Affiliation:
1. University of Wisconsin, Madison, WI
Abstract
We report on the fourth in a series of studies on the reliability of application programs in the face of random input. Over the previous 15 years, we have studied the reliability of UNIX command line and X-Window based (GUI) applications and Windows applications. In this study, we apply our fuzz testing techniques to applications running on the Mac OS X operating system. We continue to use a simple, or even simplistic technique: unstructured black-box random testing, considering a failure to be a crash or hang. As in the previous three studies, the technique is crude but seems to be effective in locating bugs in real programs.We tested the reliability of 135 command-line UNIX utilities and thirty graphical applications on Mac OS X by feeding random input to each. We report on application failures - crashes (dumps core) or hangs (loops indefinitely) - and, where source code is available, we identify the causes of these failures and categorize them.Our testing crashed only 7% of the command-line utilities, a considerably lower rate of failure than observed in almost all cases of previous studies. We found the GUI-based applications to be less reliable: of the thirty that we tested, only eight did not crash or hang. Twenty others crashed, and two hung. These GUI results were noticeably worse than either of the previous Windows (Win32) or UNIX (X-Windows) studies.
Publisher
Association for Computing Machinery (ACM)
Reference18 articles.
1. D. Aitel "The Advantages of Block-Based Protocol Analysis for Security Testing" Immunity Inc. February 2002. http://www.immunitysec.com/downloads/advantages_of_block_bas ed_analysis.html]] D. Aitel "The Advantages of Block-Based Protocol Analysis for Security Testing" Immunity Inc. February 2002. http://www.immunitysec.com/downloads/advantages_of_block_bas ed_analysis.html]]
2. Apple Computer May 2006 http://developer.apple.com/documentation/Cocoa/Conceptual/Coco aFundamentals/WhatIsCocoa/chapter_2_section_6.html.]] Apple Computer May 2006 http://developer.apple.com/documentation/Cocoa/Conceptual/Coco aFundamentals/WhatIsCocoa/chapter_2_section_6.html.]]
3. G. J. Carrette "CRASHME: Random Input Testing" http://people.delphi.com/gjc/crashme.html 1996.]] G. J. Carrette "CRASHME: Random Input Testing" http://people.delphi.com/gjc/crashme.html 1996.]]
4. An Evaluation of Random Testing
Cited by
6 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Intrusion Detection and Network-Based Attacks;Information Security and Cryptography;2021
2. A Large-scale Parallel Fuzzing System;Proceedings of the 2nd International Conference on Advances in Image Processing - ICAIP '18;2018
3. A Conceptual Framework for the Comparison of Fully Automated GUI Testing Techniques;2015 30th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW);2015-11
4. How Effectively Does Metamorphic Testing Alleviate the Oracle Problem?;IEEE Transactions on Software Engineering;2014-01
5. Behavioral Fuzzing Operators for UML Sequence Diagrams;System Analysis and Modeling: Theory and Practice;2013