Qin X.-J.,Jiang Nan Computer Technique Institute |
Zhou L.,Jiang Nan Computer Technique Institute |
Chen Z.-N.,Jiang Nan Computer Technique Institute |
Gan S.-T.,Jiang Nan Computer Technique Institute
Jisuanji Xuebao/Chinese Journal of Computers | Year: 2015
To solve path explosion, low rate of new path's finding in the software testing and high rate of false alarm of static analysis, this paper proposes a vulnerability discovering architecture which combined dynamic analysis and static analysis, and design the trace solving algorithm based on lazy symbolic execution for the problem of loop explosion. This trace solving algorithm applies 3 key factors consisting of shortest path, constraint probability and reachable trace number to guide the symbolic execution which can reach the vulnerability faster with the more accuracy of trace choosing. Through the lazy symbolic execution to automatically identify the loop structure and delay the variables' concreting, we can fit the problem of trace combination explosion of loop structure efficiently and get the test cases which can reach the vulnerability sets. Our algorithm is also tested on coreutils6.10 and compared with KLEE, Otter and SAGE. The experiment result shows that our algorithm can analyze the program containing more branches effectively, and the larger testing program is, the more obvious advantage it has. © 2015, Science Press. All right reserved.