未初始化变量的一种静态测试方法

软件测试系统的研制是软件测试领域的一个研究热点.未初始化变量是C/C 程序中的常见故障,该类故障极易导致计算结果错误或系统崩溃.针对C/C6 语言中常见未初始化变量故障进行了分析研究,并从面向具体故障的测试思想出发,建立了C/C 语言中未初始化变量的故障模型,结合静态测试的特点,给出了一种静态查找此类故障的方法.该方法已实现,并已应用于面向故障的软件测试系统中.     

变量定义未使用故障的一种静态测试方法

变量定义未使用故障是C/C 程序中的可见故障,该类故障可导致计算结果错误或系统崩溃.针对C/C 语言中变量定义未使用错误类型进行了分析,并从面向具体故障的测试思想出发,给出软件测试系统设计,建立了C/C 语言中变量定义未使用的故障模型,结合静态测试特点,给出了一种静态查找此类故障的方法.该方法已用于面向故障的软件测试系统中.     

数组越界的静态分析

软件测试分为静态测试和动态测试,而数组越界是静态测试中最常见的问题之一,并且其带来的危害巨大,甚至导致软件系统崩溃。根据数组越界的现象及特点,详细描述了数组越界的定义和种类,给出了数组越界产生的条件及防范技巧,并对检测方法及工具进行比较分析,从而更好地实现软件测试。     

非法计算故障的一种静态测试方法

非法计算是C／C＋＋程序中的常见故障,该类故障极易导致系统崩溃。针对C／C＋＋语言中常见非法计算故障进行了分析,并从面向具体故障的测试思想出发,建立了C／C＋＋语言中非法计算的故障模型,结合静态测试的特点,给出了一种静态查找此类故障的方法。此方法已实现,并已应用于面向故障的软件测试系统中。     

数组越界的静态测试分析

给出了一种静态分析方法,静态分析的主要优点就是在程序运行之前就可以对程序故障进行定位。文章首先针对数组越界错误类型进行了分析,介绍了软件测试的一些基本概念,给出了这类错误的静态分析方法,并给出了相应的算法,而后给出了测试系统设计和开发,最后给出了软件测试的实验结果和分析。     

数组越界的故障模型及其检测方法研究

数组越界是C程序中的常见故障，该类故障可能造成系统的崩溃。首先针对常见的数组越界故障进行了分析，提出了检测数组越界的判定准则，建立了故障模型。根据该故障模型，采用程序控制流图和路径条件，并结合静态分析思想，给出了可有效地检测出程序中存在的数组越界故障的方法。最后通过实例分析了该方法的应用过程。     

基于整型区间集的数组越界静态自动测试方法研究

数组越界是软件中普遍存在的一种故障类型，并对软件安全造成了潜在的威胁．传统的故障检测使用程序插装的方法，并相应的以编译优化技术来排除掉多余的数组边界检查．这种检测方法不仅降低了程序运行效率，增加了开销，而且往往不能对故障进行彻底的测试，容易造成漏报．本文在对程序进行静态分析的基础上，通过引入区间概念，建立了整型区间集和数组区间集，进而给出了数组越界的故障模型，模型的建立对软件故障进行了规范．本文随后给出了故障检测算法，最后给出了实验．结果表明这种方法比以往的测试方法具有更强的故障检测能力．     

Java程序中数组越界和空指针错误的静态分析

介绍了静态分析的相关背景知识,对Java程序中数组越界和空指针错误的常见表现形式进行了归类,并通过实验评估了现有的Java静态分析工具功能,指出了其在跨过程分析中的不足,并对如何改进进行了讨论。     

内存泄露静态检测模型

内存泄漏故障是程序中莱处申请的内存空间,没有释放或没有完全释放或多次释放,是程序中常见的故障,极易导致系统崩溃.从面向具体错误的测试思想出发,采用静态测试的方法,给出了内存泄漏的静态检测模型,同时还引入了区间运算来减少内存泄漏的误报率和漏报率.根据以上模型实现了一个自动测试工具,并已用于软件测试.     

基于污点分析的数组越界缺陷的静态检测方法

随着移动计算、物联网、云计算、人工智能等领域的飞速发展,也涌现出了很多新的编程语言和编译器,但是C/C++语言依旧是最受欢迎的编程语言之一,而数组是C语言最重要的数据结构之一.当在程序中通过数组下标访问数组元素时,必须确保该下标在该数组的边界之内,否则就会导致数组越界.程序中的数组越界缺陷会使得程序在运行时导致系统崩溃,甚至使攻击者可以截取控制流以执行任意恶意代码.当前针对数组越界的静态检查方法无法达到高精度的分析,尤其是无法处理复杂约束和表达式,过多的误报额外增加了开发者的负担.因此,提出了一种基于污点分析的数组越界的静态检测方法.首先,提出流敏感、上下文敏感的按需指针分析方法,实现数组长度区间分析.然后,提出按需污点分析方法,实现数组下标和数组长度污染情况的计算.最后,定义数组越界缺陷判定规则,提出使用后向数据流分析方法,检测数组下标是否越界.在进行数组越界检测的过程中,为了处理程序中的复杂约束和表达式,在分析过程中将调用约束求解器来判断约束的可满足性.如果没有发现相应的语句,则报告数组越界缺陷警报.同时,实现了自动静态分析工具Carraybound,并通过实验展示了方法的有效性.     

Array bounds check elimination in the context of deoptimization

Whenever an array element is accessed, Java virtual machines execute a compare instruction to ensure that the index value is within the valid bounds. This reduces the execution speed of Java programs. Array bounds check elimination identifies situations in which such checks are redundant and can be removed. We present an array bounds check elimination algorithm for the Java HotSpot? VM based on static analysis in the just-in-time compiler.The algorithm works on an intermediate representation in static single assignment form and maintains conditions for index expressions. It fully removes bounds checks if it can be proven that they never fail. Whenever possible, it moves bounds checks out of loops. The static number of checks remains the same, but a check inside a loop is likely to be executed more often. If such a check fails, the executing program falls back to interpreted mode, avoiding the problem that an exception is thrown at the wrong place.The evaluation shows a speedup near to the theoretical maximum for the scientific SciMark benchmark suite and also significant improvements for some Java Grande benchmarks. The algorithm slightly increases the execution speed for the SPECjvm98 benchmark suite. The evaluation of the DaCapo benchmarks shows that array bounds checks do not have a significant impact on the performance of object-oriented applications.     

融合语句复杂度的软件错误定位轻量级方法

在程序调试过程中,基于程序谱的软件错误定位(SBFL)技术能提供有效的帮助。为改善SBFL的性能,提出一种组合程序谱、代码行静态属性的软件错误定位排序学习方法,由线性排序支持向量机学习最优错误定位模型。代码行静态属性包括局部变量、类属性、逻辑运算符和方法调用等程序实体的个数。在使用C、C++和Java语言开发的22个实际故障项目上,采用跨工程的形式训练错误定位模型。实验结果表明,新方法比最优SBFL减少了37.1%的最坏策略EXAM和22.6%的平均策略EXAM。还比较了程序语句的3类轻量级特征：结构化类别、变量谱和静态属性。新方法的时间复杂度低,能实时地推荐可能出现故障的语句序列。     

Deriving Test Suites with the Guaranteed Fault Coverage for Extended Finite State Machines

Extended finite state machines (EFSMs) are widely used when deriving tests for checking the functional requirements for software implementations. However, the fault coverage of EFSMbased tests covering appropriate paths, variables, etc., remains rather obscure. Furthermore, these tests are known be incapable of detecting many functional faults frequently occurring in EFSM-based implementations. In this paper, an approach is proposed for deriving complete tests with the help of a proper Java EFSM implementation. Since the software is based on a template, the faults turn directly into EFSM faults. The method proposed here makes it possible to derive test suites that can detect functional faults. In the first step, the EFSM-based test suite derived by a well-known method is checked for completeness with respect to the faults generated by the μJava tool. Then, each undetected fault is easily mapped into an EFSM mutant. In the next step, some FSM abstraction is used to derive a distinguishing sequence for two finite-state machines (if such a sequence exists), which is added to the current test suite. The test derived in this way is complete with respect to the faults generated by μJava. If the corresponding FSM derived by EFSM modeling is too complex or no such FSM can be derived, the resulting test suite can be incomplete. However, the experiments performed by us clearly show that the original test suite extended by distinguishing sequences can detect many functional faults in software implementations when the given EFSM is used as a specification for the system.     

Design and implementation of Java just-in-time compiler

Early Java implementations relied on interpretation,leading to poor performance compared to compiled programs,Java just-in-time(JIT) compiler can compile Java programs at runtime,so it not only improves Java‘s performance prominently,but also preserves Java‘s portability.In this paper the design and implementing techniques of Java JIT complier based on Chinese open system are discussed in detail.To enhance the portability,a translating method which combines the static simulating method and macro expansion method is adopted.The optimization technique for JIT compiler is also discussed and a way to evaluate the hotspots in Java programs is presented.Experiments have been conducted to verify JIT compilation technique as an efficient way to accelerate Java.     

新型激光测距机故障诊断平台研究

结合军用光电装备故障诊断系统在现代战争条件下的技术保障要求,利用离线仿真等技术,提出了一种激光测距机自动测试系统的设计方案;该系统采用积木式构架,具有很好的扩展性能,可作为激光测距机的通用测试平台;经部队试用,结果表明,该系统能对激光测距机的电路故障进行智能判断,并将故障定位到元件级,具有实时性、准确性、易用性、性能可靠等优点,实现了普通技术人员维修复杂设备的目标,特别适用于部队条件下的快速检测、调试和维修.     

Formally specifying CARA in Java

A restricted dialect of Java is proposed as a language for writing formal specifications for reactive systems. Specifications written in this dialect have one Java class per system module. Each class uses static fields to record module state, uses synchronized static methods as entry points for services provided by the module, and communicates with other modules by method calls. Specifications written in this form are directly executable, can serve as a reference model for subsequent implementations, and can also be used as a target for formal verification techniques. Application of the method to construct an executable specification of the CARA (Computer-Assisted Resuscitation Algorithm) system is described.     

Bytecode fault injection for Java software

Developers using third party software components need to test them to satisfy quality requirements. In the past, researchers have proposed fault injection testing approaches in which the component state is perturbed and the resulting effects on the rest of the system are observed. Non-availability of source code in third-party components makes it harder to perform source code level fault injection. Even if Java decompilers are used, they do not work well with obfuscated bytecode. We propose a technique that injects faults in Java software by manipulating the bytecode. Existing test suites are assessed according to their ability to detect the injected faults and improved accordingly. We present a case study using an open source Java component that demonstrates the feasibility and effectiveness of our approach. We also evaluate the usability of our approach on obfuscated bytecode.     

模型未知的离散事件系统故障诊断方法

针对离散事件系统模型难以建立的大型实际系统,无法对其进行有效故障诊断的问题,提出一种基于主动学习的故障诊断方法。首先,为获取到的系统事件日志添加正常/故障标签,并将日志集划分为训练集和测试集,提出一种基于抽象技术的迭代算法提取训练集中日志的故障特征样本。然后,通过故障特征样本构造初始故障识别器,并利用测试集中的日志检验识别器的准确性。仿真结果表明,该故障诊断算法使得模型未知下诊断精度更高。最后,实例说明系统模型未知下故障诊断算法的应用。与现有研究相比,提出的方法可以在系统模型未知下进行故障诊断且算法复杂度为多项式,诊断精度更高,应用范围更加广泛。