基于缺陷模式的软件测试技术研究
|
摘要
随着信息技术的发展,软件的规模不断扩大,如何保证和提高软件质量成为软件界最为关心的问题之一。由于软件危机的频频出现,使得软件测试的地位得到了前所未有的提高。
基于缺陷模式的软件测试是近些年发展起来的一种程序源代码静态分析技术,主要用于自动或者半自动的软件缺陷检测及预防,此类缺陷检测工具由于效率高和使用简单等特点在高可信软件测试中得到了广泛应用。所谓的缺陷模式,是指程序中经常发生的错误或缺陷所呈现出的特定规律。缺陷模式通常由具有领域程序设计经验的人或者测试人员总结出来。基于缺陷模式的软件测试作为传统软件测试的一种有力补充技术,其主要的优势在于:1)针对性强,不会有像白盒测试和黑盒测试那样的不确定性;2)可以检测出一些“小概率”的缺陷,例如存储器泄漏缺陷、空指针引用缺陷等。
本文在国家“863”计划“软件的故障模型与面向故障的软件测试系统”及“863”重点项目“支持软件可信性分析和评估的生产线”的支持下,以缺陷模式检测中所涉及到的若干静态分析技术为研究核心,着重讨论了缺陷模式的分类及缺陷检测模型、程序变量值范围分析方法以及基于数据流的路径敏感检测方法。论文的主要工作包括以下内容:
(1)本文以缺陷产生后果的严重性高低为评判标准,从程序的源代码形式着眼,将软件的缺陷模式分为四大类:故障模式、安全漏洞模式、疑问代码模式及规则模式。提出了一种缺陷模式检测的统一模型,其中提高精度和自动测试是其中的核心部分。该测试模型中,缺陷模式数据库与缺陷模式检测相分离,缺陷模式统一描述,具有可定制和可配置的优点;各缺陷模式状态机独立存在,可以并行高效分析多种缺陷模式。
(2)本文基于抽象解释理论框架,扩展了经典的区间抽象,提出了一种扩展区间的方法来表示变量的值范围信息。针对不同的变量类型,首次提出了数值型变量的区间集表示和基本运算方法,定义了布尔型区间代数和引用型区间代数;定义了条件表达式中区间消减运算和逻辑运算;首次提出了变量取值的可能集和必然集及其在不同表达式中的计算方法。在此基础之上,提出了一个统一的过程内和过程间值范围分析算法,使用函数摘要来计算过程调用对程序上下文状态的影响。该算法可以直接检测出程序中的大部分矛盾语句节点及不可达路径;基于此的缺陷检测工具在实际测试中能较好地减少误报,提高检测效率。
(3)本文提出了一种基于数据流的路径敏感检测方法来检测软件中的缺陷模式,该方法以扩展区间表示的值范围作为属性状态条件,通过在控制流汇合节点上对相同属性状态的属性状态条件进行合并来降低计算复杂度,其时间复杂度为多项式级。通过对大型Java、C/C++开源项目的测试结果分析,表明该方法的误报率比较低。
基于上述关键技术的实现,本文最后介绍了实用化的软件缺陷检测工具DTS,说明了系统接口设计和系统主要功能,通过与常见缺陷检测工具的实验对比,DTS有较好的测试结果。
With the development of information technology, the scale of software extends continuously, and how to guarantee and raise software quality becomes the main point in the software field. The frequent software crises enhance the position of software testing unprecedentedly.
Software testing based on defect pattern is a new kind of source code static analysis technology, and it is mainly used in automatic and semi-automatic defect testing and precaution. For their high performance and easy use, such tools are widely applied in highly dependable software fields. The defect pattern is defined as often occurrences of program errors or defects, and defect patterns are usually summarized by experienced program designers and testers. As the beneficial supplement of traditional software testing, the main advantages of this technology are:(1) unlike the uncertainty of white box and black box testing, it is very pertinent to program defects; (2) it can detect defects that happen in lower probability such as memory leak and null pointer dereference.
Supported by the National High-tech Research and Development Program ("863" Program) "Software fault models and the fault oriented software testing system" and "The product line supporting software dependability analysis and evaluation", this paper focuses on several static analysis technologies involved in defect pattern checking. It mainly discusses the classification of defect patterns and the general detecting model, variable range analysis methods and path sensitive analysis method based on data flow analysis. The main contributions are as follows:
(1) Based on the graveness which defects may result in, software defects are divided into four classes:fault patterns, security vulnerability patterns, suspicious code patterns and program rule patterns. A general defect pattern checking model is proposed, in which accuracy enhancement and automatic testing are the kernel parts. In this model, defect pattern database and defect detecting are separate, and defect patterns are described unifiedly, so they can be customized and configured flexibly. Defect pattern state machines are independent, so the model can check many defect patterns concurrently.
(2) Based on abstract interpretation theory, this paper extends classical interval abstraction, and extended intervals are used to describe variable range. The concept of numeric interval-set is proposed for the first time, and fundamental operations on interval-sets are defined. Boolean interval algebra and Reference interval algebra are also proposed. For range analysis in conditional expressions, split operation and logic operation are defined. Furthermore, to improve computing efficiency, the possible-value-set and necessary-value-set are put forward to compute variable range in conditional expressions.Then, a general algorithm for intra-procedural and inter-procedural range analysis is given. The algorithm can detect a great number of paradoxical statement nodes and infeasible paths in program, and defect detecting tool based on it can improve testing efficiency.
(3) A new path sensitive analysis method is given, in which the property state condition is described by extended interval. It emerges property state conditions of the same property state at join points in CFG to depress computing complexity, and it runs in polynomial time and space. Experiments show that this method has lower false positive rate.
Based on the above contributions, a practical software defect detecting tool-DTS (Defect Testing System) is introduced, and its interface design and system functions are given. Compared with several popular defect testing tools, DTS has satisfied testing results.
基于缺陷模式的软件测试是近些年发展起来的一种程序源代码静态分析技术,主要用于自动或者半自动的软件缺陷检测及预防,此类缺陷检测工具由于效率高和使用简单等特点在高可信软件测试中得到了广泛应用。所谓的缺陷模式,是指程序中经常发生的错误或缺陷所呈现出的特定规律。缺陷模式通常由具有领域程序设计经验的人或者测试人员总结出来。基于缺陷模式的软件测试作为传统软件测试的一种有力补充技术,其主要的优势在于:1)针对性强,不会有像白盒测试和黑盒测试那样的不确定性;2)可以检测出一些“小概率”的缺陷,例如存储器泄漏缺陷、空指针引用缺陷等。
本文在国家“863”计划“软件的故障模型与面向故障的软件测试系统”及“863”重点项目“支持软件可信性分析和评估的生产线”的支持下,以缺陷模式检测中所涉及到的若干静态分析技术为研究核心,着重讨论了缺陷模式的分类及缺陷检测模型、程序变量值范围分析方法以及基于数据流的路径敏感检测方法。论文的主要工作包括以下内容:
(1)本文以缺陷产生后果的严重性高低为评判标准,从程序的源代码形式着眼,将软件的缺陷模式分为四大类:故障模式、安全漏洞模式、疑问代码模式及规则模式。提出了一种缺陷模式检测的统一模型,其中提高精度和自动测试是其中的核心部分。该测试模型中,缺陷模式数据库与缺陷模式检测相分离,缺陷模式统一描述,具有可定制和可配置的优点;各缺陷模式状态机独立存在,可以并行高效分析多种缺陷模式。
(2)本文基于抽象解释理论框架,扩展了经典的区间抽象,提出了一种扩展区间的方法来表示变量的值范围信息。针对不同的变量类型,首次提出了数值型变量的区间集表示和基本运算方法,定义了布尔型区间代数和引用型区间代数;定义了条件表达式中区间消减运算和逻辑运算;首次提出了变量取值的可能集和必然集及其在不同表达式中的计算方法。在此基础之上,提出了一个统一的过程内和过程间值范围分析算法,使用函数摘要来计算过程调用对程序上下文状态的影响。该算法可以直接检测出程序中的大部分矛盾语句节点及不可达路径;基于此的缺陷检测工具在实际测试中能较好地减少误报,提高检测效率。
(3)本文提出了一种基于数据流的路径敏感检测方法来检测软件中的缺陷模式,该方法以扩展区间表示的值范围作为属性状态条件,通过在控制流汇合节点上对相同属性状态的属性状态条件进行合并来降低计算复杂度,其时间复杂度为多项式级。通过对大型Java、C/C++开源项目的测试结果分析,表明该方法的误报率比较低。
基于上述关键技术的实现,本文最后介绍了实用化的软件缺陷检测工具DTS,说明了系统接口设计和系统主要功能,通过与常见缺陷检测工具的实验对比,DTS有较好的测试结果。
With the development of information technology, the scale of software extends continuously, and how to guarantee and raise software quality becomes the main point in the software field. The frequent software crises enhance the position of software testing unprecedentedly.
Software testing based on defect pattern is a new kind of source code static analysis technology, and it is mainly used in automatic and semi-automatic defect testing and precaution. For their high performance and easy use, such tools are widely applied in highly dependable software fields. The defect pattern is defined as often occurrences of program errors or defects, and defect patterns are usually summarized by experienced program designers and testers. As the beneficial supplement of traditional software testing, the main advantages of this technology are:(1) unlike the uncertainty of white box and black box testing, it is very pertinent to program defects; (2) it can detect defects that happen in lower probability such as memory leak and null pointer dereference.
Supported by the National High-tech Research and Development Program ("863" Program) "Software fault models and the fault oriented software testing system" and "The product line supporting software dependability analysis and evaluation", this paper focuses on several static analysis technologies involved in defect pattern checking. It mainly discusses the classification of defect patterns and the general detecting model, variable range analysis methods and path sensitive analysis method based on data flow analysis. The main contributions are as follows:
(1) Based on the graveness which defects may result in, software defects are divided into four classes:fault patterns, security vulnerability patterns, suspicious code patterns and program rule patterns. A general defect pattern checking model is proposed, in which accuracy enhancement and automatic testing are the kernel parts. In this model, defect pattern database and defect detecting are separate, and defect patterns are described unifiedly, so they can be customized and configured flexibly. Defect pattern state machines are independent, so the model can check many defect patterns concurrently.
(2) Based on abstract interpretation theory, this paper extends classical interval abstraction, and extended intervals are used to describe variable range. The concept of numeric interval-set is proposed for the first time, and fundamental operations on interval-sets are defined. Boolean interval algebra and Reference interval algebra are also proposed. For range analysis in conditional expressions, split operation and logic operation are defined. Furthermore, to improve computing efficiency, the possible-value-set and necessary-value-set are put forward to compute variable range in conditional expressions.Then, a general algorithm for intra-procedural and inter-procedural range analysis is given. The algorithm can detect a great number of paradoxical statement nodes and infeasible paths in program, and defect detecting tool based on it can improve testing efficiency.
(3) A new path sensitive analysis method is given, in which the property state condition is described by extended interval. It emerges property state conditions of the same property state at join points in CFG to depress computing complexity, and it runs in polynomial time and space. Experiments show that this method has lower false positive rate.
Based on the above contributions, a practical software defect detecting tool-DTS (Defect Testing System) is introduced, and its interface design and system functions are given. Compared with several popular defect testing tools, DTS has satisfied testing results.
引文
[1]郑人杰.计算机软件测试技术.北京:清华大学出版社,1992
[2]古乐,史九林.软件测试技术概论.北京:清华大学出版社,2004
[3]Quinlan Daniel J, Vuduc Richard W, Misherghi Ghassan.Techniques for specifying bug patterns. In Proceedings of the 2007 ACM workshop on Parallel and distributed systems: testing and debugging, London,2007:27-35
[4]宫云战.一种面向故障的软件测试新方法[J].装甲兵工程学院学报,2004(1):21-25
[5]宫云战.软件测试的故障模型[J].装甲兵工程学院学报,2004:18(2):1-5
[6]Cousot P. Abstract interpretation based formal methods and future challenges, invited paper. In R. Wilhelm, editor, Informatics-10Years Back,10 Years Ahead, Volumn 2000 of LNCS, Springer-Verlag,2000:138-156
[7]杨宇,张健.程序静态分析技术与工具[J].计算机科学,2004,31(02):171-174
[8]http://pmd.sourceforge.net/
[9]http://findbugs.sourceforge.net/
[10]http://www.coverity.com/
[11]http://www.klocwork.com/
[12]King J C. Symbolic execution and testing. Comm. of the ACM,1976,19:385-394
[13]Nelson G. Oppen D. Simplification by cooperating decision procedures. ACM TOPLAS,1979,1(2):245-257
[14]Cousot P, Cousot R. Abstract Interpretation:A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In:Conf. Record of the Fourth ACM Symposium on Principles of Programming Languages,1977:238-252
[15]Dwyer Matthew B, Hatcliff John, Robby, et al.Formal Software Analysis Emerging Trends in Software Model Checking. In Proceedings of International Conference on Software Engineering,2007:120-136
[16]Hallem S, Chelf B, Xie Y, et al. A system and language for building system-specific, static analyses. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation,2002:69-82
[17]http://www.gramatech.com/
[18]http://www.reasoning.com/
[19]张威.软件动态内存故障模型及自动测试方法研究[博士学位论文],北京:装甲兵工程学院,2006
[20]方艳.Java软件分析与测试工具的研究与开发[硕士学位论文],北京:北京航空航天大学,2001
[21]樊平.新型多用途C++静态分析器的研究与开发[硕士学位论文],北京:北京航空航天大学,2004
[22]吴蓉.Java软件分析与测试工具的设计与实现[硕士学位论文],北京:北京航空航天大学,2000
[23]蔡志旻.软件静态分析的研究与实现[硕士学位论文],南京:南京大学,2002
[24]陈平.Java程序静态分析与重构工具的研究与实现[硕士学位论文],北京:北京科技大学,2006
[1]贺平.软件测试技术[M].北京:机械工业出版社.2004
[2]宫云战.软件测试[M].北京:国防工业出版社,2006
[3]郑人杰,殷人昆,陶永雷.实用软件工程[M].2版.北京:清华大学出版社,1997
[4]赵瑞莲.软件测试方法研究[博士学位论文],北京:中国科学院研究生院,2001
[5]宫云战.软件测试教程[M].北京:机械工业出版社,2008
[6]R Hastings, B Joyce. Purify:Fast detection of memory leaks and access errors. In Proceedings of the Winter USENIX Conference,1992:125-136
[7]S Savage, M Burrows, G Nelson, et al. Eraser:A dynamic data race detector for multithreaded programming. ACM Trans. Comput. Syst.1997,15(4):391-411
[8]Dwyer Matthew B, Hatcliff John, Robby, et al.Formal Software Analysis Emerging Trends in Software Model Checking. In Proceedings of International Conference on Software Engineering,2007:120-136
[9]Cousot P, Cousot R. Abstract interpretation:A unified model for static analysis of programs by construction or approximation of fixpoints [C]. In Proceedingsof the 4th ACM Symposium on Principles of Programming Languages. New York:ACM Press, 1977:238-252
[10]王雅文,宫云战,杨朝红.软件测试工具综述[J],北京化工大学学报,2007,34(S1)P1-5
[11]http://www.mercury.com/cn/products/quality-center/testdirector
[12]李理,刘军.软件测试工具的选择和使用[J].警察技术,2006,4:41-44
[13]Brian Chess, Jacob West.Secure programming with static analysis [M]. Boston MA: Addison-Wesley Professional,2007
[14]Binkley David. Source Code Analysis:A Road Map. In Proceedings of International Conference on Software Engineering,2007:104-119
[15]Alfred V Aho, Ravi Sethi, Jeffrey D. Ullman. Compilers:Principles [M], Techniques, and Tools. Pearson Education,2003
[16]PChris Clark. Uniform abstract syntax trees[J]. ACM SIGPLAN Notices, 2000,35(2):11-16
[17]Welty C A. Augmenting abstract syntax trees for program understanding. In Proceedings of the 12th international conference on Automated software engineering,1997:126-133
[18]廖兴,尹俊文,蔡放.基于Java语言的抽象语法树的创建与遍历[J].长沙大学学报,2004,18(4):5-53
[19]Atkinson Darren C. Accurate Call Graph Extraction of Programs with Function Pointers Using Type Signatures. In Proceedings of the 11th Asia-Pacific Software Engineering Conference,2004:326-335
[20]Steven S Muchnick. Advanced Compiler Design and Implementation [M]. Elsevier Science,2003
[21]郑人杰.计算机软件测试技术.北京:清华大学出版社,1992
[22]Weiser M. Program slices:formal, psychological and practical investigations of an automatic program abstraction method[Dissertation]. Michigan:University of Michigan, 1979
[23]孙继荣,李志蜀,王莉等.程序切片技术在软件测试中的应用[J].计算机应用研究,2007,24(5):210-213
[24]张龙杰,谢晓方,袁胜智.一种改进的静态程序切片算法[J].计算机应用,2009,29(3):705-707
[25]Cousot P, Cousot R. Abstract Interpretation:A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In:Conf. Record of the Fourth ACM Symposium on Principles of Programming Languages,1977:238-252
[26]李梦君,李舟军,陈火旺.基于抽象解释理论的程序验证技术[J].软件学报,2008,19(1):17-26
[27]Cousot Patrick. Abstract Interpretation[J]. ACM Computing Surveys,1996,28(2):324-328
[28]Cousot Patrick, Cousot Radhia. Abstract interpretation based program testing. In Proceedings of SSGRR 2000 Computer & eBusiness Conference,2000:1-10
[29]Xie Y, Aiken A. Scalable error detection using boolean satisfiability. In Symposium on Principles of Programming Languages (POPL),2005,351-363
[30]Xie Y, Aiken A. Saturn:A scalable framework for error detection using boolean satisfiability. ACM Transactions on Programming Languages and Systems,Volume 29, Issue 3,2007:1-43
[31]Hallem S, Chelf B, Xie Y, et al. A system and language for building system-specific, static analyses. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation,2002:69-82
[32]http://pmd.sourceforge.net/rules/index.html
[33]http://findbugs.sourceforge.net/bugDescriptions.html
[34]http://www.klocwork.com/resources/whitepapers.asp
[35]Rustan K, Leino M, Nelson G, et al. Saxe.Esc/Java user's manual. Technical note 2000-002,Compaq Systems Research Center, October 2001
[36]Detlefs D L. An overview of the extended static checking system. In Proceedings of the First Workshop on Formal Methods in Software Practice, January 1996:1-9
[37]Evans D, Guttag J, Horning J, et al. Lclint:A tool for using specifications to check code. In Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering, December 1994:87-96
[38]Foster J S, Terauchi T, Aiken Alex. Flow-sensitive type qualifiers. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, June 2002:1-12
[1]宫云战.一种面向故障的软件测试新方法[J].装甲兵工程学院学报,2004(1):21-25
[2]宫云战.软件测试的故障模型[J].装甲兵工程学院学报,2004:18(2):1-5
[3]Rutar N, Almazan C, Foster J. S. A comparison of bug finding tools for Java. In Proceedings of the 15th IEEE International Symposium on Software Reliability Engineering, Saint-Malo, France,2004:269-270
[4]宫云战.软件测试[M].北京:国防工业出版社,2006
[5]McGraw, Gary. Software Security:Building Security[M]. Boston, MA:Addison-Wesley, 2006
[6]肖庆,杨朝红,毕学军.一种基于故障模式状态机的测试方法[J].北京化工大学学报(自然科学版),2007,34(S1):73-76
[7]廖兴,尹俊文,蔡放.基于Java语言的抽象语法树的创建与遍历[J].长沙大学学报,2004,18(4):5-53
[8]Alfred V Aho, Ravi Sethi, Jeffrey D. Ullman. Compilers:Principles [M], Techniques, and Tools. Pearson Education,2003
[9]PChris Clark. Uniform abstract syntax trees[J]. ACM SIGPLAN Notices, 2000,35(2):11-16
[10]Welty C A. Augmenting abstract syntax trees for program understanding. In Proceedings of the 12th international conference on Automated software engineering,1997:126-133
[11]王雅文,宫云战,肖庆等.扩展区间运算的变量值范围分析技术[J],北京邮电大学学报,2009,32(3):36-41
[12]Wang Yawen, Gong Yunzhan, Chen Junliang, et al. An application of interval analysis in software static analysis, in Proceedingsof The 5th International Conference on Embedded and Ubiquitous Computing, Shanghai,China,2008.12:367-372
[13]Jin Dahai, Gong Yunzhan, Xiao Qing, et al. A Method of Improving Precision in Software Testing Based on Defect Patterns, in Proceedingsof the 2009 International Conference on Industrial and Information Systems, Haikou, China,2009.04,285-288
[14]张威.软件动态内存故障模型及自动测试方法研究[博士学位论文],北京:装甲兵工程学院,2006
[15]Hovemeyer D, Pugh H. Finding more null pointer bugs, but not too many. In Proceedings of the 7th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering. New York:ACM Press,2007:9-14
[1]姬孟洛,王怀民,李梦君等.一种基于抽象解释和通用单调数据流框架的值范围分析方法[J].计算机研究与发展,2006,43(11):2020-2026
[2]Nielson F, H R Nielson, C Hankin. Principles of Program Analysis[M]. Berlin: Springer-Verlag,1999
[3]Cousot P, Cousot R. Abstract Interpretation:A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In:Conf. Record of the Fourth ACM Symposium on Principles of Programming Languages,1977:238-252
[4]姬孟洛,李军,王馨.一种基于抽象解释的WCET自动分析工具[J].计算机工程.2006,132(14):54-56
[5]Cousot P, Cousot R. Static Determination of dynamic properties of programs. In Proceedingsof the 2nd International Symposium on Programming. Dunod, Paris,1976: 106-130
[6]Cousot P. Abstract interpretation based formal methods and future challenges, invited paper. In R. Wilhelm, editor, Informatics-10Years Back,10 Years Ahead, Volumn 2000 of LNCS, Springer-Verlag,2000:138-156
[7]Cousot Patrick, Cousot Radhia. Abstract interpretation based program testing. In Proceedings of SSGRR 2000 Computer & eBusiness Conference,2000:1-10
[8]Cousot P, Halbwachs N. Automatic discovery of linear restraints among variables of a program. In Proceedingsof the 5th POPL. Arizona:ACM Press,1978.84-97
[9]Mine A. The octagon abstract domain. Higher-Order and Symbolic Computation, 2006,19(1):31-100
[10]Alefeld G, Herzberger J. Introduction to interval computations[M]. Trans. Jon Rockne. New York:Academic Press,1983
[11]Hansen E. Topics in interval analysis[M]. Ox-ford:[s.n.],1969
[12]Harrison W H,Compiler Analysis of the Value Ranges for variables, IEEE Transaction on Software Engineering[J],1977,5:243-250
[13]王言志,刘椿年.区间算术在软件测试中的应用[J].软件学报,1998,9(6):438-443
[14]李福川,宋晓秋.软件测试中的新方法—区间代数方法[J].计算机工程与设计,2005(10):2576-2578
[15]Ghodrat M A, Givargis T, Nicolau A:Expression equivalence checking using interval analysis[J]. IEEE Trans. VLSI Syst.2006,14(8):830-842
[16]高传平,谈利群,宫云战等.基于整型区间集的数组越界静态自动测试方法研究[J].小型微型计算机系统,2006,27(12):2222-2227
[17]王德人,张连生,邓乃扬.非线性方程的区间算法[M].上海:上海科学技术出版社,1987
[18]李福川.区间代数理论扩展及其在软件测试中的应用[硕士学位论文],北京:中国航天第二研究院,2004
[19]Hallem S, Chelf B, Xie Y, et al. A system and language for building system-specific, static analyses. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation,2002:69-82
[20]Binkley David. Source Code Analysis:A Road Map. In Proceedings of International Conference on Software Engineering,2007:104-119
[21]W Blume, R Eigenmann. Symbolic range propagation. In Proceedingsof the 9th International Parallel Processing Symposium. Santa Barbara, CA, IEEE Computer Society Press,1995:357-363
[1]Wang Yawen, Gong Yunzhan, Chen Junliang, et al. An application of interval analysis in software static analysis, in Proceedingsof The 5th International Conference on Embedded and Ubiquitous Computing, Shanghai,China,2008.12:367-372
[2]王雅文,宫云战,肖庆,杨朝红.扩展区间运算的变量值范围分析技术[J],北京邮电大学学报,2009,32(3):36-41.
[3]Cousot Patrick, Cousot Radhia. Abstract interpretation based program testing. In Proceedings of SSGRR 2000 Computer & eBusiness Conference,2000:1-10
[4]Cousot P, Cousot R. Static Determination of dynamic properties of programs. In Proceedingsof the 2nd International Symposium on Programming. Dunod, Paris,1976: 106-130
[5]Cousot P, Cousot R. Abstract Interpretation:A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In:Conf. Record of the Fourth ACM Symposium on Principles of Programming Languages,1977:238-252
[6]Brian Chess, Jacob West.Secure programming with static analysis [M]. Boston MA: Addison-Wesley Professional,2007
[7]http://sourceforge.net/
[8]http://www.areca-backup.org/
[9]http://www.atunes.org/
[10]http://azureus.sourceforge.net/
[11]http://www.abcseo.com/cobra/
[12]http://www.freecol.org/
[13]http://freemind.sourceforge.net/
[14]http://jstock.sourceforge.net/
[15]http://megamek.sourceforge.net/
[16]http://robocode.sourceforge.net/
[17]http://www.sweethome3d.eu/
[18]陈蕊.程序中不可达路径的识别及其在结构侧试中的应用[硕士学位论文],北京:中国科学院研究生院,2006
[19]http://www.rjzl.gov.cn/news.asp?id=2504
[1]Ball T, Rajamani S. Automatically validating temporal safety properties of interfaces. Proceedings of 8th International SPIN Workshop of Model Checking of Software,2001:103-122
[2]Engler D Chelf, B Chou A, Hallem S. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation, San Diego,2000:1-16
[3]Das M, Lerner S, Seigle M. ESP:Path-Sensitive program verification in polynomial time. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (Berlin, Germany). ACM Press, New York,2002:57-68
[4]Alfred V Aho, Ravi Sethi, Jeffrey D. Ullman. Compilers:Principles [M], Techniques, and Tools. Pearson Education,2003
[5]Das M, Lerner S, Seigle M. ESP:Path-Sensitive Program Verification in Polynomial Time. Technical Report MSR-TR-2002-41, Microsoft Corporation,2002
[6]http://cmusphinx.org/
[7]http://optipng.sourceforge.net/
[8]http://amsn.sourceforge.net
[9]http://packages.debian.org/zh-cn/lenny/libprojectm2
[10]http://www.pudn.com/detail.asp?id=432451
[11]http://www.avisynth.org
[12]http://reactivision.sourceforge.net/
[13]http://en.pudn.com/detail.asp?id=366752
[14]http://openmediaplaya.sourceforge.net
[15]http://www.iometer.org/
[16]Ammons G, Larus J. Improving data-flow analysis with path profiles. Proceedings of the ACM SIGPLAN 98 Conference on Programming Language Design and Implementation,1998:72-78
[17]Holley L, Rosen B. Qualified Data Flow Problems. Conference Record of the Seventh ACM Symposium on Principles of Programming Languages,1980:68-82
[18]Bodik R, Gupta R, Soffa M. Refining data flow information using infeasible paths. Software Engineering Notes ESEC/FSE'97,1997:361-77
[19]Tu P, Padua D. Gated SSA-based demand-driven symbolic analysis for parallelizing compilers. Proceedings of the 1995 ACM International Conference on Supercomputing,414-423,1995
[20]http://www.cse.ucsd.edu/classes/fa03/cse231/lec10seq.pdf
[1]杨朝红,宫云战,肖庆等.基于软件缺陷模型的测试系统[J],北京邮电大学学报,2008,31(5):1-4
[2]Yang Zhaohong, Gong Yunzhan, et al. DTS-A Software Defects Testing System, in Proceedings of The 8th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2008, Beijing, China,2008.08:269-270
[3]http://www.rjzl.gov.cn/news.asp?id=2504
[4]廖兴,尹俊文,蔡放.基于Java语言的抽象语法树的创建与遍历[J].长沙大学学报,2004,18(4):5-53
[5]https://javacc.dev.java.net/
[6]http://www.graphviz.org/Gallery.php
[7]Hallem S, Chelf B, Xie Y, et al. A system and language for building system-specific, static analyses. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation,2002:69-82
[8]Rutar N, Almazan C, Foster J S. A comparison of bug finding tools for Java. In Proceedings of the 15th IEEE International Symposium on Software Reliability Engineering, Saint-Malo, France,2004:269-270
[9]Hovemeyer D, Pugh H. Finding more null pointer bugs, but not too many. In Proceedings of the 7th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering. New York:ACM Press,2007:9-14
[10]http://www.klocwork.com/freetrial/
[1]http://findbugs.sourceforge.net/bugDescriptions.html
[2]http://pmd.sourceforge.net/rules/index.html
[3]http://www.klocwork.com/resources/whitepapers.asp
[4]Simon Axel.Value-Range Analysis of C Programs:Towards Proving the Absence of Buffer Overflow Vulnerabilities [M]. New York:Springer-Verlag,2008
[5]Rugina R, Rinard M C. Symbolic bounds analysis of pointers, array indices, and accessed memory regions [J]. ACM Transactions on Programming Languages and Systems (TOPLAS),2005,25(2):185-235
[6]赵瑞莲.基于搜索的面向路径字符串测试数据自动生成方法[J].计算机辅助设计与图形学学报,2008,5:671-677
[7]Engelen Robert A. van, Birch J, Shou Y, et al. A unified framework for nonlinear dependence testing and symbolic analysis. In Proceedings of the 18th annual international conference on Supercomputing,2004:106-115
[8]Steven S Muchnick. Advanced Compiler Design and Implementation [M]. Elsevier Science,2003
[9]Cousot P. Abstract interpretation based formal methods and future challenges, invited paper. In R. Wilhelm, editor, Informatics-10Years Back,10 Years Ahead, Volumn 2000 of LNCS, Springer-Verlag,2000:138-156
[2]古乐,史九林.软件测试技术概论.北京:清华大学出版社,2004
[3]Quinlan Daniel J, Vuduc Richard W, Misherghi Ghassan.Techniques for specifying bug patterns. In Proceedings of the 2007 ACM workshop on Parallel and distributed systems: testing and debugging, London,2007:27-35
[4]宫云战.一种面向故障的软件测试新方法[J].装甲兵工程学院学报,2004(1):21-25
[5]宫云战.软件测试的故障模型[J].装甲兵工程学院学报,2004:18(2):1-5
[6]Cousot P. Abstract interpretation based formal methods and future challenges, invited paper. In R. Wilhelm, editor, Informatics-10Years Back,10 Years Ahead, Volumn 2000 of LNCS, Springer-Verlag,2000:138-156
[7]杨宇,张健.程序静态分析技术与工具[J].计算机科学,2004,31(02):171-174
[8]http://pmd.sourceforge.net/
[9]http://findbugs.sourceforge.net/
[10]http://www.coverity.com/
[11]http://www.klocwork.com/
[12]King J C. Symbolic execution and testing. Comm. of the ACM,1976,19:385-394
[13]Nelson G. Oppen D. Simplification by cooperating decision procedures. ACM TOPLAS,1979,1(2):245-257
[14]Cousot P, Cousot R. Abstract Interpretation:A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In:Conf. Record of the Fourth ACM Symposium on Principles of Programming Languages,1977:238-252
[15]Dwyer Matthew B, Hatcliff John, Robby, et al.Formal Software Analysis Emerging Trends in Software Model Checking. In Proceedings of International Conference on Software Engineering,2007:120-136
[16]Hallem S, Chelf B, Xie Y, et al. A system and language for building system-specific, static analyses. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation,2002:69-82
[17]http://www.gramatech.com/
[18]http://www.reasoning.com/
[19]张威.软件动态内存故障模型及自动测试方法研究[博士学位论文],北京:装甲兵工程学院,2006
[20]方艳.Java软件分析与测试工具的研究与开发[硕士学位论文],北京:北京航空航天大学,2001
[21]樊平.新型多用途C++静态分析器的研究与开发[硕士学位论文],北京:北京航空航天大学,2004
[22]吴蓉.Java软件分析与测试工具的设计与实现[硕士学位论文],北京:北京航空航天大学,2000
[23]蔡志旻.软件静态分析的研究与实现[硕士学位论文],南京:南京大学,2002
[24]陈平.Java程序静态分析与重构工具的研究与实现[硕士学位论文],北京:北京科技大学,2006
[1]贺平.软件测试技术[M].北京:机械工业出版社.2004
[2]宫云战.软件测试[M].北京:国防工业出版社,2006
[3]郑人杰,殷人昆,陶永雷.实用软件工程[M].2版.北京:清华大学出版社,1997
[4]赵瑞莲.软件测试方法研究[博士学位论文],北京:中国科学院研究生院,2001
[5]宫云战.软件测试教程[M].北京:机械工业出版社,2008
[6]R Hastings, B Joyce. Purify:Fast detection of memory leaks and access errors. In Proceedings of the Winter USENIX Conference,1992:125-136
[7]S Savage, M Burrows, G Nelson, et al. Eraser:A dynamic data race detector for multithreaded programming. ACM Trans. Comput. Syst.1997,15(4):391-411
[8]Dwyer Matthew B, Hatcliff John, Robby, et al.Formal Software Analysis Emerging Trends in Software Model Checking. In Proceedings of International Conference on Software Engineering,2007:120-136
[9]Cousot P, Cousot R. Abstract interpretation:A unified model for static analysis of programs by construction or approximation of fixpoints [C]. In Proceedingsof the 4th ACM Symposium on Principles of Programming Languages. New York:ACM Press, 1977:238-252
[10]王雅文,宫云战,杨朝红.软件测试工具综述[J],北京化工大学学报,2007,34(S1)P1-5
[11]http://www.mercury.com/cn/products/quality-center/testdirector
[12]李理,刘军.软件测试工具的选择和使用[J].警察技术,2006,4:41-44
[13]Brian Chess, Jacob West.Secure programming with static analysis [M]. Boston MA: Addison-Wesley Professional,2007
[14]Binkley David. Source Code Analysis:A Road Map. In Proceedings of International Conference on Software Engineering,2007:104-119
[15]Alfred V Aho, Ravi Sethi, Jeffrey D. Ullman. Compilers:Principles [M], Techniques, and Tools. Pearson Education,2003
[16]PChris Clark. Uniform abstract syntax trees[J]. ACM SIGPLAN Notices, 2000,35(2):11-16
[17]Welty C A. Augmenting abstract syntax trees for program understanding. In Proceedings of the 12th international conference on Automated software engineering,1997:126-133
[18]廖兴,尹俊文,蔡放.基于Java语言的抽象语法树的创建与遍历[J].长沙大学学报,2004,18(4):5-53
[19]Atkinson Darren C. Accurate Call Graph Extraction of Programs with Function Pointers Using Type Signatures. In Proceedings of the 11th Asia-Pacific Software Engineering Conference,2004:326-335
[20]Steven S Muchnick. Advanced Compiler Design and Implementation [M]. Elsevier Science,2003
[21]郑人杰.计算机软件测试技术.北京:清华大学出版社,1992
[22]Weiser M. Program slices:formal, psychological and practical investigations of an automatic program abstraction method[Dissertation]. Michigan:University of Michigan, 1979
[23]孙继荣,李志蜀,王莉等.程序切片技术在软件测试中的应用[J].计算机应用研究,2007,24(5):210-213
[24]张龙杰,谢晓方,袁胜智.一种改进的静态程序切片算法[J].计算机应用,2009,29(3):705-707
[25]Cousot P, Cousot R. Abstract Interpretation:A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In:Conf. Record of the Fourth ACM Symposium on Principles of Programming Languages,1977:238-252
[26]李梦君,李舟军,陈火旺.基于抽象解释理论的程序验证技术[J].软件学报,2008,19(1):17-26
[27]Cousot Patrick. Abstract Interpretation[J]. ACM Computing Surveys,1996,28(2):324-328
[28]Cousot Patrick, Cousot Radhia. Abstract interpretation based program testing. In Proceedings of SSGRR 2000 Computer & eBusiness Conference,2000:1-10
[29]Xie Y, Aiken A. Scalable error detection using boolean satisfiability. In Symposium on Principles of Programming Languages (POPL),2005,351-363
[30]Xie Y, Aiken A. Saturn:A scalable framework for error detection using boolean satisfiability. ACM Transactions on Programming Languages and Systems,Volume 29, Issue 3,2007:1-43
[31]Hallem S, Chelf B, Xie Y, et al. A system and language for building system-specific, static analyses. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation,2002:69-82
[32]http://pmd.sourceforge.net/rules/index.html
[33]http://findbugs.sourceforge.net/bugDescriptions.html
[34]http://www.klocwork.com/resources/whitepapers.asp
[35]Rustan K, Leino M, Nelson G, et al. Saxe.Esc/Java user's manual. Technical note 2000-002,Compaq Systems Research Center, October 2001
[36]Detlefs D L. An overview of the extended static checking system. In Proceedings of the First Workshop on Formal Methods in Software Practice, January 1996:1-9
[37]Evans D, Guttag J, Horning J, et al. Lclint:A tool for using specifications to check code. In Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering, December 1994:87-96
[38]Foster J S, Terauchi T, Aiken Alex. Flow-sensitive type qualifiers. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, June 2002:1-12
[1]宫云战.一种面向故障的软件测试新方法[J].装甲兵工程学院学报,2004(1):21-25
[2]宫云战.软件测试的故障模型[J].装甲兵工程学院学报,2004:18(2):1-5
[3]Rutar N, Almazan C, Foster J. S. A comparison of bug finding tools for Java. In Proceedings of the 15th IEEE International Symposium on Software Reliability Engineering, Saint-Malo, France,2004:269-270
[4]宫云战.软件测试[M].北京:国防工业出版社,2006
[5]McGraw, Gary. Software Security:Building Security[M]. Boston, MA:Addison-Wesley, 2006
[6]肖庆,杨朝红,毕学军.一种基于故障模式状态机的测试方法[J].北京化工大学学报(自然科学版),2007,34(S1):73-76
[7]廖兴,尹俊文,蔡放.基于Java语言的抽象语法树的创建与遍历[J].长沙大学学报,2004,18(4):5-53
[8]Alfred V Aho, Ravi Sethi, Jeffrey D. Ullman. Compilers:Principles [M], Techniques, and Tools. Pearson Education,2003
[9]PChris Clark. Uniform abstract syntax trees[J]. ACM SIGPLAN Notices, 2000,35(2):11-16
[10]Welty C A. Augmenting abstract syntax trees for program understanding. In Proceedings of the 12th international conference on Automated software engineering,1997:126-133
[11]王雅文,宫云战,肖庆等.扩展区间运算的变量值范围分析技术[J],北京邮电大学学报,2009,32(3):36-41
[12]Wang Yawen, Gong Yunzhan, Chen Junliang, et al. An application of interval analysis in software static analysis, in Proceedingsof The 5th International Conference on Embedded and Ubiquitous Computing, Shanghai,China,2008.12:367-372
[13]Jin Dahai, Gong Yunzhan, Xiao Qing, et al. A Method of Improving Precision in Software Testing Based on Defect Patterns, in Proceedingsof the 2009 International Conference on Industrial and Information Systems, Haikou, China,2009.04,285-288
[14]张威.软件动态内存故障模型及自动测试方法研究[博士学位论文],北京:装甲兵工程学院,2006
[15]Hovemeyer D, Pugh H. Finding more null pointer bugs, but not too many. In Proceedings of the 7th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering. New York:ACM Press,2007:9-14
[1]姬孟洛,王怀民,李梦君等.一种基于抽象解释和通用单调数据流框架的值范围分析方法[J].计算机研究与发展,2006,43(11):2020-2026
[2]Nielson F, H R Nielson, C Hankin. Principles of Program Analysis[M]. Berlin: Springer-Verlag,1999
[3]Cousot P, Cousot R. Abstract Interpretation:A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In:Conf. Record of the Fourth ACM Symposium on Principles of Programming Languages,1977:238-252
[4]姬孟洛,李军,王馨.一种基于抽象解释的WCET自动分析工具[J].计算机工程.2006,132(14):54-56
[5]Cousot P, Cousot R. Static Determination of dynamic properties of programs. In Proceedingsof the 2nd International Symposium on Programming. Dunod, Paris,1976: 106-130
[6]Cousot P. Abstract interpretation based formal methods and future challenges, invited paper. In R. Wilhelm, editor, Informatics-10Years Back,10 Years Ahead, Volumn 2000 of LNCS, Springer-Verlag,2000:138-156
[7]Cousot Patrick, Cousot Radhia. Abstract interpretation based program testing. In Proceedings of SSGRR 2000 Computer & eBusiness Conference,2000:1-10
[8]Cousot P, Halbwachs N. Automatic discovery of linear restraints among variables of a program. In Proceedingsof the 5th POPL. Arizona:ACM Press,1978.84-97
[9]Mine A. The octagon abstract domain. Higher-Order and Symbolic Computation, 2006,19(1):31-100
[10]Alefeld G, Herzberger J. Introduction to interval computations[M]. Trans. Jon Rockne. New York:Academic Press,1983
[11]Hansen E. Topics in interval analysis[M]. Ox-ford:[s.n.],1969
[12]Harrison W H,Compiler Analysis of the Value Ranges for variables, IEEE Transaction on Software Engineering[J],1977,5:243-250
[13]王言志,刘椿年.区间算术在软件测试中的应用[J].软件学报,1998,9(6):438-443
[14]李福川,宋晓秋.软件测试中的新方法—区间代数方法[J].计算机工程与设计,2005(10):2576-2578
[15]Ghodrat M A, Givargis T, Nicolau A:Expression equivalence checking using interval analysis[J]. IEEE Trans. VLSI Syst.2006,14(8):830-842
[16]高传平,谈利群,宫云战等.基于整型区间集的数组越界静态自动测试方法研究[J].小型微型计算机系统,2006,27(12):2222-2227
[17]王德人,张连生,邓乃扬.非线性方程的区间算法[M].上海:上海科学技术出版社,1987
[18]李福川.区间代数理论扩展及其在软件测试中的应用[硕士学位论文],北京:中国航天第二研究院,2004
[19]Hallem S, Chelf B, Xie Y, et al. A system and language for building system-specific, static analyses. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation,2002:69-82
[20]Binkley David. Source Code Analysis:A Road Map. In Proceedings of International Conference on Software Engineering,2007:104-119
[21]W Blume, R Eigenmann. Symbolic range propagation. In Proceedingsof the 9th International Parallel Processing Symposium. Santa Barbara, CA, IEEE Computer Society Press,1995:357-363
[1]Wang Yawen, Gong Yunzhan, Chen Junliang, et al. An application of interval analysis in software static analysis, in Proceedingsof The 5th International Conference on Embedded and Ubiquitous Computing, Shanghai,China,2008.12:367-372
[2]王雅文,宫云战,肖庆,杨朝红.扩展区间运算的变量值范围分析技术[J],北京邮电大学学报,2009,32(3):36-41.
[3]Cousot Patrick, Cousot Radhia. Abstract interpretation based program testing. In Proceedings of SSGRR 2000 Computer & eBusiness Conference,2000:1-10
[4]Cousot P, Cousot R. Static Determination of dynamic properties of programs. In Proceedingsof the 2nd International Symposium on Programming. Dunod, Paris,1976: 106-130
[5]Cousot P, Cousot R. Abstract Interpretation:A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In:Conf. Record of the Fourth ACM Symposium on Principles of Programming Languages,1977:238-252
[6]Brian Chess, Jacob West.Secure programming with static analysis [M]. Boston MA: Addison-Wesley Professional,2007
[7]http://sourceforge.net/
[8]http://www.areca-backup.org/
[9]http://www.atunes.org/
[10]http://azureus.sourceforge.net/
[11]http://www.abcseo.com/cobra/
[12]http://www.freecol.org/
[13]http://freemind.sourceforge.net/
[14]http://jstock.sourceforge.net/
[15]http://megamek.sourceforge.net/
[16]http://robocode.sourceforge.net/
[17]http://www.sweethome3d.eu/
[18]陈蕊.程序中不可达路径的识别及其在结构侧试中的应用[硕士学位论文],北京:中国科学院研究生院,2006
[19]http://www.rjzl.gov.cn/news.asp?id=2504
[1]Ball T, Rajamani S. Automatically validating temporal safety properties of interfaces. Proceedings of 8th International SPIN Workshop of Model Checking of Software,2001:103-122
[2]Engler D Chelf, B Chou A, Hallem S. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation, San Diego,2000:1-16
[3]Das M, Lerner S, Seigle M. ESP:Path-Sensitive program verification in polynomial time. In Proceedings of the Conference on Programming Languages, Design and Implementation (PLDI) (Berlin, Germany). ACM Press, New York,2002:57-68
[4]Alfred V Aho, Ravi Sethi, Jeffrey D. Ullman. Compilers:Principles [M], Techniques, and Tools. Pearson Education,2003
[5]Das M, Lerner S, Seigle M. ESP:Path-Sensitive Program Verification in Polynomial Time. Technical Report MSR-TR-2002-41, Microsoft Corporation,2002
[6]http://cmusphinx.org/
[7]http://optipng.sourceforge.net/
[8]http://amsn.sourceforge.net
[9]http://packages.debian.org/zh-cn/lenny/libprojectm2
[10]http://www.pudn.com/detail.asp?id=432451
[11]http://www.avisynth.org
[12]http://reactivision.sourceforge.net/
[13]http://en.pudn.com/detail.asp?id=366752
[14]http://openmediaplaya.sourceforge.net
[15]http://www.iometer.org/
[16]Ammons G, Larus J. Improving data-flow analysis with path profiles. Proceedings of the ACM SIGPLAN 98 Conference on Programming Language Design and Implementation,1998:72-78
[17]Holley L, Rosen B. Qualified Data Flow Problems. Conference Record of the Seventh ACM Symposium on Principles of Programming Languages,1980:68-82
[18]Bodik R, Gupta R, Soffa M. Refining data flow information using infeasible paths. Software Engineering Notes ESEC/FSE'97,1997:361-77
[19]Tu P, Padua D. Gated SSA-based demand-driven symbolic analysis for parallelizing compilers. Proceedings of the 1995 ACM International Conference on Supercomputing,414-423,1995
[20]http://www.cse.ucsd.edu/classes/fa03/cse231/lec10seq.pdf
[1]杨朝红,宫云战,肖庆等.基于软件缺陷模型的测试系统[J],北京邮电大学学报,2008,31(5):1-4
[2]Yang Zhaohong, Gong Yunzhan, et al. DTS-A Software Defects Testing System, in Proceedings of The 8th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2008, Beijing, China,2008.08:269-270
[3]http://www.rjzl.gov.cn/news.asp?id=2504
[4]廖兴,尹俊文,蔡放.基于Java语言的抽象语法树的创建与遍历[J].长沙大学学报,2004,18(4):5-53
[5]https://javacc.dev.java.net/
[6]http://www.graphviz.org/Gallery.php
[7]Hallem S, Chelf B, Xie Y, et al. A system and language for building system-specific, static analyses. In Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation,2002:69-82
[8]Rutar N, Almazan C, Foster J S. A comparison of bug finding tools for Java. In Proceedings of the 15th IEEE International Symposium on Software Reliability Engineering, Saint-Malo, France,2004:269-270
[9]Hovemeyer D, Pugh H. Finding more null pointer bugs, but not too many. In Proceedings of the 7th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering. New York:ACM Press,2007:9-14
[10]http://www.klocwork.com/freetrial/
[1]http://findbugs.sourceforge.net/bugDescriptions.html
[2]http://pmd.sourceforge.net/rules/index.html
[3]http://www.klocwork.com/resources/whitepapers.asp
[4]Simon Axel.Value-Range Analysis of C Programs:Towards Proving the Absence of Buffer Overflow Vulnerabilities [M]. New York:Springer-Verlag,2008
[5]Rugina R, Rinard M C. Symbolic bounds analysis of pointers, array indices, and accessed memory regions [J]. ACM Transactions on Programming Languages and Systems (TOPLAS),2005,25(2):185-235
[6]赵瑞莲.基于搜索的面向路径字符串测试数据自动生成方法[J].计算机辅助设计与图形学学报,2008,5:671-677
[7]Engelen Robert A. van, Birch J, Shou Y, et al. A unified framework for nonlinear dependence testing and symbolic analysis. In Proceedings of the 18th annual international conference on Supercomputing,2004:106-115
[8]Steven S Muchnick. Advanced Compiler Design and Implementation [M]. Elsevier Science,2003
[9]Cousot P. Abstract interpretation based formal methods and future challenges, invited paper. In R. Wilhelm, editor, Informatics-10Years Back,10 Years Ahead, Volumn 2000 of LNCS, Springer-Verlag,2000:138-156