Remote Procedure Call (RPC) is a communication protocol to support client-server interactions among services over a network. RPC is widely applied in industry for building large-scale distributed systems, such as Microservices. Modern RPC frameworks include for example Thrift, gRPC, SOFARPC and Dubbo. Testing such systems using RPC communications is very challenging, due to the complexity of distributed systems and various RPC frameworks the system could employ. To the best of our knowledge, there does not exist any tool or solution that could enable automated testing of modern RPC-based services. To fill this gap, in this paper we propose the first approach in the literature, together with an open-source tool, for white-box fuzzing modern RPC-based APIs with search. To assess our novel approach, we conducted an empirical study with two artificial and four industrial web services selected by our industrial partner. The tool has been integrated into a real industrial pipeline, and could be applied to real industrial development process for fuzzing RPC-based APIs. To further demonstrate its effectiveness and application in industrial settings, we also report results of employing our tool for fuzzing another 30 industrial APIs autonomously conducted by our industrial partner in their testing processes. Results show that our novel approach is capable of enabling automated test case generation for industrial RPC-based APIs (i.e., two artificial and 34 industrial). We also compared with a simple grey-box technique and existing manually written tests. Our white-box solution achieves significant improvements on code coverage. Regarding fault detection, by conducting a careful review with our industrial partner of the tests generated by our novel approach in the selected four industrial APIs, a total of 41 real faults were identified, which have now been fixed.
翻译:远程程序呼叫(RPC)是支持服务之间在网络上进行客户-服务器互动的通信协议。 RPC被广泛应用于行业建设大型分布式系统,如Microservices。现代RPC框架包括Trift、GRPC、SOFARPC和Dubbo等。由于分布式系统的复杂性和该系统可以使用的各种RPC框架,使用RPC通信进行测试非常具有挑战性。据我们所知,没有任何工具或解决方案能够自动测试基于RPC的现代 RPC改进型服务。为了填补这一空白,我们在本文件中提出了文献中的第一个方法,同时提出了一个开放源工具,用于白箱烟雾基于RPC的现代分布式系统。现代RPCAPI框架包括Trift、GRPC、SFARPC、SOFARPC和DBbo。为了评估我们的新做法,我们用两个人工和4个工业伙伴选择的互联网网络服务进行了实证研究。这个工具被融入了真正的工业管道,可用于真正的基于RPC的ARPI 。为了进一步展示其有效性和在工业环境中的应用和应用,我们还使用一个简单的工业测试工具进行了一种简单的工业测试。