CN112860545B - Software defect detection method and device - Google Patents

Software defect detection method and device Download PDF

Info

Publication number
CN112860545B
CN112860545B CN202110095728.7A CN202110095728A CN112860545B CN 112860545 B CN112860545 B CN 112860545B CN 202110095728 A CN202110095728 A CN 202110095728A CN 112860545 B CN112860545 B CN 112860545B
Authority
CN
China
Prior art keywords
software
dependent
detected
tree
compatible
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110095728.7A
Other languages
Chinese (zh)
Other versions
CN112860545A (en
Inventor
王召
俞俊
许明杰
李东辉
吴小志
张昕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nari Technology Co Ltd
Original Assignee
Nari Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nari Technology Co Ltd filed Critical Nari Technology Co Ltd
Priority to CN202110095728.7A priority Critical patent/CN112860545B/en
Publication of CN112860545A publication Critical patent/CN112860545A/en
Application granted granted Critical
Publication of CN112860545B publication Critical patent/CN112860545B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/368Test management for test version control, e.g. updating test cases to a new software version
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/3628Software debugging of optimised code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3664Environments for testing or debugging software

Abstract

The invention provides a software defect detection method and a device, wherein the method comprises the following steps: constructing a dependent software compatible version tree of the software to be detected; based on the dependent software compatible version tree, performing source code analysis on the software, finding out a function call chain, and establishing a function call tracing graph; analyzing the data dependence relation of function call according to the function call tracing graph, and converting the numerical operation in the source code into an algebraic expression; solving the maximum value and the minimum value of the algebraic expression to obtain a value range of the algebraic expression; and detecting the legality of the value range according to the limit, rule and constraint in the software running process, and judging that the software has defects when the value range exceeds the legal range boundary. The invention can conveniently predict and detect the program defects of all versions of the program to be detected, which is depended by the multi-version software, and avoid the program defects caused by only detecting the limited software dependent version of the software to be detected when the program runs on other legal dependent compatible versions.

Description

Software defect detection method and device
Technical Field
The invention belongs to the field of computers, and particularly relates to a software defect detection method and device, which can be used for software defect detection, software execution process prediction and non-stop self-adaptive software upgrading solutions.
Background
With the vigorous development of information technology, the application range of software is increasingly wide. The software plays an increasingly important role in various industries of national economy, is tightly combined with the software in various industries such as business, industry, school, traffic, government organization and basic energy, and the software product permeates into the aspects of our life in various ways, becomes an indispensable part of people's life, greatly facilitates the human life and promotes the huge progress of society. Meanwhile, along with the development of social economy, the scale of software is larger and larger, the functions and the architectures are more and more complex, the number of technologies contained in one piece of software is more and more, and the function call chain of the software is longer and more complex. The damage caused by software defects can also cause more and more serious problems, and cause immeasurable loss to social life, human life and property.
The software testing technology detects the software quality by designing a testing case, finds out possible software defects, and is one of important means for ensuring the software quality. With the expansion of software scale and the improvement of software complexity, statistical results show that software tests account for 50 to 75 percent of the total budget of the software life cycle, that is, the software tests are the most various resources in software engineering, such as manpower and financial resources. However, the practice of information technology development for many years shows that after strict software testing, a great amount of defects still exist in the software, and are exposed during the software running process, so that serious consequences are brought. The cost for repairing the damage caused by the software operation period is hundreds of times higher than the cost for finding the software defects by using a software detection technology. The importance of the prediction and detection of software defects is also regarded by people, and becomes one of the important research focuses in academic and industrial fields.
Software dependence refers to the interrelationship between software due to multiplexing technology, and is common in software engineering and practice. Particularly, with the development of internet technology, the open source code software project is rapidly developed and popularized, so that the software is changed from the past centralized development to the modularized work division cooperation direction. The software development process uses more and more open source software, and meanwhile, the software componentization development is also used by more and more software, and the software components are mutually dependent. The development of the technologies makes software become more and more huge, the relationship between the software and the dependent open source software and other components becomes more and more complex, the call branches of the functions become more and more complicated, and the hidden defects of the software become more and more along with the enlargement of the scale. The traditional software testing method is more and more difficult to cover all branches of software operation, and the testing coverage rate is lower and lower.
The extensive complexity of software dependence, as well as the expansion of software scale, pose serious challenges to software quality assurance. How to guarantee the quality of software, before the software enters the production system, predict the latent defect of software, it is the question to be solved urgently. The upgrading speeds of the software and the components are not consistent, so that the software can be compiled and run for a plurality of versions of the dependent software or the components, but the versions of the dependent software are generally different, the dependent software can form dependence on other software under the general condition, and a longer dependence chain is formed inside and outside the software. In addition to the complexity of the software structure, the call of one function pair dependency often corresponds to the situation of a plurality of compatible versions, which is common in the current software. This results in the software passing the test on one or some compatible dependent versions, but in the actual deployment, the chain of dependent versions changes, which results in the explosion of software defects. Such defects are difficult to detect during testing because the testing environment generally selects a specific software dependency and version to test, and defects existing in other compatible version calls are difficult to detect. The problem that how to detect the defects of the software which depends on a plurality of compatible versions is a problem which needs to be solved urgently is that the dependent versions of the software are changed continuously due to the change of the software running environment, particularly in the life cycle of the software, so that the defect prediction and detection are needed in the whole life cycle of the software.
Disclosure of Invention
The invention aims to: aiming at the problems in the prior art, the invention provides a software defect detection method, which realizes the software defect prediction and detection under the condition of software multi-version dependence.
Another object of the present invention is to provide a software defect detecting apparatus.
The technical scheme is as follows: in a first aspect, a software defect detection method includes the following steps:
constructing a dependent software compatible version tree of the software to be detected;
based on the dependent software compatible version tree, performing source code analysis on the software, finding out a function call chain, and establishing a function call tracing graph;
analyzing the data dependence relation of function call according to the function call tracing graph, and converting the numerical operation in the source code into an algebraic expression;
solving the maximum value and the minimum value of the algebraic expression to obtain a value range of the algebraic expression;
and detecting the legality of the value range according to the limit, rule and constraint in the software running process, and judging that the software has defects when the value range exceeds the legal range boundary.
In a second aspect, a software defect detecting apparatus includes:
the dependent software compatible version tree building module is used for building a dependent software compatible version tree of the software to be detected and tracking all compatible versions and dependency relations of the dependent software of the software to be detected;
the function call tracing graph building module is used for carrying out source code analysis on software according to the dependent software compatible version tree, finding out a function call chain and building a function call tracing graph;
the numerical operation conversion module is used for analyzing the data dependency relationship of function call according to the function call tracing graph and converting the numerical operation in the source code into an algebraic expression;
the value interval determining module is used for solving the maximum value and the minimum value of the algebraic expression to obtain the value interval of the algebraic expression;
and the defect detection module is used for detecting the legality of the value range according to the limit, the rule and the constraint in the software running process, and judging that the software has a defect when the value range exceeds the boundary of the legal range.
Has the advantages that: the invention provides a software defect detection method and device combining a multi-version software dependence analysis tree and a source code analysis tracing graph, which are used for detecting defects of software with multi-version software dependence. According to the method, all compatible versions of the dependent software of the software to be detected and the dependency relationship of the dependent software are tracked by constructing the dependent software compatible version tree of the software to be detected, so that all software dependencies and compatible versions which may occur during running of the software to be detected are tracked, and the condition that the dependent software versions which meet the dependency relationship are not detected is avoided. And analyzing the source code of the software to be detected, carrying out program calling analysis according to the built dependent software compatible version tree, and finding out a calling chain of a function, wherein the directed calling chains with the software to be detected as a starting point form a program calling tracing graph of the software to be detected, and the tracing graph is a directed acyclic graph which is convenient for traversal analysis. And calling the directed acyclic graph according to the program, analyzing the program call, converting the program data calculation statement into an algebraic expression, and solving the minimum value and the maximum value of the algebraic expression to obtain a value interval. And detecting whether the value interval exceeds a legal interval according to aspects such as data definition, resource use limitation, application configuration and the like, and if the value interval exceeds a boundary, determining that the program has a larger possibility of having defects. By using the method, the program defect prediction and detection of all versions of the program to be detected which is depended by the multi-version software can be conveniently carried out, and the program defect caused by only detecting the limited software dependent version of the software to be detected and running the program on other legal dependent compatible versions is avoided. The method has important significance for solving the problem of software defect full detection and the problem of the operation correctness of the software to be detected to various software dependent versions, and particularly provides a reliable technical means for the correctness prediction of the software in an upgrading environment under the condition of non-stop online upgrading.
Drawings
FIG. 1 is a flowchart illustrating a software defect detection method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a tree of compatible versions of software to be detected;
FIG. 3 is a diagram illustrating tracking of software dependent software function calls to be detected according to an embodiment of the present invention;
FIG. 4 is a flow chart of multi-version dependent software detection in an embodiment of the present invention.
Detailed Description
The technical scheme of the invention is further explained by combining the attached drawings.
The invention relates to a software defect detection and software behavior prediction technology of software call analysis and data dependency analysis technology, in particular to a software dependency version tree, a software call relation graph (code analysis tracing graph) under the condition that a software program depends on other software and a plurality of compatible versions of a program library (development kit). Referring to fig. 1, in one embodiment, a software defect detection method includes the steps of:
step 1, constructing a dependent software compatible version tree of the software to be detected.
The method comprises the steps of taking software to be detected as a root node, utilizing a software dependency relationship file to analyze, or utilizing an existing tool such as maven to search all dependencies of the software, wherein the dependencies comprise third-party software, service components in a software package, a public development package and the like to form a software dependency relationship tree, and leaf nodes of the tree represent the dependent software and corresponding versions. And continuously traversing the leaf nodes of the tree, and searching the dependence of the dependent software and recording the dependence as the child node of the current node. And repeating the steps to find out the software dependence of all the nodes and the child nodes until the leaf nodes do not depend on other software any more. Thus, a complete software dependency tree taking the software to be tested as a root node is formed.
Traversing the complete software dependency relationship tree which takes the software to be tested as the root node from the root node, and searching nodes, namely all software versions which are compatible with the dependent software and the versions, wherein the software compatible versions can be obtained through software configuration instructions or version updating instructions which generally indicate the compatible relationship of all functions of the software. And taking the software to be detected as a root node and the dependent software and the compatible version thereof as child nodes, thereby forming a new software dependency relationship and compatible version tree. Compared with the formed software dependency relationship tree, the tree finds out all versions of the same software which can meet the calling relationship as leaf nodes. Thus, a tree of all compatible versions of all the dependent software satisfying the software dependency relationship (i.e. calling relationship) of the software to be detected is formed. Reference is made to figure 2.
And 2, based on the dependent software compatible version tree, performing source code analysis on the software, finding out a function call chain, and establishing a function call tracing graph.
And carrying out call tracing analysis (dependency relationship tracing analysis) on all function calls of the call dependent software of the software to be detected, taking the execution of the software to be detected as a starting point, analyzing by using a software source code, and carrying out tracing analysis on all functions of the call dependent software.
Specifically, for all compatible version trees of the dependency relationship of the software to be detected, starting from the source code of the software to be detected, code dependency relationship analysis and tracking are performed on each function call related to the dependent software. And for the function call dependence of the software to be tested, not only the corresponding version of the software directly dependent on the function call dependence is analyzed, but also all compatible versions compatible with the dependent software are tracked and analyzed. The method comprises the steps of taking software to be detected as a starting point of analysis, analyzing and tracking a function call relation of a source code, and analyzing and tracking all versions of the dependent software according to the fully compatible version tree of the dependent software generated in the last step for the call analysis of the dependent software, so that only the current version or the lowest version meeting the dependency relation is analyzed. Thus, for a function call of the software to be tested to the dependent software, a call link which takes the software to be tested as a starting point and extends along the call dependent direction is formed, and each point on the link represents a corresponding version of the dependent software meeting the dependent relationship. Because each piece of dependent software on the dependent software compatible version tree has a plurality of versions meeting the dependency relationship, a calling chain which takes a function of the software to be detected as a starting point and contains a plurality of branches, namely a multi-compatible version dependency relationship chain meeting the dependency relationship can be formed after analysis and tracking from the function calling of the software to be detected as the starting point.
And sequentially tracking and analyzing the function calls of the software to be detected to finally form a function call graph which takes the software to be detected as a starting point and comprises the function call relation chains, namely the software multi-compatible version dependence relation chains, and the dependence relation chains form a directed acyclic graph together, referring to the attached figure 3. In the figure, capital letters X, Y, A, C, M and N represent dependent software, vxx behind the capital letters represents a version number, lowercase letters X, Y, z and s represent functions, straight lines with arrows represent dependency relationships, and the dependency relationships point to depended software from the dependent software. The arrow direction is also a function call relationship, pointing from the caller to the callee. The software dependency relationship comprises software and corresponding version numbers and functions thereof, and the function dependency of different dependent versions may be different, for example, the function y1 of the V31 version of the software X in the figure depends on V10 or V21 of the software a, and both versions satisfy the dependency relationship. The dependencies may be obtained from the specification of the software and the specification of the upgrade.
And 3, analyzing the data dependence relation of function call according to the function call tracing graph, and converting the numerical operation in the source code into an algebraic expression.
And performing data dependence analysis on the software dependence relationship directed acyclic graph, and analyzing the data dependence relationship of function calling, wherein the specific method is to analyze data assignment and calculation statements in codes. And taking the software to be detected as a starting point, calling and analyzing functions along the function calling directed acyclic graph, and acquiring a calling relation, functions and calculation logic. And converting the data calculation of the software source code into an algebraic expression of mathematical calculation. Algebraic expression form as
Figure BDA0002913842630000051
The expression represents a memory physical address to be calculated, b represents a physical address of a variable, S represents a stack segment initial address, l represents the length of an array element, and N represents the length of an array.
And 4, solving the maximum value and the minimum value of the algebraic expression to obtain a value range of the algebraic expression.
And substituting the calculation results obtained by analyzing the variable definition statement, the assignment statement, the mathematical calculation statement and the like in the source code into the mathematical expression, wherein the settlement result is generally a closed interval containing a minimum value and a maximum value. For example, the variable definition in C/C + + language generally defines the type and value range of a variable, explicitly defines the size of an array for the array, and defines the size of the acquired memory space in a macro definition manner for sensitive data such as the size of space related to memory allocation and release. And substituting the minimum value and the maximum value obtained by the analysis into the mathematical expression formed by the function call, so that a minimum value and maximum value interval is generated by mathematical calculation related to each function call of the software to be detected. As mentioned above, the function call may have multiple compatible versions for the same dependent software, while the dependent software may also have multiple dependent software, and each dependent software also has multiple compatible versions satisfying the dependency relationship. Therefore, values of all dependent software and compatible versions of the function to be detected can be obtained through the analysis result of the dependency graph.
The essence of the algebraic computation of the value range and the call tracking analysis of the software dependency relationship is that starting from a function call of the software to be tested, starting along a link of the software call relationship directed acyclic graph for a statement such as mathematical computation and assignment, tracking and analyzing all nodes of the directed link, each node representing a software dependent version, and algebraically analyzing the source code for the node, namely the corresponding version of the software dependence. Because the links from a function are multiple, multiple values of the statement are obtained, each value being a call link. For an expression of a certain function, because of the dependence of a plurality of versions, possible value intervals of a plurality of expressions are obtained. Therefore, for the traversal tracking analysis of the directed acyclic graph, the possible value ranges of all compatible versions on which all software depends are obtained for each statement of mathematical calculation, assignment and the like of the software to be detected.
And 5, detecting the legality of the value interval according to the software context information, the resource use protocol and the software configuration information.
In the previous step of calculation, a value range of a function expression on the dependence of a specific version is obtained only according to the operation logic of a program, the value range is not associated with a software operation environment, the use of resources is limited in the operation of actual software, for example, an application program operating on CentOS 6.5, the limitation of a memory use space is generally specified to be 4G byte, but in actual deployment, the 4G operation space is all spaces for the program, and the value cannot be exceeded for a specific function, so that an ordinary operation and maintenance person can make a special regulation on the use of the resources, and limit the use range of the resources, for example, the function is limited to use the memory not more than 128Mbyte, and the limitation is expressed in different places, such as configuration files, command line parameters and the like, so that the external use limitation of the resources is required to be obtained in the previous step.
And tracking and analyzing the source code of the software to be detected, and obtaining a plurality of possible value ranges for each calculation statement, wherein each value range corresponds to one link of the directed acyclic graph, namely a calling path meeting the software dependency relationship. The set of all value ranges of a statement is the full set of versions that the statement satisfies all software dependencies. The obtained value range is checked and authenticated, so that the correctness of the software on all versions meeting the dependency relationship can be detected, for example, whether the indication under the array of the program sentence is verified to exceed the specified limit of the array, whether the application of the memory exceeds the upper limit specified by the user or the maximum value allowed by the user space, whether the access to the memory space pointed by the pointer crosses the limit of the memory space, thus causing the access to be out of bounds, causing unpredictable software operation errors and the like.
The correctness detection of the program statement of the software to be detected, namely the judgment of the correct value range of the program statement, can be realized by the following method: and analyzing a legal value range from the software context semantics, analyzing a specified resource use limit from a software configuration file, using the resource limit from a software operating environment, and defining a legal value limit from a software statement. The above lists several common resource limitations, and there are many other limitations, rules and constraints in the software running process, and the set of these rules together form the software constraints, that is, the basis for the above-mentioned value range determination. The function value range derived from the algebraic expression in the previous step is compared with the constraints, and if the function value range exceeds the limit, the software has a high possibility of having defects.
And detecting the correctness of the program statement of the software to be detected, wherein if the value range obtained by analysis exceeds the legal value range, the statement has larger possibility of having defects. For program statements with defects, a software calling path can be obtained by tracing the software dependent software calling analysis diagram, and points on the path represent dependent software and corresponding versions of the dependent software. The value ranges obtained by the calling analysis and the algebraic analysis of all calling links of the software dependency calling analysis starting from one program statement are obtained, and all the value ranges of all the dependent software and compatible versions of the program statement under all available software dependencies and version combinations thereof are also verified, and the validity of the value ranges is detected, namely the correctness of all the software meeting the software dependency relationship is detected. By the method, the correctness of all software meeting the software dependency relationship of the software to be detected can be ensured to be completely detected, and the software detected by the software defect detection method can ensure the correctness of the software running on all versions meeting the software dependency relationship and compatible versions thereof.
The method is characterized in that a compatible version tree and a function call tracing graph of the dependent software are constructed, algebraic expressions of operation statements are traced and analyzed through the compatible tree and the call graph, and the running correctness of the software on each dependent and compatible version is detected through the algebraic expressions. Therefore, various running environments of the software to be detected can be effectively and conveniently detected for defects, the software defects are effectively reduced, and the robustness and the correctness of the software are improved. In general, if all compatible versions of software dependencies are detected, because the software dependencies are generally more and the compatible versions of the same software version are also more, if analysis and algebraic expression transformation of all the dependent software and compatible versions are performed according to a dependent software program call analysis trace graph, resources required by software detection and time spent by software detection are very large, and the possibility that the software runs on all compatible versions of all the dependent software in the life cycle of the software is low. For the software to be detected with small scale, less software dependence or higher safety requirement, the dependent software and the compatible version can be detected completely to ensure the proper expense of software detection and the higher software safety. For the situation that the software to be detected has more dependence and is more complex, or the known running environment of the software is controllable and stable, the software dependence and the compatible version of the software to be detected, which are suitable for the known running environment, can be detected only, namely the software dependence calls the limited calling paths on the directed graph, so that the running correctness under the software controllable running environment can be ensured, and the resource overhead of software detection can be reduced.
In order to clearly understand the technical scheme of the method, a detailed description is given below to briefly describe a multi-version software defect detection process depending on software. Referring to fig. 4, the embodiment has a certain applicability to software developed by using C/C + +, JAVA, but for application programs developed by using other programming languages, reference may be made to the steps shown in the figure, but the specific steps and processing may be different. The embodiments are described in an illustrative manner, and not in a specific language of development.
And starting detection, firstly, according to the construction information of the software to be detected, for example, makefile can be used for the software developed by C/C + + language, a built file is used for the software developed by JAVA language, and the dependent software and the corresponding version of the software to be detected are obtained according to the construction file information. As shown in step 401.
And next, acquiring all compatible version information of the dependent software according to the dependent software and the corresponding version of the software to be detected, wherein the compatible version information can be acquired by reading a software update description, a software description or software configuration information. And records the compatible version information of the dependent software. As shown at step 402.
And then, constructing a version dependency tree by taking the software to be detected as a root and the dependent software and the compatible version thereof as leaf nodes, wherein each node of the dependency tree records the dependent software of the corresponding version, and the lower node is the dependency of the upper node, namely the dependent software represented by the upper node depends on the dependent software represented by the lower node. As shown at step 403.
Repeating the construction process of the dependent software version tree from step 401 to step 403, and sequentially adding the dependency relationship of the versions to the version tree. And if the dependent software and the compatible version information of the software to be detected are obtained, the construction of the dependent software compatible version tree of the software to be detected is completed, and the version tree is shown in fig. 2. As shown at step 404.
And after the software dependence compatible version tree is constructed, performing source code analysis on the software to be detected, and performing tracking analysis on the function call of the software to be detected through the source code analysis so as to judge the accuracy of the function call. As shown at step 405.
Analyzing from the execution start of the source code of the software to be detected, for example, for application software developed in C/C + + and JAVA languages, the execution start of the code is a main function, and performing function call tracing analysis on the function call of the source code, particularly on the function call depending on the software, to obtain a call chain of the function. The calling chain is a directed chain, pointing from the calling function to the called function. As shown at step 406.
And constructing a calling tracking graph of the function by taking the function entry function to be detected as a starting point and the calling function as a node according to the function calling chain of the function to be detected. The graph consists of a chain of function calls to be detected, pointing from the calling function to the called function. As shown at step 407.
According to the dependent software compatible tree constructed in the step 404, for the function, the calling relations of all the compatible versions meeting the dependency relation are tracked according to the dependent software version and the dependency relation thereof indicated by the compatible tree, and a function calling chain of all the compatible versions meeting the software dependency relation is formed. As shown at step 408.
And adding the constructed function call relation tracking call chain into a call tracking analysis graph. As shown at step 409.
Repeating the steps 407 to 409 to add the constructed function call relation tracking call chains to the call tracking analysis graph in sequence, and finally forming the function call tracking analysis graph of the software to be detected, as shown in fig. 3. The function call tracing diagram reflects the call relation of the software to be detected to each dependent software and the compatible version thereof, and the diagram contains the function call relation of the program statements related to the software to be detected and the dependent software to the dependent software and the related version thereof, and is a whole dependency relation diagram. As shown at step 410.
And (4) carrying out call analysis on the function according to the function call tracing chain constructed by the steps, in particular to carrying out analysis on an arithmetic computation statement. As shown in step 411.
Analyzing the function source code, converting the operation logic of the program into an algebraic expression, namely converting the program statement of the software to be detected, which is related to the dependent software call, into the algebraic expression for representation. As shown at step 412.
Analyzing the program statement, analyzing the program source code according to context information, such as a variable definition statement and a variable assignment statement, and according to configuration information of software, such as definitions of a configuration file on a variable and a constant of the software to be detected, so as to obtain an operation result of the variable, such as the size and the offset of an applied memory block. And then, bringing the acquired information into the algebraic expression to obtain the value range of the statement, and expressing the value range in intervals. As shown in step 413.
According to the context of function call, software configuration information, resource use rules and the like, a legal value range of the expression to be tested is obtained and is compared with the value range obtained in the last step, so that the legality of the statement on the corresponding dependent software and the relevant compatible version can be obtained, namely whether the statement can correctly run on the corresponding dependent compatible version or not can be obtained. As shown at step 414.
According to the above-mentioned dependent software call tracing analysis diagram of the software to be detected, the related program codes of the software to be detected recorded in the call tracing diagram are analyzed by using the above-mentioned method in sequence, and the correctness of the statement on the corresponding dependent software and the compatible version is detected. As shown in step 415.
And traversing the graph of the software to be detected according to the method described in the above step 413 to step 415 and the tracing analysis graph called by the dependent software, so as to obtain the operation correctness of the software to be detected on all the dependent software and the compatible version. Because the dependent software tracking analysis graph comprises all the dependent software and compatible versions thereof of the software to be detected, the traversal of the graph can ensure the complete detection of the operation of each software dependence and compatible version thereof of the software to be detected. As shown at step 416.
And completing the complete detection of the multi-version dependence of the software to be detected after the traversal of the graph is finished. As shown in step 417.
The above steps 401 to 417 briefly describe the whole process of detecting the running correctness of each software depending on the compatible version by constructing the compatible version tree of the dependent software and calling the tracing analysis chart for the software to be detected which has a multi-version dependency.
According to the flow description, the dependent software compatible version tree is constructed, the tracking analysis directed acyclic graph is called by the program, the source code of the software to be detected is tracked and analyzed, the related program statements are further converted into algebraic expressions, and the tracking analysis graph is called by the traversal program, so that the defects of the software to be detected on each dependent software and the compatible version thereof can be comprehensively detected. The method can predict the operation correctness of the software to be detected in various different operation environments, and can be effectively used for completely detecting the software defects and predicting the software (online) upgrading defects.
According to another embodiment of the present invention, there is provided a software defect detecting apparatus including:
the dependent software compatible version tree building module is used for building a dependent software compatible version tree of the software to be detected and tracking all compatible versions and dependency relations of the dependent software of the software to be detected;
the function call tracing graph building module is used for carrying out source code analysis on software according to the dependent software compatible version tree, finding out a function call chain and building a function call tracing graph;
the numerical operation conversion module is used for analyzing the data dependency relationship of function call according to the function call tracing graph and converting the numerical operation in the source code into an algebraic expression;
the value interval determining module is used for solving the maximum value and the minimum value of the algebraic expression to obtain a value interval;
and the defect detection module is used for detecting the legality of the obtained value interval according to the software context information, the resource use protocol and the software configuration information, and judging that the software has a defect when the obtained value interval exceeds the legal interval boundary.
In one embodiment, the dependent software compatible version tree building module may include:
the first establishing unit of the dependency tree is used for searching all the dependent software of the software to be detected, establishing the dependency tree of the software to be detected by taking the software to be detected as a root node and the dependent software and the corresponding version as leaf nodes;
the second establishing unit of the dependency tree is used for continuously traversing the leaf nodes of the tree, searching the dependency of the dependent software, marking the dependency as the child node of the current node, repeating the step, and finding out the software dependencies of all the nodes and the child nodes until the leaf nodes do not depend on other software any more, so as to obtain a complete software dependency tree taking the software to be tested as the root node;
and the dependency relationship and compatible version tree establishing unit is used for traversing from the root node according to the dependency relationship tree of the software to be detected, searching nodes, namely all software versions compatible with the dependency software and the versions, taking the software to be detected as the root node and the dependency software and compatible versions thereof as child nodes, and forming a new software dependency relationship and compatible version tree, namely a dependent software compatible version tree.
As a preferred embodiment, the function call tracing graph building module may include:
the calling link establishing unit is used for tracking and analyzing a function calling the dependent software in the source code by taking the to-be-detected software execution as a starting point according to the dependent software compatible version tree to form a calling link which takes the to-be-detected software as the starting point and extends along a calling dependent direction, and each point on the link represents a corresponding version of the dependent software meeting the dependent relationship; because each piece of dependent software on the dependent software compatible version tree has a plurality of versions meeting the dependency relationship, a calling chain which takes a function of the software to be detected as a starting point and contains a plurality of branches is formed after analysis and tracking by taking the function of the software to be detected as the starting point, namely a multi-compatible version dependency chain meeting the dependency relationship;
and the directed acyclic graph establishing unit is used for sequentially tracking and analyzing all function calls of the software to be detected according to the processing logic of the call link establishing unit, and finally forming a directed acyclic graph which takes the software to be detected as a starting point and comprises all function call relation chains, namely software multi-compatible version dependency relation chains, wherein the dependency relation chains form the directed acyclic graph together, namely the function call tracking graph.
As a preferred embodiment, the value range determining module may include:
the first processing unit is used for analyzing variable definition sentences, assignment sentences and mathematical calculation sentences in the source codes, obtaining operation results of variables according to context information and configuration information of software, substituting the operation results into an algebraic expression and obtaining the value range of the corresponding sentences expressed by intervals;
and the second processing unit is used for traversing the function call tracing graph, and performing the analysis on each mathematical calculation and assignment statement of the software to be detected to obtain possible value ranges of all compatible versions on which the software depends.
It should be understood that the software defect detection apparatus in the embodiment of the present invention may implement all technical solutions in the above method embodiments, functions of each functional module may be implemented according to the method in the above method embodiments, and specific implementation processes and related specific calculation formulas of the software defect detection apparatus may refer to relevant descriptions in the above embodiments, and are not described herein again.
The multi-version software dependence defect detection method and device provided by the invention can be effectively used in aspects of software validation of multi-version dependence relation, software calling flow analysis, software behavior prediction, software behavior deviation prediction and the like besides software defect prediction and detection, and can play a good early warning and guarantee role particularly for software behavior prediction and software vulnerability detection after non-stop online self-adaptive upgrading of software.
Based on the same technical concept as the method embodiment, according to another embodiment of the present invention, there is provided a computer apparatus including: one or more processors; a memory; and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, which when executed by the processors implement the steps in the method embodiments.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (4)

1. A software defect detection method, comprising the steps of:
constructing a dependent software compatible version tree of the software to be detected, comprising the following steps: searching all dependent software of the software to be detected, establishing a dependent relation tree of the software to be detected by taking the software to be detected as a root node and the dependent software and a corresponding version as leaf nodes; traversing leaf nodes of the dependency relationship tree of the software to be tested, searching the dependency of the dependent software, recording the dependency as a child node of the current node, repeating the step, and finding out the software dependencies of all the nodes and the child nodes until the leaf nodes do not depend on other software any more, so as to obtain a complete software dependency relationship tree taking the software to be tested as a root node; traversing from the root node according to the complete software dependency relationship tree taking the software to be detected as the root node, searching all software versions compatible with the dependent software and the versions, taking the software to be detected as the root node, and taking the dependent software and the compatible versions thereof as child nodes to form a new software dependency relationship and compatible version tree as a dependent software compatible version tree;
based on the dependent software compatible version tree, performing source code analysis on software, finding out a function call chain, and establishing a function call tracing graph, wherein the method comprises the following steps: based on the dependent software compatible version tree, taking the execution of the software to be detected as a starting point, tracking and analyzing a function for calling the dependent software in the source code to form a calling link which takes the software to be detected as the starting point and extends along the calling dependent direction, wherein each point on the link represents a corresponding version of the dependent software meeting the dependent relationship; because each piece of dependent software on the dependent software compatible version tree has a plurality of versions meeting the dependency relationship, a calling chain which takes the function of the piece of software to be detected as the starting point and contains a plurality of branches can be formed after analysis and tracking from the function calling of the piece of software to be detected as the starting point; sequentially tracking and analyzing all function calls of the software to be detected to finally form a function call tracking graph which takes the software to be detected as a starting point and comprises the function call relation chains;
analyzing the data dependence relation of function call according to the function call tracing graph, and converting the numerical operation in the source code into an algebraic expression;
solving the maximum value and the minimum value of the algebraic expression to obtain a value range of the algebraic expression, wherein the value range comprises the following steps: analyzing variable definition statements, assignment statements and mathematical calculation statements in the source codes, obtaining operation results of variables according to context information and configuration information of software, substituting the operation results into an algebraic expression, and obtaining value ranges expressed by intervals of corresponding statements; traversing the function call tracing graph, and performing the analysis on each mathematical calculation and assignment statement of the software to be detected to obtain possible value ranges of all compatible versions on which the software depends;
and detecting the legality of the value range according to the limit, rule and constraint in the software running process, and judging that the software has defects when the value range exceeds the legal range boundary.
2. The method of claim 1, wherein the converting numerical operations in the source code into algebraic expressions specifically comprises: analyzing data assignment and calculation statements in the source codes, taking the software to be detected as a starting point, carrying out calling and function analysis along the function calling tracing graph, obtaining calling relations, functions and calculation logic, and converting data calculation in the source codes into algebraic expressions of mathematical calculation.
3. The software defect detection method of claim 1, wherein the validity of the value intervals obtained by the detection according to the limits, rules and constraints in the software running process specifically comprises: obtaining a legal value range of an expression statement through semantic analysis according to software context information, obtaining resource use limitation according to software configuration information analysis, obtaining resource use limitation according to software running environment analysis, obtaining a legal value limit according to software statement definition, and indicating that software has defects when the value limit exceeds the limit.
4. A software defect detection apparatus, comprising:
the dependent software compatible version tree building module is used for building a dependent software compatible version tree of the software to be detected and tracking all compatible versions and dependency relations of the dependent software of the software to be detected;
the function call tracing graph building module is used for carrying out source code analysis on software according to the dependent software compatible version tree, finding out a function call chain and building a function call tracing graph;
the numerical operation conversion module is used for analyzing the data dependency relationship of function call according to the function call tracing graph and converting the numerical operation in the source code into an algebraic expression;
the value interval determining module is used for solving the maximum value and the minimum value of the algebraic expression to obtain a value interval;
the defect detection module is used for detecting the legality of the value-taking interval according to the limit, the rule and the constraint in the software running process, and judging that the software has a defect when the value-taking interval exceeds the boundary of the legal interval;
wherein the dependent software compatible version tree building module comprises:
the first establishing unit of the dependency tree is used for searching all the dependency software of the software to be detected, taking the software to be detected as a root node and the dependency software and the corresponding version as leaf nodes, and establishing the dependency tree of the software to be detected;
the second dependency relationship tree establishing unit is used for continuously traversing the leaf nodes of the dependency relationship tree of the software to be tested, searching the dependency of the dependent software, marking the dependency as the child nodes of the current node, repeating the step, and finding out the software dependencies of all the nodes and the child nodes until the leaf nodes do not depend on other software any more, so as to obtain a complete software dependency relationship tree taking the software to be tested as the root nodes;
the dependency relationship and compatible version tree establishing unit is used for traversing from a root node according to the complete software dependency relationship tree which takes the software to be tested as the root node, searching all software versions with compatible dependent software and versions, taking the software to be tested as the root node and the dependent software and compatible versions thereof as child nodes, and forming a new software dependency relationship and compatible version tree as a dependent software compatible version tree;
the function call tracing graph building module comprises:
the calling link establishing unit is used for tracking and analyzing a function calling the dependent software in the source code by taking the to-be-detected software execution as a starting point according to the dependent software compatible version tree to form a calling link which takes the to-be-detected software as the starting point and extends along a calling dependent direction, and each point on the link represents a corresponding version of the dependent software meeting the dependent relationship; because each piece of dependent software on the dependent software compatible version tree has a plurality of versions meeting the dependency relationship, a calling chain which takes the function of the piece of software to be detected as the starting point and contains a plurality of branches can be formed after analysis and tracking from the function calling of the piece of software to be detected as the starting point;
the directed acyclic graph establishing unit is used for sequentially tracking and analyzing all function calls of the software to be detected according to the processing logic of the call link establishing unit, and finally forming a function call tracking graph which takes the software to be detected as a starting point and comprises each function call relation chain;
the value interval determining module comprises:
the first processing unit is used for analyzing variable definition statements, assignment statements and mathematical calculation statements in the source code, obtaining operation results of variables according to context information and configuration information of software, substituting the operation results into an algebraic expression, and obtaining a value range expressed by intervals of corresponding statements;
and the second processing unit is used for traversing the function call tracing graph, and performing the analysis on each mathematical calculation and assignment statement of the software to be detected to obtain the possible value ranges of all compatible versions on which the software depends.
CN202110095728.7A 2021-01-25 2021-01-25 Software defect detection method and device Active CN112860545B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110095728.7A CN112860545B (en) 2021-01-25 2021-01-25 Software defect detection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110095728.7A CN112860545B (en) 2021-01-25 2021-01-25 Software defect detection method and device

Publications (2)

Publication Number Publication Date
CN112860545A CN112860545A (en) 2021-05-28
CN112860545B true CN112860545B (en) 2022-11-11

Family

ID=76008316

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110095728.7A Active CN112860545B (en) 2021-01-25 2021-01-25 Software defect detection method and device

Country Status (1)

Country Link
CN (1) CN112860545B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115934157B (en) * 2022-12-28 2024-04-16 中国人民解放军国防科技大学 Automatic software dependency range deducing method, device, computer equipment and memory
CN117171058B (en) * 2023-11-03 2024-02-20 睿思芯科(深圳)技术有限公司 Call chain real-time tracking method, system and related equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697121A (en) * 2009-10-26 2010-04-21 哈尔滨工业大学 Method for detecting code similarity based on semantic analysis of program source code
CN102231134A (en) * 2011-07-29 2011-11-02 哈尔滨工业大学 Method for detecting redundant code defects based on static analysis
CN108932192A (en) * 2017-05-22 2018-12-04 南京大学 A kind of Python Program Type defect inspection method based on abstract syntax tree
CN110515838A (en) * 2019-07-31 2019-11-29 华东计算技术研究所(中国电子科技集团公司第三十二研究所) Method and system for detecting software defects based on topic model

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697121A (en) * 2009-10-26 2010-04-21 哈尔滨工业大学 Method for detecting code similarity based on semantic analysis of program source code
CN102231134A (en) * 2011-07-29 2011-11-02 哈尔滨工业大学 Method for detecting redundant code defects based on static analysis
CN108932192A (en) * 2017-05-22 2018-12-04 南京大学 A kind of Python Program Type defect inspection method based on abstract syntax tree
CN110515838A (en) * 2019-07-31 2019-11-29 华东计算技术研究所(中国电子科技集团公司第三十二研究所) Method and system for detecting software defects based on topic model

Also Published As

Publication number Publication date
CN112860545A (en) 2021-05-28

Similar Documents

Publication Publication Date Title
US8312440B2 (en) Method, computer program product, and hardware product for providing program individuality analysis for source code programs
CN104899147B (en) A kind of code Static Analysis Method towards safety inspection
CN112860545B (en) Software defect detection method and device
US20140053134A1 (en) Software regression testing using symbolic execution
Hora et al. Assessing the threat of untracked changes in software evolution
CN108763064B (en) Code test generation method and device based on black box function and machine learning
Levin et al. The co-evolution of test maintenance and code maintenance through the lens of fine-grained semantic changes
CN111290950B (en) Test point obtaining method and device in program test, storage medium and equipment
He et al. Learning to explore paths for symbolic execution
Velioğlu et al. An automated code smell and anti-pattern detection approach
CN112560043A (en) Vulnerability similarity measurement method based on context semantics
CN111966578A (en) Automatic evaluation method for android compatibility defect repair effect
Saumya et al. Xstressor: Automatic generation of large-scale worst-case test inputs by inferring path conditions
Hills Variable feature usage patterns in PHP (T)
CN115795479A (en) Vulnerability detection method of intelligent contract, electronic equipment and storage medium
CN114490413A (en) Test data preparation method and device, storage medium and electronic equipment
CN112699376A (en) Source code logic vulnerability detection method and device, computer equipment and storage medium
Prashanthi et al. Software Defect Prediction Survey Introducing Innovations with Multiple Techniques
Umudova Analysis of software maintenance phases
Ukić et al. The influence of cyclomatic complexity distribution on the understandability of xtUML models
Hayashi et al. Detecting architectural violations using responsibility and dependency constraints of components
Munsters et al. Oron: Towards a Dynamic Analysis Instrumentation Platform for AssemblyScript
Shyamal et al. A Comprehensive Approach to Evaluating Software Code Quality Through a Flexible Quality Model
Ganjare et al. Measuring structural code quality using metrics
Babu et al. Data in DevOps and Its Importance in Code Analytics

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant