Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Software safety testing method based on program slicing

A technology of program slicing and testing methods, which is applied in the field of software security testing, can solve problems such as limited effects, frequent interactions, and path loss, and achieve good debuggability and improve testing efficiency.

Active Publication Date: 2015-04-29
NANJING UNIV OF POSTS & TELECOMM
View PDF2 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the process of program design and analysis, such problems will be encountered: if a large program is decomposed into a series of small modules, it will become easier to construct, understand and maintain; in the actual program analysis and debugging process, analysts Sometimes you are only interested in a part of the behavior of the program, and program slicing starts from observing these behaviors; if the behavior of interest can be expressed as "defining or using the value of some variables in some program statement sets", then this The specification is called a slice criterion; all program codes that may affect this specific behavior can be found by using data flow analysis technology, and these codes are called a program slice of the program; according to the definition of M. Weiser, a program slice is itself an executable program whose behavior should be equivalent to that particular subset of the source program
Second, JavaScript interacts frequently with HTML, and it is flexible and dynamic, so it is difficult to analyze
Early dynamic tests cannot take the initiative to directly take effective measures against unreachable paths, and usually take restrictive methods after testing
The more common method is to limit the number of search times and depth, etc. If the inspection execution fails, the path is considered unreachable. This method has great limitations, and it is easy to cause the loss of the path. This method can be improved by combining other better search algorithms. method, but limited

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software safety testing method based on program slicing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] The present invention proposes a design scheme of a software security testing method based on program slicing. The method starts from the JavaScript scripting language code extracted from the webpage, converts it into an LLVM intermediate representation, and then performs static program slicing and dynamic testing on it respectively. Program slicing, and comprehensive analysis of the slicing results, to build a program unreachable path detection scheme. The following introduces the detailed description of the unreachable path detection method in the present invention:

[0037] 1. Preprocessing module

[0038] The present invention extracts the code segment of the JavaScript script language from the webpage, and detects whether there is an unreachable path in the program through means such as static program slicing and dynamic program slicing.

[0039] The scripting language of a web page is mainly composed of two parts, the HTML language with only tags and text content...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a software safety testing method based on program slicing. By the method, a program slicing technology is discussed, and an unreachable path detecting scheme based on program slicing is raised. The software safety testing method comprises the following steps of inputting JavaScript language codes extracted from a webpage; converting the JavaScript language codes into LLVM (low level virtual machine) intermediate representation; and respectively performing static program slicing and dynamic program slicing on the LLVM intermediate representation. Inputting of programs is not assumed during static program slicing, analysis is based on static information of the programs completely, and a slicing result contains an unreachable path. In dynamic program slicing, a path behavior carried out under certain specific inputting is concerned, and path behaviors caused by all possible inputting of variables are not concerned, so that a dynamic slicing result does not contain the unreachable path. By the combination of the static program slicing and the dynamic program slicing, the unreachable path in the program can be detected, so that the testing efficiency of software is improved.

Description

technical field [0001] The invention provides a design scheme of a software security testing method based on program slicing, which is mainly used to solve the problem of unreachable path detection that may exist in JavaScript script language codes in web pages, and belongs to the field of software security testing. Background technique [0002] With the rapid development of Internet technology, many web application services have been produced, more desktop applications have become web-based, and browsers have more and more functions. In addition to browsing the web, the browser gradually performs the functions of the original desktop program and becomes a multi-functional service platform for people's daily office, entertainment, transaction, and communication. The popularity of web applications makes the security of web technology a major topic. Bear the brunt of the web application software security. [0003] Software is a collection of computer data and instructions or...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/36
Inventor 张迎周徐曼青马凤娇居友道滕庆亚张卫丰周国强王子元
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products