摘要
对规模较大的程序进行安全测试过程中,Concolic测试常面临路径爆炸和求解能力不足等问题。为缓解此类问题,提出一种面向源代码的导向Concolic测试方法。针对容易产生缺陷的危险代码区域,依据控制流和数据流属性,采用回溯的方式推导出静态可达路径信息和必要的符号变量,实现仅针对危险代码区域的覆盖测试。实证研究结果表明,通过规避对不关心路径和符号变量的分析,所提方法显著提升了覆盖测试危险代码区域的效率和发现缺陷的概率。
In the process of safety testing in large-scale programs,Concolic tests often faced problems such as path explosion and lack of constraint solving ability.In order to alleviate these problems,this paper proposed a directed Concolic testing method for source code.Aiming at the danger code area prone to produce defects,the paths which could reach the critical code areas and the essential symbolic variables could be inferred based on backtracking control-flow and data-flow analysis.These information limited the dynamic testing only to cover the danger code area.The empirical results show that by ignoring analysis of the unconcerned paths and symbolic variables,the method significantly improves the test efficiency and the provability of finding defects.
作者
常超
刘克胜
赵军
Chang Chao;Liu Kesheng;Zhao Jun(Dept.of Doctoral Student,Electronics Engineering Institute,Hefei 230037,China;Dept.of Network,Electronics Engineering Institute,Hefei 230037,China)
出处
《计算机应用研究》
CSCD
北大核心
2018年第1期140-144,共5页
Application Research of Computers
基金
国家自然科学基金资助项目(61272491
61602491)
