首页 | 本学科首页   官方微博 | 高级检索  
相似文献
 共查询到20条相似文献,搜索用时 62 毫秒
1.
模糊测试是当前检测程序错误的最主流、最有效的手段之一.模糊测试工具首先对种子文件进行变异,生成大量新输入文件,然后挑选新输入来执行目标程序,以触发程序中潜在的漏洞.当前对模糊测试的研究多着眼于改进变异算法,提高生成的新文件对目标程序代码的覆盖,忽略了备用种子文件的筛选策略对提高模糊测试覆盖率与测试效率的的贡献.针对该问题,我们提出了基于覆盖频率的种子文件筛选策略,在每次执行目标程序时,我们记录程序执行中覆盖过的路径边;根据边被执行次数的多少,我们将这些边分为低频边和高频边;对于包含了更多低频边且执行效率高的种子文件,我们给予更高的优先级.我们在模糊测试工具American Fuzzy Lop (AFL)实现了对应的算法,实验表明我们的算法有效提高了模糊测试的效率和代码覆盖率.  相似文献   

2.
模糊测试被广泛应用于各种软件和系统的漏洞挖掘中.而模糊测试的效果与其采用的变异策略以及初始种子文件的代码覆盖率有直接的关系.本文提出了一种基于深度学习的种子文件生成方法,分析并学习初始种子文件和其在目标程序中的执行路径之间的关系,最终输出可能覆盖新执行路径的种子文件,从而提高初始种子文件集合的代码覆盖率.我们以PDF阅读器作为目标程序进行了实验,实验结果表明该方法所生成的种子文件保证了良好的通过率,而且明显提高了代码覆盖率.同时实验证明该方法在针对多种PDF阅读器进行模糊测试时都获得了更高的代码覆盖率.  相似文献   

3.
针对编译循环内的查找表分派指令导致的代码重复或额外运行开销,在Dalvik虚拟机的基于Trace的即时编译器中提出了改进的代码生成算法。同已有的代码生成算法相比,该方法在划分基本块阶段获取查找表分派的信息,并将查找表分派指令转换成一系列条件分支指令,通过条件分支指令实现子Trace同主Trace的合并,避免了主子Trace切换时额外的函数调用。实验结果表明,对于循环内含查找表分派的应用程序,该算法能提升其性能。  相似文献   

4.
黄晨  董燕  于倩  虞砺琨 《测控技术》2017,36(1):100-103
基于目标码的测试覆盖率分析是软件测试过程的必要关键步骤,不可达分析能够保证测试的完整性和充分性.给出嵌入式软件基于覆盖率测试的分析过程,在嵌入式虚拟测试平台的基础上,对程序目标代码插桩,采用语句和分支覆盖率分析准则,将黑盒测试和白盒测试相结合,分析不可达分支语句引入机理,并通过具体的反汇编代码实例分析来验证这种测试方法的可行性和有效性.专门针对覆盖率不可达的分析可以有效验证软件功能,发现软件缺陷,进一步提升软件质量.  相似文献   

5.
基于路径覆盖插桩的可执行代码测试工具实现   总被引:1,自引:0,他引:1  
王轶  蒋同海  董军  周喜 《计算机工程》2012,38(5):35-37,40
为解决传统程序插桩技术存在代码膨胀和运行时间较长的问题,提出对可执行代码进行控制流路径覆盖消除冗余的插桩策略。依据该策略设计一种针对Java可执行代码的单元测试工具,完成程序执行路径跟踪和覆盖率分析。对测试工具进行功能验证和性能分析,结果表明,该策略能够有效减少插桩点数量,降低插桩对被测程序时间特性的影响。  相似文献   

6.
主流区块链平台以太坊上频繁发现由不安全编程引起的智能合约安全漏洞。为了提高模糊测试对合约代码的覆盖率,以更全面地检测安全漏洞,提出了一种智能合约模糊测试方法。首先构造智能合约交易序列数据集,再基于深度学习构建智能合约交易生成模型以生成模糊测试初始种子;然后根据覆盖率和分支距离信息,对智能合约进行信息反馈引导的模糊测试,提出了特定的测试用例染色体编码方式,并设计实现了相应的交叉和变异算子。所提方法能有效覆盖智能合约的深层次状态以及严格条件守卫的分支代码。在500个智能合约上进行实验,结果表明,所提方法的代码覆盖率为93.73%,漏洞检测率为93.93%,与ILF,sFuzz, Echidna方法相比,所提方法的代码覆盖率提高了3.80%~25.49%,漏洞检测率提高了4.64%~24.02%。所提方法有助于提升以太坊智能合约安全测试的有效性,具有参考价值。  相似文献   

7.
基于网络信息安全漏洞问题越来越受重视,针对漏洞研究中测试代码覆盖率和漏洞挖掘效率问题,设计并实现了基于混合符号执行的Fuzzing测试系统;该系统采用了指令动态追踪、混合符号执行、约束求解、测试用例生成及动态测试5个模块,通过对系统各个环节优化处理提高效率,并实验验证系统代码覆盖率较传统Fuzzing测试工具也有较大提高,得出了该系统能适用于大型应用软件测试的结论。  相似文献   

8.
基于覆盖率引导的模糊测试(Fuzzing)是当前最有效的漏洞自动挖掘技术.目前大部分的模糊测试工具对于新产生的测试用例实施全追踪策略.但是随着时间的流逝,模糊工具生成的测试用例都集中在程序的高频路径,使能够产生新覆盖的测试用例远少于已生成测试用例的总数,以至于全追踪策略花费了大量无意义的时间成本和运行开销.因此提出基于异常检测模型的模糊测试工具ADFuzz,筛选低频路径以减少高频路径的执行次数,从而加速模糊测试,持续引导模糊测试朝着低频路径方向变异运行,并扩大程序覆盖.通过ADFuzz,AFL,Untracer在12个真实程序上运行24 h的实验结果显示,相比AFL,ADFuzz平均速度提升23.8%,平均覆盖率增加11.78%,最高增加25.8%;相比Untracer,ADFuzz平均速度降低较少,但是漏洞数量和覆盖率都有较大提升.  相似文献   

9.
嵌入式软件语句覆盖率测试插桩技术   总被引:1,自引:0,他引:1  
孙红利  王忠民  王文浪 《计算机应用》2010,30(10):2738-2740
针对基于宿主机的嵌入式软件测试,提出一种单元测试中通用的语句覆盖率测试方法,通过插桩技术,采用向源代码插桩实现语句覆盖率测试。设计了测试代码的实现算法,通过测试代码可以自动完成向被测代码插桩。这些方法被成功地应用到笔者所在项目组开发的嵌入式软件仿真测试平台ARMtest上。利用这些方法,在嵌入式硬件系统未完成开发之前,可通过宿主机环境和仿真环境及时发现嵌入式软件开发初期的一些不足并加以完善。  相似文献   

10.
模糊测试是一种行之有效的软件缺陷检测方法.其基本思想是生成大量随机输入,从而广泛探索程序行为,并以此发现程序崩溃和崩溃背后的软件缺陷.显然,纯随机的输入无法高效探索程序行为,大量程序缺陷也难以导致崩溃.为了进一步提升模糊测试的有效性,模糊测试往往引入静态插桩技术,用于加快探索程序状态空间速度,提升发现缺陷的能力.因此,引入静态插桩已经成为当下模糊测试的经典实践.聚焦于模糊测试场景下的插桩需求,除了介绍静态插桩技术的基本原理外,从安全特性强化和导向信息收集两个视角出发,系统性地分析了当下静态插桩的典型方法.同时,针对插桩的额外开销问题,全面地测量了不同插桩方案下的程序的执行速度,并与基线的未插桩程序进行比对.最后基于上述分析和测量,初步展望了静态插桩的优化方向.  相似文献   

11.
Abstract This paper describes an approach to the design of interactive multimedia materials being developed in a European Community project. The developmental process is seen as a dialogue between technologists and teachers. This dialogue is often problematic because of the differences in training, experience and culture between them. Conditions needed for fruitful dialogue are described and the generic model for learning design used in the project is explained.  相似文献   

12.
European Community policy and the market   总被引:1,自引:0,他引:1  
Abstract This paper starts with some reflections on the policy considerations and priorities which are shaping European Commission (EC) research programmes. Then it attempts to position the current projects which seek to capitalise on information and communications technologies for learning in relation to these priorities and the apparent realities of the marketplace. It concludes that while there are grounds to be optimistic about the contribution EC programmes can make to the efficiency and standard of education and training, they are still too technology driven.  相似文献   

13.
融合集成方法已经广泛应用在模式识别领域,然而一些基分类器实时性能稳定性较差,导致多分类器融合性能差,针对上述问题本文提出了一种新的基于多分类器的子融合集成分类器系统。该方法考虑在度量层融合层次之上通过对各类基多分类器进行动态选择,票数最多的类别作为融合系统中对特征向量识别的类别,构成一种新的自适应子融合集成分类器方法。实验表明,该方法比传统的分类器以及分类融合方法识别准确率明显更高,具有更好的鲁棒性。  相似文献   

14.
为了设计一种具有低成本、低功耗、易操作、功能强且可靠性高的煤矿井下安全分站,针对煤矿安全生产实际,文章提出了采用MCS-51系列单片机为核心、具有CAN总线通信接口的煤矿井下安全监控分站的设计方案;首先给出煤矿井下安全监控分站的整体构架设计,然后着重阐述模拟量输入信号处理系统的设计过程,最后说明单片机最小系统及其键盘、显示、报警、通信等各个组成部分的设计;为验证设计方案的可行性与有效性,使用Proteus软件对设计内容进行仿真验证,设计的煤矿井下安全监控分站具有瓦斯、温度等模拟量参数超标报警功能和电机开停、风门开闭等开关量指示功能;仿真结果表明:设计的煤矿井下安全监控分站具有一定的实际应用价值.  相似文献   

15.
Development of software intensive systems (systems) in practice involves a series of self-contained phases for the lifecycle of a system. Semantic and temporal gaps, which occur among phases and among developer disciplines within and across phases, hinder the ongoing development of a system because of the interdependencies among phases and among disciplines. Such gaps are magnified among systems that are developed at different times by different development teams, which may limit reuse of artifacts of systems development and interoperability among the systems. This article discusses such gaps and a systems development process for avoiding them.  相似文献   

16.
This paper presents control charts models and the necessary simulation software for the location of economic values of the control parameters. The simulation program is written in FORTRAN, requires only 10K of main storage, and can run on most mini and micro computers. Two models are presented - one describes the process when it is operating at full capacity and the other when the process is operating under capacity. The models allow the product quality to deteriorate to a further level before an existing out-of-control state is detected, and they can also be used in situations where no prior knowledge exists of the out-of-control causes and the resulting proportion defectives.  相似文献   

17.
Going through a few examples of robot artists who are recognized worldwide, we try to analyze the deepest meaning of what is called “robot art” and the related art field definition. We also try to highlight its well-marked borders, such as kinetic sculptures, kinetic art, cyber art, and cyberpunk. A brief excursion into the importance of the context, the message, and its semiotics is also provided, case by case, together with a few hints on the history of this discipline in the light of an artistic perspective. Therefore, the aim of this article is to try to summarize the main characteristics that might classify robot art as a unique and innovative discipline, and to track down some of the principles by which a robotic artifact can or cannot be considered an art piece in terms of social, cultural, and strictly artistic interest. This work was presented in part at the 13th International Symposium on Artificial Life and Robotics, Oita, Japan, January 31–February 2, 2008  相似文献   

18.
In modern service-oriented architectures, database access is done by a special type of services, the so-called data access services (DAS). Though, particularly in data-intensive applications, using and developing DAS are very common today, the link between the DAS and their implementation, e.g. a layer of data access objects (DAOs) encapsulating the database queries, still is not sufficiently elaborated, yet. As a result, as the number of DAS grows, finding the desired DAS for reuse and/or associated documentation can become an impossible task. In this paper we focus on bridging this gap between the DAS and their implementation by presenting a view-based, model-driven data access architecture (VMDA) managing models of the DAS, DAOs and database queries in a queryable manner. Our models support tailored views of different stakeholders and are scalable with all types of DAS implementations. In this paper we show that our view-based and model driven architecture approach can enhance software development productivity and maintainability by improving DAS documentation. Moreover, our VMDA opens a wide range of applications such as evaluating DAS usage for DAS performance optimization. Furthermore, we provide tool support and illustrate the applicability of our VMDA in a large-scale case study. Finally, we quantitatively prove that our approach performs with acceptable response times.  相似文献   

19.
Although there are many arguments that logic is an appropriate tool for artificial intelligence, there has been a perceived problem with the monotonicity of classical logic. This paper elaborates on the idea that reasoning should be viewed as theory formation where logic tells us the consequences of our assumptions. The two activities of predicting what is expected to be true and explaining observations are considered in a simple theory formation framework. Properties of each activity are discussed, along with a number of proposals as to what should be predicted or accepted as reasonable explanations. An architecture is proposed to combine explanation and prediction into one coherent framework. Algorithms used to implement the system as well as examples from a running implementation are given.  相似文献   

20.
《Information & Management》2016,53(6):787-802
Discrepant technological events or situations that entail a problem, a misunderstanding or a difficulty with the Information Technology (IT) being employed, are common in the workplace, and can lead to frustration and avoidance behaviors. Little is known, however, about how individuals cope with these events. This paper examines these events by using a multi-method pragmatic approach informed by coping theory. The results of two studies – a critical incident study and an experiment – serve to build and test, respectively, a theoretical model that posits that individuals use a variety of strategies when dealing with these events: they experience negative emotions, make external attributions, and adopt engagement coping strategies directed at solving the event, eventually switching to a disengagement coping strategy when they feel they have no control over the situation. Furthermore, users’ efforts may result in ‘accidental’ learning as they try to overcome the discrepant IT events through engagement coping. The paper ends with a discussion of the results in light of existing literature, future opportunities for research, and implications for practice.  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号