| 一种自动生成软件缺陷输入的方法 |
| |
| 引用本文: | 程绍银,蒋凡,王嘉捷,张晓菲.一种自动生成软件缺陷输入的方法[J].中国科学技术大学学报,2010,40(2). |
| |
| 作者姓名: | 程绍银 蒋凡 王嘉捷 张晓菲 |
| |
| 作者单位: | 1. 中国科学技术大学计算机科学技术系,安徽合肥,230027
2. 中国信息安全产品测评认证中心,北京,100089 |
| |
| 基金项目: | 中国高技术研究发展(863)计划 |
| |
| 摘 要: | 利用软件补丁信息,结合静态分析、符号执行和约束求解技术,提出了一种测试输入自动生成方法.该方法可以自动产生绕过补丁修补位置的测试输入,给出新的触发软件缺陷的有效可执行路径,从而找到新的软件缺陷.运用这种方法,在GNU Mailutils中,成功地发现了一个软件缺陷.该方法可以运用于实际的软件代码,保证了软件补丁修补的完备性.
|
| 关 键 词: | 软件缺陷 补丁 测试生成 静态分析 符号执行 约束求解 |
A method for automatically generating inputs of software bug |
| |
| CHENG Shaoyin,JIANG Fan,WANG Jiajie,ZHANG Xiaofei.A method for automatically generating inputs of software bug[J].Journal of University of Science and Technology of China,2010,40(2). |
| |
| Authors: | CHENG Shaoyin JIANG Fan WANG Jiajie ZHANG Xiaofei |
| |
| Institution: | CHENG Shaoyin1,JIANG Fan1,WANG Jiajie1,ZHANG Xiaofei2(1.Department of Computer Science,University of Science , Technology of China,Hefei 230027,China,2.China Information Technology Security Certification Center,Beijing 100089,China) |
| |
| Abstract: | Utilizing software patch information,combining static analysis,symbolic execution and constraint solving,a new method for automatically generating test inputs was presented.The method can automatically generate test inputs of bypassing patch location,simultaneously find new effective executable paths to trigger bugs,then find new software bugs.A software bug was found in GNU Mailutils by applying this method.The method can analyze actual software codes,and contribute to the maturity of software patchs. |
| |
| Keywords: | bug finding patch test case generation static analysis symbolic execution constraint solving |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
