Control Flow Graphs(CFGs)are essential for understanding the execution and data flow within software,serving as foundational structures in program analysis.Traditional CFG construction methods,such as bytecode analysi...Control Flow Graphs(CFGs)are essential for understanding the execution and data flow within software,serving as foundational structures in program analysis.Traditional CFG construction methods,such as bytecode analysis and Abstract Syntax Trees(ASTs),often face challenges due to the complex syntax of programming languages like Java and Python.This paper introduces a novel approach that leverages Large Language Models(LLMs)to generate CFGs through a methodical Chain of Thought(CoT)process.By employing CoT,the proposed approach systematically interprets code semantics directly from natural language,enhancing the adaptability across various programming languages and simplifying the CFG construction process.By implementing a modular AI chain strategy that adheres to the single responsibility principle,our approach breaks down CFG generation into distinct,manageable steps handled by separate AI and non-AI units,which can significantly improve the precision and coverage of CFG nodes and edges.The experiments with 245 Java and 281 Python code snippets from Stack Overflow demonstrate that our method achieves efficient performance on different programming languages and exhibits strong robustness.展开更多
Regression testing is the process of validating modified software to provide confidence that the changed parts of the software behave as intended and that the unchanged parts have not been adversely affected by the mo...Regression testing is the process of validating modified software to provide confidence that the changed parts of the software behave as intended and that the unchanged parts have not been adversely affected by the modifications. The goal of regression testing is to reduce the test suit by testing the new characters and the modified parts of a program with the original test suit. Regression testing is a high cost testing method. This paper presents a regression testing selection technique that can reduce the test suit on the basis of Control Flow Graph (CFG). It import the inherit strategy of object-oriented language to ensure an edge’s control domain to reduce the test suit size effectively. We implement the idea by coding the edge. An algorithm is also presented at last.展开更多
To solve the problems that the exception handling code is hard to test and maintain and that it affects the robustness and reliability of software, a method for evaluating the exception handling of programs is present...To solve the problems that the exception handling code is hard to test and maintain and that it affects the robustness and reliability of software, a method for evaluating the exception handling of programs is presented. The exception propagation graph (EPG) that describes the large programs with exception handling constructs is proposed by simplifying the control flow graph and it is applied to a case to verify its validity. According to the EPG, the exception handling code that never executes is identified; the points that are the most critical to controlling exception propagation are found; and the irrational exception handling code is corrected. The constructing algorithm for the EPG is given; thus, this provides a basis for automatically constructing the EPG and automatically correcting the irrational exception handling code.展开更多
In order to improve the efficiency of regression testing in web application,the control flow graph and the greedy algorithm are adopted.This paper considers a web page as a basic unit and introduces a test case select...In order to improve the efficiency of regression testing in web application,the control flow graph and the greedy algorithm are adopted.This paper considers a web page as a basic unit and introduces a test case selection method for web application regression testing based on the control flow graph.This method is safe enough to the test case selection.On the base of features of request sequence in web application,the minimization technique and the priority of test cases are taken into consideration in the process of execution of test cases in regression testing for web application.The improved greedy algorithm is also raised resulting in optimization of execution of test cases.The experiments indicate that the number of test cases which need to be retested is reduced,and the efficiency of execution of test cases is also improved.展开更多
Based on the different roles played by base flow and alternative flow in the process to achieve user's goals, we have found that loop structure is frequently used to implement alternative flow and/or to connect diffe...Based on the different roles played by base flow and alternative flow in the process to achieve user's goals, we have found that loop structure is frequently used to implement alternative flow and/or to connect different use cases. This paper presents an approach to identify base flows and alternative flows of different use cases by traversing control flow graph in which back edges are eliminated. The effectiveness of the approach is verified by identification of the use case structure of an ATM system. The workload of human intervention of the approach is relatively slight, and the manner of human intervention closely follows the usual process of software comprehension.展开更多
Software protection technology has been universally emphasized, with the development of reverse engineering and static analysis techniques. So, it is important to research how to quantitatively evaluate the security o...Software protection technology has been universally emphasized, with the development of reverse engineering and static analysis techniques. So, it is important to research how to quantitatively evaluate the security of the protected software. However, there are some researchers evaluating the security of the proposed protect techniques directly by the traditional complexity metrics, which is not suffident. In order to better reflect security from software complexity, a multi-factor complexity metric based on control flow graph (CFG) is proposed, and the corresponding calculating procedures are presented in detail. Moreover, complexity density models are constructed to indicate the strength of software resisting reverse engineering and code analysis. Instance analysis shows that the proposed method is simple and practical, and can more objectively reflect software security from the perspective of the complexity.展开更多
This paper deals with a comparative study on testing of concurrent programs based on different techniques. The various challenges in testing concurrent programming are: defining test coverage criteria based on control...This paper deals with a comparative study on testing of concurrent programs based on different techniques. The various challenges in testing concurrent programming are: defining test coverage criteria based on control flow, generating control flow graph of nondeterministic programs, investigating the applicability of sequential testing criteria to parallel program testing etc. For solving these issues, some existing techniques are discussed in this study. Various researchers use an intermediate graph called Event Inter Actions Graph (EIAG) to solve the problem of generating the control flow graph of nondeterministic programs. Some researches propose an intermediate graph called Interaction Sequence Testing Criteria (ISTC) approach based on sequence of interactions to solve the problem of test coverage criteria based on control and data flow. Another method to solve the problem of generating test coverage based on control flow graph of nondeterministic programs is constraint based approach. It needs constrained elements to generate test case which includes structural element and constraint. The selection of good test cases has been addressed by test data generation technique. The technique of concurrent path analysis approach is used to solve the problem of applicability of sequential testing criteria to parallel program testing. It reduces the number of combined concurrent test paths. The sequential test paths are combined to form concurrent test path. The Integration and System Test Automation (ISTA) approach is used to solve the problem of applicability of sequential testing criteria to parallel program testing. It is used for automated test case generation and execution by using high-level Petri net is a finite state test model.展开更多
The paper takes Web service composition document as the research object, through the analysis of the documents, the port and address on the Web server, to create a Web intrusion detection model. The core of the model ...The paper takes Web service composition document as the research object, through the analysis of the documents, the port and address on the Web server, to create a Web intrusion detection model. The core of the model will monitor the Web server host resources, and finally discusses in detail the design and implementation of resource monitoring system. Intrusion detection model proposed can effectively regulate the behavior of users in this paper, allowing users follow a pre-standard service to call service providers, largely to protect the security of Web services.展开更多
Developing secure software systems is a major challenge in the software industry due to errors or weaknesses that bring vulnerabilities to the software system.To address this challenge,researchers often use the source...Developing secure software systems is a major challenge in the software industry due to errors or weaknesses that bring vulnerabilities to the software system.To address this challenge,researchers often use the source code features of vulnerabilities to improve vulnerability detection.Notwithstanding the success achieved by these techniques,the existing studies mainly focus on the conceptual description without an accurate definition of vulnerability features.In this study,we introduce a novel and efficient Memory-Related Vulnerability Detection Approach using Vulnerability Features (MRVDAVF).Our framework uses three distinct strategies to improve vulnerability detection.In the first stage,we introduce an improved Control Flow Graph (CFG) and Pointer-related Control Flow Graph (PCFG) to describe the features of some common vulnerabilities,including memory leak,doublefree,and use-after-free.Afterward,two algorithms,namely Vulnerability Judging algorithm based on Vulnerability Feature (VJVF) and Feature Judging (FJ) algorithm,are employed to detect memory-related vulnerabilities.Finally,the proposed model is validated using three test cases obtained from Juliet Test Suite.The experimental results show that the proposed approach is feasible and effective.展开更多
Tile basic features of object-oriented software makes it difficult to apply traditional testing methods in objectoriented systems. Control Flow Graph (CFG) is a well-known model used for identification of independen...Tile basic features of object-oriented software makes it difficult to apply traditional testing methods in objectoriented systems. Control Flow Graph (CFG) is a well-known model used for identification of independent paths in procedural software. This paper highlights the problem of constructing CFG in object-oriented systems and proposes a new model named Extended Control Flow Graph (ECFG) for code based analysis of Object-Oriented (OO) software. ECFG is a layered CFG where nodes refer to methods rather than statements. A new metrics Extended Cyclomatic Complexity (E-CC) is developed which is analogous to McCabe's Cyclomatic Complexity (CC) and refers to the number of independent execution paths within the OO software. The different ways in which CFG's of individual methods are connected in an ECFG are presented and formulas for E-CC for these different cases are proposed. Finally we have considered an example in Java and based on its ECFG, applied these cases to arrive at the E-CC of the total system as well as proposed a methodology for calculating the basis set, i.e., the set of independent paths for the OO system that will help in creation of test cases for code testing.展开更多
基金Supported by the National Natural Science Foundation of China(62462036,62262031)Jiangxi Provincial Natural Science Foundation(20242BAB26017,20232BAB202010)+1 种基金Distinguished Youth Fund Project of the Natural Science Foundation of Jiangxi Province(20242BAB23011)the Jiangxi Province Graduate Innovation Found Project(YJS2023032)。
文摘Control Flow Graphs(CFGs)are essential for understanding the execution and data flow within software,serving as foundational structures in program analysis.Traditional CFG construction methods,such as bytecode analysis and Abstract Syntax Trees(ASTs),often face challenges due to the complex syntax of programming languages like Java and Python.This paper introduces a novel approach that leverages Large Language Models(LLMs)to generate CFGs through a methodical Chain of Thought(CoT)process.By employing CoT,the proposed approach systematically interprets code semantics directly from natural language,enhancing the adaptability across various programming languages and simplifying the CFG construction process.By implementing a modular AI chain strategy that adheres to the single responsibility principle,our approach breaks down CFG generation into distinct,manageable steps handled by separate AI and non-AI units,which can significantly improve the precision and coverage of CFG nodes and edges.The experiments with 245 Java and 281 Python code snippets from Stack Overflow demonstrate that our method achieves efficient performance on different programming languages and exhibits strong robustness.
基金This work was supported by Shanghai Municipal Science and Technology commission No.04ZR14105and Shanghai UniversitiesTechnology Development Foundation No.2002DZ46
文摘Regression testing is the process of validating modified software to provide confidence that the changed parts of the software behave as intended and that the unchanged parts have not been adversely affected by the modifications. The goal of regression testing is to reduce the test suit by testing the new characters and the modified parts of a program with the original test suit. Regression testing is a high cost testing method. This paper presents a regression testing selection technique that can reduce the test suit on the basis of Control Flow Graph (CFG). It import the inherit strategy of object-oriented language to ensure an edge’s control domain to reduce the test suit size effectively. We implement the idea by coding the edge. An algorithm is also presented at last.
基金The National Natural Science Foundation of China(No60503020)the National Basic Research Program of China (973Program) (No2002CB312000)+1 种基金the Natural Science Foundation of Jiangsu Province (NoBK2006094)the Science Research Foundation of China University of Mining and Technology
文摘To solve the problems that the exception handling code is hard to test and maintain and that it affects the robustness and reliability of software, a method for evaluating the exception handling of programs is presented. The exception propagation graph (EPG) that describes the large programs with exception handling constructs is proposed by simplifying the control flow graph and it is applied to a case to verify its validity. According to the EPG, the exception handling code that never executes is identified; the points that are the most critical to controlling exception propagation are found; and the irrational exception handling code is corrected. The constructing algorithm for the EPG is given; thus, this provides a basis for automatically constructing the EPG and automatically correcting the irrational exception handling code.
基金The National Natural Science Foundation of China(No.60503020,60503033,60703086)Opening Foundation of Jiangsu Key Laboratory of Computer Information Processing Technology in Soochow University(No.KJS0714)
文摘In order to improve the efficiency of regression testing in web application,the control flow graph and the greedy algorithm are adopted.This paper considers a web page as a basic unit and introduces a test case selection method for web application regression testing based on the control flow graph.This method is safe enough to the test case selection.On the base of features of request sequence in web application,the minimization technique and the priority of test cases are taken into consideration in the process of execution of test cases in regression testing for web application.The improved greedy algorithm is also raised resulting in optimization of execution of test cases.The experiments indicate that the number of test cases which need to be retested is reduced,and the efficiency of execution of test cases is also improved.
基金Supported by the Major Research Plan of the National Natural Science Foundation of China(90818027)the Key Program of the National Natural Science Foundation of China(60633010)+2 种基金the National Natural Science Foundation of China (60873050,60873049,60803008)the Natural Science Foundation of Jiangsu Province of China(BK2006094,BK2008292)the Opening Foundation of State Key Laboratory of Software Engineering in Wu-han University (SkLSE20080717)
文摘Based on the different roles played by base flow and alternative flow in the process to achieve user's goals, we have found that loop structure is frequently used to implement alternative flow and/or to connect different use cases. This paper presents an approach to identify base flows and alternative flows of different use cases by traversing control flow graph in which back edges are eliminated. The effectiveness of the approach is verified by identification of the use case structure of an ATM system. The workload of human intervention of the approach is relatively slight, and the manner of human intervention closely follows the usual process of software comprehension.
基金Key Project of the National Eleventh-Five Year Research Program of China(No.2006BAD10A07)
文摘Software protection technology has been universally emphasized, with the development of reverse engineering and static analysis techniques. So, it is important to research how to quantitatively evaluate the security of the protected software. However, there are some researchers evaluating the security of the proposed protect techniques directly by the traditional complexity metrics, which is not suffident. In order to better reflect security from software complexity, a multi-factor complexity metric based on control flow graph (CFG) is proposed, and the corresponding calculating procedures are presented in detail. Moreover, complexity density models are constructed to indicate the strength of software resisting reverse engineering and code analysis. Instance analysis shows that the proposed method is simple and practical, and can more objectively reflect software security from the perspective of the complexity.
文摘This paper deals with a comparative study on testing of concurrent programs based on different techniques. The various challenges in testing concurrent programming are: defining test coverage criteria based on control flow, generating control flow graph of nondeterministic programs, investigating the applicability of sequential testing criteria to parallel program testing etc. For solving these issues, some existing techniques are discussed in this study. Various researchers use an intermediate graph called Event Inter Actions Graph (EIAG) to solve the problem of generating the control flow graph of nondeterministic programs. Some researches propose an intermediate graph called Interaction Sequence Testing Criteria (ISTC) approach based on sequence of interactions to solve the problem of test coverage criteria based on control and data flow. Another method to solve the problem of generating test coverage based on control flow graph of nondeterministic programs is constraint based approach. It needs constrained elements to generate test case which includes structural element and constraint. The selection of good test cases has been addressed by test data generation technique. The technique of concurrent path analysis approach is used to solve the problem of applicability of sequential testing criteria to parallel program testing. It reduces the number of combined concurrent test paths. The sequential test paths are combined to form concurrent test path. The Integration and System Test Automation (ISTA) approach is used to solve the problem of applicability of sequential testing criteria to parallel program testing. It is used for automated test case generation and execution by using high-level Petri net is a finite state test model.
文摘The paper takes Web service composition document as the research object, through the analysis of the documents, the port and address on the Web server, to create a Web intrusion detection model. The core of the model will monitor the Web server host resources, and finally discusses in detail the design and implementation of resource monitoring system. Intrusion detection model proposed can effectively regulate the behavior of users in this paper, allowing users follow a pre-standard service to call service providers, largely to protect the security of Web services.
基金funded by the National Natural Science Foundation of China(Nos.U1836116 and 61872167)the Project of Jiangsu Provincial Six Talent Peaks(No.XYDXXJS-016)the Graduate Research Innovation Project of Jiangsu Province(No.KYCX171807)。
文摘Developing secure software systems is a major challenge in the software industry due to errors or weaknesses that bring vulnerabilities to the software system.To address this challenge,researchers often use the source code features of vulnerabilities to improve vulnerability detection.Notwithstanding the success achieved by these techniques,the existing studies mainly focus on the conceptual description without an accurate definition of vulnerability features.In this study,we introduce a novel and efficient Memory-Related Vulnerability Detection Approach using Vulnerability Features (MRVDAVF).Our framework uses three distinct strategies to improve vulnerability detection.In the first stage,we introduce an improved Control Flow Graph (CFG) and Pointer-related Control Flow Graph (PCFG) to describe the features of some common vulnerabilities,including memory leak,doublefree,and use-after-free.Afterward,two algorithms,namely Vulnerability Judging algorithm based on Vulnerability Feature (VJVF) and Feature Judging (FJ) algorithm,are employed to detect memory-related vulnerabilities.Finally,the proposed model is validated using three test cases obtained from Juliet Test Suite.The experimental results show that the proposed approach is feasible and effective.
文摘Tile basic features of object-oriented software makes it difficult to apply traditional testing methods in objectoriented systems. Control Flow Graph (CFG) is a well-known model used for identification of independent paths in procedural software. This paper highlights the problem of constructing CFG in object-oriented systems and proposes a new model named Extended Control Flow Graph (ECFG) for code based analysis of Object-Oriented (OO) software. ECFG is a layered CFG where nodes refer to methods rather than statements. A new metrics Extended Cyclomatic Complexity (E-CC) is developed which is analogous to McCabe's Cyclomatic Complexity (CC) and refers to the number of independent execution paths within the OO software. The different ways in which CFG's of individual methods are connected in an ECFG are presented and formulas for E-CC for these different cases are proposed. Finally we have considered an example in Java and based on its ECFG, applied these cases to arrive at the E-CC of the total system as well as proposed a methodology for calculating the basis set, i.e., the set of independent paths for the OO system that will help in creation of test cases for code testing.
