NEB-San: 全自動錯誤導向斷言生成插入器

邱健榮; Chien-Jung Chiu

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/87729

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	林宗男	zh_TW
dc.contributor.advisor	Tsung-Nan Lin	en
dc.contributor.author	邱健榮	zh_TW
dc.contributor.author	Chien-Jung Chiu	en
dc.date.accessioned	2023-07-19T16:09:29Z	-
dc.date.available	2024-02-27	-
dc.date.copyright	2023-07-19	-
dc.date.issued	2022	-
dc.date.submitted	2023-05-01	-
dc.identifier.citation	[1] M. Baiju. Selenium with python. [2] M. Barton, J. Dickinson, G. Holt, G. Lange, J. Payne, W. Reese, and C. Thier. Openstack swift is a distributed object storage system designed to scale from a single machine to thousands of servers. [3] M. Barton, J. Dickinson, G. Holt, G. Lange, J. Payne, W. Reese, and C. Thier. swift v1.6.0. [4] J. Bell and G. Kaiser. Unit test virtualization with vmvm. In Proceedings of the 36th International Conference on Software Engineering, pages 550–561, 2014. [5] H. Chen, Y. Xue, Y. Li, B. Chen, X. Xie, X. Wu, and Y. Liu. Hawkeye: Towards a desired directed grey-box fuzzer. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS ’18, page 2095–2108, New York, NY, USA, 2018. Association for Computing Machinery. [6] C. J. Chiu. Cwe-sanitizer (implement of neb-san in python). [7] C. J. Chiu. insert 43 no-exception bugs into tensorflow. [8] CLASP. Cwe-502, deserialization of untrusted data. [9] D. Cramer and et al. getsentry, sentry. [10] C. Dan and et al. Appium python-client, 2022. [11] R. Data. w3schools python introduction, 2022. [12] F. Duchene, S. Rawat, J.-L. Richier, and R. Groz. Kameleonfuzz: Evolutionary fuzzing for black-box xss detection. In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, CODASPY ’14, page 37–48, New York, NY, USA, 2014. Association for Computing Machinery. [13] S. Gatlan. Taiwanese apple and tesla contractor hit by conti ransomware. [14] Google. Google atheris. [15] B. T. Google. Tensorflow for machine learning. [16] P. Hamill. Unit test frameworks: tools for high-quality software development. ”O’Reilly Media, Inc.”, 2004. [17] A. Holovaty and S. Willison. Django web development framework. [18] P. Jansen. Tiobe index for march 2022. [19] S. Y. Kim, S. Lee, I. Yun, W. Xu, B. Lee, Y. Yun, and T. Kim. {CAB-Fuzz}: Practical concolic testing techniques for {COTS} operating systems. In 2017 USENIX Annual Technical Conference (USENIX ATC 17), pages 689–701, 2017. [20] S. Krahmer. Cve-2012-4406, openstack object storage (swift) before 1.7.0 uses the loads function in the pickle python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. [21] H. Krekel and et al. pytest: helps you write better programs. [22] C. Lattner and V. Adve. Llvm: a compilation framework for lifelong program analysis & transformation. In International Symposium on Code Generation and Optimization, 2004. CGO 2004., pages 75–86, 2004. [23] Levin. Python user’s guide for staf version 3, 2022. [24] B. Li, C. Vendome, M. Linares-Vásquez, D. Poshyvanyk, and N. A. Kraft. Automatically documenting unit test cases. In 2016 IEEE international conference on software testing, verification and validation (ICST), pages 341–352. IEEE, 2016. [25] Y. Li, S. Ji, C. Lyu, Y. Chen, J. Chen, Q. Gu, C. Wu, and R. Beyah. V-fuzz: Vulnerability prediction-assisted evolutionary fuzzing for binary programs. IEEE Transactions on Cybernetics, pages 1–12, 2020. [26] F. Lundh. python-pillow, pillow. [27] V. M. Manes, H. Han, C. Han, S. Cha, M. Egele, E. J. Schwartz, and M. Woo. The art, science, and engineering of fuzzing: A survey. IEEE Transactions on Software Engineering, 47(11):2312–2331, nov 2021. [28] R. A. Martin and S. Barnum. Common weakness enumeration (cwe) status update. Ada Lett., XXVIII(1):88–91, apr 2008. [29] B. P. Miller, L. Fredriksen, and B. So. An empirical study of the reliability of UNIX utilities. Communications of the ACM, 33(12):32–44, 1990. [30] MITRE. Floating point comparison with incorrect operator. [31] MITRE. Common vulnerabilities and exposures, 2022. [32] S. Montanaro. Why is python a dynamic language and also a strongly typed language? [33] G. J. Myers, C. Sandler, and T. Badgett. The art ofsoftware testing. Wiley Publishing, 2011. [34] A. Pajankar. Python unittest, 2022. [35] A. Paszke, S. Gross, S. Ghintala, and et al. Pytorch for machine learning. [36] pcarbonn. Pypl popularity of programming language. [37] PLOVER. Improper neutralization of directives in dynamically evaluated code (’eval injection’). [38] Python. cprofile provides deterministic profiling of python programs. [39] S. Ramírez. tiangolo, fastapi. [40] M. Rash. A collection of vulnerabilities discovered by the afl fuzzer. [41] S. Rawat, V. Jain, A. Kumar, L. Cojocar, C. Giuffrida, and H. Bos. Vuzzer: Application-aware evolutionary fuzzing. In NDSS, volume 17, pages 1–14, 2017. [42] G. Rodola. psutil is a cross-platform library for retrieving information on running processes and system utilization (cpu, memory, disks, network, sensors) in python. [43] A. Ronacher. Flask micro-framework. [44] V. Rossum. What’s new in python 3.8. [45] A. Silbert. Common weakness enumeration. [46] K. Taneja and T. Xie. Diffgen: Automated regression unit-test generation. In 2008 23rd IEEE/ACM International Conference on Automated Software Engineering, pages 407–410. IEEE, 2008. [47] C. Wang, F. He, X. Song, Y. Jiang, M. Gu, and J. Sun. Assertion recommendation for formal program verification. In 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC), volume 1, pages 154–159, 2017. [48] C. Wang, Y. Jiang, X. Zhao, X. Song, M. Gu, and J. Sun. Weak-assert: A weakness-oriented assertion recommendation toolkit for program analysis. In 2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion), pages 69–72, 2018. [49] C. Wang, L. Kang, R. Zhang, and W. Yin. Statically-directed assertion recommendation for c programs. In 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), volume 1, pages 1–10, 2019. [50] C. Wang, H. Sun, Y. Xu, Y. Jiang, H. Zhang, and M. Gu. Go-sanitizer: Bug-oriented assertion generation for golang. In 2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pages 36–41, 2019. [51] B. Yadav. Fake third-party python libraries are stealing information, is python’s popularity in danger? [52] M. Zalewski. M. zalewski, american fuzzy lop. [53] H. Zhu, P. A. V. Hall, and J. H. R. May. Software unit test coverage and adequacy. ACM Comput. Surv., 29(4):366–427, dec 1997.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/87729	-
dc.description.abstract	我們傳統上，會透過單元測試、模糊測試等方式來尋找程式的錯誤。單元測試擅於發現預定義問題；模糊測試擅長透過隨機產生的輸入值來快速執行程式，進而找到程式發生例外的問題。然而，若開發人員若沒有在單元測試預想到該測項，或者是在模糊測試時錯誤並非是透過發生例外的方式拋出，這類的程式問題很難被發現。曾經有個工具Go-Sanitizer被提出，並且在Go語言發現這種無例外的問題。然而，在使用工具中有個"Candidate Pick"階段，用戶必須選擇欲插入的斷言並且插入程式碼，但是若用戶不熟悉該產品、Go語言或邏輯，可能會使得插入過程中將語句插入到錯誤的位置或縮排，進而導致非預期的結果，甚至有機會造成程式無法執行。為了解決這個問題，我們提出了一個演算法名叫NEB-San，將找尋和生成斷言和插入到正確位置與縮排全部自動化。在這項研究中，我們將原始碼解析成抽象語法樹(AST)，然後我們根據CWE來定義出匹配標準，用來發現這類問題的準確位置，然後我們再透過抽象語法樹產生斷言節點來反插入到原始抽象語法樹的正確位置並且反轉回程式碼，進而達到所插入的斷言必定在正確的位置以及縮排。我們利用這個想法實現在Python語言中，並提出了一個工具名叫CWE-Sanitizer，這是在Python中的第一個面向錯誤的斷言生成器，他可以全自動生成並且插入斷言到原始碼中來發現這類部拋出例外的錯誤，進而幫助原本傳統的測試技術來透過這些斷言來定位這些錯誤的位置。	zh_TW
dc.description.abstract	Traditionally, we pursue program defects via standard techniques such as unit tests or fuzzing tests. Unit test is talented at discovering predefined defects; fuzzing test is proficient at locating crashing or hanging by executing the program with haphazardly spawned inputs. Nevertheless, some program defects cannot or scarcely be discovered by the classic methods if developers do not think up this scenario, or the execution will not trigger any crash. To find the defects which would not trigger crashes, Go-Sanitizer is proposed to uncover such defects in Golang projects. In the "Candidate Pick" stage of the tool, the user must pick which assertion wants to insert. However, if the user is exotic with this product / Go language or logic, the insertion may be positioned mistakenly or invalid. To unravel this issue, we present an algorithm named NEB-San, endeavoring to generate and insert each assertion statement into the correct place and indentation. In this study, we parse the source code to an abstract syntax tree (AST). Then we demarcate the Matching Criteria based on the CWE to uncover the accurate position of the defect, and then we instrument the code by adding the assertion node to the AST and reverting to code. If we need to check some precondition before the assertion, such as variable type inspection, we wrap the if node beyond the assertion node. We utilize this idea and implement it into Python language. We propose a tool named CWE-Sanitizer, the first bug-oriented assertion generator in Python. It can uncover no-exception defects by automatically generating and inserting the assertion into the original code, allowing traditional testing methods to locate defects by these assertions.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-07-19T16:09:29Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2023-07-19T16:09:29Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	Verification Letter from the Oral Examination Commitee ... i Acknowledgements ... iii 摘要 ... v Abstract ... vii Contents ... ix List of Figures ... xiii List of Tables ... xvii Chapter 1 Introduction ... 1 1.1 Two Well-Known Software Testing Techniques ... 1 1.2 Rise and Prominence of Python Language ... 1 1.3 The Security of Python Application is Getting Important ... 2 1.4 Use Traditional Ways to Manage the Bug-Finding ... 2 1.5 Bugs Cannot Be Found by Traditional Ways ... 2 1.6 No-Exception Bug Definition ... 3 1.7 Introduction of CWE ... 5 1.8 Why Must CWE be Fixed ... 5 1.9 Solution Proposed by Other Paper ... 6 1.10 Challenges For the Improvement ... 7 1.11 Proposed Algorithm: NEB-San ... 8 1.12 Proof of Concept in Python: CWE-Sanitizer ... 9 1.13 The structure of this thesis ... 10 Chapter 2 Preliminary Background ... 13 2.1 Software Testing ... 13 2.2 Unit Test ... 13 2.3 Fuzzing Test ... 14 2.4 The Limitation of Traditional Testing Techniques ... 14 2.5 Assertion Generation ... 15 2.6 Differences from Go-Sanitizer ... 16 Chapter 3 No-Exception Bug Sanitizer (NEB-San) Methodology ... 17 3.1 Objective ... 17 3.2 The Matching Criteria Design ... 18 3.3 Code Instrumentation Challenges ... 24 3.4 The Type Check Challenge (for Strongly Typed and Dynamically Typed Programming Languages only) ... 25 3.5 Introduction of Abstract Syntax Tree ... 26 3.6 NEB-San: Use AST and Matching Criteria to Find No-Exception Bugs and Insert Assertion Statements ... 29 3.6.1 Use AST to Solve the Challenge of Correct Position ... 32 3.6.2 Use AST to Solve the Challenge of Correct Indentations ... 33 3.6.3 Use AST to Solve the Challenge of Variable Type Checking ... 35 3.6.4 The Algorithm of NEB-San ... 36 3.6.4 The Overall Flow of NEB-San ... 39 3.7 The Time and Memory Complexity of NEB-San ...40 Chapter 4 Performance Evaluation of NEB-San ... 43 4.1 Experimental Setup ... 43 4.2 Checkers ... 44 4.3 Real-World Data Set ... 44 4.4 Experiment Results ... 46 4.4.1 Q1: Is finding bugs and inserting assertions by NEB-San Effective and correct? ... 46 4.4.2 Q2: How is the performance of NEB-San? ... 49 Chapter 5 CWE-Sanitizer Design ... 53 5.1 Purpose and Thoughtful Design ... 53 5.2 Overall Framework of CWE-Sanitizer ... 54 5.3 The Granularity Design ... 55 5.4 The Scanning Report ... 56 Chapter 6 Evaluation of CWE-Sanitizer ... 59 6.1 Experiment Setup ... 59 6.2 Checkers ... 60 6.3 Experiment Results ... 60 6.3.1 Q1: Can the granularity design help to save time? ... 60 6.3.2 Q2: Can CWE-Sanitizer help find the no-exception bugs in a real-world project? ... 62 Chapter 7 Conclusion ... 65 References ... 67 Appendix A -- Report ... 73 A.1 The Scanning Report of Swift-1.6.0 ... 73	-
dc.language.iso	en	-
dc.subject	Python	zh_TW
dc.subject	錯誤偵測	zh_TW
dc.subject	斷言生成	zh_TW
dc.subject	CWE	zh_TW
dc.subject	程式診斷	zh_TW
dc.subject	program diagnostics	en
dc.subject	Python	en
dc.subject	bug detection	en
dc.subject	assertion generation	en
dc.subject	CWE	en
dc.title	NEB-San: 全自動錯誤導向斷言生成插入器	zh_TW
dc.title	NEB-San: Fully Automatically Generate and Insert Assertion for Bug-Oriented Sanitizer	en
dc.type	Thesis	-
dc.date.schoolyear	111-2	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	陳俊良;鄧惟中;沈上翔	zh_TW
dc.contributor.oralexamcommittee	Jiann-Liang Chen;Wei-Chung Teng;Shan-Hsiang Shen	en
dc.subject.keyword	Python,錯誤偵測,斷言生成,CWE,程式診斷,	zh_TW
dc.subject.keyword	Python,bug detection,assertion generation,CWE,program diagnostics,	en
dc.relation.page	73	-
dc.identifier.doi	10.6342/NTU202300750	-
dc.rights.note	未授權	-
dc.date.accepted	2023-05-02	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	電信工程學研究所	-
顯示於系所單位：	電信工程學研究所

文件中的檔案：

檔案	大小	格式
ntu-111-2.pdf 未授權公開取用	11.6 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。