| Software evolution is a critical activity in the software life cycle.The software system continues to evolve even after it is released.Software evolution can ensure that the software will remain usable for a long time and can adapt to continuous changes in the business environment.Regression testing is required for change points introduced by software evolution to ensure software quality.However,regression testing usually requires manual modification and construction of a large number of test cases,which costs considerable human resources.Due to the ease of deployment and high scalability,fuzzing(or fuzz testing)has attracted the attention of many scientific researchers and industry engineers.The fuzzing technique involves sending random inputs to the program under test(PUT)and observing whether it behaves as expected.Greybox fuzzing has been rapidly developed in recent years because it can perform more comprehensive testing of the PUT while maintaining high test throughputs.However,existing greybox fuzzing work mainly focuses on improving code coverage or performing targeted testing for areas suspected of vulnerabilities reported by static analysis,without considering the information of software evolution,making it challenging to perform comprehensive testing of changes introduced by software evolution.In order to solve the limitations of applying fuzzing to software evolutions,this paper proposes a fuzzing technique for software evolutions.The main research contents can be summarized as follows:In the first place,a fuzz testing method is proposed for version iteration in software evolution.First,version difference analysis is performed to identify the change points introduced.Then,change impact analysis is performed based on the change points.Afterward,during the fuzzing process,the fitness of the seed is calculated by its coverage and the change impact analysis results.Finally,mutant generation is guided by the seed’s fitness to ensure changes are adequately tested.Based on the proposed methods,a historical version guided fuzzer Delta Fuzz is implemented,and experiments are performed on 6 open source projects.Experimental results show that Delta Fuzz can cover the change points introduced by version iteration faster than AFLGo,AFLFast,and AFL.In the second place,a fuzz testing method is proposed for continuous integration in the software evolution.First,the change points introduced by continuous integration are identified according to PUT’s commit.Then,taint analysis based on data flow and control flow is performed according to change points.Finally,during fuzzing,to improve the testing efficiency for testing changes,the fitness of the seeds is calculated by its coverage and taint analysis results.Corresponding testing resources are allocated to the seeds.Based on the proposed method,a directed greybox fuzzer CIDFuzz is implemented,and experiments are performed on 4 software that applies continuous integration.Compared with AFL and AFLGo,the experimental results show that CIDFuzz can cover the change points and reproduce vulnerabilities introduced by continuous integration faster. |
PDF Full Text Request