CN113190441B - Method, system, equipment and storage medium for generating chain code test seeds - Google Patents
Method, system, equipment and storage medium for generating chain code test seeds Download PDFInfo
- Publication number
- CN113190441B CN113190441B CN202110454744.0A CN202110454744A CN113190441B CN 113190441 B CN113190441 B CN 113190441B CN 202110454744 A CN202110454744 A CN 202110454744A CN 113190441 B CN113190441 B CN 113190441B
- Authority
- CN
- China
- Prior art keywords
- seed
- seeds
- test
- chain code
- initial
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 129
- 238000000034 method Methods 0.000 title claims abstract description 74
- 238000003860 storage Methods 0.000 title claims abstract description 12
- 230000006870 function Effects 0.000 claims abstract description 80
- 238000005457 optimization Methods 0.000 claims abstract description 24
- 238000004422 calculation algorithm Methods 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 17
- 238000012545 processing Methods 0.000 claims description 10
- 230000014509 gene expression Effects 0.000 claims description 5
- 238000012795 verification Methods 0.000 claims description 3
- 238000001514 detection method Methods 0.000 abstract description 9
- 239000004744 fabric Substances 0.000 description 17
- 238000010586 diagram Methods 0.000 description 16
- 230000003068 static effect Effects 0.000 description 11
- 238000004458 analytical method Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 6
- 230000002787 reinforcement Effects 0.000 description 5
- 239000012634 fragment Substances 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004088 simulation Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000004880 explosion Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010516 chain-walking reaction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000013100 final test Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 238000013522 software testing Methods 0.000 description 1
- 238000012358 sourcing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Prevention of errors by analysis, debugging or testing of software
- G06F11/3668—Testing of software
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Prevention of errors by analysis, debugging or testing of software
- G06F11/3668—Testing of software
- G06F11/3672—Test management
- G06F11/3676—Test management for coverage analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computing Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention provides a method, a system, equipment and a storage medium for generating a chain code test seed, which comprise the following steps: the method comprises the steps of obtaining relevant information of an objective function in a chain code program, and generating a test file for the objective function; sequentially executing test files on seeds in the full-array seed group of the objective function to obtain coverage rate generated by each seed; selecting the seed with the highest coverage rate as an initial seed; respectively carrying out optimization treatment of integer numbers in the initial seeds for a fixed time length, and determining the final seeds; and storing the final seeds of all objective functions in the chain code program, and outputting the chain code test seeds. The method can generate seed input with high coverage rate for different chain codes, and can improve the accuracy of vulnerability detection and reduce the rate of missing report by generating seed input with higher coverage rate. In addition, a well-formatted seed input may also help the fuzzy test discover some unknown vulnerabilities in the program more quickly.
Description
Technical Field
The present invention relates to the field of blockchain technologies, and in particular, to a method, a system, an apparatus, and a storage medium for generating a chain code test seed.
Background
Blockchains are distributed systems that employ techniques including cryptography, consensus algorithms, and the like. The adoption of the blockchain can provide a decentralised, transparent and traceable information platform for multiple fields such as finance, supply chains and the like. The intelligent contracts on the blockchain may further satisfy user-defined needs such as voting, crowd-sourcing, and financial transactions. Smart contracts are essentially a computer program that executes automatically on a blockchain, based on different theories and different programming languages, depending on the blockchain platform. Such as smart contracts (smart contract) on ethernet (ethernet) and chain codes (chaincodes) on Hyperledger Fabric.
Hyperledger Fabric is a blockchain platform proposed and maintained by the Linux foundation, focusing on privacy and security. The intelligent contracts that it supports are also known as chain codes (chaincodes). This technology is adopted by many large companies, so the security requirement of chain codes is also gradually increased.
The improvement of the safety of the chain codes brings with it higher requirements on the detection technology of the safety of the chain codes. The current prior art is to analyze security vulnerabilities of the chain codes based on static analysis or a method of combining static analysis and fuzzy test, respectively. Static analysis does not actually run the program and therefore does not require seed input to the program, whereas fuzzy testing or other dynamic testing methods require seed input to the program to actually run the program, thus enabling loopholes associated with the input in the program to be detected.
Static analysis has the following disadvantages: 1. the false alarm rate of the security hole is high: static analysis reports more errors that do not exist in actual operation; 2. the existence of a security hole in practice cannot be practically demonstrated: the security hole reported by static analysis must be proven by the actual running program; 3. security holes related to the actual chain code input cannot be demonstrated: since static analysis does not actually run the chain code, security holes related to actual inputs cannot be analyzed; 4. static program analysis also faces path explosion problems, which may analyze paths that code cannot execute at all during actual execution.
In view of the above drawbacks, a second vulnerability detection method arises: and (3) carrying out security hole mining on the chain codes through fuzzy test, wherein in the fuzzy test process, a plurality of chain code inputs are generated, each chain code input is used for carrying out simulation operation on the chain codes, the operation security holes of the chain codes are analyzed, and the static security holes of the chain codes are analyzed according to the operation results of the chain codes and in combination with static analysis. At this time, the static analysis only analyzes the part executed in the running process of the chain code simulation (meanwhile, path explosion is avoided), namely, only the codes covered by the input generated in the fuzzy test process can be detected.
Code coverage is a measure in software testing that describes the proportion and extent to which source Code is tested in a program, the resulting proportion being referred to as Code coverage. Although coverage reaches 100%, not all vulnerabilities can necessarily be detected. But if the code is not executed, it must not be detected if it contains a bug. The lower the coverage, the greater the likelihood that code that is not executed will contain potential vulnerabilities. Therefore, in combination with the description of the Fabric chain code vulnerability detection method, the code coverage rate plays a crucial role in intelligent contract vulnerability detection, and the coverage rate can directly show the completeness of vulnerability detection.
Disclosure of Invention
Based on reinforcement learning, a method, a system, equipment and a storage medium for generating a chain code test seed are provided, and particularly, the method for automatically generating high coverage rate seed input for Hyperledger Fabric chain codes can be also regarded as optimization of the step of generating seed input in a fuzzy test flow when the chain codes are subjected to fuzzy test. The method can automatically generate a test seed group with high coverage rate for the given chain code, and saves time and related resources compared with manually writing test cases.
In order to achieve the above purpose, the invention adopts the following technical scheme:
a method for generating a chain code test seed comprises the following steps:
acquiring related information of an objective function in a chain code program, and generating a test file for the objective function;
sequentially executing test files on seeds in the full-array seed group of the objective function to obtain coverage rate generated by each seed; selecting the seed with the highest coverage rate as an initial seed;
respectively carrying out optimization treatment of integer numbers in the initial seeds for a fixed time length, and determining the final seeds;
and storing the final seeds of all objective functions in the chain code program, and outputting the chain code test seeds.
As a further improvement of the invention, the related information of the objective function in the chain code program is obtained by adopting an abstract syntax tree method or a regular expression.
As a further improvement of the invention, the full-permutation seed group refers to that a plurality of parameters (such as 1-6) are used in each attempt, and the value of each parameter has two conditions, namely, a number and a non-number character string, and the two conditions are orderly permuted and combined to obtain the full-permutation seed group.
As a further improvement of the present invention, when selecting the seed with the highest coverage as the initial seed, if several seeds all produce the highest coverage, selecting the seed with the least number of numbers as the initial seed;
the initial seed is in a format that requires a parameter format that conforms to the current function.
As a further improvement of the present invention, the optimization processing for respectively performing integer numbers in the initial seeds for a settable fixed duration is specifically:
only the numbers in the initial seeds are sequentially subjected to optimization treatment capable of setting fixed time length, and the value of the integer parameter is updated, so that the coverage rate of the corresponding initial seeds is improved; if there are no numbers in the initial seed, the initial seed is the final seed.
As a further improvement of the invention, integer numbers in the initial seeds are respectively subjected to optimization processing with a settable fixed duration, and a Double Q-Learning algorithm, a Deep Q-Learning algorithm or a Q-Learning algorithm is adopted.
As a further improvement of the present invention, the method further comprises the step of verifying:
using the final seeds of each objective function to respectively run corresponding unit test files to obtain the total coverage rate generated by the seeds; and if the total coverage rate value does not meet the requirement, adjusting the parameters of the optimization treatment to acquire the final seeds again.
The initial seed is submitted to a FCQ-learning module for optimization, thereby obtaining the final seed.
A chain code test seed generation system, comprising:
the test file generation unit is used for acquiring the related information of the objective function in the chain code program and generating a test file for the objective function;
the initial seed selection unit is used for sequentially executing the seeds in the full-array seed group of the objective function to test files to obtain the coverage rate generated by each seed; selecting the seed with the highest coverage rate as an initial seed;
the final seed determining unit is used for respectively carrying out optimization treatment of the integer numbers in the initial seeds for a fixed time length to determine the final seeds;
and the test seed output unit is used for storing the final seeds of all objective functions in the chain code program and outputting the chain code test seeds.
An electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the chain code test seed generation method when the computer program is executed.
A computer readable storage medium storing a computer program which when executed by a processor implements the steps of the chain code test seed generation method.
The beneficial effects of the invention are as follows:
aiming at an intelligent contract (chain code) on a Hyperledger Fabric block chain platform, the coverage rate is selected by taking the coverage rate as a result, so that the coverage rate generated by each seed is obtained; selecting the seed with the highest coverage rate as an initial seed; and obtaining a final seed through optimization treatment, and generating a high coverage rate input method. The method can generate seed input with high coverage rate for different chain codes, and can improve the accuracy of vulnerability detection and reduce the rate of missing report by generating seed input with higher coverage rate. In addition, a well-formatted seed input may also help the fuzzy test discover some unknown vulnerabilities in the program more quickly. The invention relates to a method for generating test seeds from function levels aiming at chain codes. And a test seed group with high coverage rate is automatically generated for a given chain code, so that time and related resources are saved compared with manually written test cases.
Further, the introduction of abstract syntax tree techniques to obtain information in the code has higher accuracy and efficiency than using regular expressions.
Further, the invention makes appropriate modifications to the Q-Learning algorithm in reinforcement Learning and applies it to the seed generation method.
Further, whether the generated input is good or not can be judged according to the coverage rate value. If the coverage is high enough, the rate of false negatives of vulnerability detection tools such as afuzzer may be reduced.
Drawings
FIG. 1 is a schematic diagram of an exemplary chain code process;
FIG. 2 is a diagram illustrating a second example chain code process;
FIG. 3 is a general flow of generating high coverage seeds for a chain code;
FIG. 4 is an example of a chain code segment;
FIG. 5 is a schematic diagram of Go language unit testing;
FIG. 6 is an algorithm flow of the FCQ-learning module of the preferred embodiment of the present invention;
FIG. 7 is an exemplary diagram of a FCQ-learning algorithm;
FIG. 8 is a schematic diagram of a chain code test seed generation system;
FIG. 9 is a schematic diagram of an electronic device;
FIG. 10 is a schematic diagram of a method for generating a seed for chain code testing according to the present invention.
Detailed Description
The invention provides a method for automatically generating high coverage rate seed input for Hyperledger Fabric chain codes based on reinforcement learning and fuzzy test, which can also be regarded as optimization of the step of generating seed input in the fuzzy test flow when the chain codes are subjected to fuzzy test.
The fuzzy test flow generally comprises the following four main steps:
1. finding a Fuzz target (i.e., what program, function to Fuzz test);
2. writing/generating test cases (seed inputs);
3. providing the generated seed input to the program, and then running the program until an error or crash condition is found (constantly mutating the seed, running the program continuously);
4. reproducing crash/analysis result/locking bug reasons and positions.
Noun interpretation:
unit testing (unit testing) refers to checking and verifying the smallest testable unit in software. For the meaning of a unit in unit test, generally, the specific meaning of the unit is to be determined according to practical situations, for example, a unit in C language refers to a function, a unit in Java refers to a class, and graphical software can refer to a window or a menu. In general, a unit is an artificially defined minimum measured function module. Unit testing is the lowest level of testing activity to be performed during the development of software, where individual units of software will be tested in isolation from other parts of the program.
For convenience in describing the methods herein, an example chain code program (here it is not necessary to pay attention to whether each statement in the chain code has a practical meaning) is introduced below:
fig. 1 and 2 are schematic diagrams of an example chain code process.
It can be seen that the packet name (package name) of the chain code is sacc, which mainly includes Init (), invoke () method and set (), get () method. Unlike the smart contracts on ethernet, each function in the smart contracts on ethernet can be transactionally invoked by its function name. While according to the Fabric chain code authoring specification, only two methods of Init () and Invoke () in the chain code are interfaces exposed to the user and can be invoked by the user. Other methods in the chain code are all invoked indirectly as parameters of Invoke () when a user initiates a transaction. (of course, any other method may be defined besides set () and get (), but these methods do not require all to be called indirectly by Invoke (), and they may also call each other in order to implement more complex logic).
Thus, the present application focuses here on the functions called in the Invoke () interface, plus some special handling of the Init () interface, and the writing format of the main () function is essentially fixed (it is not significant for unit testing). In general, the test seed groups generated by the methods herein may cover the test requirements of the entire chain code program from a functional level.
Since each function in the smart contract can be called indirectly (mainly Invoke) through Init () initialization function and Invoke () function in the chain code, the present invention generates test seeds for each function in one chain code separately from the function level for one Fabric chain code program. The concrete explanation is as follows:
as shown in fig. 10, a first object of the present invention is to provide a method for generating a chain code test seed, which includes the following steps:
acquiring related information of an objective function in a chain code program, and generating a test file for the objective function;
sequentially executing test files on seeds in the full-array seed group of the objective function to obtain coverage rate generated by each seed; selecting the seed with the highest coverage rate as an initial seed;
respectively carrying out optimization treatment of integer numbers in the initial seeds for a fixed time length, and determining the final seeds;
and storing the final seeds of all objective functions in the chain code program, and outputting the chain code test seeds.
The method can generate seed input with high coverage rate for different chain codes, and can improve the accuracy of vulnerability detection and reduce the rate of missing report by generating seed input with higher coverage rate. In addition, a well-formatted seed input may also help the fuzzy test discover some unknown vulnerabilities in the program more quickly.
As a preferred embodiment, the related information of the objective function in the chain code program is obtained by adopting an abstract syntax tree method.
The use of regular expressions to obtain key information is also contemplated. The method introduces the abstract syntax tree technology to acquire the information in the code, and has higher accuracy and efficiency than the method which uses the regular expression.
The method for sequentially executing the seeds in the full-array seed group of the objective function into the test file specifically comprises the following steps:
arranging seeds in the full-arrangement seed group of the objective function to form a full-arrangement seed group, and sequentially executing test files by using the seeds in the full-arrangement seed group; the full-permutation seed group refers to that 1-6 parameters are used in each attempt, and the value of each parameter has two conditions, namely, a number and a non-number character string, and the two conditions are orderly arranged and combined to obtain the full-permutation seed group.
Selecting the seed with the highest coverage rate as the initial seed, and selecting the seed with the least number of numbers as the initial seed if a plurality of seeds generate the highest coverage rate; the initial seed is in a format that requires a parameter format that conforms to the current function.
The optimization processing for respectively carrying out integer numbers in the initial seeds for a settable fixed duration specifically comprises the following steps:
only the numbers in the initial seeds are sequentially subjected to optimization treatment capable of setting fixed time length, and the coverage rate of the initial seeds is improved by finding a proper value for the integer parameters; if there are no numbers in the initial seed, the initial seed is the final seed.
The invention automatically generates the test seed group with high coverage rate for the given chain code, and saves time and related resources compared with manually writing the test case. No other tools to generate high coverage seeds exist on the Hyperledger Fabric platform.
Aiming at the go language chain codes on the Hyperledger Fabric block chain platform, the invention combines the Fabric chain code compiling specification and unit test to generate excellent test seeds with high coverage rate for the chain code program. (whether seed input is good or not is judged according to coverage).
Thus, as shown in FIG. 10, the present invention further includes a verification step:
using the final seed of each objective function, running the corresponding unit test file, and obtaining the total coverage rate generated by the group of seeds; if the total coverage value is not satisfactory, the parameters may be adjusted to retrieve the final seed.
The initial seed is submitted to a FCQ-learning module for optimization, thereby obtaining the final seed.
The process of the method of the present invention will be described in detail with reference to specific examples and accompanying drawings.
Example 1
1) As shown in FIG. 3, the method firstly obtains some relevant information of a certain objective function in a chain code program by adopting an abstract syntax tree technology, and then generates a test file for the function. The test file is operable to receive the parameters, and the coverage information and coverage value generated by the transmitted parameters can be obtained by operating the test file through go test and subcommands thereof. One point to note is: by observing the example chain code described above, we can find that we cannot learn from the function header the number and type of parameters that need to be passed when Invoke a function. Thus, by observing the collected chain codes, we try to use 1-6 parameters each time (note: the number of parameters here can be set manually, so that modifications can be made if needed specifically), and the value of each parameter has two cases, one number and one string (but both the number and string are passed in string form when the chain code is called). By passing different numbers and forms of parameters multiple times, an initial seed can be selected, which is basically in the format of the parameters of the current function. And finally, respectively processing integer numbers in the initial seeds by means of a Q-Learning algorithm in reinforcement Learning, wherein the fixed duration can be set. And finding a proper value for the integer parameter to further improve the coverage rate generated by the test seed, and finally obtaining the test seed with higher coverage rate.
2) And in the last step, the final test seeds generated for each function are used simultaneously, and the corresponding unit test files are operated to obtain the total coverage rate generated by the seeds. If the total coverage value is not satisfactory, the reinforcement learning portion processing time can be prolonged.
3) And automatically generating test seeds with high code coverage rate aiming at a chain code program realized based on the Go language.
4) The following structure is as follows: 1. the chain code structure realized by the Go language is described; 2. unit test file examples and illustrations; 3. generating a total flow and key detail description of a high coverage rate test seed for a chain code; description of the FCQ-learning algorithm
5) Chain code structure for go language implementation:
6) Chain code (chaincode) is an intelligent contract program that executes on the Hyperledger fabric platform. Support is implemented using Go, node. Js or java programming language. The compiled chaincode may be executed on Hyperledger fabric. By executing the chain code, a transaction (transaction) may be generated to initialize or update a blockchain ledger (ledger). This section briefly describes the structure of the chain code by the following chain code fragment.
Fig. 4 is a chain code segment example. With the chain code fragment example of fig. 4, any chain code, when implemented, requires at least two program interfaces, init and Invoke. The Init method is performed when the chain code performs an initialization transaction, and the Invoke method is performed when it performs an execution transaction. These two methods are assigned to a given chain code object, which in this chain code fragment refers to the ChaincodeAsset structure in the figure.
In addition, the chain code needs to call the ChaincadstubInterface method (the shim in FIG. 4) in the shim interface to interact with the chain code on the ledger or other blockchain, referring to the input parameters stub of the Init and Invoke methods in the graph chain code fragment.
Unit test file examples and description:
the unit test herein refers to a test of a certain function in the chain code, that is, a test performed in a unit of minimum function.
Go language unit testing requires compliance with several requirements, otherwise, testing cannot be performed:
1. a testing package needs to be imported;
2. the unit test file ends with _test.go;
3. the functions of the Test case must start with Test and the optional suffix name must start with uppercase letters
Taking the example of the set () method in an example chain code, the content of the unit test file set_test. Go generated for it by the present invention is as follows:
FIG. 5 is a schematic diagram of Go language unit testing.
The packet name of line 01 here is sac, which must be the same as the packet name of the chain code. And, if the test is not performed under the src folder under the go language work directory, the test package name must not only be the same as the chain code package name, but must also be main.
Lines 09, 10 are for instantiating the mocksubclass provided in fabric, resulting in a stub variable.
Mocksub mainly provides two functions to simulate the invocation of chain codes by endorsement nodes: mockInit () and MockInvoke (), call Init and Invoke interfaces, respectively. The received parameters are a uuid (random set) of the type string and a two-dimensional byte array (parameters for testing).
Lines 12-16 are a process for the Init function, obtained by observing the collected chain code and experience, and these 5 cases cover essentially all call formats of the Init function that we know.
Obviously, line 17 is to call the set function, which is tested by the parameters provided. Different functions are tested by changing the content of the row, and parameters of different formats are used for the same function.
The following is a general flow and key detailed description of generating high coverage test seeds for chain codes:
example 2
In connection with fig. 3, this section will show the general flow and some of the key technical details of the present invention. FCQ-learning algorithm will be given in the next section (section 4).
The test file generated in the method of the invention utilizes a simulation test interface (MockAPI) provided by a Hyperledger Fabric official development kit (SDK). After providing proper test cases for the test files, the chain codes can be simulated, and the running process is strictly simulated in the real chain running environment, so that the verification of the chain code functions and the statistics of coverage rate can be completed.
Given a chain code file, firstly, the invention extracts the required information (such as package name, structure name, function name, etc.) from the chain code program by means of abstract syntax tree technology, and then, the following steps (1), (2) and (3) can be parallel to the function called in Invoke:
(1) Generating a test file similar to the set_test.go file for each function called in the Invoke interface separately;
(2) Using the empirically derived seeds in the "full seed group," test files are executed in sequence, while the coverage produced by each seed can be obtained. Since the parameters of the function are found to be no more than 6 by observing the collected chain code program, the full permutation seed group here is: { [ "a" ], [ "0" ], [ "a", "a" ], [ "a", "0" ], [ "0", "a" ], [ "0", "0" ], … …, [ "a", "a", "a", "a", "a", "a" ], … …, [ "0", "0", "0", "0", "0", "0" ] }, a total of 126. The 126 seeds are used to execute the test file and the one with the highest coverage is selected as the initial seed. If several seeds can all produce the highest coverage, the number of "0" s is selected to be the smallest, which can reduce the burden of obtaining the final seeds from the initial seeds; (e.g., for the set () function in the example chain code, the selected treatment seed would be [ "a", "0" ])
(3) The initial seed is submitted to a FCQ-learning module for optimization, thereby obtaining the final seed. Because the blockchain can be considered a distributed database, for the level db database used at the bottom of Hyperledger Fabric, the storage of key-value type data is supported, the string "a" in the seed is typically referred to as a "key", and the integer variable "0" is typically referred to as a "value". Because changing the "key" does not affect the value of coverage, but changing the "value" can affect coverage, FCQ-Learning processes only "0" in the initial seed in turn by means of the Q-Learning algorithm—if there is no "0" in the initial seed, the FCQ-Learning step can be omitted, and the initial seed returned as the final seed;
(4) After the final seeds of all the functions called by the Invoke interface are obtained, the seeds are used for generating test files again for each function, and all the test files are executed at the same time, so that the total coverage rate generated by the seeds can be obtained. If this coverage is too low or unsatisfactory, the optimization time period may be increased in a third step.
As a specific example, the invention provides an introduction explanation of FCQ-learning module algorithm:
the following is a detailed description of the FCQ-learning algorithm: (FCQ-Learning is an abbreviation for Fabric Chaincode Q-Learning)
FIG. 6 is a FCQ-learning algorithm flow. The following algorithm is described in conjunction with fig. 6.
Two more points need to be explained:
(1) Calculation of prize R in algorithm: r=now_cov-last_cov, which may take on a positive, negative or 0 value;
(2) FCQ-learning section uses the test file format (again, exemplified by the set () method) as follows:
fig. 7 is a schematic diagram of an algorithm, in which arg represents different parameters of the FCQ-learning module transmitted each time.
Of course, the algorithm of the present application may also attempt to replace the Q-Learning algorithm with a Double Q-Learning or Deep Q-Learning algorithm, or the like.
As shown in fig. 8, another object of the present invention is to provide a system for generating a chain code test seed, which includes:
the test file generation unit is used for acquiring the related information of the objective function in the chain code program and generating a test file for the objective function;
the initial seed selection unit is used for sequentially executing the seeds in the chain code program of the objective function with the test files to obtain the coverage rate generated by each seed; selecting the seed with the highest coverage rate as an initial seed;
the final seed determining unit is used for respectively carrying out optimization treatment of the integer numbers in the initial seeds for a fixed time length to determine the final seeds;
and the test seed output unit is used for storing the final seeds of all objective functions in the chain code program and outputting the chain code test seeds.
As shown in fig. 9, a third object of the present invention is to provide an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the chain code test seed generation method when executing the computer program.
A fourth object of the present invention is to provide a computer readable storage medium storing a computer program which, when executed by a processor, implements the steps of the chain code test seed generation method.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.
Claims (9)
1. The method for generating the chain code test seeds is characterized by comprising the following steps of:
acquiring related information of an objective function in a chain code program, and generating a test file for the objective function;
fully arranging different parameter types of the objective function to obtain a fully arranged seed group, and sequentially executing a test file by using each seed in the seed group to obtain coverage rate generated by each seed; selecting the seed with the highest coverage rate as an initial seed;
respectively carrying out optimization treatment of integer numbers in the initial seeds for a fixed time length, and determining the final seeds;
storing final seeds of all objective functions in the chain code program, and outputting chain code test seeds;
the method comprises the steps of sequentially executing a test file by using each seed in a seed group, wherein the specific steps are as follows:
arranging seeds in the full-arrangement seed group of the objective function to form a full-arrangement seed group, and sequentially executing test files by using the seeds in the full-arrangement seed group; the full-arrangement seed group refers to that 1-6 parameters are used in each attempt, and the value of each parameter has two conditions, namely, a number and a non-number character string, and the two conditions are sequentially arranged and combined to obtain the full-arrangement seed group;
the optimization processing for respectively carrying out integer numbers in the initial seeds for a settable fixed duration specifically comprises the following steps:
only the numbers in the initial seeds are sequentially subjected to optimization treatment capable of setting fixed time length, and the value of the integer parameter is updated, so that the coverage rate of the corresponding initial seeds is improved; if there are no numbers in the initial seed, the initial seed is the final seed.
2. The method according to claim 1, characterized in that:
the related information of the objective function in the chain code program is obtained by adopting an abstract syntax tree method or a regular expression.
3. The method according to claim 1, characterized in that:
the full-permutation seed group refers to that a plurality of parameters are used in each attempt, and the value of each parameter has two conditions, namely a number and a non-number character string, and the two conditions are orderly permuted and combined to obtain the full-permutation seed group.
4. The method according to claim 1, characterized in that:
selecting the seed with the highest coverage rate as the initial seed, and selecting the seed with the least number of numbers as the initial seed if a plurality of seeds generate the highest coverage rate;
the initial seed is in a format that requires a parameter format that conforms to the current function.
5. The method according to claim 1, characterized in that:
and respectively carrying out optimization treatment on integer numbers in the initial seeds, wherein the integer numbers can be set for a fixed time length, and adopting a Double Q-Learning algorithm, a Deep Q-Learning algorithm or a Q-Learning algorithm.
6. The method according to claim 1, characterized in that:
the method also comprises the verification step of:
using the final seeds corresponding to all objective functions to respectively execute corresponding test files to obtain the total coverage rate generated by the seeds; if the total coverage rate value does not meet the requirement, adjusting the parameters of the optimization treatment to acquire the final seeds again;
and re-optimizing the initial seed to obtain the final seed.
7. A chain code test seed generation system for implementing the steps of the chain code test seed generation method of any one of claims 1-6; characterized by comprising the following steps:
the test file generation unit is used for acquiring the related information of the objective function in the chain code program and generating a test file for the objective function;
the initial seed selection unit is used for sequentially executing the seeds in the full-array seed group of the objective function to test files to obtain the coverage rate generated by each seed; selecting the seed with the highest coverage rate as an initial seed;
the final seed determining unit is used for respectively carrying out optimization treatment of the integer numbers in the initial seeds for a fixed time length to determine the final seeds;
and the test seed output unit is used for storing the final seeds of all objective functions in the chain code program and outputting the chain code test seeds.
8. An electronic device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the chain code test seed generation method of any of claims 1-6 when the computer program is executed.
9. A computer readable storage medium storing a computer program which, when executed by a processor, implements the steps of the chain code test seed generation method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110454744.0A CN113190441B (en) | 2021-04-26 | 2021-04-26 | Method, system, equipment and storage medium for generating chain code test seeds |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110454744.0A CN113190441B (en) | 2021-04-26 | 2021-04-26 | Method, system, equipment and storage medium for generating chain code test seeds |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113190441A CN113190441A (en) | 2021-07-30 |
| CN113190441B true CN113190441B (en) | 2024-03-26 |
Family
ID=76979066
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110454744.0A Active CN113190441B (en) | 2021-04-26 | 2021-04-26 | Method, system, equipment and storage medium for generating chain code test seeds |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113190441B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114840857B (en) * | 2022-04-29 | 2024-08-13 | 哈尔滨工程大学 | Intelligent contract fuzzy test method and system based on deep reinforcement learning and multi-stage coverage strategy |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110096439A (en) * | 2019-04-26 | 2019-08-06 | 河海大学 | A kind of method for generating test case towards solidity language |
| CN110399730A (en) * | 2019-07-24 | 2019-11-01 | 上海交通大学 | Inspection method, system and the medium of intelligent contract loophole |
| CN111459786A (en) * | 2019-01-18 | 2020-07-28 | 南京大学 | Intelligent contract security testing method based on variant fuzz |
| CN112286823A (en) * | 2020-11-18 | 2021-01-29 | 山石网科通信技术股份有限公司 | Method and device for testing kernel of operating system |
-
2021
- 2021-04-26 CN CN202110454744.0A patent/CN113190441B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111459786A (en) * | 2019-01-18 | 2020-07-28 | 南京大学 | Intelligent contract security testing method based on variant fuzz |
| CN110096439A (en) * | 2019-04-26 | 2019-08-06 | 河海大学 | A kind of method for generating test case towards solidity language |
| CN110399730A (en) * | 2019-07-24 | 2019-11-01 | 上海交通大学 | Inspection method, system and the medium of intelligent contract loophole |
| CN112286823A (en) * | 2020-11-18 | 2021-01-29 | 山石网科通信技术股份有限公司 | Method and device for testing kernel of operating system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113190441A (en) | 2021-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Park et al. | Fuzzing javascript engines with aspect-preserving mutation | |
| Danglot et al. | A snowballing literature study on test amplification | |
| Tufano et al. | Unit test case generation with transformers and focal context | |
| Rajpal et al. | Not all bytes are equal: Neural byte sieve for fuzzing | |
| CN108595341B (en) | Automatic example generation method and system | |
| US8181163B2 (en) | Program synthesis and debugging using machine learning techniques | |
| Liang et al. | Deepfuzzer: Accelerated deep greybox fuzzing | |
| Li et al. | Discovery of potential parallelism in sequential programs | |
| Zou et al. | A genetic algorithm for detecting significant floating-point inaccuracies | |
| Sawaya et al. | FLiT: Cross-platform floating-point result-consistency tester and workload | |
| Chowdhury et al. | CyFuzz: A differential testing framework for cyber-physical systems development environments | |
| Pan et al. | Atm: Black-box test case minimization based on test code similarity and evolutionary search | |
| CN107968833A (en) | A kind of cloud application performance monitoring method based on execution route | |
| Arcuri et al. | Testability transformations for existing APIs | |
| de Oliveira et al. | Finding needles in a haystack: Leveraging co-change dependencies to recommend refactorings | |
| CN112506564B (en) | Method, system and medium for establishing control flow graph | |
| CN113190441B (en) | Method, system, equipment and storage medium for generating chain code test seeds | |
| Ivo et al. | An approach for applying Test-Driven Development (TDD) in the development of randomized algorithms | |
| Shah et al. | Towards enhancing the reproducibility of deep learning bugs: an empirical study | |
| Ostrowski et al. | Knowledge-based software testing agent using evolutionary learning with cultural algorithms | |
| CN113204765B (en) | Method and system for testing HyperLegger Fabric chain code | |
| Murphy | Metamorphic testing techniques to detect defects in applications without test oracles | |
| Liu et al. | An Empirical Study of Smart Contract Decompilers | |
| Zojaji et al. | Automated program repair using genetic programming and model checking | |
| Asghari et al. | Effective Software Mutation-Test Using Program Instructions Classification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |