may be performed in other sequences or simultaneously according to the present embodiment. Further, those skilled in the art should also appreciate that the embodiments described in this specification are preferred embodiments and that acts and modules referred to are not necessarily required for an embodiment of the specification.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
The preferred embodiments of the present specification disclosed above are intended only to aid in the description of the specification. Alternative embodiments are not exhaustive and do not limit the invention to the precise embodiments described. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the embodiments and the practical application, to thereby enable others skilled in the art to best understand and utilize the embodiments. The specification is limited only by the claims and their full scope and equivalents.

Claims (14)

1. A kernel testing method, comprising:
acquiring an application program of a target application, and starting the application program in the running environment of the target application;
acquiring an application process running the application program, and calling a sampling tool to sample the type and frequency of initial system calls executed by the application process;
determining test weights corresponding to different initial system calls according to sampling results, screening target system calls according to the test weights, and testing an operating system kernel of the target application based on the target system calls, wherein the target system calls are at least one of the initial system calls.
2. The kernel test method according to claim 1, wherein the determining test weights corresponding to different initial system calls according to the sampling result comprises:
and calling a target linear regression function to process the type and frequency sampling values of the initial system call in the sampling result, and generating test weights corresponding to different initial system calls.
3. The kernel test method according to claim 2, wherein the invoking of the target linear regression function processes the type and frequency of the initial system call in the sampling result to generate test weights corresponding to different initial system calls, and comprises:
calculating initial weight corresponding to each type of initial system call according to the target linear regression function and the frequency sampling value of each initial system call in the sampling result;
and generating a test weight corresponding to each type of initial system call based on the initial weight and the first preset interval.
4. The kernel testing method of claim 3, wherein calculating the initial weight corresponding to each type of initial system call according to the target linear regression function and the frequency sampling value of each initial system call in the sampling result comprises:
and inputting the frequency sampling value corresponding to each type of initial system call into a target linear regression function for processing, and generating an initial weight corresponding to each type of initial system call.
5. The kernel test method according to claim 4, wherein the generating a test weight corresponding to each type of initial system call based on the initial weight and a first preset interval includes:
determining a first boundary value according to a first preset interval, wherein the first boundary value belongs to the first preset interval;
and performing product operation on the initial weight corresponding to the initial system call of each type and the first boundary value to generate a test weight corresponding to the initial system call of each type.
6. The core testing method of claim 1, further comprising:
sorting frequency sampling values of different initial system calls in the sampling result, and selecting a first frequency sampling value and a second frequency sampling value according to the sorting result;
and based on the first frequency sampling value and the second frequency sampling value, carrying out standardization processing on the frequency sampling values called by different initial systems to generate corresponding standardization processing results.
7. The kernel test method according to claim 6, wherein the normalizing the frequency sampling values of different initial system calls based on the first frequency sampling value and the second frequency sampling value to generate corresponding normalized results comprises:
determining a second boundary value according to a second preset interval, and determining an interval length value of the second preset interval, wherein the second boundary value belongs to the second preset interval;
determining a first difference value of a frequency sampling value of each initial system call and the second frequency sampling value, and determining a second difference value of the first frequency sampling value and the second frequency sampling value;
determining the ratio of the first difference to the second difference, and performing product operation on the ratio and the interval length value;
and taking the difference between the product operation result and the second boundary value as a normalization processing result corresponding to each initial system call.
8. The kernel testing method according to claim 6, wherein the determining the testing weights corresponding to different initial system calls according to the sampling result comprises:
inputting the frequency sampling value corresponding to each initial system call into a target linear regression function for processing, and generating an initial weight corresponding to the standardized processing result of each initial system call;
determining a first boundary value according to a first preset interval, wherein the first boundary value belongs to the first preset interval;
and performing product operation on the initial weight corresponding to the standardized processing result of each initial system call and the first boundary value to generate a test weight corresponding to the standardized processing result of each initial system call.
9. The core testing method of claim 1, further comprising:
determining a naming format of a system calling name corresponding to the fuzzy test tool;
and converting different types of initial system calls in the sampling result according to the naming format, and performing associated storage on the conversion results of the different types of initial system calls and the corresponding test weights.
10. The kernel test method of claim 9, said screening target system calls according to the test weights and testing an operating system kernel of the target application based on the target system calls, comprising:
inquiring initial system call of the target application and test weight corresponding to the initial system call, and screening the initial system call according to the test weight to obtain target system call;
and generating a test case based on the target system call, and testing the operating system kernel of the target application based on the test case.
11. A core testing apparatus comprising:
the system comprises an acquisition module, a storage module and a display module, wherein the acquisition module is configured to acquire an application program of a target application and start the application program in a running environment of the target application;
the sampling module is configured to acquire an application process running the application program and call a sampling tool to sample the type and frequency of initial system calls executed by the application process;
the test module is configured to determine test weights corresponding to different initial system calls according to a sampling result, screen a target system call according to the test weights, and test an operating system kernel of the target application based on the target system call, wherein the target system call is at least one of the initial system calls.
12. A computing device, comprising:
a memory and a processor;
the memory is configured to store computer-executable instructions and the processor is configured to execute the computer-executable instructions, which when executed by the processor implement the steps of the core testing method of any of claims 1 to 10.
13. A computer-readable storage medium storing computer-executable instructions which, when executed by a processor, implement the steps of the kernel testing method of any one of claims 1 to 10.
14. A computer program for causing a computer to perform the steps of the kernel testing method according to any one of claims 1 to 10 when said computer program is executed on a computer.
CN202110931803.9A 2021-08-13 2021-08-13 Kernel testing method and device Pending CN113806217A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110931803.9A CN113806217A (en) 2021-08-13 2021-08-13 Kernel testing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110931803.9A CN113806217A (en) 2021-08-13 2021-08-13 Kernel testing method and device

Publications (1)

Publication Number Publication Date
CN113806217A true CN113806217A (en) 2021-12-17

Family

ID=78943023

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110931803.9A Pending CN113806217A (en) 2021-08-13 2021-08-13 Kernel testing method and device

Country Status (1)

Country Link
CN (1) CN113806217A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115033497A (en) * 2022-08-11 2022-09-09 北京登临科技有限公司 Kernel function testing method, device, equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115033497A (en) * 2022-08-11 2022-09-09 北京登临科技有限公司 Kernel function testing method, device, equipment and storage medium
CN115033497B (en) * 2022-08-11 2022-11-25 北京登临科技有限公司 Kernel function testing method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN109902002B (en) Generation method and device of combined test case, storage medium and computer equipment
CN111722839A (en) Code generation method and device, electronic equipment and storage medium
CN113485880A (en) Test method and device
CN110879776A (en) Test case generation method and device
CN111290967A (en) Software defect prediction method, device, equipment and storage medium
CN114861910B (en) Compression method, device, equipment and medium of neural network model
CN112686371A (en) Network structure search method, device, equipment, storage medium and program product
CN113806217A (en) Kernel testing method and device
CN110895706B (en) Method and device for acquiring target cluster number and computer system
CN110750446A (en) System testing method and related device
CN107608844B (en) Method, system and device for testing hardware and computer readable storage medium
CN111767024A (en) Simple operation-oriented answering method and device
CN113312166B (en) Resource processing method and device
CN116560968A (en) Simulation calculation time prediction method, system and equipment based on machine learning
CN115952078A (en) Test case sequencing method, device and system and storage medium
CN113946363A (en) Method and device for executing and configuring service data, computer equipment and storage medium
CN113296870B (en) Method and device for predicting Kubernetes cluster configuration
CN113538130B (en) Abnormality detection method, device and system
CN111522644B (en) Method for predicting running time of parallel program based on historical running data
CN111898389B (en) Information determination method, information determination device, computer equipment and storage medium
Kumar Cloud Simulator Search Framework The Vigilant Fetcher
CN112905457B (en) Software testing method and device
CN115174366B (en) Data processing method and device
CN111124424A (en) Method and device for analyzing algorithm complexity
CN113342664B (en) Dial testing method, device, storage medium and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40063997

Country of ref document: HK