共查询到20条相似文献,搜索用时 346 毫秒
1.
为有效产生程序测试数据,提高Fuzzing测试数据的生成效率和测试覆盖率的问题,提出了一种新的Fuzzing测试数据生成算法--H-Fuzzing.其主要思想是通过程序静态分析结果和动态运行属性,收集程序关键分支谓词的相关信息,得到其与输入变量之间的关联关系,进而指导测试数据算法的收缩,达到能够在少量的随机输入产生过程中得到较高的测试覆盖率的目的. 相似文献
2.
3.
堆栈测试是嵌入式操作系统安全评估的重要环节,堆栈溢出会覆盖邻近堆栈中的数据,造成数据错乱进而引发系统崩溃。然而捕获并定位堆栈溢出具有一定难度。首先,溢出数据可能会侵占操作系统中其它任务的私有堆栈,而发生溢出的任务本身没有异常表现,以致难以确定堆栈溢出的根源;其次,由于操作系统任务的优先级差异,堆栈溢出的暴露时间可能滞后于其发生时间。提出了一种基于实时堆栈分配与回收行为监测的动态堆栈测试方法,首先在堆栈行为测试点插入桩函数,以采集任务堆栈的测试码;然后设置上位机测试程序,以分析测试码并提供测试结果,实现实时捕获并定位堆栈溢出。利用此方法,在基于车载远程信息处理终端的实际测试中,定位到了3处造成系统崩溃或复位的堆栈溢出异常,评估了操作系统堆栈的安全性。另外,根据测试结果,优化了堆栈大小的静态分配,在单个任务中最多节省了42%的堆栈空间,并将整个任务RAM压缩至原来的63%。 相似文献
4.
在本文中,我们提出BAEG,一个自动寻找二进制程序漏洞利用的系统.BAEG为发现的每一个漏洞产生一个控制流劫持的利用,因此保证了它所发现的漏洞都是安全相关并且可利用的.BAEG针对输入造成程序崩溃的情况进行分析,面临的挑战主要有两点:1)如何重现崩溃路径,获取崩溃状态;2)如何自动生成控制流劫持利用.对于第一点,本论文提出路径导向算法,将崩溃输入作为符号值,重现崩溃路径.对于第二点,我们总结多种控制流劫持的利用原理,建立对应的利用产生模型.此外,对于非法符号读、写操作,BAEG还可以让程序从崩溃点继续执行,探索程序深层次代码,检测崩溃路径逻辑深处是否还有利用点. 相似文献
5.
6.
测试语言是卫星地面测试总控软件的核心,用户通过使用测试语言来编写测试序列程序,来对卫星的内部各分系统进行测试,以保证卫星的可靠运行。本文介绍了我们在研制卫星地面测试总控软件中研制的测试序列管理系统。 相似文献
7.
内存泄漏是C/C++程序的一种常见的、难以发现的缺陷,一直困扰着软件开发者,尤其是针对长时间运行的程序或者系统软件,内存泄漏的后果十分严重.针对内存泄漏的检测,目前主要有静态分析和动态测试两种方法.动态测试实际运行程序,具有较大开销,同时依赖测试用例的质量;静态分析技术及自动化工具已经被学术界和工业界广泛运用于内存泄漏缺陷检测中,然而由于静态分析采取了保守的策略,其结果往往包含数量巨大的误报,需要通过进一步人工确认来甄别误报,但人工确认静态分析的结果耗时且容易出错,严重限制了静态分析技术的实用性.本文提出了一种基于混合执行测试的静态内存泄漏警报的自动化确认方法.首先,针对静态分析报告的目标程序中内存泄漏的静态警报,对目标程序进行控制流分析,并计算警报的可达性,形成制导信息;其次,基于警报制导信息对目标程序进行混合执行测试;最后,在混合执行测试过程中,监控追踪内存对象的状态,判定内存泄漏是否发生,对静态警报进行动态确认并分类.实验结果表明该方法可以对静态内存泄漏警报进行有效的分类,显著降低了人工确认的工作量.实验详情参见:http://ssthappy.github.io/memleak/. 相似文献
8.
回归测试对修改后的软件重新进行测试,确认修改没有引入新的错误或导致其他代码产生错误。研究GUI回归测试脚本的自动化修复技术,采用有限状态机描述GUI的交互行为,并基于FSM产生测试用例集;使用自动化测试工具生成测试脚本,建立状态迁移和测试脚本的映射关系表;通过比较GUI新、旧版本的FSM得到GUI的变化信息,根据变化信息和映射表对原测试脚本自动修复。实例验证了脚本修复方法的可行性和有效性。 相似文献
9.
通过对地球物理软件研发过程中比较常见内存错误的调研与总结,设计并实现了一个基于C/C++的动态内存检测工具,采用内嵌与关键函数截获方式,对编译器开放接口进行扩展与改进.该工具通过对软件运行过程中堆内存使用情况的实时收集、分类统计与分析,达到动态的监控与检测内存堆栈错误的目的.以中国石化石油物探技术研究院自主研发的油气综合解释系统NEWS子系统-叠前叠后联合解释模块主要流程为例,用该检测工具对其进行全面的测试与应用.实践表明,嵌入监测器的应用软件在开发过程中大幅降低了内存泄漏现象,运行时减少了内存错误导致的异常崩溃现象,提高了应用软件的稳定性,并能够对开发以及测试人员快速定位与分析软件错误起到较强的指导作用. 相似文献
10.
当前漏洞检测技术可以实现对小规模程序的快速检测,但对大型或路径条件复杂的程序进行检测时其效率低下。为实现复杂路径条件下的漏洞快速检测,文中提出了一种复杂路径条件下的漏洞检测技术SymFuzz。SymFuzz将导向式模糊测试技术与选择符号执行技术相结合,通过导向式模糊测试技术对程序路径进行过滤,利用选择符号执行技术对可能触发漏洞的路径进行求解。该技术首先通过静态分析获取程序漏洞信息;然后使用导向式模糊测试技术,快速生成可以覆盖漏洞函数的测试用例;最后对漏洞函数内可以触发漏洞的路径进行符号执行,生成触发程序漏洞的测试用例。文中基于AFL与S2E等开源项目实现了SymFuzz的原型系统。实验结果表明,SymFuzz与现有的模糊测试技术相比,在复杂路径条件下的漏洞检测效果提高显著。 相似文献
11.
《IEEE transactions on pattern analysis and machine intelligence》1983,(4):385-394
Display management software usually provides support for: creating displays on a CRT (cathode ray tube) or other output device; handling user inputs from keyboards, light-pens, and other input devices; and communicating with an application program in terms of these outputs and inputs. We propose a design for a family of display management systems which provide device-independent, high-level support for applications programming. The design involves structuring the display management software as a set of modules, with three levels of interfaces. The key features of this design include: 1) separation of display specifications from the actual data to be displayed; 2) structured output and input specifications; 3) asynchronous, message passing inter-faces; and 4) a software structure based on hiding details of data structures, algorithms and device orders. 相似文献
12.
曹廷 《单片机与嵌入式系统应用》2022,22(3):49-51
由于嵌入式系统日趋复杂,程序的复杂程度也与日俱增,这导致程序异常跳转、数组越界、堆栈溢出等异常现象时有发生,但编译器以及专业的静态代码扫描工具无法发现此类问题。程序运行时一旦发生此类异常,往往会导致系统死机等严重故障,系统死机后,留给开发人员的有用信息一般很少,常常需要花很多时间及精力才能查出导致程序异常的具体原因,因此,开发一种高效的程序异常检测手段就显得十分必要。利用DSP软件编译器的插桩功能,可完整记录程序异常前的运行轨迹数据,通过分析这些轨迹数据可重建程序异常前的运行轨迹,利用这些信息,开发人员可高效地查出程序异常的具体原因。 相似文献
13.
Occupant responses and injuries are important considerations in the design and assessment of roadside safety devices such as barriers. Although incorporating occupant responses and injuries into the design of safety devices is highly recommended by the current safety regulations, there are limited studies that directly consider occupant responses and injuries. Crash test dummies are seldom equipped in the state-of-the-art crash testing of roadside barriers and thus occupant responses and injury risks are evaluated primarily based on vehicle responses. In the present work, occupant responses and injuries in automotive crash events were investigated by incorporating crash test dummies into the vehicle model that was used in the finite element (FE) simulations of roadside crashes. The FE models of a Ford F250 pickup truck and a Hybrid III 50th percentile crash test dummy were employed and a passive restraint system was developed in the FE model. The FE model was validated using existing experiments including a sled test and a full-frontal impact test. Simulations of the Ford F250 impacting a concrete barrier and a W-beam guardrail were conducted and the occupant responses were analyzed. Furthermore, occupant injuries were quantitatively estimated using occupant injury criteria based directly on dummy responses and compared to those based solely on vehicle responses. The correlations between vehicle responses and occupant injuries were studied. 相似文献
14.
Crash(程序崩溃)分析是漏洞挖掘与利用的关键阶段,判定Crash是由何种类型漏洞产生的是进行Crash分析和漏洞利用的前提。针对现有漏洞检测平台无法有效识别Crash类型的问题,提出一种二进制可执行程序漏洞检测和Crash类型判定的方法。该方法通过对二进制可执行程序Fuzz出的Crash进行污点标记,在污点传播阶段兼顾污点清除、间接污染等污点传播规则,在污点检查阶段通过收集崩溃点上下文信息,匹配多种漏洞触发规则。基于上述方法开发出对二进制程序漏洞检测和判定Crash所属漏洞类型的原型系统,实验结果表明,该方法适用于栈溢出、格式化字符串、堆溢出等漏洞导致的覆盖返回地址、函数指针等模式,具有较高准确率。 相似文献
15.
User modeling is aimed at capturing the users’ interests in a working domain, which forms the basis of providing personalized information services. In this paper, we present an ontology based user model, called user ontology, for providing personalized information service in the Semantic Web. Different from the existing approaches that only use concepts and taxonomic relations for user modeling, the proposed user ontology model utilizes concepts, taxonomic relations, and non-taxonomic relations in a given domain ontology to capture the users’ interests. As a customized view of the domain ontology, a user ontology provides a richer and more precise representation of the user’s interests in the target domain. Specifically, we present a set of statistical methods to learn a user ontology from a given domain ontology and a spreading activation procedure for inferencing in the user ontology. The proposed user ontology model with the spreading activation based inferencing procedure has been incorporated into a semantic search engine, called OntoSearch, to provide personalized document retrieval services. The experimental results, based on the ACM digital library and the Google Directory, support the efficacy of the user ontology approach to providing personalized information services. 相似文献
16.
Niklas Lavesson Martin Boldt Paul Davidsson Andreas Jacobsson 《Knowledge and Information Systems》2011,26(2):285-307
The amount of software that hosts spyware has increased dramatically. To avoid legal repercussions, the vendors need to inform
users about inclusion of spyware via end user license agreements (EULAs) during the installation of an application. However,
this information is intentionally written in a way that is hard for users to comprehend. We investigate how to automatically
discriminate between legitimate software and spyware associated software by mining EULAs. For this purpose, we compile a data
set consisting of 996 EULAs out of which 9.6% are associated to spyware. We compare the performance of 17 learning algorithms
with that of a baseline algorithm on two data sets based on a bag-of-words and a meta data model. The majority of learning
algorithms significantly outperform the baseline regardless of which data representation is used. However, a non-parametric
test indicates that bag-of-words is more suitable than the meta model. Our conclusion is that automatic EULA classification
can be applied to assist users in making informed decisions about whether to install an application without having read the
EULA. We therefore outline the design of a spyware prevention tool and suggest how to select suitable learning algorithms
for the tool by using a multi-criteria evaluation approach. 相似文献
17.
航空电子系统综合自动检测设备具备良好的通用性能,对提高飞机电子设备的维修保障效率极其有益。但设备高度的信息化程度以及测试的自动化,要求其配套可用于人机交互的客户端软件。本文在MFC微软框架类库强大的可视化编程环境下,通过COM、ActiveX等接口技术对测试程序运行环境组件和ACCESS数据库进行调用编制了一款人机会话界面友好的客户端软件实现测试程序管理、测试报告管理、用户权限管理、测试日志管理等功能。经交付使用验证,该客户端软件运行稳定,能很好地配合操作人员控制自动检测设备平台的各类仪器完成测试任务并管理测试过程中的多种信息。 相似文献
18.
Though there have been several recent efforts to develop disk based video servers, these approaches have all ignored the topic of updates and disk server crashes. In this paper, we present a priority based model for building video servers that handle two classes of events: user events that could include enter, play, pause, rewind, fast-forward, exit, as well assystem events such as insert, delete, server-down, server-up that correspond to uploading new movie blocks onto the disk(s), eliminating existing blocks from the disk(s), and/or experiencing a disk server crash. We will present algorithms to handle such events. Our algorithms are provably correct, and computable in polynomial time. Furthermore, we guarantee that under certain reasonable conditions, continuing clients experience jitter free presentations. We further justify the efficiency of our techniques with a prototype implementation and experimental results. 相似文献
19.
恢复软件系统架构对于理解和重用遗留系统具有重要意义。本文提出了一种基于程序动态执行特性分析的JAVA软件系统架构修复方法。首先根据用户需求设计测试用例,然后在测试用例的执行过程中收集动态执行信息,再将信息整理成上下文后进行FC分析,最后将实现类似功能的子系统组合在一起,由此得到系统的逻辑组织结构视图。原型系统的实验结果表明,此方法能有效恢复中小规模JAVA软件系统的系统架构。 相似文献