基于状态变量数据依赖分析的以太坊智能合约测试用例生成

Jinhu Du, Song Huang, Xingya Wang, Changyou Zheng, Jin-lei Sun
{"title":"基于状态变量数据依赖分析的以太坊智能合约测试用例生成","authors":"Jinhu Du, Song Huang, Xingya Wang, Changyou Zheng, Jin-lei Sun","doi":"10.1109/QRS57517.2022.00077","DOIUrl":null,"url":null,"abstract":"An Ethereum smart contract is an agreement reached by multiple parties, which is guaranteed by blockchain technology to be executed in accordance with the terms expressed in the form of code. Its security needs are particularly prominent due to a large number of digital assets under management. Testing is an effective way to find flaws that threaten the security of smart contracts. However, current smart contract test case generation methods do not regard the impact of other functions in the smart contract on state variables, resulting in the inaccessibility of the control statements related to state variables and low branch coverage of the function under test. To alleviate this problem, this paper proposes SV-Gen. SV-Gen generates test cases for smart contracts through two steps: static analysis and dynamic search. In the first step, SV-Gen considers the read-write relationship between functions and state variables in the smart contract to generate a function invocation sequence for the function to be tested through a backtracking algorithm on state variables. Then the arguments of transactions to invoke each function in the sequence are generated through regex matching to form the primitive test case. In the second step, the primitive test cases constitute an initial population, and a genetic algorithm undertakes the task of evolving them to high branch coverage. The experimental results on one of the VeriSmart datasets show that SV-Gen can effectively enter the control constraints related to state variables and improve the branch coverage of smart contracts.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Test Case Generation for Ethereum Smart Contract based on Data Dependency Analysis of State Variable\",\"authors\":\"Jinhu Du, Song Huang, Xingya Wang, Changyou Zheng, Jin-lei Sun\",\"doi\":\"10.1109/QRS57517.2022.00077\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"An Ethereum smart contract is an agreement reached by multiple parties, which is guaranteed by blockchain technology to be executed in accordance with the terms expressed in the form of code. Its security needs are particularly prominent due to a large number of digital assets under management. Testing is an effective way to find flaws that threaten the security of smart contracts. However, current smart contract test case generation methods do not regard the impact of other functions in the smart contract on state variables, resulting in the inaccessibility of the control statements related to state variables and low branch coverage of the function under test. To alleviate this problem, this paper proposes SV-Gen. SV-Gen generates test cases for smart contracts through two steps: static analysis and dynamic search. In the first step, SV-Gen considers the read-write relationship between functions and state variables in the smart contract to generate a function invocation sequence for the function to be tested through a backtracking algorithm on state variables. Then the arguments of transactions to invoke each function in the sequence are generated through regex matching to form the primitive test case. In the second step, the primitive test cases constitute an initial population, and a genetic algorithm undertakes the task of evolving them to high branch coverage. The experimental results on one of the VeriSmart datasets show that SV-Gen can effectively enter the control constraints related to state variables and improve the branch coverage of smart contracts.\",\"PeriodicalId\":143812,\"journal\":{\"name\":\"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/QRS57517.2022.00077\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS57517.2022.00077","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

以太坊智能合约是多方达成的协议,由区块链技术保证按照以代码形式表达的条款执行。由于管理着大量的数字资产,其安全需求尤为突出。测试是发现威胁智能合约安全的缺陷的有效方法。然而,目前的智能合约测试用例生成方法没有考虑智能合约中其他功能对状态变量的影响,导致状态变量相关的控制语句不可访问,被测功能分支覆盖率低。为了缓解这一问题,本文提出了SV-Gen。SV-Gen通过静态分析和动态搜索两步生成智能合约的测试用例。第一步,SV-Gen考虑智能合约中函数与状态变量之间的读写关系,通过状态变量回溯算法生成待测试函数的函数调用序列。然后通过正则表达式匹配生成调用序列中每个函数的事务参数,形成基本测试用例。在第二步中,原始测试用例构成初始种群,遗传算法承担将它们进化到高分支覆盖率的任务。在一个VeriSmart数据集上的实验结果表明,SV-Gen可以有效地输入与状态变量相关的控制约束,提高智能合约的分支覆盖率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Test Case Generation for Ethereum Smart Contract based on Data Dependency Analysis of State Variable
An Ethereum smart contract is an agreement reached by multiple parties, which is guaranteed by blockchain technology to be executed in accordance with the terms expressed in the form of code. Its security needs are particularly prominent due to a large number of digital assets under management. Testing is an effective way to find flaws that threaten the security of smart contracts. However, current smart contract test case generation methods do not regard the impact of other functions in the smart contract on state variables, resulting in the inaccessibility of the control statements related to state variables and low branch coverage of the function under test. To alleviate this problem, this paper proposes SV-Gen. SV-Gen generates test cases for smart contracts through two steps: static analysis and dynamic search. In the first step, SV-Gen considers the read-write relationship between functions and state variables in the smart contract to generate a function invocation sequence for the function to be tested through a backtracking algorithm on state variables. Then the arguments of transactions to invoke each function in the sequence are generated through regex matching to form the primitive test case. In the second step, the primitive test cases constitute an initial population, and a genetic algorithm undertakes the task of evolving them to high branch coverage. The experimental results on one of the VeriSmart datasets show that SV-Gen can effectively enter the control constraints related to state variables and improve the branch coverage of smart contracts.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信