White-box Fuzzing RPC-based APIs with EvoMaster: An Industrial Case Study

Remote Procedure Call (RPC) is a communication protocol to support client-server interactions among services over network. RPC widely applied in industry for building large-scale distributed systems, such as Microservices. Modern frameworks include example Thrift, gRPC, SOFARPC and Dubbo. Testing systems using communications very challenging, due the complexity of various system could employ. To best our knowledge, there does not exist any tool or solution that enable automated testing modern RPC-based services. fill this gap, paper we propose first approach literature, together with an open-source tool, fuzzing APIs. The context white-box search-based techniques. tackle schema extraction frameworks, formulate specification along parser allows from source code JVM Then, extracted employ search produce tests by maximizing heuristics newly defined specific domain. We built extension fuzzer (i.e., EvoMaster ), has been integrated into real industrial pipeline be development process assess novel approach, conducted empirical study two artificial four web selected partner. In addition, further demonstrate its effectiveness application settings, report results employing another 50 APIs autonomously partner their processes. Results show capable enabling test case generation 54 industrial). also compared simple grey-box technique existing manually written tests. Our achieves significant improvements on coverage. Regarding fault detection, conducting careful review generated APIs, total 41 faults were identified, which have now fixed. Another 8,377 detected are currently under investigation.