As agile software development and extreme programing have become increasingly popular, continuous integration (CI) has become a widely used collaborative work method. However, it is common to make changes frequently to a project during CI. If existing testing methods are applied to CI directly, it will be difficult to make testing resources focus on changes generated by CI, which results in insufficient testing for changes. To solve this problem, we propose a fuzz testing method for CI. First, differential analysis is performed to determine the change points generated during CI, change points are added to the taint source set, and static analysis is conducted to calculate the distances between each basic block and the taint sources. Then, the project under test is instrumented according to the distances. During fuzz testing, testing resources are allocated based on seed coverage to test the change points effectively. Using the proposed methods, we implement CIDFuzz as a prototype tool, and experiments are conducted on four open-source projects that use CI. Experimental results show that, compared with AFL and AFLGo, CIDFuzz can reduce the time costs of covering change points up to 39.59% and 41.64%, respectively. Also, CIDFuzz can reduce the time costs of reproducing vulnerabilities up to 34.78% and 25.55%.

中文翻译：

---

CIDFuzz：持续集成的模糊测试

随着敏捷软件开发和极限编程的日益流行，持续集成（CI）成为一种广泛使用的协同工作方式。但是，在 CI 期间经常对项目进行更改是很常见的。如果将现有的测试方法直接应用于CI，将很难使测试资源集中在CI产生的变化上，导致对变化的测试不够充分。为了解决这个问题，我们提出了一种针对 CI 的模糊测试方法。首先通过差分分析确定CI过程中产生的变化点，将变化点添加到污点源集中，通过静态分析计算每个基本块与污点源的距离。然后，根据距离检测被测项目。在模糊测试期间，根据种子覆盖率分配测试资源，有效测试变化点。使用所提出的方法，我们将 CIDFuzz 实现为原型工具，并在四个使用 CI 的开源项目上进行了实验。实验结果表明，与AFL和AFLGo相比，CIDFuzz可以将覆盖变点的时间成本分别降低39.59%和41.64%。此外，CIDFuzz 可以将重现漏洞的时间成本降低高达 34.78% 和 25.55%。分别。此外，CIDFuzz 可以将重现漏洞的时间成本降低高达 34.78% 和 25.55%。分别。此外，CIDFuzz 可以将重现漏洞的时间成本降低高达 34.78% 和 25.55%。