基于状态机模型的构件健壮性测试

基于形式化的构件语义定义了健壮性,并提出一种基于状态机的构件健壮性测试方法.基于该方法实现了原型工具RoTesCo.首先遍历状态机生成一组覆盖所有转换的路径,基于这些路径的测试用例驱动构件发生状态转换;然后用无效输入和不当调用在构件的不同状态来测试其健壮性.通过区分测试中捕获异常的类别,自动报告健壮性错误.以通用的开源项目构件组成评测平台,实验数据显示,RoTesCo的测试效率比已有的算法表现得更优越.     

协议一致性测试生成的路径叠加方法

基于UIO序列提出了一种新的协议一致性测试生成方法——路径叠加方法。其核心思想是寻找有限状态机中无重复转换的路径作为路径叠加转换序列,在其后连接该序列尾状态的UIO序列,从而验证该序列中所有转换。理论与实验结果表明,由路径叠加算法生成的测试序列长度要比其他基于UIO序列的算法生成的测试序列明显缩短。特别的,利用路径叠加转换序列来替代OUIO方法中对子序列直接叠加而生成的完全叠加转换序列,在检错性不降低的前提下,大大降低了叠加计算的复杂度。     

基于有限状态机的健壮性测试研究

健壮性测试对软件尤其是安全产品有极其重要的意义,本文使用有限状态机来对软件产品进行建模,通过状态扩充和状态对各种异常事件的响应,构建完备的增强有限状态机,使用该模型可以进行健壮性测试。我们利用该方法对GlobalPlatform卡规范中安全通信的安全通道协议SCP02进行了测试。测试结果表明,该方法产生的测试案例包比GP组织认可的测试包具有更高的覆盖性和错误检测能力,该方法产生的案例不仅可以用于健壮性测试,也可以用于功能性和符合性测试。     

基于有限状态机的工控系统软件设计

通过分析工控系统的特性,提出采用状态机的思想进行工控软件设计.详细论述了高速状态机的错步问题以及控制层中状态机的状态划分问题.结合具体的应用实例,给出了基于状态机的实现方法.实验表明,采用状态机的设计方法有助于准确描述受控对象的行为,软件的健壮性和可靠性得到显著提高.     

基于深度优先搜索的模糊测试用例生成方法

模糊测试是挖掘网络协议漏洞的重要方法之一.现有的模糊测试方法存在覆盖路径不完全、效率低下等问题.为了解决这些问题,文中提出了基于深度优先搜索的模糊测试用例生成方法,该方法将状态机转换成有向无回路图,以获得状态迁移路径,并通过提高测试用例在发送报文中的占比来提升模糊测试效率.该方法主要包括合并状态迁移、消除循环路径、搜索状态迁移路径、标记重复状态迁移和基于测试用例引导的模糊测试5个阶段.在合并状态迁移阶段,将首尾状态相同的状态迁移进行合并.在消除循环路径阶段,根据深度优先搜索判断图中的循环,并通过删除边将状态机转换成有向无回路图.在搜索状态迁移路径阶段,搜索有向无回路图从初始状态到终止状态的全路径,并对原状态机图使用Floyd算法补充被去除的边构造测试路径,以确保充分测试状态机中的每一个状态迁移.在标记重复状态迁移阶段,对重复状态迁移进行标记,避免对重复的状态迁移进行反复测试,以缩减测试的冗余.在基于测试用例引导的模糊测试阶段,生成针对状态迁移的测试用例,并将测试用例均匀分发到重复的状态迁移上,其中的部分测试用例能够起到引导状态迁移的作用,对被测目标进行模糊测试.实验结果表明,所提方法能够取得更高的有效测试用例比例.     

一种事件驱动有限状态机的编程实现框架

在现代程序设计中,网络协议实现、游戏角色建模等很多复杂场景切换问题都可以用有限状态机来描述。本文将有限状态机概念与事件驱动模型结合,设计一种可复用的代码模板实现各状态转换的动态管理。该方法简洁高效,模块逻辑清晰,提高了系统的健壮性。     

基于模型学习的OpenVPN系统脆弱性分析

OpenVPN在现实网络中有广泛应用,对其安全性进行评估具有重要的现实意义.基于自动机理论中模型学习的方法,利用协议状态模糊测试的技术对OpenVPN系统进行黑盒测试分析,自动化推演出目标OpenVPN系统的状态机.提出了状态机时间压缩模型并进行冗余状态和迁移化简,可以准确得到协议状态机中的行为特征.发现了多条期望行为路径外的特别行为路径及可能的安全隐患,为OpenVPN的安全性评估提供了新的思路与方法,同时对类似缺少协议规范但应用广泛的安全协议的内部设计细节分析具有重要参考意义.     

UML状态图和Petri网络在类测试用例生成的应用

分析和研究UML状态图、扩展状态机和Petri网在类测试用例生成的特点,提出结合三者优势的类测试用例生成方法.通过Petri网对状态图进行性质分析可以解决状态爆炸,分析状态图冲突和了解覆盖性等问题.通过实例分析和研究,三者结合的基于完整路径转换测试准则所产生测试用例生成方法是有效的.     

模型检验在构件数据流测试中的应用

模型检验输出的反例提供了一种自动产生测试用例的有效途径。提出了一种用模型检验进行构件数据流测试的方法。利用构件状态机描述构件的外部行为,用带有变量定义和使用标记的Kripke结构描述构件状态迁移中的数据流信息;给出了从构件状态机到Kripke结构的转换方法,并建立了全定义覆盖和全使用覆盖准则的陷阱性质构造公式。陷阱性质将使模型检验器NuSMV输出反例,从而产生构件的数据流测试序列。     

有限状态机在导弹防御系统分析中的应用

介绍了有限状态机的基本概念,基于UML详细分析了导弹防御系统的作战过程.由于UML状态机无法直接运行而实现系统状态的动态转换,研究了基于有限状态机理论的图形化建模与仿真工具Stateflow.在分析了导弹防御系统作战过程中各子系统状态以及状态转换的基础上建立了Stateflow状态机模型,并与Matlab其它建模和仿真工具有机结合,建立了导弹防御系统的仿真模型,该模型可实现不同条件下系统性能的分析与评估.     

Robustness testing for software components

Component-based development allows one to build software from existing components and promises to improve software reuse and reduce costs. For critical applications, the user of a component must ensure that it fits the requirements of the application. To achieve this, testing is a well-suited means when the source code of the components is not available. Robustness testing is a testing methodology to detect the vulnerabilities of a component under unexpected inputs or in a stressful environment. As components may fail differently in different states, we use a state machine based approach to robustness testing. First, a set of paths is generated to cover transitions of the state machine, and it is used by the test cases to bring the component into a specific control state. Second, method calls with invalid inputs are fed to the component in different states to test the robustness. By traversing the paths, the test cases cover more states and transitions compared to stateless API testing. We apply our approach to several components, including open source software, and compare our results with existing approaches.     

带场景和关键路径的商业组件自测试框架

商业组件的开发者和用户都需要测试组件在未知部署环境下的运行情况.给组件添加自测试功能后,测试效率大为提高.设计了一个商业组件的自测试框架STCCF,在组件代码中嵌入关键运行路径,使用XML描述组件的运行场景、关键路径和与之相关的参数条件,然后读入该描述文件,据此生成基于XML的测试用例集.框架还提供基于反射的自动测试类,执行所有测试用例,并记录测试结果.STCCF已运用到VisualDware工程,结合工程中一个分布式组件实例介绍它的实现步骤.     

Low-cost testing of high-density logic components

The evolution of a testing method and architecture of a logic-device tester to be used for the next generation of IBM's high-density CMOS ASIC (application-specific integrated circuit) logic components is described. The tester's design is based on the architecture of an existing IBM memory tester rather than on a conventional logic-tester design. The testing strategy calls for boundary-scan in each component design, built-in self-test logic within embedded memory arrays, and the use of weighted random-pattern logic testing. The development of the tester hardware is discussed, and capital costs of the new tester are compared with those of other approaches     

Fragment Method of Restoring the Operation of Digital Systems with the Structure of a Minimal Quasicomplete Graph with Two Paths between Two Users

The developed approach to the fragment method of restoring the operation of digital systems (DS) structured as a minimal quasicomplete graph with two paths between two users is to alternately restore individual DS fragments. The analyzed DS fragment consists of a tested user, a switch, and two communication lines between the switch and the testing and tested users. For a single fragment, we construct a typical base program unit which can serve as a reference for the base units for other DS fragments. Based on the results of diagnostics for the components of the fragment, the testing user replaces functions of the faulty component with functions of operational components. The developed approach guarantees to remove the influence of a single faulty component in a digital system of the analyzed structure.     

基于使用剖面分析的系统健壮性评测方法

为了减小健壮性评测过程中测试数量以及更准确地评估错误输入对系统的健壮性影响,提出了在传统的健壮性评测之前引入用户使用剖面分析过程,并将该过程同传统方法结合起来对系统进行健壮性评测.该过程在基准应用程序运行过程中,分别从系统调用接口层和内核层给出用户使用情况,包括函数接口发生次数和持续时间度量.根据使用剖面分析结果,以故障注入的方式进行健壮性评测.通过对具体应用程序下的系统健壮性分析,表明了该方法的有效性.     

Predictable service overlay networks: Predictability through adaptive monitoring and efficient overlay construction and management

Providing bounded communication among participating nodes is significant for distributed systems. Internet-based applications suffer with lower performance due to absence of bounded latency. We describe PSON, an overlay network solution to this challenging problem. PSON has two components. The monitoring component, SyncProbe, utilizes efficient and adaptive monitoring techniques to measure latency, detect packet loss, and provide real-time estimates of maximum expected latency along paths of an Internet substrate. The QoSMap component constructs and manages overlay such that it yields application-level QoS and provides resilience against network failures. A distinctive feature of QoSMap is construction of QoS-compliant backup paths which facilitate in overlay management and operation during the period when primary overlay paths violate QoS. We evaluate PSON on PlanetLab to provide predictable communication for applications with different topology and QoS requirement. Our experiments confirm the effectiveness of PSON in providing an inexpensive and efficient application-layer solution to Internet’s unpredictable behavior.     

运用CAR智能指针实现Callback机制

"和欣"操作系统是基于CAR构件技术、支持构件化应用的嵌入式操作系统。一般的构件,客户与构件之间的通信过程是单向的,客户创建构件对象,然后客户调用对象所提供的接口函数。在这样的通讯过程中,客户总是主动的,而构件对象则处于被动状态。对于一个全面的交互过程来说,这样的单向通信往往不能满足实际的需要,构件对象也要主动与客户进行通信,构件也提供回调接口。和欣系统中的Callback机制有助于实现二进制构件拼装;并允许构件异地运行,可极大地提高构件的运行效率,但其本身实施过程很复杂。提出在"和欣"操作系统中,实现CAR智能指针来简化用户实现Callback机制的过程。     

Equations of motion and ballistic paths of volcanic ejecta

When the equations of motion are broken down into component form their solution provides the coordinates of positions of moving particles at successive times, making it possible to plot the paths of those particles. In two dimensions the equations contain horizontal and vertical accelerations which, when added separately in each component's direction, provide the net force per unit mass acting horizontally and vertically. Repeated integration of accelerations leads to particle velocities and displacements, hence particle positions and paths. Though conceptually applicable to many kinds of motion in geomorphology, the method is applied here to paths of volcanic ejecta in equatorial latitudes. The horizontal component includes the sum of inertial, resistance and aeolian terms whereas the vertical component is the sum of inertial, gravitational, resistance, lift and total centrifugal terms. The total centrifugal effect on a body in motion on a rotating Earth is itself composed of two components. One component is the conventionally conceived centrifugal effect at right angles to Earth's polar axis. The second component is the Coriolis effect at right angles to the velocity vectors that are tangential to the path of motion and at right angles to the axis of spin of the moving body. When the axis of spin is coincident with the polar axis, as it is for eastward motion of a body on the equator, both components act in the same direction, in this case upwards vertically. Completing the scenario is the inclusion of the equatorial tropopause which impedes further vertical motion but allows horizontal motion to continue, an aspect of considerable importance with respect to transport of dust (volcanic and aeolian) and pollutants.