Software safety testing method based on program slicing

Abstract

The invention provides a software safety testing method based on program slicing. By the method, a program slicing technology is discussed, and an unreachable path detecting scheme based on program slicing is raised. The software safety testing method comprises the following steps of inputting JavaScript language codes extracted from a webpage; converting the JavaScript language codes into LLVM (low level virtual machine) intermediate representation; and respectively performing static program slicing and dynamic program slicing on the LLVM intermediate representation. Inputting of programs is not assumed during static program slicing, analysis is based on static information of the programs completely, and a slicing result contains an unreachable path. In dynamic program slicing, a path behavior carried out under certain specific inputting is concerned, and path behaviors caused by all possible inputting of variables are not concerned, so that a dynamic slicing result does not contain the unreachable path. By the combination of the static program slicing and the dynamic program slicing, the unreachable path in the program can be detected, so that the testing efficiency of software is improved.

Description

technical field [0001] The invention provides a design scheme of a software security testing method based on program slicing, which is mainly used to solve the problem of unreachable path detection that may exist in JavaScript script language codes in web pages, and belongs to the field of software security testing. Background technique [0002] With the rapid development of Internet technology, many web application services have been produced, more desktop applications have become web-based, and browsers have more and more functions. In addition to browsing the web, the browser gradually performs the functions of the original desktop program and becomes a multi-functional service platform for people's daily office, entertainment, transaction, and communication. The popularity of web applications makes the security of web technology a major topic. Bear the brunt of the web application software security. [0003] Software is a collection of computer data and instructions or...

AI Technical Summary

Problems solved by technology

In the process of program design and analysis, such problems will be encountered: if a large program is decomposed into a series of small modules, it will become easier to construct, understand and maintain; in the actual program analysis and debugging process, analysts Sometimes you are only interested in a part of the behavior of the program, and program slicing starts from observing these behaviors; if the behavior of interest can be expressed as "defining or using the value of some variables in some program statement sets", then this The specification is called a slice criterion; all program codes that may affect this specific behavior can be found by using data flow analysis technology, and these codes are called a program slice of the program; ...

Images