计算机科学技术学报 ›› 2022,Vol. 37 ›› Issue (1): 50-66.doi: 10.1007/s11390-021-1693-1

所属专题: Software Systems

• • 上一篇    下一篇

软件动态更新中对象转换函数的自动测试

  

  • 收稿日期:2021-06-08 修回日期:2022-01-03 接受日期:2022-01-10 出版日期:2022-01-28 发布日期:2022-01-28

TOAST: Automated Testing of Object Transformers in Dynamic Software Updates

Ze-Lin Zhao (赵泽林), Student Member, CCF, ACM, Di Huang (黄頔), and Xiao-Xing Ma* (马晓星), Member, CCF, ACM        

  1. State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210023, China
  • Received:2021-06-08 Revised:2022-01-03 Accepted:2022-01-10 Online:2022-01-28 Published:2022-01-28
  • Contact: Xiao-Xing Ma E-mail:xxm@nju.edu.cn
  • About author:Xiao-Xing Ma received his Ph.D. degree in computer science and technology from Nanjing University, Nanjing, in 2003. He is currently a professor in State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing. He is a member of CCF and ACM. His research topics include adaptive software systems, software architectures, and middleware systems and assurance of non-functional software qualities.
  • Supported by:
    This work was supported by the National Natural Science Foundation of China under Grant Nos.62025202 and 61690204.

PDF (PC)

20

补充材料

1

1、 研究背景
软件动态更新可以在软件运行时对其状态进行更新,从而无需重新启动。其中一项关键任务,就是对象状态转换,也就是将旧版本软件已创建的对象转换为语义一致的新版本对象。该任务是通过调用相应的对象转换函数来完成的。一个对象转换函数如果不能保证转换后对象符合应用逻辑和新版本程序的期待,就会导致运行错误甚至崩溃。因此开发者需要确保对象转换函数不会导致“状态不一致”或“行为不一致”的问题。但这对开发者来说是繁琐易错的任务,因而需要自动化工具的有力支持。
2、 目的(Objective)
本文研究重点,是通过自动模糊测试方法,检测对象转换函数是否会导致软件动态更新中的状态不一致和行为不一致错误。其中状态不一致是指,转换后的对象的状态与预期的新版本对象状态不一致,而行为不一致是指旧、新版本方法运行的返回值或抛出的异常不一致。这两种不一致问题,都可能导致软件不能正确地动态更新。
3、 方法(Method)
我们的方法,TOAST,通过随机生成大量的输入来驱动新旧版本软件的运行,然后动态更新旧版本软件,最后对比更新后的对象状态与新版本对象状态,判断是否存在状态不一致问题。同时,TOAST也会对比方法返回值和抛出的异常是否一致,判断是否存在行为不一致问题。此外,我们设计的状态不一致引导策略,可以使TOAST更快的探索输入空间,检测出更多导致不一致的输入。
4、 结果(Result & Findings)
我们在两个开源服务器程序的共130个更新上进行实验,验证TOAST能否检测出默认转换函数是否存在不一致问题。在状态不一致检测上,TOAST的准确率是96.0%,召回率是85.7%;在行为不一致检测上,TOAST的准确率是81.4%,召回率是94.6%。而我们的状态不一致引导策略,可以提升状态不一致检测的效率14.1%,提升行为不一致检测的效率40.5%。
5、 结论(Conclusions)
当代软件系统亟需软件动态更新技术,但该技术具有很高的挑战性。软件动态更新的质量保障是一个关键但并未得到深入探索的研究问题。本文提出的TOAST方法,可以检测Java软件动态更新是否存在状态或行为的不一致问题。我们的实验评估表明,对于广泛应用的实际服务器系统的真实更新,TOAST可以有效检测出两种不一致问题,提示这种技术具有潜在的应用价值。

关键词: 软件动态更新, 对象转换函数, 不一致检测, 模糊测试

Abstract: Dynamic software update (DSU) patches programs on the fly. It often involves the critical task of object transformation that converts live objects of the old-version program to their semantically consistent counterparts under the new-version program. This task is accomplished by invoking an object transformer on each stale object. However, a defective transformer failing to maintain consistency would cause errors or even crash the program. We propose TOAST (Test Object trAnSformaTion), an automated approach to detecting potential inconsistency caused by object transformers. TOAST first analyzes an update to identify multiple target methods and then adopts a fuzzer with specially designed inconsistency guidance to randomly generate object states to drive two versions of a target method. This creates two corresponding execution traces and a pair of old and new objects. TOAST finally performs object transformation to create a transformed object and detects inconsistency between it and the corresponding new object produced from scratch by the new program. Moreover, TOAST checks behavior inconsistency by comparing the return variables and exceptions of the two executions. Experimental evaluation on 130 updates with default transformers shows that TOAST is promising: it got 96.0% precision and 85.7% recall in state inconsistency detection, and 81.4% precision and 94.6% recall in behavior inconsistency detection. The inconsistency guidance improved the fuzzing efficiency by 14.1% for state inconsistency detection and 40.5% for behavior inconsistency detection.

Key words: object state transformer, inconsistency detection, dynamic software update (DSU), fuzzing testing

[1] Arnold J, Kaashoek M F. Ksplice: Automatic rebootless kernel updates. In Proc. the 4th ACM European Conference on Computer Systems, April 2009, pp.187-198. DOI: 10.1145/1519065.1519085.
[2] Giuffrida C, Iorgulescu C, Tanenbaum A S. Mutable checkpoint-restart: Automating live update for generic server programs. In Proc. the 15th International Middleware Conference, Dec. 2014, pp.133-144. DOI: 10.1145/2663165.2663328.
[3] Alkalai L, Tai A T. Long-life deep-space applications. IEEE Annals of the History of Computing, 1998(4): 37-38.
[4] Gregersen A R, Jørgensen B N. Dynamic update of Java applications---Balancing change flexibility vs programming transparency. Journal of Software Maintenance and Evolution: Research and Practice, 2009, 21(2): 81-112. DOI: 10.1002/smr.406.
[5] Subramanian S, Hicks M, McKinley K S. Dynamic software updates: A VM-centric approach. In Proc. the ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2009, pp.1-12. DOI: 10.1145/1542476.1542478.
[6] Lindholm T, Yellin F, Bracha G, Buckley A. The Java® Virtual Machine Specification---Java SE 8 Edition (1st edition). Addison-Wesley Professional, 2014.
[7] Gu T, Cao C, Xu C, Ma X, Zhang L, Lu J. Javelus: A low disruptive approach to dynamic software updates. In Proc. the 19th Asia-Pacific Software Engineering Conference, Dec. 2012, pp.527-536. DOI: 10.1109/APSEC.2012.55.
[8] Ferrandina F, Meyer T, Zicari R, Ferran G. Schema and database evolution in the O2 object database system. In Proc. the 21st International Conference on Very Large Data Bases, Sept. 1995, pp.170-181.
[9] Saur K, DumitraŞ T, Hicks M. Evolving NoSQL databases without downtime. In Proc. the International Conference on Software Maintenance and Evolution, Oct. 2016, pp.166-176. DOI: 10.1109/ICSME.2016.47.
[10] Kim D K, Tilevich E, Ribbens C J. Dynamic software updates for parallel high-performance applications. Concurrency and Computation: Practice and Experience, 2011, 23(4): 415-434. DOI: 10.1002/cpe.1663.
[11] Gupta D, Jalote P, Barua G. A formal framework for on-line software version change. IEEE Transactions on Software Engineering, 1996, 22(2): 120-131. DOI: 10.1109/32.485222.
[12] Neamtiu I, Hicks M, Stoyle G, Oriol M. Practical dynamic software updating for C. In Proc. the ACM SIGPLAN Conference on Programming Language Design & Implementation, June 2006, pp.72-83. DOI: 10.1145/1133981.1133991.
[13] Magill S, Hicks M, Subramanian S, McKinley K S. Automating object transformations for dynamic software updating. In Proc. the ACM International Conference on Object Oriented Programming Systems Languages and Applications, Oct. 2012, pp.265-280. DOI: 10.1145/2384616.2384636.
[14] Zhao Z, Jiang Y, Xu C, Gu T, Ma X. Synthesizing object state transformers for dynamic software updates. In Proc. the 43rd International Conference on Software Engineering, May 2021, pp.1111-1122. DOI: 10.1109/ICSE43902.2021.00103.
[15] Nahabedian L, Braberman V, D'Ippolito N, Honiden S, Kramer J, Tei K, Uchitel S. Dynamic update of discrete event controllers. IEEE Transactions on Software Engineering, 2020, 46(11): 1220-1240. DOI: 10.1109/TSE.2018.2876843.
[16] Zhao Z, Gu T, Ma X, Xu C, Lü J. CURE: Automated patch generation for dynamic software update. In Proc. the 23rd Asia-Pacific Software Engineering Conference, Dec. 2016, pp.249-256. DOI: 10.1109/APSEC.2016.043.
[17] Gu T, Ma X, Xu C, Jiang Y, Cao C, Lu J. Automating object transformations for dynamic software updating via online ution synthesis. In Proc. the 32nd European Conference on Object-Oriented Programming, July 2018, Article No.19. DOI: 10.4230/LIPIcs.ECOOP.2018.19.
[18] Hayden C M, Hardisty E A, Hicks M, Foster J S. Efficient systematic testing for dynamically updatable software. In Proc. the 2nd International Workshop on Hot Topics in Software Upgrades, Oct. 2009, Article No.9. DOI: 10.1145/1656437.1656449.
[19] Pina L, Veiga L, Hicks M. Rubah: DSU for Java on a stock JVM. In Proc. the 2014 International Conference on Object Oriented Programming Systems Languages Applications, Oct. 2014, pp.103-119. DOI: 10.1145/2660193.2660220.
[20] Pina L, Hicks M. Tedsuto: A general framework for testing dynamic software updates. In Proc. the 2016 IEEE International Conference on Software Testing, Verification and Validation, April 2016, pp.278-287. DOI: 10.1109/ICST.2016.27.
[21] Padhye R, Lemieux C, Sen K. JQF: Coverage-guided property-based testing in Java. In Proc. the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, July 2019, pp.398-401. DOI: 10.1145/3293882.3339002.
[22] Böhme M, Pham V T, Roychoudhury A. Coverage-based greybox fuzzing as Markov chain. IEEE Transactions on Software Engineering, 2019, 45(5): 489-506. DOI: 10.1109/TSE.2017.2785841.
[23] Padhye R, Lemieux C, Sen K, Papadakis M, Le Traon Y. Semantic fuzzing with ZEST. In Proc. the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, July 2019, pp.329-340. DOI: 10.1145/3293882.3330576.
[24] Liu X, Li X, Prajapati R, Wu D. DeepFuzz: Automatic generation of syntax valid C programs for fuzz testing. In Proc. the 33rd AAAI Conference on Artificial Intelligence, January 27-February 1, 2019, pp.1044-1051. DOI: 10.1609/aaai.v33i01.33011044.
[25] Wang C, Kang S. ADFL: An improved algorithm for American fuzzy lop in fuzz testing. In Proc. the 4th International Conference on Cloud Computing and Security, June 2018, pp.27-36. DOI: 10.1007/978-3-030-00018-9-3.
[26] Huang D, Zhao Z, Ma X. Testing for dynamic software update: An object-state-oriented approach. In Proc. the 12th Asia-Pacific Symposium on Internetware, Nov. 2020, pp.41-50. DOI: 10.1145/3457913.3457942.
[27] Altekar G, Bagrak I, Burstein P, Schultz A. OPUS: Online patches and updates for security. In Proc. the 14th Conference on USENIX Security Symposium, July 31-August 5, 2005.
[28] Hayden C M, Hardisty E A, Hicks M, Foster J S. A testing based empirical study of dynamic software update safety restrictions. Technical Report, University of Maryland, 2009. http://hdl.handle.net/1903/9802, Nov. 2021.
[29] Chiba S. Javassist---A reflection-based programming wizard for Java. In Proc. OOPSLA'98 Workshop on Reflective Programming in C++ and Java, Oct. 1998.
[30] Hosseini R, Brusilovsky P. JavaParser: A fine-grain concept indexing tool for Java problems. In Proc. the 1st Workshop on AI-Supported Education for Computer Science at the 16th International Conference on Artificial Intelligence in Education, July 2013.
[31] Qi L, Jin H, Foster I, Gawor J. HAND: Highly available dynamic deployment infrastructure for Globus toolkit 4. In Proc. the 15th EUROMICRO International Conference on Parallel, Distributed and Network-Based Processing, Feb. 2007, pp.155-162. DOI: 10.1109/PDP.2007.49.
[32] Li H, Huang B, Lu J. Dynamical evolution analysis of the object-oriented software systems. In Proc. the 2008 IEEE Congress on Evolutionary Computation, June 2008, pp.3030-3035. DOI: 10.1109/CEC.2008.4631207.
[33] Previtali S C, Gross T R. Aspect-based dynamic software updating: A model and its empirical evaluation. In Proc. the 10th International Conference on Aspect-Oriented Software Development, March 2011, pp.105-116. DOI: 10.1145/1960275.1960289.
[34] Gu T, Zhao Z, Ma X, Xu C, Cao C, Lü J. Improving reliability of dynamic software updating using runtime recovery. In Proc. the 23rd Asia-Pacific Software Engineering Conference, Dec. 2016, pp.257-264. DOI: 10.1109/APSEC.2016.044.
[35] Würthinger T, Wimmer C, Stadler L. Dynamic code evolution for Java. In Proc. the 8th International Conference on the Principles and Practice of Programming in Java, Sept. 2010, pp.10-19. DOI: 10.1145/1852761.1852764.
[1] 张根, 王鹏飞, 乐泰, 孔祥东, 周旭, 卢凯. ovAFLow:使用基于模糊测试的污点推理检测内存漏洞[J]. 计算机科学技术学报, 2022, 37(2): 405-422.
[2] 张家铭, 崔展齐, 陈翔, 吴欢欢, 郑丽伟, 刘建宾. DeltaFuzz:历史版本信息制导的模糊测试[J]. 计算机科学技术学报, 2022, 37(1): 29-49.
[3] Ling-Yun Situ, Zhi-Qiang Zuo, Le Guan, Lin-Zhang Wang, Xuan-Dong Li, Jin Shi, Peng Liu. 漏洞区域感知的灰盒模糊测试[J]. 计算机科学技术学报, 2021, 36(5): 1212-1228.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
[1] 李万学;. Almost Optimal Dynamic 2-3 Trees[J]. , 1986, 1(2): 60 -71 .
[2] 蔡自兴;. An Expert System for Robot Transfer Planning[J]. , 1988, 3(2): 153 -160 .
[3] 冯寅; 王开铸; 常雅冬; 李仲荣;. CQAES,a Chinese Question Answer Experimental System[J]. , 1988, 3(4): 317 -319 .
[4] 孙昱东; 谢志良;. Macro-Dataflow Computational Model and Its Simulation[J]. , 1990, 5(3): 289 -295 .
[5] 庄南;. Design of Quaternary ECL Q Gate[J]. , 1991, 6(1): 32 -36 .
[6] 陆汝占; 张政; 孙永强;. Construction of the Model of the Lambda Calculus System with Algebraic Operators[J]. , 1991, 6(1): 108 -112 .
[7] 刘小惠;. Processing Expertise Systematically[J]. , 1991, 6(2): 121 -134 .
[8] 王海鹰; 刘慎权;. A Domain Knowledge Driven Approach for User Interface Software Development[J]. , 1991, 6(2): 145 -152 .
[9] 林珊;. Using a Student Model to Improve Explanation in an ITS[J]. , 1992, 7(1): 92 -96 .
[10] 范仲春; 邢汉承;. DKLFRS:A Default Knowledge Logical Framework Representation System[J]. , 1992, 7(2): 136 -142 .
版权所有 © 《计算机科学技术学报》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn
总访问量: