CN114153746A - Intelligent contract testing method based on symbolic execution and fuzziness - Google Patents

Intelligent contract testing method based on symbolic execution and fuzziness Download PDF

Info

Publication number
CN114153746A
CN114153746A CN202111558178.4A CN202111558178A CN114153746A CN 114153746 A CN114153746 A CN 114153746A CN 202111558178 A CN202111558178 A CN 202111558178A CN 114153746 A CN114153746 A CN 114153746A
Authority
CN
China
Prior art keywords
test case
intelligent contract
execution
method based
symbolic execution
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111558178.4A
Other languages
Chinese (zh)
Inventor
王荣
蔡维德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN202111558178.4A priority Critical patent/CN114153746A/en
Publication of CN114153746A publication Critical patent/CN114153746A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3676Test management for coverage analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/12Computing arrangements based on biological models using genetic models
    • G06N3/126Evolutionary algorithms, e.g. genetic algorithms or genetic programming

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Biophysics (AREA)
  • Quality & Reliability (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Molecular Biology (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Computational Linguistics (AREA)
  • Biomedical Technology (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Artificial Intelligence (AREA)
  • Genetics & Genomics (AREA)
  • Physiology (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses an intelligent contract testing method based on symbolic execution and fuzziness, which specifically comprises the following steps: s01, inputting an intelligent contract initial test case set by a user; s02, executing test and recording, recording the execution path information and detailed execution information of the program, and putting the execution path information into a seed pool; s03, updating coverage information and reporting crash; s04, systematically searching by symbolic execution, and generating a corresponding test case and adding the test case into a test case set when a certain branch is found to be uncovered; s05, selecting seeds according to a seed selection strategy; s06, carrying out mutation according to the seed mutation strategy, and generating a new test case set through mutation; and S07, repeatedly executing the steps S02-S06 until the user manually finishes or stops the test after a certain time is passed and no new path is generated.

Description

Intelligent contract testing method based on symbolic execution and fuzziness
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to an intelligent contract testing method based on symbolic execution and fuzziness.
Background
The blockchain ensures that the uplink data is difficult to be tampered, and the data is stored in each node, so that the node votes to maintain consistency. The intelligent contract is one of core technologies of a block chain, is a consensus rule in a multi-party participation scene, and is a central pivot of value transfer. The reason why the security problem becomes unprecedented importance after the blockchain occurs is that the intelligent contract realizes a value transfer, each number on the blockchain is a value, and the change of the number caused by each vulnerability is a huge value loss. The fuzzy test is an effective automatic vulnerability mining technology, and the mainstream fuzzy test technology adopts a genetic algorithm to generate a test case, so that the premature phenomenon exists, and the path coverage rate is insufficient.
Based on the intelligent contract testing method, the intelligent contract testing method based on symbolic execution and fuzziness is provided, and automatic and efficient testing of the intelligent contract is achieved.
Disclosure of Invention
In view of the above-mentioned defects of the prior art, the technical problem to be solved by the present invention is to provide an intelligent contract testing method based on symbol execution and fuzziness, which is in accordance with the needs and disadvantages of the current technical development.
Firstly, the invention provides an intelligent contract testing method based on symbolic execution and fuzziness, and the technical scheme adopted for solving the technical problems is as follows:
s01, inputting an intelligent contract initial test case set by a user;
s02, executing test and recording, recording the execution path information and detailed execution information of the program, and putting the execution path information into a seed pool;
s03, updating coverage information and reporting crash; updating the coverage information is realized by recording a test execution path, and reporting a crash in step S03 is realized by collecting a test case in which a crash occurs in the virtual machine stub feedback.
S04, systematically searching by symbolic execution, and generating a corresponding test case and adding the test case into a test case set when a certain branch is found to be uncovered;
s05, selecting seeds according to a seed selection strategy;
s06, carrying out mutation according to the seed mutation strategy, and generating a new test case set through mutation;
and S07, repeatedly executing the steps S02-S06 until the user manually finishes or stops the test after a certain time is passed and no new path is generated.
Specifically, the intelligent contract fuzzy test system can be used for intelligent contracts of various block chain platforms.
Specifically, the initial test case set in step S01 is constructed manually, and satisfies the grammatical rules of the intelligent contract. In the step S02, the recording of the execution path information and the detailed execution information of the program is realized by recording the runtime state of the intelligent contract through the virtual machine instrumentation. The updating of the coverage information in the step S03 is realized by recording the test execution path. In step S04, the symbol performs systematic search, and the search method may adopt different strategies, such as a depth-first strategy or a breadth-first strategy. The seed selection policy in step S05 may be a random manner or may be selected according to a certain rule. The variation strategy in step S06 may be a genetic algorithm, generation of a countermeasure network, simulated annealing, or the like. In the step S06, a new test case set is generated by mutation, the data type of the test case sample is determined according to the type of the intelligent contract interface, and the test case sample is subjected to mutation operation to generate the test case variant sample.
Drawings
Some specific embodiments of the invention will be described in detail hereinafter, by way of illustration and not limitation, with reference to the accompanying drawings. The same reference numbers in the drawings identify the same or similar elements or components. Those skilled in the art will appreciate that the drawings are not necessarily drawn to scale. The objects and features of the present invention will become more apparent in view of the following description taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a flow chart of an intelligent contract testing method based on symbolic execution and fuzziness according to the present invention.
Detailed Description
In order to clearly illustrate the present invention and make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, so that those skilled in the art can implement the technical solutions in reference to the description text. The technology of the present invention will be described in detail below with reference to the accompanying drawings in conjunction with specific embodiments.
The embodiment of the invention provides an intelligent contract testing method based on symbolic execution and fuzziness, which comprises the following implementation processes:
s01, a user formulates an intelligent contract initial test case set according to information such as intelligent contract interface description and parameter types;
s02, packaging the initial test case set into a transaction, issuing the transaction to a block chain for testing, collecting the execution result of the tested intelligent contract aiming at the test case sample, updating the coverage information according to the recorded test execution path, finding the test case triggering the vulnerability if the operation result is abnormal, putting the execution path into a seed pool, and recording the detailed operation result;
s03, updating coverage information according to the test condition, and collecting a path of crash of the pile insertion feedback of the virtual machine;
s04, after completing the processing of a test case, checking whether the symbolic execution explores to a new uncovered branch, the symbolic execution adopts a depth-first strategy to perform systematic search, and when a certain branch is found to be uncovered, generating a corresponding test case and adding the corresponding test case into a test case set;
s05, randomly selecting seeds from the seed pool;
s06, determining the data type of the test case sample according to the type list in the intelligent contract method protocol, performing mutation operation on the test case sample by using a genetic algorithm according to a preset mutation method corresponding to the data type, detecting whether a new branch is covered, and generating the test case mutation sample and adding the test case sample into the test case set if the new branch is covered;
and S07, repeatedly executing the steps S02-S06 until the user manually finishes or stops the test after a certain time is passed and no new path is generated.

Claims (9)

1. An intelligent contract testing method based on symbolic execution and fuzziness is characterized in that the implementation process of the method comprises the following steps:
s01, inputting an intelligent contract initial test case set by a user;
s02, executing test and recording, recording the execution path information and detailed execution information of the program, and putting the execution path information into a seed pool;
s03, updating coverage information and reporting crash;
s04, systematically searching by symbolic execution, and generating a corresponding test case and adding the test case into a test case set when a certain branch is found to be uncovered;
s05, selecting seeds according to a seed selection strategy;
s06, carrying out mutation according to the seed mutation strategy, and generating a new test case set through mutation;
and S07, repeatedly executing the steps S02-S06 until the user manually finishes or stops the test after a certain time is passed and no new path is generated.
2. An intelligent contract fuzz testing system according to claim 1, wherein the system is capable of using intelligent contracts for various blockchain platforms.
3. The method for testing intelligent contracts based on symbolic execution and fuzziness according to claim 1, wherein the initial test case set in step S01 is constructed manually to satisfy the grammatical rules of the intelligent contracts.
4. The intelligent contract testing method based on symbolic execution and obfuscation as claimed in claim 1, wherein the recording of the execution path information and the detailed execution information of the program in step S02 is implemented by recording the runtime state of the intelligent contract through a virtual machine stub.
5. The intelligent contract testing method based on symbolic execution and fuzziness according to claim 1, wherein the updating of the coverage information in step S03 is implemented by recording a test execution path, and the reporting of the crash in step S03 is implemented by collecting a test case with a crash fed back by a virtual machine stub.
6. The intelligent contract testing method based on symbolic execution and fuzziness according to claim 1, wherein the symbolic execution in step S04 systematically searches, and the search method can adopt different strategies, such as a depth-first strategy or a breadth-first strategy.
7. The intelligent contract testing method based on symbolic execution and fuzziness according to claim 1, wherein the seed selection strategy in step S05 can be selected randomly or according to a certain rule.
8. The intelligent contract testing method based on symbolic execution and fuzzy of claim 1, wherein the strategy of variation in step S06 can be genetic algorithm, generation of countermeasure network, simulated annealing, etc.
9. The intelligent contract testing method based on symbolic execution and fuzziness according to claim 1, wherein the generating of the new test case set in step S06 is to determine the data type of the test case sample according to the type of the intelligent contract interface, and perform a mutation operation on the test case sample to generate the test case variant sample.
CN202111558178.4A 2021-12-20 2021-12-20 Intelligent contract testing method based on symbolic execution and fuzziness Pending CN114153746A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111558178.4A CN114153746A (en) 2021-12-20 2021-12-20 Intelligent contract testing method based on symbolic execution and fuzziness

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111558178.4A CN114153746A (en) 2021-12-20 2021-12-20 Intelligent contract testing method based on symbolic execution and fuzziness

Publications (1)

Publication Number Publication Date
CN114153746A true CN114153746A (en) 2022-03-08

Family

ID=80451948

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111558178.4A Pending CN114153746A (en) 2021-12-20 2021-12-20 Intelligent contract testing method based on symbolic execution and fuzziness

Country Status (1)

Country Link
CN (1) CN114153746A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115292172A (en) * 2022-08-01 2022-11-04 哈尔滨工业大学 Method for improving intelligent contract detection coverage rate, electronic equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115292172A (en) * 2022-08-01 2022-11-04 哈尔滨工业大学 Method for improving intelligent contract detection coverage rate, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
Münkemüller et al. From diversity indices to community assembly processes: a test with simulated data
CN112860588B (en) Fuzzy test method for intelligent contract cross-contract loopholes
Uchôa et al. Predicting design impactful changes in modern code review: A large-scale empirical study
CN108123956A (en) Password misuse leak detection method and system based on Petri network
CN113326050A (en) Intelligent contract vulnerability detection method based on combination of neural network and dynamic fuzzy test
CN114840857A (en) Intelligent contract fuzzy testing method and system based on deep reinforcement learning and multi-level coverage strategy
Bombarda et al. An automata-based generation method for combinatorial sequence testing of finite state machines
CN115455435A (en) Intelligent contract fuzzy test method and device, storage medium and electronic equipment
Tonella et al. Finding the optimal balance between over and under approximation of models inferred from execution logs
CN114153746A (en) Intelligent contract testing method based on symbolic execution and fuzziness
CN107506294A (en) Visualize automated testing method, device, storage medium and computer equipment
CN113836009A (en) Intelligent contract fuzzy test method and system based on reinforcement learning
CN114996126A (en) Vulnerability detection method and system for EOSIO intelligent contract
CN111367782B (en) Regression testing data automatic generation method and device
CN110162472A (en) A kind of method for generating test case based on fuzzing test
CN114356755A (en) Intelligent contract fuzzy test system
CN114329478A (en) Android system service memory consumption vulnerability mining method
Chen et al. A novel combinatorial testing approach with fuzzing strategy
Singh Prioritizing Test Cases in Regression testing using Fault Based Analysis
US8451018B2 (en) Bit failure signature identification
Imtiaz et al. Predicting vulnerability for requirements
Zhou et al. Antfuzzer: A grey-box fuzzing framework for eosio smart contracts
CN113157587A (en) Block chain-based product testing method and device
Zakurdaeva et al. Detecting architectural integrity violation patterns using machine learning
CN112422315B (en) Cluster performance test method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination