针对缺陷根源定位的测试用例生成技术  

作　　者：杜昊 王允超[1] 燕宸毓 李星玮 DU Hao;WANG Yunchao;YAN Chenyu;LI Xingwei(State Key Laboratory of Mathematical Engineering and Advanced Computing,Information Engineering University,Zhengzhou 450001,China)

机构地区：[1]信息工程大学数学工程与先进计算国家重点实验室,郑州450001

出　　处：《计算机科学》2023年第7期10-17,共8页Computer Science

基　　金：国家重点研发计划(2019QY0501)。

摘　　要：缺陷根源定位是软件调试的重要阶段,基于频谱的缺陷根源定位方法是软件自动化调试研究中的热点问题,但其定位效果很大程度上取决于测试用例的质量。不同类型软件的测试输入通用性差,随机生成的测试输入则存在过拟合或混杂项过多的问题,导致分析结果误差较大,致使目前该类技术的应用场景有限。针对测试用例生成问题,提出了基于崩溃路径的分阶段探索方法Dgenerate,并实现原型工具Dloc。首先利用二进制插桩手段在程序执行输入阶段于基本块中插桩路径信息,根据此信息将原始测试输入划分为普通型和引导型;然后利用动态能量调度算法探索崩溃相关路径生成高质量的测试用例;最后在原始程序中执行测试用例并追踪执行时信息,通过统计分析的方法有效地定位到程序缺陷根源的位置。文中选取了6个不同类型软件中的15个真实CVE漏洞进行实验,结果显示Dloc生成的测试用例与已有技术相比可以将定位效率平均提升75%,并且Dloc能够以87%的准确性在评分前五的位置中输出缺陷根源相关代码片段,验证了所提方法系统的可行性和实用性。Vulnerability root cause localization is an important stage of software debugging,and spectrum-based fault root cause localization method is a hot issue in software automation debugging research,but the effectiveness of the positioning depends to a large extent on the quality of the test cases.Test inputs of different types of software are poorly generalized,and randomly gene-rated test inputs lead to large errors in analysis results due to overfitting or too many confounding items,resulting in limited application scenarios of such techniques at present.In this paper,we propose a phased exploration method Dgenerate based on crash paths to address the test case generation problem and implement the prototype tool Dloc.First,we use binary staking to insert staking path information in the basic block during the input stage of program execution,and then classify the original test inputs into common and guided types based on this information.Then,we use the dynamic energy scheduling algorithm to explore crash-related paths to generate high-quality test cases.Finally,the test cases are executed in the original program and execution information is traced to effectively locate the root cause of program fault through statistical analysis.In this paper,15 real CVE vulnerabilities in six different types of software are selected for experiments,and the results show that test cases generated by Dloc can improve location efficiency by 75%on average compared to previous techniques,and Dloc can output the code fragments related to the root causes of defect in the top five positions with an accuracy of 87%,which verifies the feasibility and practicality of the method system in this paper.

关 键 词：根源定位 测试用例 程序频谱 统计分析 定向模糊测试 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]