CN111881039A - Seed processing method and system for fuzz test, fuzz test method and system and storage medium - Google Patents
Seed processing method and system for fuzz test, fuzz test method and system and storage medium Download PDFInfo
- Publication number
- CN111881039A CN111881039A CN202010723505.6A CN202010723505A CN111881039A CN 111881039 A CN111881039 A CN 111881039A CN 202010723505 A CN202010723505 A CN 202010723505A CN 111881039 A CN111881039 A CN 111881039A
- Authority
- CN
- China
- Prior art keywords
- block
- code
- program
- code block
- seed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3676—Test management for coverage analysis
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a seed processing and fuzzy testing method, a system and a storage medium for fuzzy testing, which are applied to the software testing technology, wherein the seed processing method comprises the steps of obtaining the static weight of each program block; counting the running times of each program block in the fuzzy test, and obtaining the dynamic weight of each program block in each fuzzy test according to the running times of each program block in the statistics; scoring the seeds in the seed bank according to the static weight and the dynamic weight; selecting seeds for mutation, wherein a test case is obtained, and the higher the seed score is, the higher the probability of selection is; and counting the code coverage rate, and updating the test case into the seed library according to the code coverage rate of the test case. According to the scheme, the code coverage rate can be improved, so that software bugs can be fully excavated.
Description
Technical Field
The invention relates to a software testing technology, in particular to a seed processing and fuzz testing method and system of fuzz testing and a storage medium.
Background
With the rapid increase of the software scale, the software complexity is continuously improved, and the number of holes leaked in the software is also continuously increased. Due to the increase of software complexity, vulnerabilities are increasingly hidden, and the workload of vulnerability mining is increased. In order to reduce the workload of vulnerability mining, people start to use an automated way of fuzz testing instead of manually mining vulnerabilities. The fuzzy test is to generate random inputs as a test program for the test cases continuously, and to adjust the generation of the test cases according to the running conditions of the program. Based on this principle, many fuzz testing tools have been developed. However, due to the success of the fuzz testing tool afl, it is currently believed that the coverage of the tested program in fuzz testing is a strong guide to the performance improvement of fuzz testing. There are studies showing that when code coverage increases by 1%, the percentage of bugs is found to increase by 0.92%.
A plurality of schemes are provided at home and abroad aiming at improving the coverage rate of the tested program tested by the fuzzy testing tool. For example, a fuzzy test tool and symbolic execution are combined, when the fuzzy test tool faces some complex judgment conditions and cannot be covered in a random mode, the symbolic execution tool solves the conditions to obtain seeds which can cover the judgment conditions and codes later, and therefore the code coverage rate is improved. Or combining a fuzzy test tool with taint analysis, and in the same way, in the face of relatively complex judgment conditions, acquiring which input parts are related to the judgment conditions through taint analysis, and then only obtaining the input parts related to the judgment conditions through taint analysis to cover the judgment conditions, so that the code coverage rate is improved. Further alternatively, the coverage measurement is changed, using edge coverage to measure coverage at afl and using block coverage to measure coverage at libfuzz test tool.
The related art is not too heavy or does not provide good guidance for improving the coverage rate of the fuzz testing tool to test the tested program. The prior art is not too heavy or does not provide good guidance for improving the coverage rate of the tested program tested by the fuzz testing tool. For example, symbolic execution techniques require the input to be converted to symbols, followed by program simulation execution until the conditional equations at the constraints are solved. But the larger the program size, the more difficult it is to establish equations, and the more difficult it is to model for some specific kernel programs. The more difficult it is to solve the symbolic execution. Further, the use of taint analysis techniques requires the establishment of taint tags and taint propagation rules, which not only require reinterpretation of all tainted instructions to add taint operations, but also require the storage of a large number of taint tags. On one hand, the running time of the original tested program is increased, and the fuzz testing tool is also enabled to apply for a larger space to store the dirty label. While the fuzz test simply makes a random variation to the seed and then gives it to the tested program to be executed. It can be seen that the process of the above technique is much more focused on the running of the fuzz testing tool, slowing down the speed of the fuzz testing tool. And the coverage rate of the tested program is simply selected as a standard, so that a large amount of coverage rate information is lost, and the fuzzy test tool is hardly helped to improve the code coverage rate of the tested program.
Disclosure of Invention
To solve at least one of the above-mentioned technical problems, the present invention is directed to: a seed processing method, a fuzz testing system and a storage medium for fuzz testing are provided to improve the code coverage rate of a tested program.
In a first aspect, an embodiment of the present invention provides:
a seed treatment method for fuzz testing, comprising the following steps:
acquiring the static weight of each program block;
counting the running times of each program block in the fuzzy test, and obtaining the dynamic weight of each program block in each fuzzy test according to the running times of each program block in the statistics;
scoring the seeds in the seed bank according to the static weight and the dynamic weight;
selecting seeds for mutation, wherein a test case is obtained, and the higher the seed score is, the higher the probability of selection is;
and counting the code coverage rate, and updating the test case into the seed library according to the code coverage rate of the test case.
Further, the obtaining the static weight of each block includes:
and performing instrumentation on the tested program, and analyzing the control flow diagram of the tested program to obtain the static weight of each program block of the tested program.
Further, the analyzing the control flow graph of the tested program to obtain the static weight of each program block of the tested program includes:
traversing code blocks of a program control flow graph, and calculating the transition probability of each side;
traversing the code blocks of the program control flow graph again to calculate the mathematical expectation of each code block;
and taking the reciprocal of the mathematical expectation of each code block as a static weight.
Further, said traversing the code blocks of the program control flow graph again to compute a mathematical expectation for each code block, comprising:
establishing a sequence;
storing the post blocks of the code blocks into the sequence, and taking out the post blocks to realize depth-first traversal;
the processing comprises the following steps:
calculating a mathematical expectation of the code block, wherein the mathematical expectation of the first code block is the mathematical expectation of a preamble of the first code block and a transition probability of the preamble to an edge of the first code block;
when the mathematical expectation of the front block of the first code block is null and the front block of the first code block is a child block of the first code block, marking the first code block as a loop entrance, marking the front block of the first code block to the edge of the block as a return edge, taking the rear block entering the first code block as a next access block, subtracting one from the length of the sequence as a loop mark, and taking the mathematical expectation of the front block of the first code block as zero to calculate the mathematical expectation of the first code block;
when the mathematical expectation of the prefix block of the first code block is null and the prefix block of the first code block is not a child block of the first code block, storing the first code block in a position added to the sequence corresponding to the loop marker without calculating the mathematical expectation of the first code block;
when the post block of the first code block has mathematical expectation and the transition probability from the first code block to the edge of the post block of the first code block is positive, calculating a constant to represent the transition probability from the front block of the post block of the first code block to the edge of the post block of the first code block, adding the post block of the first code block into the sequence, deleting the mathematical expectation of the child block of the post block of the first code block, and deleting the back edge mark corresponding to the first code block.
The constant is 1/((E (the postblock of the first code block) -E (the first code block) × W (transition probability of each pre-block to the first code block))/E (the postblock of the first code block)), where E represents the mathematical expectation.
Further, the counting the number of times of operation of each block in the fuzzy test, and obtaining the dynamic weight of each block according to the number of times of operation of each block in the counting in each fuzzy test includes:
counting the running times of each program block in the fuzzy test in a pile inserting mode;
calculating the operation probability of each program block by combining the statistics and a preset formula;
and negating the operation probability of the program block as the dynamic weight of the program block.
Further, the preset formula is a piecewise function including a first sub-function and a second sub-function;
when the operation times of the code block are less than or equal to a first threshold value, calculating the operation probability of the code block by adopting a first sub-function;
and when the running times of the code block are larger than the first threshold value, calculating the running probability of the code block by adopting a second sub-function.
In a second aspect, an embodiment of the present invention provides:
a fuzz testing method includes the following steps;
and when the fuzz test is carried out, the seed processing method of the fuzz test is executed.
A fuzz testing seed treatment system comprising:
a static weight obtaining unit for obtaining a static weight of each block;
the dynamic weight acquisition unit is used for counting the operation times of each program block in the fuzzy test and obtaining the dynamic weight of each program block in each fuzzy test according to the operation times of each program block in the counting;
the scoring unit is used for scoring the seeds in the seed database according to the static weight and the dynamic weight;
the variation unit is used for selecting seeds to perform variation, wherein a test case is obtained, and the higher the seed score is, the higher the selection probability is;
and the updating unit is used for counting the code coverage rate and updating the test case into the seed library according to the code coverage rate of the test case.
In a third aspect, an embodiment of the present invention provides:
a fuzz testing seed treatment system comprising:
a memory for storing a program;
and the processor is used for loading the program to execute the seed processing method of the fuzz test.
In a fourth aspect, an embodiment of the present invention provides:
a storage medium storing a program which, when executed by a processor, implements the seed processing method of the fuzz test.
The embodiment of the invention has the beneficial effects that: the method and the device evaluate the seeds by combining the static weight and the dynamic weight, select the seeds according to the weights when selecting the seeds, change the selection tendency of the seeds by means of the dynamic weight, and place the test cases into the seed library according to the code coverage rate.
Drawings
FIG. 1 is a flow chart of a seed treatment method for fuzz testing according to an embodiment of the present invention;
FIG. 2 is a flow chart of another seed treatment method for fuzz testing according to an embodiment of the present invention;
FIG. 3 is a flow chart of program control provided in accordance with an embodiment of the present invention;
fig. 4 is a flowchart of a static analysis program control flow graph provided in accordance with an embodiment of the present invention.
Detailed Description
The invention is further described with reference to the drawings and the specific examples.
Referring to fig. 1 and 2, the embodiment discloses a seed treatment method for fuzz testing, which includes the following steps:
and step 110, acquiring the static weight of each program block.
In this embodiment, the control flow graph of the program to be tested may be analyzed based on any manner to determine the static weight of each block. The static weight of a block represents the probability that the block of code is executed in the control flow graph.
And step 120, counting the operation times of each program block in the fuzzy test, and obtaining the dynamic weight of each program block in each fuzzy test according to the operation times of each program block in the counting.
In this step, all the code blocks running in the fuzzy test are counted, and the dynamic weight of each program block is recalculated in each fuzzy test according to the statistical condition, and the dynamic weight also represents the probability of the code block being executed in the control flow graph. Unlike static weights, dynamic weights change as the fuzz test progresses.
And step 130, scoring the seeds in the seed database according to the static weight and the dynamic weight.
And scoring the seeds in the seed database by combining the static weight and the dynamic weight, wherein the scoring can be realized by weighting or multiplying the static weight and the dynamic weight.
And 140, selecting seeds for mutation, wherein test cases are obtained, and the higher the seed score is, the higher the probability of selection is.
In this embodiment, the seeds are selected according to the weights of the seeds in the seed database, and the selected seeds may be entirely correlated with the weights.
And 150, counting the code coverage rate, and updating the test cases into the seed library according to the code coverage rate of the test cases.
In this embodiment, the test cases for improving the code coverage are placed in the seed library.
The method and the device evaluate the seeds by combining the static weight and the dynamic weight, select the seeds according to the weights when selecting the seeds, change the selection tendency of the seeds by means of the dynamic weight, and place the test cases with code coverage satisfying conditions into the seed library.
In some embodiments, the obtaining the static weight of each block includes:
and performing instrumentation on the tested program, and analyzing the control flow diagram of the tested program to obtain the static weight of each program block of the tested program.
In this embodiment, the llvm tool may be used to perform instrumentation on the program under test, and then analyze the control flow graph of the program, where only the instrumented function is analyzed, and the analysis result is saved. The control flow graph can be simply analyzed by the method of pile insertion, so that the static weight of each program block is obtained.
In some embodiments, the analyzing the control flow graph of the program under test to obtain the static weight of each block of the program under test includes:
traversing code blocks of a program control flow graph, and calculating the transition probability of each side;
traversing the code blocks of the program control flow graph again to calculate the mathematical expectation of each code block;
and taking the reciprocal of the mathematical expectation of each code block as a static weight.
In the embodiment, complex deep logic can be mined by firstly calculating the transition probability of each edge, then traversing the code blocks of the control flow graph, calculating the mathematical expectation of each block, and then taking the reciprocal of the mathematical expectation as a static weight.
In some embodiments, said traversing the code blocks of the program control flow graph again to calculate the mathematical expectation for each code block comprises:
establishing a sequence;
storing the post blocks of the code blocks into the sequence, and taking out the post blocks to realize depth-first traversal;
the processing comprises the following steps:
calculating a mathematical expectation of the code block, wherein the mathematical expectation of the first code block is the mathematical expectation of a preamble of the first code block and a transition probability of the preamble to an edge of the first code block;
when the mathematical expectation of the front block of the first code block is null and the front block of the first code block is a child block of the first code block, marking the first code block as a loop entrance, marking the front block of the first code block to the edge of the block as a return edge, taking the rear block entering the first code block as a next access block, subtracting one from the length of the sequence as a loop mark, and taking the mathematical expectation of the front block of the first code block as zero to calculate the mathematical expectation of the first code block;
when the mathematical expectation of the prefix block of the first code block is null and the prefix block of the first code block is not a child block of the first code block, storing the first code block in a position added to the sequence corresponding to the loop marker without calculating the mathematical expectation of the first code block;
when the post block of the first code block has mathematical expectation and the transition probability from the first code block to the edge of the post block of the first code block is positive, calculating a constant to represent the transition probability from the front block of the post block of the first code block to the edge of the post block of the first code block, adding the post block of the first code block into the sequence, deleting the mathematical expectation of the child block of the post block of the first code block, and deleting the back edge mark corresponding to the first code block.
The constant is 1/((E (the postblock of the first code block) -E (the first code block) × W (transition probability of each pre-block to the first code block))/E (the postblock of the first code block)), where E represents the mathematical expectation.
Referring to fig. 3 and 4, the present embodiment will be further described with respect to the calculation of the static weight. As shown in fig. 3, it includes blocks a-I. The prefix block refers to a code block that is previous to a certain code block in the program control flow graph, and for example, the prefix block of B is C. The post block refers to a code block next to a certain code block in the program control flow graph, for example, the post block of C is D, E. Child blocks refer to all blocks in a program control flow graph that can be found in a block iteration following a certain code block, e.g., the child blocks of C are D, E, F, G, H, and I.
First a depth-first traversal of the program control flow graph is performed. Since the post block of a is only B, the edge transition probability a- > B is known to be 1. And the post-block of C has D, E, so the edge transition probability C- > D ═ 1/2, C- > E ═ 1/2 is known easily. All blocks of the program control flow graph can be traversed to calculate B- > C ═ 1, E- > F ═ 1, F- > G ═ 1/2, F- > H ═ 1/2, H- > C ═ 1, C- > D ═ 1, and D- > F ═ 1. Depth-first traversal of the program flow graph is again performed. The sequence li is established. Since the post block of A is B, B is pushed into the sequence li. And p (a) ═ 1. Next, the block B is extracted from the sequence li, and p (B) ═ p (a) × a- > B ═ 1 is calculated. And pressing the post block C of the B into the sequence. C is taken out of the sequence li, there is no mathematical expectation that the prefix block H exists for C, and H is a child block of C. Then C is the cycle entry block. Therefore, H- > C is labeled, and p (C) ═ 0 × H- > C + p (B) × B- > C ═ 0. And D and E are pressed in the order of DE, the sequence is { DE }, and 1 is used as the mark of the cycle C. Next, E is removed, p (E) is easily obtained 1/2, and F is pressed into the sequence. F was removed and p (F) 1/2 was easily obtained, and G and H were pressed into the sequence. H is fetched, finding that the leading block G of H has no mathematical expectation, but H- > C is marked, and the child block of H is empty. So find H belongs to cycle C. Put H into the corresponding position of the cycle C flag of the sequence, i.e., the sequence becomes { DHG }. G was taken out, and p (G) 1/4 was easily obtained. Since H has been pressed in, H is no longer pressed in. Taking out H, and obtaining easily P (H) ═ 1/2. There is a mathematical expectation for the rear block C of H. The constant x ═ 1/((e) (C) -e (H) > H- > C)/(e (C)) 2. then B- > C ═ 2. the mark on the return side H- > C is deleted, and H- > C ═ 1 is allowed, C is pushed into the sequence, C is pulled out, and p (C) ═ 2, p (e) ═ 1, p (f) ═ 1, p (g): 1/2, p (H) ═ 1 are easily known from the previous flow.
It can be known from the above embodiments that by improving the markov chain to a certain extent, the possibility of running under a static condition can be accurately calculated, and the problem that the running probability of the code cannot be accurately measured under a cyclic condition is solved.
In some embodiments, the counting the number of times of operation of each block in the fuzzy test, and obtaining the dynamic weight of each block according to the number of times of operation of each block in the statistics in each fuzzy test includes:
counting the running times of each program block in the fuzzy test in a pile inserting mode;
calculating the operation probability of each program block by combining the statistics and a preset formula;
and negating the operation probability of the program block as the dynamic weight of the program block.
In this embodiment, the dynamic weight may also represent the probability that the code block is run. In this embodiment, the number of times each code block is executed is also counted by means of instrumentation. In this embodiment, the probability of the operation of a code block may be represented by the number of times the code block is operated divided by the sum of the number of times all code blocks are operated.
In some embodiments, the preset formula is a piecewise function including a first sub-function and a second sub-function;
when the operation times of the code block are less than or equal to a first threshold value, calculating the operation probability of the code block by adopting a first sub-function;
and when the running times of the code block are larger than the first threshold value, calculating the running probability of the code block by adopting a second sub-function.
In this embodiment, in each running process, which blocks have already been run and which blocks have not been run may be determined according to instrumentation, and statistics may be performed on the blocks. The probability of finding the block after the program block is always low due to the difference between the first finding and the second finding of the program block, and the operation is simplified. In this embodiment, a certain value is taken as a threshold, only the operation status of each block within the threshold range is detected, and the operation times of each block within the certain range is obtained according to the operation status, so as to obtain the operation probability. The specific code block weight calculation method is as follows:
the number of runs within the threshold is calculated with an accurate probability. For the number of times of operation outside the threshold, when the current operation is performed, 1-P (x) possibly does not operate at the threshold, so that (1-P (x)) is added to the original probability, when the current operation is not performed, P (x) possibly operates at the threshold, so that P (x) (1/x) is subtracted from the original probability, and then the probability is inverted to serve as the weight.
The weights of the chunks are dynamically analyzed. And calculating the operation probability of the program block by acquiring the operation times of the program block through dynamic analysis, and providing a simplified calculation formula when the operation times are overlarge to obtain the weight of the program block.
The embodiment discloses a fuzzy test method, which comprises the following steps of;
and when the fuzz test is carried out, the seed processing method of the fuzz test is executed.
The embodiment discloses a seed treatment system of fuzz test, which comprises:
a static weight obtaining unit for obtaining a static weight of each block;
the dynamic weight acquisition unit is used for counting the operation times of each program block in the fuzzy test and obtaining the dynamic weight of each program block in each fuzzy test according to the operation times of each program block in the counting;
the scoring unit is used for scoring the seeds in the seed database according to the static weight and the dynamic weight;
the variation unit is used for selecting seeds to perform variation, wherein a test case is obtained, and the higher the seed score is, the higher the selection probability is;
and the updating unit is used for counting the code coverage rate and updating the test case into the seed library according to the code coverage rate of the test case.
The embodiment discloses a seed treatment system of fuzz test, which comprises:
a memory for storing a program;
and the processor is used for loading the program to execute the seed processing method or the fuzz testing method of the fuzz testing.
The present embodiment discloses a storage medium storing a program that, when executed by a processor, implements the seed processing method or the fuzz testing method of the fuzz test.
The step numbers in the above method embodiments are set for convenience of illustration only, the order between the steps is not limited at all, and the execution order of each step in the embodiments can be adapted according to the understanding of those skilled in the art.
While the preferred embodiments of the present invention have been illustrated and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A seed treatment method of a fuzz test is characterized by comprising the following steps:
acquiring the static weight of each program block;
counting the running times of each program block in the fuzzy test, and obtaining the dynamic weight of each program block in each fuzzy test according to the running times of each program block in the statistics;
scoring the seeds in the seed bank according to the static weight and the dynamic weight;
selecting seeds for mutation, wherein a test case is obtained, and the higher the seed score is, the higher the probability of selection is;
and counting the code coverage rate, and updating the test case into the seed library according to the code coverage rate of the test case.
2. The seed processing method of fuzz testing as claimed in claim 1, wherein the obtaining the static weight of each block comprises:
and performing instrumentation on the tested program, and analyzing the control flow diagram of the tested program to obtain the static weight of each program block of the tested program.
3. The seed processing method of the fuzz test according to claim 2, wherein the analyzing the control flow graph of the tested program to obtain the static weight of each program block of the tested program comprises:
traversing code blocks of a program control flow graph, and calculating the transition probability of each side;
traversing the code blocks of the program control flow graph again to calculate the mathematical expectation of each code block;
and taking the reciprocal of the mathematical expectation of each code block as a static weight.
4. The seed processing method for fuzz testing according to claim 3, wherein traversing the code blocks of the program control flow graph again to calculate the mathematical expectation of each code block comprises:
establishing a sequence;
storing the post blocks of the code blocks into the sequence, and taking out the post blocks to realize depth-first traversal;
the processing comprises the following steps:
calculating a mathematical expectation of the code block, wherein the mathematical expectation of the first code block is the mathematical expectation of a preamble of the first code block and a transition probability of the preamble to an edge of the first code block;
when the mathematical expectation of the front block of the first code block is null and the front block of the first code block is a child block of the first code block, marking the first code block as a loop entrance, marking the front block of the first code block to the edge of the block as a return edge, taking the rear block entering the first code block as a next access block, subtracting one from the length of the sequence as a loop mark, and taking the mathematical expectation of the front block of the first code block as zero to calculate the mathematical expectation of the first code block;
when the mathematical expectation of the prefix block of the first code block is null and the prefix block of the first code block is not a child block of the first code block, storing the first code block in a position added to the sequence corresponding to the loop marker without calculating the mathematical expectation of the first code block;
when the post block of the first code block has mathematical expectation and the transition probability from the first code block to the edge of the post block of the first code block is positive, calculating a constant to represent the transition probability from the front block of the post block of the first code block to the edge of the post block of the first code block, adding the post block of the first code block into the sequence, deleting the mathematical expectation of the child block of the post block of the first code block, and deleting the back edge mark corresponding to the first code block.
The constant is 1/((E (the postblock of the first code block) -E (the first code block) × W (transition probability of each pre-block to the first code block))/E (the postblock of the first code block)), where E represents the mathematical expectation.
5. The seed processing method of the fuzzy test as claimed in claim 1, wherein said counting the running times of each block in the fuzzy test, and obtaining the dynamic weight of each block in each fuzzy test according to the running times of each block in the statistics comprises:
counting the running times of each program block in the fuzzy test in a pile inserting mode;
calculating the operation probability of each program block by combining the statistics and a preset formula;
and negating the operation probability of the program block as the dynamic weight of the program block.
6. The seed processing method for fuzzing test according to claim 5, wherein the preset formula is a piecewise function comprising a first sub-function and a second sub-function;
when the operation times of the code block are less than or equal to a first threshold value, calculating the operation probability of the code block by adopting a first sub-function;
and when the running times of the code block are larger than the first threshold value, calculating the running probability of the code block by adopting a second sub-function.
7. A fuzz testing method is characterized by comprising the following steps;
the seed treatment method of claim 1 is performed while performing the fuzz test.
8. A fuzz testing seed treatment system, comprising:
a static weight obtaining unit for obtaining a static weight of each block;
the dynamic weight acquisition unit is used for counting the operation times of each program block in the fuzzy test and obtaining the dynamic weight of each program block in each fuzzy test according to the operation times of each program block in the counting;
the scoring unit is used for scoring the seeds in the seed database according to the static weight and the dynamic weight;
the variation unit is used for selecting seeds to perform variation, wherein a test case is obtained, and the higher the seed score is, the higher the selection probability is;
and the updating unit is used for counting the code coverage rate and updating the test case into the seed library according to the code coverage rate of the test case.
9. A fuzz testing seed treatment system, comprising:
a memory for storing a program;
a processor for loading the program to perform the method of any one of claims 1 to 7.
10. A storage medium storing a program, characterized in that the program realizes the method according to any one of claims 1-7 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010723505.6A CN111881039B (en) | 2020-07-24 | 2020-07-24 | Seed processing method and system for fuzz test, fuzz test method and system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010723505.6A CN111881039B (en) | 2020-07-24 | 2020-07-24 | Seed processing method and system for fuzz test, fuzz test method and system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111881039A true CN111881039A (en) | 2020-11-03 |
| CN111881039B CN111881039B (en) | 2022-04-26 |
Family
ID=73200505
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010723505.6A Active CN111881039B (en) | 2020-07-24 | 2020-07-24 | Seed processing method and system for fuzz test, fuzz test method and system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111881039B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112559367A (en) * | 2020-12-23 | 2021-03-26 | 南京大学 | Kernel fuzzy test case generation method based on system call dependency graph |
| CN113157551A (en) * | 2021-01-14 | 2021-07-23 | 首都师范大学 | ROS-oriented differential fuzzy test method |
| CN115237797A (en) * | 2022-08-03 | 2022-10-25 | 中国电子科技集团公司信息科学研究院 | Coverage guidance-based fuzzy test method and device |
| CN116225962A (en) * | 2023-03-31 | 2023-06-06 | 四川邦辰信息科技有限公司 | JSON variation method for fuzzy test |
| CN116881171A (en) * | 2023-09-05 | 2023-10-13 | 中科方德软件有限公司 | Seed use case processing method, device, equipment and storage medium in fuzzy test |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104375941A (en) * | 2014-12-11 | 2015-02-25 | 无锡江南计算技术研究所 | Automated evaluation method for binary code coverage of testing case set for executable program |
| CN111382067A (en) * | 2020-02-27 | 2020-07-07 | 中国科学院信息工程研究所 | Method and system for generating high-quality seeds in fuzzy test |
-
2020
- 2020-07-24 CN CN202010723505.6A patent/CN111881039B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104375941A (en) * | 2014-12-11 | 2015-02-25 | 无锡江南计算技术研究所 | Automated evaluation method for binary code coverage of testing case set for executable program |
| CN111382067A (en) * | 2020-02-27 | 2020-07-07 | 中国科学院信息工程研究所 | Method and system for generating high-quality seeds in fuzzy test |
Non-Patent Citations (1)
| Title |
|---|
| 王乔等: "基于种子变异潜力的模糊测试方法", 《科学技术与工程》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112559367A (en) * | 2020-12-23 | 2021-03-26 | 南京大学 | Kernel fuzzy test case generation method based on system call dependency graph |
| CN112559367B (en) * | 2020-12-23 | 2022-10-25 | 南京大学 | Kernel fuzzy test case generation method based on system call dependency graph |
| CN113157551A (en) * | 2021-01-14 | 2021-07-23 | 首都师范大学 | ROS-oriented differential fuzzy test method |
| CN113157551B (en) * | 2021-01-14 | 2022-09-09 | 首都师范大学 | ROS-oriented differential fuzzy test method |
| CN115237797A (en) * | 2022-08-03 | 2022-10-25 | 中国电子科技集团公司信息科学研究院 | Coverage guidance-based fuzzy test method and device |
| CN115237797B (en) * | 2022-08-03 | 2023-09-08 | 中国电子科技集团公司信息科学研究院 | Fuzzy test method and device based on coverage rate guidance |
| CN116225962A (en) * | 2023-03-31 | 2023-06-06 | 四川邦辰信息科技有限公司 | JSON variation method for fuzzy test |
| CN116881171A (en) * | 2023-09-05 | 2023-10-13 | 中科方德软件有限公司 | Seed use case processing method, device, equipment and storage medium in fuzzy test |
| CN116881171B (en) * | 2023-09-05 | 2023-12-22 | 中科方德软件有限公司 | Seed use case processing method, device, equipment and storage medium in fuzzy test |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111881039B (en) | 2022-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111881039B (en) | Seed processing method and system for fuzz test, fuzz test method and system and storage medium | |
| CN105787367B (en) | A kind of the patch safety detecting method and system of software upgrading | |
| CN106354630B (en) | A kind of software defect detection method executed based on dynamic symbol | |
| CN111222683B (en) | PCA-KNN-based comprehensive grading prediction method for TBM construction surrounding rock | |
| US20090259521A1 (en) | Method of Identifying Innovations Possessing Business Disrupting Properties | |
| CN114117454A (en) | Seed optimization method based on vulnerability prediction model | |
| CN115576840B (en) | Static program pile insertion detection method and device based on machine learning | |
| Holland et al. | Statically-informed dynamic analysis tools to detect algorithmic complexity vulnerabilities | |
| CN110059010B (en) | Buffer overflow detection method based on dynamic symbol execution and fuzzy test | |
| CN103455417B (en) | A kind of software error alignment system based on Markov model and location of mistake method | |
| CN106294136A (en) | The online test method of concurrent program run duration performance change and system | |
| Zhu et al. | Combining search-based testing and dynamic symbolic execution by evolvability metric | |
| CN114840856B (en) | State-aware Internet of things trusted execution environment fuzzy test method and system | |
| CN115878498A (en) | Key byte extraction method for predicting program behavior based on machine learning | |
| CN111290946B (en) | Floating point number error detection method and device based on atomic state function | |
| CN107368742B (en) | Fine-grained virtual function table hijacking attack defense method based on GCC | |
| CN115328804A (en) | Loop code fuzzy test method based on combined coverage | |
| CN114462043A (en) | Java anti-serialization vulnerability detection system and method based on reinforcement learning | |
| Zhang et al. | INSTRCR: Lightweight instrumentation optimization based on coverage-guided fuzz testing | |
| CN114706769A (en) | Log-based regression test-oriented black box test case sequencing method | |
| De Pooter et al. | Bayesian near-boundary analysis in basic macroeconomic time-series models | |
| WO2021104027A1 (en) | Code performance testing method, apparatus and device, and storage medium | |
| CN112162932A (en) | Symbol execution optimization method and device based on linear programming prediction | |
| Pelánek et al. | Estimating state space parameters | |
| CN114416570B (en) | Equivalent variant detection method based on weighted software behavior diagram |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220602 Address after: 2-16, maker space, zone B, Guangzhou University Business Center, No. 230, Waihuan West Road, University Town, Xiaoguwei street, Panyu District, Guangzhou, Guangdong 510000 Patentee after: Wang'an ark (Guangzhou) Information Technology Co.,Ltd. Address before: 510006 No. 230 West Ring Road, University of Guangdong, Guangzhou Patentee before: Guangzhou University |