CN109634869A - Binary translation intermediate representation correctness test method and device based on semantic equivalence verifying - Google Patents
Binary translation intermediate representation correctness test method and device based on semantic equivalence verifying Download PDFInfo
- Publication number
- CN109634869A CN109634869A CN201811570147.9A CN201811570147A CN109634869A CN 109634869 A CN109634869 A CN 109634869A CN 201811570147 A CN201811570147 A CN 201811570147A CN 109634869 A CN109634869 A CN 109634869A
- Authority
- CN
- China
- Prior art keywords
- intermediate representation
- instruction
- test
- binary translation
- source platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
Abstract
The invention belongs to computer implantation technique field, in particular to a kind of binary translation intermediate representation correctness test method and device, this method based on semantic equivalence verifying includes: the mapping ruler established between source platform instruction and intermediate representation;State initialization is carried out to intermediate representation, and constructs test case;For test case, source platform instruction and intermediate representation are independently executed respectively, according to independently executing, whether the semanteme of the instruction of result judgement source platform and intermediate representation between the two is of equal value.The present invention can be realized the intermediate code correctness test unrelated with specific architectural framework, in conjunction with the test method of black box and whitepack, the problem of capable of quickly, efficiently and accurately positioning binary translation intermediate representation, improve the accuracy and efficiency of its test, and then shorten software development test period, guarantee software quality and reliability, the binary translation between different platform is tested and the cross-platform implantation technique of computer software has certain directive significance.
Description
Technical field
The invention belongs to computer implantation technique field, in particular to a kind of binary translation based on semantic equivalence verifying
Intermediate representation correctness test method and device.
Background technique
Binary translation realize the cross-platform binary program of computer stress-free temperature, be widely used in system virtualization,
The fields such as simulator exploitation, are an important software transplanting technologies.The principle of binary translation technique is mainly by source platform
Executable program decode to obtain assembly instruction, be reconverted into intermediate representation, ultimately produce the instruction of target platform and operation.Such as
The intermediate representation that QEMU binary translation system uses is that code generator TCG, the UQBT binary translation system simplified uses
Intermediate representation be RTL.Mainly use various test sets to translation for the correctness verification method of binary translation system
System carries out system testing, such as QEMU provides linux-user-test, linux-user-busyboxes test set to survey
Try the correctness of translation system.But for crucial intermediate representation part, but without special test method.
Binary translation is substantially a kind of technique of compiling, expands to compiling field, and the functional test for compiler has very
Multi-method, CSmith system have carried out system to modern compiler GCC, LLVM using the method for generating effective c program at random
The test of point-to-point, and have found some bug.Similar to CSmith system, some systems are also by generation C or C++ program
Method tests compiler.These test methods can be divided into white-box testing and two kinds of Black-box Testing.It is surveyed in Black-box Testing as fuzzy
Examination, the fuzz testing based on grammer can be applied in code tester;The disadvantage is that it is difficult to ensure that all relevant input datas
It is tested.The method of white-box testing such as semiology analysis, according to there is higher test coverage, but state space is usually larger,
Easily cause State-explosion problem.These tests are all the methods of system testing, and it is independent can not in depth to analyze verifying
The function accuracy of component.The method of application system test will lead to the bug that binary translation system is hidden in intermediate representation
It is difficult to be found.Reason essentially consists in: 1. using SPEC2006 as the test set of representative when being executed partial code traversal less than this
Result in the incompleteness of translation system functional verification, it is understood that there may be the intermediate representation not being tested;2. being surveyed when actual test
The input data covering surface of examination collection is limited, this causes to be possible to there are some border conditions to be in testing not in lead
Cause the imperfection of intermediate representation test.In addition, compiler verifying is also a kind of theoretical method of compiler test, CompCert is
One representative Formal Verification frame.But application form authenticates to a product-level compiler such as GCC and remains difficult
It realizes.Hasabnis proposes the method that test GCC compiler code generates specification, can construct special test case to test
The function accuracy of GCC compiler intermediate representation is demonstrate,proved, still, this method can not be applied to the binary system that front end is machine instruction and turn over
System is translated, and then influences software development test period and quality.
Summary of the invention
For this purpose, the present invention provides a kind of binary translation intermediate representation correctness test method based on semantic equivalence verifying
And device, can the correctness accurately and efficiently to binary translation intermediate representation semanteme test, and then shorten software open
Test period is sent out, guarantees software running quality and reliability.
According to design scheme provided by the present invention, it is a kind of based on semantic equivalence verifying binary translation intermediate representation just
True property test method, includes following content:
Establish the mapping ruler between source platform instruction and intermediate representation;
State initialization is carried out to intermediate representation, and constructs test case;
For test case, source platform instruction and intermediate representation are independently executed respectively, foundation independently executes result judgement
Whether the semanteme of source platform instruction and intermediate representation between the two is of equal value.
Above-mentioned, it is instructed according to source platform, obtained by binary translator indicates among it, and establishes between the two
Mapping ruler.
Above-mentioned, it is instructed according to source platform, obtained by binary translator indicates among it, is searched by running test set
The mapping ruler of collection between the two.
Preferably, before running test set, test set is carried out by setting selection strategy according to practice and coverage rate first
Classification processing, which includes: the minimum mode of instruction classification is carried out according to same operation code, according to same operation
The definition template of code, operand quantity and addressing system carries out the prototype pattern of instruction classification, and carries out according to different operation code
The complete mode of operand instruction classification.
Above-mentioned, include following content during being initialized to intermediate representation and construct test case: dividing defeated
Entering space is equivalence class;A plurality of intermediate representation is configured to dependent tree according to data dependence relation, since root node on to
Lower traversal tree carries out the limitation for being output to input, so that restrictive condition travels to leaf node;All leaf nodes it is effective defeated
Enter as test input value.
Preferably, the input space is divided to each intermediate representation, to determine an equivalence class set during equivalence class
As output.
Preferably, during a plurality of intermediate representation being configured to dependent tree according to data dependence relation, to a plurality of middle table
Show, it is first determined the limitation that each intermediate representation is output and input, using the input of current intermediate representation as a upper centre
The output of expression.
It is above-mentioned, during intermediate representation independently executes, using the intermediate representation interpreter in binary translation system come
The processor state after intermediate representation executes is obtained, using the processor state after execution as intermediate representation semanteme;
During source platform instruction independently executes, obtaining first includes assembly instruction program to be tested, establishes performing environment, and come with initial value
Initialize performing environment;Then assembly instruction program to be tested is executed, the processor state after intermediate representation executes is obtained.
It is above-mentioned, according to independently execute the instruction of result judgement source platform and intermediate representation between the two it is semantic whether etc.
Valence includes following content: the processor state after independently executing according to both source platform instruction and intermediate representation judges two
Whether person's semanteme is identical.
A kind of correct system safety testing device of binary translation intermediate representation based on semantic equivalence verifying includes: mapping block,
Initialization module and test module, wherein
Mapping block, the mapping ruler for establishing between source platform instruction and intermediate representation;
Initialization module for carrying out state initialization to intermediate representation, and constructs test case;
Test module respectively independently executes source platform instruction and intermediate representation, for being directed to test case according to independent
Implementing result determines whether the semanteme of source platform instruction and intermediate representation between the two is of equal value.
Beneficial effects of the present invention:
The present invention initially sets up the corresponding relationship of source platform instruction and intermediate representation, then at the beginning of intermediate representation carry out state
Beginningization, and construct test case, source platform instruction and intermediate representation are independently executed respectively later and compare to context environmental
Change as a result, therefore, it is determined that semantic whether of equal value;Realize the intermediate code correctness test unrelated with specific architectural framework, knot
The test method of black box and whitepack is closed, the problem of capable of quick and precisely positioning binary translation intermediate representation, improves it
Test accuracy and efficiency guarantee software quality and reliability, have to the binary translation test between different platform certain
Directive significance.
Detailed description of the invention:
Fig. 1 is correctness test method flow diagram in embodiment;
Fig. 2 is intermediate representation testing process in embodiment;
Fig. 3 is the limited propagation schematic diagram of data in embodiment;
Fig. 4 is correct system safety testing device schematic diagram in embodiment.
Specific embodiment:
To make the object, technical solutions and advantages of the present invention clearer, understand, with reference to the accompanying drawing with technical solution pair
The present invention is described in further detail.
Test coverage is low present in test process for existing binary translation system intermediate representation, easily causes
State space explosion, test be imperfect, using the situations such as limited, shown in Figure 1 in the embodiment of the present invention, provides a kind of base
Include following content in the binary translation intermediate representation correctness test method of semantic equivalence verifying:
S101, establish source platform instruction intermediate representation between mapping ruler;
S102, state initialization is carried out to intermediate representation, and constructs test case;
S103, it is directed to test case, source platform instruction and intermediate representation is independently executed respectively, foundation independently executes result
Determine whether the semanteme of source platform instruction and intermediate representation between the two is of equal value.
It is instructed according to source platform, obtained by binary translator indicates among it, and establishes mapping rule between the two
Then.The instruction set for defining source platform is P, the intermediate representation set M in binary translator.The correctness of intermediate representation refers to
The assembly instruction A (A ∈ M) for giving a kind of source platform is translated to obtain intermediate representation I (I ∈ M*) by binary translator, I and A's
Semanteme is of equal value.Semanteme refers to the modification made to processor state in binary translation environment, and definition set V is processing
The set of device all registers and internal storage location, processor state are the value of all members at a time in set V.Define SA
Indicate the processor state after assembly instruction A is executed, SIIndicate the processor state after intermediate representation is performed.Semantic equivalence is
Refer to initial processor state under the same conditions, SAAnd SIEquivalence (is expressed as SI=SA).Establish instruction A (the A ∈ of source platform
M) and the mapping relations of its intermediate representation I obtained by binary translation, it is denoted as (A, I) ∈ P × M*.
It obtains all (A, I) mapping relations and carries out semantic equivalence test, need to analyze in binary translator all
Decoding and intermediate representation generate code, it is right to extract all (A, I).However this needs a large amount of artificial participation, in addition, this
There are also following disadvantages for kind method: first is that the not instead of intermediate representation that some intermediate representation generating portions generate, some advanced
The aid in treatment function that language is write, this is not suitable for forming mapping;Second is that intermediate representation generating portion is complicated, including very
More limitation, condition or even predicates becomes difficult extraction intermediate representation.Therefore, all (A, I) is manually analyzed to not
It is a nothing the matter.It in further embodiment of the present invention, instructs, is obtained by binary translator in-between according to source platform
It indicates, mapping ruler between the two is collected by operation test set.By the method for testing large test set, executed true
When (A, I) mapping for generating to finding out.By running enough test sets, it can achieve enough coverage rates.
Preferably, before running test set, test set is carried out by setting selection strategy according to practice and coverage rate first
Classification processing, which includes: the minimum mode of instruction classification is carried out according to same operation code, according to same operation
The definition template of code, operand quantity and addressing system carries out the prototype pattern of instruction classification, and carries out according to different operation code
The complete mode of operand instruction classification.
Generate the original state of assembly instruction A and its intermediate representation I of equal value to be tested, the i.e. value of initial input.One
Kind mode is accurately to simulate, and generates each possible original state for instruction and intermediate representation.However, it is contemplated that state space
Too big, the value that one 32 registers may take has 232A, therefore, original state quantity may be too many and making to test becomes not
It is acceptable.The method that another kind improves initial state value setting is some initial values of random selection, and still, random selection can be brought
Some problems.Firstly, the operation of some instructions is just carried out when condition meets, the value selected at random may not be able to meet this
Therefore a little conditions will not trigger corresponding operating.Secondly, the inadequate system of the method generated at random, can not provide enough independence
Property.Therefore, original state generation method should meet three targets as far as possible: can guarantee the complete of the beginning state set generated
Property;Enough performances are obtained using less beginning state;It is as unrelated with framework as possible.The first two target can pass through division etc.
The method of valence class reduces the quantity of state in state space to realize.Meeting third target then needs to exist as much as possible when design
The dependence to framework is reduced in test.Since intermediate representation segment I generally comprises more than one intermediate representation, such as x86
Add%20fd2 is instructed, the intermediate representation that %ebx is generated contains multiple operations, thus the case where generating data dependence.With f (g
(...)) form that indicates data dependence relation, i.e., it to be not only thought of as f and g now and generates suitable test respectively inputting, but also
Consider more generally problem, which kind of input makes g also and can produce suitably to export f.It is right in further embodiment of the present invention
Include following content during intermediate representation is initialized and constructs test case: the division input space is equivalence class;It will
A plurality of intermediate representation is configured to dependent tree according to data dependence relation, traverses tree from up to down since root node and is output to
The limitation of input, so that restrictive condition travels to leaf node;Effective input of all leaf nodes is as test input value.
Preferably, the input space is divided to each intermediate representation, to determine an equivalence class set during equivalence class
As output.
Preferably, during a plurality of intermediate representation being configured to dependent tree according to data dependence relation, to a plurality of middle table
Show, it is first determined the limitation that each intermediate representation is output and input, using the input of current intermediate representation as a upper centre
The output of expression.
Original state generation method: to each intermediate representation, determine the set an of equivalence class as output;To a plurality of
Intermediate representation, it is first determined the limitation that each intermediate representation is output and input, and the input of current intermediate representation, as upper
The output of one intermediate representation travels to a upper intermediate representation to make to limit from current intermediate representation.Final design goes out
All inputs for meeting limitation.The similar input space that divides as expert of the first step is equivalence class;Second step first will be a plurality of
Intermediate representation is configured to dependent tree according to data dependence relation, then traverses tree from up to down since root node and is output to
The limitation of input is propagated, so that restrictive condition travels to leaf node, finally determines the input of whole tree.With add%20fd2, %
For ebx because to carry out 32 plus, segmentation standard is used as using symbol and flag bit, is exporting the value of output
Space is divided into 3 classes: (1) positive value, range is 1 between INT32_MAX;(2)0;(3) negative values, range exist
Between the road INT32_MIN -1.After providing output area, when test, selects the value for needing the bounds paid close attention to, and such as collects
It closes { INT32_MIN, 0, INT32_MAX }, includes two boundaries of minimax and 0.So to add $ 20fd2, %ebx,
The limited propagation for meeting problem such as Fig. 3 when output is 0 shows.Symbol O indicates the desired output of intermediate representation, and I indicates desired
Input, S indicate the set of input value obtained after analysis, and Boolean variable result indicates whether current input value can be with
It receives.Eventually by the result construction test input value analyzed dependent tree.These input values constitute assembly instruction and
The identical beginning state of intermediate representation.
During intermediate representation independently executes, centre is obtained using the intermediate representation interpreter in binary translation system
The processor state after executing is indicated, using the processor state after execution as intermediate representation semanteme;Source platform refers to
During order independently executes, obtaining first includes assembly instruction program to be tested, establishes performing environment, and hold to initialize with initial value
Row environment;Then assembly instruction program to be tested is executed, the processor state after intermediate representation executes is obtained.Further,
According to independently executing, whether the semanteme of the instruction of result judgement source platform and intermediate representation between the two is of equal value, includes following content:
Processor state after independently executing according to both source platform instruction and intermediate representation judges whether the two is semantic identical.
The explanation of intermediate representation is executed, needs to design the interpreter of intermediate representation.Since the binary system as QEMU turns over
The system of translating provides the interpreter TCI of TCG, therefore the explanation that can very easily carry out intermediate representation executes.Compilation is obtained to refer to
Enabling semantic method is one user level process of creation, safeguards an environment and executes it.Requirement to performing environment is: first
First, the execution of instruction, secondly, needing the environment of tracking process execution, can be monitored or be modified in an independent environment
The content of register and memory.Third can capture process and execute the exception issued and signal.For memory, need to obtain
The semanteme taken is the value of the memory updated.A kind of simple method is to use memory respectively before and after execution in independent environment
Snapshot.This method low efficiency, because needing to analyze the memory headroom of entire 4G under worst environment.But due to performing environment
Memory address can be tracked, therefore still gives this method.But only in memory refreshing, analysis is just gone to execute the memory of front and back
State, that is, just go to check when execution has write operation.For register, semantic as whole registers to be treated
Value.As a result relatively compare the semanteme after assembly instruction and intermediate representation execute, judge whether identical, middle table is judged with this
Whether show has bug.
Based on above-mentioned test method, the embodiment of the present invention also provides a kind of binary translation based on semantic equivalence verifying
The correct system safety testing device of intermediate representation, it is shown in Figure 4, include: mapping block 101, initialization module 102 and test module
103, wherein
Mapping block 101, the mapping ruler for establishing between source platform instruction and intermediate representation;
Initialization module 102 for carrying out state initialization to intermediate representation, and constructs test case;
Test module 103 respectively independently executes source platform instruction and intermediate representation, foundation for being directed to test case
Whether of equal value independently execute the semanteme of the instruction of result judgement source platform and intermediate representation between the two.
Shown in Figure 2 in the present invention, it is corresponding with intermediate representation to establish source platform instruction for intermediate representation test process
Relationship;State initialization is carried out to intermediate representation, and determines test input;Source platform instruction and intermediate representation are executed simultaneously respectively
Comparison result.
By (A, I) to I is considered as to the mapping ruler of A, using binary translator as a black box, pass through operation test set
To collect mapping ruler as much as possible.Serve as interpreter large-scale test set when, the quantity of (A, I) pair may be million to thousand
Between ten thousand, the ambassador of quantity all test become can not, in fact need not also test one by one, because it is all weight that instruction is most of
Multiple.So designing a selection strategy to form a subset.There are three ways to available: it minimizes mode: will grasp
Make the identical instruction of code and be considered as one kind, for example add 8 (%eax), %ebx and add%20fd2, %ebx are considered as a type of
Instruction, the instruction type that this pattern acquiring arrives is minimum, therefore can rapidly be tested;Prototype pattern: according to operation code
The method definition template of identical, operand quantity and addressing system identical (being all register, constant or indirect addressing etc.) meets
The instruction of template is considered a type of, such as definably template add I, R, by add%20fd2, %ebx and add%20fd2, %eax
It is considered as a type of instruction, and add 8 (%eax), %ebx are exactly another different type;Complete mode: as long as
Different operation code, the instruction of operand are considered to be different type, such as will be by add%20fd2, %ebx and add%
20fd2, %eax are considered as two kinds of instruction, and the instruction type that this pattern acquiring arrives is most, are the most slow moulds of test speed
Formula.When implementing test, according to the requirement of practice and coverage rate, three kinds of methods can be used for the acquisition of (A, I).
The generating algorithm of initial state space may be designed as following content: it is expressed as Gen_Start_States function, with
Intermediate representation segment ir is as input, to analyze obtained input value set S as output.It is described as follows:
Gen_Start_States (ir) function is completed raw to the original state of intermediate representation ir on the basis of dependent tree
At, and with set S return.The operator of top layer and type are broadcast to Create_Outputs first in function, to get
Desired output collection.Such as 32 add operations, the available output to { INT32_MIN, 0, INT32_MAX }.Create_
Outputs be it is determining by hand, for every kind of ir, its implementation is all different.Therefore, it does not embody in the algorithm.Because of ir
The small number of middle operator, so artificial cost is fewer.Despite manual type, similarly output is divided into
Valence class minimizes the quantity of equivalence class to balance artificial experience.In the algorithm, once the set of an output gets it
Afterwards, calling Gen_Inputs_For_Output function is that each output obtains an input set, and the algorithm is specific with one
O is as input, and to analyze obtained input value set as output, algorithm description is as follows:
Gen_Inputs_For_Output passes through transmitting operator, desired output valve and type first to call
GetInputs can be GetInputs (plus, 0, int32) for addition add%20fd2, %ebx, one calling.
GetInputs's the result is that a polynary integer set In, the integer that set element includes are determined by child's quantity of current ir.
For example the element of input set In is made of 2 integers for addition, for negating, is made of 1 integer.
When function GetInputs can return to empty set when that cannot find input.In this case, limited propagation cannot win
Appoint, need to return immediately.Otherwise, if In non-empty, starting limited propagation, the value of element is the desired output of child ir in In,
To travel to the child of ir.It spreads through sex intercourse to carry out limitation, first obtains the set H of all children of ir.If ir is grammer
The leaf node of tree, then H is empty set.In this case, whether the limitation of easy detection ir, which is entered, is met.For example, right
In mem (reg eax) expression formula, can detect whether input value is effective memory address.On the contrary, if ir is not the leaf of syntax tree
Child node, then H non-empty.Element (i in I at this time1, i2..., in) output as each child, if child receives output
Value (recursively calls Gen_Inputs_For_Output function), and function selects the value (i got at this time1, i2..., in) make
To export and returning.Due to Gen_Inputs_For_Output function be it is recursive, road can be traversed on data dependence tree
The longest leaf node of diameter.Finally, input value of the effective input of all leaf nodes as the need test analyzed.
The interpreter TCI that intermediate representation semanteme is the intermediate representation TCG for utilizing binary translation system QEMU to provide is obtained,
Obtain the processor state after intermediate representation executes.It obtains in assembly instruction semantic procedure, is write first comprising to be tested
Then the program of assembly instruction establishes performing environment, and carrys out initialization context with initial value.Test program is executed later, and is obtained
Processor state after taking intermediate representation to execute.For memory, semanteme to be treated is the value of the memory updated.
Setting memory is read-only before executing, therefore there are two types of situations for generation core dumped when execution, and one is test instructions to write memory, separately
One is instructions to have accessed illegal position.After distinguishing both of these case, memory is set as readable writeable and is re-executed.If again
Core dumped occurs, then is second situation.Otherwise, updated memory value is obtained.As a result relatively compare assembly instruction in
Between the processor state that indicates, judge whether identical.
Intermediate code correctness test in the embodiment of the present invention is unrelated with specific architectural framework, in conjunction with black box and whitepack
Test method, the problem of capable of quick and precisely positioning binary translation intermediate representation, solve existing intermediate code test
In deficiency, test coverage is wide, high-efficient, and applicable range is wide, can quickly, efficiently and accurately position binary translation
The problem of intermediate representation, improves the accuracy and efficiency of its test, and then shortens software development test period, guarantees soft
Part q&r, tests the binary translation between different platform and the cross-platform implantation technique of computer software has one
Fixed directive significance.
Unless specifically stated otherwise, the opposite step of the component and step that otherwise illustrate in these embodiments, digital table
It is not limit the scope of the invention up to formula and numerical value.
Based on above-mentioned method, the embodiment of the present invention also provides a kind of server, comprising: one or more processors;It deposits
Storage device, for storing one or more programs, when one or more of programs are executed by one or more of processors,
So that one or more of processors realize above-mentioned method.
Based on above-mentioned method, the embodiment of the present invention also provides a kind of computer-readable medium, is stored thereon with computer
Program, wherein the program realizes above-mentioned method when being executed by processor.
The technical effect and preceding method embodiment phase of device provided by the embodiment of the present invention, realization principle and generation
Together, to briefly describe, Installation practice part does not refer to place, can refer to corresponding contents in preceding method embodiment.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description
It with the specific work process of device, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In all examples being illustrated and described herein, any occurrence should be construed as merely illustratively, without
It is as limitation, therefore, other examples of exemplary embodiment can have different values.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing.
The flow chart and block diagram in the drawings show the system of multiple embodiments according to the present invention, method and computer journeys
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, section or code of table, a part of the module, section or code include one or more use
The executable instruction of the logic function as defined in realizing.It should also be noted that in some implementations as replacements, being marked in box
The function of note can also occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually base
Originally it is performed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that
It is the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, can uses and execute rule
The dedicated hardware based system of fixed function or movement is realized, or can use the group of specialized hardware and computer instruction
It closes to realize.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.The apparatus embodiments described above are merely exemplary, for example, the division of the unit,
Only a kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can
To combine or be desirably integrated into another system, or some features can be ignored or not executed.Another point, it is shown or beg for
The mutual coupling, direct-coupling or communication connection of opinion can be through some communication interfaces, device or unit it is indirect
Coupling or communication connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in the executable non-volatile computer-readable storage medium of a processor.Based on this understanding, of the invention
Technical solution substantially the part of the part that contributes to existing technology or the technical solution can be with software in other words
The form of product embodies, which is stored in a storage medium, including some instructions use so that
One computer equipment (can be personal computer, server or the network equipment etc.) executes each embodiment institute of the present invention
State all or part of the steps of method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-
Only Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can be with
Store the medium of program code.
Finally, it should be noted that embodiment described above, only a specific embodiment of the invention, to illustrate the present invention
Technical solution, rather than its limitations, scope of protection of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair
It is bright to be described in detail, those skilled in the art should understand that: anyone skilled in the art
In the technical scope disclosed by the present invention, it can still modify to technical solution documented by previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of technical solution of the embodiment of the present invention, should all cover in protection of the invention
Within the scope of.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. a kind of binary translation intermediate representation correctness test method based on semantic equivalence verifying, which is characterized in that include
Following content:
Establish the mapping ruler between source platform instruction and intermediate representation;
State initialization is carried out to intermediate representation, and constructs test case;
For test case, source platform instruction and intermediate representation are independently executed respectively, it is flat according to result judgement source is independently executed
Whether the semanteme of platform instruction and intermediate representation between the two is of equal value.
2. the binary translation intermediate representation correctness test method according to claim 1 based on semantic equivalence verifying,
It is characterized in that, instructing according to source platform, obtained by binary translator indicates among it, and establishes mapping between the two
Rule.
3. the binary translation intermediate representation correctness test method according to claim 1 based on semantic equivalence verifying,
It is characterized in that, instructing according to source platform, obtained by binary translator indicates among it, collects two by operation test set
Mapping ruler between person.
4. the binary translation intermediate representation correctness test method according to claim 3 based on semantic equivalence verifying,
It is characterized in that, being classified first by setting selection strategy to test set according to practice and coverage rate before operation test set
Processing, which includes: the minimum mode of instruction classification is carried out according to same operation code, according to same operation code, behaviour
The definition template of quantity of counting and addressing system carries out the prototype pattern of instruction classification, and carries out operand according to different operation code
The complete mode of instruction classification.
5. the binary translation intermediate representation correctness test method according to claim 1 based on semantic equivalence verifying,
It is characterized in that, including following content during being initialized to intermediate representation and construct test case: it is empty to divide input
Between be equivalence class;A plurality of intermediate representation is configured to dependent tree according to data dependence relation, since root node from up to down time
It goes through tree and carries out the limitation for being output to input, so that restrictive condition travels to leaf node;Effective input of all leaf nodes is made
To test input value.
6. the binary translation intermediate representation correctness test method according to claim 5 based on semantic equivalence verifying,
It is characterized in that, dividing the input space to each intermediate representation, to determine an equivalence class set conduct during equivalence class
Output.
7. the binary translation intermediate representation correctness test method according to claim 5 based on semantic equivalence verifying,
It is characterized in that, during a plurality of intermediate representation is configured to dependent tree according to data dependence relation, it is first to a plurality of intermediate representation
The limitation that each intermediate representation is output and input first is determined, using the input of current intermediate representation as a upper intermediate representation
Output.
8. the binary translation intermediate representation correctness test method according to claim 1 based on semantic equivalence verifying,
It is characterized in that, being obtained during intermediate representation independently executes using the intermediate representation interpreter in binary translation system
Processor state after intermediate representation execution, using the processor state after execution as intermediate representation semanteme;Source is flat
During platform instruction independently executes, obtaining first includes assembly instruction program to be tested, establishes performing environment, and come initially with initial value
Change performing environment;Then assembly instruction program to be tested is executed, the processor state after intermediate representation executes is obtained.
9. the binary translation intermediate representation correctness test method according to claim 8 based on semantic equivalence verifying,
It is characterized in that, according to semantic whether of equal value, the packet of the instruction of result judgement source platform and intermediate representation between the two is independently executed
Containing following content: the processor state after independently executing according to both source platform instruction and intermediate representation judges the two language
Whether justice is identical.
10. a kind of correct system safety testing device of binary translation intermediate representation based on semantic equivalence verifying, which is characterized in that packet
Contain: mapping block, initialization module and test module, wherein
Mapping block, the mapping ruler for establishing between source platform instruction and intermediate representation;
Initialization module for carrying out state initialization to intermediate representation, and constructs test case;
Test module respectively independently executes source platform instruction and intermediate representation, foundation independently executes for being directed to test case
Whether the semanteme of the instruction of result judgement source platform and intermediate representation between the two is of equal value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811570147.9A CN109634869B (en) | 2018-12-21 | 2018-12-21 | Binary translation intermediate representation correctness testing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811570147.9A CN109634869B (en) | 2018-12-21 | 2018-12-21 | Binary translation intermediate representation correctness testing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109634869A true CN109634869A (en) | 2019-04-16 |
| CN109634869B CN109634869B (en) | 2022-02-01 |
Family
ID=66076393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811570147.9A Active CN109634869B (en) | 2018-12-21 | 2018-12-21 | Binary translation intermediate representation correctness testing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109634869B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110347588A (en) * | 2019-06-04 | 2019-10-18 | 北京谦川科技有限公司 | Software verification method, device, computer equipment and storage medium |
| CN111539174A (en) * | 2020-07-08 | 2020-08-14 | 成都奥卡思微电科技有限公司 | Regression testing method, storage medium and system based on proof kernel |
| CN111625279A (en) * | 2020-04-27 | 2020-09-04 | 中国人民解放军战略支援部队信息工程大学 | Dynamic and static fusion binary translation method and system based on dynamic link library |
| CN113297083A (en) * | 2021-05-27 | 2021-08-24 | 山东云海国创云计算装备产业创新中心有限公司 | Cross-platform IC test method, device, equipment and medium |
| CN113420570A (en) * | 2021-07-01 | 2021-09-21 | 沈阳创思佳业科技有限公司 | Method, system and device for improving translation accuracy |
| CN113836023A (en) * | 2021-09-26 | 2021-12-24 | 南京大学 | Compiler security testing method based on system structure cross check |
| CN116192690A (en) * | 2023-05-04 | 2023-05-30 | 华砺智行(武汉)科技有限公司 | Method, system, equipment and medium for rapidly testing C-V2X equipment for surface vector production |
| CN113420570B (en) * | 2021-07-01 | 2024-04-30 | 沈阳创思佳业科技有限公司 | Method, system and device for improving translation accuracy |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7565631B1 (en) * | 2004-07-02 | 2009-07-21 | Northwestern University | Method and system for translating software binaries and assembly code onto hardware |
| CN101763342A (en) * | 2009-12-31 | 2010-06-30 | 中兴通讯股份有限公司 | Computer code generating method, natural language explanation center and application control terminal |
| CN101814053A (en) * | 2010-03-29 | 2010-08-25 | 中国人民解放军信息工程大学 | Method for discovering binary code vulnerability based on function model |
| CN103235724A (en) * | 2013-05-10 | 2013-08-07 | 中国人民解放军信息工程大学 | Atomic operation semantic description based integrated translation method for multisource binary codes |
-
2018
- 2018-12-21 CN CN201811570147.9A patent/CN109634869B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7565631B1 (en) * | 2004-07-02 | 2009-07-21 | Northwestern University | Method and system for translating software binaries and assembly code onto hardware |
| CN101763342A (en) * | 2009-12-31 | 2010-06-30 | 中兴通讯股份有限公司 | Computer code generating method, natural language explanation center and application control terminal |
| CN101814053A (en) * | 2010-03-29 | 2010-08-25 | 中国人民解放军信息工程大学 | Method for discovering binary code vulnerability based on function model |
| CN103235724A (en) * | 2013-05-10 | 2013-08-07 | 中国人民解放军信息工程大学 | Atomic operation semantic description based integrated translation method for multisource binary codes |
Non-Patent Citations (1)
| Title |
|---|
| 刘晓楠: "面向国产处理器的二进制翻译关键技术研究", 《中国博士学位论文全文数据库》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110347588A (en) * | 2019-06-04 | 2019-10-18 | 北京谦川科技有限公司 | Software verification method, device, computer equipment and storage medium |
| CN110347588B (en) * | 2019-06-04 | 2024-03-15 | 宁波谦川科技有限公司 | Software verification method, device, computer equipment and storage medium |
| CN111625279A (en) * | 2020-04-27 | 2020-09-04 | 中国人民解放军战略支援部队信息工程大学 | Dynamic and static fusion binary translation method and system based on dynamic link library |
| CN111539174A (en) * | 2020-07-08 | 2020-08-14 | 成都奥卡思微电科技有限公司 | Regression testing method, storage medium and system based on proof kernel |
| CN111539174B (en) * | 2020-07-08 | 2020-11-06 | 成都奥卡思微电科技有限公司 | Regression testing method, storage medium and system based on proof kernel |
| CN113297083A (en) * | 2021-05-27 | 2021-08-24 | 山东云海国创云计算装备产业创新中心有限公司 | Cross-platform IC test method, device, equipment and medium |
| CN113297083B (en) * | 2021-05-27 | 2022-08-19 | 山东云海国创云计算装备产业创新中心有限公司 | Cross-platform IC test method, device, equipment and medium |
| CN113420570A (en) * | 2021-07-01 | 2021-09-21 | 沈阳创思佳业科技有限公司 | Method, system and device for improving translation accuracy |
| CN113420570B (en) * | 2021-07-01 | 2024-04-30 | 沈阳创思佳业科技有限公司 | Method, system and device for improving translation accuracy |
| CN113836023A (en) * | 2021-09-26 | 2021-12-24 | 南京大学 | Compiler security testing method based on system structure cross check |
| CN116192690A (en) * | 2023-05-04 | 2023-05-30 | 华砺智行(武汉)科技有限公司 | Method, system, equipment and medium for rapidly testing C-V2X equipment for surface vector production |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109634869B (en) | 2022-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109634869A (en) | Binary translation intermediate representation correctness test method and device based on semantic equivalence verifying | |
| Ioannides et al. | Coverage-directed test generation automated by machine learning--a review | |
| CN104503917B (en) | Change domain of influence analysis method and system based on data flow function call path | |
| Plotnikov et al. | NESTML: a modeling language for spiking neurons | |
| CN109739494B (en) | Tree-LSTM-based API (application program interface) use code generation type recommendation method | |
| CN106155755A (en) | Program compiling method and compiler | |
| CN105378658B (en) | Automatic source code generates | |
| CN108595341A (en) | Automatic example generation method and system | |
| US10970449B2 (en) | Learning framework for software-hardware model generation and verification | |
| Li et al. | Explainability in graph neural networks: An experimental survey | |
| Qin et al. | Syneva: Evaluating ml programs by mirror program synthesis | |
| Nikanjam et al. | Automatic fault detection for deep learning programs using graph transformations | |
| Sokolov et al. | Workcraft: Ten years later | |
| CN108563561A (en) | A kind of program recessiveness constraint extracting method and system | |
| Cummins | Deep learning for compilers | |
| CN107515739A (en) | Improve the method and device of code execution performance | |
| US20220075710A1 (en) | System and method for improved unit test creation | |
| US9619598B2 (en) | Input space reduction for verification test set generation | |
| Rubin | Parameterised verification of autonomous mobile-agents in static but unknown environments | |
| Tsai et al. | Iterative design and testing within the software development life cycle | |
| US9135376B2 (en) | Input space reduction for verification test set generation | |
| Iqbal et al. | Exhaustive simulation and test generation using fuml activity diagrams | |
| Aydal et al. | A comparison of state-based modelling tools for model validation | |
| Ahrendt et al. | Reasoning about loops using vampire in KeY | |
| Dong et al. | Build your own model checker in one month |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |