We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
CIDFuzz: Fuzz testing for continuous integration.
- Authors
Zhang, Jiaming; Cui, Zhanqi; Chen, Xiang; Yang, Huiwen; Zheng, Liwei; Liu, Jianbin
- Abstract
As agile software development and extreme programing have become increasingly popular, continuous integration (CI) has become a widely used collaborative work method. However, it is common to make changes frequently to a project during CI. If existing testing methods are applied to CI directly, it will be difficult to make testing resources focus on changes generated by CI, which results in insufficient testing for changes. To solve this problem, we propose a fuzz testing method for CI. First, differential analysis is performed to determine the change points generated during CI, change points are added to the taint source set, and static analysis is conducted to calculate the distances between each basic block and the taint sources. Then, the project under test is instrumented according to the distances. During fuzz testing, testing resources are allocated based on seed coverage to test the change points effectively. Using the proposed methods, we implement CIDFuzz as a prototype tool, and experiments are conducted on four open‐source projects that use CI. Experimental results show that, compared with AFL and AFLGo, CIDFuzz can reduce the time costs of covering change points up to 39.59% and 41.64%, respectively. Also, CIDFuzz can reduce the time costs of reproducing vulnerabilities up to 34.78% and 25.55%.
- Subjects
TEST methods; PROBLEM solving; COMPUTER software quality control
- Publication
IET Software (Wiley-Blackwell), 2023, Vol 17, Issue 3, p301
- ISSN
1751-8806
- Publication type
Article
- DOI
10.1049/sfw2.12125