| Code security is gaining more and more attention in the software development process.People always expect to find and solve all potential defects before the official release of the software.To this end,many software security testing techniques are proposed,such as manual static detection and automated fuzzy testing.However,some software defects and vulnerabilities can only be discovered during the running of the program.Therefore,in order to solve such problems,some dynamic detection techniques and solutions are proposed,in which the dynamic symbol execution is obtained due to the characteristics of the automatic exploration of the program path space.It has become a hot technology in the field of code security research in recent years.Dynamic symbolic execution can automatically explore the path space of the program,analyze the constraints entering each path and generate test cases corresponding to the path,which has the advantages of automation and high path coverage.However,there are still many bottlenecks that restrict the development of dynamic symbolic execution.For example,it is easy to generate path explosion problems when it is applied to large-scale software testing programs that are complex in dynamic symbolic execution code structure,and it is difficult to generate accurate test cases for special program paths.There is no targeted processing for complex program structures such as loops,and it is difficult for conditional complex program constraint solvers to solve.In response to the above problems,this paper has conducted in-depth research on the purpose of improving the execution efficiency of dynamic symbols and mitigating path explosion.The main results are as follows:(1)Propose an optimization algorithm for branch coverage dynamic symbol execution based on parameter constraints.By identifying the function with special parameters in the program code,and obtaining the special parameters corresponding to the function through retrieval,using these special parameters as the constraint conditions of the path,and adding the constraint conditions to the constraint set of the current path,making the dynamic symbol execution generation more Accurate test cases to improve path coverage.(2)A dynamic symbol execution optimization method based on constraint graph is proposed.This method first obtains the program execution flow graph,and then divides the execution flow graph and converts the program execution flow graph into a path constraint graph through the collected path constraint conditions.By determining the nodes of the constraint graph,the repeated detection of the loop body is reduced,so that Dynamic symbolic execution tests more paths with fewer test cases,while reducing the impact of loop explosions on the path.This paper uses the dynamic symbolic execution tool CREST to perform simulation experiments,and uses CREST's default execution mode as a reference to prove that the research results of this paper can cover more program execution paths,improve execution efficiency,and mitigate the path explosion in dynamic symbolic execution. |
PDF Full Text Request