| Software testing is the primary technique to improve reliability of software. Designing and generating effective test cases is one of the important factors to the quality of software testing.On the analysis and the testing of software security defects,the research of a demand-driven automated test generation is carried out. The main contents of the dissertation go as follows:1.The manually analysis of software security defectsThe research of the method of automated test generation cannot be separated from the valuable experiences of the manually analysis of software security defects. The dissertation presents a description method of defect model using the manually analysis of software security defects,and an example to detailedly introduce the manually analysis method of software security defects.2.Demand-driven software security defect automated test generationAutomated test generation of software security defects aims at automated generation of test inputs which can trigger security defects.The testing strategy does not concentrate on coverage rate alone as general software tests do.It can be determined by analyzing software patches and defect models whether some doubtful statements or paths are covered.And then test inputs triggering defects can be generated by forward symbolic execution or reverse backtracking method. Demand-driven reflects in two aspects.On one aspect,test strategy is demand-driven, that is,only needing to cover the doubtful defective statements.On the other aspect, test generation is demand-driven,that is,as few paths as possible are explored in the test generation process,main methods used in which are on-demand scheduling, on-demand backtracking,on-demand expansion,etc.Automated test generation of security defects is interprocedural and demand-driven method should greatly mitigate the path explosion problem.3.Design and prototype implementation of a demand-driven automatic defect detection systemA demand-driven automatic defect detection prototype system has been implemented.The system is based on the Phoenix compiler framework,Gcc compiler and Z3 solver.In addition,the system has been designed as a cross-platform scalable analysis framework,which can analyze the source codes on both Windows platform and Linux platform.The prototype system has been used to check some open source softwares.The several publicized security defects are verified.Under the guidance of the patch information,it finds unpublicized execution paths and inputs which can trigger the defective statements again bypassing the patch statements.It shows the feasibility and effectiveness of the demand-driven automated test generation.
|
PDF Full Text Request