CN115328804A - Loop code fuzzy test method based on combined coverage - Google Patents
Loop code fuzzy test method based on combined coverage Download PDFInfo
- Publication number
- CN115328804A CN115328804A CN202211076243.4A CN202211076243A CN115328804A CN 115328804 A CN115328804 A CN 115328804A CN 202211076243 A CN202211076243 A CN 202211076243A CN 115328804 A CN115328804 A CN 115328804A
- Authority
- CN
- China
- Prior art keywords
- test case
- test
- cyclic code
- code block
- case
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3676—Test management for coverage analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a cyclic code fuzzy test method based on combined coverage, which relates to the technical field of software testing, and comprises the steps of firstly, inserting piles into a program to be tested, executing an initial seed test case, calculating the coverage condition of the initial seed test case, and adding the initial seed test case which is not triggered to crash into a test case queue; then taking out the seed test cases t from the test case queue one by one i Calculating the fitness of the test case to distribute corresponding resources to generate a child test case set by variation, running the child test case set on a program to be tested, and determining whether to insert the child test case set into a test case queue according to the coverage of the child test case on a cyclic code block and a branch statement in the cyclic code block; and finally, judging whether the fuzzy test stopping condition is met, if so, ending the test, and if not, selecting the next seed test case from the test case queue for testing. The invention can carry out targeted fuzzy test on the circulating code block and improve the test efficiency and accuracy.
Description
Technical Field
The invention relates to the technical field of software testing, in particular to a circular code fuzzy testing method based on combined coverage.
Background
With the increasing use of computer software, at the same time, the scale and complexity of software have increased dramatically with the powerful functions, and in these large-scale software, the loop code block and the decision branch statement therein are important basic logic modules constituting functions and also are the main causes of software complexity increase and test path explosion. If the loop code blocks of the complex software and the judgment branch sentences in the loop code blocks can be fully tested, limited testing resources such as funds, manpower and the like can be reasonably distributed, the parts which are easy to make mistakes can be analyzed in a targeted manner, the testing results can be evaluated more objectively, and the loop code blocks have important guiding significance for controlling the software quality and the development cost. Existing white-box test sufficiency metrics include path coverage, statement coverage, branch coverage, and basic path coverage, among others. For cyclic codes, it is difficult to measure test sufficiency using existing coverage indicators. The path coverage index pays attention to all possible cyclic paths in the upper and lower boundary ranges of the cycle, and exhaustive testing in complex software is obviously not feasible; statement override, branch override, and base path override are concerned with overriding all statements, branches, and base paths, and are not sufficient for loop code. Moreover, the coverage index is mainly based on the logic structure of the internal code of the software, and the execution condition of the test data set in the whole software needs to be continuously tracked, which undoubtedly generates huge overhead for complex software. In addition, the above-mentioned structure coverage lacks pertinence to testing key cyclic code blocks in complex software.
Therefore, how to perform targeted fuzzy test on the loop code block and the decision branch statement therein to improve the test sufficiency is a problem that needs to be solved by those skilled in the art.
Disclosure of Invention
In view of this, the invention designs a combined coverage test sufficiency evaluation criterion oriented to a complex software loop code block, performs targeted fuzzy test on the loop code block and a decision branch statement therein, and evaluates the test sufficiency of the loop code from the combined coverage angle. Firstly, inserting piles into a program to be tested according to the requirement of a combined coverage criterion; then, screening an initial test case to insert into a test case queue, and calculating the fitness of the test case according to the proposed coverage criterion; and finally, generating a child test case through mutation and carrying out fuzzing test.
Specifically, in order to achieve the above object, the present invention provides the following technical solutions:
a cycle code fuzzing test method based on combined coverage comprises the following steps:
step 1, performing pile insertion on a program to be tested according to a cyclic code combination coverage criterion to obtain the program to be tested after pile insertion;
step 2, obtaining an initial seed test case set T ini Executing the initial seed test case on the instrumented program, calculating the coverage rate of the initial seed test case, and adding the initial seed test case which is not triggered to crash into a test case queue T list ;
Step 3, from the test case queue T list Taking out a seed test case t i Calculating the fitness of the test case, and distributing corresponding resources to the test case to generate a child test case set through variation
Step 4, collecting the offspring test cases
Each filial generation test case in the test program is executed on the instrumented program, the coverage rate of the tested program is calculated, and whether the tested program is inserted into a test case queue T or not is determined according to the coverage condition of the filial generation test case on a cyclic code block and a judgment branch statement in the cyclic code block list Performing the following steps;
and 5, judging whether the fuzzy test stopping condition is met or not, if so, finishing the test, and if not, returning to the step 3.
Optionally, in step 1, the concrete steps of performing pile insertion on the program to be tested include:
step 1.1, inputting a program to be tested;
step 1.2, preprocessing a program to be tested;
step 1.3, generating an abstract syntax tree corresponding to a program source code to be tested;
step 1.4, obtaining a cyclic code block in a program to be tested and a judgment branch statement in the cyclic code block according to the abstract syntax tree;
step 1.5, based on a cyclic code block in a program to be tested and the position of a judgment branch statement in the cyclic code block and a cyclic code combination coverage criterion, using a static pile inserting technology to insert piles, and implanting probe codes;
and step 1.6, outputting the program to be tested after pile insertion.
Optionally, in step 1.5, the position of the probe in the instrumentation process is set at the beginning of the loop code block and the branch decision statement therein, that is, before the first statement after the loop code block and the branch decision statement therein.
Optionally, in step 1.5, the method for combining the coverage criteria by the cyclic code includes: set of cyclic code blocks of code block L is R = { R = 1 ,R 2 ,…,R k ,…},R k Representing all sets of cyclic code blocks of depth k, R k ={r k,1 ,r k,2 ,…,r k,v 8230, where r is k,v For the v-th cyclic code block of depth k, B k,v ={b k,v,1 ,b k,v,2 ,…,b k,v,u \8230isa cyclic code block r k,v In (b), wherein k,v,u A u-th predicate branch statement in a v-th cyclic code block with a depth of k;
for test case t i : test case t i The coverage of the execution code block L is recorded as
Wherein
For the coverage case of the k-th cyclic code block,
has a value of kv cyclic code block tested cases t i The number of times of execution is performed,
for cyclic code blocks r k,v In the case of a branch statement, wherein
Indicating whether the u-th decision branch statement in the v-th loop code block with the depth of k is used by the test case t i The value is 1 if covered and 0 if not covered.
Optionally, the specific steps of step 2 are:
step 2.1, inputting an initial seed test case set T ini ;
Step 2.2, test case set T from initial seeds ini Selecting an initial seed test case t i ;
Step 2.3, executing the initial seed test case t on the instrumented program to be tested i And recording the initial seed test case t i The coverage condition of (2);
step 2.4, judging the initial seed test case t i If the initial seed tests case t i Leading the program to be tested after the pile insertion to be crashed, testing the initial seed by using the case t i Joining crash test case set T e (ii) a If the initial seed test case t i If the program to be tested after the pile insertion is not caused to be collapsed, calculating the initial seed test case t i The cyclic code block coverage condition of (1);
step 2.5, repeating the steps 2.2 to 2.4 until the initial seed test case set T is traversed ini Inserting the initial seed test cases which do not cause the crash of the instrumented program to be tested into a test case queue T list Performing the following steps;
step 2.6, output test case queue T list 。
Optionally, the specific steps in step 3 are:
step 3.1, from test case queue T list Taking out a seed test case t i Executing on the program to be tested after the pile is inserted;
step 3.2, calculating seed test case t i The fitness of (2);
step 3.3, generating a seed test case t according to the fitness variation i Storing the offspring test cases in the offspring test case set
Step 3.4, outputting the offspring test case set
Optionally, in step 3.2, the seed test case t is calculated i The fitness method comprises the following steps:
wherein size (R) is the number of elements in the set R of cyclic code blocks, i.e. the maximum depth of the cyclic code blocks in the program; r k A set of cyclic code blocks with depth k; size (R) k ) Is R k The number of elements in (1), i.e. the total number of cyclic code blocks with a depth of k; r is k,v Represents the v-th cyclic code block of depth k,
for seed test case t i For cyclic code block r k,v The number of executions of (2); l is Max A maximum cycle number threshold of interest for the test; size (B) k,v ) For cyclic code blocks r k,v The number of decision branch statements in (1);
indicating whether the u-th decision branch statement in the v-th loop code block with the depth of k is used by the test case t i The value is 1 if covered and 0 if not covered.
Optionally, the specific steps in step 4 are:
step 4.1, inputting a child test case set
Step 4.2, test case set from filial generation
Select the offspring test case
Step 4.3, executing the offspring test case on the program to be tested after the pile insertion
And recording the test case of the offspring
The coverage case and crash case of (c);
step 4.4, judging the test case of the filial generation
If the child tests the case
Leading the program to be tested after the pile insertion to be crashed, testing the offspring by using the case
Joining crash test case set T e (ii) a If filial generation test case
If the program to be tested after the pile insertion is not crashed, calculating the test case of the filial generation
The cyclic code block coverage condition of (1);
step 4.5, testing the case according to the filial generation
Determining whether to test the offspring for the coverage condition of the cyclic code block
Inserting test case queue T list ;
Step 4.6, repeating the step 4.2 to the step 4.5 until the filial generation test case set
And finishing the traversal.
Optionally, in step 5, it is determined whether a condition for stopping the fuzz test is satisfied, and if the condition for stopping the fuzz test is satisfied, the fuzz test is stopped and a crash test case set T is output e And a test report; if the fuzzy test stop condition is not satisfied, go to step 3.1.
Optionally, in step 4.5, the test case is tested according to the child
The coverage condition of the cyclic code block determines whether to use the child test case
Inserting test case queue T list The specific method comprises the following steps:
for cyclic code blocks, the current generation test cases
Is less than or equal toMaximum cycle number threshold L Max If the child tests the case
Number of times a certain cyclic code block is executed and test case queue T list Different from other test cases or covering the test case queue T list Judging branch statements in the cyclic code block which is not covered by other test cases, and testing the child test cases
Inserting test case queue T list Otherwise, discarding the child test case
When the child tests the case
Is greater than a maximum cycle threshold value L Max If the child tests the case
Overlay to test case queue T list Judging branch statements in the cyclic code block which is not covered by other test cases, and then testing the child test cases
Inserting test case queue T list Otherwise, discarding the child test case
By the technical scheme, the invention discloses a cycle code fuzzy test method based on combined coverage, which has the following beneficial effects compared with the prior art:
one aspect of the present invention proposes a combined coverage criterion for a cyclic code block. In order to solve the problem that the fuzzy test lacks pertinence to key judgment branches and loop codes in the codes, the invention provides a brand-new combination coverage criterion of loop code blocks, and focuses on the number of times of executing the loop code blocks under different nesting levels by test cases and the coverage condition of the judgment branches in the loop code blocks. Compared with other fuzzy test methods, the criterion clearly records the coverage condition of the test case on the cyclic code block and records the nesting level of the cyclic code block in the code file, and the problem that the cyclic code block is not sufficiently tested by the fuzzy test is pertinently solved.
Furthermore, the invention applies the cycle code combination coverage criterion to the fuzzy test process, and is used for analyzing the coverage rate of the test cases, calculating the fitness of the test cases and guiding the generation of the offspring test cases. Firstly, implanting an inserting probe in a program to be tested for collecting test case coverage criterion information; then, calculating the coverage rate of the seed test case for the cyclic code block according to the coverage criterion information and a formula, and calculating the fitness information of the seed test case; and finally, generating child test cases according to the fitness information of the seed test cases. Compared with other fuzzy test flows, the method and the device pay more attention to the test of the software neutral code blocks, generate more test cases aiming at the cyclic code blocks in a guided manner by collecting the coverage condition of the test cases in each round of fuzzy test, and realize the targeted fuzzy test of the program.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of the method steps of the present invention;
FIG. 2 is a schematic diagram of the method of the present invention;
FIG. 3 is a flowchart illustrating the steps of step 1 of the present invention;
FIG. 4 is a flowchart of the steps of step 2 of the present invention;
FIG. 5 is a flowchart illustrating the steps of step 3 of the present invention;
FIG. 6 is a flowchart of step 4 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The principle of the technical scheme of the invention is shown in figure 2, wherein, input is a program to be tested and an initial seed test case set, firstly, the program to be tested is inserted according to the requirement of a cyclic code combination coverage criterion; then, using an initial seed test case driving program to execute, and screening according to an execution result to obtain a test case queue; and finally, calculating the fitness of the test case according to the combined coverage criterion, and generating a child test case to perform fuzzy test.
The combined coverage criterion of the cyclic codes provided by the invention is as follows:
the cyclic code block set of the code block L is R = { R = } 1 ,R 2 ,…,R k ,…},R k Representing all sets of cyclic code blocks of depth k, R k ={r k,1 ,r k,2 ,…,r k,v 8230, where r k,v For the v-th cyclic code block of depth k, B k,v ={b k,v,1 ,b k,v,2 ,…,b k,v,u \8230 } is a cyclic code block r k,v A set of decision branch statements of (1), wherein b k,v,u Is the u-th predicate branch statement in the v-th loop code block of depth k.
With test case t i For example, test case t i The coverage condition of the execution code block L is recorded as
Wherein
For the coverage case of the k-th cyclic code block,
is the v-th cyclic code block with the value of k i The number of executions.
For cyclic code blocks r k,v In the case of a branch statement, wherein
Indicating whether the u-th decision branch statement in the v-th loop code block with the depth of k is used for the test case t i The value is 1 if covered and 0 if not covered.
In a specific example, referring to fig. 1, the detailed steps of the protocol of the invention are as follows:
step 1, performing instrumentation on a program to be tested according to a cyclic code combination coverage criterion.
In the process of fuzz testing, information for calculating the coverage criteria needs to be acquired, such as: the case where a branch statement is overwritten in the program, the case where a loop statement is executed, the program execution path, and the like. In order to acquire the information, recording is required in the process of executing the program to be tested, and the invention uses a static pile inserting technology for pile inserting.
To execute the instrumentation process, an Abstract Syntax Tree (AST) of the code to be tested is obtained. AST is a tree representation of the abstract syntax structure of the source code, with each node on the tree representing a statement in the source code from which information can be derived for a loop code block and a predicate branch statement therein.
As shown in fig. 3, the specific steps are:
step 1.1, inputting a program to be tested;
step 1.2, preprocessing a program to be tested;
in one embodiment, the step of preprocessing includes deleting spaces and annotations;
step 1.3, generating an abstract syntax tree corresponding to a program source code to be tested;
step 1.4, obtaining a cyclic code block in a program to be tested and a judgment branch statement in the cyclic code block according to the abstract syntax tree;
step 1.5, based on a loop code block in a program to be tested and a position of a judgment branch statement in the loop code block and a loop code combination coverage criterion, performing pile insertion by using a static pile insertion technology, and implanting a probe code; the position of the probe in the pile inserting process is arranged at the beginning of the cyclic code block and the judgment branch statement in the cyclic code block and before the first statement after the judgment branch statement in the cyclic code block;
and 1.6, outputting the program to be tested after pile insertion.
Step 2, obtaining an initial seed test case set T ini Executing and calculating the coverage rate, adding the coverage rate into a test case queue T after screening list 。
Initial seed test case set T in the invention ini ={t 1 ,t 2 ,...,t i Say from pre-stored initial test data, where t i Is a test case. T is a unit of ini Will be executed on the instrumented program to be tested in sequence to obtain the crash condition and the coverage condition of the initial test case through the instrumented probe, t i The coverage of the execution process is recorded in R i In (1).
At T ini In the execution process of the initial seed test case, if the initial seed test case causes the program to be tested to be crashed, adding the initial seed test case into a crash test case set T e ,T e For storing in fuzzy measuresAnd the test case which causes the program to be tested to be crashed in the test process is reported to the tester after the test is finished. If not, it is inserted into the test case queue T list To perform subsequent fuzz testing.
As shown in fig. 4, the specific steps are as follows:
step 2.1, inputting an initial seed test case set T ini ;
Step 2.2, test case set T from initial seeds ini Selecting an initial seed test case t i ;
Step 2.3, executing the initial seed test case t on the instrumented program to be tested i And recording the initial seed test case t i The coverage condition of (2);
step 2.4, judging the initial seed test case t i If the initial seed tests case t i Leading the program to be tested after the pile insertion to be crashed, testing the initial seed by using the case t i Joining crash test case set T e (ii) a If the initial seed test case t i If the program to be tested after the pile insertion is not caused to be collapsed, calculating the initial seed test case t i The cyclic code block coverage condition of (1);
step 2.5, repeating the steps 2.2 to 2.4 until the initial seed test case set T is traversed ini Inserting the initial seed test cases which do not cause the crash of the instrumented program to be tested into a test case queue T list Performing the following steps;
step 2.6, output test case queue T list 。
Step 3, from the test case queue T list And taking out the seed test cases one by one, calculating the fitness of the seed test cases, and distributing corresponding resources for the seed test cases to generate a child test case set through mutation.
The fitness information of the test case represents the quality of the test case in the fuzz testing process. The greater the fitness, the more offspring test cases that result from the test case mutation. According to the seed test case t i Calculating the fitness of the coverage condition of the cyclic code block in the program to be tested, and inserting the fitness into a test case queue T list To perform subsequent fuzz testing. High fitness means that the seed test case t i The children of (a) have a higher probability of covering more decision branch statements and loop code blocks. Therefore, more test resources are allocated to the seed test case with high fitness to generate more child test cases. The generated child test cases are stored in the set
Wherein
For seed test cases t i And (5) obtaining a filial generation test case after mutation.
As shown in fig. 5, the specific steps are:
step 3.1, from test case queue T list Taking out a seed test case t i Executing on the program to be tested after the pile is inserted;
step 3.2, calculating seed test case t i The fitness of (2);
wherein size (R) is the number of elements in the set R of cyclic code blocks, i.e. the maximum depth of the cyclic code blocks in the program; r k A set of cyclic code blocks with a depth of k; size (R) k ) Is R k The number of elements in (1), i.e. the total number of cyclic code blocks with depth k; r is a radical of hydrogen k,v Denotes the v-th cyclic code block of depth k,
for seed test case t i For cyclic code block r k,v The number of executions of (a); l is Max A maximum cycle number threshold of interest for the test; size (B) k,v ) For cyclic code blocks r k,v The number of decision branch statements in (1);
indicating whether the u-th decision branch statement in the v-th loop code block with the depth of k is used for the test case t i The value is 1 if covered and 0 if not covered.
Step 3.3, generating a seed test case t according to the fitness variation i The child test cases are stored into the child test case set
Step 3.4, outputting the offspring test case set
Step 4, executing and calculating the coverage rate of the test case of the child, and determining whether to insert the test case into the test case queue T or not according to the coverage rate list In (1).
Get the test case t from the seed i Variant generated child test case set
Then go through
And each child test case is executed on the instrumented program to be tested, and the breakdown condition and the coverage information during the running process of the instrumented probe are collected through the instrumented probe.
Referring to fig. 6, the specific steps are:
step 4.1, inputting a child test case set
Step 4.2, testing case set from filial generation
Selecting offspring test case
Step 4.3, executing the offspring test case on the program to be tested after the pile insertion
And recording the offspring test cases
The coverage case and crash case of (c);
step 4.4, judging the test case of the filial generation
If the child tests the case
Leading the program to be tested after the pile insertion to be crashed, testing the offspring by using the case
Joining crash test case set T e (ii) a If offspring test case
If the program to be tested after the pile insertion is not crashed, calculating a child test case
The cyclic code block coverage condition of (1);
step 4.5, testing the case according to the filial generation
Determining whether to test the offspring for the coverage condition of the cyclic code block
Inserting test case queue T list The specific judgment basis is as follows:
for cyclic code blocks, the current generation test cases
Is less than or equal to the maximum cycle threshold value L Max If the child tests the case
Number of times a certain cyclic code block is executed and test case queue T list Different from other test cases or covering the test case queue T list Judging branch statements in the cyclic code block which is not covered by other test cases, and testing the child test cases
Inserting test case queue T list Otherwise, discarding the child test case
When the child tests the case
Is greater than a maximum cycle threshold L Max If the child tests the case
Overlay to test case queue T list In the judgment branch statement in the cyclic code block which is not covered by other test cases, the child test cases are used
Inserting test case queue T list Otherwise, discarding the child test case
Step 4.6, repeating the step 4.2 to the step 4.5 until the filial generation test case set
And finishing the traversal.
Step 5, after the execution and analysis of all the child test cases are completed, judging whether the fuzzy test stopping condition is met or not, if so, stopping the fuzzy test and outputting a crash test case set T e And a test report; if not, go to step 3 to continue testing.
In a specific embodiment, the condition that the fuzz test is stopped is satisfied as follows: meet the coverage goal of the fuzz test or reach the expected execution time.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A cyclic code fuzzing test method based on combined coverage is characterized by comprising the following steps:
step 1, performing instrumentation on a program to be tested according to a cyclic code combination coverage criterion to obtain the instrumented program to be tested;
step 2, obtaining an initial seed test case set T ini Executing the initial seed test case on the instrumented program, calculating the coverage rate of the initial seed test case, and adding the initial seed test case which is not triggered to crash into a test case queue T list ;
Step 3, from the test case queue T list Taking out a seed test case t i Calculating and scoring the fitness thereofGenerating a set of child test cases by mutation of the corresponding resources
Step 4, collecting the child test cases
Each filial generation test case in the test program is executed on the instrumented program, the coverage rate of the tested program is calculated, and whether the tested program is inserted into a test case queue T or not is determined according to the coverage condition of the filial generation test case on a cyclic code block and a judgment branch statement in the cyclic code block list Performing the following steps;
and 5, judging whether the fuzzy test stopping condition is met or not, if so, finishing the test, and if not, returning to the step 3.
2. The method according to claim 1, wherein in the step 1, the step of instrumentation the program to be tested comprises:
step 1.1, inputting a program to be tested;
step 1.2, preprocessing a program to be tested;
step 1.3, generating an abstract syntax tree corresponding to a program source code to be tested;
step 1.4, obtaining a cyclic code block in a program to be tested and a judgment branch statement in the cyclic code block according to the abstract syntax tree;
step 1.5, based on a cyclic code block in a program to be tested and the position of a judgment branch statement in the cyclic code block and a cyclic code combination coverage criterion, using a static pile inserting technology to insert piles, and implanting probe codes;
and 1.6, outputting the program to be tested after pile insertion.
3. The method for fuzzy testing of loop codes based on combined coverage according to claim 2, wherein in step 1.5, the position of the probe during instrumentation is set at the beginning of the loop code block and the branch-of-decision statement therein, i.e. before the first statement after the loop code block and the branch-of-decision statement therein.
4. The method for testing fuzzy loop code based on combined coverage as claimed in claim 2, wherein in said step 1.5, the method for combining coverage criteria of loop code is: the cyclic code block set of the code block L is R = { R = } 1 ,R 2 ,…,R k ,…},R k Representing all sets of cyclic code blocks of depth k, R k ={r k,1 ,r k,2 ,…,r k,v 8230, where r is k,v For the v-th cyclic code block of depth k, B k,v ={b k,v,1 ,b k,v,2 ,…,b k,v,u \8230 } is a cyclic code block r k,v A set of decision branch statements of (1), wherein b k,v,u Is the u-th predicate branch statement in the v-th cyclic code block with depth k;
for test case t i : test case t i The coverage of the execution code block L is recorded as
Wherein
For the coverage case of the k-th cyclic code block,
is the v-th cyclic code block with the depth of k is tested by the case t i The number of times of execution is performed,
for cyclic code blocks r k,v In the case of a branch statement, in which
Indicating whether the u-th decision branch statement in the v-th loop code block with the depth of k is used by the test case t i The value is 1 if covered and 0 if not covered.
5. The method for testing the cycle code fuzziness based on the combined coverage according to claim 1, wherein the specific steps of the step 2 are as follows:
step 2.1, inputting an initial seed test case set T ini ;
Step 2.2, test case set T from initial seeds ini Selecting an initial seed test case t i ;
Step 2.3, executing the initial seed test case t on the instrumented program to be tested i And recording the initial seed test case t i The coverage condition of (2);
step 2.4, judging the initial seed test case t i If the initial seed tests case t i Leading the program to be tested after the pile insertion to be crashed, testing the initial seed by using the case t i Joining crash test case set T e (ii) a If the initial seed test case t i If the program to be tested after the pile insertion is not caused to be collapsed, calculating the initial seed test case t i The cyclic code block coverage condition of (1);
step 2.5, repeating the steps 2.2 to 2.4 until the initial seed test case set T is traversed ini Inserting the initial seed test cases which do not cause the crash of the instrumented program to be tested into a test case queue T list Performing the following steps;
step 2.6, output test case queue T list 。
6. The method for testing the cycle code fuzziness based on the combined coverage according to claim 1, wherein the specific steps of the step 3 are as follows:
step 3.1, from test case queue T list Taking out a seed test case t i Executing on the program to be tested after the pile is inserted;
step 3.2, calculating seed test case t i The fitness of (2);
step 3.3, generating a seed test case t according to the fitness variation i Storing the offspring test cases in the offspring test case set
Step 3.4, outputting the offspring test case set
7. The method for testing cycle code fuzziness based on combined coverage according to claim 6, wherein in the step 3.2, a seed test case t is calculated i The fitness method comprises the following steps:
wherein size (R) is the number of elements in the set R of cyclic code blocks, i.e. the maximum depth of the cyclic code blocks in the program; r k A set of cyclic code blocks with depth k; size (R) k ) Is R k The number of elements in (1), i.e. the total number of cyclic code blocks with depth k; r is a radical of hydrogen k,v Represents the v-th cyclic code block of depth k,
for seed test case t i For cyclic code block r k,v The number of executions of (2); l is Max A maximum cycle number threshold of interest for the test; size (B) k,v ) For cyclic code blocks r k,v The number of decision branch statements in (1);
indicating whether the u-th decision branch statement in the v-th loop code block with the depth of k is used by the test case t i The value is 1 if covered and 0 if not covered.
8. The method for testing the fuzzy of the cyclic code based on the combined coverage according to claim 1, wherein the specific steps of the step 4 are as follows:
step 4.1, inputting a filial generation test case set
Step 4.2, testing case set from filial generation
Selecting offspring test case
Step 4.3, executing the offspring test case on the instrumented program to be tested
And recording the offspring test cases
The coverage case and crash case of (c);
step 4.4, judging the test case of the filial generation
If the child tests the case
Leading the program to be tested after the pile insertion to be crashed, testing the offspring by using the case
Joining crash test case set T e (ii) a If filial generation test case
If the program to be tested after the pile insertion is not crashed, calculating the test case of the filial generation
The cyclic code block coverage condition of (1);
step 4.5, testing the case according to the filial generation
For the coverage condition of the cyclic code block, whether to test the child test case or not is determined
Inserting test case queue T list ;
Step 4.6, repeating the step 4.2 to the step 4.5 until the filial generation test case set
And finishing the traversal.
9. The method according to claim 6, wherein in step 5, it is determined whether a condition for stopping the fuzz test is satisfied, and if a coverage target of the fuzz test has been satisfied or an expected execution time is reached, the fuzz test is stopped and a crash test case set T is output e And a test report; if the fuzzy test stop condition is not satisfied, go to step 3.1.
10. A method as claimed in claim 8The cycle code fuzzy test method based on combination coverage is characterized in that in the step 4.5, the cases are tested according to filial generations
The coverage condition of the cyclic code block determines whether to test the child test case
Inserting test case queue T list The specific method comprises the following steps:
for cyclic code blocks, the current generation test cases
Is less than or equal to the maximum cycle threshold value L Max If the child tests the case
Number of times a certain cyclic code block is executed and test case queue T list Different from other test cases or covering the test case queue T list Judging branch statements in the cyclic code block which is not covered by other test cases, and then testing filial generation test cases
Inserting test case queue T list Otherwise, discarding the child test case
When the child tests the case
Is greater than a maximum cycle threshold L Max Then, if the child tests the case
Overlay to test case queue T list In the judgment branch statement in the cyclic code block which is not covered by other test cases, the child test cases are used
Inserting test case queue T list Otherwise, discarding the child test case
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211076243.4A CN115328804A (en) | 2022-09-05 | 2022-09-05 | Loop code fuzzy test method based on combined coverage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211076243.4A CN115328804A (en) | 2022-09-05 | 2022-09-05 | Loop code fuzzy test method based on combined coverage |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115328804A true CN115328804A (en) | 2022-11-11 |
Family
ID=83929763
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211076243.4A Pending CN115328804A (en) | 2022-09-05 | 2022-09-05 | Loop code fuzzy test method based on combined coverage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115328804A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116383067A (en) * | 2023-04-07 | 2023-07-04 | 上海安般信息科技有限公司 | Sufficiency judging method and device based on fuzzy test stopping |
-
2022
- 2022-09-05 CN CN202211076243.4A patent/CN115328804A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116383067A (en) * | 2023-04-07 | 2023-07-04 | 上海安般信息科技有限公司 | Sufficiency judging method and device based on fuzzy test stopping |
| CN116383067B (en) * | 2023-04-07 | 2023-11-21 | 上海安般信息科技有限公司 | Sufficiency judging method and device based on fuzzy test stopping |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109739755B (en) | Fuzzy test system based on program tracking and mixed execution | |
| CN109032942B (en) | Fuzzy test frame based on AFL | |
| Wegener et al. | Verifying timing constraints of real-time systems by means of evolutionary testing | |
| Tonella | Evolutionary testing of classes | |
| CN102141958B (en) | Method for evolving and generating path coverage test data facing defects | |
| Alipour et al. | Generating focused random tests using directed swarm testing | |
| CN115687115B (en) | Automatic testing method and system for mobile application program | |
| Conrad et al. | Empirically studying the role of selection operators duringsearch-based test suite prioritization | |
| CN110377511A (en) | A kind of method for generating test case of Data Flow Oriented | |
| CN103218297B (en) | The screening technique and device of test data | |
| CN115328804A (en) | Loop code fuzzy test method based on combined coverage | |
| Omar et al. | HOMAJ: A tool for higher order mutation testing in AspectJ and Java | |
| CN111881039A (en) | Seed processing method and system for fuzz test, fuzz test method and system and storage medium | |
| CN105868626A (en) | A method of monitoring software business activity based on control flow coarseness integrity | |
| Chi et al. | Multi-level random walk for software test suite reduction | |
| Metta et al. | BMC+ Fuzz: Efficient and effective test generation | |
| CN112181420B (en) | Compiler defect positioning method based on reinforcement learning | |
| CN113377676A (en) | Solver performance defect detection method based on multi-target genetic algorithm | |
| Kajo-Mece et al. | An evaluation of java code coverage testing tools | |
| Aquino et al. | Worst-case execution time testing via evolutionary symbolic execution | |
| CN114462043A (en) | Java anti-serialization vulnerability detection system and method based on reinforcement learning | |
| Wang et al. | A progress bar for the JPF search using program executions | |
| Sánchez et al. | Efficient techniques for automatic verification-oriented test set optimization | |
| De Moura et al. | Bugs, moles and skeletons: Symbolic reasoning for software development | |
| CN114638185A (en) | Chip verification method and device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |