一种结合动态链接库信息的崩溃输入分类方法

软件崩溃是一种严重的软件缺陷,可导致软件终止运行.因此,对软件崩溃的测试在软件迭代的过程中极为重要.近年来,模糊测试技术(如AFL)由于可以自动化生成大量的测试输入来触发软件崩溃,被广泛用于软件测试中.然而,通过该技术产生的导致软件崩溃的测试输入中,大部分崩溃的触发原因都是重复的,因此软件开发人员需要对测试输入进行分类,带来了许多冗余工作.目前,测试输入分类已经有很多自动化方法,主要包括基于程序修复的分类算法和基于软件崩溃信息的分类算法.前者通过对程序在语义上进行分析,在运行时通过在程序中替换修复模板后重新运行测试输入,进而对输入分类.因为此方法需要人为地对于软件崩溃编写修复模板,所以其分类的效率与修复模板的质量存在很大联系;且由于需要先修复崩溃、再对崩溃做分类,影响了软件崩溃的修复效率.采用后者的思想,提出了一种轻量而高效的利用软件崩溃信息的测试输入分类算法CICELY.其在软件崩溃点堆栈信息分类的算法基础上,在分析软件崩溃点堆栈时引入了动态链接库信息,通过区分系统动态链接库与用户动态链接库,结合用户代码位置信息,得到用户关注的函数集合,以在分类时以用户函数为基准对崩溃进行界定.最后...

Crash Input Classification Method Combined with Dynamic Link Library Information

Software crash is a kind of serious software flaw, which can lead to software crashes. Therefore, testing for software crashes is extremely important in the process of software iteration. In recent years, since a large number of test inputs can be automatically generated to trigger software crashes, fuzzing techniques (such as AFL) are widely used in software testing. Nevertheless, most of root causes of crashes that are generated by this technique are same. In this case, software developers have to classify the test inputs one by one, which brings a lot of redundant work. At present, there are many automated methods for testing input classification, mainly including classification algorithms based on program repair and classification algorithms based on software crash information. The former analyzes the program semantics, and re-runs the test input after replacing the repair templates in the program at runtime, and then classifies the inputs. Since this method requires the preparation of repair templates to be completed artificially, the efficiency of its classification is closely related to the quality of the repair templates. At the same time, the repair efficiency of the software has been greatly affected due to the need to repair the crash and classify the crash. Since certain advantages of the latter, this study proposes a lightweight and efficient test inputs classification algorithm, which uses software crash information. Based on the algorithm of software crash point stack information classification, this study introduces dynamic link library information in analyzing CICELY. By distinguishing system dynamic link library from user dynamic link library and combining with location information of user codes, this study gets the set of functions that are focused by programmers to define the crash based on the user function in the classification. In the end, this study also compares CICELY with some existing classification tools based on program repair and software crash information. The experimental test data sets total 19 projects, and 42 test sets. When comparing with other classification tools, Honggfuzz and CERT BFF, whose main classification algorithms are based on software crash information on the same data set, the numbers of classification results of the two are 2112.89% and 135.05% worse than that of CICELY, proving that the experimental effect of CICELY is greatly improved and has higher accuracy compared with similar algorithms. Compared with the classification algorithm "Semantic Crash Bucketing" based on program repair using the test data set provided in their article, CICELY is worse than it by 4.42%. When using the test set consisting of test inputs corresponding to multiple crashes, CICELY got 3% higher repeatability than it. However, Semantic Crash Bucketing can only classify crashes caused by two kinds of crash inputs, null pointer dereference and buffer overflow, while CICELY is not subject to such restrictions.