嵌入式软件静态测试方法研究
|
摘要
嵌入式软件的特点决定了嵌入式软件的测试重点是运行时检测、内存、安全等方面。而且C/C++语言作为嵌入式软件的主流编程语言,其本身具有典型的代码缺陷:缓冲区溢出、数组越界、空指针引用异常、内存泄漏等。为了在检测出C/C++代码缺陷的同时兼顾嵌入式软件的测试重点,针对嵌入式软件的静态测试方法进行研究。掌握C/C++语言的常用静态测试工具的主要功能侧重点及使用方法,使用C++Test、PC-Lint两种测试工具对同一嵌入式软件源码进行静态测试。两者测试结果形成对比和补充,降低了代码缺陷的漏报、误报的可能性,提高了测试效率。实现了在代码编写阶段检测出软件中隐藏的代码缺陷,进而保障嵌入式软件安全可靠的运行,验证了该嵌入式软件静态测试方法的有效可行性。
The characteristics of embedded software determine its test focus is run-time detection,memory,security and so on. Moreover,C/C++,as the mainstream programming language of embedded software,has its own typical code defects:buffer overflow,array out of bounds,null point exception,memory leak and so on. In order to detect the defects of C/C++ code and take the test emphasis of embedded software into consideration,the static test method of embedded software is studied. After mastering the main functions and methods of the static testing tools of C/C++ language,C++Test and PC-Lint are used to test the source code of the same embedded software. The results of the two tests are contrasted and supplemented. The possibility of false negatives and false positives of code defects is reduced,and the testing efficiency is improved. The code defects hidden in the software are detected at the code writing stage,and the secure and reliable operation of the embedded software is ensured. The feasibility of the proposed static test method is verified.
The characteristics of embedded software determine its test focus is run-time detection,memory,security and so on. Moreover,C/C++,as the mainstream programming language of embedded software,has its own typical code defects:buffer overflow,array out of bounds,null point exception,memory leak and so on. In order to detect the defects of C/C++ code and take the test emphasis of embedded software into consideration,the static test method of embedded software is studied. After mastering the main functions and methods of the static testing tools of C/C++ language,C++Test and PC-Lint are used to test the source code of the same embedded software. The results of the two tests are contrasted and supplemented. The possibility of false negatives and false positives of code defects is reduced,and the testing efficiency is improved. The code defects hidden in the software are detected at the code writing stage,and the secure and reliable operation of the embedded software is ensured. The feasibility of the proposed static test method is verified.
引文
[1] MYERS G J.The art of software testing[M].Canada:Word Association,2004.
[2] 原义盈.嵌入式软件堆栈溢出的静态测试方法研究[D].北京:北京交通大学,2011.
[3] 林晨.嵌入式箭载计算机控制软件测试关键技术研究[D].上海:上海交通大学,2014.
[4] 吕文晶.基于规则的嵌入式软件系统静态测试[D].天津:天津大学,2012.
[5] 孟云秀.基于C/C++代码的静态检测技术分析与研究[D].石家庄:石家庄铁道大学,2015.
[6] 侯成杰.航天器C语言软件常见编程错误分析及检测方法研究[J].空间控制技术与应用,2013,39(6):53-57.
[7] 张蕾.嵌入式软件测试技术及工具的研究[J].中国新技术新产品,2017(21):36-37.
[8] 孟云秀,赵正旭.基于源代码分析的软件静态测试[J].河北省科学院学报,2013,30(2):16-21.
[9] LHEE K S,CHAPIN S J.Buffer overflow and format string overflow vulnerabilities[J].Software Practice & Experience,2010,33(5):423-460.
[10] 褚蕾.基于静态源码分析的软件安全测试技术研究与实现[D].成都:电子科技大学,2010.
[11] 杨颖,周志飞,钟理,等.嵌入式软件静态测试技术[J].机车电传动,2017(1):61-64.
[12] 李昊.基于LLVM-Clang的软件静态检测工具研究与实现[D].西安:西安理工大学,2017.
[13] GIMPEL J.Software that checks software:the impact of PC-lint[J].IEEE Software,2014,31(1):15-19.
[14] 姜文,刘立康.基于Linux环境的C/C++软件重量级静态检查[J].微型电脑应用,2016,32(5):12-15.
[2] 原义盈.嵌入式软件堆栈溢出的静态测试方法研究[D].北京:北京交通大学,2011.
[3] 林晨.嵌入式箭载计算机控制软件测试关键技术研究[D].上海:上海交通大学,2014.
[4] 吕文晶.基于规则的嵌入式软件系统静态测试[D].天津:天津大学,2012.
[5] 孟云秀.基于C/C++代码的静态检测技术分析与研究[D].石家庄:石家庄铁道大学,2015.
[6] 侯成杰.航天器C语言软件常见编程错误分析及检测方法研究[J].空间控制技术与应用,2013,39(6):53-57.
[7] 张蕾.嵌入式软件测试技术及工具的研究[J].中国新技术新产品,2017(21):36-37.
[8] 孟云秀,赵正旭.基于源代码分析的软件静态测试[J].河北省科学院学报,2013,30(2):16-21.
[9] LHEE K S,CHAPIN S J.Buffer overflow and format string overflow vulnerabilities[J].Software Practice & Experience,2010,33(5):423-460.
[10] 褚蕾.基于静态源码分析的软件安全测试技术研究与实现[D].成都:电子科技大学,2010.
[11] 杨颖,周志飞,钟理,等.嵌入式软件静态测试技术[J].机车电传动,2017(1):61-64.
[12] 李昊.基于LLVM-Clang的软件静态检测工具研究与实现[D].西安:西安理工大学,2017.
[13] GIMPEL J.Software that checks software:the impact of PC-lint[J].IEEE Software,2014,31(1):15-19.
[14] 姜文,刘立康.基于Linux环境的C/C++软件重量级静态检查[J].微型电脑应用,2016,32(5):12-15.