1. An efficient fuzzy test method based on GPU binary code translation is characterized by comprising the following steps:

s1, initializing a relevant test case of the standard test program;

s2, generating a test case executable by the GPU binary code, and entering the step S3;

s3, inputting the generated test case into a GPU test program instance, and outputting a test result; proceeding to step S4;

s4, carrying out abnormity detection on the test result output in the step S3;

s5, judging whether the fuzzy test ending condition is met, and stopping the fuzzy test process if the fuzzy test ending condition is met; if not, the process returns to step S2.

2. The method for efficient fuzzy test based on GPU binary translation of claim 1, wherein in step S4, the method further comprises performing seed mutation on the current test case set to generate a mutated seed set.

3. The GPU-binary-code-translation-based efficient fuzzing test method according to claim 1 or 2, wherein in step S5, when the fuzzing test ending condition is not satisfied, the test case generator generates a new test case set through a new variation seed set, and performs the next test iteration.

4. The GPU binary translation-based efficient fuzz testing method according to claim 3, wherein in step S3, the GPU test program instance translates the CPU binary of the fuzz test program into the binary of the GPU PTX architecture through the CPU2GPU binary translator.

5. The GPU binary translation-based efficient fuzz testing method according to claim 4, wherein the specific translation step of the CPU2GPU binary translator comprises the following steps:

s11, compiling the CPU binary code into an intermediate representation code LLVM IR;

s12, compiling and linking the LLVM IR of the intermediate representation code into PTX binary code through an LLVM optimizing compiler.

6. The GPU binary translation-based efficient fuzz testing method according to claim 5, wherein in step S11,

the compiling the CPU binary code into the intermediate representation code LLVM IR comprises the following steps:

judging whether the CPU binary code is an active code or not;

if yes, directly obtaining an intermediate representation code LLVM IR from the source code through an LLVM translator;

if not, the CPU binary code needs to be mapped to the intermediate representation code LLVM IR through a binary translator.

Background

The fuzzy test is automatically executed by means of computer software, and the test efficiency is far higher by several orders of magnitude compared with that of people. The nature of the fuzz testing technique relies on random functions to generate random test cases, and randomness means that there are no duplicates, no predictions, and there may be unexpected inputs and results. According to the 'law of large numbers' of probability theory, as long as the repetition times of the random event are enough and the randomness is strong enough, the accidental event with extremely low probability can occur inevitably. The fuzzy test technology is a typical application of a large number law, and the hidden and deep Bug which is difficult to appear can be a necessary phenomenon due to enough test cases and randomness. It is clear that fuzz testing is very time consuming because instrumentation techniques are often required and require high throughput computing power on the device when performing fuzz testing.

Currently, most fuzz testing methods employ traditional CPU architectures or emulators, which are, however, very inefficient. Actual fuzz testing for these platforms would need to be done by a simulator or many physical devices due to the inability to access the source code of the software under test, which would be very inefficient and time consuming work, and these requirements are often impractical. The fuzz test is a problem which is very suitable for parallelization processing, thousands of test cases can be generated simultaneously through the test case generator, and the test cases can be executed in parallel through different test program examples. Theoretically, test program cases can be executed by thousands of threads, testing thousands of different inputs simultaneously, which will greatly improve the efficiency of fuzz testing.

A drawback in the prior art is that the GPU is very good at performing such parallel tasks, however, except for using a GPU-based neural network for fuzz test case generation; a large-scale fuzz test parallel execution method based on a GPU is lacked.

Disclosure of Invention

Aiming at the problem that a large-scale fuzz test parallel execution method based on a GPU (graphics processing unit) is lacked in the prior art, the invention provides an efficient fuzz test method based on GPU binary code translation.

In order to achieve the technical purpose, the technical scheme adopted by the invention is as follows:

a high-efficiency fuzzy test method based on GPU binary code translation comprises the following steps:

s1, initializing a relevant test case of the standard test program;

s2, generating a test case executable by the GPU binary code, and entering the step S3;

s3, inputting the generated test case into a GPU test program instance, and outputting a test result; proceeding to step S4;

s4, carrying out abnormity detection on the test result output in the step S3; in step S4, the exception outputs are merged into an exception result set. In step S4, the method further includes performing seed mutation on the current test case set at the same time, and generating a mutated seed set.

S5, judging whether the fuzzy test ending condition is met, and stopping the fuzzy test process if the fuzzy test ending condition is met; if not, the process returns to step S2. In step S5, when the fuzz test end condition is not satisfied, the test case generator generates a new test case set through the new variation seed set, and performs the next test iteration.

Further, in step S3, the GPU test program instance translates the CPU binary of the fuzz test program into the binary of the GPU PTX architecture through the CPU2GPU binary translator.

Further, the specific translation step of the CPU2GPU binary translator comprises:

s11, compiling the CPU binary code into an intermediate representation code LLVM IR;

s12, compiling and linking the LLVM IR of the intermediate representation code into PTX binary code through an LLVM optimizing compiler.

Further, in step S11, the CPU binary code compiling method includes two ways: firstly, when a CPU binary code has a source code, an intermediate representation code LLVM IR is directly obtained from the source code through an LLVM translator; second, when only the CPU binary code is available, the CPU binary code needs to be mapped to the middle representation code LLVM IR by the binary code translator.

Further, the CPU2GPU binary translator component comprises a test program source code, a translator, an intermediate representation code IR, a binary translator, and an optimization compiler;

the test program source code is a software program source code;

a translator that uses different translators for different source codes;

the intermediate representation code IR translates the source code into LLVM IR code through different translators;

a binary translator for translating the test program CPU binary code into an intermediate representation code IR;

and the optimizing compiler is used for optimizing and compiling the intermediate representation code IR into a binary code suitable for the GPU architecture, and realizes the scheduling and isolation of the GPU binary code thread instance and the corresponding memory management optimization by adopting an LLVM optimizer and an LLVM back-end compiler.

Further, in step S2, a test case generator is used to generate a plurality of different test cases at a time.

Further, each test case is input to an independent GPU tester thread instance, and a related test result is obtained.

Compared with the prior art, the invention has the following beneficial effects:

1. the method has the advantages that the binary translation technology is fully utilized to realize the production of GPU execution codes, the address space management mechanism of the GPU is realized to realize the memory isolation of GPU parallel codes, and the multi-input case parallel scheduling of the fuzzy test is realized;

2. the fuzzy producer through fuzzy testing provides a large number of randomized inputs to the target program, and the realization of these large numbers of randomized inputs each input can be performed independently of the others.

Drawings

FIG. 1 is a flowchart of an efficient fuzzy test method based on GPU binary translation according to the present invention;

FIG. 2 is a basic flowchart of an efficient fuzzy test method based on GPU binary translation according to the present invention;

FIG. 3 is a flowchart of a GPU binary translation framework of the present invention.

Detailed Description

In order to facilitate understanding of those skilled in the art, the present invention will be further described with reference to the following examples and drawings, which are not intended to limit the present invention.

Example 1

As shown in fig. 1, an efficient fuzzy test method based on GPU binary translation includes the steps of:

s1, initializing a relevant test case of the standard test program;

s2, generating a test case executable by the GPU binary code, and entering the step S3; in step S2, a plurality of different test cases are generated at a time using the test case generator. Each test case is input into an independent GPU test program thread instance, and a relevant test result is obtained.

S3, inputting the generated test case into a GPU test program instance, and outputting a test result; proceeding to step S4; in step S3, the GPU test program instance translates the CPU binary of the fuzz test program into the binary of the GPU PTX architecture by the CPU2GPU binary translator.

S4, carrying out abnormity detection on the test result output in the step S3; in step S4, the exception outputs are merged into an exception result set. And meanwhile, carrying out seed mutation aiming at the current test case set to produce a mutated seed set.

S5, judging whether the fuzzy test ending condition is met, and stopping the fuzzy test process if the fuzzy test ending condition is met; if not, the process returns to step S2. And when the fuzzy test ending condition is not met, the test case generator produces a new test case set through the new variation seed set, and the next test iteration is carried out.

Example 2

As shown in fig. 1 and 2, an efficient fuzz testing method based on GPU binary translation includes the steps of:

s1, initializing a relevant test case of the standard test program;

s2, generating a test case executable by the GPU binary code, and entering the step S3; in step S2, a plurality of different test cases are generated at a time using the test case generator. Each test case is input into an independent GPU test program thread instance, and a relevant test result is obtained.

S3, inputting the generated test case into a GPU test program instance, and outputting a test result; proceeding to step S4; in step S3, the GPU test program instance translates the CPU binary of the fuzz test program into the binary of the GPU PTX architecture by the CPU2GPU binary translator. The GPU binary code is not limited to the PTX architecture, as long as the LLVM supports a GPU such as an RTX architecture.

The specific translation steps of the CPU2GPU binary code translator comprise:

s11, compiling the CPU binary code into an intermediate representation code LLVM IR;

s12, compiling and linking the LLVM IR of the intermediate representation code into PTX binary code through an LLVM optimizing compiler.

In step S11, the CPU binary code compiling method includes two types: firstly, when a CPU binary code has a source code, an intermediate representation code LLVM IR is directly obtained from the source code through an LLVM translator; second, when only the CPU binary code is available, the CPU binary code needs to be mapped to the middle representation code LLVM IR by the binary code translator.

The CPU2GPU binary code translator component comprises a test program source code, a translator, an intermediate representation code IR, a binary translator and an optimization compiler;

the test program source code is a software program source code; program source code such as C/C + +/go/rush may be enabled.

A translator that uses different translators for different source codes; such as Clang translating C/C + + source code to LLVM IR code, Gollvm translating go source code to LLVM IR code, rustc translating run source code to LLVM IR code, etc.

The intermediate representation code IR translates the source code into LLVM IR code through different translators;

the binary translator translates the binary code of the test program CPU into an intermediate representation code IR because of the passive code; the component is to translate the CPU binary code into the intermediate representation code IR (such as LLVM IR code). There are many tools that can implement binary machine code promotion into LLVM bit code tools, such as reminil, McSema, dagger, LLVM-mcull, retdec, reopt, rev.ng, bin2LLVM, fcd, RevGen, frame, libbeuty, and so on.

And the optimizing compiler is used for optimizing and compiling the intermediate representation code IR into a binary code suitable for the GPU architecture, and realizes the scheduling and isolation of the GPU binary code thread instance and the corresponding memory management optimization by adopting an LLVM optimizer and an LLVM back-end compiler.

S4, carrying out abnormity detection on the test result output in the step S3; in step S4, the exception outputs are merged into an exception result set. And meanwhile, carrying out seed mutation aiming at the current test case set to produce a mutated seed set.

S5, judging whether the fuzzy test ending condition is met, and stopping the fuzzy test process if the fuzzy test ending condition is met; if not, the process returns to step S2. And when the fuzzy test ending condition is not met, the test case generator produces a new test case set through the new variation seed set, and the next test iteration is carried out.

Since the CPU binary code program runs in the architecture of x86/aarch64/amd64, the NVIDIA GPU uses the PTX (Parallel Thread eXecution, RTX) instruction set architecture. Therefore, we cannot directly execute the binary file we want to blur test in the GPU environment. The solution is of two kinds:

the method comprises the following steps: an embedded CPU simulator is developed based on the GPU. However, developing a CPU simulator for the GPU is costly and has poor performance.

The second method comprises the following steps: the x86/aarch64/amd64 binary code of the CPU is translated into the PTX binary code of the GPU. So that they can be executed directly on the GPU without emulation processing.

And implementing a CPU2GPU binary translator, and translating the CPU binary of the fuzzy test program into the binary of the GPU PTX architecture through the translator. A binary code test program of a PTX framework is dispatched in parallel by starting a plurality of thread instances in a GPU, thousands of parallel thread instances of a fuzzy test program are realized, and one test iteration is completed by inputting different test instances and carrying out anomaly detection. And generating a plurality of test case sets through seed variation iteration, realizing repeated iteration fuzzy test, and ending the fuzzy test process until a preset fuzzy test ending condition.

Since the fuzz testing is a CPU-based binary executable program, the binary code of the program under test cannot be run directly on the GPU because running code on the GPU is very different from running code on the CPU.

First, the GPU and CPU are based on different architectures and instruction sets, resulting in the GPU not being able to directly execute instructions of architectures such as x 86/aach 64. However, the fuzz testing can only be performed based on binary codes, and how to generate and run the GPU assembly codes based on the binary codes becomes a problem.

Second, the GPU has no operating system. The traditional parallelized Fuzzer needs to start multiple processes and requires that different inputs can be processed separately without interfering with other processes, that is, if one input causes one process to crash, other processes must not be affected. However, since the GPU does not have the concept of process and address space isolation, any memory problem can cause the entire Fuzzer to crash, and how to implement a parallel instance of the GPU fuzz tester becomes another challenge.

In addition, the GPU cannot respond to the system call, that is, the GPU program cannot perform operations such as opening a file, using a network, and the like. Therefore, the GPU needs to emulate the system call or relay it through the CPU to the host operating system for execution, which will impact the GPU system response efficiency.

And finally, the GPU adopts a complex memory management mechanism. Because the GPU has a very complicated memory hierarchical structure and a plurality of different types of memories, and each type of memory has different usability and performance; the performance of the GPU is highly dependent on the access mode of the memory, such as controlling when and how threads access the memory, which is critical to performance. Furthermore, the memory capacity of the GPU is limited, which makes it more difficult to correctly manage the memory layout and access patterns. Having 16GB of device memory may sound impressive, but dividing it into thousands of execution threads, each thread has negligible KB of memory space.

Compared with the prior art, the invention has the following beneficial effects:

1. the method has the advantages that the binary translation technology is fully utilized to realize the production of GPU execution codes, the address space management mechanism of the GPU is realized to realize the memory isolation of GPU parallel codes, and the multi-input case parallel scheduling of the fuzzy test is realized;

2. the fuzzy producer through fuzzy testing provides a large number of randomized inputs to the target program, and the realization of these large numbers of randomized inputs each input can be performed independently of the others.

The efficient fuzzy test method based on the GPU binary code translation provided by the application is described in detail above. The description of the specific embodiments is only intended to facilitate an understanding of the methods of the present application and their core concepts. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.