Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Yu, Jiazhao, Tu, Yanlun, Zhang, Zhanlei, Zhang, Tiehua, Xu, Cheng, Wu, Weigang, Kang, Hong Jin, Zheng, Xi
Format: Preprint
Veröffentlicht: 2025
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2501.10269
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866910919992279040
author Yu, Jiazhao
Tu, Yanlun
Zhang, Zhanlei
Zhang, Tiehua
Xu, Cheng
Wu, Weigang
Kang, Hong Jin
Zheng, Xi
author_facet Yu, Jiazhao
Tu, Yanlun
Zhang, Zhanlei
Zhang, Tiehua
Xu, Cheng
Wu, Weigang
Kang, Hong Jin
Zheng, Xi
contents Testing ultra-large microservices-based FinTech systems presents significant challenges, including restricted access to production environments, complex dependencies, and stringent security constraints. We propose SandBoxFuzz, a scalable grey-box fuzzing technique that addresses these limitations by leveraging aspect-oriented programming and runtime reflection to enable dynamic specification mining, generating targeted inputs for constrained environments. SandBoxFuzz also introduces a log-based coverage mechanism, seamlessly integrated into the build pipeline, eliminating the need for runtime coverage agents that are often infeasible in industrial settings. SandBoxFuzz has been successfully deployed to Ant Group's production line and, compared to an initial solution built on a state-of-the-art fuzzing framework, it demonstrates superior performance in their microservices software. SandBoxFuzz achieves a 7.5% increase in branch coverage, identifies 1,850 additional exceptions, and reduces setup time from hours to minutes, highlighting its effectiveness and practical utility in a real-world industrial environment. By open-sourcing SandBoxFuzz, we provide a practical and effective tool for researchers and practitioners to test large-scale microservices systems.
format Preprint
id arxiv_https___arxiv_org_abs_2501_10269
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Grey-Box Fuzzing in Constrained Ultra-Large Systems: Lessons for SE Community
Yu, Jiazhao
Tu, Yanlun
Zhang, Zhanlei
Zhang, Tiehua
Xu, Cheng
Wu, Weigang
Kang, Hong Jin
Zheng, Xi
Software Engineering
Testing ultra-large microservices-based FinTech systems presents significant challenges, including restricted access to production environments, complex dependencies, and stringent security constraints. We propose SandBoxFuzz, a scalable grey-box fuzzing technique that addresses these limitations by leveraging aspect-oriented programming and runtime reflection to enable dynamic specification mining, generating targeted inputs for constrained environments. SandBoxFuzz also introduces a log-based coverage mechanism, seamlessly integrated into the build pipeline, eliminating the need for runtime coverage agents that are often infeasible in industrial settings. SandBoxFuzz has been successfully deployed to Ant Group's production line and, compared to an initial solution built on a state-of-the-art fuzzing framework, it demonstrates superior performance in their microservices software. SandBoxFuzz achieves a 7.5% increase in branch coverage, identifies 1,850 additional exceptions, and reduces setup time from hours to minutes, highlighting its effectiveness and practical utility in a real-world industrial environment. By open-sourcing SandBoxFuzz, we provide a practical and effective tool for researchers and practitioners to test large-scale microservices systems.
title Grey-Box Fuzzing in Constrained Ultra-Large Systems: Lessons for SE Community
topic Software Engineering
url https://arxiv.org/abs/2501.10269