基于蜕变关系的整数溢出故障测试方法研究

Lack of test requirements and test oracle are the core problems in integer overflow defect testing. This research adopts a guide line that combines test requirement model based on integer overflow with criteria of testing based on metamorphic relations, introducing metamorphic testing to software security testing. On the basis of one-dimensional defect classification model in our early researches, we take advantage of the strong pertinence of integer overflow defect testing based on defects to construct multi-dimensional defect classification model’s original test requirements. By combining with the software security defect model, we study the measuring and classification of security defect metamorphic relations and also build defect metamorphic relations and criteria of integer overflow defect testing based on metamorphic relations. At last, we construct original test cases from random testing and special value testing and analyze whether these two kinds of test cases are effective under the defect criteria of metamorphic testing. What’s more, we discuss the application conditions of their generation technology and collect corresponding test adequate criteria to verify the efficiency of integer overflow defect testing. At last, this research provides a preliminary solution to the problem of lack of test requirements and test oracle, thus offering an effective way for pivotal integer overflow defect testing.

整数溢出故障的测试存在着测试需求和测试预言难以获取的核心问题。本课题拟采用基于整数溢出故障提取测试需求模型和基于蜕变关系获取测试预言相结合的技术路线，将蜕变测试技术引入整数溢出故障的测试中。利用基于故障的安全性测试技术针对性强的特点，在我们前期研究的故障分类模型的基础上，建立整数溢出故障模型，并基于此设计初始蜕变关系；然后，结合整数溢出故障模型及其相应的初始蜕变关系，构建适用于测试整数溢出故障的复合蜕变关系，建立整数溢出故障蜕变关系分层构造方法；最后，实验分析随机值测试用例和特殊值测试用例在蜕变关测试准则下的有效性，确定两种原始测试用例生成技术的适用条件，建立基于蜕变关系的整数溢出故障测试用例生成算法和测试覆盖准则。课题的研究，可初步解决整数溢出故障测试过程中的“测试需求和测试预言难以获取”问题，为关键软件系统的整数溢出故障测试提供一种有效的方法。

整数溢出故障是信息系统中普遍存在的一种安全性故障，并且根据多个权威统计显示，也是近几年安全攻击利用率较高的典型安全缺陷。对于以军用软件为代表的关键领域软件，如何有效的检测该类故障至关重要。而在整数溢出故障动态测试面临的最大难题就是测试结果的判定难题，即对于软件运行结果的正确性如何判定。这在软件测试中称为测试预言难题。静态测试则受限于误报率问题。本课题将蜕变测试技术引入整数溢出故障的测试中，采用静态分析与动态测试相结合的技术路线，利用基于故障的安全性测试技术针对性强的特点，在我们前期研究的故障分类模型的基础上，建立整数溢出故障模型，并基于此设计初始蜕变关系；然后，结合整数溢出故障模型及其相应的初始蜕变关系；最后，实验分析随机值测试用例和特殊值测试用例在蜕变关测试准则下的有效性，确定两种原始测试用例生成技术的适用条件，建立基于蜕变关系的整数溢出故障测试用例生成算法。课题的研究，可初步解决整数溢出故障测试过程中的“测试需求和测试预言难以获取”问题，为关键软件系统的整数溢出故障测试提供一种有效的方法。