From d35b7038c302ef3b4e8fdf4e382ca00cf9c53195 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Mon, 28 Jul 2025 15:42:56 +0200 Subject: [PATCH] thesis: Add call sequence graph --- thesis/src/02.intercept.tex | 11 ++++++ thesis/src/03.manipulate.tex | 70 ++++++++++++++++++++++++++++++++---- thesis/thesis.tex | 5 +++ 3 files changed, 80 insertions(+), 6 deletions(-) diff --git a/thesis/src/02.intercept.tex b/thesis/src/02.intercept.tex index ada217c..c41337b 100644 --- a/thesis/src/02.intercept.tex +++ b/thesis/src/02.intercept.tex @@ -566,3 +566,14 @@ Other checks may also include guards to calls to ``forbidden'' functions, or tha Another important post-condition of most library functions is the return value, which in most cases indicates success or failure of an operation. However, intercepting of calls alone may not be able to verify if a program really checks the return value of a function and acts accordingly. Chapter~\ref{ch:manipulating-function-calls} shows how this problem may be solved. + +\subsection{Validating Memory Management}\label{subsec:testing-memory-management} + +Lorem Ipsum. +(malloc, calloc, realloc, free, getaddrinfo, freeaddrinfo). + + +\subsection{Validating Resource Management}\label{subsec:validating-resource-management} + +Lorem Ipsum. +(open, close, socket, \dots). diff --git a/thesis/src/03.manipulate.tex b/thesis/src/03.manipulate.tex index 289bcf6..86f74bb 100644 --- a/thesis/src/03.manipulate.tex +++ b/thesis/src/03.manipulate.tex @@ -35,7 +35,7 @@ Figure~\ref{fig:control-flow} illustrates the control flow for manipulating func \end{call} \end{sdblock} - \begin{sdblock}{Manipulated Call}{} + \begin{sdblock}{Modified Call}{} \begin{call}{p}{malloc(x)}{i}{return a} \mess{i}{{``malloc(x)''}}{s} \mess{s}{``modify y''}{i} @@ -94,11 +94,69 @@ The server does not acknowledge this message. The contents of this message type correspond the second line of an intercepted function call (see Section~\ref{sec:automated-testing-on-intercepted-function-calls}). -\section{Creating a Socket Server in Python}\label{sec:creating-a-socket-server-in-python} - -Lorem Ipsum. - - \section{Automated Testing using Function Call Manipulation}\label{sec:automated-testing-using-function-call-manipulation} +As seen in Figure~\ref{fig:control-flow} function call manipulation allows for mocking individual calls. +Mocking may be used to see how the program behaves, when individual calls to function fail or return an unusual, but valid, value. +The simplest way to automatically test programs is to run them multiple times and on each run let a single function call fail. +The resulting sequence of function calls now may be put together to a call sequence graph (or tree). +By analysing this call graph, it is possible to decide, if a program correctly terminated when faced with a failed function call. +This may be the case, when the following function calls differ from those which were recorded on a default run (without any mocked function calls). + + +\subsection{Testing Return Value Checks}\label{subsec:testing-return-value-checks} + Lorem Ipsum. + +\begin{figure} + \begin{tikzpicture}[node distance=15mm, thick, main/.style = {draw, circle}, text centered] + \newcommand{\fncall}[2]{\tiny{\begin{tabular}{c}\normalsize{\texttt{#1}}\\\texttt{#2}\end{tabular}}} + \node[main] (1)[elips] {\fncall{getopt}{client+0x1ac5, client.c:186}}; + \node[main] (2)[elips] [below of=1] {\fncall{getaddrinfo}{client+0x147b, client.c:74}}; + \node[main] (3)[elips] [below of=2] {\fncall{socket}{client+0x14f2, client.c:81}}; + \node[main] (4)[elips] [below of=3] {\fncall{connect}{client+0x15f3, client.c:104}}; + \node[main] (5)[elips] [below of=4] {\fncall{freeaddrinfo}{client+0x1638, client.c:114}}; + \node[main] (6)[elips] [below of=5] {\fncall{send}{client+0x1f5c, client.c:277}}; + \node[main] (7)[elips] [below of=6] {\fncall{recv}{client+0x1fa1, client.c:284}}; + \node[main] (8)[elips] [below of=7] {\fncall{recv}{client+0x2062, client.c:300}}; + \node[main] (9)[elips] [below of=8] {\fncall{recv}{client+0x2442, client.c:360}}; + \node[main] (10)[elips] [below of=9] {\fncall{recv}{client+0x2442, client.c:360}}; + \node[main] (11)[elips] [below of=10] {\fncall{close}{client+0x2489, client.c:375}}; + \node[main] (12)[elips] [below of=11] {\fncall{exit}{sys+0x0}}; + + \node[main] (2f1)[elips] [right=10mm of 2] {\fncall{exit}{sys+0x0}}; + \node[main] (3f1)[elips] [right=10mm of 3] {\fncall{freeaddrinfo}{client+0x1638, client.c:114}}; + \node[main] (4f1)[elips] [right=10mm of 4] {\fncall{close}{client+0x1611, client.c:106}}; + + \draw[->] (1) -- (2); + \draw[->] (2) -- (3); + \draw[->] (2) -- node[midway, above, sloped, pos=0.5] {fail} (2f1); + \draw[->] (3) -- (4); + \draw[->] (3) -- node[midway, above, sloped, pos=0.5] {fail} (3f1); + \draw[->] (3f1) -- (2f1); + \draw[->] (4) -- (5); + \draw[->] (4) -- node[midway, above, sloped, pos=0.5] {fail} (4f1); + \draw[->] (4f1) -- (3f1); + \draw[->] (5) -- (6); + \draw[->] (6) -- (7); + \draw[->] (7) -- (8); + \draw[->] (8) -- (9); + \draw[->] (9) -- (10); + \draw[->] (10) -- (11); + \draw[->] (11) -- (12); + \draw[->] (6) to [out=0,in=-4,looseness=2] node[midway, above, pos=0.05] {fail} (11); + \draw[->] (7) to [out=0,in=-2,looseness=1.75] node[midway, above, pos=0.075] {fail} (11); + \draw[->] (8) to [out=0,in=0,looseness=1.5] node[midway, above, pos=0.1] {fail} (11); + \draw[->] (9) to [out=0,in=2,looseness=1.25] node[midway, above, pos=0.1] {fail} (11); + \draw[->] (10) to [out=0,in=3,looseness=1] node[midway, above, pos=0.1] {fail} (11); + \end{tikzpicture} + \centering + \caption{Simplified Call Sequence Graph of \texttt{./client}.} + \label{fig:call-sequence} +\end{figure} + + +\subsection{Testing Interrupts}\label{subsec:testing-interrupts} + +Lorem Ipsum. +EINTR. diff --git a/thesis/thesis.tex b/thesis/thesis.tex index b66a13b..e87be70 100644 --- a/thesis/thesis.tex +++ b/thesis/thesis.tex @@ -41,6 +41,9 @@ \usepackage{chngcntr} \counterwithin{listing}{chapter} \usepackage{pgf-umlsd} +\usepackage{textcomp} +\usepackage{tikz} +\usetikzlibrary{shapes} \newcommand{\newthreadShift}[4][gray!30]{ \newinst[#4]{#2}{#3} @@ -50,6 +53,8 @@ \tikzstyle{instcolor#2}=[fill=#1] } +\tikzset{elips/.style={ellipse,draw,minimum width=2em,minimum height=1.8em,inner ysep=0pt},} + % Set PDF document properties \hypersetup{ pdfpagelayout = TwoPageRight, % How the document is shown in PDF viewers (optional).