Hydra is the First Fuzzing Framework to Find Any File System Bug
Thursday November 7 2019
2019年11月7日星期四
Georgia Tech researchers have developed a new tool that can find one of the most challenging types of bug.
乔治亚理工学院的研究人员开发了一种新的工具,可以发现最具挑战性的一种缺陷。
Called Hydra, the framework provides building blocks for file system fuzzers to find semantic errors, helping developers save time. Using Hydra, the researchers have found 155 new bugs in Linux file systems.
称为Hydra,该框架为文件系统模糊器提供构建块以查找语义错误,帮助开发人员节省时间。使用Hydra,研究人员在Linux文件系统中发现了155个新的错误。
“The name Hydra comes from the Greek mythological monster that has multiple heads because our approach brings multiple bug checkers into a unified framework, enabling the testing of multiple aspects of file systems,” said School of Computer Science (SCS) Ph.D. student Seulbae Kim.
计算机科学学院(SCS)博士生Seulbae Kim说:“Hydra这个名字来自希腊神话中的怪物,它有多个头部,因为我们的方法将多个错误检查程序纳入一个统一的框架中,从而能够测试文件系统的多个方面。”。
Finding Semantic Bugs
查找语义错误
File systems are the center of any operating systems. Yet as they grow larger, the potential for bugs only increases. Bugs can cause chaos for users, from unwanted reboots to corruption of an entire system — not to mention security vulnerabilities.
文件系统是所有操作系统的中心。然而,随着它们变得越来越大,出现虫子的可能性只会增加。错误会给用户带来混乱,从不需要的重新启动到整个系统的损坏,更不用说安全漏洞了。
Eliminating bugs individually is nearly impossible, so developers often rely on fuzzing to expedite the process. The generalized automatic software testing technique injects mutated inputs to discover bugs and test how robust the system is. Typically, fuzzing is only designed for detecting memory errors, but the researchers wanted to tackle a more challenging category, semantic bugs.
单独消除bug几乎是不可能的,因此开发人员通常依赖于模糊处理来加快进程。广义的自动软件测试技术注入变异的输入来发现错误并测试系统的健壮性。通常情况下,模糊仅仅是为了检测记忆错误而设计的,但是研究人员想要解决一个更具挑战性的范畴,语义错误。
Sematic bugs come in many forms, from violating main properties of the system like crash safety to the developers’ incorrect assumptions. Each issue often requires a specialized checker to find the bug. Yet, all semantic bugs have one thing in common: Their failure does not register in the kernel in the same way memory bugs do. Their undetectable nature means previous fuzzers can’t be used out of the box.
语义错误有多种形式,从违反系统的主要属性(如崩溃安全)到开发人员的错误假设。每个问题通常都需要一个专门的检查程序来查找错误。然而,所有的语义错误都有一个共同点:它们的失败不会像内存错误那样在内核中注册。它们的不可探测性意味着以前的绒毛不能在盒子外使用。
“Semantic bugs do not explicitly manifest themselves,” Kim said. “They are silent. The effects are often internal and only revealed upon some special condition.”
“语义错误并没有明确地表现出来,”Kim说。“他们是沉默的。这种影响往往是内在的,只有在某些特殊情况下才会显现出来。”;
Expanding Fuzzing
扩展模糊
Hydra enables plugged-in bug checkers to work on their own while offloading file system checking to Hydra. This helps eliminate any type of file system bugs, including three common types:
Hydra允许插入式错误检查程序在将文件系统检查卸载到Hydra时自行工作。这有助于消除任何类型的文件系统错误,包括三种常见类型:
·Crash inconsistency, when a file system fails to recover to a correct state after a crash
崩溃不一致,当文件系统在崩溃后无法恢复到正确的状态时
·Specification violation (often known as POSIX standards), when the file system’s behavior does not conform to the specifications of how it should behave
规范冲突(通常称为POSIX标准),当文件系统的行为不符合其应如何行为的规范时
·Logic bugs, when bugs are specific to a file system’s implementation of an algorithm or an invalid assumption
逻辑错误,当错误特定于文件系统的算法实现或无效假设时
[RELATED CONTENT: Janus Finds More Bugs in File Systems than any Fuzzer]
[相关内容:Janus在文件系统中发现的bug比任何Fuzzer都多]
Building from the researchers’ prior work with the fuzzer Janus, Hydra provides common tools developers need to debug a file system, including:
在研究人员先前与fuzzer Janus合作的基础上,Hydra提供了开发人员调试文件系统所需的通用工具,包括:
·Input mutator to generate test cases that are likely to trigger bugs
输入mutator以生成可能触发错误的测试用例
· libOS-based executor that executes the test case against targeted file system and runs plugged-in bug checkers
基于libOS的执行器,针对目标文件系统执行测试用例并运行插入的错误检查程序
· Feedback engines that summarize the effects of test cases and determine if they are effective enough to further mutate
反馈引擎,总结测试用例的效果,并确定它们是否足够有效以进一步变异
·Bug reproducer with a test case minimizer that automatically verifies the reported test cases and reduces the size of the test case, respectively
带有一个测试用例最小化器的Bug复制器,它可以自动验证报告的测试用例,并分别减小测试用例的大小
“With these jobs offloaded, a developer now can only focus on writing a reliable bug checker (if it does not already exist) for the bug type he or she is interested in finding,” Kim said.
Kim说:“随着这些任务的卸载,开发人员现在只能专注于编写一个可靠的bug检查程序(如果它还不存在),因为他或她对发现的bug类型感兴趣。
Kim presented the work at ACM Symposium on Operating Systems Principles (SOSP) in Huntsville, Ontario, Canada from Oct. 27 to 30. He co-wrote the paper, Finding Semantic Bugs in File Systems with an Extensible Fuzzing Framework with SCS Ph.D. students Meng Xu, Sanidhya Kashyap, Jungyeon Yoon, and Wen Xu, and SCS Associate Professor Taesoo Kim.
10月27日至30日,Kim在加拿大安大略省亨茨维尔举行的ACM操作系统原理研讨会(SOSP)上介绍了这项工作。他与SCS博士生Meng Xu、Sanidhya Kashyap、Jungyeon Yoon和Wen Xu以及SCS副教授Taesoo Kim共同撰写了这篇论文,发现了具有可扩展模糊框架的文件系统中的语义错误。
如需进一步了解,或有任何相关疑问,欢迎在线咨询留学专家。如果您对自己是否适合留学还有疑虑,欢迎参与前途出国免费评估,以便给您进行准确定位。
官方小程序
官方公众号
官方微博
百家号
在线时间:7*24小时
