Research On Testing Technology Of Binary Program Based On Coverage Of Critical Path

Followed by the coming of the information era, the computer software has been widely used in all the aspects of the social lives. With that the software security vulnerabilities has bring all kinds of threads. Binary code, as the ultimate manifestation of the software, is the best method of searching software security. As far as the poor depth, accuracy and taint analyses of today?s binary vulnerability research, it is meaningful to search for the fine-grained taint analysis and to deepen the binary test method.The thesis begins in the conclusion of the current method and tools on binary vulnerability analysis and then compares the advantages and disadvantages. On the basis of this, the thesis presents the binary program test methods by detecting the coverage of critical path. The innovations are listed as follow: To get the affection on execution path by program input, the thesis searches and designs a fine-grained dynamic taint analysis. Combining with critical branch back taint analysis, the accuracy of key atom location has improved. It is solved to mapping the program input with the execution path in a quick way. The thesis designs the path choosing algorithm based on critical path coverage. In this way, it solves the inefficiency and path explosion. In addition, the thesis searches the choosing path algorithm bsed on covering critical path. This algorithm is on the basis of domain convergence by abopting the rounds iteration to approximate the sink point. It builds up the rapid analysis and exploring on critical path and reaches the rapid convergence on the path assembly domain to arrive the certain critical area. That includes elimination of unreachable points, reduction on related points and recycling. It can rise the efficient path inducing.The thesis designs and builds a automatic binary program vulnerabilities exploring system symFuzz. The feature tests and comparison tests are made. The test on symFuzz shows it can increase the rate of coverage of the critical area and the rate between examples and exceptions. It has already found bugs such as null points and segment faults in swfdump and swfdump. The method of vulnerability detection is available.