透過您的圖書館登入 IP:18.119.133.228
透過您的圖書館登入
IP:18.119.133.228
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

運用程式碼覆蓋範圍分類程式失誤狀況

Using Code Coverage as a Triage Method

周瑋勝(Wei-Sheng Chou)
指導教授 : 黃世昆 陳穎平
國立交通大學/資訊學院/資訊科學與工程研究所/碩士(2015年)
https://doi.org/10.6842/NCTU.2015.00211
全文下載

摘要

隨著軟體產業的蓬勃發展,若要維繫良好的軟體品質,必然要能找出軟體錯誤的原因。然而軟體日趨複雜,人工方式除錯成本高昂,已難以應付龐大的程式碼。尋求降低漏洞測試成本、提高除錯效率,成為相關自動化工具發展的最大需求。 自動化的測試工具近年來發展迅速,現存有許多自動化漏洞測試工具,包括Smartfuzz [1]、BFF [2]和FOE [3]等。然而自動化工具中,錯誤分類這個環節的研究日漸趨緩,因此本論文提出一種新的錯誤分類方法,有別於傳統錯誤分類法、基於除錯器的歷史呼叫堆疊(stack trace)為基準,我們提出運用程式碼覆蓋範圍(code coverage)、來達成錯誤分類的需求,。 在評估方面,我們以實際程式(real program)與測試程式(test program)為目標程式,在觀察程式行為後,設計出覆蓋整個原始碼可能路徑的輸入資料。在分類方法上,則是以gcov [4]分析測資涵蓋率,當目標程式輸入測試資料時,若程式發生失誤,則透過分析程式的gcov檔案進行錯誤分類。我們同時針對同筆測試資料經傳統方法分類,比較兩者的分類結果,顯現過去分類方法的缺陷,並探討透過以程式碼覆蓋範圍為基準的方法,改善缺陷、使分類結果更精準。

關鍵字

錯誤分類 程式碼覆蓋範圍 漏洞分析工具 軟體測試

並列摘要

Software is getting complicated due to the changing needs and flourishing development of software industry. To better improve software quality, we need to find the major reasons which cause the program crash. However, debugging by software developer is not an efficient method, especially in large software. Many automated tools are developed to enhance the fault localization efficiency and reduce the maintenance cost. Several automated tools include smartfuzz, BFF and FOE. Most of the researches are focused on improving software testing process, and the primary triage method is based on the stack trace hash, and is unchanged for a long time. Therefore, we propose a new triage method based on code coverage. We use real programs and special test methods as our target. After observing program behavior, we produce different input data sets for all possible paths. Our triage method is designed by analyzing the gcov coverage results, on every time the input causes the program crash. For the same crash input, we also use traditional stack trace hash method to contrast the flaws with our proposed method. Our experiment results reveal that our proposed method based on code coverage exhibits better triages in terms of number of unique bugs and correct classifications of faults.

並列關鍵字

Fault Triage Code Coverage Fuzzing Tool Software Testing

參考文獻

[19] David A Molnar, David Wagner, “Catchconv: Symbolic execution and run-time type inference for integer conversion errors,” UC Berkeley EECS, February 2007.
[5] David Molnar, Xue Cong Li, David Wagner, “Dynamic Test Generation to Find Integer Bugs in x86 Binary Linux Programs,” USENIX, pp. 67-82, August 2009.
[12] Alexandre Rebert, Sang Kil Cha, Thanassis Avgerinos, Jonathan Foote, David Warren, Gustavo Grieco, David Brumley, “Optimizing seed selection for fuzzing,” USENIX, pp. 861-875, Augest 2014.
[6] Wei Jin, Alessandro Orso, “F3: fault localization for field failures,” Proceedings of the 2013 International Symposium on Software Testing and Analysis, pp. 213-223, July 2013.
[8] “Valgrind,” [線上]. Available: http://valgrind.org/.

延伸閱讀

全文下載