CN110750448B

CN110750448B - Test case generation method and device based on symbol execution

Info

Publication number: CN110750448B
Application number: CN201910883372.6A
Authority: CN
Inventors: 张云涛; 王忠儒; 赵美丞; 阮强
Original assignee: Beijing Digapis Technology Co ltd
Current assignee: Beijing Digapis Technology Co ltd
Priority date: 2019-09-18
Filing date: 2019-09-18
Publication date: 2023-10-24
Anticipated expiration: 2039-09-18
Also published as: CN110750448A

Abstract

The disclosure relates to a method and a device for generating a test case based on symbol execution, comprising the following steps: performing static analysis on a program to be tested to obtain instruction information of the program to be tested; determining constraint conditions for input data in the program to be tested according to the instruction information; and in the process of executing the symbols of the program to be tested, executing the symbols of the path of which the input data meets the constraint condition to obtain the test case corresponding to the path. According to the method and the device for generating the test case based on the symbol execution, the generation efficiency of the test case can be improved, and the resources of the terminal equipment are saved.

Description

Test case generation method and device based on symbol execution

Technical Field

The disclosure relates to the field of computer technology, and in particular, to a method and a device for generating a test case based on symbol execution.

Background

In recent years, software vulnerabilities are main sources of various network attacks, are important propagation paths of viruses, worms and the like, are attack focuses of network attacks, most network intrusions are based on software vulnerabilities, and an attacker can access unauthorized system resources by using the vulnerabilities so as to destroy important data information in a system, thereby greatly threatening the security of an information system. Therefore, the software vulnerability discovery is an important link for ensuring network security.

In the related art, a symbol execution technique is applied to binary code vulnerability discovery. The symbol execution technique is a technique of expressing the values of program variables by symbol values without executing a program, and then performing correlation analysis by simulating program execution. Firstly, symbol execution technology can mask program details, represent data flow information and control flow information on a program execution path through path constraint of symbols, and represent an output result as an expression consisting of input symbol values; secondly, delivering the symbolized sub of the operation result to a constraint solver for solving, and dynamically constructing input test data capable of guiding a program to execute a new path; and finally, providing the test data generated by the constraint condition to a fuzzy test technology, so as to improve the accuracy and efficiency of vulnerability mining.

However, the symbol execution technology faces a path explosion problem, so that the generation efficiency of the test case is low.

Disclosure of Invention

In view of this, the present disclosure proposes a method and apparatus for generating test cases based on symbol execution.

According to an aspect of the present disclosure, there is provided a test case generating method based on symbol execution, including:

Performing static analysis on a program to be tested to obtain instruction information of the program to be tested;

determining constraint conditions for input data in the program to be tested according to the instruction information;

and in the process of executing the symbols of the program to be tested, executing the symbols of the path of which the input data meets the constraint condition to obtain the test case corresponding to the path.

In one possible implementation manner, the determining, according to the instruction information, a constraint condition for input data in the program to be tested includes:

obtaining an input data length comparison instruction from the instruction information;

acquiring a first data length from the input data length comparison instruction;

and generating constraint conditions for input data in the program to be tested according to the first data length.

In a possible implementation manner, in the process of performing symbol execution on the program to be tested, performing symbol execution on a path of input data meeting the constraint condition to obtain a test case corresponding to the path, where the method includes:

and in the process of executing the symbol of the program to be tested, executing the symbol of a path with the data length of the input data matched with the first data length to obtain a test case corresponding to the path.

In one possible implementation manner, the obtaining the input data length comparison instruction from the instruction information includes:

determining a comparison instruction in the instruction information;

and for any comparison instruction, if a first calling instruction for calling the function for determining the character string length exists before and/or after the comparison instruction in the instruction information, determining the comparison instruction as the input data length comparison instruction.

if a second calling instruction for calling the comparison function exists in the instruction information, acquiring a character string contained in the program to be tested;

determining a specified input character string from character strings contained in the program to be tested;

and generating constraint conditions for input data in the program to be tested according to the appointed input character string.

And in the process of executing the symbols of the program to be tested, executing the symbols of the paths of the input data matched with the appointed input character string to obtain the test cases corresponding to the paths.

In one possible implementation manner, determining the specified input character string from the character strings included in the program to be tested includes:

for any character string, if the character string is not contained in the character string storage area, determining the character string as a specified input character string,

the character string storage area is used for storing character strings inherent in the program language.

In one possible implementation manner, the generating the constraint condition for the input data in the program to be tested according to the specified input character string includes:

acquiring a prefix of the appointed input character string;

and generating constraint conditions for input data in the program to be tested according to the prefix of the appointed input character string.

and in the process of executing the symbols of the program to be tested, executing the symbols on the paths of the input data matched with the prefix of the appointed input character string to obtain the test cases corresponding to the paths.

According to another aspect of the present disclosure, there is provided a test case generating apparatus based on symbol execution, including:

the processing module is used for carrying out static analysis on the program to be tested to obtain instruction information of the program to be tested;

the determining module is used for determining constraint conditions for input data in the program to be tested according to the instruction information;

and the execution module is used for executing the symbols on the paths of which the input data meet the constraint conditions in the process of executing the symbols on the program to be tested, so as to obtain the test cases corresponding to the paths.

In one possible implementation, the determining module is further configured to:

In one possible implementation, the execution module is further configured to:

determining a comparison instruction in the instruction information;

In one possible implementation, the execution module is further configured to:

acquiring a prefix of the appointed input character string;

In one possible implementation, the execution module is further configured to:

According to another aspect of the present disclosure, there is provided a device for generating a test case for symbol execution, including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to perform the above method.

According to another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium having stored thereon computer program instructions, wherein the computer program instructions, when executed by a processor, implement the above-described method.

In this way, the terminal device can perform static analysis on the program to be tested to obtain instruction information of the program to be tested, determine constraint conditions for input data in the program to be tested according to the instruction information, and perform symbolic execution on a path of which the input data meets the constraint conditions in the process of symbolic execution of the program to be tested to obtain a test case corresponding to the path. According to the method and the device for generating the test case based on the symbol execution, the operation of the symbol execution can be reduced through the constraint condition, the path explosion is slowed down, the generation efficiency of the test case is further improved, and the resources of the terminal equipment are saved.

Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features and aspects of the present disclosure and together with the description, serve to explain the principles of the disclosure.

FIG. 1 illustrates a flow chart of a method of generating test cases based on symbolic execution according to one embodiment of the present disclosure;

FIG. 2 illustrates a schematic diagram of an exemplary instruction information according to the present disclosure;

FIG. 3 illustrates a schematic diagram of an exemplary instruction information according to the present disclosure;

FIG. 4 illustrates a solution space diagram of an exemplary symbol-based test case generation method according to the present disclosure;

FIG. 5 shows a block diagram of a test case generating device based on symbol execution according to an embodiment of the present disclosure;

FIG. 6 is a block diagram illustrating a test case generating device 800 for symbol-based execution, according to an example embodiment.

Detailed Description

Various exemplary embodiments, features and aspects of the disclosure will be described in detail below with reference to the drawings. In the drawings, like reference numbers indicate identical or functionally similar elements. Although various aspects of the embodiments are illustrated in the accompanying drawings, the drawings are not necessarily drawn to scale unless specifically indicated.

The word "exemplary" is used herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.

In addition, numerous specific details are set forth in the following detailed description in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements, and circuits well known to those skilled in the art have not been described in detail in order not to obscure the present disclosure.

FIG. 1 illustrates a flow chart of a method of generating test cases based on symbolic execution according to an embodiment of the present disclosure. The method can be applied to terminal equipment, and the terminal equipment can be a computer, a personal computer and the like. As shown in fig. 1, the method may include:

step 101, performing static analysis on a program to be tested to obtain instruction information of the program to be tested;

102, determining constraint conditions for input data in the program to be tested according to the instruction information;

and 103, performing symbol execution on a path of which the input data meets the constraint condition in the process of performing symbol execution on the program to be tested, and obtaining a test case corresponding to the path.

For example, the terminal device may perform static analysis on the program to be tested after loading the program to be tested, for example: and carrying out static analysis on the program to be tested by adopting a disassembly tool to obtain instruction information of the program to be tested, wherein the instruction information can comprise the type of the instruction. Illustratively, program 1 to be tested is:

the terminal device performs static analysis on the program to be tested 1, and the obtained instruction information can refer to fig. 2.

The terminal device may determine constraint conditions for input data in the program to be tested according to instruction information of the program to be tested, for example: any one of the length of the input data, the specified input character string, and the prefix of the specified input character string may be determined according to the instruction information, and the constraint condition for the input data in the program to be tested may be determined according to the above information acquired from the instruction information. In the process of executing the symbol of the program to be tested, the terminal equipment does not execute the symbol of the path of which the input data does not meet the constraint condition, and executes the symbol of the path of which the input data meets the constraint condition only, so as to obtain the test case corresponding to the path.

In this way, the terminal device can perform static analysis on the program to be tested to obtain instruction information of the program to be tested, determine constraint conditions for input data in the program to be tested according to the instruction information, and perform symbolic execution on a path of which the input data meets the constraint conditions in the process of symbolic execution of the program to be tested to obtain a test case corresponding to the path. According to the test case generation method based on symbol execution, which is provided by the embodiment of the disclosure, the operation of symbol execution can be reduced through constraint conditions, path explosion is slowed down, the generation efficiency of the test case is further improved, and the resources of terminal equipment are saved.

In one possible implementation manner, determining the constraint condition for the input data in the program to be tested according to the instruction information may include:

For example, the terminal device may obtain an input data length comparison instruction for comparing the length of the input data with a prescribed first data length from the instruction information according to the type of the instruction. The terminal device may obtain a first data length from the input data length comparison instruction, and generate a constraint condition for input data in the program to be tested according to the first data length, for example: the constraint may be that the length of the input data is consistent with the first data length.

determining a comparison instruction in the instruction information;

For example, the terminal device may determine all comparison instructions in the instruction information, such as: all cmp type instructions in the example shown in fig. 2 are compare instructions. For any comparison instruction, it is determined whether there is a first call instruction before and after the comparison instruction, the first call instruction being for calling a determination string length function for determining a data length of input data. If a first call instruction exists before and after the comparison instruction, the comparison instruction may be determined to be an input data length comparison instruction.

In a possible implementation manner, in the performing, by the to-be-tested program, performing symbol execution on a path where input data meets the constraint condition to obtain a test case corresponding to the path, the method may include:

For example, in performing symbolic execution on a program to be tested, a path in which symbolic execution can be performed may be determined according to a constraint condition. For example: determining that the path of which the data length of the input data is matched with the first data length (for example, when the first data length is 10 and the data length of the input data is 10, determining that the two paths are matched) is a path meeting the constraint condition, and executing the symbol execution on the pair of paths to further obtain the test case corresponding to the path.

In this way, the symbol execution process can be constrained according to the data length of the input data, the symbol execution process of a path with the data length not conforming to the constraint condition of the input data is omitted, the symbol execution operation can be reduced, the path explosion is slowed down, the generation efficiency of the test case is further improved, and the resources of the terminal equipment are saved.

The terminal device may determine whether a second call instruction for calling the comparison function exists in the instruction information, if the second call instruction exists, the terminal device may acquire a string included in the program to be tested, determine an appointed input string from the strings included in the program to be tested, where the appointed input string is a string that is appointed by the program to be tested and needs to be input, and may generate constraint conditions for input data in the program to be tested according to the appointed input string, for example: the constraints generated may be: the input data is identical to the specified input string.

For example: the procedure to be tested 2 was:

#include<stdio.h>

#include<string.h>

after the terminal device performs static analysis on the program to be tested 2, the obtained instruction information may be shown in fig. 3. The terminal device determines that a second call instruction (call 803 b0< strcmp@plt >) for calling the comparison function (strcmp function) exists in the instruction information, and then the terminal device can acquire the character strings contained in the program 2 to be tested and determine a specified input character string from the character strings.

In one possible implementation manner, the determining the specified input character string from the character strings included in the program to be tested may include:

For example, the terminal device may locally maintain a string storage area, where a string inherent in the program language may be prestored, and determine whether the obtained string included in the program to be tested is stored in the string storage area, and if not, determine that the string is a specified input string. Taking the above example as an example, the character string "hello" in the program 2 to be tested is not stored in the character string storage area, the character string "hello" may be determined as the specified input character string.

In one possible implementation manner, in the process of performing symbol execution on the program to be tested, performing symbol execution on a path of input data meeting the constraint condition to obtain a test case corresponding to the path, where the method includes:

For example, in the process of performing symbol execution on the program to be tested, the terminal device may determine a path capable of performing symbol execution according to the constraint condition. For example: and determining that the paths of the input data and the appointed input character string are matched (for example, the input data and the appointed input character string are both hello, the two paths are matched) as paths meeting constraint conditions, and executing symbol execution on the paths to further obtain test cases corresponding to the paths.

In this way, the symbol execution process can be constrained according to the appointed input character string, the symbol execution process of the path of which the input data does not accord with the constraint condition is omitted, the symbol execution operation can be reduced, the path explosion is slowed down, the generation efficiency of the test case is further improved, and the resources of the terminal equipment are saved.

acquiring a prefix of the appointed input character string;

After determining the specified input string, if the specified input string has a prefix, the terminal device may generate constraint conditions for input data in the program to be tested according to the obtained prefix of the specified input string (for example, a preset number of characters may be obtained as the prefix of the specified input string), and according to the prefix of the specified input string, for example: the constraint conditions are as follows: the input data contains a prefix of the specified input character string.

For example, in the process of performing symbol execution on the program to be tested, the terminal device may determine a path capable of performing symbol execution according to the constraint condition. For example: when the input data is determined to comprise the prefix of the appointed input character string, the input data is determined to be matched with the prefix of the appointed input character, a path meeting the constraint condition is determined, and the path of symbol execution can be executed, and then the symbol execution is executed on the path, so that the test case corresponding to the path is obtained.

In this way, the symbol execution process can be constrained according to the prefix of the appointed input character string, the symbol execution process of the path of which the input data does not accord with the constraint condition is omitted, the symbol execution operation can be reduced, the path explosion is slowed down, the generation efficiency of the test case is further improved, and the resources of the terminal equipment are saved.

In order for those skilled in the art to better understand the disclosed embodiments, the disclosed embodiments are described below by way of specific examples.

Illustratively, the program to be tested 3 is:

start：input(&str)

for(i＝0；i<str.len()；++i)

if(str[i]！＝head[i])

goto start

parse_payload(&str)

the program to be tested 3 shows a simple packet header processing procedure. str points to the received input data and head is the specified input string. If no constraint is set, the program is forced to execute code at start once str receives input data that does not match the head content, and symbolic execution creates a large number of paths on this program under test 3.

On the other hand, if these constraints are used to impose some specific constraints on the symbol execution, then only one path is entered during the symbol execution. The symbolized execution engine can focus on the key function burst_payload (), so that the efficiency and the accuracy of vulnerability mining are improved.

As shown in fig. 4, the white background is the entire search space, and the search is aimed at finding unsafe input data that can lead to the occurrence of a bug, shown as the first part in fig. 4. The constrained search space is performed on the symbol using constraints, shown as the second portion in fig. 4. The method can obtain a remarkable conclusion, the space for searching can be limited in a space relatively smaller than the original space by adopting the symbolic execution of the constraint condition, the quick positioning to a solution space capable of causing the loophole can be ensured, and the constraint solution is further utilized to obtain the corresponding input.

And on the basis of slowing down the path explosion, carrying out constraint solving. The constraint solving function is to calculate constraint condition sets collected in the symbol execution and solve symbol assignment meeting all conditions in the constraint sets. In symbolic execution, a constraint set represents the distribution of variables that need to be satisfied to run a program path in actual execution at a time. In order to make the next actual execution enter a different program path, one or several conditions need to be selected from the constraint set of the current path to perform inversion during constraint solving, and then the solution is performed. And the inverted expression is required to be selected according to different strategies in the constraint set, so that more codes can be covered in actual execution, and the code coverage rate is improved.

Through the above operation, input data for the test program can be automatically generated. Because of the problem of symbol execution path explosion, symbol execution based on constraint conditions is provided, so that the path explosion can be slowed down to a certain extent, the efficiency of symbol execution is improved, the speed of generating test cases is improved, and the guarantee can be provided for subsequent vulnerability mining.

Fig. 5 is a schematic structural diagram of a test case generating device based on symbol execution according to an embodiment of the disclosure, where, as shown in fig. 5, the device may include:

the processing module 501 may be configured to perform static analysis on a program to be tested to obtain instruction information of the program to be tested;

a determining module 502, configured to determine constraint conditions for input data in the program to be tested according to the instruction information;

the execution module 503 may be configured to perform symbol execution on a path where input data meets the constraint condition in a process of performing symbol execution on a program to be tested, so as to obtain a test case corresponding to the path.

In this way, the terminal device can perform static analysis on the program to be tested to obtain instruction information of the program to be tested, determine constraint conditions for input data in the program to be tested according to the instruction information, and perform symbolic execution on a path of which the input data meets the constraint conditions in the process of symbolic execution of the program to be tested to obtain a test case corresponding to the path. According to the test case generating device based on symbol execution, which is provided by the embodiment of the disclosure, the operation of symbol execution can be reduced through constraint conditions, path explosion is slowed down, the generation efficiency of test cases is further improved, and the resources of terminal equipment are saved.

In one possible implementation, the determining module may be further configured to:

In one possible implementation, the execution module may be further configured to:

determining a comparison instruction in the instruction information;

acquiring a prefix of the appointed input character string;

FIG. 6 is a block diagram illustrating a test case generating device 800 for symbol-based execution, according to an example embodiment. For example, apparatus 800 may be a mobile phone, computer, digital broadcast terminal, messaging device, game console, tablet device, medical device, exercise device, personal digital assistant, or the like.

Referring to fig. 6, apparatus 800 may include one or more of the following components: a processing component 802, a memory 804, a power component 806, a multimedia component 808, an audio component 810, an input/output (I/O) interface 812, a sensor component 814, and a communication component 816.

The processing component 802 generally controls overall operation of the apparatus 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 802 may include one or more processors 820 to execute instructions to perform all or part of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interactions between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.

The memory 804 is configured to store various types of data to support operations at the apparatus 800. Examples of such data include instructions for any application or method operating on the device 800, contact data, phonebook data, messages, pictures, videos, and the like. The memory 804 may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.

The power supply component 806 provides power to the various components of the device 800. The power components 806 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for the device 800.

The multimedia component 808 includes a screen between the device 800 and the user that provides an output interface. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front camera and/or a rear camera. The front camera and/or the rear camera may receive external multimedia data when the apparatus 800 is in an operational mode, such as a photographing mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the device 800 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may be further stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 further includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be a keyboard, click wheel, buttons, etc. These buttons may include, but are not limited to: homepage button, volume button, start button, and lock button.

The sensor assembly 814 includes one or more sensors for providing status assessment of various aspects of the apparatus 800. For example, the sensor assembly 814 may detect an on/off state of the device 800, a relative positioning of the components, such as a display and keypad of the device 800, the sensor assembly 814 may also detect a change in position of the device 800 or a component of the device 800, the presence or absence of user contact with the device 800, an orientation or acceleration/deceleration of the device 800, and a change in temperature of the device 800. The sensor assembly 814 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscopic sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 816 is configured to facilitate communication between the apparatus 800 and other devices, either in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi,2G or 3G, or a combination thereof. In one exemplary embodiment, the communication component 816 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic elements for executing the methods described above.

In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as memory 804 including computer program instructions executable by processor 820 of apparatus 800 to perform the above-described methods.

The present disclosure may be a system, method, and/or computer program product. The computer program product may include a computer readable storage medium having computer readable program instructions embodied thereon for causing a processor to implement aspects of the present disclosure.

The computer readable storage medium may be a tangible device that can hold and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: portable computer disks, hard disks, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), static Random Access Memory (SRAM), portable compact disk read-only memory (CD-ROM), digital Versatile Disks (DVD), memory sticks, floppy disks, mechanical coding devices, punch cards or in-groove structures such as punch cards or grooves having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media, as used herein, are not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., optical pulses through fiber optic cables), or electrical signals transmitted through wires.

The computer readable program instructions described herein may be downloaded from a computer readable storage medium to a respective computing/processing device or to an external computer or external storage device over a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmissions, wireless transmissions, routers, firewalls, switches, gateway computers and/or edge servers. The network interface card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium in the respective computing/processing device.

Computer program instructions for performing the operations of the present disclosure can be assembly instructions, instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, c++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer readable program instructions may be executed entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, aspects of the present disclosure are implemented by personalizing electronic circuitry, such as programmable logic circuitry, field Programmable Gate Arrays (FPGAs), or Programmable Logic Arrays (PLAs), with state information of computer readable program instructions, which can execute the computer readable program instructions.

Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.

These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable medium having the instructions stored therein includes an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.

The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The foregoing description of the embodiments of the present disclosure has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or the technical improvement of the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims

1. A method for generating test cases based on symbolic execution, comprising:

performing static analysis on a program to be tested to obtain instruction information of the program to be tested; wherein the instruction information includes a type of instruction;

in the process of executing the symbols of the program to be tested, executing the symbols of the path of which the input data meets the constraint condition to obtain a test case corresponding to the path;

the determining constraint conditions for input data in the program to be tested according to the instruction information comprises the following steps:

2. The method of claim 1, wherein in the process of performing symbol execution on the program to be tested, performing symbol execution on a path whose input data satisfies the constraint condition to obtain a test case corresponding to the path, and the method comprises:

3. The method of claim 1, wherein obtaining an input data length comparison instruction from the instruction information comprises:

determining a comparison instruction in the instruction information;

4. A method according to any one of claims 1 to 3, wherein said determining constraints for input data in the program to be tested from the instruction information comprises:

5. The method of claim 4, wherein in the process of performing symbol execution on the program to be tested, performing symbol execution on a path whose input data satisfies the constraint condition to obtain a test case corresponding to the path, the method comprises:

6. The method of claim 4, wherein determining a specified input string from strings contained in the program to be tested comprises:

7. The method of claim 5, wherein generating constraints for input data in a program to be tested based on the specified input string comprises:

acquiring a prefix of the appointed input character string;

8. The method of claim 7, wherein in the process of performing symbol execution on the program to be tested, performing symbol execution on a path whose input data satisfies the constraint condition to obtain a test case corresponding to the path, and the method comprises:

9. A test case generating device based on symbol execution, comprising:

the processing module is used for carrying out static analysis on the program to be tested to obtain instruction information of the program to be tested; wherein the instruction information includes a type of instruction;

the execution module is used for executing the symbols on the paths of the input data meeting the constraint conditions in the process of executing the symbols on the program to be tested, so as to obtain test cases corresponding to the paths;

the determining module is further configured to:

10. A test case generating device based on symbol execution, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the method of any one of claims 1 to 8.

11. A non-transitory computer readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the method of any of claims 1 to 8.