回归测试中基于值谱比较的偏离根定位法

在回归测试中,利用程序谱中的值谱比较不同版本程序的内部行为,将程序的比较转换为函数状态的比较,以估计偏离发生的大概位置,找到偏离根所在的函数。引入偏离调用树记录发生偏离的函数,在此基础上提出2种缩小偏离根定位范围的启发式方法,使偏离根的定位更精确。     

Most specific logic programs

More specific versions of definite logic programs are introduced. These are versions of a program in which each clause is further instantiated or removed and which have an equivalent set of successful derivations to those of the original program, but a possibly increased set of finitely failed goals. They are better than the original program because failure in a non-successful derivation may be detected more quickly. Furthermore, information about allowed variable bindings which is hidden in the original program may be made explicit in a more specific version of it. This allows better static analysis of the program's properties and may reveal errors in the original program. A program may have several more specific versions but there is always a most specific version which is unique up to variable renaming. Methods to calculate more specific versions are given and it is characterized when they give the most specific version.     

Obtaining sample path derivatives by source code instrumentation

This paper describes a process for determining the value of the gradient of the real outputs of a program with respect to its real parameters. CalledGradient Instrumentation, it is a mechanical process of insertion into the program's source code. The resulting program yields the gradient without the re-execution of the program. The sample path derivatives of many discrete event dynamical system simulations can be found using Gradient Instrumentation, by treating them as deterministic programs. The technique can also be applied to continuous simulations. The subject of a patent, Gradient Instrumentation yields derivatives of any order.     

Redux: A Dynamic Dataflow Tracer

Redux is a tool that generates dynamic dataflow graphs. It generates these graphs by tracing a program's execution and recording every value-producing operation that takes place, building up a complete computational history of every value produced. For that execution, by considering the parts of the graph reachable from system call inputs, we can choose to see only the dataflow that affects the outside world. Redux works with program binaries, and thus is not restricted to programs written in any particular language.We explain how Redux works, and show how dynamic dataflow graphs give the essence of a program's computation. We show how Redux can be used for debugging and program slicing, and consider a range of other possible uses.     

基于图挖掘和决策树的软件故障定位研究

对于非崩溃的错误,测试人员往往花费大量的时间才能发现。为了快速准确地定位这类错误,降低软件开发成本,提高软件质量,提出一种辅助定位非崩溃错误的方法。该方法通过收集程序的执行轨迹信息,构造出程序调用图。提取频繁边,运用J48决策树算法,得到基于方法粒度的故障决策树,可辅助人员判定软件缺陷。通过实验与分析,进一步验证了该方法的有效性。     

带控制流的静态函数调用分析方法

提出一种带有控制流的静态函数调用分析的方法,通过建立模型,对源程序进行静态分析,得到程序中的控制流信息和函数调用信息。和已有的静态函数调用关系图分析工具calltree和Source Insight相比,该方法生成的函数调用流图不仅能展现函数间的调用次序,还可以了解程序设计的逻辑复杂度,有助于代码阅读和分析人员更快更好地理解程序结构以及设计流程,并为分析程序控制条件、设计路径覆盖测试用例和进行程序优化奠定基础。     

Motion in bimetric type theories of gravity

The problem of motion of different test particles, charged and spinning objects with a constant spin tensor in different versions of the bimetric theory of gravity is considered by deriving their corresponding path and path deviation equations using a modified Bazanski Lagrangian. Such a Lagrangian, as in the framework of Riemannian geometry, has a capability to obtain path and path deviations of any object simultaneously. This method enables us to derive the path and path deviation equations of different objects orbiting in very strong gravitational fields.     

Loop-level parallelism in numeric and symbolic programs

A new technique for estimating and understanding the speed improvement that can result from executing a program on a parallel computer is described. The technique requires no additional programming and minimal effort by a program's author. The analysis begins by tracing a sequential program. A parallelism analyzer uses information from the trace to simulate parallel execution of the program. In addition to predicting parallel performance, the parallelism analyzer measures many aspects of a program's dynamic behavior. Measurements of six substantial programs are presented. These results indicate that the three symbolic programs differ substantially from the numeric programs and, as a consequence, cannot be automatically parallelized with the same compilation techniques     

基于自适应粒子群优化算法的测试数据扩增方法

针对在回归测试中原有测试数据集往往难以满足新版本软件测试需求的问题,提出一种基于自适应粒子群算法（APSO）的测试数据扩增方法。首先,根据原有测试数据在新版本程序上的穿越路径与目标路径的相似度,在原有的测试数据集中选择合适的测试数据,作为初始种群的进化个体;然后,利用初始测试数据的穿越路径与目标路径的不同子路径,确定造成两者路径偏离的输入分量;最后,根据路径相似度构建适应度函数,利用APSO操作输入分量,生成新的测试数据。该方法针对四个基准程序与基于遗传算法（GA）和随机法的测试数据扩增方法相比,测试数据扩增效率分别平均提高了约56%和81%。实验结果表明,所提方法在回归测试方面有效地提高了测试数据扩增的效率,增强了其稳定性。     

System Call Monitoring Using Authenticated System Calls

System call monitoring is a technique for detecting and controlling compromised applications by checking at runtime that each system call conforms to a policy that specifies the program's normal behavior. Here, we introduce a new approach to implementing system call monitoring based on authenticated system calls. An authenticated system call is a system call augmented with extra arguments that specify the policy for that call, and a cryptographic message authentication code that guarantees the integrity of the policy and the system call arguments. This extra information is used by the kernel to verify the system call. The version of the application in which regular system calls have been replaced by authenticated calls is generated automatically by an installer program that reads the application binary, uses static analysis to generate policies, and then rewrites the binary with the authenticated calls. This paper presents the approach, describes a prototype implementation based on Linux and the Plto binary rewriting system, and gives experimental results suggesting that the approach is effective in protecting against compromised applications at modest cost.     

一种基于语义的程序融合差别合并算法

在异步协同编程环境下,协作者经常创建多个版本,每个版本都是对原来版本的修订或补充,如何合并多个版本为一个共同的版本是一个重要的研究课题。在已存在的算法中,PDI算法是对HPR和YHR算法的补充,它可以合并当一个版本对if条件语句的then分支进行修改,而另一版本对else分支进行修改时所导致的差别,但是对于某些HPR和YHR算法可合并的程序,PDI算法会报告假冲突,因此提出了一种基于语义的程序融合差别合并算法,它是通过对程序同时使用前向分片和后向分片进行差别分析,避免假冲突的发生。实验表明该算法可以有效地保证编程者的编程意愿。     

A System to Generate Test Data and Symbolically Execute Programs

This paper describes a system that attempts to generate test data for programs written in ANSI Fortran. Given a path, the system symbolically executes the path and creates a set of constraints on the program's input variables. If the set of constraints is linear, linear programming techniques are employed to obtain a solution. A solution to the set of constraints is test data that will drive execution down the given path. If it can be determined that the set of constraints is inconsistent, then the given path is shown to be nonexecutable. To increase the chance of detecting some of the more common programming errors, artificial constraints are temporarily created that simulate error conditions and then an attempt is made to solve each augmented set of constraints. A symbolic representation of the program's output variables in terms of the program's input variables is also created. The symbolic representation is in a human readable form that facilitates error detection as well as being a possible aid in assertion generation and automatic program documentation.     

A compiler optimization algorithm for shared-memory multiprocessors

This paper presents a new compiler optimization algorithm that parallelizes applications for symmetric, shared-memory multiprocessors. The algorithm considers data locality, parallelism, and the granularity of parallelism. It uses dependence analysis and a simple cache model to drive its optimizations. It also optimizes across procedures by using interprocedural analysis and transformations. We validate the algorithm by hand-applying it to sequential versions of parallel, Fortran programs operating over dense matrices. The programs initially were hand-coded to target a variety of parallel machines using loop parallelism. We ignore the user's parallel loop directives, and use known and implemented dependence and interprocedural analysis to find parallelism. We then apply our new optimization algorithm to the resulting program. We compare the original parallel program to the hand-optimized program, and show that our algorithm improves three programs, matches four programs, and degrades one program in our test suite on a shared-memory, bus-based parallel machine with local caches. This experiment suggests existing dependence and interprocedural array analysis can automatically detect user parallelism, and demonstrates that user parallelized codes often benefit from our compiler optimizations, providing evidence that we need both parallel algorithms and compiler optimizations to effectively utilize parallel machines     

On software verification for sensor nodes

We consider software written for networked, wireless sensor nodes, and specialize software verification techniques for standard C programs in order to locate programming errors in sensor applications before the software's deployment on motes. Ensuring the reliability of sensor applications is challenging: low-level, interrupt-driven code runs without memory protection in dynamic environments. The difficulties lie with (i) being able to automatically extract standard C models out of the particular flavours of embedded C used in sensor programming solutions, and (ii) decreasing the resulting program's state space to a degree that allows practical verification times.We contribute a platform-dependent, OS-independent software verification tool for OS-wide programs written in MSP430 embedded C with asynchronous hardware interrupts. Our tool automatically translates the program into standard C by modelling the MCU's memory map and direct memory access. To emulate the existence of hardware interrupts, calls to hardware interrupt handlers are added, and their occurrence is minimized with a double strategy: a partial-order reduction technique, and a supplementary reachability check to reduce overapproximation. This decreases the program's state space, while preserving program semantics. Safety specifications are written as C assertions embedded in the code. The resulting sequential program is then passed to CBMC, a bounded software verifier for sequential ANSI C. Besides standard errors (e.g., out-of-bounds arrays, null-pointer dereferences), this tool chain is able to verify application-specific assertions, including low-level assertions upon the state of the registers and peripherals.Verification for wireless sensor network applications is an emerging field of research; thus, as a final note, we survey current research on the topic.     

Worst-case performance of critical path type algorithms

The critical path method remains one of the most popular approaches in practical scheduling. Being developed for the makespan problem this method can also be generalized to the maximum lateness problem. For the unit execution time task system and parallel processors this generalization is known as the Brucker–Garey–Johnson algorithm. We characterize this algorithm by introducing an upper bound on the deviation of the criterion from its optimal value. The bound is stated in terms of parameters characterizing the problem, namely number of processors, the length of the longest path, and the total required processing time. We also derive a similar bound for the preemptive version of the Brucker– Garey–Johnson algorithm.     

一种基于单条程序执行路径的错误定位方法

当程序在测试中发生错误时,将形成一条错误的程序执行路径,程序员将会花费很多精力去检测程序代码和定位最终的程序错误．提出一种基于单条程序执行路径的错误定位方法,该方法通过对程序进行反向执行,计算出多个最弱前置条件及其相对应的疑似错误语句集,并生成错误定位树,来辅助程序员进行快速错误定位．对西门子测试数据集进行的实验表明了该方法具有良好的效果．     

Summarization for termination: no return!

We propose a program analysis method for proving termination of recursive programs. The analysis is based on a reduction of termination to two separate problems: reachability of recursive programs, and termination of non-recursive programs. Our reduction works through a program transformation that modifies the call sites and removes return edges. In the new, non-recursive program, a procedure call may non-deterministically enter the procedure body (which means that it will never return) or apply a summary statement.     

Abstracting minimal security-relevant behaviors for malware analysis

Dynamic behavior-based malware analysis and detection is considered to be one of the most promising ways to combat with the obfuscated and unknown malwares. To perform such analysis, behavioral feature abstraction plays a fundamental role, because how to specify program formally to a large extend determines what kind of algorithm can be used. In existing research, graph-based methods keep a dominant position in specifying malware behaviors. However, they restrict the detection algorithm to be chosen from graph mining algorithm. In this paper, we build a complete virtual environment to capture malware behaviors, especially that to stimulate network behaviors of a malware. Then, we study the problem of abstracting constant behavioral features from API call sequences and propose a minimal security-relevant behavior abstraction way, which absorbs the advantages of prevalent graph-based methods in behavior representation and has the following advantages: first API calls are aggregated by data dependence, therefore it is resistent to redundant data and is a kind of more constant feature. Second, API call arguments are also abstracted particularly, this further contributes to common and constant behavioral features of malware variants. Third, it is a moderate degree aggregation of a small group of API calls with a constructing criterion that centering on an independent operation on a sensitive resource. Fourth, it is very easy to embed the extracted behaviors in a high dimensional vector space, so that it can be processed by almost all of the prevalent statistical learning algorithms. We then evaluate these minimal security-relevant behaviors in three kinds of test, including similarity comparison, clustering and classification. The experimental results show that our method has a capacity in distinguishing malwares from different families and also from benign programs, and it is useful for many statistical learning algorithms.     

基于系统调用和齐次Markov链模型的程序行为异常检测

异常检测是目前入侵检测领域研究的热点内容.提出一种新的基于系统调用和Markov链模型的程序行为异常检测方法,该方法利用一阶齐次Markov链对主机系统中特权程序的正常行为进行建模,将Markov链的状态同特权程序运行时所产生的系统调用联系在一起,并引入一个附加状态;Markov链参数的计算中采用了各态历经性假设;在检测阶段,基于状态序列的出现概率对特权程序当前行为的异常程度进行分析,并根据Markov链状态的实际含义和程序行为的特点,提供了两种可选的判决方案.同现有的基于隐Markov模型和基于人工免疫原理的检测方法相比,提出的方法兼顾了计算成本和检测准确度,特别适用于在线检测.该方法已应用于实际入侵检测系统,并表现出良好的检测性能.     

用VC++语言创建WORD文档

简单文本格式无法生成复杂的表格和图形，因而采用WORD(或EXCEL)作为专用软件的数据报表文件是很有意义的，它可以按照用户要求将数据以图表的形式形象地表示出来。为了在VC 环境中创建和生成WORD文档，必须利用COM技术，把WORD程序看做COM服务器，把用户程序看做客户端，利用COM技术创建WORD对象，利用WORD对象调用VBScript函数(宏函数)来控制WORD文档的生成。通过研究证实该技术是可行的，并且对OFFICE软件都适用。