Research On Some Key Techniques About Software Trustworthiness Assurance

Trusted software requires that software behavior must be consistent with people’s expectations. Nowtime, it lacks the theory and technology of guidance in the design and development phase. So many known or unknown software defects are inevitable. The complexity of the software itself and running environment having open, dynamic and heterogeneous features make software behavior un-controllable and uncertainty. People must face the important problem about the inconsistency between software behavior and people’s expectations. This paper focuses on some key techniques of improving and guaranteeing the credibility of the software, and the main research achievements are as follows:(1) Including environmental factors for the procedure operation in the control-flow model, combining with the advantages of static analysis methods, this paper establishes the model for analysis of procedure behaviors. It marks function call instructions, and uses consistency constraint of return value to overcome the problems caused by the indirect function pointer calls in a dynamic run-time. At the same time using the local principle of the procedure, the method limits the scope of the analysis in the functions; the experimental results show that the model has better accuracy and lower performance impact.(2) According to complex of software structure and difficulty of software fault location, we put forward two methods based on artificial intelligence theory:a fault propagation-Aware program fault location method and the software multi-fault location method based on artificial neural network.In the former, by introducing the concept of edge propagation trend, the method perceives fault propagation for the node having the maximum initial suspicious degree and finally revises the initial suspicious degree for related nodes; And the latter method calculates the support degree of the input for each fault. And then learning the relationship between the faults and the candidate locations of fault using constructed neural network.At last. Experimental results show that compared with traditional methods, the proposed method has a strong ability to distinguish fault locations and can improve the efficiency of software debugging for multi-fault. Thus it supports the repaire of software and improves the credibility of the software.(3) We do some researches on the software repair, and AREA (Automate Repair Evolutionary Algorithm) is proposed based on evolutionary computing. Using CFG (Control Flow Graph) as the individual of the evolution, AREA is directed by the fitness degree of the individual, which is calculated from cardinality of the CFG nodes set constrained by testcases and the degree of structure similarity. It converts repair process to evolution process directed by the fitness degree, which automates the software repair. And the experiments show the feasibility and effectiveness of the research works. And then this paper analyzes the usability of evolution computing for software repair, and does some improvement in the initial population generation, evolution operation location fine-grained control and other related parameters。Further the paper studies the application of AREA for software fault-tolerant area. Thus it meets the needs of the software quality from different angles like as reliability, availability, long survival ability and so on.(4) This paper analyzes the change risks for software repair, and introduces the concepts such as change risk depth, change risk density to quantify software repair change risks, which can guide validation work for software repair. And then combining behavior observation sequence and relations between the repair processes corresponding software, the paper introduces the RSEM (Relative Similarity Evaluation Model) for software repair according to the local characteristics. In the experiment, we study patches and dynamics repair respectively. Comparing the use of pair-addresses sequence, system call sequence, as well as mixed sequence, the paper illustrates the evaluation model works well, and also shows the effectiveness of the model and the mixed sequences have a stronger ability to express the software behavior. RSEM translates verification problem into a behavior similarity measure problem to overcome the shortcomings of existing technology for lack of effective evaluation, and then realizes the effective evaluation for software repair, which provides the support for the deployment of the software repair application.