Page 26 - 《软件学报》2025年第7期

P. 26

软件学报 ISSN 1000-9825, CODEN RUXUEW E-mail: jos@iscas.ac.cn
2025,36(7):2947−2963 [doi: 10.13328/j.cnki.jos.007333] [CSTR: 32375.14.jos.007333] http://www.jos.org.cn
©中国科学院软件研究所版权所有. Tel: +86-10-62562563

*
语义可感知的灰盒编译器模糊测试

欧先飞 1,2 , 蒋炎岩 1,2 , 许畅 1,2

1
(计算机软件新技术全国重点实验室 (南京大学), 江苏南京 210023)
2
(南京大学计算机学院, 江苏南京 210023)
通信作者: 蒋炎岩, E-mail: jyy@nju.edu.cn

摘要: 模糊测试技术在软件质量保障、软件安全测试等领域起到重要作用. 然而, 在面对编译器这样输入语义复
杂的系统时, 现有的模糊测试工具由于其变异策略中缺乏对语义的感知能力, 导致生成的程序难以通过编译器前
端检查. 提出了一种语义可感知的灰盒模糊测试方法, 旨在提高模糊测试工具在编译器测试领域的效能. 设计并实
现了一系列可保持输入语义合法性并探索上下文多样性的变异操作符, 并针对这些操作符的特点开发了高效的选
择策略. 将这些策略与传统的灰盒模糊测试工具相结合, 实现了灰盒模糊测试工具 SemaAFL. 实验结果表明, 通过
应用这些变异操作符, SemaAFL 在 GCC 和 Clang 编译器上的代码覆盖率相比 AFL++和同类工具 GrayC 提高了
约 14.5% 和 11.2%. 在为期一周的实验期间, SemaAFL 发现并报告了 6 个以前未被发现的 GCC 和 Clang 缺陷.
关键词: 编译器测试; 语义可感知的模糊测试; 灰盒模糊测试
中图法分类号: TP311

中文引用格式: 欧先飞, 蒋炎岩, 许畅. 语义可感知的灰盒编译器模糊测试. 软件学报, 2025, 36(7): 2947–2963. http://www.jos.org.
cn/1000-9825/7333.htm
英文引用格式: Ou XF, Jiang YY, Xu C. Semantic Aware Greybox Compiler Fuzz Testing. Ruan Jian Xue Bao/Journal of Software,
2025, 36(7): 2947–2963 (in Chinese). http://www.jos.org.cn/1000-9825/7333.htm
Semantic Aware Greybox Compiler Fuzz Testing

1,2
1,2
OU Xian-Fei , JIANG Yan-Yan , XU Chang 1,2
1
(State Key Laboratory for Novel Software Technology (Nanjing University), Nanjing 210023, China)
2
(School of Computer Science, Nanjing University, Nanjing 210023, China)
Abstract: Fuzz testing techniques play a significant role in software quality assurance and software security testing. However, when
dealing with systems like compilers that have complex input semantics, existing fuzz testing tools often struggle as a lack of semantic
awareness in their mutation strategies leads to the generated programs failing to pass compiler frontend checks. This study proposes a
semantically-aware greybox fuzz testing method, aiming at enhancing the efficiency of fuzz testing tools in the domain of compiler testing.
It designs and implements a series of mutation operators that can maintain input semantic validity and explore contextual diversity, and
develops efficient selection strategies according to the characteristics of these operators. The greybox fuzz testing tool SemaAFL is
developed by integrating these strategies with traditional greybox fuzz testing tools. Experimental results indicate that by applying these
mutation operators, SemaAFL achieves approximately 14.5% and 11.2% higher code coverage on GCC and Clang compilers compared to
AFL++ and similar tools like GrayC. During a week-long experimental period, six previously unknown bugs in GCC and Clang are
discovered and reported by SemaAFL.
Key words: compiler testing; semantic aware fuzz testing; greybox fuzz testing

* 基金项目: 国家重点研发计划 (2022YFB4501801); 国家自然科学基金 (62025202, 62272218); 江苏省前沿引领技术基础研究专项
(BK20202001)
本文由“新兴软件与系统的可信赖性与安全”专题特约编辑向剑文教授、陈厅教授、杨珉教授、周俊伟教授推荐.
收稿时间: 2024-08-18; 修改时间: 2024-10-15; 采用时间: 2024-11-25; jos 在线出版时间: 2024-12-10
CNKI 网络首发时间: 2025-04-21

21 22 23 24 25 26 27 28 29 30 31