CN115344855A - Kernel-based fault injection method, system, electronic device and storage medium - Google Patents
Kernel-based fault injection method, system, electronic device and storage medium Download PDFInfo
- Publication number
- CN115344855A CN115344855A CN202210884555.1A CN202210884555A CN115344855A CN 115344855 A CN115344855 A CN 115344855A CN 202210884555 A CN202210884555 A CN 202210884555A CN 115344855 A CN115344855 A CN 115344855A
- Authority
- CN
- China
- Prior art keywords
- function
- kernel
- calling
- dynamic
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the application provides a kernel-based fault injection method, a kernel-based fault injection system, an electronic device and a storage medium, so that fault injection can be performed more accurately. The method comprises the following steps: determining a static analysis result by performing static analysis on the kernel code; dynamically analyzing the kernel code through interface calling to determine a dynamic analysis result; screening the static analysis result by adopting the dynamic analysis result, and determining a hotspot function of the kernel; performing structural analysis on the hotspot function to determine a key position; a probing point is set at the critical location to inject a fault code. The method adopts a static main mode and a dynamic auxiliary mode, can more accurately determine a hot spot function, sets a detection point at a key position to inject fault codes, and accurately realizes dynamic injection of faults through the detection point.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a kernel-based fault injection method, an operating system, an electronic device, and a storage medium.
Background
Chaos engineering is a complex technical means for improving the elastic capability of a technical architecture. The method can be used for system reliability/fault tolerance evaluation, and has a very important role in stability evaluation of products on the cloud. Taking Linux as an operating system of a server side as an example, the Linux has extremely high requirements on stability and reliability. For example, linux Kernel, as a huge software (with tens of millions of lines of source code), has a complex processing logic, and it is very important how to effectively ensure that a system cannot be directly crashed when an error operation occurs, even when some malicious attacks occur, but has a certain error processing and self-protection mechanism.
One way is to test the stability of the software by fault injection. However, linux Kernel has a complex processing logic and a very large code amount, and the relationship between internal modules is very complicated, so performing Kernel fault injection has been a problem in the industry. The chaos engineering (precise fault injection) tool in the industry is mostly focused on a user state. Tools for performing accurate fault injection on Linux Kernel are available, but the tools have fewer use cases, and the main function of the tools is to provide a Kernel-state framework for accurate fault injection, but actually does not provide a very rich fault pattern library.
Disclosure of Invention
The embodiment of the application provides a fault injection method based on a kernel, so that fault injection can be performed more accurately.
Correspondingly, the embodiment of the application also provides an operating system, an electronic device and a storage medium, which are used for ensuring the implementation and application of the system.
In order to solve the above problem, an embodiment of the present application discloses a kernel-based fault injection method, where the method includes:
determining a static analysis result by performing static analysis on the kernel code;
dynamically analyzing the kernel code through interface calling to determine a dynamic analysis result;
screening a static analysis result by adopting the dynamic analysis result to determine a hot spot function of the kernel;
performing structural analysis on the hotspot function to determine a key position;
a probing point is set at the critical location to inject a fault code.
Optionally, the determining a static analysis result by performing static analysis on the kernel code includes:
analyzing a kernel code and determining the calling information of an internal function in the kernel code;
determining the calling times of the internal function according to the calling information of the internal function, and screening a target function according to the calling times;
a plurality of objective functions are employed to generate a static analysis result.
Optionally, the analyzing the kernel code to determine the call information of the function in the kernel code includes:
and analyzing the kernel code by taking the external interface as a calling inlet, and determining a calling chain corresponding to the external interface.
Optionally, the determining the number of times of calling the function according to the calling information of the function, and screening the target function according to the number of times of calling includes:
analyzing the call chain corresponding to each external interface to determine the call times of each internal function;
and taking the internal function as a target function under the condition that the calling times of the internal function meet a first condition.
Optionally, the dynamically analyzing the kernel code by invoking through the interface and determining a dynamic analysis result includes:
calling the kernel through an external interface, and analyzing a calling path of the external interface in the kernel code;
determining the dynamic calling times of each internal function in the kernel code according to the calling path;
and determining a dynamic analysis result according to the dynamic calling times of the internal function.
Optionally, screening the static analysis result by using the dynamic analysis result to determine a hotspot function of the kernel includes:
determining the corresponding dynamic calling times of the target function in the static analysis result in the dynamic analysis result;
and under the condition that the dynamic calling times meet a second condition, determining the target function as a hot spot function of the kernel.
Optionally, the performing structural analysis on the hotspot function to determine a key location includes:
performing structural analysis on the hotspot function, and determining a branch and a return value of the hotspot function, wherein the return value is a return value of a call function, and the call function is a call function for realizing the condition of the branch;
determining the return value as a key position.
Optionally, the setting a probe point at the critical position to inject a fault code includes:
and injecting a probe point at the key position through a function probe so as to inject a fault code when the return value is called.
Optionally, the method further includes: during kernel testing, fault codes can be injected based on probe points when the critical position of the hot spot function is run.
The embodiment of the application discloses fault injection device based on kernel, its characterized in that, the device includes:
the static analysis module is used for determining a static analysis result by carrying out static analysis on the kernel code;
the dynamic analysis module is used for dynamically analyzing the kernel code through interface calling and determining a dynamic analysis result;
the screening module is used for screening the static analysis result by adopting the dynamic analysis result and determining the hot spot function of the kernel;
the structure analysis module is used for carrying out structure analysis on the hotspot function and determining a key position;
and the detection injection module is used for setting a detection point at the key position so as to inject a fault code.
The embodiment of the present application further discloses an operating system, where the operating system includes: an application space and a kernel space;
the application space includes: at least one application program;
the kernel space includes: at least one external interface and an internal core;
the kernel includes: the system comprises a memory management unit, a process management unit, an interrupt management unit, a file system unit and an input/output management unit;
and performing fault injection on the kernel space of the operating system by adopting the method in the embodiment of the application.
The embodiment of the application also discloses an electronic device, which comprises: a processor; and a memory having executable code stored thereon that, when executed by the processor, performs a method as described in embodiments of the present application.
One or more machine-readable media having stored thereon executable code that, when executed by a processor, performs a method as described in embodiments of the present application are also disclosed.
Compared with the prior art, the embodiment of the application has the following advantages:
in the embodiment of the application, through carrying out static analysis to the kernel code, confirm static analysis result, then carry out dynamic analysis to the kernel code through interface call, confirm dynamic analysis result, adopt static for main, dynamic for supplementary mode, filter static analysis result through the dynamic analysis result, confirm the hotspot function of kernel, can be more accurate definite hotspot function, then it is right hotspot function carries out structural analysis, confirms key position sets up the probe point in order to pour into the fault code, realizes the dynamic injection of trouble through the probe point accurately.
Drawings
FIG. 1 is a flowchart illustrating the steps of one embodiment of a kernel-based fault injection method of the present application;
FIG. 2 is a flowchart illustrating the steps of another embodiment of a kernel-based fault injection method of the present application;
FIG. 3 is a block diagram of an example operating system according to an embodiment of the present application;
FIG. 4 is a schematic diagram of an embodiment of a kernel-based fault injection apparatus according to the present application;
fig. 5 is a schematic structural diagram of an exemplary apparatus provided in an embodiment of the present application.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, the present application is described in further detail with reference to the accompanying drawings and the detailed description.
The method and the device can be applied to a kernel test scene, and the hot spot function of the kernel can be accurately analyzed in a dynamic and static matching analysis mode, so that the coverage of fault injection of the kernel is guaranteed. The kernel is the most basic part of the operating system and is the core of the operating system. The kernel in the embodiment of the present application may be a kernel of various operating systems, such as Linux, windows, and the like, and takes a Linux kernel (kernel) as an example, which is an open-source Unix-like operating system macro kernel.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a kernel-based fault injection method of the present application is shown.
The kernel analysis in the embodiment of the application can adopt a mode of combining dynamic analysis and static analysis, and in the static analysis process, the kernel-based code can be analyzed to determine the function of the kernel and the calling condition of the function so as to obtain the static analysis result. The determining a static analysis result by performing static analysis on the kernel code includes: analyzing a kernel code and determining the calling information of a function in the kernel code; determining the calling times of the internal function according to the calling information of the internal function, and screening a target function according to the calling times; a plurality of objective functions are employed to generate a static analysis result. The kernel code can be statically analyzed, the kernel code is analyzed, internal functions in the kernel code and calling information among the internal functions are determined, then the calling times of all the internal functions are determined based on the calling information, and the target function is screened according to the calling times. For example, the analysis of the code may use an Orthogonal Defect Classification (ODC) method to determine the call relation and call times of the function, wherein the ODC analysis reflects the problems of design, code quality, test level, etc. of the product by adding some extra attributes to each Defect and using induction and analysis of these attributes.
The analyzing the kernel code to determine the calling information of the internal function in the kernel code includes: and analyzing the kernel code by taking the external interface as a calling inlet, and determining a calling chain corresponding to the external interface. The function call chain can be represented through kernel code analysis, namely, an external interface in the kernel code is used as a call inlet, the call inlet can be understood as an inlet for analyzing the kernel code, and the external interface is used as an inlet for analyzing the kernel code. The external interface is an interface with the kernel facing to the outside, the kernel can be called through the external interface to execute corresponding processing, and the external interface is open to the outside, so that the external interface of the kernel code can be directly obtained, then the calling relation of the external interface is analyzed in the kernel code, the external interface and each internal function (or called upper-layer function) called by the external interface are determined to be called in the kernel code, and a calling chain corresponding to the external interface is determined.
Determining the calling times of the internal function according to the calling information of the function, and screening the target function according to the calling times, wherein the method comprises the following steps: analyzing the call chain corresponding to each external interface to determine the call times of each internal function; and taking the internal function as a target function under the condition that the calling times of the internal function meet a first condition. Analyzing the call chains corresponding to each external interface, determining the call times of each internal function, and then judging whether the call times of the internal functions meet a first condition, wherein the first condition is a judgment condition of a target function of static analysis, for example, the call times exceed a first time threshold, the first time threshold can be set based on requirements and experiences, and for example, if the call times are set to be the function with the first N bits, N can be set based on requirements and experiences. It is thus possible to determine whether the internal function satisfies the first condition based on the number of calls. And under the condition that the calling times of the internal function meet a first condition, taking the internal function as a target function, namely a function which accords with static analysis and is possibly a hotspot function.
However, static analysis is to analyze the calling relationship of functions from the level of code, so as to find out target functions which are called more times, and these functions may be hot functions. In the process, some functions which are seen to be widely called but are not called basically in actual operation are added into the target function, so that the results of static analysis can be screened through dynamic analysis, and the hotspot function is determined by combining with the actual operation.
And 104, dynamically analyzing the kernel code through interface calling, and determining a dynamic analysis result.
In the dynamic analysis process, the external interface can also be used as an entry point for analysis, the external interface is actually called in an interface calling mode, and the kernel code is operated for dynamic analysis, so that functions, times and the like which are actually called by the external interface are determined, and a dynamic analysis result is determined.
The dynamic analysis of the kernel code is carried out by the interface call, and the determination of the dynamic analysis result comprises the following steps: calling the kernel through an external interface, and analyzing a calling path of the external interface in the kernel code; determining the dynamic calling times of each internal function in the kernel code according to the calling path; and determining a dynamic analysis result according to the dynamic calling times of the internal function. Calling an external interface and running a kernel code, analyzing a calling path of the external interface in the kernel code based on the running of the kernel code, then determining the dynamic calling times of each internal function according to the calling path, namely the actual calling times of each internal function, and then determining a dynamic analysis result based on the dynamic calling times of the internal functions, for example, taking each content function and the dynamic calling times thereof as the dynamic analysis result, for example, screening the calling times of the internal functions, deleting the internal functions with the dynamic calling times lower than a second time threshold value, and the like.
For example, the kernel call may be performed through a Syscall (System call), where the Syscall is an intermediate layer between the user space and the kernel space, and is a set of standard interfaces for the kernel to provide interaction between the user space program and the kernel space, and these interfaces enable the user mode program to access the hardware device in a limited manner, such as applying for a System resource, operating device reading and writing, creating a new process, and the like. And carrying out kernel calling through Syscar, finding a calling path of an external interface in the kernel code, and further analyzing the dynamic calling times of each internal function to obtain a dynamic analysis result.
And 106, screening the static analysis result by using the dynamic analysis result, and determining the hotspot function of the kernel.
And screening the static analysis result by adopting the dynamic analysis result, and screening the function by combining the calling times of the internal function in the static analysis and the dynamic calling times of the dynamic analysis to obtain the hot point function of the kernel.
The screening of the static analysis result by adopting the dynamic analysis result to determine the hot spot function of the kernel comprises the following steps: determining the corresponding dynamic calling times of the target function in the static analysis result in the dynamic analysis result; and under the condition that the dynamic calling times meet a second condition, determining the target function as a hot spot function of the kernel. The static analysis result and the dynamic analysis result can be matched with each other, the common internal function is determined, the dynamic calling times of the common internal function in the dynamic analysis result are determined, if a certain target function does not exist in the dynamic analysis result, the target function can be directly deleted, or the dynamic calling times of the target function are set to be 0. And then judging whether the dynamic calling times meet a second condition, wherein the second condition is a judgment condition that the target function is a hotspot function, if the dynamic calling times exceed a third time threshold, screening the hotspot function by using a mode of taking static analysis as a main mode and taking dynamic analysis as an auxiliary mode, and removing the target function with lower occurrence times in the dynamic analysis from a target function list of the static analysis. Through the reverse analysis mode, hundreds of hotspot functions can be screened from the kernel hundred thousand-order functions, for example, more than 400 hotspot functions are obtained through screening, so that the data amount of processing is greatly reduced, and the processing efficiency is improved.
And step 108, carrying out structural analysis on the hotspot function, and determining a key position.
For the hot spot function obtained by screening, structural analysis can be performed on the hot spot function, that is, the function structure of the hot spot function is analyzed, the key position of function calling is determined, and then a fault code is injected into the key position.
Wherein, the structural analysis of the hotspot function to determine the key position includes: performing structural analysis on the hot function, and determining a branch and a return value of the hot function, wherein the return value is a return value of a calling function, and the calling function is a calling function for realizing the condition of the branch; determining the return value as a key position. Analyzing the function structure of the hot spot function can determine branches of the hot spot function, wherein the branches can be understood as branches of logic judgment in the hot spot function, and therefore, each branch can be determined based on the logic judgment process, for example, function branches are determined based on if, else and the like in the hot spot function, and a return value of a function of a branch judgment condition can also be determined based on the function branches, the return value is a return value of the function of the condition of judging the branch logic, and if x = a …, a is a return value. The branch executed may be determined based on the return value, thus determining the return value for the branch as the key location.
And step 110, setting a detection point at the key position to inject a fault code.
The setting of probe points at the critical locations to inject fault codes includes: and injecting a probe point at the key position through a function probe so as to inject a fault code when the return value is called. Fault codes may be injected at critical locations by the function probes. Fault codes can be injected at critical locations through function probe techniques, which are code segments embedded in function functions that are called at runtime and can be used to collect data or other processes. In the embodiment of the application, dynamic injection can be performed based on the function probe, namely, in the running process, the calling event can be sensed when the key position of the hotspot function is called, the fault code is dynamically added to realize fault injection, and data is returned based on the fault code when the return value is called. For example, the function probe can dynamically insert a probe point in a key position through a kprobe technology, so that when the function probe runs to the key position, a fault code can be dynamically injected based on the probe point, and specified fault injection can be performed according to a return value mode type without affecting the original execution flow of a kernel.
Therefore, branch and return value analysis can be carried out on the basis of the screened hot spot function, a return value mode of the hot spot function is established through analysis and normalization, and a function dynamic probe is inserted at the position of each branch and the position of a final return value by using the kprobe. Therefore, the mock is not required to be constructed for each branch of each hotspot function, the function probe is used for fault injection in an execution form according to the corresponding mode, and the more comprehensive accurate fault injection of the kernel hotspot function is realized by using a more universal mode.
Therefore, during the memory test process, when the key position of the hot spot function is operated, the fault code can be injected based on the detection point. Tests may then be performed based on the fault code returning a corresponding fault value.
In summary, a static analysis is performed on a kernel code, a static analysis result is determined, then a dynamic analysis is performed on the kernel code through interface calling, a dynamic analysis result is determined, a static-based mode and a dynamic-based mode are adopted, the static analysis result is screened through the dynamic analysis result, a hotspot function of the kernel is determined, the hotspot function can be determined more accurately, then structural analysis is performed on the hotspot function, a key position is determined, a detection point is arranged at the key position to inject a fault code, and dynamic injection of the fault is realized through the detection point.
On the basis of the above embodiments, the embodiments of the present application further provide a kernel-based fault injection method, the hot spot function can be determined by adopting a static and dynamic analysis-to-combination mode, and the fault code is dynamically injected through the function probe.
Referring to fig. 2, a flow chart of steps of another kernel-based fault injection method embodiment of the present application is shown.
Wherein, the analyzing the kernel code to determine the calling information of the function in the kernel code includes: and analyzing the kernel code by taking the external interface as a calling inlet, and determining a calling chain corresponding to the external interface.
And 204, determining the calling times of the internal function according to the calling information of the internal function, and screening the target function according to the calling times.
Determining the calling times of the function according to the calling information of the function, and screening the target function according to the calling times, wherein the method comprises the following steps: analyzing the call chains corresponding to each external interface to determine the call times of each internal function; and taking the internal function as a target function under the condition that the calling times of the internal function meet a first condition.
Taking Linux kernel as an example, the kernel code of Linux kernel can be statically analyzed, and the kernel code is analyzed through ODC with an external interface as an entry point to determine the call chain corresponding to each pair of external interfaces. And analyzing the calling times of the internal function based on the calling chain, and determining the target function based on the calling times.
And 208, calling the kernel through the external interface, and analyzing a calling path of the external interface in the kernel code.
And step 210, determining the dynamic calling times of each internal function in the kernel code according to the calling path.
And performing dynamic analysis by calling the external interface operation kernel, determining a calling path of the external interface in the operation process, and further analyzing the calling times of the internal function to obtain a dynamic analysis result.
In step 216, it is determined whether the number of dynamic calls satisfies a second condition.
If yes, go to step 218, otherwise, go back to step 216 to continue the determination until the determination is completed.
And under the condition that the dynamic calling times meet a second condition, determining the target function as a hot spot function of the kernel.
By means of the method of taking the static state as the main mode and taking the dynamic state as the auxiliary mode, the functions used by the kernels as many as possible can be covered with relatively small work cost. The functions with extremely low occurrence frequency in dynamic calling are removed from the target function list of static analysis, and hundreds of hot spot functions, such as more than 400 hot spot functions, can be screened from the functions with hundred thousand magnitude by the reverse analysis mode, so that subsequent function probe processing is facilitated.
And 224, injecting a probe point at the key position through a function probe so as to inject a fault code when the return value is called.
The fault code injection method can inject detection points based on the function probes, and can dynamically inject fault codes based on detection of the detection points in the operation process. The key position is a position corresponding to the return value, and specified fault injection can be performed based on the return value mode type, so that relatively comprehensive and accurate fault injection of the kernel hot spot function is realized.
On the basis of the above embodiments, an operating system is further provided in the embodiments of the present application, as shown in fig. 3. According to the logic division, the operating system divides the virtual space into two parts, including: an application space 300 and a kernel space 400; the application space 300 includes: at least one application 302; the kernel space 400 includes: at least one external interface 402 and a core 404; the kernel 404 includes: a memory management unit 406, a process management unit 408, an interrupt management unit 410, a file system unit 412, and an input/output management unit 414.
The application space 300 is a space used by an application process, and the kernel space 400 is a control used by a kernel. In the case of linux operating systems, the highest 1 gigabyte (from virtual address 0xC0000000 to 0 xffffffffff) is used by the kernel and called kernel space, and the lower 3 gigabytes (from virtual address 0x00000000 to 0 xffffffffff) is used by the various processes and called user space. The application space 300 is available for use by one or more processes of the application programs 302.
The at least one external interface 402 provides an interface provided by the kernel that allows external access, which provides function calls from user space to the kernel, so that processes of an application program in application space can call the kernel through the external interface. The kernel 404 is the core of the operating system, and is independent of the normal application programs, and can access the protected memory space and all the rights to access the underlying hardware devices. The memory management unit 406 is configured to manage a memory, and may control a plurality of processes to safely share a main memory region. The process management unit 408 is used for managing the scheduling of processes, and may control the access of multiple processes to the CPU and perform CPU sharing. The interrupt management unit 410 is used to manage CPU interrupts, and may control CPU interrupts when the number of received data is large. The file system unit 412 provides a uniform interface to all devices, e.g., the file system layer provides a set of generic functions. The input/output management unit 414 is used to manage input/output, including call to external interfaces, management of access, and the like.
The kernel space corresponds to a kernel mode of the process, and the user control corresponds to a user mode of the process. When a process executes a system call while trapping the process in kernel code for execution, the process is said to be in a kernel run state (kernel state). When a process is executing the user's own code, it is said to be in the user running state (user state). Therefore, the process runs its own code in the user space, and is in the user mode. When the system call needs to be executed, the system call is converted into a kernel mode, and kernel codes in a kernel space are called through an external interface to obtain hardware resources.
On the basis of the structure, the fault injection of the core can be carried out according to the embodiment of the application.
The analysis of the kernel space in the embodiment of the application can adopt a mode of combining dynamic analysis and static analysis, the kernel code is analyzed by taking an external interface as an inlet in the static analysis process, and the ODC analysis can be adopted for analyzing the code to determine the calling relation and the calling times of the function. Analyzing the call chains corresponding to the external interfaces to determine the call times of the internal functions, and then judging whether the call times of the internal functions meet a first condition, wherein the first condition is a judgment condition of a target function of static analysis, if the call times exceed a first time threshold, the first time threshold can be set based on requirements and experiences, and if the call times are set to be the functions arranged at the top N bits, N can be set based on requirements and experiences. It is thus possible to determine whether the internal function satisfies the first condition based on the number of calls. And under the condition that the calling times of the internal function meet a first condition, taking the internal function as a target function, namely a function which accords with static analysis and is possibly a hotspot function.
In the dynamic analysis process, the external interface can also be used as an entry point for analysis, the external interface is actually called in an interface calling mode, and the kernel code is operated for dynamic analysis, so that functions, times and the like which are actually called by the external interface are determined, and a dynamic analysis result is determined. The kernel calling can be carried out through Syscar, and system resources can be applied, reading and writing of operation equipment can be carried out, a new process can be created, and the like, so that calling of the memory management unit, the process management unit, the interrupt management unit, the file system unit and the input/output management unit is realized, a calling path of an external interface in a kernel code is found, dynamic calling times of all internal functions are analyzed, and a dynamic analysis result is obtained.
And matching the internal functions in the static analysis result and the dynamic analysis result, determining the shared internal functions, determining the dynamic calling times of the shared internal functions in the dynamic analysis result, and then judging whether the dynamic calling times meet a second condition, wherein the second condition is a judgment condition that the target function is a hot function, and if the dynamic calling times exceed a third time threshold, screening the hot functions by using a mode of mainly static analysis and secondarily dynamic analysis, and removing the target function with lower occurrence times in the dynamic analysis from a target function list of the static analysis.
Through the reverse analysis mode, hundreds of hotspot functions can be screened from the kernel hundred thousand-order functions, for example, more than 400 hotspot functions are obtained through screening, so that the data amount of processing is greatly reduced, and the processing efficiency is improved.
For the hot spot function obtained by screening, structural analysis can be performed on the hot spot function, that is, the function structure of the hot spot function is analyzed, the key position of function calling is determined, and then a fault code is injected into the key position. And injecting a probe point at the key position through a function probe so as to inject a fault code when the return value is called.
The branch and return value analysis can be carried out based on the screened hot spot function, the return value mode of the hot spot function is established through analysis and normalization, and a function dynamic probe is inserted by using kprobe at the position of each branch and the position of the final return value. Therefore, the mock is not required to be constructed for each branch of each hotspot function, the function probe is used for fault injection in an execution form according to the corresponding mode, and the more comprehensive accurate fault injection of the kernel hotspot function is realized by using a more universal mode.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the embodiments. Further, those skilled in the art will also appreciate that the embodiments described in the specification are presently preferred and that no particular act is required of the embodiments of the application.
On the basis of the foregoing embodiments, the present embodiment further provides a fault injection system based on a kernel, which is applied to an electronic device, such as an electronic device at a server, as shown in fig. 4.
A static analysis module 41, configured to determine a static analysis result by performing static analysis on the kernel code;
the dynamic analysis module 43 is configured to perform dynamic analysis on the kernel code through interface call, and determine a dynamic analysis result;
the screening module 45 is configured to screen the static analysis result by using the dynamic analysis result, and determine a hotspot function of the kernel;
a structure analysis module 47, configured to perform structure analysis on the hotspot function, and determine a key position;
a detection injection module 49 for setting detection points at the critical locations to inject fault codes.
In summary, a static analysis is performed on a kernel code, a static analysis result is determined, then a dynamic analysis is performed on the kernel code through interface calling, a dynamic analysis result is determined, a static-based mode and a dynamic-based mode are adopted, the static analysis result is screened through the dynamic analysis result, a hotspot function of the kernel is determined, the hotspot function can be determined more accurately, then structural analysis is performed on the hotspot function, a key position is determined, a detection point is arranged at the key position to inject a fault code, and dynamic injection of the fault is realized through the detection point.
Optionally, the static analysis module is configured to analyze the kernel code and determine call information of an internal function in the kernel code; determining the calling times of the internal function according to the calling information of the internal function, and screening a target function according to the calling times; a plurality of objective functions are employed to generate a static analysis result.
Optionally, the static analysis module is configured to analyze the kernel code by using an external interface as a call entry, and determine a call chain corresponding to the external interface.
Optionally, the static analysis module is configured to analyze call chains corresponding to each pair of external interfaces, and determine the number of calls of each internal function; and taking the internal function as a target function under the condition that the calling times of the internal function meet a first condition.
Optionally, the dynamic analysis module is configured to call an internal core through an external interface, and analyze a call path of the external interface in an internal core code; determining the dynamic calling times of each internal function in the kernel code according to the calling path; and determining a dynamic analysis result according to the dynamic calling times of the internal function.
Optionally, the screening module is configured to determine a corresponding dynamic calling number of the target function in the static analysis result in the dynamic analysis result; and under the condition that the dynamic calling times meet a second condition, determining the target function as a hot spot function of the kernel.
Optionally, the structure analysis module is configured to perform structure analysis on the hotspot function, and determine a branch of the hotspot function and a return value, where the return value is a return value of a call function, and the call function is a call function that implements a condition of the branch; and determining the return value as the key position.
Optionally, the detection injection module is configured to inject a detection point at the key location through a function probe, so as to inject a fault code when the return value is called.
Optionally, the method further includes: and the test module is used for injecting fault codes based on the detection points when the test module runs to the key position of the hot spot function in the kernel test process.
By means of the method of taking the static state as the main mode and taking the dynamic state as the auxiliary mode, the functions used by the kernels as many as possible can be covered with relatively small work cost. The functions with extremely low occurrence frequency in dynamic calling are removed from the target function list of static analysis, and hundreds of hot spot functions, such as more than 400 hot spot functions, can be screened from the functions with hundred thousand magnitude by the reverse analysis mode, so that subsequent function probe processing is facilitated.
And the specified fault injection can be carried out based on the return value mode type, so that the accurate injection of the relatively comprehensive fault to the kernel hot spot function is realized.
The present application further provides a non-transitory, readable storage medium, where one or more modules (programs) are stored, and when the one or more modules are applied to a device, the device may execute instructions (instructions) of method steps in this application.
Embodiments of the present application provide one or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause an electronic device to perform the methods as described in one or more of the above embodiments. In the embodiment of the application, the electronic device includes a server, a terminal device and other devices.
Embodiments of the present disclosure may be implemented as an apparatus, which may include servers (clusters), terminals, etc. electronic devices, using any suitable hardware, firmware, software, or any combination thereof, for a desired configuration. Fig. 5 schematically illustrates an example apparatus 500 that may be used to implement various embodiments described herein.
For one embodiment, fig. 5 illustrates an exemplary apparatus 500 having one or more processors 502, a control module (chipset) 504 coupled to at least one of the processor(s) 502, a memory 506 coupled to the control module 504, a non-volatile memory (NVM)/storage 508 coupled to the control module 504, one or more input/output devices 510 coupled to the control module 504, and a network interface 512 coupled to the control module 504.
The processor 502 may include one or more single-core or multi-core processors, and the processor 502 may include any combination of general-purpose or special-purpose processors (e.g., graphics processors, application processors, baseband processors, etc.). In some embodiments, the apparatus 500 can be used as a server, a terminal, or the like in the embodiments of the present application.
In some embodiments, apparatus 500 may include one or more computer-readable media (e.g., memory 506 or NVM/storage 508) having instructions 514 and one or more processors 502 in combination with the one or more computer-readable media and configured to execute instructions 514 to implement modules to perform the actions described in this disclosure.
For one embodiment, control module 504 may include any suitable interface controllers to provide any suitable interface to at least one of the processor(s) 502 and/or any suitable device or component in communication with control module 504.
The memory 506 may be used, for example, to load and store data and/or instructions 514 for the apparatus 500. For one embodiment, memory 506 may comprise any suitable volatile memory, such as suitable DRAM. In some embodiments, the memory 506 may comprise a double data rate type four synchronous dynamic random access memory (DDR 5 SDRAM).
For one embodiment, control module 504 may include one or more input/output controllers to provide an interface to NVM/storage 508 and input/output device(s) 510.
For example, NVM/storage 508 may be used to store data and/or instructions 514. NVM/storage 508 may include any suitable non-volatile memory (e.g., flash memory) and/or may include any suitable non-volatile storage device(s) (e.g., one or more hard disk drive(s) (HDD (s)), one or more Compact Disc (CD) drive(s), and/or one or more Digital Versatile Disc (DVD) drive (s)).
NVM/storage 508 may include storage resources that are part of the device on which apparatus 500 is installed, or it may be accessible by the device and may not necessarily be part of the device. For example, NVM/storage 508 may be accessed over a network via input/output device(s) 510.
Input/output device(s) 510 may provide an interface for apparatus 500 to communicate with any other suitable device, input/output devices 510 may include communication components, audio components, sensor components, and so forth. The network interface 512 may provide an interface for the apparatus 500 to communicate over one or more networks, and the apparatus 500 may wirelessly communicate with one or more components of a wireless network according to any of one or more wireless network standards and/or protocols, such as access to a communication standard-based wireless network, such as WiFi, 2G, 3G, 4G, 5G, etc., or a combination thereof.
For one embodiment, at least one of the processor(s) 502 may be packaged together with logic for one or more controller(s) (e.g., memory controller module) of the control module 504. For one embodiment, at least one of the processor(s) 502 may be packaged together with logic for one or more controllers of control module 504 to form a System In Package (SiP). For one embodiment, at least one of the processor(s) 502 may be integrated on the same die with logic for one or more controller(s) of the control module 504. For one embodiment, at least one of the processor(s) 502 may be integrated on the same die with logic for one or more controller(s) of the control module 504 to form a system on chip (SoC).
In various embodiments, the apparatus 500 may be, but is not limited to: a server, a desktop computing device, or a mobile computing device (e.g., a laptop computing device, a handheld computing device, a tablet, a netbook, etc.), among other terminal devices. In various embodiments, the apparatus 500 may have more or fewer components and/or different architectures. For example, in some embodiments, device 500 includes one or more cameras, a keyboard, a Liquid Crystal Display (LCD) screen (including a touch screen display), a non-volatile memory port, multiple antennas, a graphics chip, an Application Specific Integrated Circuit (ASIC), and speakers.
The detection device can adopt a main control chip as a processor or a control module, sensor data, position information and the like are stored in a memory or an NVM/storage device, a sensor group can be used as an input/output device, and a communication interface can comprise a network interface.
An embodiment of the present application further provides an electronic device, including: a processor; and a memory having executable code stored thereon, which when executed, causes the processor to perform a method as described in one or more of the embodiments of the application. In the embodiment of the present application, various data, such as various data of a target file, a file and application associated data, and the like, may be stored in the memory, and user behavior data may also be included, so as to provide a data basis for various processing.
Embodiments of the present application also provide one or more machine-readable media having executable code stored thereon that, when executed, cause a processor to perform a method as described in one or more of the embodiments of the present application.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the true scope of the embodiments of the application.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or terminal device that comprises the element.
The kernel-based fault injection method, the operating system, the electronic device and the storage medium provided by the present application are introduced in detail, and specific examples are applied in the present application to explain the principles and embodiments of the present application, and the descriptions of the above embodiments are only used to help understand the method and the core ideas of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (12)
1. A kernel-based fault injection method, the method comprising:
determining a static analysis result by performing static analysis on the kernel code;
dynamically analyzing the kernel code through interface calling to determine a dynamic analysis result;
screening a static analysis result by adopting the dynamic analysis result to determine a hot spot function of the kernel;
performing structural analysis on the hotspot function to determine a key position;
a probing point is set at the critical location to inject a fault code.
2. The method of claim 1, wherein the determining a static analysis result by performing a static analysis on the kernel code comprises:
analyzing a kernel code and determining the calling information of an internal function in the kernel code;
determining the calling times of the internal function according to the calling information of the internal function, and screening a target function according to the calling times;
a plurality of objective functions are employed to generate a static analysis result.
3. The method of claim 2, wherein analyzing the kernel code to determine calling information of functions in the kernel code comprises:
and analyzing the kernel code by taking the external interface as a calling inlet, and determining a calling chain corresponding to the external interface.
4. The method of claim 3, wherein the determining the number of times of calling the function according to the calling information of the function, and the screening the target function according to the number of times of calling comprises:
analyzing the call chain corresponding to each external interface to determine the call times of each internal function;
and taking the internal function as a target function under the condition that the calling times of the internal function meet a first condition.
5. The method of claim 4, wherein dynamically analyzing the kernel code through the interface call to determine a result of the dynamic analysis comprises:
calling the kernel through an external interface, and analyzing a calling path of the external interface in the kernel code;
determining the dynamic calling times of each internal function in the kernel code according to the calling path;
and determining a dynamic analysis result according to the dynamic calling times of the internal function.
6. The method of claim 5, wherein the screening the static analysis results using the dynamic analysis results to determine the hotspot function of the kernel comprises:
determining the corresponding dynamic calling times of the target function in the static analysis result in the dynamic analysis result;
and under the condition that the dynamic calling times meet a second condition, determining the target function as a hot spot function of the kernel.
7. The method of claim 1, wherein the performing a structural analysis of the hotspot function to determine a key location comprises:
performing structural analysis on the hot function, and determining a branch and a return value of the hot function, wherein the return value is a return value of a calling function, and the calling function is a calling function for realizing the condition of the branch;
and determining the return value of the branch as the key position.
8. The method of claim 7, wherein said placing probe points at said strategic locations to inject fault codes comprises:
and injecting a probe point at the key position through a function probe so as to inject a fault code when the return value is called.
9. The method of claim 1, further comprising:
during kernel testing, fault codes can be injected based on probe points when the critical position of the hot spot function is run.
10. An operating system, the operating system comprising: an application space and a kernel space;
the application space includes: at least one application program;
the kernel space includes: at least one external interface and an internal core;
the kernel includes: the system comprises a memory management unit, a process management unit, an interrupt management unit, a file system unit and an input/output management unit;
fault injection into the kernel space of the operating system using the method according to any of claims 1 to 9.
11. An electronic device, comprising: a processor;
and a memory having stored thereon executable code which, when executed by the processor, performs the method of any of claims 1-9.
12. One or more machine-readable media having executable code stored thereon that, when executed by a processor, performs the method of any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210884555.1A CN115344855A (en) | 2022-07-25 | 2022-07-25 | Kernel-based fault injection method, system, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210884555.1A CN115344855A (en) | 2022-07-25 | 2022-07-25 | Kernel-based fault injection method, system, electronic device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115344855A true CN115344855A (en) | 2022-11-15 |
Family
ID=83949933
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210884555.1A Pending CN115344855A (en) | 2022-07-25 | 2022-07-25 | Kernel-based fault injection method, system, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115344855A (en) |
-
2022
- 2022-07-25 CN CN202210884555.1A patent/CN115344855A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8769504B2 (en) | Method and apparatus for dynamically instrumenting a program | |
| US10599558B1 (en) | System and method for identifying inputs to trigger software bugs | |
| US20190042391A1 (en) | Techniques for monitoring errors and system performance using debug trace information | |
| WO2019056720A1 (en) | Automated test case management method and apparatus, device, and storage medium | |
| WO2019001334A1 (en) | Stack overflow processing method and device | |
| CN110874315B (en) | Test method, test device, electronic equipment and storage medium | |
| US11436188B2 (en) | Resource optimization and update method, server, and device | |
| CN113535721A (en) | Data writing method and device | |
| CN110597704B (en) | Pressure test method, device, server and medium for application program | |
| CA2811617C (en) | Commit sensitive tests | |
| CN112133357B (en) | eMMC test method and device | |
| CN110879781A (en) | Program debugging method and device, electronic equipment and computer readable storage medium | |
| WO2023217118A1 (en) | Code test method and apparatus, and test case generation method and apparatus | |
| CN115686961A (en) | Processor testing method and device and electronic equipment | |
| CN112506798A (en) | Performance test method, device, terminal and storage medium of block chain platform | |
| CN112395144A (en) | Test method, test system, terminal equipment and readable storage medium | |
| CN105912467B (en) | Performance test method and device | |
| CN111221690B (en) | Model determination method and device for integrated circuit design and terminal | |
| CN111367710B (en) | eMMC problem reduction method and device | |
| CN115344855A (en) | Kernel-based fault injection method, system, electronic device and storage medium | |
| CN114816772A (en) | Debugging method, debugging system and computing device for application running based on compatible layer | |
| CN114238048A (en) | Automatic testing method and system for Web front-end performance | |
| US9792202B2 (en) | Identifying a configuration element value as a potential cause of a testing operation failure | |
| CN116594862B (en) | DBMS test method and device, electronic equipment and readable storage medium | |
| CN111078574A (en) | Method and device for generating influence analysis report |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |