[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ Skip to main content
Springer Nature Link
Log in

Crash Processing for Selection of Unique Defects

  • Published:
Programming and Computer Software Aims and scope Submit manuscript

Abstract

Nowadays, software developers often face the following problem: there is a large amount of inputs that cause the program to crash. In practice, this amount of inputs is too large to be analyzed manually in a reasonable time. This paper contains an overview and analysis of existing methods for this problem. A new method for analyzing crashes to select unique defects is proposed. The method is based on comparison of control flow graphs (CFGs). For this purpose, a special metric is introduced: the graphs are considered similar if the metric does not exceed a certain threshold, which is a filtering parameter. Information about the graphs is collected dynamically at runtime through instrumentation of the program’s binary code. The method is applicable to binary executables and does not require any debugging information. The developers, having estimated their time and effort, can significantly reduce the number of crashes to be analyzed. In addition, an effective algorithm for fixing software bugs that cause crashes is proposed. The method is implemented as part of the fuzzer developed at the Institute for System Programming of the Russian Academy of Sciences (ISP RAS) and tested on a set of programs for x86-64/Linux. The test results show that the number of crashes to be analyzed can be reduced by several times.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (United Kingdom)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1.

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

REFERENCES

  1. Liang, H., Pei, X., Jia, X., Shen, W., and Zhang, J., Fuzzing: State of the art, IEEE Trans. Reliab., 2018, vol. 67, no. 3, pp. 1199–1218.

    Article  Google Scholar 

  2. Padaryan, V.A., Kaushan, V.V., and Fedotov, A.N., Automated exploit generation for stack buffer overflow vulnerabilities, Program. Comput. Software, 2015, vol. 41, no. 6, pp. 373–380. doi 10.1134/ S0361768815060055

    Article  Google Scholar 

  3. American Fuzzy Lop. http://lcamtuf.coredump.cx/afl. Accessed September 1, 2018.

  4. Dang, Y., Wu, R., Zhang, H., Zhang, D., and Nobel, P., ReBucket: A method for clustering duplicate crash reports based on call stack similarity, 2012.

  5. Zalewski, M., Technical “whitepaper” for afl-fuzz. http://lcamtuf.coredump.cx/afl/technical_details.txt. Accessed September 1, 2018.

  6. Zalewski, M., Afl-fuzz: Crash exploration mode. http: //www.lcamtuf.blogspot.ru/2014/11/afl-fuzz-crash-exploration-mode.html. Accessed September 1, 2018.

  7. AFL crash analyzer. http://www.github.com/floyd-fuh /afl-crash-analyzer. Accessed September 1, 2018.

  8. GDB 'exploitable' plugin. http://www.github.com/ jfoote/exploitable. Accessed September 1, 2018.

  9. Petrovskii, A.B., Prostranstva mnozhestv i mul’timnozhestv (Spaces of Sets and Multisets), Moscow: Editorial URSS, 2003.

  10. DynamoRIO dynamic instrumentation tool platform. http://www.dynamorio.org. Accessed September 1, 2018.

  11. DynamoRIO API. http://www.dynamorio.org/docs. Accessed September 1, 2018.

  12. Zalewski, M., Fuzzing random programs without execve(). http://www.lcamtuf.blogspot.ru/2014/10/ fuzzing-binaries-without-execve.html. Accessed September 1, 2018.

  13. SWFTools. http://www.swftools.org. Accessed September 1, 2018.

  14. The HDF Group. http://www.hdfgroup.org. Accessed September 1, 2018.

  15. Poppler. https://poppler.freedesktop.org. Accessed September 1, 2018.

  16. Artifex Software, jbig2dec. http://www.jbig2dec.com. Accessed September 1, 2018.

  17. GitHub, Goblin. http://www.github.com/m4b/goblin. Accessed September 1, 2018.

  18. AudioCoding, FAAD2. http://www.audiocoding.com/ faad2.html. Accessed September 1, 2018.

Download references

Author information

Authors and Affiliations

  1. Institute for System Programming, Russian Academy of Sciences, ul. Solzhenitsyna 25, 109004, Moscow, Russia

    F. V. Niskov, A. N. Fedotov & Sh. F. Kurmangaleev

  2. Moscow State University, 119991, Moscow, Russia

    F. V. Niskov

Authors
  1. F. V. Niskov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. N. Fedotov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sh. F. Kurmangaleev
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to F. V. Niskov, A. N. Fedotov or Sh. F. Kurmangaleev.

Additional information

Translated by Yu. Kornienko

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Niskov, F.V., Fedotov, A.N. & Kurmangaleev, S.F. Crash Processing for Selection of Unique Defects. Program Comput Soft 44, 445–452 (2018). https://doi.org/10.1134/S0361768818060154

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1134/S0361768818060154

Key words:

Search

Navigation