CN117033248B - Web fuzzy test method based on program state feedback and control flow diagram - Google Patents
Web fuzzy test method based on program state feedback and control flow diagram Download PDFInfo
- Publication number
- CN117033248B CN117033248B CN202311286476.1A CN202311286476A CN117033248B CN 117033248 B CN117033248 B CN 117033248B CN 202311286476 A CN202311286476 A CN 202311286476A CN 117033248 B CN117033248 B CN 117033248B
- Authority
- CN
- China
- Prior art keywords
- node
- control flow
- control
- program
- input field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000010586 diagram Methods 0.000 title claims abstract description 18
- 238000010998 test method Methods 0.000 title claims description 9
- 238000012360 testing method Methods 0.000 claims abstract description 44
- 230000035772 mutation Effects 0.000 claims abstract description 27
- 238000013507 mapping Methods 0.000 claims description 20
- 238000000034 method Methods 0.000 claims description 9
- 238000003780 insertion Methods 0.000 claims description 7
- 230000037431 insertion Effects 0.000 claims description 7
- 238000006467 substitution reaction Methods 0.000 claims description 7
- 238000013101 initial test Methods 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application belongs to the field of Web testing, and particularly relates to a Web fuzzy testing method based on program state feedback and control flow diagrams, which aims at solving the problems that a path is influenced by multidimensional fields in a Web request so as to increase the variation difficulty of seeds and reduce the generation rate of effective seeds, and provides the following scheme: and determining the control flow which is not tested according to the control flow diagram, and further finding out key control nodes affecting the control flow. And positioning the dependency relationship between the test case and the control node according to the I2S (Input-to-State) thought. The field with the dependency relationship in the test case is continuously mutated to achieve the purpose of improving mutation coverage rate.
Description
Technical Field
The application belongs to the field of Web testing, and particularly relates to a Web fuzzy testing method based on program state feedback and control flow diagrams.
Background
The existing Web fuzzy test method ignores the complex relation of the multidimensional input fields. The Web request packet includes a plurality of input fields, and the input fields are associated with each other. Multiple input fields may interact together on a test path, which is common in Web applications. This is a key reason for the inefficiency of the Web fuzzy test to generate test samples and the low coverage of the fuzzy test path. The existing Web fuzzy test technology does not consider this point, but randomly selects a field to mutate. When a plurality of fields control the same path, only one field is mutated, a new path cannot be generated, and according to the judging principle of the traditional fuzzy test, the test case is abandoned, so that the traditional Web fuzzy test cannot complete the test rapidly and effectively. A structure aware policy based on control flow graph and program state feedback is to be employed.
Disclosure of Invention
Based on the problems, the method and the device determine the control flow which is not tested according to the control flow graph, and further find the key control nodes affecting the control flow. And positioning the dependency relationship between the test case and the control node according to the program state feedback thought. The field with the dependency relationship in the test case is continuously mutated to achieve the purpose of improving mutation coverage rate. The technical proposal is as follows:
a Web fuzzy test method based on program state feedback and control flow graph comprises the following steps:
s0, selecting an initial test case to be added into a seed pool;
s1, regarding all programs of which control flows are not changed as a basic block according to an abstract syntax tree, namely, the basic block is a control flow graph;
s2, pile inserting is carried out on all basic blocks;
s3, selecting a field from the seed pool seed to input a seed operation program, updating a control flow diagram on one hand, generating a new control flow diagram, and finding key nodes affecting the control flow diagram through a control mapping relation between the input field and the seed operation program; on the other hand, when the seed running program is run, the feedback mapping relation between the multidimensional input field and the control node is identified and marked;
according to the feedback mapping relation between the input field and the control instruction, reversely positioning the input field influencing the control instruction, and determining the position of the input field to be mutated;
s4, carrying out deterministic byte-by-byte variation on the input field to be mutated, and putting the input field tested to the new control node into a seed pool for next mutation;
s5, placing the test case generated by mutation into a target program for execution, if the coverage rate of the executed program is updated, reserving the program and adding the program into a seed pool, and repeating the steps S3-S5.
Preferably, in step S2, all basic blocks are stake-inserted:
s21, analyzing the target code into an abstract syntax tree:
taking the code which is sequentially executed as a basic block, performing depth-first traversal on the abstract syntax tree from a root node, and simultaneously performing target position on each basic block: performing corresponding pile inserting operation on the function inlet, the function outlet, the circulation starting point or the circulation ending point and the conditional branch, wherein the target position of each basic block is the pile inserting point;
s22, generating additional codes or instructions according to the positions of the inserting points, and recording data and tracking an execution path;
s23, inserting the generated plug-in code into the target position of the basic block.
Preferably, in step S3,
s31, generating a control flow graph CFG according to the abstract syntax tree AST, and converting the structure of the AST into a graph structure of the CFG;
s32, traversing each node of the AST, and determining the type of each node and the child nodes of the node; for each node in the AST, determining a corresponding basic block according to the type and the child node of the node;
s33, creating a node for each basic block, wherein the nodes correspond to nodes in a control flow graph, and creating edges from a source node to a target node according to the control flow relation of the nodes in AST;
s34, converting a circulating structure into a basic block for the circulating structure in the AST, and creating an independent node for the basic block; if there are multiple nodes referenced by only one node, then the nodes may be merged into a new node;
s35, finally determining an inlet node and an outlet node, so as to form a complete control flow graph.
Preferably, in step S3, the control mapping relationship is that the mapping relationship between the input field and the control instruction is identified by turning over each input field and placing a label on each input field, and the mapping relationship is located to the control instruction which is not tested in the original program; the marks are distributed through the control mapping relation, and the control instruction information is collected.
Preferably, in step S4, the field is input for mutation operation, the test case produced after the mutation operation is performed is input to the program for testing, and if a new control node is tested, the test case is put into the seed pool for next mutation; otherwise, the current mutation is regarded as invalid, and the current use case is discarded.
Preferably, in step S4, the variant forms include byte flipping, byte substitution, random number insertion, and dictionary variant; wherein the method comprises the steps of
Byte flip: generating a new test case by randomly selecting one or more bytes in the data and reversing the position of the bytes from 0 to 1 or from 1 to 0;
byte substitution: replacing the selected byte with other randomly selected bytes to generate a new test case;
random number insertion: inserting randomly selected bytes in the input data;
dictionary mutation: and replacing, repeating and inserting the input data according to the corpus in the corpus library.
Compared with the prior art, the beneficial effects of the application are as follows:
the method aims at the problems that the multi-dimensional fields in the Web request affect one path together, so that the variation difficulty of seeds is increased, and the generation rate of effective seeds is reduced. A structure sensing strategy based on control flow graphs and program state feedback is provided, and untested control flows are determined according to the control flow graphs, so that key control nodes affecting the control flows are found. And positioning the dependency relationship between the test case and the control node according to the I2S (Input-to-State) thought. The coverage rate and the mutation efficiency of the Web fuzzy test are improved by constantly mutating the fields with the dependency relationship in the test cases.
Drawings
Fig. 1 is a diagram of a policy model implemented by the method of Web fuzzy testing based on program state feedback and control flow diagrams of the present application.
Fig. 2 is a flow chart of a method for selecting variant fields based on state feedback and control flow diagrams.
Detailed Description
The following detailed description is exemplary and is intended to provide further explanation of the present application. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments in accordance with the present application.
A Web fuzzy test method based on program state feedback and control flow graph comprises the following steps:
s0. selecting some input files as seeds for initial test and adding the seeds into an input queue to form a seed pool;
s1, regarding all programs of which control flows are not changed as a basic block according to an abstract syntax tree, namely, the basic block is a control flow graph;
s2, pile inserting is carried out on all basic blocks, and the concrete steps are as follows:
pile-inserting is carried out on all basic blocks:
s21, analyzing the target code into an abstract syntax tree:
taking the code which is sequentially executed as a basic block, performing depth-first traversal on the abstract syntax tree from a root node, and simultaneously performing target position on each basic block: performing corresponding pile inserting operation on the function inlet, the function outlet, the circulation starting point or the circulation ending point and the conditional branch, wherein the target position of each basic block is the pile inserting point;
s22, generating additional codes or instructions according to the positions of the inserting points, and recording data and tracking an execution path;
s23, inserting the generated plug-in code into the target position of the basic block.
S3, selecting a field from the seed pool seed to input a seed operation program, updating a control flow diagram on one hand, generating a new control flow diagram, and finding key nodes affecting the control flow diagram through a control mapping relation between the input field and the seed operation program; on the other hand, when the seed running program is run, the feedback mapping relation between the multidimensional input field and the control node is identified and marked;
the control mapping relation is that the mapping relation between the input field and the control instruction is identified by turning each input field and placing a label on each input field, and the mapping relation is positioned to the control instruction which is not tested in the original program; the marks are distributed through the control mapping relation, and the control instruction information is collected.
According to the feedback mapping relation between the input field and the control instruction, reversely positioning the input field influencing the control instruction, and determining the position of the input field to be mutated;
the control flow graph update process is as follows:
s31, generating a control flow graph CFG according to the abstract syntax tree AST, and converting the structure of the AST into a graph structure of the CFG;
s32, traversing each node of the AST, and determining the type of each node and the child nodes of the node; for each node in the AST, determining a corresponding basic block according to the type and the child node of the node;
s33, creating a node for each basic block, wherein the nodes correspond to nodes in a control flow graph, and creating edges from a source node to a target node according to the control flow relation of the nodes in AST;
s34, converting a circulating structure into a basic block for the circulating structure in the AST, and creating an independent node for the basic block; if there are multiple nodes referenced by only one node, then the nodes may be merged into a new node;
s35, finally determining an inlet node and an outlet node, so as to form a complete control flow graph.
S4, carrying out deterministic byte-by-byte variation on the input field to be mutated, and putting the input field tested to the new control node into a seed pool for next mutation;
inputting a field to carry out mutation operation, inputting a test case produced after the mutation operation to a program to carry out test, and if a new control node is tested, putting the test case into a seed pool to carry out next-round mutation; otherwise, the current mutation is regarded as invalid, and the current use case is discarded.
Table 1 variants include byte flipping, byte substitution, random number insertion, and dictionary variants; wherein the method comprises the steps of
Byte flip: generating a new test case by randomly selecting one or more bytes in the data and reversing the position of the bytes from 0 to 1 or from 1 to 0;
byte substitution: replacing the selected byte with other randomly selected bytes to generate a new test case;
random number insertion: inserting randomly selected bytes in the input data;
dictionary mutation: and replacing, repeating and inserting the input data according to the corpus in the corpus library.
TABLE 1 variant forms
| Mutation operation | Description of the invention |
| Byte flipping | It generates a new test case by randomly selecting one or more bytes in the input data and flipping its bit value (either from 0 to 1 or from 1 to 0). |
| Byte substitution | This mutation strategy is similar to byte flip, but not just simply flip the bit values. It replaces the selected byte with other randomly selected bytes to generate a new test case. |
| Random number insertion | Randomly selected bytes are inserted into the input data to increase the length and complexity of the test case. |
| Dictionary mutation | The method can replace, repeat, insert and the like the input data according to the corpus in the corpus. Constant string fragments smaller than 1kb are expected to be collected during the instrumentation phase. |
S5, placing the test case generated by mutation into a target program for execution, if the coverage rate of the executed program is updated, reserving the program and adding the program into a seed pool, and repeating the steps S3-S5.
Claims (5)
1. The Web fuzzy test method based on the program state feedback and the control flow diagram is characterized by comprising the following steps:
s0. selecting some input files as seeds for initial test and adding the seeds into an input queue to form a seed pool;
s1, regarding all programs of which control flows are not changed as a basic block according to an abstract syntax tree, namely, the basic block is a control flow graph;
s2, pile inserting is carried out on all basic blocks;
s3, selecting a field from the seed pool seed to input a seed operation program, updating a control flow diagram on one hand, generating a new control flow diagram, and finding key nodes affecting the control flow diagram through a control mapping relation between the input field and the seed operation program; on the other hand, when the seed running program is run, the feedback mapping relation between the multidimensional input field and the control node is identified and marked;
according to the feedback mapping relation between the input field and the control instruction, reversely positioning the input field influencing the control instruction, and determining the position of the input field to be mutated;
s31, generating a control flow graph CFG according to the abstract syntax tree AST, and converting the structure of the AST into a graph structure of the CFG;
s32, traversing each node of the AST, and determining the type of each node and the child nodes of the node; for each node in the AST, determining a corresponding basic block according to the type and the child node of the node;
s33, creating a node for each basic block, wherein the nodes correspond to nodes in a control flow graph, and creating edges from a source node to a target node according to the control flow relation of the nodes in AST;
s34, converting a circulating structure into a basic block for the circulating structure in the AST, and creating an independent node for the basic block; if there are multiple nodes referenced by only one node, then the nodes are merged into a new node;
s35, finally determining an inlet node and an outlet node, so as to form a complete control flow graph;
s4, carrying out deterministic byte-by-byte variation on the input field to be mutated, and putting the input field tested to the new control node into a seed pool for next mutation;
s5, placing the test case generated by mutation into a target program for execution, if the coverage rate of the executed program is updated, reserving the program and adding the program into a seed pool, and repeating the steps S3-S5.
2. The Web fuzzy testing method based on program state feedback and control flow graph of claim 1, wherein in step S2, all basic blocks are instrumented:
s21, analyzing the target code into an abstract syntax tree:
taking the code which is sequentially executed as a basic block, performing depth-first traversal on the abstract syntax tree from a root node, and simultaneously performing target position on each basic block: performing corresponding pile inserting operation on the function inlet, the function outlet, the circulation starting point or the circulation ending point and the conditional branch, wherein the target position of each basic block is the pile inserting point;
s22, generating additional codes or instructions according to the positions of the inserting points, and recording data and tracking an execution path;
s23, inserting the generated plug-in code into the target position of the basic block.
3. The Web fuzzy test method based on program state feedback and control flow graph of claim 1, wherein in step S3, the control mapping relation is identified by turning over each input field and placing a label on each input field, and the mapping relation between the input field and the control instruction is located to the control instruction not tested in the original program; the marks are distributed through the control mapping relation, and the control instruction information is collected.
4. The Web fuzzy test method based on program state feedback and control flow graph as claimed in claim 1, wherein in step S4, the input field performs mutation operation, the test case produced after the mutation operation is input to the program for testing, if a new control node is tested, the test case is put into a seed pool for next round of mutation; otherwise, the current mutation is invalid and the test case is discarded.
5. The Web fuzzy test method based on program state feedback and control flow graph of claim 1, wherein in step S4, the variant forms include byte flipping, byte substitution, random number insertion and dictionary variant; wherein the method comprises the steps of
Byte flip: generating a new test case by randomly selecting one or more bytes in the data and reversing the position of the bytes from 0 to 1 or from 1 to 0;
byte substitution: replacing the selected byte with other randomly selected bytes to generate a new test case;
random number insertion: inserting randomly selected bytes in the input data;
dictionary mutation: and replacing, repeating and inserting the input data according to the corpus in the corpus library.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311286476.1A CN117033248B (en) | 2023-10-08 | 2023-10-08 | Web fuzzy test method based on program state feedback and control flow diagram |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311286476.1A CN117033248B (en) | 2023-10-08 | 2023-10-08 | Web fuzzy test method based on program state feedback and control flow diagram |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117033248A CN117033248A (en) | 2023-11-10 |
| CN117033248B true CN117033248B (en) | 2024-01-26 |
Family
ID=88630303
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311286476.1A Active CN117033248B (en) | 2023-10-08 | 2023-10-08 | Web fuzzy test method based on program state feedback and control flow diagram |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117033248B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6556876B1 (en) * | 2000-10-12 | 2003-04-29 | National Semiconductor Corporation | Hybrid fuzzy closed-loop sub-micron critical dimension control in wafer manufacturing |
| CN115237760A (en) * | 2022-07-08 | 2022-10-25 | 中国人民解放军战略支援部队信息工程大学 | JavaScript engine directional fuzzy test method and system based on natural language processing |
| CN115328803A (en) * | 2022-09-02 | 2022-11-11 | 北京信息科技大学 | Cyclic code fuzzy test method for mapping relation guidance |
| CN115934544A (en) * | 2022-12-14 | 2023-04-07 | 杭州电子科技大学 | Mixed fuzzy test method and system based on multivariate seed selection |
| CN116069672A (en) * | 2023-03-23 | 2023-05-05 | 中南大学 | Seed variation method and test method for kernel directional fuzzy test of operating system |
| CN116541286A (en) * | 2023-05-09 | 2023-08-04 | 杭州金衡昇科技有限公司 | High coverage rate test data generation method based on pile insertion and symbol execution |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11151018B2 (en) * | 2018-04-13 | 2021-10-19 | Baidu Usa Llc | Method and apparatus for testing a code file |
-
2023
- 2023-10-08 CN CN202311286476.1A patent/CN117033248B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6556876B1 (en) * | 2000-10-12 | 2003-04-29 | National Semiconductor Corporation | Hybrid fuzzy closed-loop sub-micron critical dimension control in wafer manufacturing |
| CN115237760A (en) * | 2022-07-08 | 2022-10-25 | 中国人民解放军战略支援部队信息工程大学 | JavaScript engine directional fuzzy test method and system based on natural language processing |
| CN115328803A (en) * | 2022-09-02 | 2022-11-11 | 北京信息科技大学 | Cyclic code fuzzy test method for mapping relation guidance |
| CN115934544A (en) * | 2022-12-14 | 2023-04-07 | 杭州电子科技大学 | Mixed fuzzy test method and system based on multivariate seed selection |
| CN116069672A (en) * | 2023-03-23 | 2023-05-05 | 中南大学 | Seed variation method and test method for kernel directional fuzzy test of operating system |
| CN116541286A (en) * | 2023-05-09 | 2023-08-04 | 杭州金衡昇科技有限公司 | High coverage rate test data generation method based on pile insertion and symbol execution |
Non-Patent Citations (1)
| Title |
|---|
| 变异策略动态构建的模糊测试数据生成方法;焦龙龙;罗森林;曹伟;潘丽敏;张笈;;北京理工大学学报(05);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117033248A (en) | 2023-11-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Rajpal et al. | Not all bytes are equal: Neural byte sieve for fuzzing | |
| Girgis | Automatic test data generation for data flow testing using a genetic algorithm. | |
| Vanneschi et al. | A new implementation of geometric semantic GP and its application to problems in pharmacokinetics | |
| Luo et al. | ICS protocol fuzzing: Coverage guided packet crack and generation | |
| CN111797010B (en) | Intelligent contract test case generation method applying improved genetic algorithm | |
| Li et al. | PASS: string solving with parameterized array and interval automaton | |
| CN109804387A (en) | Automatic quantum bit calibration | |
| CN110399286B (en) | Independent path-based automatic test data generation method | |
| Aye et al. | Learning autocompletion from real-world datasets | |
| CN115562987A (en) | Fuzzy test method for intelligent contract calling sequence optimization and resource allocation guidance | |
| Lissovoi et al. | Computational complexity analysis of genetic programming | |
| Ghiduk et al. | Using genetic algorithms and dominance concepts for generating reduced test data | |
| CN117033248B (en) | Web fuzzy test method based on program state feedback and control flow diagram | |
| Scott et al. | Constraint solving on bounded string variables | |
| CN109144498A (en) | A kind of the API auto recommending method and device of object-oriented instantiation task | |
| CN110879778B (en) | Novel dynamic feedback and improved patch evaluation software automatic repair method | |
| Alshraideh | A complete automation of unit testing for JavaScript programs | |
| Meyerson et al. | Finding longest paths in hypercubes, snakes and coils | |
| Mista et al. | Generating random structurally rich algebraic data type values | |
| Husfeldt et al. | New lower bound techniques for dynamic partial sums and related problems | |
| CN115048298A (en) | Seed scheduling weight value distribution method for data packet splicing | |
| de Abreu et al. | Automatic test data generation for path testing using a new stochastic algorithm | |
| Antonov et al. | Blending Dynamic Programming with Monte Carlo Simulation for Bounding the Running Time of Evolutionary Algorithms | |
| Zhao et al. | AMSFuzz: An adaptive mutation schedule for fuzzing | |
| CN115879868B (en) | Expert system and deep learning integrated intelligent contract security audit method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |