期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种目标制导的混合执行测试方法 被引量:18

Target-Directed Concolic Testing
下载PDF
导出
摘要 混合执行测试(concolic testing)是一种将具体执行与符号执行相结合的自动化测试方法.由于混合执行测试从程序本身出发,未将目标缺陷的先验知识作为指导,会导致生成和执行大量不能发现缺陷的测试输入,从发现缺陷的角度看浪费了时间和计算资源开销.这个问题在具有时间、成本及资源约束的实际测试任务中更加突出.为解决这一问题,文中提出了一种结合静态分析和混合执行测试技术的目标制导的混合执行测试方法:使用静态分析工具分析待测程序中可能含有缺陷的可疑语句及其缺陷类型,并将静态分析所报告的可疑语句作为目标指导测试.目标制导的混合执行测试技术分为3个步骤:首先,计算从程序各分支到待检测缺陷语句的可达性;其次,对待测试程序进行插装以支持混合执行测试;第三,使用静态分析的结果和可达性信息作为指导,只生成和执行可能会覆盖待检测缺陷语句的测试输入,以避免生成和执行不能发现缺陷的测试输入.基于此方法,作者实现了一个测试缓冲区溢出缺陷的原型工具:TARGET,并在一组C语言基准程序上进行了对比实验.实验结果表明与原有的混合执行测试技术相比较,TARGET能在更短的时间内发现程序中更多的缺陷. Concolic testing is an automatic testing technique which combines concrete execution and symbolic execution together. Concolic testing only focuses on programs under test, and lacks the prior knowledge of target faulty statements. From the perspective of detecting defects, time is wasted in generating and executing test inputs that cannot find defects. Furthermore, the limitation of time, budgets, and resources in practical test tasks make this problem even worse. To address this problem, this paper proposes a target-directed testing approach to combine static a- nalysis with concolic testing techniques, the program under test is statically analyzed before tes- ting to identify types and positions of suspicious defects~ then, the program is tested with the guidance of the static analysis results. The target-directed testing technique is consisted by 3 steps: Firstly, calculate the reachability relationships from branches to the suspicious state- ments; Secondly, instrument the program under test for concolic testing~ Thirdly, use static a- nalysis information and reachability relationships to guide concolic testing, only generate test in- puts can cover suspicious statements, in order to avoid generating test inputs that cannot detect defects. A prototype tool, TARGET, has been implemented based on the proposed technique to test buffer overflows. The authors have experimentally evaluated TARGET on a set of C bench-marks, and the results show that TARGET can find more defects with less time overhead than o riginal concolic testing techniques.
作者 崔展齐 王林章 李宣东
机构地区 南京大学软件新技术国家重点实验室 南京大学计算机科学与技术系
出处 《计算机学报》 EI CSCD 北大核心 2011年第6期953-964,共12页 Chinese Journal of Computers
基金 国家自然科学基金(90818022 91018006 61021062) 国家"九七三"重点基础研究发展规划项目基金(2009CB320702) 国家"八六三"高技术研究发展计划项目基金(2011AA010103) 核高基项目(2009z01036-001-001-3)资助
关键词 目标制导测试 缺陷触发 静态分析 混合执行测试 target-directed testing defects triggering static analysis concolic testing
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献24

  • 1Pezze M, Young M. Software Testing and Analysis:Process, Principles and Techniques. Hoboken, NJ: John Wiley b- Sons, 2007.
  • 2梅宏,王千祥,张路,王戟.软件分析技术进展[J].计算机学报,2009,32(9):1697-1710. 被引量:101
  • 3Emanuelsson P, Nilsson U. A comparative study of industrial static analysis tools. Electronic Notes in Theoretical Computer Science, 2008, 217:5-21.
  • 4张健.精确的程序静态分析[J].计算机学报,2008,31(9):1549-1553. 被引量:36
  • 5Bertolino A. Software testing research: Achievements, challenges, dreams//Proceedings of the Future of Software Engi- neering(FOSE'07). Washington, DC, USA.. IEEE Computer Society, 2007:85-103.
  • 6Godefroid P, Klarlund N, Sen K. DART: Directed automated random testing//Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implemen tation(PLDI'05). New York, NY, USA: ACM, 2005: 213-223.
  • 7Sen K, Marinov D, Agha G. CUTE: A concolic unit testing engine for C//Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering ( ESEC/FSE-13 ). New York, NY, USA: ACM, 2005:263-272.
  • 8Sen K, Agha G. CUTE and Jcute: Concolic unit testing and explicit path model checking tools//Proceedings of the 18th International Conference on Computer Aided Verification (CAVe06). Lecture Notes in Computer Science 4144. Berlin, Heidelberg: Springer, 2006:419-423.
  • 9Burnim J, Sen K. Heuristics for scalable dynamic test gener ation//Proceedings of the 23rd IEEE/ACM International Conference on Automated Software Engineering ( ASE ' 08). Washington, DC, USA: IEEE Computer Society, 2008: 443-446.
  • 10Xu R-G, Godefroid P, Majumdar R. Testing for buffer overflows with length abstraction//Proeeedings of the 2008 International Symposium on Software Testing and Analysis (ISS TA'08). New York, NY, USA: ACM, 2008:27-38.

二级参考文献71

  • 1汪黎,杨学军,王戟,罗宇.操作系统内核程序函数执行上下文的自动检验[J].软件学报,2007,18(4):1056-1067. 被引量:5
  • 2Shaw M. Truth Vs. knowledge: The difference between what a component does and what we know it does//Proeeedings of the 8th International Workshop Software Specification and Design. Budapest, Hungary, 1996: 181- 185.
  • 3Binkley David. Source code analysis: A road map//Proceedings of the Future of Software Engineering. Minneapolis, MN, USA, 2007:104 -119.
  • 4Dwyer Matthew B, Hatcliff John, Robby, Pasareanu Corina S, Visser Willem. Formal software analysis emerging trends in software model cheeking//Proceedings of the Future of Software Engineering. Minneapolis, MN, USA, 2007: 120- 136.
  • 5Flemming Nielson, Hanne Riis Nielson, Chris Hankin. Principles of Program Analysis. Berlin, Germany: Springer Verlag, 2005.
  • 6Jackson Daniel, Rinard Martin. Software analysis: A roadmap//Proceedings of the Future of Software Engineering. Limerick, Ireland, 2000:133-145.
  • 7Aho Alfred V, Sethi Ravi, Ullman Jeffrey D. Compilers: Principles, Techniques, and Tools. New Jersey, USA: Addison-Wesley, 1986.
  • 8Clarke E M, Jr Grumberg O, Peled D A. Model Checking, Cambridge, MA: MIT Press, 2000.
  • 9Ball T, Rajamani S K. Automatically validating temporal safety properties of interfaces//Dwyer M B ed. Proceedings of the 8th SPIN Workshop. LNCS 2057. Springer, 2001:103-122.
  • 10Chen H, Wagner D A. MOPS: An infrastructure for examining security properties of software//Proceedings of the 9th ACM Conference on Computer and Communications Security. Washengton, DC, USA, 2002:235-244.

共引文献129

同被引文献187

  • 1陈火旺,王戟,董威.高可信软件工程技术[J].电子学报,2003,31(z1):1933-1938. 被引量:115
  • 2陈海涛,韦中伟,卢宇彤.一种检查点感知的文件恢复算法[J].计算机研究与发展,2011,48(S1):169-174. 被引量:1
  • 3李伟明,于俊清,艾少波.PyFuzzer:自动化高效内存模糊测试方法[J].通信学报,2013,34(S2):64-68. 被引量:3
  • 4汪黎,杨学军,王戟,罗宇.操作系统内核程序函数执行上下文的自动检验[J].软件学报,2007,18(4):1056-1067. 被引量:5
  • 5林锦滨,张晓菲,刘晖.符号执行技术研究[C].全国计算机安全学术交流会论文集(第二十四卷).合肥:中国科学技术大学出版社,2009:404-408.
  • 6赵云山,宫云战.基于符号分析的静态缺陷检测技术研究[博士学位论文].北京:北京邮电大学,2012.
  • 7Sen K, Marinov D, Agha G. CUTE: A concolic unit testing engine for C [C]//Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering. New York, USA: Association for Computing Machinery, 2005 : 263 - 272.
  • 8Flake H. Structural comparison of executable objects [C]// Proceedings of the IEEE Conference on Detection of Intrusions and Malware & Vulnerability Assessment. Dortmund, Germany: IEEE Press, 2004: 161- 174.
  • 9Dullien T, Rolles R. Graph-based comparison of executable objects [J]. Symposium on Security Technology of Information and Communications, 2005, 5: 1 - 3.
  • 10Brumley D, Poosankam P, Song D, et al. Automatic patch-based exploit generation is possible: Techniques and implications [C]// Proceedings of 2008 IEEE Symposium on Security and Privacy. Oakland, USA: IEEE Press, 2008: 143 - 157.

引证文献18

二级引证文献134

计算机学报
2011年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部