CN114153746A - Intelligent contract testing method based on symbolic execution and fuzziness - Google Patents
Intelligent contract testing method based on symbolic execution and fuzziness Download PDFInfo
- Publication number
- CN114153746A CN114153746A CN202111558178.4A CN202111558178A CN114153746A CN 114153746 A CN114153746 A CN 114153746A CN 202111558178 A CN202111558178 A CN 202111558178A CN 114153746 A CN114153746 A CN 114153746A
- Authority
- CN
- China
- Prior art keywords
- test case
- intelligent contract
- execution
- method based
- symbolic execution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3676—Test management for coverage analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/12—Computing arrangements based on biological models using genetic models
- G06N3/126—Evolutionary algorithms, e.g. genetic algorithms or genetic programming
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Biophysics (AREA)
- Quality & Reliability (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Bioinformatics & Computational Biology (AREA)
- Evolutionary Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Molecular Biology (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Computational Linguistics (AREA)
- Biomedical Technology (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Artificial Intelligence (AREA)
- Genetics & Genomics (AREA)
- Physiology (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses an intelligent contract testing method based on symbolic execution and fuzziness, which specifically comprises the following steps: s01, inputting an intelligent contract initial test case set by a user; s02, executing test and recording, recording the execution path information and detailed execution information of the program, and putting the execution path information into a seed pool; s03, updating coverage information and reporting crash; s04, systematically searching by symbolic execution, and generating a corresponding test case and adding the test case into a test case set when a certain branch is found to be uncovered; s05, selecting seeds according to a seed selection strategy; s06, carrying out mutation according to the seed mutation strategy, and generating a new test case set through mutation; and S07, repeatedly executing the steps S02-S06 until the user manually finishes or stops the test after a certain time is passed and no new path is generated.
Description
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to an intelligent contract testing method based on symbolic execution and fuzziness.
Background
The blockchain ensures that the uplink data is difficult to be tampered, and the data is stored in each node, so that the node votes to maintain consistency. The intelligent contract is one of core technologies of a block chain, is a consensus rule in a multi-party participation scene, and is a central pivot of value transfer. The reason why the security problem becomes unprecedented importance after the blockchain occurs is that the intelligent contract realizes a value transfer, each number on the blockchain is a value, and the change of the number caused by each vulnerability is a huge value loss. The fuzzy test is an effective automatic vulnerability mining technology, and the mainstream fuzzy test technology adopts a genetic algorithm to generate a test case, so that the premature phenomenon exists, and the path coverage rate is insufficient.
Based on the intelligent contract testing method, the intelligent contract testing method based on symbolic execution and fuzziness is provided, and automatic and efficient testing of the intelligent contract is achieved.
Disclosure of Invention
In view of the above-mentioned defects of the prior art, the technical problem to be solved by the present invention is to provide an intelligent contract testing method based on symbol execution and fuzziness, which is in accordance with the needs and disadvantages of the current technical development.
Firstly, the invention provides an intelligent contract testing method based on symbolic execution and fuzziness, and the technical scheme adopted for solving the technical problems is as follows:
s01, inputting an intelligent contract initial test case set by a user;
s02, executing test and recording, recording the execution path information and detailed execution information of the program, and putting the execution path information into a seed pool;
s03, updating coverage information and reporting crash; updating the coverage information is realized by recording a test execution path, and reporting a crash in step S03 is realized by collecting a test case in which a crash occurs in the virtual machine stub feedback.
S04, systematically searching by symbolic execution, and generating a corresponding test case and adding the test case into a test case set when a certain branch is found to be uncovered;
s05, selecting seeds according to a seed selection strategy;
s06, carrying out mutation according to the seed mutation strategy, and generating a new test case set through mutation;
and S07, repeatedly executing the steps S02-S06 until the user manually finishes or stops the test after a certain time is passed and no new path is generated.
Specifically, the intelligent contract fuzzy test system can be used for intelligent contracts of various block chain platforms.
Specifically, the initial test case set in step S01 is constructed manually, and satisfies the grammatical rules of the intelligent contract. In the step S02, the recording of the execution path information and the detailed execution information of the program is realized by recording the runtime state of the intelligent contract through the virtual machine instrumentation. The updating of the coverage information in the step S03 is realized by recording the test execution path. In step S04, the symbol performs systematic search, and the search method may adopt different strategies, such as a depth-first strategy or a breadth-first strategy. The seed selection policy in step S05 may be a random manner or may be selected according to a certain rule. The variation strategy in step S06 may be a genetic algorithm, generation of a countermeasure network, simulated annealing, or the like. In the step S06, a new test case set is generated by mutation, the data type of the test case sample is determined according to the type of the intelligent contract interface, and the test case sample is subjected to mutation operation to generate the test case variant sample.
Drawings
Some specific embodiments of the invention will be described in detail hereinafter, by way of illustration and not limitation, with reference to the accompanying drawings. The same reference numbers in the drawings identify the same or similar elements or components. Those skilled in the art will appreciate that the drawings are not necessarily drawn to scale. The objects and features of the present invention will become more apparent in view of the following description taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a flow chart of an intelligent contract testing method based on symbolic execution and fuzziness according to the present invention.
Detailed Description
In order to clearly illustrate the present invention and make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, so that those skilled in the art can implement the technical solutions in reference to the description text. The technology of the present invention will be described in detail below with reference to the accompanying drawings in conjunction with specific embodiments.
The embodiment of the invention provides an intelligent contract testing method based on symbolic execution and fuzziness, which comprises the following implementation processes:
s01, a user formulates an intelligent contract initial test case set according to information such as intelligent contract interface description and parameter types;
s02, packaging the initial test case set into a transaction, issuing the transaction to a block chain for testing, collecting the execution result of the tested intelligent contract aiming at the test case sample, updating the coverage information according to the recorded test execution path, finding the test case triggering the vulnerability if the operation result is abnormal, putting the execution path into a seed pool, and recording the detailed operation result;
s03, updating coverage information according to the test condition, and collecting a path of crash of the pile insertion feedback of the virtual machine;
s04, after completing the processing of a test case, checking whether the symbolic execution explores to a new uncovered branch, the symbolic execution adopts a depth-first strategy to perform systematic search, and when a certain branch is found to be uncovered, generating a corresponding test case and adding the corresponding test case into a test case set;
s05, randomly selecting seeds from the seed pool;
s06, determining the data type of the test case sample according to the type list in the intelligent contract method protocol, performing mutation operation on the test case sample by using a genetic algorithm according to a preset mutation method corresponding to the data type, detecting whether a new branch is covered, and generating the test case mutation sample and adding the test case sample into the test case set if the new branch is covered;
and S07, repeatedly executing the steps S02-S06 until the user manually finishes or stops the test after a certain time is passed and no new path is generated.
Claims (9)
1. An intelligent contract testing method based on symbolic execution and fuzziness is characterized in that the implementation process of the method comprises the following steps:
s01, inputting an intelligent contract initial test case set by a user;
s02, executing test and recording, recording the execution path information and detailed execution information of the program, and putting the execution path information into a seed pool;
s03, updating coverage information and reporting crash;
s04, systematically searching by symbolic execution, and generating a corresponding test case and adding the test case into a test case set when a certain branch is found to be uncovered;
s05, selecting seeds according to a seed selection strategy;
s06, carrying out mutation according to the seed mutation strategy, and generating a new test case set through mutation;
and S07, repeatedly executing the steps S02-S06 until the user manually finishes or stops the test after a certain time is passed and no new path is generated.
2. An intelligent contract fuzz testing system according to claim 1, wherein the system is capable of using intelligent contracts for various blockchain platforms.
3. The method for testing intelligent contracts based on symbolic execution and fuzziness according to claim 1, wherein the initial test case set in step S01 is constructed manually to satisfy the grammatical rules of the intelligent contracts.
4. The intelligent contract testing method based on symbolic execution and obfuscation as claimed in claim 1, wherein the recording of the execution path information and the detailed execution information of the program in step S02 is implemented by recording the runtime state of the intelligent contract through a virtual machine stub.
5. The intelligent contract testing method based on symbolic execution and fuzziness according to claim 1, wherein the updating of the coverage information in step S03 is implemented by recording a test execution path, and the reporting of the crash in step S03 is implemented by collecting a test case with a crash fed back by a virtual machine stub.
6. The intelligent contract testing method based on symbolic execution and fuzziness according to claim 1, wherein the symbolic execution in step S04 systematically searches, and the search method can adopt different strategies, such as a depth-first strategy or a breadth-first strategy.
7. The intelligent contract testing method based on symbolic execution and fuzziness according to claim 1, wherein the seed selection strategy in step S05 can be selected randomly or according to a certain rule.
8. The intelligent contract testing method based on symbolic execution and fuzzy of claim 1, wherein the strategy of variation in step S06 can be genetic algorithm, generation of countermeasure network, simulated annealing, etc.
9. The intelligent contract testing method based on symbolic execution and fuzziness according to claim 1, wherein the generating of the new test case set in step S06 is to determine the data type of the test case sample according to the type of the intelligent contract interface, and perform a mutation operation on the test case sample to generate the test case variant sample.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111558178.4A CN114153746A (en) | 2021-12-20 | 2021-12-20 | Intelligent contract testing method based on symbolic execution and fuzziness |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111558178.4A CN114153746A (en) | 2021-12-20 | 2021-12-20 | Intelligent contract testing method based on symbolic execution and fuzziness |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114153746A true CN114153746A (en) | 2022-03-08 |
Family
ID=80451948
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111558178.4A Pending CN114153746A (en) | 2021-12-20 | 2021-12-20 | Intelligent contract testing method based on symbolic execution and fuzziness |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114153746A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115292172A (en) * | 2022-08-01 | 2022-11-04 | 哈尔滨工业大学 | Method for improving intelligent contract detection coverage rate, electronic equipment and storage medium |
-
2021
- 2021-12-20 CN CN202111558178.4A patent/CN114153746A/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115292172A (en) * | 2022-08-01 | 2022-11-04 | 哈尔滨工业大学 | Method for improving intelligent contract detection coverage rate, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Münkemüller et al. | From diversity indices to community assembly processes: a test with simulated data | |
CN112860588B (en) | Fuzzy test method for intelligent contract cross-contract loopholes | |
Uchôa et al. | Predicting design impactful changes in modern code review: A large-scale empirical study | |
CN108123956A (en) | Password misuse leak detection method and system based on Petri network | |
CN113326050A (en) | Intelligent contract vulnerability detection method based on combination of neural network and dynamic fuzzy test | |
CN114840857A (en) | Intelligent contract fuzzy testing method and system based on deep reinforcement learning and multi-level coverage strategy | |
Bombarda et al. | An automata-based generation method for combinatorial sequence testing of finite state machines | |
CN115455435A (en) | Intelligent contract fuzzy test method and device, storage medium and electronic equipment | |
Tonella et al. | Finding the optimal balance between over and under approximation of models inferred from execution logs | |
CN114153746A (en) | Intelligent contract testing method based on symbolic execution and fuzziness | |
CN107506294A (en) | Visualize automated testing method, device, storage medium and computer equipment | |
CN113836009A (en) | Intelligent contract fuzzy test method and system based on reinforcement learning | |
CN114996126A (en) | Vulnerability detection method and system for EOSIO intelligent contract | |
CN111367782B (en) | Regression testing data automatic generation method and device | |
CN110162472A (en) | A kind of method for generating test case based on fuzzing test | |
CN114356755A (en) | Intelligent contract fuzzy test system | |
CN114329478A (en) | Android system service memory consumption vulnerability mining method | |
Chen et al. | A novel combinatorial testing approach with fuzzing strategy | |
Singh | Prioritizing Test Cases in Regression testing using Fault Based Analysis | |
US8451018B2 (en) | Bit failure signature identification | |
Imtiaz et al. | Predicting vulnerability for requirements | |
Zhou et al. | Antfuzzer: A grey-box fuzzing framework for eosio smart contracts | |
CN113157587A (en) | Block chain-based product testing method and device | |
Zakurdaeva et al. | Detecting architectural integrity violation patterns using machine learning | |
CN112422315B (en) | Cluster performance test method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |