| 面向源代码的导向Concolic测试方法研究 |
| |
| 引用本文: | 常超. 面向源代码的导向Concolic测试方法研究[J]. 计算机应用研究, 2018, 35(1) |
| |
| 作者姓名: | 常超 |
| |
| 作者单位: | 电子工程学院 |
| |
| 基金项目: | 国家自然科学基金资助项目 |
| |
| 摘 要: | 软件安全性测试是保证代码质量的重要途径,Concolic测试在实际操作中存在路径爆炸和约束求解能力不足等局限。本文提出一种有导向的Concolic测试方法,针对容易产生缺陷的危险代码区域,依据控制流和数据流属性,采用回溯的方式推导出静态可达路径信息和必要的符号变量,实现对危险代码区域的覆盖测试。实证研究结果表明,通过规避对不关心路径和符号变量的分析,所提方法覆盖测试危险代码区域的效率明显得到提升,具备更强的缺陷检测能力。
|
| 关 键 词: | Concolic测试,缺陷检测,符号执行,代码插桩 |
| 收稿时间: | 2017-03-04 |
| 修稿时间: | 2017-11-27 |
Concolic Testing Method for Source Code |
| |
| Affiliation: | Electronics Engineering Institute |
| |
| Abstract: | Software security testing is an important way to ensure the code quality. Concolic testing is usually confronted with limitations such as path explosion and lack of constraint solution in practice. A directed Concolic testing method oriented was presented in this paper. Aiming at the danger code area prone to produce defects, the paths which can reach the critical code areas and the essential symbolic variables can be inferred based on backtracking control-flow and data-flow analysis. These information can limit the dynamic testing only to cover the danger code area. The empirical results show that by ignoring analysis the unconcerned paths and symbolic variables, the coverage testing effectiveness is significantly improved, the defect detection capability is strengthened. |
| |
| Keywords: | |
|
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
