Abstract
背景:当前分布式系统分析一般都是黑盒工具,难以探索程序状态
工具:MALLORY
任务:greybox fuzzing testing distributed system
方法:timeline-driven testing, timeline abstraction
步骤:
- 动态构建描述系统行为的Lamport timelines
- 将这些timelines抽象化为happens-before summaries
- 使用summaries来执行faults guided fuzzing
实验:
数据集:a diverse set of widely-used industrial distributed systems
效果:
- 与JEPSEN对比,24小时内 + 54.27% distinct states, speed-up 2.24x, speed of finding bugs: 1.87x
- 找到22个0-day漏洞(18 confirmed, 10 new vulnerabilities), 6 CVEs。在已经被严格测试过的Braft, Dqlite和Redis上也找到了bugs。
- Distributed Fuzzing Reading System Paperdistributed fuzzing reading system reading forest paper deep questions research reading paper adaptive reading neural paper reading paper mapf note distributed hadoop system hdfs reading paper博客 distributed application system and fuzzing directed greybox fuzzing