A software defect detection method fusing containerized environment simulation and reinforcement learning

By integrating containerized environment simulation with reinforcement learning, diverse test data is generated, resources and task concurrency are dynamically adjusted, and test strategies are optimized. This solves the problems of low path coverage and inaccurate defect verification in software testing, and achieves efficient and accurate software defect detection.

CN121070792BActive Publication Date: 2026-07-07CHINA ELECTRONICS RELIABILITY AND ENVIRONMENTAL TESTING INSTITUTE ((THE FIFTH INSTITUTE OF ELECTRONICS MINISTRY OF INDUSTRY AND INFORMATION TECHNOLOGY) (CHINA SAIBAO LABORATORY)

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA ELECTRONICS RELIABILITY AND ENVIRONMENTAL TESTING INSTITUTE ((THE FIFTH INSTITUTE OF ELECTRONICS MINISTRY OF INDUSTRY AND INFORMATION TECHNOLOGY) (CHINA SAIBAO LABORATORY)
Filing Date
2025-08-27
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

Existing software testing methods are unable to cover all paths, are inefficient in exploring less popular branches, and lack real-time resource monitoring and dynamic adjustment capabilities, resulting in low testing efficiency and inaccurate defect verification.

Method used

By combining containerized environment simulation with reinforcement learning, diverse test data is generated through semantically aware input. LSTM models are used to optimize mutation locations, dynamically adjust resource allocation and task concurrency, and combine edge coverage and PID controllers to monitor resources. Multi-dimensional data is integrated to optimize test strategies, and reinforcement learning is used to optimize and adjust strategies.

Benefits of technology

It improves the accuracy and efficiency of defect detection, comprehensively covers software defects, reduces missed detections due to environmental differences, and achieves an efficient and targeted testing process.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121070792B_ABST
    Figure CN121070792B_ABST
Patent Text Reader

Abstract

The application discloses a software defect detection method fusing containerized environment simulation and reinforcement learning, and relates to the technical field of software defect detection, and comprises the following steps: performing semantic analysis, running environment analysis and resource demand evaluation on input data of target software, constructing a semantic model to generate seed data, utilizing containerization technology to build a simulated test environment, dynamically allocating initial resources and setting a resource monitoring threshold, and analyzing debugging information of a software program to generate a control flow graph (CFG), identifying a high-risk function and marking a sensitive code area; the application generates diversified test data by performing multiple mutation operations on seed data generated by constructing a semantic model, expands a test coverage range, utilizes containerization technology to build a simulated test environment, makes the test environment as close to a real scene as possible, dynamically allocates initial resources, sets a resource monitoring threshold, and monitors a resource state in real time.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of software testing technology, and specifically to a software defect detection method that integrates containerized environment simulation and reinforcement learning. Background Technology

[0002] With the rapid development of information technology, software is widely used in various fields. Software demands are increasing, and the scale and complexity of software are constantly rising, leading to increasingly complex software development, integration, and maintenance. Numerous defects are exposed during operation; for example, software defects can cause serious consequences such as system crashes, data leaks, and functional abnormalities. Therefore, effective software defect detection methods play a crucial role in analyzing software quality and balancing software costs, and have become an important research direction in the field of software engineering.

[0003] Traditional software testing methods are constrained by time and cost, making it difficult to cover all paths, and fixed test cases cannot fully assess defects; while existing software testing methods use random variation testing to assess the adequacy of test cases, but the design of test cases is still not diverse enough.

[0004] Currently, software testing is easily affected by many factors, such as the operating environment. For example, testing strategies that rely solely on static virtual machine environments or fixed resource configurations lack real-time resource monitoring and dynamic adjustment capabilities, resulting in low testing efficiency. On the other hand, during the path exploration process, the exploration efficiency of less popular branches is low, leading to low coverage. There is also a lack of effective handling mechanisms for non-deterministic events in the software, which makes it impossible to truly reflect the actual operation of the software, thus affecting the accuracy and reliability of defect verification.

[0005] Therefore, in order to accurately, efficiently and comprehensively detect software defects, it is urgent to apply for a software defect detection method that integrates containerized environment simulation and reinforcement learning to solve the above problems.

[0006] The information disclosed in the background section is only intended to enhance the understanding of the background of this disclosure, and therefore may include information that does not constitute prior art known to those skilled in the art. Summary of the Invention

[0007] The purpose of this invention is to provide a software defect detection method that integrates containerized environment simulation and reinforcement learning. This invention solves the problems mentioned in the background by combining semantic-aware input generation, edge coverage guidance and symbolic execution hybrid exploration, optimizing mutation positions through LSTM model and prioritizing exploration of less popular paths through ALFFast exponential decay algorithm, dynamically cloning the real running environment through containerization technology, and dynamically adjusting task concurrency with PID controller and balancing coverage, resource consumption and defect number with NSGA-II multi-objective optimization algorithm.

[0008] To achieve the above objectives, the present invention provides the following technical solution: a software defect detection method integrating containerized environment simulation and reinforcement learning, comprising the following steps:

[0009] S1. Perform semantic analysis, runtime environment analysis, and resource requirement assessment on the input data of the target software, build a semantic model to generate seed data, use containerization technology to build a simulated test environment, dynamically allocate initial resources and set resource monitoring thresholds, and parse the debugging information of the software program to generate a control flow graph (CFG), identify high-risk functions, and mark sensitive code areas.

[0010] S2. Perform diverse mutation operations on the seed data, including structured mutation, symbolic execution-assisted mutation, and LSTM model optimization mutation, to generate diverse test data, which is then input into the target software for testing.

[0011] S3. Instrument the target software for testing, monitor the code execution path in real time and record the edge coverage, dynamically adjust the priority according to the path execution frequency, use the exponential decay algorithm of AFLFast to explore less popular branches first, and trigger symbolic execution to solve complex path constraints when the coverage stagnates.

[0012] S4. Use the deterministic scheduler tool to capture non-deterministic events such as thread scheduling order, random number seed, and signal processing. Generate execution trajectory logs during the defect verification phase, monitor resource status in real time, and dynamically adjust the number of concurrent tasks for non-deterministic events using a PID controller when the resource monitoring threshold is exceeded.

[0013] S5. Integrate multi-dimensional data to construct state vectors and generate global optimization instructions. Then use the multi-objective optimization NSGA-II algorithm to balance multi-dimensional data to dynamically adjust the test strategy, construct a state-action model, optimize and adjust the strategy through reinforcement learning Q-learning, and set a real-time circuit breaker to switch the exploration path.

[0014] S6. Set the termination conditions for defect detection, and continuously perform a cyclical testing process of generating new test data, executing tests, and verifying defects on the target software until the termination conditions are met and a defect report is generated.

[0015] Optionally, the seed data generation logic is as follows:

[0016] The semantic analysis determines the grammatical structure rules of the target software's input data, including protocol specifications and file structure.

[0017] A semantic model is constructed using context-free grammars to formally represent the syntactic structure rules of the target software's input data;

[0018] Symbolic execution is introduced at critical branch points, and logical expressions are used to extract path constraints.

[0019] Seed data for valid input is generated based on grammatical structure rules, and boundary values ​​are generated in combination with constraints.

[0020] The probability distribution of high-value mutation locations in the seed data of a valid input is predicted by training an LSTM model, and a cross-entropy loss function is defined to determine the mutation locations in the data.

[0021] Optionally, the steps for setting up the test environment are as follows:

[0022] Analyze the target software's operating environment, including operating system type, dependent library versions, and network configuration parameters;

[0023] A Docker image is built using a Dockerfile, and the target software is installed within the container. Environment parameters are injected, and initial resources, including CPU cores, memory size, and disk space, are dynamically allocated. Specifically, based on the target software's historical resource usage data, the resource requirements during software defect testing are predicted, and initial resources are allocated accordingly. The formula for calculating the number of CPU cores is as follows: ,and In the formula, This represents the number of CPU cores allocated to the container in the simulated test environment. This represents the total number of CPU cores in the system. Represented as volatility factor, This represents the maximum number of CPU cores used by the target software in historical resources. This represents the minimum number of CPU cores used by the target software in historical resources.

[0024] The formula for calculating memory size allocation is: In the formula, This represents the amount of memory allocated to the container in the simulated test environment. This represents the target software's maximum memory usage in historical resources. This represents the total system memory size.

[0025] The formula for calculating disk space allocation is: In the formula, This represents the disk space allocated to the container in the simulated testing environment.

[0026] Simulate network latency and packet loss using Linux flow control tools;

[0027] Set resource monitoring thresholds and allow the PID controller to dynamically adjust the number of concurrent tasks for subsequent monitoring of container resource usage, preventing initial resource exhaustion. The PID controller's calculation formula is as follows: ,and In the formula, This represents the adjustment amount for the number of concurrent tasks output by the PID controller, and when When the output is negative, reduce the number of concurrent tasks. Indicated as current Time error value, , , These are represented as proportional coefficient, integral coefficient, and differential coefficient, respectively. , Represented as the current The software displays the CPU core count, memory size, and disk space usage during the testing process. , These represent the preset resource monitoring thresholds for the number of CPU cores, memory size, and disk space, respectively.

[0028] Optionally, the marking steps for the sensitive code region are as follows:

[0029] Use a disassembler to parse the debugging information of the target software program to generate a control flow graph (CFG) of the binary code, and obtain and identify the address, variable information, and function call relationships of the code;

[0030] Match a list of high-risk function APIs, such as strcpy, gets, sprintf, malloc, etc. High-risk functions are prone to causing buffer overflow defects. Identify the location of high-risk functions in the target software and mark the code region with the high-risk function call context based on the location of the high-risk function and the control flow graph (CFG).

[0031] By instrumenting code to monitor whether the code region of a high-risk function call context inputted by the user propagates to a dangerous operation, and by calculating a hazard score for the high-risk function, variables affected by user input are identified and marked as sensitive code regions to discover potential overflow defects. The hazard score expression for the high-risk function is as follows: In the formula, This is represented by a risk score for a high-risk function. This is indicated as a high-risk function. This refers to dangerous operations such as resource allocation and string copying. This represents the weight of the corresponding dangerous operation. This represents the number of times a dangerous operation occurs within a high-risk function.

[0032] Optionally, the steps for generating the diverse test data are as follows:

[0033] From the various sub-data generated by the semantic model combined with constraints, select one seed data and label it as... ;

[0034] A1. Structured Variation: First, analyze the file structure and protocol specifications of the seed data, and construct a context-free grammar model;

[0035] The values ​​of key fields are directly replaced according to the four-tuple syntax rules to generate valid but mutated first input data, and boundary values ​​are inserted into the key fields.

[0036] When it is necessary to quantify the degree of mutation in specific situations, the degree of mutation algorithm is used to calculate the difference between the structured mutated input data and the initially selected seed data. The expression for the degree of mutation algorithm is: ,and In the formula, Represented as seed data Degree of variation Represented as seed data The total number of elements after mutation. Represented as seed data The total number of original elements in the data. The range of values ​​representing the degree of variation is: Furthermore, the larger the value, the greater the degree of variation;

[0037] A2. Symbolic execution-assisted mutation requires first applying symbolic execution to the target software, introducing symbolic execution at critical branch points of the program, and extracting constraint expressions.

[0038] The constraint solver Z3 is used to analyze the constraint expressions and generate solution results that satisfy the constraints. The calculation formula for symbolic constraint solving is as follows: In the formula, Represented as an existence symbol, It is represented as at least one assignment function. Represented as a conjunction symbol, This is represented as in the assignment function Next Path constraints To be satisfied Represented as the first Each path constraint condition Represented as the first Number of paths and total number of paths;

[0039] The solution results are injected into the seed data to trigger the deep path and generate a second input data that covers different program execution paths and is mutated.

[0040] A3. LSTM model optimization mutation: First, use the historical valid input data of the target software to train the LSTM model, learn the byte distribution pattern and predict the mutation probability of each position;

[0041] The seed data is then converted into a vector format according to time series and input into the LSTM model for prediction;

[0042] The LSTM model outputs the mutation probability of each byte, prioritizes mutations at high-probability locations, inserts boundary values ​​at predicted locations, and performs optimized mutations to generate the third input data.

[0043] Optionally, the recording logic for the edge coverage is as follows:

[0044] Insert monitoring code at the entry point of each basic block in the target software program and record the number of times it is executed;

[0045] Assign a unique identifier to each edge between two adjacent basic blocks, where the expression for the edge identifier is: In the formula, Represented as the hash value assigned to the edge. Represented as a hash function, Represented as the predecessor basic block ID. Represented as the current basic block ID, This is represented as mapping hash values ​​to a modulo operation within the range of bitmap indices. Represented as bitmap size, and Bit, , Represented as a positive integer;

[0046] A bitmap is used to record the edge hit status, with each edge corresponding to a bit in the bitmap.

[0047] When an edge is covered, the corresponding position is marked as 1; otherwise, it is marked as 0.

[0048] The percentage of edge coverage is calculated by counting the number of 1s in the bitmap. The formula for edge coverage is as follows: In the formula, Represented as the number of 1s in the bitmap. This is represented as the total number of bits in the program bitmap. This is expressed as edge coverage.

[0049] Optionally, the steps for generating the global optimization instruction are as follows:

[0050] Collect multi-dimensional data related to the target software testing, including coverage, resource utilization, defect trigger rate, and path popularity, and label them as follows: ;

[0051] The collected multi-dimensional data is organized and quantified to construct a state vector. Then the expression for the state vector is: In the formula, Represented by coverage rate Resource utilization rate Defect trigger rate and path heat value The constructed state vector;

[0052] Define several optimization objectives in the target software testing process, including maximizing coverage, minimizing resource utilization, maximizing defect trigger rate, and minimizing path heat. The expressions for these optimization objectives are: ;

[0053] To eliminate dimensional differences between different data indicators, the normalization process is performed on each data point in the state vector. The formula for normalization is as follows: ,and In the formula, Represented as Z-score normalized data, and , These are respectively represented as the corresponding coverage rates. Resource utilization rate Defect trigger rate and path heat value Normalized data, Represented as the data mean, This is expressed as the standard deviation of the data;

[0054] Based on the state vector and target weights, a linear combination method is used to generate global optimization instructions that can guide the optimization of the target software testing process. The formula for calculating the global optimization instructions is as follows: ,and In the formula, This is represented as a global optimization instruction. Represented as normalized data The weighting coefficients for each dimension of the data are shown in the figure.

[0055] Optionally, the logic for dynamically adjusting the testing strategy of the multi-objective optimization NSGA-II algorithm is as follows:

[0056] Based on multiple defined optimization objectives A random initial set of test strategies is generated as the population and labeled as... In the formula, This is represented as the initial population. All are represented as test strategies, and each test strategy is represented as an individual containing several decision variables;

[0057] For each individual in the population, a multi-objective function is defined based on the defined multiple optimization objectives. ,and ;

[0058] Then, for individuals in the population Perform a non-dominated ranking, dividing individuals into different levels, with non-dominated individuals belonging to the first level, and so on. Individuals... Dominant Individual The expression for the non-dominated sorting rule is: , ,and , In the formula, , All are represented as individuals In respectively Values ​​on a multi-objective function , All are represented as individuals In respectively Values ​​on a multi-objective function , These are respectively represented by logical symbols for arbitrary and existent;

[0059] Within each level, the crowding degree of an individual is calculated. Crowding degree reflects the distribution of individuals within that level. The formula for calculating crowding degree is as follows: ,and In the formula, Represented as an individual The level of congestion, Represented as a multi-objective function value, Represented as in the first For each objective function, the individual Adjacent solutions sorted by value Represented as absolute value, Represented as an individual The level of congestion, Represented as a multi-objective function value, Represented as in the first For each objective function, the adjacent solutions of individual B after sorting by value;

[0060] Based on non-dominated ranking and crowding, superior individuals are selected for crossover and mutation operations to generate a new population. The selection probability of superior individuals is calculated using the following formula: ,and In the formula, Represented as an individual The probability of choosing, Represented as an individual The probability of choosing, Represented as an individual The Pareto frontier level, Represented as an individual ,and The smaller the level, the better;

[0061] The testing strategy is updated based on individuals in the new population to achieve dynamic adjustments.

[0062] A computer device includes: a memory and a processor; the memory stores a computer program, and the processor executes the computer program to implement the steps of the above-described software defect detection method integrating containerized environment simulation and reinforcement learning.

[0063] A computer-readable storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the steps of the above-described software defect detection method integrating containerized environment simulation and reinforcement learning.

[0064] The technical effects and advantages provided by the present invention in the above technical solution are as follows:

[0065] This invention generates seed data by constructing a semantic model, and performs deep optimization mutation operations on the seed data using structured mutation, symbolic execution-assisted mutation, and LSTM models to generate diverse test data, thus expanding the test coverage. It also uses containerization technology to build an isolated test environment and uses a PID controller to dynamically allocate resources based on resource monitoring thresholds. This not only makes the test environment as close to the real scenario as possible, but also monitors the resource status in real time and adjusts the number of concurrent tasks, thereby avoiding missed detections due to differences between the test environment and the actual operating environment, and greatly improving the accuracy of defect detection.

[0066] By monitoring the code execution path in real time, AFLFast's exponential decay algorithm is used to prioritize exploring less popular branches. When coverage stagnates, symbolic execution is triggered to solve complex path constraints, thereby deeply uncovering deep defects and reducing coverage blind spots. The deterministic scheduling tool rr is used to capture nondeterministic events and generate execution trajectory logs during the defect verification phase, improving the accuracy and stability of defect detection results.

[0067] Furthermore, it integrates multi-dimensional data to construct state vectors and generate global optimization instructions. The multi-objective optimization NSGA-II algorithm is used to balance multi-dimensional data and dynamically adjust the testing strategy. This enables timely adjustment of the testing strategy based on real-time feedback during the testing process, making the testing more efficient and targeted. Through reinforcement learning Q-learning to optimize and adjust the strategy, the testing strategy can continuously learn and improve, becoming more adaptable. When path exploration gets stuck in a local optimum, a circuit breaker mechanism is used to switch the testing path, avoiding invalid testing loops, making the entire testing process more comprehensive and efficient. Attached Figure Description

[0068] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments recorded in this invention. For those skilled in the art, other drawings can be obtained based on these drawings.

[0069] Figure 1 This is a flowchart of the software defect detection method of the present invention.

[0070] Figure 2 This is a block diagram of the software defect detection system of the present invention. Detailed Implementation

[0071] Exemplary embodiments will now be described more fully with reference to the accompanying drawings. However, these exemplary embodiments can be implemented in many forms and should not be construed as limited to the examples set forth herein; rather, they are provided so that the description of this disclosure will be more complete and fully convey the concept of the exemplary embodiments to those skilled in the art.

[0072] This invention provides, for example Figure 1 The software defect detection method shown here integrates containerized environment simulation and reinforcement learning, and includes the following steps:

[0073] S1. Perform semantic analysis, runtime environment analysis, and resource requirement assessment on the input data of the target software, build a semantic model to generate seed data, use containerization technology to build a simulated test environment, dynamically allocate initial resources and set resource monitoring thresholds, and parse the debugging information of the software program to generate a control flow graph (CFG), identify high-risk functions, and mark sensitive code areas.

[0074] Specifically, the logic for generating seed data is as follows:

[0075] The semantic analysis determines the grammatical structure rules of the target software's input data, including protocol specifications and file structure.

[0076] A semantic model is constructed using a context-free grammar to formally represent the syntactic structure rules of the target software's input data. The context-free grammar is represented using quadruples, and the expression is as follows: In the formula, This represents the syntax structure rules for defining input data in a context-free grammar. Represented as a finite set of nonterminal symbols, used to represent the abstract structure of the target software's input data, and symbols that can be replaced by other sequences of symbols. Represented as a finite set of terminal symbols, used to describe characters or values ​​in input data, and symbols that cannot be replaced by other sequences of symbols. Represented as a finite set of rules, and by and A sequence of symbols Represented as the start symbol, it is used to continuously replace non-terminal symbols according to the production rules, starting from the start symbol, and finally obtain a symbol sequence containing only terminal symbols;

[0077] Symbolic execution is introduced at critical branch points, and logical expressions are used to extract path constraints.

[0078] Seed data for valid input is generated according to the grammatical structure rules, and boundary values ​​are generated in combination with constraints to cover boundary values ​​and special combinations. The input sequence for generating seed data is then labeled as follows: In the formula, For the sequence in Input of time steps;

[0079] This paper trains an LSTM model to predict the probability distribution of high-value mutation locations in legally input seed data and defines a cross-entropy loss function to determine the mutation locations in the data for optimizing data mutation. The input sequence of seed data is fed into the LSTM model, which outputs the hidden state at each time step. A fully connected layer maps the hidden state to the mutation probability distribution at each location. The formula for calculating the probability distribution is as follows: ,and In the formula, Represented as Activation function Represented as a weight matrix, Represented as a bias term, Represented as the first The mutation probability of each byte. Represented as the output of the LSTM model in The hidden state of the time step. Represented as an LSTM model;

[0080] The expression for the cross-entropy loss function is: In the formula, Represented as cross-entropy loss value, This represents the true label of the input sequence as seed data. This represents the prediction of the LSTM model for the first... The probability of mutation in each byte.

[0081] Specifically, the steps for setting up the test environment are as follows:

[0082] Analyze the target software's operating environment, including operating system type, dependent library versions, and network configuration parameters;

[0083] A Docker image is built using a Dockerfile, and the target software is installed within the container. Environment parameters are injected, and initial resources, including CPU cores, memory size, and disk space, are dynamically allocated. Specifically, based on the target software's historical resource usage data, the resource requirements of the target software during defect testing are predicted, and initial resources are allocated accordingly. The formula for calculating the number of CPU cores is as follows: ,and In the formula, This represents the number of CPU cores allocated to the container in the simulated test environment. This represents the total number of CPU cores in the system. Represented as volatility factor, This represents the maximum number of CPU cores used by the target software in historical resources. This represents the minimum number of CPU cores used by the target software in historical resources.

[0084] The formula for calculating memory size allocation is: In the formula, This represents the amount of memory allocated to the container in the simulated test environment. This represents the target software's maximum memory usage in historical resources. This represents the total system memory size.

[0085] The formula for calculating disk space allocation is: In the formula, This represents the disk space allocated to the container in the simulated testing environment.

[0086] Simulate network latency and packet loss using Linux flow control tools;

[0087] Set resource monitoring thresholds and allow the PID controller to dynamically adjust the number of concurrent tasks for subsequent monitoring of container resource usage, preventing initial resource exhaustion. The PID controller's calculation formula is as follows: ,and In the formula, This represents the adjustment amount for the number of concurrent tasks output by the PID controller, and when When the output is negative, reduce the number of concurrent tasks. Indicated as current Time error value, , , These are represented as proportional coefficient, integral coefficient, and differential coefficient, respectively. , Represented as the current The software displays the CPU core count, memory size, and disk space usage during the testing process. , These represent the preset resource monitoring thresholds for the number of CPU cores, memory size, and disk space, respectively.

[0088] Specifically, the steps for marking sensitive code regions are as follows:

[0089] Use a disassembler to parse the debugging information of the target software program to generate a control flow graph (CFG) of the binary code, and obtain and identify the address, variable information, and function call relationships of the code;

[0090] Match a list of high-risk function APIs, such as strcpy, gets, sprintf, malloc, etc. High-risk functions are prone to causing buffer overflow defects. Identify the location of high-risk functions in the target software and mark the code region with the high-risk function call context based on the location of the high-risk function and the control flow graph (CFG).

[0091] By instrumenting code to monitor whether the code region of a high-risk function call context inputted by the user propagates to a dangerous operation, and by calculating a hazard score for the high-risk function, variables affected by user input are identified and marked as sensitive code regions to discover potential overflow defects. The hazard score expression for the high-risk function is as follows: In the formula, This is represented by a risk score for a high-risk function. This is indicated as a high-risk function. This refers to dangerous operations such as resource allocation and string copying. This represents the weight of the corresponding dangerous operation. This represents the number of times a dangerous operation occurs within a high-risk function.

[0092] Furthermore, semantic analysis, runtime environment analysis, and resource requirement assessment are conducted on the input data of the target software to gain a deeper understanding of the software characteristics from different perspectives. A semantic model is constructed based on the analysis results of the input data, thereby generating seed data covering multiple scenarios and providing a diverse input foundation for subsequent testing. Containerization technology is used to build a simulated test environment, enabling flexible and dynamic allocation of initial resources and setting resource monitoring thresholds. This achieves effective resource management and monitoring, avoiding resource waste and improving resource utilization efficiency. Additionally, the debugging information of the software program is parsed to generate control flow graphs, accurately identifying high-risk functions and sensitive code areas. This helps to discover and resolve security vulnerabilities in the software in advance, enhancing the security of the software code. Therefore, this comprehensive and accurate testing method can discover problems in the software more quickly, shorten the testing cycle, and improve testing efficiency.

[0093] S2. Perform diverse mutation operations on the seed data, including structured mutation, symbolic execution-assisted mutation, and LSTM model optimization mutation, to generate diverse test data, which is then input into the target software for testing.

[0094] Specifically, the steps for generating diverse test data are as follows:

[0095] From the various sub-data generated by the semantic model combined with constraints, select one seed data and label it as... ;

[0096] A1. Structured Variation: First, analyze the file structure and protocol specifications of the seed data, and construct a context-free grammar model;

[0097] The values ​​of key fields are directly replaced according to the four-tuple syntax rules to generate valid but mutated first input data, and boundary values ​​are inserted into the key fields.

[0098] When it is necessary to quantify the degree of mutation in specific situations, the degree of mutation algorithm is used to calculate the difference between the structured mutated input data and the initially selected seed data. The expression for the degree of mutation algorithm is: ,and In the formula, Represented as seed data Degree of variation Represented as seed data The total number of elements after mutation. Represented as seed data The total number of original elements in the data. The range of values ​​representing the degree of variation is: Furthermore, the larger the value, the greater the degree of variation;

[0099] A2. Symbolic execution-assisted mutation requires first applying symbolic execution to the target software, introducing symbolic execution at critical branch points of the program, and extracting constraint expressions.

[0100] The constraint solver Z3 is used to analyze the constraint expressions and generate solution results that satisfy the constraints. The calculation formula for symbolic constraint solving is as follows: In the formula, Represented as an existence symbol, It is represented as at least one assignment function. Represented as a conjunction symbol, This is represented as in the assignment function Next Path constraints To be satisfied Represented as the first Each path constraint condition Represented as the first Number of paths and total number of paths;

[0101] The solution results are injected into the seed data to trigger the deep path and generate a second input data that covers different program execution paths and is mutated.

[0102] A3. LSTM Model Optimization for Mutation: First, an LSTM model is trained using historical valid input data from the target software to learn the byte distribution pattern and predict the mutation probability at each position. The forward propagation formula for the LSTM model is as follows:

[0103] Input Gate: In the formula, Represented as time step The input gate output, Represented as the Sigmoid activation function, This is represented as the input weight matrix of the input gate. This represents the historical valid input data of the target software at time step. The input vector on, This is represented as the hidden state weight matrix of the input gate. Represented as time step The hidden state vector, It is represented as the bias vector of the input gate;

[0104] Forgotten Gate: In the formula, Represented as time step The output of the forget gate, This is represented as the input weight matrix of the forget gate. Represented as the hidden state weight matrix of the forget gate, Represented as the bias vector of the forget gate;

[0105] Candidate cell status: In the formula, Represented as time step The candidate cell state vector, Represented as the hyperbolic tangent activation function, This is represented as the input weight matrix for cell state updates. This is represented as the hidden state weight matrix for cell state updates. This is represented as the bias vector for cell state updates;

[0106] Cell status update: In the formula, Represented as time step The final cell state vector, This is represented as element-wise multiplication. Represented as time step The cell state vector;

[0107] Output gate: In the formula, Represented as time step The output gate output, This is represented as the input weight matrix of the output gate. This is represented as the hidden state weight matrix of the output gate. This is represented as the bias vector of the output gate;

[0108] Hidden state: In the formula, Represented as time step The hidden state vector, This is represented as a nonlinear transformation of the cell state;

[0109] The seed data is then converted into a vector format according to time series and input into the LSTM model for prediction;

[0110] The LSTM model outputs the mutation probability of each byte, prioritizes mutations at high-probability locations, inserts boundary values ​​at predicted locations, and performs optimized mutations to generate the third input data.

[0111] To further explain, structured mutation modifies the structural features of seed data in a regular manner to explore different data structure forms; symbolic execution-assisted mutation uses symbolic execution technology to analyze the path constraints of the program, thereby guiding the mutation of seed data and ensuring that the mutated data can cover more program execution paths; LSTM model-optimized mutation uses the Long Short-Term Memory (LSTM) network to learn the sequence features of seed data, predict high-value mutation locations, and improve the accuracy of mutation. By comprehensively using these three mutation operations, diverse test data with different structures that can cover different program execution paths are generated, making mutation more intelligent and accurate while providing comprehensive input for software testing. This not only improves the coverage of target software testing and helps to discover more potential software defects, but also further increases the probability of discovering software errors and enhances the testing effect.

[0112] S3. Instrument the target software for testing, monitor the code execution path in real time and record the edge coverage, dynamically adjust the priority according to the path execution frequency, use the exponential decay algorithm of AFLFast to explore less popular branches first, and trigger symbolic execution to solve complex path constraints when the coverage stagnates.

[0113] Specifically, the recording logic for edge coverage is as follows:

[0114] Insert monitoring code at the entry point of each basic block in the target software program and record the number of times it is executed;

[0115] Assign a unique identifier to each edge between two adjacent basic blocks, where the expression for the edge identifier is: In the formula, Represented as the hash value assigned to the edge. Represented as a hash function, Represented as the predecessor basic block ID. Represented as the current basic block ID, This is represented as mapping hash values ​​to a modulo operation within the range of bitmap indices. Represented as bitmap size, and Bit, , Represented as a positive integer;

[0116] A bitmap is used to record the edge hit status, with each edge corresponding to a bit in the bitmap.

[0117] When an edge is covered, the corresponding position is marked as 1; otherwise, it is marked as 0.

[0118] The percentage of edge coverage is calculated by counting the number of 1s in the bitmap. The formula for edge coverage is as follows: In the formula, Represented as the number of 1s in the bitmap. This is represented as the total number of bits in the program bitmap. This is expressed as edge coverage.

[0119] Specifically, the exploration branch steps of the AFLFast exponential decay algorithm are as follows:

[0120] Record the number of times each path is executed during the target software test;

[0121] The priority of edges is dynamically adjusted based on execution frequency. The AFLFast exponential decay algorithm is used to calculate path priority scores, thereby reducing the priority of frequently executed edges and guiding tests to explore less frequently executed branches. The formula for the exponential decay algorithm is as follows: ,and In the formula, Represented as edge Priority score, Represented as edge Execution frequency, Represented as the attenuation factor, Represented as path edge

[0122] Prioritize selecting the branches corresponding to the edges with higher priority scores for subsequent testing and exploration;

[0123] When coverage is continuous When the growth rate of a cycle is less than a preset threshold, it is considered stagnant. And the preset threshold is ;

[0124] When edge coverage stagnates, symbolic execution is triggered to solve complex path constraints. This involves symbolically executing currently uncovered paths, extracting path constraints, and using a solver to generate input values ​​that satisfy the constraints. The input values ​​are then back-injected to obtain the solution results, which are then used as new test data to input into the target software to overcome the current coverage blind spots.

[0125] Furthermore, by using instrumentation technology to monitor code execution paths in real time and accurately record edge coverage, data support is provided for subsequent priority adjustments and test decisions. Utilizing AFLFast's exponential decay algorithm, the priority of test branches is dynamically adjusted based on path execution frequency, enabling priority exploration of less frequently used branches. When coverage stagnates, symbolic execution technology is triggered to solve complex path constraints, broadening the test coverage. By prioritizing the exploration of less frequently used branches and solving complex path constraints, the software's test coverage is significantly improved. This allows for the discovery of more software defects hidden in less frequently used paths and under complex constraints, and helps identify more potential software defects. Timely repair of these defects enhances the software's reliability and stability.

[0126] S4. Use the deterministic scheduler tool to capture non-deterministic events such as thread scheduling order, random number seed, and signal processing. Generate execution trajectory logs during the defect verification phase, monitor resource status in real time, and dynamically adjust the number of concurrent tasks for non-deterministic events using a PID controller when the resource monitoring threshold is exceeded.

[0127] Specifically, the logic for capturing non-deterministic events is as follows:

[0128] The deterministic scheduler tool runs the target software program and records all non-deterministic events, including program scheduling order, random number seed, and signal processing. The program scheduling order is determined by the rr tool intercepting the operating system's system calls for thread scheduling and recording the order of thread creation, switching, and termination.

[0129] The random number seed is the value of the random number seed passed to the function that the rr tool intercepts and records.

[0130] Signal processing is the system call that the rr tool intercepts signals and records the sending, processing, and blocking operations of the signals;

[0131] Generate execution trajectory logs, including event timestamps and context information;

[0132] Deterministic scheduling tools strictly reproduce the execution trajectory according to the logs to eliminate the influence of randomness.

[0133] Furthermore, by using the rr tool to capture non-deterministic events and generate execution trajectory logs, the program execution status is comprehensively recorded, making defect reproduction more accurate and verification results more reliable. The dynamic adjustment mechanism of the PID controller ensures that the number of concurrent tasks can be reasonably allocated under different resource states, avoiding resource waste and system crashes, and improving testing efficiency.

[0134] S5. Integrate multi-dimensional data to construct state vectors and generate global optimization instructions. Then use the multi-objective optimization NSGA-II algorithm to balance multi-dimensional data to dynamically adjust the test strategy, construct a state-action model, optimize and adjust the strategy through reinforcement learning Q-learning, and set a real-time circuit breaker to switch the exploration path.

[0135] Specifically, the steps for generating global optimization instructions are as follows:

[0136] Collect multi-dimensional data related to the target software testing, including coverage, resource utilization, defect trigger rate, and path popularity, and label them as follows: ;

[0137] The collected multi-dimensional data is organized and quantified to construct a state vector. Then the expression for the state vector is: In the formula, Represented by coverage rate Resource utilization rate Defect trigger rate and path heat value The constructed state vector;

[0138] Define several optimization objectives in the target software testing process, including maximizing coverage, minimizing resource utilization, maximizing defect trigger rate, and minimizing path heat. The expressions for these optimization objectives are: ;

[0139] To eliminate dimensional differences between different data indicators, the normalization process is performed on each data point in the state vector. The formula for normalization is as follows: ,and In the formula, Represented as Z-score normalized data, and , These are respectively represented as the corresponding coverage rates. Resource utilization rate Defect trigger rate and path heat value Normalized data, Represented as the data mean, This is expressed as the standard deviation of the data;

[0140] Based on the state vector and target weights, a linear combination method is used to generate global optimization instructions that can guide the optimization of the target software testing process. The formula for calculating the global optimization instructions is as follows: ,and In the formula, This is represented as a global optimization instruction. Represented as normalized data The weighting coefficients for each dimension of the data are shown in the figure.

[0141] Specifically, the logic of dynamically adjusting the testing strategy for the multi-objective optimization NSGA-II algorithm is as follows:

[0142] Based on multiple defined optimization objectives A random initial set of test strategies is generated as the population and labeled as... In the formula, This is represented as the initial population. All are represented as test strategies, and each test strategy is represented as an individual containing several decision variables;

[0143] For each individual in the population, a multi-objective function is defined based on the defined multiple optimization objectives. ,and ;

[0144] Then, for individuals in the population Perform a non-dominated ranking, dividing individuals into different levels, with non-dominated individuals belonging to the first level, and so on. Individuals... Dominant Individual The expression for the non-dominated sorting rule is: , ,and , In the formula, , All are represented as individuals In respectively Values ​​on a multi-objective function , All are represented as individuals In respectively Values ​​on a multi-objective function , These are respectively represented by logical symbols for arbitrary and existent;

[0145] Within each level, the crowding degree of an individual is calculated. Crowding degree reflects the distribution of individuals within that level. The formula for calculating crowding degree is as follows: ,and In the formula, Represented as an individual The level of congestion, Represented as a multi-objective function value, Represented as in the first For each objective function, the individual Adjacent solutions sorted by value Represented as absolute value, Represented as an individual The level of congestion, Represented as a multi-objective function value, Represented as in the first For each objective function, the adjacent solutions of individual B after sorting by value;

[0146] Based on non-dominated ranking and crowding, superior individuals are selected for crossover and mutation operations to generate a new population. The selection probability of superior individuals is calculated using the following formula: ,and In the formula, Represented as an individual The probability of choosing, Represented as an individual The probability of choosing, Represented as an individual The Pareto frontier level, Represented as an individual ,and The smaller the level, the better;

[0147] The testing strategy is updated based on individuals in the new population to achieve dynamic adjustments.

[0148] Specifically, the steps for constructing and optimizing the state-action model are as follows:

[0149] Based on the state vector Define dynamic sets and label them as ,and ;

[0150] By setting an encouragement function and combining state vectors with a dynamic set, a state-action model is constructed using reinforcement learning to describe the effects of taking different actions in different states. The expression for the encouragement function is: ,and In the formula, Represented as reward value, This is represented by the weighting coefficient for the corresponding state growth. Represented as a state vector The state growth of each data point. , They are respectively represented as coverage rate Resource utilization rate Defect trigger rate and path heat value The corresponding current state value and the next state value;

[0151] Use Q-tables to represent the state-action model. Indicates the state at the current time t. Take action below The value of , and randomly initialize all values ​​in the Q-table;

[0152] During the test, based on the current state Choose an action Perform the action and observe the next state. and the rewards received Then, the Q-learning algorithm is used to update the values ​​in the Q-table. The update formula for the Q-learning algorithm is: In the formula, Represented as the updated Q-value, Represented as the state at time t Take action below value, This represents the learning rate used to control the update step size. This is represented as a discount factor that measures the importance of future rewards. Indicates the next +1 time state Take all possible actions The maximum value of the Q-value;

[0153] Based on the updated Q-value table, the action with the highest value in each state is selected as the optimal adjustment strategy.

[0154] Furthermore, by integrating multi-dimensional data such as code coverage, resource utilization, defect trigger rate, and path heat value to construct a state vector and generate global optimization instructions, we can comprehensively consider various factors from a macro perspective, providing comprehensive guidance for test strategy formulation. The multi-objective optimization NSGA-II algorithm is used to balance the multi-dimensional data, including non-dominated sorting and crowding calculation, to find the optimal trade-off between multiple conflicting objectives, thereby dynamically adjusting the test strategy and achieving a better balance between different objectives in the testing process. A state-action model is then constructed, with state vectors representing test states and different test strategy adjustment methods as actions. The Q-learning algorithm is used to optimize this model. By continuously trying different actions and updating the Q-value based on the obtained rewards, the optimal action for each state is gradually found, achieving continuous optimization of the test strategy. This improves code coverage, more comprehensively detects potential defects, and enhances the stability and reliability of the target software.

[0155] S6. Set the termination conditions for defect detection, and continuously perform a cyclical testing process of generating new test data, executing tests, and verifying defects on the target software until the termination conditions are met, generate a defect report, and output a coverage heatmap and resource usage log.

[0156] Specifically, the steps for generating a defect report are as follows:

[0157] Collect basic data to generate defect reports, including stack traces that trigger defects, register states, crash information of crash addresses, edge coverage heatmaps and path execution frequency coverage information, CPU, memory and disk resource usage curves, and availability rating to verify the test results of defects.

[0158] The real defects are screened from the collected test results, and the defects are classified according to their type and severity. Then, the defects are prioritized by comprehensively sorting their availability, scope of impact, and trigger path coverage.

[0159] While performing statistical analysis on the selected defects according to type and severity, we also analyzed the correlation between defects and code coverage and resource consumption by combining coverage data and resource usage data.

[0160] The compiled defect information, statistical analysis results, coverage heatmap, and resource usage logs are then integrated into the defect report.

[0161] Generate interactive HTML reports using visualization tools, allowing users to click to view code locations and resource curves.

[0162] Furthermore, by setting defect detection termination conditions, excessive or insufficient testing is avoided, making the testing process more scientific and reasonable. Continuous cyclical testing ensures that as many potential defects in the target software as possible are discovered. The generated defect reports record the defect information found in the software in detail, providing the development team with a clear basis for fixing defects and helping to improve the quality and stability of the target software.

[0163] It should be noted that the present invention provides, for example... Figure 2 The software defect detection system shown is a software defect detection method that integrates containerized environment simulation and reinforcement learning. It includes: a semantic-aware input generation and mutation module: based on static analysis, a semantic model of the target software is constructed, seed data that meets the semantic requirements of the software is generated, and the seed data is mutated using syntax-aware mutation technology to generate test data, which is then transmitted to the fine-grained coverage module for testing. This module is used to comprehensively explore the input space of the target software and reduce the coverage blind spots caused by a large amount of invalid data generated by random mutation. The syntax-aware mutation technology includes syntax structure-aware mutation, symbolic execution-assisted constraint extraction, and LSTM model learning-driven mutation optimization.

[0164] Fine-grained coverage guidance and hybrid execution module: Receives test data and performs tests on the target software. It uses instrumentation technology to monitor the execution path of the test data in real time, records fine-grained coverage information of branch hits and function call chains, explores deep conditional branches and state dependency paths by combining symbolic execution, and outputs coverage data. These data are sent to the dynamic feedback and adaptive decision-making modules for strategy adjustment. The semantic-aware input generation and mutation module optimizes the generation of subsequent test data for efficient exploration of the target software's state space.

[0165] Nondeterministic behavior control and defect verification module: By using deterministic scheduling tools to capture thread scheduling order, fixed random number seeds, and replay execution trajectories, the uncertainty of multi-threaded and random behavior is eliminated, ensuring that defect triggering can reproduce the crash scenario and generating defect verification results;

[0166] Environment Simulation and Resource Management Module: Based on containerized environment isolation Docker technology, it simulates the real running environment of the target software, including operating system type, dependency library version and network configuration, to improve the environmental adaptability of the target software test, and monitors the usage information of CPU, memory and disk resources in real time. According to the resource usage status, a PID controller is used to dynamically adjust the execution order and intensity of test tasks to avoid resource exhaustion leading to low test efficiency or test interruption, thereby ensuring the stability and efficiency of the test process.

[0167] Dynamic Feedback and Adaptive Decision Module: Receives and integrates data from various modules to generate defect reports, including coverage data, resource usage information, defect verification results, and analysis information. It uses the multi-objective optimization NSGA-II algorithm to generate global optimization instructions, dynamically adjusts the operating parameters and testing strategies of each module, and constructs a state-action model for reinforcement learning defect testing to achieve adaptive optimization of the entire system.

[0168] The compiler awareness and binary analysis module: performs awareness and analysis on the compiler's optimization strategies, analyzes the binary code of the target software, generates analysis information, monitors abnormal stack / heap pointer offsets through binary instrumentation, quickly identifies exploitable memory corruption defects, marks high-risk code areas, and guides auxiliary input generation and defect localization.

[0169] The above formulas are all dimensionless calculations. The formulas are derived from software simulations based on a large amount of collected data to obtain the most recent real-world results. The preset parameters in the formulas are set by those skilled in the art according to the actual situation.

[0170] The above embodiments can be implemented, in whole or in part, by software, hardware, firmware, or any other combination thereof. When implemented using software, the above embodiments can be implemented, in whole or in part, as a computer program product. The computer program product includes one or more computer instructions or computer programs. When the computer instructions or computer programs are loaded or executed on a computer, all or part of the processes or functions described in the embodiments of this application are generated. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another. For example, the computer instructions can be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wired or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium can be any available medium that a computer can access or a data storage device such as a server or data center that includes one or more sets of available media. The available medium can be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. A semiconductor medium can be a solid-state drive.

[0171] It should be understood that in the various embodiments of this application, the order of the above-mentioned processes does not imply the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of this application.

[0172] Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.

[0173] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A software defect detection method integrating containerized environment simulation and reinforcement learning, characterized in that, Includes the following steps: S1. Construct a semantic model of the target software to generate seed data, build a simulated test environment using containerization technology, dynamically allocate initial resources and set resource monitoring thresholds, and parse the debugging information of the software program to generate a control flow graph (CFG), identify high-risk functions and mark sensitive code areas. S2. Perform diverse mutation operations on the seed data to generate diverse test data, and input it into the target software to perform tests; S3. Instrument the target software for testing, monitor the code execution path in real time and record the edge coverage, dynamically adjust the priority according to the path execution frequency, use the exponential decay algorithm of AFLFast to explore less popular branches first, and trigger symbolic execution to solve complex path constraints when the coverage stagnates. The exploration branch steps of AFLFast's exponential decay algorithm are as follows: Record the number of times each path is executed during the target software test; The priority of edges is dynamically adjusted based on execution frequency. The AFLFast exponential decay algorithm is used to calculate the path priority score, where the calculation formula for the exponential decay algorithm is: and In the formula, Represented as edge Priority score, Represented as edge Execution frequency, Represented as the attenuation factor, Represented as path edge; Prioritize selecting the branches corresponding to the edges with higher priority scores for subsequent testing and exploration; When coverage is continuous When the growth rate of a cycle is less than a preset threshold, it is considered stagnant. And the preset threshold is ; When edge coverage stagnates, symbolic execution is triggered to solve complex path constraints. That is, symbolic execution of the currently uncovered path is performed to extract path constraints, and the solver is used to generate input values ​​that satisfy the constraints. The input values ​​are then back-injected to obtain the solution results, and the solution results are used as new test data to input into the target software to break through the current coverage blind spots. S4. Use the deterministic scheduler tool to capture non-deterministic events such as thread scheduling order, random number seed, and signal processing. Generate execution trajectory logs during the defect verification phase, monitor resource status in real time, and dynamically adjust the number of concurrent tasks for non-deterministic events using a PID controller when the resource monitoring threshold is exceeded. S5. By integrating multi-dimensional data such as code coverage, resource utilization, defect trigger rate, and path heat value, a state vector is constructed, and global optimization instructions are generated. Then, the multi-objective optimization NSGA-II algorithm is used to balance the multi-dimensional data, including non-dominated sorting and crowding calculation, so as to dynamically adjust the test strategy. Then, a state-action model is constructed, with the state vector representing the test state and different test strategy adjustment methods as actions. The reinforcement learning Q-learning algorithm is used to optimize the model to achieve continuous optimization of the test strategy and set a real-time circuit breaker to switch the exploration path. S6. Set the termination conditions for defect detection, and continuously perform a cyclical testing process of generating new test data, executing tests, and verifying defects on the target software until the termination conditions are met and a defect report is generated.

2. The software defect detection method integrating containerized environment simulation and reinforcement learning according to claim 1, characterized in that, The logic for generating the seed data is as follows: The semantic analysis determines the grammatical structure rules of the target software's input data, including protocol specifications and file structure. A semantic model is constructed using context-free grammars to formally represent the syntactic structure rules of the target software's input data; Symbolic execution is introduced at critical branch points, and logical expressions are used to extract path constraints. Seed data for valid input is generated based on grammatical structure rules, and boundary values ​​are generated in combination with constraints. The probability distribution of high-value mutation locations in the seed data of a valid input is predicted by training an LSTM model, and a cross-entropy loss function is defined to determine the mutation locations in the data.

3. The software defect detection method integrating containerized environment simulation and reinforcement learning according to claim 1, characterized in that, The steps for setting up the test environment are as follows: Analyze the target software's operating environment, including operating system type, dependent library versions, and network configuration parameters; A Docker image is built using a Dockerfile, and the target software is installed within the container. Environment parameters are injected, and initial resources, including CPU cores, memory size, and disk space, are dynamically allocated. Specifically, based on the target software's historical resource usage data, the resource requirements of the target software during defect testing are predicted, and initial resources are allocated accordingly. The formula for calculating the number of CPU cores is as follows: ,and In the formula, This represents the number of CPU cores allocated to the container in the simulated test environment. This represents the total number of CPU cores in the system. Represented as volatility factor, This represents the maximum number of CPU cores used by the target software in historical resources. This represents the minimum number of CPU cores used by the target software in historical resources. The formula for calculating memory size allocation is: In the formula, This represents the amount of memory allocated to the container in the simulated test environment. This represents the target software's maximum memory usage in historical resources. This represents the total system memory size. The formula for calculating disk space allocation is: In the formula, This represents the disk space allocated to the container in the simulated testing environment. Simulate network latency and packet loss using Linux flow control tools; Set resource monitoring thresholds and allow the PID controller to dynamically adjust the number of concurrent tasks. The calculation formula for the PID controller is as follows: ,and In the formula, This represents the adjustment amount for the number of concurrent tasks output by the PID controller. Indicated as current Time error value, , , These are represented as proportional coefficient, integral coefficient, and differential coefficient, respectively. , Represented as the current The software displays the CPU core count, memory size, and disk space usage during the testing process. , These represent the preset resource monitoring thresholds for the number of CPU cores, memory size, and disk space, respectively.

4. The software defect detection method integrating containerized environment simulation and reinforcement learning according to claim 1, characterized in that, The steps for marking the sensitive code region are as follows: Use a disassembler to parse the debugging information of the target software program to generate a control flow graph (CFG) of the binary code, and obtain and identify the address, variable information, and function call relationships of the code; Match the list of high-risk function APIs, identify the location of high-risk functions in the target software, and mark the code region with the high-risk function call context based on the location of the high-risk function and the control flow graph (CFG). By instrumenting code to monitor whether the code region of a high-risk function call context inputted by the user propagates to a dangerous operation, and by calculating a hazard score for the high-risk function, variables affected by user input are identified and marked as sensitive code regions. The hazard score expression for the high-risk function is as follows: In the formula, This is represented by a risk score for a high-risk function. This is indicated as a high-risk function. This is indicated as a dangerous operation. This represents the weight of the corresponding dangerous operation. This represents the number of times a dangerous operation occurs within a high-risk function.

5. The software defect detection method integrating containerized environment simulation and reinforcement learning according to claim 1, characterized in that, The steps for generating the diverse test data are as follows: From the various sub-data generated by the semantic model combined with constraints, select one seed data and label it as... ; A1. Structured Variation: First, analyze the file structure and protocol specifications of the seed data, and construct a context-free grammar model; The values ​​of key fields are directly replaced according to the four-tuple syntax rules to generate valid but mutated first input data, and boundary values ​​are inserted into the key fields. When it is necessary to quantify the degree of mutation in specific situations, the degree of mutation algorithm is used to calculate the difference between the structured mutated input data and the initially selected seed data. The expression for the degree of mutation algorithm is: ,and In the formula, Represented as seed data Degree of variation Represented as seed data The total number of elements after mutation. Represented as seed data The total number of original elements in the data. The range of values ​​representing the degree of variation is: ; A2. Symbolic execution-assisted mutation requires first applying symbolic execution to the target software, introducing symbolic execution at critical branch points of the program, and extracting constraint expressions. Use the constraint solver Z3 to analyze the constraint expression and generate a solution that satisfies the constraint. The solution results are injected into the seed data to trigger the deep path and generate a second input data that covers different program execution paths and is mutated. A3. LSTM model optimization mutation: First, use the historical valid input data of the target software to train the LSTM model, learn the byte distribution pattern and predict the mutation probability of each position; The seed data is then converted into a vector format according to time series and input into the LSTM model for prediction; The LSTM model outputs the mutation probability of each byte, prioritizes mutations at high-probability locations, inserts boundary values ​​at predicted locations, and performs optimized mutations to generate the third input data.

6. The software defect detection method integrating containerized environment simulation and reinforcement learning according to claim 1, characterized in that, The recording logic for the edge coverage is as follows: Insert monitoring code at the entry point of each basic block in the target software program and record the number of times it is executed; Assign a unique identifier to each edge of two adjacent basic blocks; A bitmap is used to record the edge hit status, with each edge corresponding to a bit in the bitmap. When an edge is covered, the corresponding position is marked as 1; otherwise, it is marked as 0. The percentage of edge coverage is calculated by counting the number of 1s in the bitmap. The formula for edge coverage is as follows: In the formula, Represented as the number of 1s in the bitmap. This is represented as the total number of bits in the program bitmap. This is expressed as edge coverage.

7. The software defect detection method integrating containerized environment simulation and reinforcement learning according to claim 1, characterized in that, The steps for generating the global optimization instruction are as follows: Collect multi-dimensional data related to the target software testing, including coverage, resource utilization, defect trigger rate, and path heat. The collected multi-dimensional data is organized and quantified to construct a state vector; Define multiple optimization objectives in the target software testing process, including maximizing coverage, minimizing resource utilization, maximizing defect trigger rate, and minimizing path heat. Normalization processing is performed on each data point in the state vector to eliminate the dimensional differences between different data indicators. Based on the state vector and target weights, a linear combination method is used to generate global optimization instructions that can guide the optimization of the target software testing process.

8. The software defect detection method integrating containerized environment simulation and reinforcement learning according to claim 1, characterized in that, The logic of dynamically adjusting the testing strategy for the multi-objective optimization NSGA-II algorithm is as follows: Based on the defined multiple optimization objectives, a set of initial test strategies is randomly generated as the population; For each individual in the population, a multi-objective function is defined based on multiple defined optimization objectives; Then, for individuals in the population Non-dominated ranking is performed, dividing individuals into different levels, with non-dominated individuals belonging to the first level; Calculate the crowding level of individuals within each level; Based on non-dominated ranking and crowding, select superior individuals for crossover and mutation operations to generate a new population; The testing strategy is updated based on individuals in the new population to achieve dynamic adjustments.

9. A computer device, comprising: Memory and processor; The memory stores a computer program, characterized in that: when the processor executes the computer program, it implements the steps of the software defect detection method that integrates containerized environment simulation and reinforcement learning as described in any one of claims 1 to 8.

10. A computer-readable storage medium having a computer program stored thereon, characterized in that: When the computer program is executed by the processor, it implements the steps of the software defect detection method that integrates containerized environment simulation and reinforcement learning as described in any one of claims 1 to 8.