Analysis And Optimization Research On Initial Seeds Of Squirrel

In recent years,fuzz testing is a hot topic in academia and industrial community.It is used to verify software bugs and find security vulnerabilities.Squirrel is a fuzzing framework for testing database management systems.It improved the syntactic validity and semantic validity by syntax-preserving mutation and semantics-guided instantiation.It is effective for finding memory-related bugs in database management systems.But its efficiency is affected by initial seeds significantly.Optimizing initial seeds can improve the fuzzing efficiency of Squirrel.In summary,this thesis makes the following contributions:Firstly,in this thesis,an algorithm is proposed to calculate the similarity in grammar bases on the string edit distance.Obtain the grammatical sequence of Structured Query Language(SQL)texts in the string form.Then calculate the edit distance between grammatical sequences with the Levenshtein distance algorithm.Measure the similarity in grammar of SQL texts with the distance.The greater the distance,the lower the similarity in grammar.Secondly,this thesis verifies that the similarity in grammar of initial seeds and the number of SQL texts in initial seeds have influence on testing efficiency of Squirrel by contrast experiments.To a certain extent,reducing the similarity in grammar of initial seeds can improve the fuzzing efficiency of Squirrel.In general,increasing the number of SQL texts in initial seeds can improve the fuzzing efficiency of Squirrel.Thirdly,in this thesis,initial seeds are optimized by increasing the average grammatical distance of initial seeds and the number of SQL texts in initial seeds.The optimized initial seeds and the initial seeds provided by Squirrel are used for contrast experiments to verify the effectiveness of the optimization method of initial seeds.When fuzzing SQLite with the optimized initial seed,the fuzzing efficiency increased by 16.90%.At the same time,3 crashes were triggered and 1 error was found within 12 hours.When fuzzing Postgre SQL with the optimized initial seed,the fuzzing efficiency increased by 183.82%.