CN115357513B - Program ambiguity test method, device, equipment and storage medium - Google Patents

Program ambiguity test method, device, equipment and storage medium Download PDF

Info

Publication number
CN115357513B
CN115357513B CN202211085263.8A CN202211085263A CN115357513B CN 115357513 B CN115357513 B CN 115357513B CN 202211085263 A CN202211085263 A CN 202211085263A CN 115357513 B CN115357513 B CN 115357513B
Authority
CN
China
Prior art keywords
tested program
program
test
tested
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211085263.8A
Other languages
Chinese (zh)
Other versions
CN115357513A (en
Inventor
张超
秦世松
赵博栋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN202211085263.8A priority Critical patent/CN115357513B/en
Publication of CN115357513A publication Critical patent/CN115357513A/en
Application granted granted Critical
Publication of CN115357513B publication Critical patent/CN115357513B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/3644Software debugging by instrumenting at runtime
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3676Test management for coverage analysis
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application provides a program ambiguity test method, a program ambiguity test device, program ambiguity test equipment and a storage medium. The method comprises the following steps: and acquiring the tested program after the code instrumentation, wherein the position of the code instrumentation in the source code of the tested program is the position of the network data I/O interaction synchronization point. And carrying out fuzzy test on the tested program after the code instrumentation by using M test cases, wherein M is an integer greater than or equal to 1, each test case comprises at least two I/O interaction request messages, the code instrumentation is used for sending feedback information, the feedback information is used for indicating to send the I/O interaction request messages, and the result of the fuzzy test of the tested program after the code instrumentation is obtained according to the execution condition of the fuzzy test. The method enables the fuzzy tester to timely send the I/O interaction request message to the tested program, and improves the testing efficiency.

Description

Program ambiguity test method, device, equipment and storage medium
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a program ambiguity test method, apparatus, device, and storage medium.
Background
Network protocols are one of the bases of the whole internet world as a set of communication rules between different entities in a computer network. With the continuous development of the internet, more and more different kinds of network protocol programs are running on the systems of the devices such as the smart phone, the personal computer, the internet of things device and the like, so that an information communication bridge is established among various devices. However, an attacker can more easily launch a remote attack than a local program, with vulnerabilities in the network protocol program, causing more serious damage. The network protocol is thus crucial for the security of the entire network space.
At present, vulnerability discovery is mainly carried out on a target program in a fuzzy test mode. Most existing dust box ambiguity test tools are mainly tested against locally running applications with single input features. In contrast to these native applications, network protocol programs are mostly designed as client/server architectures, which enable multiple rounds of network-based communication at runtime.
However, the current dust box fuzzy test tool cannot send test messages to the tested protocol program in time, so that the problem of low test efficiency is caused.
Disclosure of Invention
The application provides a program fuzzy test method, device, equipment and storage medium, which are used for solving the problem of low network protocol program test efficiency in the prior art.
In a first aspect, the present application provides a program ambiguity test method, including:
acquiring a tested program after code instrumentation, wherein the position of the code instrumentation in the source code of the tested program is the position of a network data I/O interaction synchronization point;
performing fuzzy test on the tested program after the code instrumentation by using M test cases, wherein M is an integer greater than or equal to 1, each test case comprises at least two I/O interaction request messages, the code instrumentation is used for sending feedback information, and the feedback information is used for indicating to send the I/O interaction request messages;
And obtaining the result of the fuzzy test of the tested program after the code instrumentation according to the execution condition of the fuzzy test.
Optionally, the acquiring the tested program after the code instrumentation includes:
acquiring a program to be tested; acquiring the position of a code instrumentation of the tested program according to the tested program; and performing instrumentation processing on the tested program according to the code instrumentation position to obtain the tested program after the code instrumentation.
Optionally, the obtaining, according to the tested program, a code instrumentation position of the tested program includes:
acquiring a breakpoint of the tested program according to the tested program; the position of the breakpoint is the position of the input class system call of the tested program; according to the breakpoint, acquiring target function call stack information when the tested program triggers the breakpoint, wherein the target function call stack information is used for indicating function names and function call sequences; acquiring a candidate target set of the tested program, wherein the candidate target set of the tested program is used for indicating an I/O operation cycle structure in the tested function; and acquiring the code instrumentation position of the tested program according to the target function call stack information and the candidate target set of the tested program.
Optionally, the acquiring the candidate target set of the tested program includes: according to the source code of the tested program, a candidate target set of the tested program is obtained, wherein the candidate target set comprises at least one element, and each element comprises: one of the I/O operation loop structures of the tested program, and function information containing the I/O operation loop structure.
Optionally, the obtaining the location of the code instrumentation of the tested program according to the function call stack information and the candidate target set of the tested program includes:
matching with elements in the candidate target set according to the target function call stack information, and taking the position of the first matched function as the position of a network protocol I/O interaction synchronization point of the tested program;
and outputting the position of the network protocol I/O interaction synchronization point of the tested program.
Optionally, the acquiring the test case includes:
obtaining M initial test cases in a test case pool, wherein the test case pool comprises N initial test cases, and N is an integer greater than or equal to M;
and performing mutation processing on at least one initial test case in the M initial test cases to obtain the M test cases.
Optionally, after the obtaining the result of the fuzzy test of the tested program after the code instrumentation, the method further includes:
acquiring the code coverage rate of the test case to the tested program;
if the code coverage rate is greater than or equal to the code coverage rate threshold value, the test case is updated to the test case pool as a new initial test case
In a second aspect, the present application provides a program ambiguity test apparatus, including:
the first acquisition module is used for acquiring a tested program after code instrumentation, and the position of the code instrumentation in the source code of the tested program is the position of a network data I/O interaction synchronization point;
the processing module is used for performing fuzzy test on the tested program after the code instrumentation by using M test cases, wherein M is an integer greater than or equal to 1, each test case comprises at least two I/O interaction request messages, the code instrumentation is used for sending feedback information, and the feedback information is used for indicating to send the I/O interaction request messages;
and the second acquisition module is used for acquiring the result of the fuzzy test of the tested program after the code instrumentation according to the execution condition of the fuzzy test.
In a third aspect, the present application provides an electronic device, comprising: a processor, and a memory communicatively coupled to the processor;
The memory stores computer-executable instructions;
the processor executes computer-executable instructions stored by the memory to implement the method of any one of the first aspects.
In a fourth aspect, the present application provides a computer-readable storage medium having stored therein computer-executable instructions which, when executed by a processor, are adapted to carry out the program ambiguity test method according to any one of the first aspects
In a fifth aspect, the present application provides a computer program product comprising a computer program which, when executed by a processor, implements the method according to any of the first aspects.
According to the program fuzzy test method, device, equipment and storage medium, the code instrumentation is carried out at the position of receiving the I/O interaction request message in the tested program, so that the tested program after the code instrumentation is obtained, after the I/O interaction request message is received and processed, the function inserted by the code instrumentation sends feedback information to indicate to send the next I/O interaction request message, and therefore the fuzzy tester can timely send the I/O interaction request message to the tested program, and test efficiency is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a flow chart of a program ambiguity test method according to an embodiment of the present application;
fig. 2 is an interaction schematic diagram of a program ambiguity test method according to an embodiment of the present application;
FIG. 3 is a schematic flow chart of a tested program after code instrumentation according to an embodiment of the present application;
FIG. 4 is a complete flowchart of a program ambiguity test method according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a program ambiguity test device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Specific embodiments thereof have been shown by way of example in the drawings and will herein be described in more detail. These drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but to illustrate the concepts of the present application to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
The terms referred to in this application are explained first:
network protocol program: the network protocol program used for network communication under Client/Server (C/S) architecture may be any one of application layer protocol programs, such as file transfer protocol (File Transfer Protocol, FTP) program, secure transfer layer protocol (Transport Layer Security, TLS) program, and the like.
Code instrumentation: refers to that code for tracking the execution process of the tested program is inserted into the tested program to obtain the execution condition of the executable statement in the program, the execution path of the program, the reference and the definite removal of the variable
Fuzzy test: the application relates to a software testing technology for inputting random data into a tested program and monitoring abnormality of the tested program to find program loopholes, and the application is exemplified by a fuzzy testing tool such as a fuzzy tester.
Black box test: also known as function test, the black box test detects through the test whether each function of the program under test can be used normally. In the black box test, the interface of the tested program is tested without considering the internal structure and internal characteristics of the tested program, and the black box test only checks whether the function of the tested program is normally used or not, and whether the tested program can receive input data and generate correct output information or not.
Ash box test: the method is used for an integrated test stage, and not only focuses on the correctness of the output and input of the tested program, but also focuses on the condition inside the tested program. And the test technology for designing the test cases based on the external performance of the program in running and combining with the internal logic structure of the program, executing the program and collecting the program path execution information and the external user interface result.
Currently, the fuzzy test technology has been widely applied to test and vulnerability discovery work for network protocol related programs. Traditional network protocol-oriented ambiguity test tools use a black box test method to conduct ambiguity tests. The black box test method only needs to specify the IP address and the port number of the equipment network running the tested protocol program, and can test without the source code of the tested protocol program.
Because the testing content of the black box test lacks the test on the internal condition of the tested program, the problem of the internal logic of the tested program cannot be tested, and therefore, the existing fuzzy testing tool mostly uses the gray box testing method. The gray box test introduces the contents of a coverage rate feedback guidance mechanism, a genetic variation algorithm and the like into the workflow of the fuzzy test, so that the code coverage rate of the tested program and the vulnerability mining effect of the fuzzy test are obviously improved.
Currently, most ash box fuzziness testing tools are tested primarily against locally running applications with single input features. That is, after the gray box fuzzy test tool inputs the test case into the tested application program, the tested application program is executed, the program path execution information in the program execution is collected, and the program interface result is obtained. The gray box fuzzy test tool only needs to input the test case (i.e. the I/O interaction request message) into the tested application program once, and the I/O interaction request message is acquired and processed IN the running process of the tested application program, so that a test result can be obtained according to the execution condition of the tested application program.
However, the network protocol program is usually a Client/Server (C/S) architecture, and when the network protocol program runs, it performs multiple I/O operations based on multiple rounds of communication performed by the network. Therefore, the test case used for testing the network protocol program needs to include a plurality of I/O interaction request messages, so as to realize the test of the network-based multi-round communication of the network protocol program. The gray box fuzzy test tool needs to send a plurality of I/O interaction request messages in the same test case to the tested program in turn for testing, and after the tested program receives and processes one I/O interaction request message, the gray box fuzzy test tool needs to send the next I/O interaction request message in the test case to the tested program.
However, the gray box fuzzy test tool currently applied to the application program for testing the single input characteristic cannot send the next test message for testing to the tested program in time after the tested program processes one test message. Therefore, the existing dust box fuzzy test method has the problem of lower test efficiency.
In view of this, the present application provides a method for fuzzy testing a program, in which a tested program is obtained by performing code instrumentation at a location where an I/O interaction request message is received in the tested program, so that after receiving and processing an I/O interaction request message is completed, a function inserted by the code instrumentation sends feedback information to instruct to send a next I/O interaction request message, thereby enabling a fuzzy tester to send the I/O interaction request message to the tested program in time, and improving testing efficiency.
The execution main body of the program ambiguity test method provided by the invention can be a grey box ambiguity test tool, and the grey box ambiguity test tool can be program code software or a medium storing relevant execution codes, such as a U disk and the like; alternatively, the dust box ambiguity test tool may be a physical device integrated with or mounted with relevant execution codes, such as a chip, a micro control unit (Microcontroller Unit, abbreviated as MCU), a computer, or other electronic devices.
The following describes the technical solutions of the present application and how the technical solutions of the present application solve the above technical problems in detail with specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 1 is a flow chart of a program ambiguity test method according to an embodiment of the present application. As shown in fig. 1, the method may include:
s101, acquiring a tested program after code instrumentation.
The position of the code instrumentation in the source code of the tested program is the position of the network data I/O interaction synchronization point. The program under test is a network protocol program. The code instrumentation is used for sending feedback information, and the feedback information is used for indicating to send an I/O interaction request message.
The tested program includes a function for acquiring the I/O interaction request message, a function for processing the I/O interaction request message, etc., and a function for executing the I/O operation may be included in the function for processing the I/O interaction request message. The network data I/O interaction synchronization point is a function used for acquiring the I/O interaction request message in the tested program, and the position of the function is the position of the function. When the tested program runs, the I/O interaction request message is read through the network data I/O interaction synchronization point, and the I/O interaction request message is used for testing the tested program. The function for acquiring the I/O interaction request message may be any one of functions for reading and receiving the message, for example, a read, recv, or recvmsg function.
One possible implementation manner, in the process of the ambiguity test, the ambiguity tester performs code instrumentation processing on the tested program to obtain the tested program after the code instrumentation,
in another possible implementation manner, the code instrumentation processing is performed on the tested program in advance, then the tested program after the code instrumentation is input into the fuzzy tester, and the tested program after the code instrumentation is executed to perform the fuzzy test.
S102, performing fuzzy test on the tested program after code instrumentation by using M test cases, wherein M is an integer greater than or equal to 1.
Wherein each test case includes at least two I/O interaction request messages. The M test cases can be determined according to actual needs and stored in a test case pool; or can be obtained through mutation processing according to the test cases stored in the test case pool.
The fuzzy tester inputs the I/O interaction request message in the test case into the tested program after the code instrumentation, and the tested program after the code instrumentation alternately processes the data in the plurality of I/O interaction request messages in the execution process so as to carry out the fuzzy test.
The detailed procedure of the program ambiguity test method will be described below taking a read function as an example of a function for acquiring the I/O interaction request message. Fig. 2 is an interaction schematic diagram of a program ambiguity test method according to an embodiment of the present application. As shown in fig. 2, the method may include:
S1021, establishing communication connection between the fuzzy tester and the tested program.
Wherein the communication connection between the ambiguity tester and the tested program may be established through a network socket, for example. The tested program is used as a server, a network socket is initialized, port binding and monitoring are carried out, and the port is connected with the to-be-fuzzy tester. The fuzzy tester is used as a client to initialize a network socket and establish network connection with a tested program. Reference may be made to the prior art for how to establish a connection between a server and a client through a network socket, and this is not repeated here.
And S1022, in the running process of the tested program, when the tested program is executed to the position of the read function, sending feedback information to the fuzzy tester through code instrumentation.
When the tested program is executed to the position of the read function, the function of sending feedback information to the fuzzy tester is realized through codes inserted by the code instrumentation technology. The specific function of the code is determined based on the function of the feedback information, e.g. the code may be used to feed back an I/O interaction request message that is currently receivable.
S1023, the fuzzy tester sends an I/O interaction request message to the tested program according to the feedback signal.
The I/O interaction request message is any I/O interaction request message in the test cases, the order of sending the I/O interaction request message by the fuzzy tester can be determined according to actual requirements, and the application is not limited.
S1024, the tested program receives and processes the I/O interaction request message.
The tested program reads the I/O interaction request message through a read function, then processes the I/O interaction request message according to the content of the I/O interaction request message through subsequent function call, and the specific processing mode is determined according to the content of the I/O interaction request message, which can be any data processing mode in the prior art, and the application does not limit the method.
S1025, after the tested program finishes the processing of the current I/O interaction request message, entering the next cycle to run the next I/O interaction request message in the current test case, and executing the read function again by the tested program through a cycle structure, and when the read function is executed, sending feedback information for indicating the fuzzy tester to send the next I/O interaction request message to the fuzzy tester through the function of the code instrumentation before the read function.
In order to realize that network I/O interaction request messages can be received and processed for multiple times, a loop structure using a read function as a loop starting point exists in the tested program, and after processing of one I/O interaction request message is completed, the loop structure returns to the read function to read the next I/O interaction request message. After the processing of all the I/O interaction request messages in the test case is completed, the loop is ended, and the function after the loop structure is executed. Therefore, during the fuzzy test, the function for sending the feedback message is inserted by performing code instrumentation before the read function, so that the function of timely indicating the fuzzy tester to send the next I/O interaction request message is realized.
S103, obtaining the result of the fuzzy test of the tested program after the code instrumentation according to the execution condition of the fuzzy test.
The fuzzy tester monitors the execution condition of the tested program synchronously, and obtains the fuzzy test result of the tested program after the code instrumentation according to whether the running and/or output result of the tested program is abnormal in the process of executing and processing the I/O interaction request message.
When the running and/or output result of the tested program is not abnormal, the result of the fuzzy test using the test case is that the test passes.
When the running and/or output result of the tested program is abnormal, the result of the fuzzy test using the test case is the test abnormality. The exception of the tested program may include, for example, program error, program crash, output data error, etc. The method for obtaining the fuzzy test result according to the abnormality can be, for example, analyzing and obtaining the fuzzy test result through monitoring log information of the fuzzy tester; or obtaining the result of the fuzzy test according to the error content of the program. For how to obtain the fuzzy test result through the program exception, reference may be made to the prior art, which is not repeated in the present application.
According to the program fuzzy test method, the tested program after the code instrumentation is tested through the test case comprising the plurality of I/O interaction request messages, when the tested program after the code instrumentation executes the test case, each time the tested program runs to the position of the I/O interaction synchronization point, feedback information is sent to the fuzzy tester through the function inserted by the code instrumentation so as to instruct the fuzzy tester to send the next I/O interaction request message to carry out the test of the next round of interaction, and therefore the fuzzy tester can send the I/O interaction request message required by the test of the next round of interaction to the tested program in time each time in the process of the multi-round of interaction. Therefore, the program ambiguity test method improves the test efficiency.
Next, taking the example of performing the code instrumentation processing on the tested program in advance, and then inputting the tested program after the code instrumentation into the fuzzy tester, a detailed description will be given of how to obtain the tested program after the code instrumentation in step S201.
Fig. 3 is a schematic flow chart of a tested program after code instrumentation according to an embodiment of the present application. As shown in fig. 3, the method may include:
s301, acquiring a tested program.
The tested program is a network protocol program to be subjected to fuzzy test, and the mode of acquiring the tested program by the fuzzy test tool can be acquired according to the index of the tested protocol, or acquired according to the storage position of the tested protocol, and the like.
S302, acquiring the code instrumentation position of the tested program according to the tested program.
Embodiment a: and acquiring the code instrumentation position of the tested program according to the target function call stack information of the tested program and the candidate target set of the tested program.
S3021, obtaining the breakpoint of the tested program according to the tested program.
The breakpoint position is the position of the input class system call of the tested program. The input class system call may be any of the functions described above, such as read, recv, or recvmsg, for example.
First, in the compiling process of the tested program, according to the breakpoint mechanism, a breakpoint is set at an input class system call of the tested program by a Debugger, for example, a GNU Debug (GDB) Debugger, etc.
S3022, acquiring the target function call stack information when the tested program triggers the breakpoint according to the breakpoint.
The target function call stack information is used for indicating function names and function call sequences. The object function call stack information may include, for example: function name or function identification, function call order or function call relationship.
And the client is used for establishing communication connection with the tested program and sending the detection message to the tested program, and the specific form of the client is not limited in the application.
Secondly, the client sends the detection message to the detected program, and the content of the detection message is not limited in the application, so long as the detection message can be read or received by the detected program. After the tested program receives the detection message, the data packet is read or received in the execution process of the tested program, and the tested program reads or receives the data packet through the input type system call. At this time, the tested program executes the input class system call, which triggers the breakpoint set at the location. And when the breakpoint is triggered, storing the function call stack information when the breakpoint is triggered.
Illustratively, the function call stack information is shown in Table 1 below:
TABLE 1
Function name Function call sequence
Function C 4
Function B 3
Function A 2
main function 1
The function C is a function name corresponding to the input class system call at the breakpoint, the function B is a function for calling the function C, the function A is a function for calling the function B, the function at the bottom of the function calling stack is a main function, and the main function is a function for calling the function A.
S3023, obtaining a candidate target set of the tested program.
Wherein the candidate target set of the tested program is used for indicating the I/O operation loop structure in the tested function. The candidate target set includes at least one element, each element including: an I/O operation loop structure of the program under test, and function information included in the I/O operation loop structure.
One possible implementation way is to obtain a candidate target set of the tested program according to the source code of the tested program.
The static analyzer is used for acquiring all the loop structures containing the I/O operation in the tested program, the loop structures of the I/O operation are loop structures used for acquiring the I/O interaction request message, and how to acquire the loop structures containing the I/O operation according to the static analyzer can refer to the prior art. For each loop structure including the I/O operation, function information including the loop structure is obtained, where the function information is function information of a function where the loop structure is located, and may include, for example, a function name, a function call relationship, and the like. Each loop structure containing the I/O operation, and its corresponding function information, is then taken as an element. And finally taking all elements as candidate target sets.
In another possible implementation manner, the candidate target set of the tested program is obtained according to any method in the prior art capable of detecting a loop structure including an I/O operation and a function in which the loop structure is located. For example, it may be obtained by compiling the program under test while traversing all the functional paths.
S3024, obtaining the code instrumentation position of the tested program according to the target function call stack information and the candidate target set of the tested program.
Wherein the location of the code instrumentation may be represented as a line of code in the source code of the program under test.
The method comprises the following steps of obtaining the code instrumentation position of a tested program by matching target function call stack information with all I/O operation loop structures included in the tested function:
and according to the target function call stack information, matching with elements in the candidate target set, and taking the position of the first matched function as the position of the network protocol I/O interaction synchronization point of the tested program. Illustratively, in this application, matching by function name is illustrated as an example:
according to the function call relation (namely the sequence of function call) in the target function call stack information, starting from a function (such as a main function) at the bottom of the function call stack, matching with the function names in the candidate target set according to the call sequence in the function call stack in sequence. Taking table 1 as an example, firstly, matching with function names in a candidate target set one by one through a main function at the outermost layer in the function call stack information, and if matching is successful, namely the candidate target set comprises the main function, determining a network protocol I/O interaction synchronization point with the beginning of a loop structure in the function with the function name of main in the candidate target set as a tested program according to the function name (main). If the main function at the outermost layer in the function call stack information is not matched, the next function, namely, the function A, is matched with the function names in the candidate target set one by one according to the call sequence of the functions in the function call stack. Similarly, if the main function, the function A and the function B are not successfully matched, the main function, the function A and the function B are matched with the candidate target set through the function C. The first matched function is said to be a loop structure when processing an I/O interaction request message. At this time, the number of lines of the source code corresponding to the beginning of the loop structure is the position of the network protocol I/O interaction synchronization point of the tested program.
And finally, outputting the position of the network protocol I/O interaction synchronization point of the tested program, namely the number of lines of the position in the source code. The position is the position where code instrumentation is needed.
Embodiment B: according to any other method capable of determining the position of the I/O interaction synchronization point in the tested program, determining the code instrumentation position of the tested program, the method for determining the position of the I/O interaction synchronization point is not limited, and any method capable of realizing the function in the prior art can be used.
S303, performing instrumentation processing on the tested program according to the code instrumentation position to obtain the tested program after the code instrumentation.
The source code of the program under test is compiled by the compiler and then traversed using tools in the compiler for traversing the source code of the program under test, such as PASS tools of LLVM, etc. And in the traversing process, continuously comparing the traversed code position with the position of the network protocol I/O interaction synchronization point of the tested program, and completing matching when the traversed code position is the same as the position of the network protocol I/O interaction synchronization point of the tested program.
After matching is completed, a function for sending feedback information is inserted into the currently traversed code position, and the function comprises a function for sending communication information to the fuzzy tester, for example, the communication information is sent by a signal mode, and the signal can be a Linux signal or the like. The function is a function inserted by the code instrumentation operation, and the communication information function may include: and a function for instructing the fuzzy tester to send the next I/O interaction request message.
After the code instrumentation operation is completed, the tested program after the code instrumentation is output to the testing tool, and the tested program after the code instrumentation is used for replacing the original tested program.
According to the method for acquiring the tested program after code instrumentation, the position where code instrumentation operation is required in the source code of the tested program is determined by acquiring the target function call stack information and the candidate target set of the tested program. Then, a function for sending feedback information is inserted into the needed code instrumentation position, so that in the process of fuzzy test, the feedback information can be sent to the fuzzy tester through the method, the fuzzy tester is instructed to send the code instrumentation position of the next I/O interaction request message, and the inserted function for sending the feedback information is used for reducing the time interval between the multiple rounds of communication tests and improving the test efficiency when the tested program for the multiple rounds of communication is tested.
Next, a detailed description will be given of how to acquire the test case in step S202 described above:
the dust box fuzzy test tool can comprise a test case pool, or communication connection exists between the dust box fuzzy test tool and the test case pool, and test cases in the test case pool can be called. The test case pool may be, for example, a database, in which N initial test cases are stored. The N initial test cases in the test case pool may be set according to actual requirements. In the fuzzy test process, all initial test cases in the test case pool can be used, and only part of the initial test cases in the test case pool can be used. That is, the number of M test cases for performing the fuzzy test is less than or equal to the number N of initial test cases.
For the M initial test cases for testing, the M initial test cases can be directly used as test cases to test the tested program; or, mutation processing is performed on at least one initial test case in the M initial test cases to obtain M test cases so as to test the tested program.
The above-mentioned mutation processing performed on the initial test case may be, for example, operations such as turning over and cutting off bytes included in the initial test case, insertion of random data into the initial test case, or mutation processing performed by the above-mentioned operations, which is not limited in this application.
In addition, in the fuzzy test process, because the test case is different from the initial test case, after the mutation operation, the test effect of the test case on the tested program is also different. In order to perform the next round of test on the tested program through more test cases, the test case with wider code range covered during the test can be used as a new initial test case and stored into a test case pool.
Therefore, the initial test cases in the test case pool can be expanded by the method described below so as to improve the effect of fuzzy test, and more possible faults of the tested program can be tested.
And after the result of the fuzzy test of the tested program after the code instrumentation is obtained, the code coverage rate of the test case for the tested program is obtained.
The gray box fuzzy test tool comprises at least two I/O interaction request messages in a test case sent by the fuzzy tester, and after the fuzzy tester sends out the last I/O interaction request message in the current test case, the tested program receives and processes the last I/O interaction request message. And then, after the tested program finishes processing the last I/O interaction request message, sending feedback information to the fuzzy tester again to inform the fuzzy tester that the last I/O interaction request message is processed. When the gray box fuzzy test tool monitors that all I/O interaction request messages included in the test case are processed, reading the comprehensive result of the fuzzy test on the tested program after the code instrumentation by using the test case from the memory, and the code coverage rate of the tested program when the test case is tested.
The code coverage rate is the union of the code coverage rate of each tested program through the I/O interactive request message.
If the code coverage rate of the test case is greater than or equal to the code coverage rate threshold, the test case is updated to the test case pool as a new initial test case.
According to the method for acquiring the test cases, more test cases with higher test efficiency are provided for fuzzy test, so that the accuracy of the fuzzy test is improved, more faults, defects or errors possibly existing in the tested program are tested, and the conditions of breakdown, error reporting and the like of the tested program in the executing process are reduced.
For easy understanding, taking a tested program after completing a code instrumentation operation in advance as an example, fig. 4 is a complete flowchart of a program ambiguity test method provided in an embodiment of the present application. As shown in fig. 4, the method may include:
s401, acquiring a function to be tested.
S402, acquiring target function call stack information by acquiring a breakpoint; and acquiring a candidate target set of the tested program by acquiring the tested function source code.
S40211, acquiring a breakpoint.
S40212, acquiring the call stack information of the target function according to the breakpoint.
S40221, acquiring the source code of the function to be tested.
S40222, acquiring a loop structure comprising I/O operation according to the tested function source code, and information of the function where the loop structure corresponds to.
S40223, acquiring a candidate target set of the tested program according to a loop structure comprising the I/O operation and information of a function where the loop structure corresponds to.
S403, acquiring the position of the code instrumentation according to the target function call stack information and the candidate target set of the tested program.
S404, performing code instrumentation operation to obtain a tested program after the code instrumentation.
After the tested program after the code instrumentation is obtained, the method further comprises the following steps:
s501, constructing a test case pool according to the initial test case.
S502, selecting an initial test case from the test case pool.
S503, obtaining the test case through mutation processing of the initial test case.
S504, running the tested program after the code instrumentation, and sending feedback information to the fuzzy tester.
S505, the fuzzy tester sends the I/O interaction request message in the test case to the tested program after the code instrumentation.
S506, feeding back the code coverage rate of the currently processed I/O interaction request message according to the feedback information of the next time.
S507, after testing of all the I/O interaction request messages in the test case is completed, obtaining code coverage rate corresponding to testing of the tested program through the test case; judging whether the code coverage rate is greater than a preset threshold value, if so, executing step S508; if not, step S509 is executed.
S508, the test case is not reserved in the test case pool.
S509, reserving the test case in the test case pool.
The program ambiguity test method in the above method embodiment is implemented by the flow included in fig. 4, and its implementation principle and technical effects are similar to those of the above method embodiment, and are not described here again.
Fig. 5 is a schematic structural diagram of a program ambiguity test device according to an embodiment of the present application. As shown in fig. 5, the program ambiguity test includes: a first acquisition module 11, a processing module 12, a second acquisition module 13. In one possible embodiment, the method further comprises: an output module 14.
The first obtaining module 11 is configured to obtain a tested program after code instrumentation.
And the processing module 12 is used for performing fuzzy test on the tested program after the code instrumentation by using the M test cases.
And the second obtaining module 13 is configured to obtain a result of the fuzzy test of the tested program after the code instrumentation according to the execution condition of the fuzzy test.
The method comprises the steps that the position of a code instrumentation in a source code of a tested program is the position of a network data I/O interaction synchronization point, M is an integer greater than or equal to 1, each test case comprises at least two I/O interaction request messages, the code instrumentation is used for sending feedback information, and the feedback information is used for indicating to send the I/O interaction request messages;
In one possible implementation manner, the first obtaining module 11 is specifically configured to obtain a tested program, and obtain a location of a code instrumentation of the tested program according to the tested program. The processing module 12 is further configured to perform instrumentation processing on the tested program according to the location of the code instrumentation, so as to obtain the tested program after the code instrumentation.
For the location of the code instrumentation of the tested program, in this embodiment, the first obtaining module 11 is specifically configured to obtain the breakpoint of the tested program according to the tested program. And acquiring the target function call stack information when the tested program triggers the breakpoint according to the breakpoint. And acquiring a candidate target set of the tested program. And acquiring the code instrumentation position of the tested program according to the target function call stack information and the candidate target set of the tested program. The breakpoint position is the position of the input class system call of the tested program, the target function call stack information is used for indicating the function name and the function call sequence, and the candidate target set of the tested program is used for indicating the I/O operation cycle structure in the tested function.
In this embodiment, the first obtaining module 11 is specifically configured to obtain, according to source code of a tested program, a candidate target set of the tested program, where the candidate target set includes at least one element, and each element includes: an I/O operation loop structure of the program under test, and function information included in the I/O operation loop structure
The processing module 12 is further configured to match elements in the candidate target set according to the target function call stack information, and take the location of the first matched function as the location of the network protocol I/O interaction synchronization point of the tested program.
And the output module 14 is used for outputting the position of the network protocol I/O interaction synchronization point of the tested program.
For how to acquire test cases, in one possible implementation manner, the first acquiring module 11 is further configured to acquire M initial test cases in the test case pool. The processing module 12 is further configured to perform mutation processing on at least one initial test case in the M initial test cases, to obtain M test cases. The test case pool comprises N initial test cases, wherein N is an integer greater than or equal to M.
Optionally, in this embodiment, the processing module 12 is further configured to obtain the code coverage rate of the test case for the tested program after the second obtaining module 13 obtains the result of the fuzzy test of the tested program after the code instrumentation. If the code coverage rate is greater than or equal to the code coverage rate threshold value, the test case is updated to the test case pool as a new initial test case.
The program ambiguity test device provided in the embodiment of the present application may execute the program ambiguity test method in the embodiment of the method, and its implementation principle and technical effects are similar, and are not repeated here.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The electronic equipment is used for executing the program ambiguity test method. The electronic device may be, for example, the physical device described above in which the execution code of the dust box ambiguity test tool is installed. As shown in fig. 6, the electronic device 600 may include: at least one processor 601, a memory 602, and in one possible implementation, a communication interface 603.
A memory 602 for storing programs. In particular, the program may include program code including computer-operating instructions.
The memory 602 may include high-speed RAM memory or may further include non-volatile memory (non-volatile memory), such as at least one disk memory.
The processor 601 is configured to execute computer-executable instructions stored in the memory 602 to implement the methods described in the foregoing method embodiments. The processor 601 may be a CPU, or an application specific integrated circuit (Application Specific Integrated Circuit, abbreviated as ASIC), or one or more integrated circuits configured to implement embodiments of the present application.
Optionally, the processor 601 may interact with external devices through a communication interface 603. The external device may be, for example, an entity device where a database as a test case pool is located.
In a specific implementation, if the communication interface 603, the memory 602, and the processor 601 are implemented independently, the communication interface 603, the memory 602, and the processor 601 may be connected to each other and perform communication with each other through a bus. The bus may be an industry standard architecture (Industry Standard Architecture, abbreviated ISA) bus, an external device interconnect (Peripheral Component, abbreviated PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated EISA) bus, among others. Buses may be divided into address buses, data buses, control buses, etc., but do not represent only one bus or one type of bus.
Alternatively, in a specific implementation, if the communication interface 603, the memory 602, and the processor 601 are integrated on a chip, the communication interface 603, the memory 602, and the processor 601 may complete communication through internal interfaces.
The present application also provides a computer-readable storage medium, which may include: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk or an optical disk, etc., in which program codes may be stored, and in particular, the computer-readable storage medium stores program instructions for the methods in the above embodiments.
The present application also provides a program product comprising execution instructions stored in a readable storage medium. The at least one processor of the electronic device may read the execution instructions from the readable storage medium, and execution of the execution instructions by the at least one processor causes the electronic device to implement the program ambiguity test method provided by the various embodiments described above.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.

Claims (8)

1. A program ambiguity test method, comprising:
acquiring a program to be tested;
acquiring a breakpoint of the tested program according to the tested program; the position of the breakpoint is the position of the input class system call of the tested program;
According to the breakpoint, acquiring target function call stack information when the tested program triggers the breakpoint, wherein the target function call stack information is used for indicating function names and function call sequences;
acquiring a candidate target set of the tested program, wherein the candidate target set of the tested program is used for indicating an I/O operation cycle structure in the tested program;
acquiring the code instrumentation position of the tested program according to the target function call stack information and the candidate target set of the tested program;
performing instrumentation processing on the tested program according to the position of the code instrumentation to obtain the tested program after the code instrumentation, wherein the position of the code instrumentation in the source code of the tested program is the position of a network data I/O interaction synchronization point;
performing fuzzy test on the tested program after the code instrumentation by using M test cases, wherein M is an integer greater than or equal to 1, each test case comprises at least two I/O interaction request messages, the code instrumentation is used for sending feedback information, and the feedback information is used for indicating to send the I/O interaction request messages;
and obtaining the result of the fuzzy test of the tested program after the code instrumentation according to the execution condition of the fuzzy test.
2. The method of claim 1, wherein the obtaining the candidate target set for the tested program comprises: according to the source code of the tested program, a candidate target set of the tested program is obtained, wherein the candidate target set comprises at least one element, and each element comprises: one of the I/O operation loop structures of the tested program, and function information containing the I/O operation loop structure.
3. The method according to claim 1 or 2, wherein the obtaining the location of the code instrumentation of the tested program according to the function call stack information and the candidate target set of the tested program includes:
matching with elements in the candidate target set according to the target function call stack information, and taking the position of the first matched function as the position of a network protocol I/O interaction synchronization point of the tested program;
and outputting the position of the network protocol I/O interaction synchronization point of the tested program.
4. The method according to claim 1 or 2, wherein the obtaining test cases comprises:
obtaining M initial test cases in a test case pool, wherein the test case pool comprises N initial test cases, and N is an integer greater than or equal to M;
And performing mutation processing on at least one initial test case in the M initial test cases to obtain the M test cases.
5. The method according to claim 1 or 2, further comprising, after the obtaining the result of the fuzziness test of the tested program after the code instrumentation:
acquiring the code coverage rate of the test case to the tested program;
and if the code coverage rate is greater than or equal to a code coverage rate threshold value, the test case is updated to the test case pool as a new initial test case.
6. A program ambiguity test device, comprising:
the first acquisition module is used for acquiring the tested program; acquiring a breakpoint of the tested program according to the tested program; the position of the breakpoint is the position of the input class system call of the tested program; according to the breakpoint, acquiring target function call stack information when the tested program triggers the breakpoint, wherein the target function call stack information is used for indicating function names and function call sequences; acquiring a candidate target set of the tested program, wherein the candidate target set of the tested program is used for indicating an I/O operation cycle structure in the tested program; acquiring the code instrumentation position of the tested program according to the target function call stack information and the candidate target set of the tested program; performing instrumentation processing on the tested program according to the position of the code instrumentation to obtain the tested program after the code instrumentation, wherein the position of the code instrumentation in the source code of the tested program is the position of a network data I/O interaction synchronization point;
The processing module is used for performing fuzzy test on the tested program after the code instrumentation by using M test cases, wherein M is an integer greater than or equal to 1, each test case comprises at least two I/O interaction request messages, the code instrumentation is used for sending feedback information, and the feedback information is used for indicating to send the I/O interaction request messages;
and the second acquisition module is used for acquiring the result of the fuzzy test of the tested program after the code instrumentation according to the execution condition of the fuzzy test.
7. An electronic device, comprising: a processor, and a memory; the processor is in communication with the memory;
the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored in the memory to implement the method of any one of claims 1-5.
8. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are for implementing the program ambiguity test method of any one of claims 1 to 5.
CN202211085263.8A 2022-09-06 2022-09-06 Program ambiguity test method, device, equipment and storage medium Active CN115357513B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211085263.8A CN115357513B (en) 2022-09-06 2022-09-06 Program ambiguity test method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211085263.8A CN115357513B (en) 2022-09-06 2022-09-06 Program ambiguity test method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115357513A CN115357513A (en) 2022-11-18
CN115357513B true CN115357513B (en) 2023-06-13

Family

ID=84007037

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211085263.8A Active CN115357513B (en) 2022-09-06 2022-09-06 Program ambiguity test method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115357513B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117648696B (en) * 2023-11-27 2024-06-04 中国电子科技集团公司第十五研究所 Software security testing method and device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114328173A (en) * 2021-10-27 2022-04-12 清华大学 Software fuzzing test method and device, electronic equipment and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102222041A (en) * 2011-06-15 2011-10-19 深圳市运通信息技术有限公司 Test analysis system and method based on embedded software
CN102521123B (en) * 2011-11-24 2016-04-06 西安邮电大学 A kind of embedded software test pile pitching method of logic-based execution block
CN109460365B (en) * 2018-11-16 2019-07-26 苏州好玩友网络科技有限公司 A kind of system performance testing method, apparatus, equipment and storage medium

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114328173A (en) * 2021-10-27 2022-04-12 清华大学 Software fuzzing test method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN115357513A (en) 2022-11-18

Similar Documents

Publication Publication Date Title
KR100772523B1 (en) Apparatus for detecting intrusion using pattern and method thereof
CN112463581B (en) Method and system for carrying out fuzzy test on distributed system
EP3264274B1 (en) Input discovery for unknown program binaries
CN111858296B (en) Interface testing method, device, equipment and storage medium
CN115357513B (en) Program ambiguity test method, device, equipment and storage medium
CN109408309A (en) The test method and device of multiple terminals
CN113448844B (en) Method and device for regression testing and electronic equipment
CN111046393B (en) Vulnerability information uploading method and device, terminal equipment and storage medium
CN111131262B (en) Vulnerability scanning method and device
CN112464238A (en) Vulnerability scanning method and electronic equipment
CN109491923B (en) Method, device, medium and electronic equipment for determining newly added abnormal code
CN109560964B (en) Equipment compliance checking method and device
CN109039813B (en) Method, system and equipment for detecting internet access
CN114425787A (en) Control method and device for robot automatic test, server and storage medium
CN111638905A (en) Version number generation method and device, electronic equipment and readable storage medium
CN117688564B (en) Detection method, device and storage medium for intelligent contract event log
CN110958141B (en) Communication fault diagnosis method, device, equipment and computer readable storage medium
CN112737872B (en) ARINC664P7 end system cross-network testing system and method
CN109885402B (en) Method for testing function output data overflow, terminal equipment and storage medium
EP4354308A2 (en) Computer system and method for evaluating integrity and parsing of a file system and parsing implementation
CN110109809B (en) Method and equipment for testing log auditing function according to syslog
CN110825631B (en) Test method, test device, electronic equipment and storage medium
CN117614801A (en) Method, device, equipment and storage medium for determining fault type
CN116484774A (en) Message information processing method, device and chip
CN116643978A (en) Terminal software version error correction method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant