[go: up one dir, main page]

CN110096439A - A kind of method for generating test case towards solidity language - Google Patents

A kind of method for generating test case towards solidity language Download PDF

Info

Publication number
CN110096439A
CN110096439A CN201910341716.0A CN201910341716A CN110096439A CN 110096439 A CN110096439 A CN 110096439A CN 201910341716 A CN201910341716 A CN 201910341716A CN 110096439 A CN110096439 A CN 110096439A
Authority
CN
China
Prior art keywords
program
test case
dup
variable
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910341716.0A
Other languages
Chinese (zh)
Other versions
CN110096439B (en
Inventor
张鹏程
于佳男
吉顺慧
肖锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hohai University HHU
Original Assignee
Hohai University HHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hohai University HHU filed Critical Hohai University HHU
Priority to CN201910341716.0A priority Critical patent/CN110096439B/en
Publication of CN110096439A publication Critical patent/CN110096439A/en
Application granted granted Critical
Publication of CN110096439B publication Critical patent/CN110096439B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Prevention of errors by analysis, debugging or testing of software
    • G06F11/3668Testing of software
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/12Computing arrangements based on biological models using genetic models
    • G06N3/126Evolutionary algorithms, e.g. genetic algorithms or genetic programming

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Biophysics (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • General Physics & Mathematics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computational Linguistics (AREA)
  • Artificial Intelligence (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • Biomedical Technology (AREA)
  • Genetics & Genomics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Physiology (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Debugging And Monitoring (AREA)
  • Test And Diagnosis Of Digital Computers (AREA)

Abstract

本发明公开了一种面向solidity语言的测试用例生成方法,针对应用solidity语言实现的智能合约程序,根据程序得到对应的控制流图(CFG),控制流图中涵盖了该智能合约程序中函数方法间的调用信息;根据程序CFG得到程序中存在的变量的定义‑使用对(dup);在生成测试用例的过程中,应用遗传算法加快有效测试用例的生成速度。另一方面,考虑solidity存在的整数溢出安全性问题,设计遗传算法的适应度函数时强调测试用例对可引起整数溢出错误的变量的定义及使用实现了覆盖,对与整数溢出错误相关的dup实现覆盖的测试用例的适应度值会相对较大。本发明方法切实可行,在实现对程序中常规变量操作进行覆盖测试的基础上,实现了整数溢出覆盖测试。

The invention discloses a method for generating test cases oriented to the solidity language. Aiming at the smart contract program implemented by applying the solidity language, the corresponding control flow graph (CFG) is obtained according to the program, and the control flow graph covers the functions and methods in the smart contract program. According to the program CFG, the definition of the variables existing in the program-using pair (dup) is obtained; in the process of generating test cases, the genetic algorithm is used to speed up the generation of effective test cases. On the other hand, considering the integer overflow security problem existing in solidity, when designing the fitness function of the genetic algorithm, it is emphasized that the test cases cover the definition and use of variables that can cause integer overflow errors, and the implementation of dup related to integer overflow errors The fitness value of the covered test cases will be relatively large. The method of the invention is practicable, and realizes the integer overflow coverage test on the basis of realizing the coverage test of the routine variable operation in the program.

Description

一种面向solidity语言的测试用例生成方法A test case generation method for solidity language

技术领域technical field

本发明涉及一种面向solidity语言的测试用例生成方法,尤其涉及到应用遗传算法并基于数据流测试的测试用例生成方法,属于软件测试技术领域。The invention relates to a method for generating test cases oriented to solidity language, in particular to a method for generating test cases based on data flow testing by applying a genetic algorithm, and belongs to the technical field of software testing.

背景技术Background technique

近两年来,随着区块链技术的不断发展,数字货币、智能合约成为了许多研究的热点,其中以太坊是支持智能合约部署编译的典型平台之一,solidity更是成为当今智能合约编写的热门语言。之所以被称为智能合约,其主要特点就在于可以自动的或具备一定的智能性的,通过预先定义好的执行条件和逻辑,在条件满足时,自动的执行合约内容,实现期望的功能;尤其是借助于区块链平台的去中心化、去信任、防篡改等特性,智能合约的优势被更好的放大,有了更大的应用前景。因此,对solidity这门语言的测试也是一个需更深入研究的问题。In the past two years, with the continuous development of blockchain technology, digital currency and smart contracts have become the focus of many researches. Among them, Ethereum is one of the typical platforms that support smart contract deployment and compilation, and solidity has become the programming language for smart contracts today. Popular languages. The reason why it is called a smart contract is that its main feature is that it can be automatic or have a certain degree of intelligence. Through pre-defined execution conditions and logic, when the conditions are met, the content of the contract is automatically executed to achieve the desired function; Especially with the help of the decentralization, trustless, and tamper-proof features of the blockchain platform, the advantages of smart contracts are better amplified and have greater application prospects. Therefore, the testing of the solidity language is also a problem that requires further research.

由于区块链平台的特性,以solidity语言编写的智能合约没办法在执行过程中完成动态测试,因此,目前对于solidity语言的测试分析主要集中在对源代码进行静态分析上。除了传统语言中常见的程序错误,在solidity语言中还可能因编程缺陷等引发一些其特有的错误。针对solidity语言编程,Tsankov等人开发了一个程序分析器Securify,该分析器将程序预定义为两种模式:合规模式和违规模式,然后通过分析合约的依赖图从代码中得到语言信息,通过预定义的条件,判断程序合规或违规或者警告;基于重入攻击这个错误,Liu等提出了一个模型ReGuard,该模型通过将solidity程序通过中间表示转换成通过语言C++,然后通过对得到的C++程序执行模糊测试迭代的生成随机又不同的交易来发现错误。Due to the characteristics of the blockchain platform, smart contracts written in the solidity language cannot be dynamically tested during execution. Therefore, the current testing and analysis of the solidity language mainly focuses on static analysis of the source code. In addition to common programming errors in traditional languages, some unique errors may also be caused by programming defects in solidity language. For solidity language programming, Tsankov et al. developed a program analyzer Securify, which predefines the program into two modes: compliance mode and violation mode, and then obtains language information from the code by analyzing the dependency graph of the contract, through Pre-defined conditions, judging program compliance or violation or warning; based on the error of reentrancy attack, Liu et al. proposed a model ReGuard, which converts the solidity program into the passing language C++ through the intermediate representation, and then passes the obtained C++ The program performs fuzzing iteratively generating random and distinct transactions to find bugs.

随着对智能约合的使用越来越广泛,已经不仅仅是在货币交易领域,在其他通用信息产业等领域也将会有很广泛的使用,而面向solidity语言的测试仍处于起步阶段,因此有必要考虑到面向程序整体测试的测试用例生成技术。As the use of smart contracts becomes more and more widespread, not only in the field of currency transactions, but also in other fields such as the general information industry, and the testing of the solidity language is still in its infancy, so It is necessary to consider the test case generation technology for the overall program testing.

发明内容Contents of the invention

发明目的:考虑到solidity语言的新颖性,且在使用过程中已出现了一些较为严重的安全性错误;与此同时,随着智能合约的应用领域越来越广,在现有的一些静态代码分析的基础上,程序的通用测试也是一个需求。本发明目的是提供一种面向solidity语言的测试用例生成方法,基于数据流测试的方法,实现对程序执行过程中变量操作进行整体性测试,并同时强调了对执行过程中可引发整数溢出错误的变量操作的测试。Purpose of the invention: Considering the novelty of the solidity language, some serious security errors have occurred during its use; at the same time, as the application fields of smart contracts become wider and wider, some existing static codes On the basis of analysis, general testing of the program is also a requirement. The purpose of the present invention is to provide a solidity language-oriented test case generation method, based on the method of data flow testing, to realize the integrity test of variable operations in the program execution process, and at the same time emphasize the integer overflow error that can be caused during the execution process Tests for variable manipulation.

技术方案:为实现上述发明目的,本发明采用如下技术方案:Technical solution: In order to achieve the above-mentioned purpose of the invention, the present invention adopts the following technical solution:

一种面向solidity语言的测试用例生成方法,包括如下步骤:A test case generation method for solidity language, comprising the following steps:

(1)根据solidity语言的变量类型、流程控制语句、函数体结构、内部函数require以及函数修改器的使用对solidity语言实现的待测试智能合约程序进行分析得到对应的控制流图CFG;(1) According to the variable type, flow control statement, function body structure, internal function require and function modifier of the solidity language, analyze the smart contract program to be tested implemented by the solidity language to obtain the corresponding control flow graph CFG;

(2)根据步骤(1)的CFG图遍历各节点信息,判断存在uint型变量使用的节点是否存在整数溢出错误的安全性问题,若存在,则将存在整数溢出错误的节点标记;(2) Traversing each node information according to the CFG graph of step (1), judging whether there is a security problem of integer overflow error in the node used by the uint type variable, if there is, then there will be a node mark of integer overflow error;

(3)根据步骤(1)的CFG图遍历各节点信息,统计出程序中所有数值型变量的定义-使用对,记为dup,且若步骤(2)中判断结果为存在整数溢出错误,则将包含步骤(2)中的标记节点存在的变量的定义-使用对统计出来,记为dup’;(3) Traverse the information of each node according to the CFG graph in step (1), and count the definition-use pairs of all numerical variables in the program, which are recorded as dup, and if the judgment result in step (2) is that there is an integer overflow error, then The definition of the variable that contains the label node in the step (2)-use is counted out, and is recorded as dup';

(4)根据步骤(3)统计出的dup,针对程序中的所有数值型变量随机生成初始的包含若干组测试用例的测试用例集;(4) according to the dup that step (3) counts, for all numerical variables in the program, randomly generate an initial set of test cases that includes several groups of test cases;

(5)设计遗传算法中的适应度函数用于选取较优的测试用例以驱动算法执行;其中测试用例的适应度值为测试用例覆盖的dup的数量与覆盖的涉及到整数溢出错误的dup’数量的加权和与所有dup的数量与所有dup’数量加权和的比值;(5) The fitness function in the genetic algorithm is designed to select a better test case to drive the algorithm to execute; the fitness value of the test case is the number of dups covered by the test case and the dup's covered by the integer overflow error The ratio of the weighted sum of quantities to the quantity of all dups to the weighted sum of all dup' quantities;

(6)根据步骤(5)中的适应度函数以及算法的执行界限,求得步骤(4)中初始测试用例的适应度值,开始遗传算法迭代执行,得到算法内最优结果。(6) According to the fitness function in step (5) and the execution limit of the algorithm, the fitness value of the initial test case in step (4) is obtained, and the iterative execution of the genetic algorithm is started to obtain the optimal result in the algorithm.

在优选的实施方案中,所述步骤(1)中分析待测试程序的CFG图时,考虑程序中地址型变量的使用,考虑由地址变量引出其他变量的定义;考虑程序中require和assert条件判断语句的使用,将require语句作为一个if条件结构语句进行处理;将函数修改器看作是函数调用的一种形态,遇到函数体时,首先分析该函数是否使用了函数修改器,若使用了函数修改器则先转入函数修改器,根据函数修改器内容进行节点间的连接关系转移。In a preferred embodiment, when analyzing the CFG figure of the program to be tested in the described step (1), consider the use of the address variable in the program, consider the definition of other variables drawn by the address variable; consider require and assert condition judgment in the program For the use of statements, the require statement is treated as an if conditional structure statement; the function modifier is regarded as a form of function call. When encountering a function body, first analyze whether the function uses a function modifier. The function modifier is first transferred to the function modifier, and the connection relationship between nodes is transferred according to the content of the function modifier.

在优选的实施方案中,所述步骤(2)中包括如下步骤:In a preferred embodiment, the step (2) includes the following steps:

(21)根据步骤(1)得到的CFG分析程序中是否存在整数溢出错误,具体为:遍历CFG图节点,对于存在uint型变量使用的节点,其中变量使用包括执行加、减、乘或除计算,判断在变量使用节点前是否已有对相应变量操作结果进行溢出判断的语句节点,若没有,则判定程序会出现整数溢出错误;(21) Whether there is an integer overflow error in the CFG analysis program obtained according to step (1), specifically: traversing the nodes of the CFG graph, for nodes using uint variables, the use of variables includes performing addition, subtraction, multiplication or division calculations , to determine whether there is a statement node for overflow judgment on the operation result of the corresponding variable before the variable use node, if not, the judgment program will have an integer overflow error;

(22)若存在整数溢出错误,对CFG中涉及到引发整数溢出错误的变量操作节点进行标注。(22) If there is an integer overflow error, mark the variable operation nodes involved in the integer overflow error in the CFG.

在优选的实施方案中,所述步骤(3)中包括如下步骤:In a preferred embodiment, the step (3) includes the following steps:

(31)根据CFG图,逐节点分析语句信息,找到程序中存在的数值型变量的定义节点;(31) According to the CFG diagram, analyze the sentence information node by node, find the definition node of the numerical variable existing in the program;

(32)针对步骤(31)中找到的每一个变量的定义节点,找到其对应的所有使用节点;(32) For the definition node of each variable found in step (31), find all its corresponding use nodes;

(33)结合步骤(31)、(32),得到程序中存在的变量的定义-使用对:dup=(d,u,v),计算其总数量,记为n;其中v表示某一变量,d表示v的某一定义节点,u表示v的某一使用节点;(33) In conjunction with steps (31), (32), obtain the definition of the variable that exists in the program-use pair: dup=(d, u, v), calculate its total quantity, be recorded as n; Wherein v represents a certain variable , d represents a definition node of v, u represents a use node of v;

(34)结合步骤(22)与步骤(31)、(32)的内容得到存在整数溢出问题的变量定义-使用对,这里用dup’表示,计算其总数量,记为m,若步骤(22)中结果为没有整数溢出问题,即未做标记,则此处m统计值为0。(34) Combining the contents of step (22) and step (31), (32) to obtain the variable definition-use pair that has integer overflow problem, expressed by dup' here, calculate its total quantity, denoted as m, if step (22 ), the result is that there is no integer overflow problem, that is, it is not marked, and the statistical value of m here is 0.

在优选的实施方案中,所述步骤(4)中针对程序中的所有数值型变量随机生成初始的包含4组测试用例的测试用例集。In a preferred embodiment, in the step (4), an initial test case set containing 4 groups of test cases is randomly generated for all numerical variables in the program.

在优选的实施方案中,所述步骤(5)中,适应度函数公式其中pi表示第i个测试用例覆盖的dup的数量,qi表示第i个测试用例覆盖的涉及到整数溢出错误的dup’数量,n表示程序中所有dup的数量,m表示程序中所有涉及到整数溢出错误的dup’数量,ε为权重参数,0<ε<1。In a preferred embodiment, in the step (5), the fitness function formula Where p i represents the number of dups covered by the i-th test case, q i represents the number of dups involving integer overflow errors covered by the i-th test case, n represents the number of all dups in the program, m represents all the dups involved in the program The number of dup's to integer overflow errors, ε is the weight parameter, 0<ε<1.

在优选的实施方案中,所述步骤(6)中,算法执行界限的设定包含两部分:(1)遗传算法迭代次数,若达到最高代数限制,适应度值仍未达到1,也结束;(2)在遗传代数上限内,若适应度值达到1则保存当前测试用例生成结果,再进行下一代实验,若实验结果的适应度值较父代小,则结束,取上一代结果。In a preferred embodiment, in the step (6), the setting of the algorithm execution limit includes two parts: (1) the number of iterations of the genetic algorithm, if the highest algebraic limit is reached, the fitness value has not yet reached 1, and it ends; (2) Within the upper limit of genetic algebra, if the fitness value reaches 1, save the generated results of the current test case, and then proceed to the next generation of experiments. If the fitness value of the experimental results is smaller than that of the parent generation, then end and take the results of the previous generation.

在优选的实施方案中,所述步骤(6)中包括如下步骤:In a preferred embodiment, the step (6) includes the following steps:

(61)种群中个体适应度值计算:对于生成的每个个体,即每个测试用例,将对应的测试数据放到程序中执行,通过预先对源程序进行插桩的方式计算其覆盖的dup数量,记为p,以及覆盖dup’数量,记为q,在统计q的值时,其前提条件为在当前个体执行状态下,变量的操作满足溢出条件,才将其记为对整数溢出错误的一次有效覆盖,根据适应度函数,计算个体适应度值;(61) Calculation of individual fitness value in the population: For each individual generated, that is, each test case, put the corresponding test data into the program for execution, and calculate the covered dup by inserting the source program in advance Quantity, denoted as p, and covering dup' quantity, denoted as q, when counting the value of q, the prerequisite is that in the current individual execution state, the operation of the variable satisfies the overflow condition, and it is recorded as an integer overflow error An effective coverage of , and calculate the individual fitness value according to the fitness function;

(62)遗传算法迭代执行,选取算法内最优结果:依照遗传算法中的轮盘赌选择法、均匀交叉算子以及变异执行迭代执行遗传算法,遗传算法每一次执行适应度值计算都如步骤(61),直到达到算法执行界限为止,最终得到算法结果。(62) Genetic algorithm iterative execution, select the optimal result in the algorithm: according to the roulette wheel selection method, uniform crossover operator and mutation in the genetic algorithm, iteratively execute the genetic algorithm. (61), until the algorithm execution limit is reached, the algorithm result is finally obtained.

有益效果:本发明提供的一种面向solidity语言的基于数据流测试的测试用例生成方法,考虑到程序执行中涉及到较多的函数调用,而在函数执行调用过程中,变量的定义和使用又是其关键环节,因此采用基于数据流测试的方法,根据程序中变量的定义和使用情况,分析状态的变化。在实现对程序执行过程中变量操作进行整体性测试的同时强调了对执行过程中可引发整数溢出错误的变量操作的测试,进行这一操作的前提是通过控制流分析对引起整数溢出操作是否已进行了溢出判断,从而判定程序执行中是否会出现整数溢出的问题。与现有技术相比,本发明在面向solidity语言测试用例生成领域,提出了一个切实可行的算法,在实现对程序中常规变量操作进行覆盖测试的基础上,进一步考虑了对solidity语言中可引起严重问题的整数溢出错误的变量操作的覆盖测试。并且本发明采用的遗传算法对测试用例生成过程进行优化,可以在短时间内生成较优的测试用例。Beneficial effects: the test case generation method based on data flow test oriented to solidity language provided by the present invention takes into account that many function calls are involved in program execution, and in the process of function execution call, the definition and use of variables are different. It is the key link, so the method based on data flow testing is adopted to analyze the state changes according to the definition and usage of variables in the program. While realizing the overall test of variable operations in the process of program execution, the test of variable operations that can cause integer overflow errors in the process of execution is emphasized. The premise of this operation is to check whether the operations that cause integer overflow have been completed through control flow analysis. The overflow judgment is carried out to determine whether the problem of integer overflow will occur during the execution of the program. Compared with the prior art, the present invention proposes a feasible algorithm in the field of solidity language test case generation. On the basis of realizing the coverage test of conventional variable operations in the program, it further considers the Coverage tests for badly problematic variable operations with integer overflow errors. And the genetic algorithm adopted in the present invention optimizes the test case generation process, and can generate better test cases in a short time.

附图说明Description of drawings

图1为本发明实施例的整体步骤图;Fig. 1 is an overall step diagram of an embodiment of the present invention;

图2为本发明实施例的方法流程图。Fig. 2 is a flow chart of the method of the embodiment of the present invention.

具体实施方式Detailed ways

下面结合具体实施例,进一步阐明本发明,应理解这些实施例仅用于说明本发明而不用于限制本发明的范围,在阅读了本发明之后,本领域技术人员对本发明的各种等价形式的修改均落于本申请所附权利要求所限定的范围。Below in conjunction with specific embodiment, further illustrate the present invention, should be understood that these embodiments are only used to illustrate the present invention and are not intended to limit the scope of the present invention, after having read the present invention, those skilled in the art will understand various equivalent forms of the present invention All modifications fall within the scope defined by the appended claims of the present application.

如图1所示,本发明实施例提供的一种面向solidity语言的测试用例生成方法,包括如下步骤:As shown in Figure 1, a kind of solidity language-oriented test case generation method provided by the embodiment of the present invention comprises the following steps:

步骤S1:待测试程序的CFG绘制。根据solidity语言的变量类型(尤其包括地址类型address和无符号整型uint);包括if-else、while、for等的流程控制语句;通过关键字function定义函数体结构;特有的内部函数require以及函数修改器Function Modifier的使用等得到准确的CFG。本步骤在绘制CFG图时主要注意以下内容:(1)当程序中(一般是函数内)遇到require(或assert)这样的条件判断语句时,将require()当成是一个if判断结构,把需要判断的语句作为一个条件节点处理。当()内的条件满足时,继续执行该语句下面的内容,如果条件不满足时,直接跳出函数。(2)对程序中存在的函数间的调用要进行处理。对于存在函数方法调用的语句节点要通过程序CFG图实现对函数的调用,得到正确的执行顺序,并将被调用函数的返回结果正确返回调用节点;(3)正确处理函数修改器的调用,将其作为一个通用的函数调用处理,若当前函数需调用函数修改器,则在函数体内语句节点之前要先调用函数修改器的语句节点,在CFG中,要按照语句执行顺序实现相关节点的连接调用。Step S1: CFG drawing of the program to be tested. According to the variable type of solidity language (especially address type address and unsigned integer uint); flow control statements including if-else, while, for, etc.; function body structure defined by keyword function; unique internal function require and function The use of the modifier Function Modifier etc. to get accurate CFG. This step mainly pays attention to the following when drawing the CFG diagram: (1) When a conditional judgment statement such as require (or assert) is encountered in the program (generally within a function), treat require() as an if judgment structure, and use The statement that needs to be judged is treated as a conditional node. When the condition in () is met, continue to execute the content below the statement, if the condition is not met, jump out of the function directly. (2) The call between functions existing in the program should be processed. For statement nodes that have function method calls, it is necessary to realize the call to the function through the program CFG graph, obtain the correct execution sequence, and correctly return the return result of the called function to the call node; (3) correctly handle the call of the function modifier, and It is handled as a general function call. If the current function needs to call the function modifier, the statement node of the function modifier must be called before the statement node in the function body. In CFG, the connection call of the related nodes should be realized according to the order of statement execution .

步骤S2:整数溢出错误分析。根据步骤S1的CFG图遍历节点信息,在统计变量信息前,首先分析该程序是否存在整数溢出的安全性问题,若存在整数溢出,将存在整数溢出的节点标记;Step S2: Integer overflow error analysis. Traversing the node information according to the CFG graph in step S1, before counting the variable information, first analyze whether the program has an integer overflow security problem, if there is an integer overflow, there will be an integer overflow node mark;

步骤S3:程序变量的定义使用对收集。根据步骤S1的CFG遍历节点,统计出程序中所有变量的定义-使用对,记为dup,且若步骤S2中分析结果为存在整数溢出错误,则将有该标记节点存在的变量的定义-使用对统计出来,记为dup’;Step S3: The definition of the program variable uses pair collection. According to the CFG traversal node in step S1, the definition-use pairs of all variables in the program are counted, which is recorded as dup, and if the analysis result in step S2 shows that there is an integer overflow error, there will be a definition-use of the variable that exists in the marked node For the statistics, it is recorded as dup';

步骤S4:初始测试用例集生成。根据步骤S3统计出的dup,首先针对程序中的所有变量随机生成初始的包含4组测试用例的测试用例集;Step S4: Initial test case set generation. According to the dup counted in step S3, first randomly generate an initial test case set containing 4 groups of test cases for all variables in the program;

步骤S5:适应度函数设计及算法执行界限定义。设计遗传算法中的适应度函数用于选取较优者测试用例以驱动算法执行执行;并定义遗传算法执行界限,均衡覆盖率和执行时间,辅助算法执行;Step S5: Design of fitness function and definition of algorithm execution boundary. Design the fitness function in the genetic algorithm to select the superior test case to drive the algorithm execution; and define the genetic algorithm execution boundary, balance the coverage and execution time, and assist the algorithm execution;

步骤S6:遗传算法执行获取最优测试用例。根据步骤S5中的是适应度函数,求得步骤S4中初始测试用例(种群)的适应度值,进入遗传算法执行阶段,得到算法内最优结果。Step S6: Execute the genetic algorithm to obtain the optimal test case. According to the fitness function in step S5, the fitness value of the initial test case (population) in step S4 is obtained, enters the genetic algorithm execution stage, and obtains the optimal result in the algorithm.

图2为本发明实施例的一种面向solidity语言的基于数据流测试的测试用例生成方法的详细步骤,具体如下:步骤S1中,根据待测试程序要得到对应的控制流图,具体步骤为:Fig. 2 is the detailed steps of a kind of solidity-oriented language-based test case generation method based on data flow testing of the embodiment of the present invention, specifically as follows: in step S1, according to the program to be tested, the corresponding control flow diagram will be obtained, and the specific steps are:

步骤101:绘制给定程序的CFG,在绘制solidity编写的程序的控制流图时,首先考虑其控制结构语句:通用的有if-else、while、do-while、for、break、continue、return、?:(三目运算符);solidity中没有switch和goto控制结构语句。以外要注意程序中require语句的使用,遇到require语句,将其作为if选择控制结构处理,条件满足到达下一个语句,条件不满足时,退出当前正在执行的函数。以及该语言中特有的函数修改器的使用,当一个函数中使用了函数修改器,将该函数修改器作为一个函数调用处理,首先执行函数修改器的内容;Step 101: Draw the CFG of a given program. When drawing the control flow graph of a program written in solidity, first consider its control structure statements: general ones include if-else, while, do-while, for, break, continue, return, ? : (ternary operator); there are no switch and goto control structure statements in solidity. In addition, pay attention to the use of the require statement in the program. When encountering a require statement, treat it as an if selection control structure. If the condition is met, it will go to the next statement. If the condition is not met, exit the currently executing function. And the use of the unique function modifier in the language, when a function modifier is used in a function, the function modifier is treated as a function call, and the content of the function modifier is executed first;

步骤102:在solidity中,一个合约程序的内部也可能存在着多个函数方法(关键字为function),因此,对于给定程序中所有存在函数调用的语句,在处理该语句的顶点节点相关信息时也要正确定义其涉及的函数的调用以及被调函数的返回关系。Step 102: In solidity, there may be multiple function methods (the keyword is function) inside a contract program. Therefore, for all statements with function calls in a given program, the relevant information of the vertex node of the statement is processed It is also necessary to correctly define the call of the function involved and the return relationship of the called function.

步骤103:solidity中包含modifier函数修改器属性,一个函数可以通过调用函数修改器实现对该函数的修正作用。因此在生成控制流图过程中,需正确处理存在的对函数修改器的调用,将其作为一个通用的函数调用处理——若当前函数调用了函数修改器,则在函数体内语句节点执行之前应先调用函数修改器的语句节点。Step 103: Solidity includes a modifier function modifier attribute, and a function can be modified by calling the function modifier. Therefore, in the process of generating the control flow graph, it is necessary to correctly handle the existing call to the function modifier, and treat it as a general function call——if the current function calls the function modifier, it should be executed before the statement node in the function body The statement node that calls the function modifier first.

步骤S2中,根据程序CFG分析程序是否存在整数溢出错误,并当存在整数溢出错误时,对涉及到溢出错误的节点进行标记,其具体步骤如下:In step S2, analyze whether there is an integer overflow error in the program according to the program CFG, and when there is an integer overflow error, mark the nodes involved in the overflow error, and the specific steps are as follows:

步骤201:程序中对uint类型(该类型变量最小值为0)变量的操作都有可能会导致整数溢出的发生,尤其是针对uint8这种短位的变量,所以针对这种变量在进行算数运算操作(加、减、乘、除)前要进行变量溢出判断,若程序没有溢出判断,则会有整数溢出问题;因此对步骤1中的程序CFG从开始节点顺序分析每个节点,当遇到存在uint型变量运算操作的节点,判断在该节点前是否对该操作进行了整数溢出判断,若没有溢出判断语言节点,则判定程序存在整数溢出问题;Step 201: Operations on variables of uint type (the minimum value of this type of variable is 0) in the program may cause integer overflow, especially for short-bit variables such as uint8, so arithmetic operations are performed on such variables Before the operation (addition, subtraction, multiplication, and division), a variable overflow judgment must be performed. If the program does not have an overflow judgment, there will be an integer overflow problem; therefore, the program CFG in step 1 analyzes each node sequentially from the beginning node. If there is a node of uint type variable operation operation, it is judged whether an integer overflow judgment has been performed on the operation before this node, if there is no overflow judgment language node, it is judged that the program has an integer overflow problem;

步骤202:若经分析,待测试程序存在整数溢出,则对CFG中涉及到引发整数溢出错误的变量操作节点做特殊标注。Step 202: If after analysis, the program to be tested has integer overflow, then make a special mark on the variable operation nodes involved in causing integer overflow errors in the CFG.

步骤S3中,根据程序的CFG分析出程序中存在的所有变量的定义-使用对dup,其具体步骤如下:In step S3, according to the CFG of the program, the definitions of all the variables that exist in the program are analyzed - using the pair dup, the specific steps are as follows:

步骤301:对CFG中的每一个节点,按前向顺序逐顶点节点识别出包含变量定义的顶点节点(例如,存在一个顶点节点④处的语句为sum=a+b,则顶点④包含对变量sum的定义,是sum的一个定义节点),一个变量可能在多个节点处被定义,在寻找定义节点def过程中,要注意步骤202中做了特殊标记节点,若为变量的定义节点,仍作为特殊节点处理;Step 301: For each node in the CFG, identify the vertex node that contains the variable definition by vertex node in the forward order (for example, there is a statement at the vertex node ④ place is sum=a+b, then vertex ④ contains the pair variable The definition of sum is a definition node of sum), a variable may be defined at multiple nodes, in the process of finding the definition node def, it should be noted that a special marked node is made in step 202, if it is a variable definition node, it is still Treated as a special node;

步骤302:针对步骤301中的每个变量的每个定义节点,寻找其对应的所有使用节点(例如,存在一个顶点节点④处的语句为sum=a+b,则顶点④包含对变量a和变量b的使用,既是a又是b的一个使用节点),同样的,一个变量可能存在多个使用节点use,在寻找使用节点use时,要注意步骤202中做了特殊标记节点,若为变量的使用节点,仍作为特殊节点处理;Step 302: For each definition node of each variable in step 301, search for all its corresponding use nodes (for example, there is a statement at a vertex node ④ place is sum=a+b, then vertex ④ contains pair variable a and The use of variable b is a use node of both a and b), similarly, there may be multiple use nodes use for a variable, when looking for the use node use, pay attention to the special marked node in step 202, if it is a variable The used node is still treated as a special node;

步骤303:综合步骤301和步骤302,将会得到程序中所有的变量的定义-使用对,这里用如下表示dup=(d,u,v),其中v表示某一变量,d表示v的某一定义节点,u表示v的某一使用节点。对于同一个变量可能多个定义节点和多个使用节点,因此变量的定义使用对可以多个,计算出现的dup的数量总和(记为n);Step 303: Combining step 301 and step 302, the definition-use pairs of all variables in the program will be obtained. Here, the following expression dup=(d, u, v) is used, wherein v represents a certain variable, and d represents a certain value of v A definition node, u represents a use node of v. For the same variable, there may be multiple definition nodes and multiple use nodes, so there can be multiple definition and use pairs of variables, and the sum of the number of dups that appear (denoted as n);

步骤304:结合步骤202与步骤301-302的内容得到存在整数溢出问题的变量定义-使用对,这里用dup’表示,用以区分通用变量和可引起整数溢出的变量的定义和使用,计算出现的dup’的数量总和(记为m),若步骤202中结果为不存在整数溢出,即未做标记,则此处m统计值为0。Step 304: Combining the contents of Step 202 and Steps 301-302 to obtain the variable definition-use pair with integer overflow problem, here it is represented by dup', which is used to distinguish the definition and use of general variables and variables that can cause integer overflow, and the calculation occurs The sum of the numbers of dup' (denoted as m), if the result in step 202 is that there is no integer overflow, that is, no mark is made, then the statistical value of m here is 0.

步骤S4中,生成初始测试用例(初代种群),具体步骤如下:In step S4, an initial test case (primary population) is generated, and the specific steps are as follows:

步骤401:对于遗传算法中的种群大小(有几组测试用例,每个测试用例包含了程序中所有变量的一个测试输入)设置问题,考虑到适应度值计算的速度、遗传算法中理想测试用例的生成效率,结合对相关测试用例生成文献中参数选取和实验分析,同时要配合遗传算法中的交叉算子的使用,最终确定种群大小为4较为合适;Step 401: For the population size in the genetic algorithm (there are several groups of test cases, each test case includes a test input of all variables in the program) setting problem, considering the speed of fitness value calculation, the ideal test case in the genetic algorithm The generation efficiency, combined with the parameter selection and experimental analysis in the relevant test case generation literature, and the use of the crossover operator in the genetic algorithm, it is finally determined that the population size is 4 is more appropriate;

步骤402:关于初始测试用例生成方法采用随机测试随机生成方法,根据程序中存在的变量随机的生成一个随机数作为变量的测试输入。Step 402: Regarding the initial test case generation method, a random test random generation method is adopted, and a random number is randomly generated according to the variables existing in the program as the variable test input.

与面向对象编程语言(如java)不同,solidity中存在着一些可引起严重问题的安全性问题,本发明中主要涉及到整数溢出,该问题的出现在具体使用环境中会引起严重的后果,这就促使在程序测试过程中应着重强调这一点。结合错误产生的具体原因,该问题都可以通过步骤S2中的程序执行顺序分析得到;因此,在应用遗传算法过程中,需设计合适的适应度函数求得测试用例的适应度值以找到较优测试用例,另一方面,要对遗传算法执行进行限定以便在合理的时间内找得到算法的较优解。步骤S5中遗传算法适应度函数设计及算法执行上限说明,具体步骤如下:Different from object-oriented programming languages (such as java), there are some security issues that can cause serious problems in solidity, and mainly relate to integer overflow among the present invention, and the appearance of this problem can cause serious consequence in concrete use environment, this This prompts this point to be emphasized during program testing. Combined with the specific cause of the error, this problem can be obtained through the analysis of the program execution sequence in step S2; therefore, in the process of applying the genetic algorithm, it is necessary to design a suitable fitness function to obtain the fitness value of the test case to find the optimal Test cases, on the other hand, constrain the execution of the genetic algorithm in order to find an optimal solution to the algorithm in a reasonable amount of time. In step S5, the genetic algorithm fitness function design and algorithm execution upper limit description, the specific steps are as follows:

步骤501:设置参数ε,其中0<ε<1,ε在这里的作用是为了增加可导致整数溢出的相关变量操作的权重,可通过一些预实验,小范围内调整ε的值,通过分析测试用例趋于最优时遗传算法迭代次数以及整体适应度值收敛情况得到ε值,用于后面的实验;Step 501: Set the parameter ε, where 0<ε<1, the function of ε here is to increase the weight of related variable operations that can cause integer overflow, and the value of ε can be adjusted in a small range through some pre-experiments, and through analysis and testing When the use case tends to be optimal, the number of iterations of the genetic algorithm and the convergence of the overall fitness value are used to obtain the ε value, which is used for subsequent experiments;

步骤502:基于数据流覆盖测试的目标(当前测试用例能否覆盖程序中每个变量的定义和该定义所到达的对该变量的使用之间的路径)及基本准则(测试用例的对程序内所有变量的定义-使用路径的覆盖情况决定了测试用例的好坏),构造适应度函数其中i表示第i个测试用例,pi表示第i个测试用例覆盖的dup的数量,qi表示第i个测试用例覆盖的涉及到整数溢出错误的dup’数量,n表示程序中所有dup的数量,m表示程序中所有涉及到整数溢出错误的dup’数量;Step 502: based on the goal of the data flow coverage test (whether the current test case can cover the path between the definition of each variable in the program and the use of the variable reached by the definition) and the basic criterion (the test case's in-program The definition of all variables - the coverage of the use path determines the quality of the test case), construct the fitness function Where i represents the i-th test case, p i represents the number of dups covered by the i-th test case, q i represents the number of dups involving integer overflow errors covered by the i-th test case, n represents the number of all dups in the program The number, m represents the number of dup's involving integer overflow errors in the program;

步骤503:通过以下两部分内容对算法执行结束条件做了说明:(1)为达到可以在有限时间内执行这一目标,设定合理遗传算法迭代次数,若达到最高代数限制,即使适应度值仍未达到1,结束算法执行;(2)在遗传代数上限内,若适应度值达到1,为了取得较优的测试用例,算法会继续执行下一代的遗传计算,同时保存当前测试用例生成结果,若下一代的实验结果适应度值没有达到1,则算法结束,取上一代结果;反之存在适应度值为1的测试用例,算法结束,取最后一代执行结果。Step 503: The end condition of the algorithm execution is described through the following two parts: (1) In order to achieve the goal of being able to execute within a limited time, set a reasonable number of iterations of the genetic algorithm. If the highest algebraic limit is reached, even if the fitness value (2) If the fitness value reaches 1 within the upper limit of the genetic algebra, in order to obtain a better test case, the algorithm will continue to execute the next generation of genetic calculations, and save the current test case generation results at the same time , if the fitness value of the test results of the next generation does not reach 1, the algorithm ends, and the result of the previous generation is taken; otherwise, there is a test case with a fitness value of 1, the algorithm ends, and the execution result of the last generation is taken.

步骤S6中,遗传算法执行,得到算法内最优测试用例,其具体步骤如下(注:在遗传算法执行过程中,使用“个体”来表示每个测试用例):In step S6, the genetic algorithm is executed to obtain the optimal test case in the algorithm. The specific steps are as follows (note: during the execution of the genetic algorithm, "individual" is used to represent each test case):

步骤601:根据种群中每个个体中对变量的测试输入值,按照程序的CFG顺序执行每个语句节点,对于当前个体,首先计算其覆盖的dup数量(记为p),以及覆盖dup’数量(记为q),在统计q的值时,要注意其前提条件应满足:在将当前个体带入执行的状态下,对变量的使用或定义满足溢出条件(也就是带入变量的测试值后,保存相应节点操作的中间结果进行比较分析,且分析结果为溢出)时,才可以将该个体记为对整数溢出操作的一次有效覆盖,若步骤201中没有整数溢出、不存在标记节点,步骤202中没有被标记的dup’,则此处的q统计值为0,根据步骤502中的适应度函数计算每个个体的适应度值,其后的每一代遗传算法的执行都先计算新生成的种群每个个体的适应度值;Step 601: According to the test input value of the variable in each individual in the population, execute each statement node according to the CFG sequence of the program. For the current individual, first calculate the number of dups covered by it (denoted as p), and the number of covered dup's (denoted as q), when counting the value of q, it should be noted that the precondition should be satisfied: when the current individual is brought into the execution state, the use or definition of the variable satisfies the overflow condition (that is, the test value brought into the variable Afterwards, save the intermediate results of corresponding node operations for comparison and analysis, and the analysis result is overflow), the individual can be recorded as an effective coverage of integer overflow operations, if there is no integer overflow in step 201, and there is no marked node, If there is no marked dup' in step 202, the q statistical value here is 0, and the fitness value of each individual is calculated according to the fitness function in step 502, and the execution of each subsequent generation of genetic algorithm first calculates the new The fitness value of each individual in the generated population;

步骤602:本发明中,遗传算法的选择算子采用轮盘赌选择算子,具体为:个体被选中的概率与其适应度值的大小成正比,每个个体被选中的概率可以表示为其中M表示种群大小(即测试用例的数量),Fi表示第i个测试用例的适应度值;Step 602: In the present invention, the selection operator of the genetic algorithm adopts a roulette selection operator, specifically: the probability of an individual being selected is proportional to the size of its fitness value, and the probability of each individual being selected can be expressed as Among them, M represents the population size (that is, the number of test cases), and F i represents the fitness value of the i-th test case;

步骤603:本发明中,遗传算法部分采用的交叉算子基本原理同均匀交叉算子,但在传统均匀交叉算子的原理上进行了一些改变,具体为:交叉环节取两个个体做为一组,组内两个相互配对的个体中的每个变量以相同的概率进行交换,形成两个新个体,最终则可得到全新的四个个体;Step 603: In the present invention, the basic principle of the crossover operator used in the genetic algorithm part is the same as that of the uniform crossover operator, but some changes have been made on the principle of the traditional uniform crossover operator, specifically: the crossover link takes two individuals as one Group, each variable in the two paired individuals in the group is exchanged with the same probability to form two new individuals, and finally four new individuals can be obtained;

步骤604:本发明中,遗传算法部分采用的变异算子在传统遗传算法的基本位变异的基础上进行了修改,具体为:对经过交叉算子后得到的个体,随机指定个体中的某一个或几个变量以变异概率Pm进行变换;Step 604: In the present invention, the mutation operator used in the genetic algorithm part is modified on the basis of the basic bit mutation of the traditional genetic algorithm, specifically: for the individuals obtained after the crossover operator, randomly designate one of the individuals Or several variables are transformed with mutation probability P m ;

步骤605:经过步骤601—604,遗传算法将会自动生成下一代种群;Step 605: After steps 601-604, the genetic algorithm will automatically generate the next generation population;

步骤606:在步骤503的算法执行结束条件的约束下,迭代的执行步601-605,最终得到的测试用例即可视为算法内最优解。Step 606: Under the constraints of the algorithm execution end condition in step 503, iteratively execute steps 601-605, and the finally obtained test case can be regarded as the optimal solution in the algorithm.

Claims (8)

1. a kind of method for generating test case towards solidity language, which comprises the steps of:
(1) according to the types of variables of solidity language, control flow statement, function body structure, intrinsic function require and The use of function modifier is analyzed to obtain corresponding control to the intelligent contract program to be tested that solidity language is realized Flow graph CFG;
(2) each nodal information is traversed according to the CFG of step (1) figure, there are the nodes of uint type variable uses whether there is for judgement The safety issue of Integer overflow, and if it exists, the vertex ticks of Integer overflow then will be present;
(3) each nodal information is traversed according to the CFG of step (1) figure, counts definition-use of all numeric type variables in program It is right, it is denoted as dup, and if judging result is that will include the label section in step (2) there are Integer overflow in step (2) The definition-use pair of the existing variable of point comes out, and is denoted as dup ';
(4) dup counted according to step (3), if for all numeric type variables in program generate at random it is initial comprising The test use cases of dry group test case;
(5) fitness function in genetic algorithm is designed for choosing preferably test case to drive algorithm to execute;Wherein survey The fitness value of example on probation is the quantity of the dup of test case covering and the dup ' quantity for being related to Integer overflow of covering Weighted sum and all dup quantity and all dup ' quantity weighted sums ratio;
(6) according to the execution boundary of fitness function and algorithm in step (5), initial test case in step (4) is acquired Fitness value, start genetic algorithm iteration execute, obtain optimal result in algorithm.
2. the method for generating test case according to claim 1 towards solidity language, which is characterized in that the step Suddenly in (1) when the CFG figure of analysis program to be tested, consider that the use of address type variable in program, consideration are drawn by address variable The definition of its dependent variable;Consider that require and assert condition judges the use of sentence in program, using require sentence as One if construction of condition sentence is handled;A kind of form that function modifier is regarded as to function call, when encountering function body, It analyzes whether the function has used function modifier first, function modifier is first transferred to if having used function modifier, according to Function modifier content carries out the connection relationship transfer between node.
3. the method for generating test case according to claim 1 towards solidity language, which is characterized in that the step Suddenly include the following steps: in (2)
(21) it whether there is Integer overflow in the CFG analysis program obtained according to step (1), specifically: traversal CFG figure section Point, for there are the nodes of uint type variable uses, wherein variable uses include executing add, subtract, multiplying or except calculating, judging becoming Amount determines journey if not having using whether having the sentence node for overflow judgement to relevant variable operating result before node Sequence will appear Integer overflow;
(22) Integer overflow if it exists marks the variable running node for being related to causing Integer overflow in CFG Note.
4. the method for generating test case according to claim 3 towards solidity language, which is characterized in that the step Suddenly include the following steps: in (3)
(31) schemed according to CFG, node by node anolytic sentence information, find the definition node of numeric type variable present in program;
(32) it for the definition node of each variable found in step (31), finds its and corresponding all uses node;
(33) step (31), (32) are combined, the definition-use pair of variable present in program: dup=(d, u, v) is obtained, are calculated Its total quantity, is denoted as n;Wherein v indicates that a certain variable, d indicate a certain definition node of v, and u indicates that a certain of v uses node;
(34) content of step (22) and step (31), (32) is combined to obtain the variable-definition-use that there are problems that integer overflow It is right, it is indicated here with dup ', calculates its total quantity, be denoted as m, if result is not have integer overflow problem in step (22), i.e., not It makes marks, then m statistical value is 0 herein.
5. the method for generating test case according to claim 1 towards solidity language, which is characterized in that the step Suddenly the initial test use cases comprising 4 groups of test cases are generated in (4) at random for all numeric type variables in program.
6. the method for generating test case according to claim 1 towards solidity language, which is characterized in that the step Suddenly in (5), fitness function formulaWherein piIndicate i-th of test case covering The quantity of dup, qiIndicate the dup ' quantity for being related to Integer overflow of i-th of test case covering, institute in n representation program There is the quantity of dup, all dup ' quantity for being related to Integer overflow in m representation program, ε is weight parameter, 0 < ε < 1.
7. the method for generating test case according to claim 1 towards solidity language, which is characterized in that the step Suddenly in (6), the setting that algorithm executes boundary includes two parts: (1) genetic algorithm the number of iterations, if reaching the limitation of highest algebra, Fitness value is still not up to 1, also terminates;(2) in the genetic algebra upper limit, current test is saved if fitness value reaches 1 and is used Example generates as a result, carry out next-generation experiment again, if the fitness value of experimental result is small compared with parent, terminates, takes previous generation result.
8. the method for generating test case according to claim 1 towards solidity language, which is characterized in that the step Suddenly include the following steps: in (6)
(61) ideal adaptation angle value calculates in population: for each individual of generation, i.e., each test case, by corresponding test Data are put into program and execute, and the dup quantity of its covering is calculated by way of carrying out pitching pile to source program in advance, is denoted as p, with And covering dup ' quantity, it is denoted as q, when counting the value of q, precondition is the behaviour of variable under current individual execution state Work meets overflow condition, is just denoted as primary effective covering to Integer overflow, according to fitness function, calculates individual Fitness value;
(62) genetic algorithm iteration executes, optimal result in Algorithms of Selecting: according to the roulette wheel selection, uniformly in genetic algorithm Crossover operator and variation execute iteration and execute genetic algorithm, and genetic algorithm executes fitness value calculation all such as step each time (61), until executing boundary until reaching algorithm, arithmetic result is finally obtained.
CN201910341716.0A 2019-04-26 2019-04-26 Test case generation method for solidity language Expired - Fee Related CN110096439B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910341716.0A CN110096439B (en) 2019-04-26 2019-04-26 Test case generation method for solidity language

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910341716.0A CN110096439B (en) 2019-04-26 2019-04-26 Test case generation method for solidity language

Publications (2)

Publication Number Publication Date
CN110096439A true CN110096439A (en) 2019-08-06
CN110096439B CN110096439B (en) 2020-07-14

Family

ID=67445939

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910341716.0A Expired - Fee Related CN110096439B (en) 2019-04-26 2019-04-26 Test case generation method for solidity language

Country Status (1)

Country Link
CN (1) CN110096439B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111177730A (en) * 2019-12-19 2020-05-19 河海大学 A method and device for detecting and preventing problems in an ethereum smart contract
CN111797010A (en) * 2020-06-23 2020-10-20 河海大学 Intelligent contract test case generation method applying improved genetic algorithm
CN112052166A (en) * 2020-08-26 2020-12-08 河海大学 Test case generation method and device based on domination relationship
CN112118290A (en) * 2020-08-12 2020-12-22 北京大学 Program analysis-based data resource management and control method
CN112202647A (en) * 2020-12-09 2021-01-08 腾讯科技(深圳)有限公司 Test method, device and test equipment in block chain network
CN112202633A (en) * 2020-09-24 2021-01-08 成都质数斯达克科技有限公司 Block chain network testing method and device, electronic equipment and readable storage medium
CN113190441A (en) * 2021-04-26 2021-07-30 交叉信息核心技术研究院(西安)有限公司 Chain code test seed generation method, system, equipment and storage medium
CN113486357A (en) * 2021-07-07 2021-10-08 东北大学 Intelligent contract security detection method based on static analysis and deep learning
CN113778880A (en) * 2021-09-13 2021-12-10 江苏通付盾区块链科技有限公司 Intelligent contract function verification method and device based on formal verification

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050261859A1 (en) * 2004-05-24 2005-11-24 Jeremy Petsinger Systems and methods for evaluating a test case
CN101916222A (en) * 2010-08-09 2010-12-15 哈尔滨工程大学 A software testing method based on the combination of control flow graph traversal and slice forward traversal
CN103593287A (en) * 2013-10-30 2014-02-19 北京信息控制研究所 Genetic-algorithm-based method for automatically generating data stream test cases
CN103714000A (en) * 2013-12-18 2014-04-09 杭州电子科技大学 Sensitive area-oriented embedded software test case generating method
CN104572470A (en) * 2015-01-26 2015-04-29 中国人民解放军理工大学 Integer overflow fault detection method based on metamorphic relation
CN104615535A (en) * 2015-01-29 2015-05-13 北方工业大学 Method and device for generating test case based on extended data flow model

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050261859A1 (en) * 2004-05-24 2005-11-24 Jeremy Petsinger Systems and methods for evaluating a test case
CN101916222A (en) * 2010-08-09 2010-12-15 哈尔滨工程大学 A software testing method based on the combination of control flow graph traversal and slice forward traversal
CN103593287A (en) * 2013-10-30 2014-02-19 北京信息控制研究所 Genetic-algorithm-based method for automatically generating data stream test cases
CN103714000A (en) * 2013-12-18 2014-04-09 杭州电子科技大学 Sensitive area-oriented embedded software test case generating method
CN104572470A (en) * 2015-01-26 2015-04-29 中国人民解放军理工大学 Integer overflow fault detection method based on metamorphic relation
CN104615535A (en) * 2015-01-29 2015-05-13 北方工业大学 Method and device for generating test case based on extended data flow model

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
M. R. GIRGIS等: "Automatic gen eration of data flow test paths using a genetic algorithm", 《INTERNATIONAL》 *
惠战伟: "基于程序特征谱整数溢出错误定位技术研究", 《计算机学报》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111177730A (en) * 2019-12-19 2020-05-19 河海大学 A method and device for detecting and preventing problems in an ethereum smart contract
CN111797010A (en) * 2020-06-23 2020-10-20 河海大学 Intelligent contract test case generation method applying improved genetic algorithm
CN111797010B (en) * 2020-06-23 2022-09-23 河海大学 A Smart Contract Test Case Generation Method Using Improved Genetic Algorithm
CN112118290A (en) * 2020-08-12 2020-12-22 北京大学 Program analysis-based data resource management and control method
CN112118290B (en) * 2020-08-12 2022-03-18 北京大学 Program analysis-based data resource management and control method
CN112052166B (en) * 2020-08-26 2021-05-18 河海大学 A test case generation method and device based on dominance relationship
CN112052166A (en) * 2020-08-26 2020-12-08 河海大学 Test case generation method and device based on domination relationship
CN112202633A (en) * 2020-09-24 2021-01-08 成都质数斯达克科技有限公司 Block chain network testing method and device, electronic equipment and readable storage medium
CN112202633B (en) * 2020-09-24 2022-07-12 成都质数斯达克科技有限公司 Block chain network testing method and device, electronic equipment and readable storage medium
CN112202647A (en) * 2020-12-09 2021-01-08 腾讯科技(深圳)有限公司 Test method, device and test equipment in block chain network
CN113190441A (en) * 2021-04-26 2021-07-30 交叉信息核心技术研究院(西安)有限公司 Chain code test seed generation method, system, equipment and storage medium
CN113190441B (en) * 2021-04-26 2024-03-26 交叉信息核心技术研究院(西安)有限公司 Method, system, equipment and storage medium for generating chain code test seeds
CN113486357A (en) * 2021-07-07 2021-10-08 东北大学 Intelligent contract security detection method based on static analysis and deep learning
CN113486357B (en) * 2021-07-07 2024-02-13 东北大学 A smart contract security detection method based on static analysis and deep learning
CN113778880A (en) * 2021-09-13 2021-12-10 江苏通付盾区块链科技有限公司 Intelligent contract function verification method and device based on formal verification

Also Published As

Publication number Publication date
CN110096439B (en) 2020-07-14

Similar Documents

Publication Publication Date Title
CN110096439A (en) A kind of method for generating test case towards solidity language
CN110543421B (en) Unit test automatic execution method based on test case automatic generation algorithm
CN113626324B (en) Fuzzy test method for Move language virtual machine
CN111460450B (en) Source code vulnerability detection method based on graph convolution network
CN111797010B (en) A Smart Contract Test Case Generation Method Using Improved Genetic Algorithm
Møller et al. The pointer assertion logic engine
Davis et al. The reflective Milawa theorem prover is sound (down to the machine code that runs it)
CN113158194A (en) Vulnerability model construction method and detection method based on multi-relation graph network
CN117873559A (en) Code abstract generation method based on large language model and static analysis tool
CN110377511A (en) A kind of method for generating test case of Data Flow Oriented
CN118503083A (en) Intelligent contract security detection method based on mixed fuzzy test
CN111352830A (en) Method for evolutionary generation of variant test data based on statement dominance relationship
CN116702157B (en) Intelligent contract vulnerability detection method based on neural network
Hills Variable feature usage patterns in PHP (t)
CN117034281A (en) Method and system for detecting similarity of cross-architecture binary codes
CN120029630B (en) Intelligent contract decompilation code optimization method and system
CN116594869B (en) A Static Memory Defect Detection Method Based on Type Region Model
CN117251375A (en) A two-layer fuzz testing method based on model-guided smart contract call sequence generation
CN119396405A (en) DSL calculation expression running cost evaluation method and optimization method
CN115037648B (en) Smart contract test case generation method and system based on data flow reduction
Zhang et al. Ordinalfix: Fixing compilation errors via shortest-path CFL reachability
Klemen et al. Solving recurrence relations using machine learning, with application to cost analysis
Molina et al. Learning to prune infeasible paths in generalized symbolic execution
Anbunathan et al. Basis path based test suite minimization using genetic algorithm
Ray et al. A mechanical analysis of program verification strategies

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200714