CN117290240A - Method and device for generating dependent program, storage medium and electronic equipment - Google Patents

Method and device for generating dependent program, storage medium and electronic equipment Download PDF

Info

Publication number
CN117290240A
CN117290240A CN202311308167.XA CN202311308167A CN117290240A CN 117290240 A CN117290240 A CN 117290240A CN 202311308167 A CN202311308167 A CN 202311308167A CN 117290240 A CN117290240 A CN 117290240A
Authority
CN
China
Prior art keywords
function
target
program
compound
software development
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311308167.XA
Other languages
Chinese (zh)
Inventor
李文越
何伊圣
张王俊杰
刘洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hillstone Networks Co Ltd
Original Assignee
Hillstone Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hillstone Networks Co Ltd filed Critical Hillstone Networks Co Ltd
Priority to CN202311308167.XA priority Critical patent/CN117290240A/en
Publication of CN117290240A publication Critical patent/CN117290240A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • G06F11/3672Test management
    • G06F11/3688Test management for test execution, e.g. scheduling of test suites
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/30Creation or generation of source code
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Software Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The application discloses a method and a device for generating a dependent program, a storage medium and electronic equipment, and relates to the technical field of testing, wherein the method comprises the following steps: acquiring a target software development kit, and analyzing the target software development kit to obtain a plurality of composite functions corresponding to the target software development kit; in the process of operating the target software development kit, acquiring a dependency relationship among a plurality of composite functions and acquiring target data information corresponding to each composite function; and processing the dependency relationship and the target data information through a multi-target genetic algorithm to generate a target dependency program corresponding to the target software development kit. According to the method and the device, the problem that in the related art, the efficiency of acquiring the dependent program is low due to the fact that the dependent program of the third-party library is compiled manually to perform interface test is solved.

Description

Method and device for generating dependent program, storage medium and electronic equipment
Technical Field
The present invention relates to the field of testing technologies, and in particular, to a method and apparatus for generating a dependency program, a storage medium, and an electronic device.
Background
If fuzz is performed on a third party library, the fuzzer (fuzzer) requires an executable program (i.e., a dependent program) that calls the library API to perform input interface testing. Such portals typically require the researcher to write themselves. Associated with the knowledge reserves of the researchers themselves. Resulting in a significant amount of time required for researchers to study the source code of third party libraries.
Aiming at the problem that the efficiency of acquiring the dependent program is lower because the dependent program of the third party library is written manually to carry out interface test in the related technology, no effective solution is proposed at present.
Disclosure of Invention
The main purpose of the application is to provide a method and a device for generating a dependent program, a storage medium and an electronic device, so as to solve the problem that in the related art, the efficiency of acquiring the dependent program is low because the dependent program of a third party library is written manually for interface test.
In order to achieve the above object, according to one aspect of the present application, there is provided a program-dependent generation method. The method comprises the following steps: acquiring a target software development kit, and analyzing the target software development kit to obtain a plurality of composite functions corresponding to the target software development kit; in the process of operating the target software development kit, acquiring the dependency relationship among the plurality of composite functions and acquiring target data information corresponding to each composite function, wherein the target data information at least comprises: the method comprises the steps of corresponding thread numbers, input parameters, output parameters, parameter types, return values and nesting levels of each compound function, wherein the nesting levels are determined by calling relations among the compound functions; and processing the dependency relationship and the target data information through a multi-target genetic algorithm to generate a target dependency program corresponding to the target software development kit.
Further, obtaining the dependency relationship between the plurality of composite functions includes: in the running process of the target software development kit, tracking the input and output of each compound function to obtain the input parameter of each compound function and the output parameter of each compound function; and acquiring the dependency relationship among the plurality of composite functions according to the input parameters and the output parameters.
Further, obtaining the target data information corresponding to each composite function includes: in the running process of the target software development kit, tracking the input and output of each compound function to obtain a thread number, an input parameter, an output parameter, a parameter type, a return value and a calling relation corresponding to each compound function; determining a nesting level corresponding to each composite function according to the calling relation; and determining the target data information according to the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to each composite function.
Further, determining the nesting level corresponding to each composite function according to the calling relationship comprises: determining whether a first compound function is called by a second compound function according to the calling relation, wherein the first compound function is any compound function in the plurality of compound functions, and the second compound function is any compound function except the first compound function in the plurality of compound functions; if the first compound function is called by the second compound function, acquiring the nesting level of the second compound function, and determining the nesting level of the first compound function according to the nesting level of the second compound function and a preset numerical value; and if the first compound function is not called by the second compound function, determining the preset numerical value as the nesting level of the first compound function.
Further, before the dependency relationship and the target data information are processed through the multi-target genetic algorithm to generate the target dependency program corresponding to the target software development kit, the method further includes: acquiring the execution sequence of the plurality of composite functions; and according to the execution sequence, sequencing the dependency relationship and the target data information to obtain a function relationship list.
Further, after the dependency relationship and the target data information are sequenced according to the execution sequence to obtain a functional relationship list, the method further includes: recording the return address of each composite function in the running process of the target software development kit to obtain the return address information; analyzing the return address information through a static analysis tool and a dynamic taint analysis tool, and determining whether the complex function triggers error information in the execution process; and if the composite function triggers error information in the execution process, recording the error information, whether error processing is executed or not and the condition for triggering the error information.
Further, processing the dependency relationship and the target data information through a multi-target genetic algorithm, and generating a target dependency program corresponding to the target software development kit includes: and processing the functional relation list, the error information, whether to execute error processing and the condition triggering the error information through the multi-objective genetic algorithm, and generating an objective dependent program corresponding to the objective software development kit.
Further, generating the target dependent program corresponding to the target software development kit includes: generating an initial dependent program through the multi-objective genetic algorithm; grading the diversity of the initial dependent program according to the composite function covered in the initial dependent program to obtain a first grade; scoring the effectiveness of the initial dependent program according to whether the initial dependent program accurately calls a composite function, and obtaining a second score; grading the simplicity of the initial dependent program according to the repeated calling of the composite function in the initial dependent program to obtain a third grade; judging whether the initial dependent program meets preset requirements according to the first score, the second score and the third score; and if the initial dependent program does not meet the preset requirement, repeating the step of generating the initial dependent program through the multi-objective genetic algorithm until the initial dependent program meets the preset requirement, and determining the initial dependent program as the objective dependent program.
In order to achieve the above object, according to another aspect of the present application, there is provided a program-dependent generating apparatus. The device comprises: the first acquisition unit is used for acquiring a target software development kit, and analyzing the target software development kit to obtain a plurality of composite functions corresponding to the target software development kit; the second obtaining unit is configured to obtain a dependency relationship between the multiple composite functions and obtain target data information corresponding to each composite function in a running process of the target software development kit, where the target data information at least includes: the method comprises the steps of corresponding thread numbers, input parameters, output parameters, parameter types, return values and nesting levels of each compound function, wherein the nesting levels are determined by calling relations among the compound functions; the first processing unit is used for processing the dependency relationship and the target data information through a multi-target genetic algorithm and generating a target dependency program corresponding to the target software development kit.
Further, the second acquisition unit includes: the first tracking module is used for tracking the input and output of each compound function in the running process of the target software development kit to obtain the input parameter of each compound function and the output parameter of each compound function; and the acquisition module is used for acquiring the dependency relationship among the plurality of composite functions according to the input parameters and the output parameters.
Further, the second acquisition unit includes: the second tracking module is used for tracking the input and output of each compound function in the running process of the target software development kit to obtain a thread number, an input parameter, an output parameter, a parameter type, a return value and a calling relation corresponding to each compound function; the first determining module is used for determining the nesting level corresponding to each composite function according to the calling relation; and the second determining module is used for determining the target data information according to the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to each composite function.
Further, the first determining module includes: the first determining submodule is used for determining whether a first compound function is called by a second compound function according to the calling relation, wherein the first compound function is any compound function in the compound functions, and the second compound function is any compound function except the first compound function in the compound functions; the acquisition sub-module is used for acquiring the nesting level of the second compound function if the first compound function is called by the second compound function, and determining the nesting level of the first compound function according to the nesting level of the second compound function and a preset value; and the second determining submodule is used for determining the preset numerical value as the nesting level of the first compound function if the first compound function is not called by the second compound function.
Further, the apparatus further comprises: the third obtaining unit is used for obtaining the execution sequence of the plurality of composite functions before the dependency relationship and the target data information are processed through a multi-target genetic algorithm to generate a target dependency program corresponding to the target software development kit; and the second processing unit is used for sorting the dependency relationship and the target data information according to the execution sequence to obtain a function relationship list.
Further, the apparatus further comprises: the first recording unit is used for carrying out sequencing treatment on the dependency relationship and the target data information according to the execution sequence to obtain a function relationship list, and recording the return address of each compound function in the running process of the target software development kit to obtain return address information; the analysis unit is used for analyzing the return address information through a static analysis tool and a dynamic taint analysis tool and determining whether the complex function triggers error information in the execution process; and the second recording unit is used for recording the error information, whether the error processing is executed or not and the condition for triggering the error information if the composite function triggers the error information in the execution process.
Further, the first processing unit includes: and the processing module is used for processing the functional relation list, the error information, whether to execute error processing and the condition for triggering the error information through the multi-objective genetic algorithm and generating an objective dependent program corresponding to the objective software development kit.
Further, the first processing unit includes: the generation module is used for generating an initial dependent program through the multi-objective genetic algorithm; the first scoring module is used for scoring the diversity of the initial dependent program according to the composite function covered in the initial dependent program to obtain a first score; the second scoring module is used for scoring the effectiveness of the initial dependent program according to whether the initial dependent program accurately calls a composite function or not to obtain a second score; the third scoring module is used for scoring the simplicity of the initial dependent program according to the repeated calling of the composite function in the initial dependent program to obtain a third score; the judging module is used for judging whether the initial dependent program meets the preset requirement or not according to the first score, the second score and the third score; and the execution module is used for repeatedly executing the step of generating the initial dependent program through the multi-objective genetic algorithm if the initial dependent program does not meet the preset requirement until the initial dependent program meets the preset requirement, and determining the initial dependent program as the objective dependent program.
To achieve the above object, according to one aspect of the present application, there is provided an electronic device including one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method for generating a dependent program of any one of the above.
Through the application, the following steps are adopted: acquiring a target software development kit, and analyzing the target software development kit to obtain a plurality of composite functions corresponding to the target software development kit; in the process of operating the target software development kit, acquiring a dependency relationship among a plurality of compound functions and acquiring target data information corresponding to each compound function, wherein the target data information at least comprises: the method comprises the steps of corresponding thread numbers, input parameters, output parameters, parameter types, return values and nesting levels of each compound function, wherein the nesting levels are determined by calling relations among a plurality of compound functions; the dependency relationship and the target data information are processed through the multi-target genetic algorithm, and the target dependency program corresponding to the target software development kit is generated, so that the problem that the efficiency of acquiring the dependency program is low due to the fact that the dependency program of the third party library is written manually to perform interface test in the related technology is solved. In the scheme, the dependency relationship among the compound functions and the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to the compound functions are obtained by analyzing and tracking the running process of the target software development kit, and then the target dependency program corresponding to the target software development kit is automatically generated through the dependency relationship among the compound functions and the data information of the compound functions, so that the interface test of writing the dependency program by using manual experience is avoided, and the effect of improving the efficiency of acquiring the dependency program is further achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application, illustrate and explain the application and are not to be construed as limiting the application. In the drawings:
FIG. 1 is a flow chart of a method of generating a dependent program provided in accordance with an embodiment of the present application;
FIG. 2 is a schematic diagram of a program-dependent generating apparatus provided according to an embodiment of the present application;
fig. 3 is a schematic diagram of an electronic device provided according to an embodiment of the present application.
Detailed Description
It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other. The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe the embodiments of the present application described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that, related information (including, but not limited to, user equipment information, user personal information, etc.) and data (including, but not limited to, data for presentation, analyzed data, etc.) related to the present disclosure are information and data authorized by a user or sufficiently authorized by each party. For example, an interface is provided between the system and the relevant user or institution, before acquiring the relevant information, the system needs to send an acquisition request to the user or institution through the interface, and acquire the relevant information after receiving the consent information fed back by the user or institution.
The present invention will be described with reference to preferred implementation steps, and fig. 1 is a flowchart of a method for generating a dependency program according to an embodiment of the present application, as shown in fig. 1, where the method includes the following steps:
step S101, a target software development kit is obtained, and the target software development kit is analyzed to obtain a plurality of composite functions corresponding to the target software development kit.
Alternatively, a third party SDK (i.e., the target software development kit described above) is obtained, and then the target SDK may be analyzed by various specific analysis methods (e.g., generate header analysis, static binary analysis, dynamic binary specific analysis), to extract a plurality of composite functions in the target SDK.
Step S102, in the process of operating the target software development kit, acquiring a dependency relationship among a plurality of compound functions and acquiring target data information corresponding to each compound function, wherein the target data information at least comprises: the thread number, input parameters, output parameters, parameter types, return values and nesting levels corresponding to each compound function are determined by the calling relation among a plurality of compound functions.
Optionally, the dependency relationship between the compound functions can be obtained by tracking and analyzing the tracking software program in the running process of the target software development kit, and the data information such as the thread number, the input parameter, the output parameter, the parameter type, the return value, the nesting level and the like corresponding to each compound function can be obtained. In general, when the output of the complex function FA is related to the input of the complex function FB, FB depends on the complex function FA, denoted < FA, out, FB, in >.
And step S103, processing the dependency relationship and the target data information through a multi-target genetic algorithm to generate a target dependency program corresponding to the target software development kit.
Optionally, the data information such as the dependency relationship, the input parameter, the output parameter, the parameter type, the return value, the nesting level and the like is processed through a multi-target genetic algorithm to obtain a target dependent program corresponding to the target software development kit. It should be noted that, the multi-objective genetic algorithm is a modeling method for simulating natural evolution, and is widely applied to solve the complex optimization problem. The target dependent program corresponding to the target software development kit can be accurately generated through the multi-target genetic algorithm.
In summary, by analyzing and tracking the running process of the target software development kit, the dependency relationship among the compound functions and the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to the compound functions are obtained, and then the target dependency program corresponding to the target software development kit is automatically generated through the dependency relationship among the compound functions and the data information of the compound functions, so that the interface test by writing the dependency program by using the manual experience is avoided, and the effect of improving the efficiency of acquiring the dependency program is achieved.
Optionally, in the method for generating a dependency program provided in the embodiment of the present application, obtaining a dependency relationship between a plurality of compound functions includes: in the process of running the target software development kit, tracking the input and output of each compound function to obtain the input parameter of each compound function and the output parameter of each compound function; and acquiring the dependency relationship among the plurality of composite functions according to the input parameters and the output parameters.
Alternatively, since FB is considered to be dependent on the composite function FA when the output of the composite function FA is related to the input of the composite function FB. Therefore, in the running process of the target software development kit, the input and output of each compound function are tracked, so that the input parameter of each compound function and the output parameter of each compound function are accurately obtained, then, whether the compound functions have a dependency relationship or not is judged through the input parameter and the output parameter, and finally, the dependency relationship among the compound functions is obtained.
By tracking the input and output of the compound functions, whether the dependency relationship exists between the compound functions can be accurately judged, and the effect of improving the accuracy of the generated dependency program is achieved.
Optionally, in the method for generating a dependency program provided in the embodiment of the present application, obtaining target data information corresponding to each composite function includes: in the running process of the target software development kit, tracking the input and output of each compound function to obtain a thread number, an input parameter, an output parameter, a parameter type, a return value and a calling relation corresponding to each compound function; determining a nesting level corresponding to each composite function according to the calling relation; and determining target data information according to the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to each composite function.
Determining the nesting level corresponding to each composite function according to the calling relation comprises the following steps: determining whether the first compound function is called by a second compound function according to the calling relation, wherein the first compound function is any compound function in the plurality of compound functions, and the second compound function is any compound function except the first compound function in the plurality of compound functions; if the first compound function is called by the second compound function, acquiring a nesting level of the second compound function, and determining the nesting level of the first compound function according to the nesting level of the second compound function and a preset value; if the first compound function is not called by the second compound function, determining the preset value as the nesting level of the first compound function.
Optionally, the input and output of each compound function can be tracked in the running process of the target software development kit through the tracking software program, so that data such as a thread number, an input parameter, an output parameter, a parameter type, a return value, a calling relation and the like corresponding to each compound function can be obtained, and the data such as the input parameter, the output parameter, the parameter type, the return value, the calling relation and the like can be accurately matched with the compound function through the thread number.
After the data information is obtained, the nesting level corresponding to each composite function is obtained through calculation according to the calling relation, and the nesting level is used for representing the calling depth of the nested API function (namely the composite function). And finally, obtaining the target data information through the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to each composite function.
In an alternative embodiment, the nesting level corresponding to each composite function described above may be calculated by: determining whether the first compound function is called by the second compound function according to the above calling relation, and if the first compound function is not called by the second compound function, determining the nesting level of the first compound function as 1 (i.e. the above preset value).
If the first compound function is called by the second compound function, the nesting level x of the second compound function is obtained, and then the nesting level of the first compound function is determined to be x+1 (namely, the nesting level of the first compound function is determined according to the nesting level of the second compound function and the preset value).
In summary, the dependent program of the target SDK can be generated more accurately through the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to each composite function.
Optionally, in the method for generating a dependency program provided in the embodiment of the present application, before processing the dependency relationship and the target data information by using a multi-target genetic algorithm to generate a target dependency program corresponding to a target software development kit, the method further includes: acquiring the execution sequence of a plurality of composite functions; and according to the execution sequence, sorting the dependency relationship and the target data information to obtain a function relationship list.
Optionally, the execution sequence of the multiple composite functions can be obtained by tracking the software program in the running process of the target software development kit, and then the dependency relationship and the target data information are sequenced by using the execution sequence to obtain a function relationship list sequenced according to the execution sequence.
Optionally, in the method for generating a dependency program provided in the embodiment of the present application, after performing a sorting process on the dependency relationship and the target data information according to the execution order to obtain the functional relationship list, the method further includes: recording the return address of each composite function in the running process of the target software development kit to obtain the return address information; analyzing the return address information through a static analysis tool and a dynamic taint analysis tool to determine whether the complex function triggers error information in the execution process; if the composite function triggers the error information in the execution process, the error information, whether to execute error processing and the condition for triggering the error information are recorded.
Optionally, during the running process of the target software development kit, the data such as error information triggered by the composite function in the executing process, whether to execute error processing, and conditions triggering the error information can be collected through tracking the return address of the API function recorded by the program and then analyzing through a static analysis tool and a dynamic taint tool. By means of the error information, whether to execute error processing and the condition triggering the error information, the fault tolerance of the dependent program can be repeatedly considered when the dependent program is generated, and the accuracy of the dependent program is improved.
Optionally, in the method for generating a dependency program provided in the embodiment of the present application, processing, by a multi-objective genetic algorithm, a dependency relationship and objective data information, and generating an objective dependency program corresponding to an objective software development kit includes: and processing the function relation list, the error information, whether to execute error processing and the condition triggering the error information through a multi-target genetic algorithm, and generating a target dependent program corresponding to the target software development kit.
Optionally, when the dependency relationship and the target data information are processed through the multi-target genetic algorithm to generate the target dependency program corresponding to the target software development kit, the multi-target genetic algorithm is used for processing the function relationship list and the error information, whether to execute error processing and the condition of triggering the error information, so as to obtain the final target dependency program.
The execution sequence and the dependency relationship of the compound function can be repeatedly considered when the dependent program is generated through the function relationship list, and the fault tolerance of the dependent program can be repeatedly considered when the dependent program is generated through error information, whether error processing is executed or not and the condition for triggering the error information, so that the technical effect of improving the quality of the dependent program is achieved.
Optionally, in the method for generating a dependency program provided in the embodiment of the present application, generating a target dependency program corresponding to a target software development kit includes: generating an initial dependent program through a multi-target genetic algorithm; grading the diversity of the initial dependent program according to the composite function covered in the initial dependent program to obtain a first grade; scoring the effectiveness of the initial dependent program according to whether the initial dependent program accurately calls the composite function to obtain a second score; grading the simplicity of the initial dependent program according to the repeated calling of the composite function in the initial dependent program to obtain a third grade; judging whether the initial dependent program meets the preset requirement according to the first score, the second score and the third score; if the initial dependent program does not meet the preset requirements, repeating the step of generating the initial dependent program through the multi-objective genetic algorithm until the initial dependent program meets the preset requirements, and determining the initial dependent program as the objective dependent program.
Optionally, in order to improve the quality of the dependent program, the quality of the generated medical program is evaluated through the combination of three basic indexes, namely, an initial dependent program is generated through a multi-objective genetic algorithm, and the diversity of the initial dependent program is scored through a composite function covered in the initial dependent program, so that a first score is obtained. To adequately test the targets, the fuzz dependent program needs to contain as many different API functions as possible. Further, the more data dependencies the dependent program contains, the more data exchanges between functions the dependent program performs overrides, which increases the likelihood of finding a bug associated with erroneous data management in the target SDK in the obfuscation process.
The validity of the initial dependent program is scored by whether the initial dependent program accurately calls the composite function, and a second score is obtained, so that the fuzz dependent program needs to call the functions correctly besides using more API functions. Efficient use of API functions in a dependent program is a fuzzy requirement, and furthermore, proper use of API functions can help test the function's more core logic. The fuzz driver calls the function API as correctly as possible, so that false alarms are reduced.
And grading the simplicity of the initial dependent program by repeatedly calling the composite function in the initial dependent program to obtain a third grade, wherein the dependent program needs to reduce repeated or irrelevant function call/data dependence as much as possible so as to reduce labor cost and hardware resource use. A dependent program has fewer duplicates or unrelated function calls/data dependencies, it is more compact. A more compact dependent program is easier to use, understand and debug, which saves not only manual work during analysis, but also computational resources in the blurring process.
Then, whether the initial dependent program meets the preset requirement is judged through the first score, the second score and the third score, for example, the total score is obtained through the first score, the second score and the third score, whether the total score is higher than the preset score (for example, 90) is judged, and if so, the initial dependent program meets the preset requirement.
If the initial dependent program does not meet the preset requirements, repeating the step of generating the initial dependent program through the multi-objective genetic algorithm until the initial dependent program meets the preset requirements, and determining the initial dependent program as the objective dependent program.
The dependency program is evaluated through the diversity, the effectiveness and the simplicity, so that the quality of the dependency program can be effectively improved, and the accuracy of the fuzzy test is improved.
According to the method for generating the dependent program, the target software development kit is obtained, and the target software development kit is analyzed to obtain a plurality of composite functions corresponding to the target software development kit; in the process of operating the target software development kit, acquiring a dependency relationship among a plurality of compound functions and acquiring target data information corresponding to each compound function, wherein the target data information at least comprises: the method comprises the steps of corresponding thread numbers, input parameters, output parameters, parameter types, return values and nesting levels of each compound function, wherein the nesting levels are determined by calling relations among a plurality of compound functions; the dependency relationship and the target data information are processed through the multi-target genetic algorithm, and the target dependency program corresponding to the target software development kit is generated, so that the problem that the efficiency of acquiring the dependency program is low due to the fact that the dependency program of the third party library is written manually to perform interface test in the related technology is solved. In the scheme, the dependency relationship among the compound functions and the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to the compound functions are obtained by analyzing and tracking the running process of the target software development kit, and then the target dependency program corresponding to the target software development kit is automatically generated through the dependency relationship among the compound functions and the data information of the compound functions, so that the interface test of writing the dependency program by using manual experience is avoided, and the effect of improving the efficiency of acquiring the dependency program is further achieved.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
The embodiment of the application also provides a device for generating the dependent program, and the device for generating the dependent program can be used for executing the method for generating the dependent program. The following describes a program-dependent generating apparatus provided in an embodiment of the present application.
Fig. 2 is a schematic diagram of a program-dependent generating apparatus according to an embodiment of the present application. As shown in fig. 2, the apparatus includes: a first acquisition unit 201, a second acquisition unit 202 and a first processing unit 203.
The first obtaining unit 201 is configured to obtain a target software development kit, and analyze the target software development kit to obtain a plurality of composite functions corresponding to the target software development kit;
the second obtaining unit 202 is configured to obtain a dependency relationship between a plurality of compound functions and obtain target data information corresponding to each compound function in a process of running the target software development kit, where the target data information at least includes: the method comprises the steps of corresponding thread numbers, input parameters, output parameters, parameter types, return values and nesting levels of each compound function, wherein the nesting levels are determined by calling relations among a plurality of compound functions;
The first processing unit 202 is configured to process the dependency relationship and the target data information through a multi-target genetic algorithm, and generate a target dependency program corresponding to the target software development kit.
Alternatively, a third party SDK (i.e., the target software development kit described above) is obtained, and then the target SDK may be analyzed by various specific analysis methods (e.g., generate header analysis, static binary analysis, dynamic binary specific analysis), to extract a plurality of composite functions in the target SDK. The dependency relationship between the compound functions can be obtained by tracking and analyzing the tracking software program in the running process of the target software development kit, and the data information such as the thread number, the input parameter, the output parameter, the parameter type, the return value, the nesting level and the like corresponding to each compound function is obtained. In general, when the output of the complex function FA is related to the input of the complex function FB, FB depends on the complex function FA, denoted < FA, out, FB, in >. And processing the data information such as the dependency relationship, the input parameters, the output parameters, the parameter types, the return values, the nesting levels and the like through a multi-target genetic algorithm to obtain a target dependent program corresponding to the target software development kit. It should be noted that, the multi-objective genetic algorithm is a modeling method for simulating natural evolution, and is widely applied to solve the complex optimization problem. The target dependent program corresponding to the target software development kit can be accurately generated through the multi-target genetic algorithm.
According to the device for generating the dependent program, the target software development kit is acquired through the first acquisition unit 201, and the target software development kit is analyzed to obtain a plurality of composite functions corresponding to the target software development kit; the second obtaining unit 202 obtains a dependency relationship between a plurality of compound functions and obtains target data information corresponding to each compound function in a process of operating the target software development kit, where the target data information at least includes: the method comprises the steps of corresponding thread numbers, input parameters, output parameters, parameter types, return values and nesting levels of each compound function, wherein the nesting levels are determined by calling relations among a plurality of compound functions; the first processing unit 202 processes the dependency relationship and the target data information through the multi-target genetic algorithm to generate a target dependency program corresponding to the target software development kit, so that the problem that the efficiency of acquiring the dependency program is low due to the fact that the dependency program of the third party library is written manually to perform interface test in the related art is solved. In the scheme, the dependency relationship among the compound functions and the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to the compound functions are obtained by analyzing and tracking the running process of the target software development kit, and then the target dependency program corresponding to the target software development kit is automatically generated through the dependency relationship among the compound functions and the data information of the compound functions, so that the interface test of writing the dependency program by using manual experience is avoided, and the effect of improving the efficiency of acquiring the dependency program is further achieved.
Optionally, in the program-dependent generating apparatus provided in the embodiment of the present application, the second obtaining unit includes: the first tracking module is used for tracking the input and output of each compound function in the running process of the target software development kit to obtain the input parameter of each compound function and the output parameter of each compound function; and the acquisition module is used for acquiring the dependency relationship among the plurality of composite functions according to the input parameters and the output parameters.
Alternatively, since FB is considered to be dependent on the composite function FA when the output of the composite function FA is related to the input of the composite function FB. Therefore, in the running process of the target software development kit, the input and output of each compound function are tracked, so that the input parameter of each compound function and the output parameter of each compound function are accurately obtained, then, whether the compound functions have a dependency relationship or not is judged through the input parameter and the output parameter, and finally, the dependency relationship among the compound functions is obtained.
By tracking the input and output of the compound functions, whether the dependency relationship exists between the compound functions can be accurately judged, and the effect of improving the accuracy of the generated dependency program is achieved.
Optionally, in the program-dependent generating apparatus provided in the embodiment of the present application, the second obtaining unit includes: the second tracking module is used for tracking the input and output of each compound function in the running process of the target software development kit to obtain a thread number, an input parameter, an output parameter, a parameter type, a return value and a calling relation corresponding to each compound function; the first determining module is used for determining the nesting level corresponding to each composite function according to the calling relation; and the second determining module is used for determining the target data information according to the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to each composite function.
Optionally, in the program-dependent generating apparatus provided in the embodiment of the present application, the first determining module includes: the first determining submodule is used for determining whether the first compound function is called by the second compound function according to the calling relation, wherein the first compound function is any compound function in the compound functions, and the second compound function is any compound function except the first compound function in the compound functions; the acquisition sub-module is used for acquiring the nesting level of the second compound function if the first compound function is called by the second compound function, and determining the nesting level of the first compound function according to the nesting level of the second compound function and a preset value; and the second determining submodule is used for determining a preset value as the nesting level of the first compound function if the first compound function is not called by the second compound function.
Optionally, the input and output of each compound function can be tracked in the running process of the target software development kit through the tracking software program, so that data such as a thread number, an input parameter, an output parameter, a parameter type, a return value, a calling relation and the like corresponding to each compound function can be obtained, and the data such as the input parameter, the output parameter, the parameter type, the return value, the calling relation and the like can be accurately matched with the compound function through the thread number.
After the data information is obtained, the nesting level corresponding to each composite function is obtained through calculation according to the calling relation, and the nesting level is used for representing the calling depth of the nested API function (namely the composite function). And finally, obtaining the target data information through the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to each composite function.
In an alternative embodiment, the nesting level corresponding to each composite function described above may be calculated by: determining whether the first compound function is called by the second compound function according to the above calling relation, and if the first compound function is not called by the second compound function, determining the nesting level of the first compound function as 1 (i.e. the above preset value).
If the first compound function is called by the second compound function, the nesting level x of the second compound function is obtained, and then the nesting level of the first compound function is determined to be x+1 (namely, the nesting level of the first compound function is determined according to the nesting level of the second compound function and the preset value).
In summary, the dependent program of the target SDK can be generated more accurately through the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to each composite function.
Optionally, in the program-dependent generating apparatus provided in the embodiment of the present application, the apparatus further includes: the third acquisition unit is used for acquiring the execution sequence of a plurality of composite functions before the dependency relationship and the target data information are processed through the multi-target genetic algorithm to generate a target dependency program corresponding to the target software development kit; and the second processing unit is used for sequencing the dependency relationship and the target data information according to the execution sequence to obtain a function relationship list.
Optionally, the execution sequence of the multiple composite functions can be obtained by tracking the software program in the running process of the target software development kit, and then the dependency relationship and the target data information are sequenced by using the execution sequence to obtain a function relationship list sequenced according to the execution sequence.
Optionally, in the program-dependent generating apparatus provided in the embodiment of the present application, the apparatus further includes: the first recording unit is used for carrying out sequencing treatment on the dependency relationship and the target data information according to the execution sequence to obtain a function relationship list, and recording the return address of each composite function in the running process of the target software development kit to obtain return address information; the analysis unit is used for analyzing the return address information through the static analysis tool and the dynamic taint analysis tool and determining whether the complex function triggers error information in the execution process; and the second recording unit is used for recording the error information, whether the error processing is executed or not and the condition for triggering the error information if the composite function triggers the error information in the execution process.
Optionally, during the running process of the target software development kit, the data such as error information triggered by the composite function in the executing process, whether to execute error processing, and conditions triggering the error information can be collected through tracking the return address of the API function recorded by the program and then analyzing through a static analysis tool and a dynamic taint tool. By means of the error information, whether to execute error processing and the condition triggering the error information, the fault tolerance of the dependent program can be repeatedly considered when the dependent program is generated, and the accuracy of the dependent program is improved.
Optionally, in the program-dependent generating apparatus provided in the embodiment of the present application, the first processing unit includes: and the processing module is used for processing the function relation list, the error information, whether to execute error processing and the condition for triggering the error information through a multi-target genetic algorithm and generating a target dependent program corresponding to the target software development kit.
Optionally, when the dependency relationship and the target data information are processed through the multi-target genetic algorithm to generate the target dependency program corresponding to the target software development kit, the multi-target genetic algorithm is used for processing the function relationship list and the error information, whether to execute error processing and the condition of triggering the error information, so as to obtain the final target dependency program.
The execution sequence and the dependency relationship of the compound function can be repeatedly considered when the dependent program is generated through the function relationship list, and the fault tolerance of the dependent program can be repeatedly considered when the dependent program is generated through error information, whether error processing is executed or not and the condition for triggering the error information, so that the technical effect of improving the quality of the dependent program is achieved.
Optionally, in the program-dependent generating apparatus provided in the embodiment of the present application, the first processing unit includes: the generation module is used for generating an initial dependent program through a multi-target genetic algorithm; the first scoring module is used for scoring the diversity of the initial dependent program according to the composite function covered in the initial dependent program to obtain a first score; the second scoring module is used for scoring the effectiveness of the initial dependent program according to whether the initial dependent program accurately calls the composite function or not to obtain a second score; the third scoring module is used for scoring the simplicity of the initial dependent program according to the repeated calling of the composite function in the initial dependent program to obtain a third score; the judging module is used for judging whether the initial dependent program meets the preset requirement according to the first score, the second score and the third score; and the execution module is used for repeatedly executing the step of generating the initial dependent program through the multi-target genetic algorithm if the initial dependent program does not meet the preset requirement until the initial dependent program meets the preset requirement, and determining the initial dependent program as the target dependent program.
Optionally, in order to improve the quality of the dependent program, the quality of the generated medical program is evaluated through the combination of three basic indexes, namely, an initial dependent program is generated through a multi-objective genetic algorithm, and the diversity of the initial dependent program is scored through a composite function covered in the initial dependent program, so that a first score is obtained. To adequately test the targets, the fuzz dependent program needs to contain as many different API functions as possible. Further, the more data dependencies the dependent program contains, the more data exchanges between functions the dependent program performs overrides, which increases the likelihood of finding a bug associated with erroneous data management in the target SDK in the obfuscation process.
The validity of the initial dependent program is scored by whether the initial dependent program accurately calls the composite function, and a second score is obtained, so that the fuzz dependent program needs to call the functions correctly besides using more API functions. Efficient use of API functions in a dependent program is a fuzzy requirement, and furthermore, proper use of API functions can help test the function's more core logic. The fuzz driver calls the function API as correctly as possible, so that false alarms are reduced.
And grading the simplicity of the initial dependent program by repeatedly calling the composite function in the initial dependent program to obtain a third grade, wherein the dependent program needs to reduce repeated or irrelevant function call/data dependence as much as possible so as to reduce labor cost and hardware resource use. A dependent program has fewer duplicates or unrelated function calls/data dependencies, it is more compact. A more compact dependent program is easier to use, understand and debug, which saves not only manual work during analysis, but also computational resources in the blurring process.
Then, whether the initial dependent program meets the preset requirement is judged through the first score, the second score and the third score, for example, the total score is obtained through the first score, the second score and the third score, whether the total score is higher than the preset score (for example, 90) is judged, and if so, the initial dependent program meets the preset requirement.
If the initial dependent program does not meet the preset requirements, repeating the step of generating the initial dependent program through the multi-objective genetic algorithm until the initial dependent program meets the preset requirements, and determining the initial dependent program as the objective dependent program.
The dependency program is evaluated through the diversity, the effectiveness and the simplicity, so that the quality of the dependency program can be effectively improved, and the accuracy of the fuzzy test is improved.
The program-dependent generating device includes a processor and a memory, and the first acquiring unit 201, the second acquiring unit 202, the first processing unit 203, and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be provided with one or more than one, and the dependent program can be accurately and quickly obtained by adjusting the kernel parameters.
The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip.
The embodiment of the invention provides a computer-readable storage medium on which a program is stored, which when executed by a processor implements a method of generating a dependent program.
The embodiment of the invention provides a processor, which is used for running a program, wherein the program runs a method for generating a dependent program.
As shown in fig. 3, an embodiment of the present invention provides an electronic device, where the device includes a processor, a memory, and a program stored in the memory and executable on the processor, and when the processor executes the program, the following steps are implemented: acquiring a target software development kit, and analyzing the target software development kit to obtain a plurality of composite functions corresponding to the target software development kit; in the process of operating the target software development kit, acquiring a dependency relationship among a plurality of compound functions and acquiring target data information corresponding to each compound function, wherein the target data information at least comprises: the method comprises the steps of corresponding thread numbers, input parameters, output parameters, parameter types, return values and nesting levels of each compound function, wherein the nesting levels are determined by calling relations among a plurality of compound functions; and processing the dependency relationship and the target data information through a multi-target genetic algorithm to generate a target dependency program corresponding to the target software development kit.
Optionally, obtaining the dependency relationship between the plurality of composite functions includes: in the process of running the target software development kit, tracking the input and output of each compound function to obtain the input parameter of each compound function and the output parameter of each compound function; and acquiring the dependency relationship among the plurality of composite functions according to the input parameters and the output parameters.
Optionally, obtaining the target data information corresponding to each composite function includes: in the running process of the target software development kit, tracking the input and output of each compound function to obtain a thread number, an input parameter, an output parameter, a parameter type, a return value and a calling relation corresponding to each compound function; determining a nesting level corresponding to each composite function according to the calling relation; and determining target data information according to the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to each composite function.
Optionally, determining the nesting level corresponding to each composite function according to the calling relationship includes: determining whether the first compound function is called by a second compound function according to the calling relation, wherein the first compound function is any compound function in the plurality of compound functions, and the second compound function is any compound function except the first compound function in the plurality of compound functions; if the first compound function is called by the second compound function, acquiring a nesting level of the second compound function, and determining the nesting level of the first compound function according to the nesting level of the second compound function and a preset value; if the first compound function is not called by the second compound function, determining the preset value as the nesting level of the first compound function.
Optionally, before the dependency relationship and the target data information are processed through the multi-target genetic algorithm to generate the target dependency program corresponding to the target software development kit, the method further includes: acquiring the execution sequence of a plurality of composite functions; and according to the execution sequence, sorting the dependency relationship and the target data information to obtain a function relationship list.
Optionally, after sorting the dependency relationship and the target data information according to the execution sequence to obtain the functional relationship list, the method further includes: recording the return address of each composite function in the running process of the target software development kit to obtain the return address information; analyzing the return address information through a static analysis tool and a dynamic taint analysis tool to determine whether the complex function triggers error information in the execution process; if the composite function triggers the error information in the execution process, the error information, whether to execute error processing and the condition for triggering the error information are recorded.
Optionally, the processing the dependency relationship and the target data information through the multi-target genetic algorithm, and generating the target dependency program corresponding to the target software development kit includes: and processing the function relation list, the error information, whether to execute error processing and the condition triggering the error information through a multi-target genetic algorithm, and generating a target dependent program corresponding to the target software development kit.
Optionally, generating the target dependent program corresponding to the target software development kit includes: generating an initial dependent program through a multi-target genetic algorithm; grading the diversity of the initial dependent program according to the composite function covered in the initial dependent program to obtain a first grade; scoring the effectiveness of the initial dependent program according to whether the initial dependent program accurately calls the composite function to obtain a second score; grading the simplicity of the initial dependent program according to the repeated calling of the composite function in the initial dependent program to obtain a third grade; judging whether the initial dependent program meets the preset requirement according to the first score, the second score and the third score; if the initial dependent program does not meet the preset requirements, repeating the step of generating the initial dependent program through the multi-objective genetic algorithm until the initial dependent program meets the preset requirements, and determining the initial dependent program as the objective dependent program.
The device herein may be a server, PC, PAD, cell phone, etc.
The present application also provides a computer program product adapted to perform, when executed on a data processing device, a program initialized with the method steps of: acquiring a target software development kit, and analyzing the target software development kit to obtain a plurality of composite functions corresponding to the target software development kit; in the process of operating the target software development kit, acquiring a dependency relationship among a plurality of compound functions and acquiring target data information corresponding to each compound function, wherein the target data information at least comprises: the method comprises the steps of corresponding thread numbers, input parameters, output parameters, parameter types, return values and nesting levels of each compound function, wherein the nesting levels are determined by calling relations among a plurality of compound functions; and processing the dependency relationship and the target data information through a multi-target genetic algorithm to generate a target dependency program corresponding to the target software development kit.
Optionally, obtaining the dependency relationship between the plurality of composite functions includes: in the process of running the target software development kit, tracking the input and output of each compound function to obtain the input parameter of each compound function and the output parameter of each compound function; and acquiring the dependency relationship among the plurality of composite functions according to the input parameters and the output parameters.
Optionally, obtaining the target data information corresponding to each composite function includes: in the running process of the target software development kit, tracking the input and output of each compound function to obtain a thread number, an input parameter, an output parameter, a parameter type, a return value and a calling relation corresponding to each compound function; determining a nesting level corresponding to each composite function according to the calling relation; and determining target data information according to the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to each composite function.
Optionally, determining the nesting level corresponding to each composite function according to the calling relationship includes: determining whether the first compound function is called by a second compound function according to the calling relation, wherein the first compound function is any compound function in the plurality of compound functions, and the second compound function is any compound function except the first compound function in the plurality of compound functions; if the first compound function is called by the second compound function, acquiring a nesting level of the second compound function, and determining the nesting level of the first compound function according to the nesting level of the second compound function and a preset value; if the first compound function is not called by the second compound function, determining the preset value as the nesting level of the first compound function.
Optionally, before the dependency relationship and the target data information are processed through the multi-target genetic algorithm to generate the target dependency program corresponding to the target software development kit, the method further includes: acquiring the execution sequence of a plurality of composite functions; and according to the execution sequence, sorting the dependency relationship and the target data information to obtain a function relationship list.
Optionally, after sorting the dependency relationship and the target data information according to the execution sequence to obtain the functional relationship list, the method further includes: recording the return address of each composite function in the running process of the target software development kit to obtain the return address information; analyzing the return address information through a static analysis tool and a dynamic taint analysis tool to determine whether the complex function triggers error information in the execution process; if the composite function triggers the error information in the execution process, the error information, whether to execute error processing and the condition for triggering the error information are recorded.
Optionally, the processing the dependency relationship and the target data information through the multi-target genetic algorithm, and generating the target dependency program corresponding to the target software development kit includes: and processing the function relation list, the error information, whether to execute error processing and the condition triggering the error information through a multi-target genetic algorithm, and generating a target dependent program corresponding to the target software development kit.
Optionally, generating the target dependent program corresponding to the target software development kit includes: generating an initial dependent program through a multi-target genetic algorithm; grading the diversity of the initial dependent program according to the composite function covered in the initial dependent program to obtain a first grade; scoring the effectiveness of the initial dependent program according to whether the initial dependent program accurately calls the composite function to obtain a second score; grading the simplicity of the initial dependent program according to the repeated calling of the composite function in the initial dependent program to obtain a third grade; judging whether the initial dependent program meets the preset requirement according to the first score, the second score and the third score; if the initial dependent program does not meet the preset requirements, repeating the step of generating the initial dependent program through the multi-objective genetic algorithm until the initial dependent program meets the preset requirements, and determining the initial dependent program as the objective dependent program.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.

Claims (10)

1. A method of generating a dependent program, comprising:
acquiring a target software development kit, and analyzing the target software development kit to obtain a plurality of composite functions corresponding to the target software development kit;
in the process of operating the target software development kit, acquiring the dependency relationship among the plurality of composite functions and acquiring target data information corresponding to each composite function, wherein the target data information at least comprises: the method comprises the steps of corresponding thread numbers, input parameters, output parameters, parameter types, return values and nesting levels of each compound function, wherein the nesting levels are determined by calling relations among the compound functions;
and processing the dependency relationship and the target data information through a multi-target genetic algorithm to generate a target dependency program corresponding to the target software development kit.
2. The method of claim 1, wherein obtaining the dependency relationship between the plurality of composite functions comprises:
in the running process of the target software development kit, tracking the input and output of each compound function to obtain the input parameter of each compound function and the output parameter of each compound function;
And acquiring the dependency relationship among the plurality of composite functions according to the input parameters and the output parameters.
3. The method of claim 1, wherein obtaining target data information for each composite function comprises:
in the running process of the target software development kit, tracking the input and output of each compound function to obtain a thread number, an input parameter, an output parameter, a parameter type, a return value and a calling relation corresponding to each compound function;
determining a nesting level corresponding to each composite function according to the calling relation;
and determining the target data information according to the thread number, the input parameter, the output parameter, the parameter type, the return value and the nesting level corresponding to each composite function.
4. A method according to claim 3, wherein determining a nesting level for each composite function in accordance with the calling relationship comprises:
determining whether a first compound function is called by a second compound function according to the calling relation, wherein the first compound function is any compound function in the plurality of compound functions, and the second compound function is any compound function except the first compound function in the plurality of compound functions;
If the first compound function is called by the second compound function, acquiring the nesting level of the second compound function, and determining the nesting level of the first compound function according to the nesting level of the second compound function and a preset numerical value;
and if the first compound function is not called by the second compound function, determining the preset numerical value as the nesting level of the first compound function.
5. The method of claim 1, wherein prior to processing the dependency relationship and the target data information by a multi-target genetic algorithm to generate a target dependency program corresponding to the target software development kit, the method further comprises:
acquiring the execution sequence of the plurality of composite functions;
and according to the execution sequence, sequencing the dependency relationship and the target data information to obtain a function relationship list.
6. The method of claim 5, wherein after ordering the dependency relationship and the target data information according to the execution order to obtain a list of functional relationships, the method further comprises:
recording the return address of each composite function in the running process of the target software development kit to obtain the return address information;
Analyzing the return address information through a static analysis tool and a dynamic taint analysis tool, and determining whether the complex function triggers error information in the execution process;
and if the composite function triggers error information in the execution process, recording the error information, whether error processing is executed or not and the condition for triggering the error information.
7. The method of claim 6, wherein processing the dependency and the target data information by a multi-target genetic algorithm to generate a target dependency program corresponding to the target software development kit comprises:
and processing the functional relation list, the error information, whether to execute error processing and the condition triggering the error information through the multi-objective genetic algorithm, and generating an objective dependent program corresponding to the objective software development kit.
8. The method of claim 1, wherein generating the target dependency program corresponding to the target software development kit comprises:
generating an initial dependent program through the multi-objective genetic algorithm;
grading the diversity of the initial dependent program according to the composite function covered in the initial dependent program to obtain a first grade;
Scoring the effectiveness of the initial dependent program according to whether the initial dependent program accurately calls a composite function, and obtaining a second score;
grading the simplicity of the initial dependent program according to the repeated calling of the composite function in the initial dependent program to obtain a third grade;
judging whether the initial dependent program meets preset requirements according to the first score, the second score and the third score;
and if the initial dependent program does not meet the preset requirement, repeating the step of generating the initial dependent program through the multi-objective genetic algorithm until the initial dependent program meets the preset requirement, and determining the initial dependent program as the objective dependent program.
9. A program-dependent generating apparatus, comprising:
the first acquisition unit is used for acquiring a target software development kit, and analyzing the target software development kit to obtain a plurality of composite functions corresponding to the target software development kit;
the second obtaining unit is configured to obtain a dependency relationship between the multiple composite functions and obtain target data information corresponding to each composite function in a running process of the target software development kit, where the target data information at least includes: the method comprises the steps of corresponding thread numbers, input parameters, output parameters, parameter types, return values and nesting levels of each compound function, wherein the nesting levels are determined by calling relations among the compound functions;
The first processing unit is used for processing the dependency relationship and the target data information through a multi-target genetic algorithm and generating a target dependency program corresponding to the target software development kit.
10. An electronic device comprising one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of generating a dependent program of any of claims 1-8.
CN202311308167.XA 2023-10-10 2023-10-10 Method and device for generating dependent program, storage medium and electronic equipment Pending CN117290240A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311308167.XA CN117290240A (en) 2023-10-10 2023-10-10 Method and device for generating dependent program, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311308167.XA CN117290240A (en) 2023-10-10 2023-10-10 Method and device for generating dependent program, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN117290240A true CN117290240A (en) 2023-12-26

Family

ID=89251592

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311308167.XA Pending CN117290240A (en) 2023-10-10 2023-10-10 Method and device for generating dependent program, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN117290240A (en)

Similar Documents

Publication Publication Date Title
US10394694B2 (en) Unexplored branch search in hybrid fuzz testing of software binaries
US10678673B2 (en) Software program fault localization
Kwon et al. Mantis: Automatic performance prediction for smartphone applications
US10296447B2 (en) Automated software program repair
CN106919370B (en) Method and device for acquiring object attribute value
US9081892B2 (en) Software verification
US10761961B2 (en) Identification of software program fault locations
CN110334012B (en) Risk assessment method and device
EP3612941A1 (en) Identifying flaky tests
CN114924748A (en) Compiling method, device and equipment
CN111400164A (en) Software testing method and device
CN117290240A (en) Method and device for generating dependent program, storage medium and electronic equipment
CN114490413A (en) Test data preparation method and device, storage medium and electronic equipment
CN115033434A (en) Kernel performance theoretical value calculation method and device and storage medium
CN114840418A (en) Fuzzy test method and device
CN111475167A (en) Shell script dependency relationship extraction method based on HQ L statement
CN111352852A (en) Regression test case selection method and device
Gattal et al. Exploiting the progress of OO refactoring tools with Android code smells: RAndroid, a plugin for Android studio
CN111062816B (en) Account asset supervision method and device
CN116048978B (en) Software service performance self-adaptive test method, system, terminal and medium
WO2018215651A1 (en) A big data processing method, device, and system, and a machine readable medium
CN116401155A (en) Java code file processing method and device and electronic equipment
CN107291613B (en) Functional node abnormity simulation method and device
CN116089191A (en) Interface testing method and device, processor and electronic equipment
CN118051254A (en) Plug-in version detection method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination