| As software vulnerability analysis has great significance on network attack and defense, it becomes more and more important to research on software bug finding method. Vulnerability detecting method for binary code is of significance as it has general applicability. Symbolic execution is becoming a hot spot of present research as a kind of more accurate method of software vulnerability detecting which needs path-sensitive analysis. Full path traversing is an important kind of software testing method of symbolic execution. However, as the number of paths of a piece of software is usually enormous, path explosion problem is a great problem of symbolic execution. To test every path is unpractical and sometimes unnecessary. Sometimes, the executing state of some program statements of the software is more emphasized. Then only the paths covering these statements are concerned about. Therefore, this paper proposes a method for auto-generation of test data that cover target for executable programs. The test data generated can cover all execution paths that reach these statements. The method that emphasizes key paths avoids the blindness of full path traversing and alleviates path explosion. This method is based on binary code instead of source code. Compared to full path traversing, This method automatically obtains these paths by a method called path backtracking, and automatically seek test data for these paths by a method called path leading. Path leading is a new method for generating test data. It is based on the practical execution of the program and combines symbolic execution technology with the practical execution. The number of times of rerunning the target program needed for generating test data for a given path could be reduced greatly by using the method of path leading. Compared with existing methods of generating test data for a given path, the method of path leading improves the efficiency of test data generation. |
PDF Full Text Request