2021, 32(6):1867-1881.
DOI: 10.13328/j.cnki.jos.006254
Abstract:
Robot operating system (ROS) is an open source system widely used in Robot development. It can provide developers with hardware abstraction, device driver, library function, visualization, messaging, software package management, and other functions, which has an important and broad application prospect. ROS integrates various software packages that can realize different functions, such as positioning drawing, action planning, perception, simulation, etc. However, some vulnerabilities may damage the overall safety and reliability of robot system directly. In this study, an ROS oriented fuzzing method is proposed to test different versions of ROS packages and find out the vulnerabilities. The proposed approach includes two modules:Test cases generation and differential fuzz testing execution. Firstly, load and process the input file, and generate the test cases file based on the strategy's generation. Secondly, communication among nodes is achieved using topic communication mechanism, and the test case files are used as the inputs to carry out differential fuzz testing on the ROS packages. Then, the inconsistent outputs in the test results are calculated and evaluated, and the seed meet the evaluation indicators are reserved and fed back to the test case generation module to generate test cases, it will improve seed quality and code coverage effectively. Finally, analyze the cause of inconsistent output and find out the vulnerability. This method is applied in the experiment of robot coordinate transformation, testing the packages TF and TF2 that realize coordinate transformation under different reference frames. Final experiment results show that TF is more accurate in function implementation compared with TF2, and there are vulnerabilities in the function of TF2 to realize coordinate rotation transformation.