基于回溯与引导的关键代码区域覆盖的二进制程序测试技术研究  被引量：9

作　　者：崔宝江[1,2] 梁晓兵[1] 王禹[2] 王建新[3] 

机构地区：[1]北京邮电大学计算机学院,北京100876 [2]中国信息安全测评中心,北京100085 [3]北京林业大学信息学院,北京100083

出　　处：《电子与信息学报》2012年第1期108-114,共7页Journal of Electronics & Information Technology

基　　金：国家自然科学基金(61170268;61070207)资助课题

摘　　要：基于路径覆盖的测试方法是软件测试中比较重要的一种测试方法,但程序的路径数量往往呈指数增长,对程序的每一条路径都进行测试覆盖基本上是不可能的。从软件安全测试的观点看,更关心程序中的关键代码区域(调用危险函数的语句、圈复杂度高的函数、循环写内存的代码片断)的执行情况。该文提出了覆盖关键代码区域的测试数据自动生成方法,该方法基于二进制程序,不依赖于源码。通过回溯路径获取所有可达关键代码区域的程序路径,并通过路径引导自动为获得的路径生成相应的测试数据。路径引导策略基于程序的符号执行与实际执行,逐步调整输入,使用约束求解器生成相应的测试用例。理论分析与实验结果显示该文给出的方法可以降低生成测试数据所需要的运行次数,与传统的覆盖路径测试数据生成方法相比,所需要的运行次数显著降低,提高了生成测试数据的效率。Path traverse is a kind of important software testing method of software test.However,as the number of paths of software is usually exponential,to test every path is unpractical.From the point view of software security test,the execution of critical code fragments in the binary program is more interested.The critical code fragments are the statements which call the danger function,the functions with high cyclomatic complexity and the code fragments with loop-writing memory.In this paper,a data auto-generation method is presented,which covers the critical code area,this approach is based upon binary program and does not need the source code of the test program.These paths which can reach the critical code areas are automatically obtained by a method called path backtracking,and are automatically generated test data for these paths by a method called path leading.It is based on the symbolic execution and concrete execution,regulates the test input step by step and uses the constraint solver to generate the test cases.Theory analysis and experiment results indicate that the method of path leading can reduce the execution number of test data generation contrast with existing methods of generating test data for a given path,the method of path leading improves the efficiency of test data generation.

关 键 词：测试数据自动生成 关键代码区域 符号执行与实际执行 路径回溯与引导 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]