CIDFuzz: Fuzz testing for continuous integration
Abstract As agile software development and extreme programing have become increasingly popular, continuous integration (CI) has become a widely used collaborative work method. However, it is common to make changes frequently to a project during CI. If existing testing methods are applied to CI direc...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Hindawi-IET
2023-06-01
|
| Series: | IET Software |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/sfw2.12125 |
| _version_ | 1797428868767809536 |
|---|---|
| author | Jiaming Zhang Zhanqi Cui Xiang Chen Huiwen Yang Liwei Zheng Jianbin Liu |
| author_facet | Jiaming Zhang Zhanqi Cui Xiang Chen Huiwen Yang Liwei Zheng Jianbin Liu |
| author_sort | Jiaming Zhang |
| collection | DOAJ |
| description | Abstract As agile software development and extreme programing have become increasingly popular, continuous integration (CI) has become a widely used collaborative work method. However, it is common to make changes frequently to a project during CI. If existing testing methods are applied to CI directly, it will be difficult to make testing resources focus on changes generated by CI, which results in insufficient testing for changes. To solve this problem, we propose a fuzz testing method for CI. First, differential analysis is performed to determine the change points generated during CI, change points are added to the taint source set, and static analysis is conducted to calculate the distances between each basic block and the taint sources. Then, the project under test is instrumented according to the distances. During fuzz testing, testing resources are allocated based on seed coverage to test the change points effectively. Using the proposed methods, we implement CIDFuzz as a prototype tool, and experiments are conducted on four open‐source projects that use CI. Experimental results show that, compared with AFL and AFLGo, CIDFuzz can reduce the time costs of covering change points up to 39.59% and 41.64%, respectively. Also, CIDFuzz can reduce the time costs of reproducing vulnerabilities up to 34.78% and 25.55%. |
| first_indexed | 2024-03-09T09:05:05Z |
| format | Article |
| id | doaj.art-625c33fbf245444a993d0770fc150684 |
| institution | Directory Open Access Journal |
| issn | 1751-8806 1751-8814 |
| language | English |
| last_indexed | 2024-03-09T09:05:05Z |
| publishDate | 2023-06-01 |
| publisher | Hindawi-IET |
| record_format | Article |
| series | IET Software |
| spelling | doaj.art-625c33fbf245444a993d0770fc1506842023-12-02T10:29:58ZengHindawi-IETIET Software1751-88061751-88142023-06-0117330131510.1049/sfw2.12125CIDFuzz: Fuzz testing for continuous integrationJiaming Zhang0Zhanqi Cui1Xiang Chen2Huiwen Yang3Liwei Zheng4Jianbin Liu5Computer School Beijing Information Science and Technology University Beijing ChinaComputer School Beijing Information Science and Technology University Beijing ChinaSchool of Information Science and Technology Nantong University Nantong ChinaComputer School Beijing Information Science and Technology University Beijing ChinaComputer School Beijing Information Science and Technology University Beijing ChinaComputer School Beijing Information Science and Technology University Beijing ChinaAbstract As agile software development and extreme programing have become increasingly popular, continuous integration (CI) has become a widely used collaborative work method. However, it is common to make changes frequently to a project during CI. If existing testing methods are applied to CI directly, it will be difficult to make testing resources focus on changes generated by CI, which results in insufficient testing for changes. To solve this problem, we propose a fuzz testing method for CI. First, differential analysis is performed to determine the change points generated during CI, change points are added to the taint source set, and static analysis is conducted to calculate the distances between each basic block and the taint sources. Then, the project under test is instrumented according to the distances. During fuzz testing, testing resources are allocated based on seed coverage to test the change points effectively. Using the proposed methods, we implement CIDFuzz as a prototype tool, and experiments are conducted on four open‐source projects that use CI. Experimental results show that, compared with AFL and AFLGo, CIDFuzz can reduce the time costs of covering change points up to 39.59% and 41.64%, respectively. Also, CIDFuzz can reduce the time costs of reproducing vulnerabilities up to 34.78% and 25.55%.https://doi.org/10.1049/sfw2.12125program testingquality assurancesoftware quality |
| spellingShingle | Jiaming Zhang Zhanqi Cui Xiang Chen Huiwen Yang Liwei Zheng Jianbin Liu CIDFuzz: Fuzz testing for continuous integration IET Software program testing quality assurance software quality |
| title | CIDFuzz: Fuzz testing for continuous integration |
| title_full | CIDFuzz: Fuzz testing for continuous integration |
| title_fullStr | CIDFuzz: Fuzz testing for continuous integration |
| title_full_unstemmed | CIDFuzz: Fuzz testing for continuous integration |
| title_short | CIDFuzz: Fuzz testing for continuous integration |
| title_sort | cidfuzz fuzz testing for continuous integration |
| topic | program testing quality assurance software quality |
| url | https://doi.org/10.1049/sfw2.12125 |
| work_keys_str_mv | AT jiamingzhang cidfuzzfuzztestingforcontinuousintegration AT zhanqicui cidfuzzfuzztestingforcontinuousintegration AT xiangchen cidfuzzfuzztestingforcontinuousintegration AT huiwenyang cidfuzzfuzztestingforcontinuousintegration AT liweizheng cidfuzzfuzztestingforcontinuousintegration AT jianbinliu cidfuzzfuzztestingforcontinuousintegration |