Despite its long-standing popularity and fundamental role in an operating system, the Unix shell has rarely been a subject of academic research. In particular, regardless of the significant progress in compiler testing, there has been hardly any work applying automated testing techniques to detect faults and vulnerabilities in shell interpreters. To address this important shortcoming, we present ShellFuzzer: a technique to test Unix shell interpreters by automatically generating a large number of shell scripts. ShellFuzzer combines grammar-based generation with selected random mutations, so as to produce a diverse range of shell programs with predictable characteristics (e.g., valid according to the language standard, and free from destructive behavior). In our experimental evaluation, ShellFuzzer generated shell programs that exposed 8 previously unknown issues that affected a recent version of the mksh POSIX-compliant shell; the shell maintainers confirmed 7 of these issues, and addressed them in the latest revisions of the shell's open-source implementation.

翻译：尽管Unix shell在操作系统中具有长期流行性和基础性作用，却鲜少成为学术研究的对象。特别是，尽管编译器测试领域已取得显著进展，但将自动化测试技术应用于检测shell解释器中的缺陷与漏洞的研究几乎为零。为弥补这一重要不足，我们提出ShellFuzzer：一种通过自动生成大量shell脚本来测试Unix shell解释器的技术。ShellFuzzer将基于语法的生成与选择性随机突变相结合，从而产生具有可预测特性（例如符合语言标准、无破坏性行为）的多样化shell程序。在我们的实验评估中，ShellFuzzer生成的shell程序暴露了影响最新版mksh POSIX兼容shell的8个先前未知问题；shell维护者确认了其中7个问题，并在该shell开源实现的最新修订版本中予以修复。