Automatic Testing for Robustness Violations
Publikation: Beitrag in Buch/Konferenzbericht/Sammelband/Gutachten › Beitrag in Buch/Sammelband/Gutachten › Beigetragen › Begutachtung
Beitragende
Abstract
As our reliance on computers increases, so does the need
for robust software. Previous studies have shown that many
C libraries exhibit robustness problems due to exceptional
inputs. This paper describes the HEALERS system that uses
an automated approach to increasing the robustness of C li-
braries without source code access. The system extracts the
C type information for a shared library using header files
and manual pages. Then it generates for each global func-
tion a fault-injector to determine a “robust” argument type
for each argument. Based on this information and option-
ally, some manual editing, the system generates a robust-
ness wrapper that performs careful argument checking be-
fore invoking C library functions. A robustness evaluation
using Ballista tests has shown that our wrapper can prevent
crash, hang, and abort failures. Moreover, the wrapper gen-
eration process is highly automated and can easily adapt to
new library releases.
for robust software. Previous studies have shown that many
C libraries exhibit robustness problems due to exceptional
inputs. This paper describes the HEALERS system that uses
an automated approach to increasing the robustness of C li-
braries without source code access. The system extracts the
C type information for a shared library using header files
and manual pages. Then it generates for each global func-
tion a fault-injector to determine a “robust” argument type
for each argument. Based on this information and option-
ally, some manual editing, the system generates a robust-
ness wrapper that performs careful argument checking be-
fore invoking C library functions. A robustness evaluation
using Ballista tests has shown that our wrapper can prevent
crash, hang, and abort failures. Moreover, the wrapper gen-
eration process is highly automated and can easily adapt to
new library releases.
Details
Originalsprache | Englisch |
---|---|
Titel | Testing Commercial-off-the-Shelf Components and Systems |
Seitenumfang | 10 |
Publikationsstatus | Veröffentlicht - 2005 |
Peer-Review-Status | Ja |
Externe IDs
Scopus | 84891385276 |
---|
Schlagworte
Forschungsprofillinien der TU Dresden
DFG-Fachsystematik nach Fachkollegium
Schlagwörter
- Automatic Test, Test Case Generator, Library Function, Programming Error, Security Vulnerability