公开(公告)号：US09043761B2

公开(公告)日：2015-05-26

申请号：US12873843

申请日：2010-09-01

申请人： Shay Artzi ,  Julian Dolby ,  Marco Pistoia ,  Frank Tip

发明人： Shay Artzi ,  Julian Dolby ,  Marco Pistoia ,  Frank Tip

IPC分类号： G06F9/44 ,  G06F11/36

CPC分类号： G06F11/3688 ,  G06F11/3692

摘要： Disclosed is a novel computer implemented system, on demand service, computer program product and a method that leverages combined concrete and symbolic execution and several fault-localization techniques to automatically detects failures and localizes faults in PHP Hypertext Preprocessor (“PHP”) Web applications.

摘要翻译： 公开了一种新颖的计算机实现系统，按需服务，计算机程序产品和利用组合的具体和符号执行以及多种故障定位技术来自动检测PHP超文本预处理器（“PHP”）Web应用程序中的故障和本地化故障的方法。

公开(公告)号：US08578342B2

公开(公告)日：2013-11-05

申请号：US12502562

申请日：2009-07-14

申请人： Shay Artzi ,  Julian Dolby ,  Frank Tip

发明人： Shay Artzi ,  Julian Dolby ,  Frank Tip

IPC分类号： G06F9/44

CPC分类号： G06F11/3692 ,  G06F9/454 ,  G06F11/3684 ,  G06F21/51 ,  G06F2221/2119

摘要： The present invention provides a system, computer program product and a computer implemented method for prioritizing code fragments based on the use of a software oracle and on a correlation between the executed code fragments and the output they produce. Also described is a computer-implemented method generates additional user inputs based on execution information associated with path constraints and based on information from the oracle. Advantageously, the embodiment is useful in a test generation tool that generated many similar inputs when a failure-inducing input is found, in order to enhance fault localization. Further, described is a computer-implemented flow for extending the existing idea of concolic testing to applications that interact with persistent state.

摘要翻译： 本发明提供了一种系统，计算机程序产品和计算机实现的方法，用于基于使用软件oracle以及所执行的代码片段与其产生的输出之间的相关性对代码片段进行优先级排序。 还描述了一种基于计算机实现的方法，其基于与路径约束相关联的执行信息并且基于来自oracle的信息生成额外的用户输入。 有利地，该实施例对于在发现故障诱导输入时产生许多相似输入的测试生成工具中是有用的，以便增强故障定位。 此外，描述了一种计算机实现的流程，用于将现有的concolic测试思想扩展到与持久状态交互的应用程序。

公开(公告)号：US08516449B2

公开(公告)日：2013-08-20

申请号：US12902423

申请日：2010-10-12

申请人： Shay Artzi ,  Julian Dolby ,  Marco Pistoia ,  Frank Tip ,  Omer Tripp

发明人： Shay Artzi ,  Julian Dolby ,  Marco Pistoia ,  Frank Tip ,  Omer Tripp

IPC分类号： G06F9/44

CPC分类号： G06F11/3604

摘要： The present invention provides a system, computer program product, and a computer implemented method for analyzing a set of two or more communicating applications. The method includes executing a first application, such as a client application, and executing a second application, such as a server application. The applications are communicating with each other. A correlation is recorded between the applications and an execution characteristic exhibited on execution. An oracle is used to determine an analysis of the first application that has been executed. The execution of the first application causes a change of state in the second application and/or a change control flow in the second application. Code fragment in the first application and/or the second application are prioritized based on an evaluation produced by the oracle, and based on the correlation between the code fragments that have been executed and the execution characteristic exhibited by the code fragments.

摘要翻译： 本发明提供了一种系统，计算机程序产品和用于分析一组两个或多个通信应用的计算机实现的方法。 该方法包括执行诸如客户端应用的第一应用，以及执行诸如服务器应用的第二应用。 应用程序正在彼此通信。 应用之间记录相关性，执行时执行特性。 使用oracle来确定已执行的第一个应用程序的分析。 第一应用的执行导致第二应用中的状态改变和/或第二应用中的改变控制流。 第一应用程序和/或第二应用程序中的代码片段基于由oracle生成的评估，并且基于已执行的代码片段与代码片段所呈现的执行特性之间的相关性进行优先级排序。

公开(公告)号：US08387018B2

公开(公告)日：2013-02-26

申请号：US12873816

申请日：2010-09-01

申请人： Shay Artzi ,  Julian Dolby ,  Marco Pistoia ,  Frank Tip

发明人： Shay Artzi ,  Julian Dolby ,  Marco Pistoia ,  Frank Tip

IPC分类号： G06F9/44 ,  G06F11/00

CPC分类号： G06F11/3684 ,  G06F11/3688

摘要： Disclosed is a novel computer implemented system, on demand service, computer program product and a method for fault-localization techniques that apply statistical analyses to execution data gathered from multiple tests. The present invention determines the fault-localization effectiveness of test suites generated according to several test-generation techniques based on combined concrete and symbolic (concolic) execution. These techniques are evaluated by applying the Ochiai fault-localization technique to generated test suites in order to localize 35 faults in four PHPWeb applications. The results show that the test-generation techniques under consideration produce test suites with similar high fault-localization effectiveness, when given a large time budget.

摘要翻译： 公开了一种新颖的计算机实现系统，按需服务，计算机程序产品和用于故障定位技术的方法，其将统计分析应用于从多个测试收集的执行数据。 本发明确定了基于组合的具体和符号（concolic）执行的几种测试生成技术产生的测试套件的故障定位有效性。 通过将Ochiai故障定位技术应用于生成的测试套件来评估这些技术，以便在四个PHPWeb应用程序中定位35个故障。 结果表明，考虑到的测试生成技术产生具有类似高故障定位效果的测试套件，当给予大的时间预算时。

公开(公告)号：US20110016356A1

公开(公告)日：2011-01-20

申请号：US12502519

申请日：2009-07-14

申请人： Shay ARTZI ,  Julian DOLBY ,  Frank TIP

发明人： Shay ARTZI ,  Julian DOLBY ,  Frank TIP

IPC分类号： G06F11/36 ,  G06F9/44

CPC分类号： G06F11/3672 ,  G06F11/3466 ,  G06F11/3612

摘要： The present invention provides a system, computer program product and a computer implemented method for prioritizing code fragments based on the use of a software oracle and on a correlation between the executed code fragments and the output they produce. Also described is a computer-implemented method generates additional user inputs based on execution information associated with path constraints and based on information from the oracle. Advantageously, the embodiment is useful in a test generation tool that generated many similar inputs when a failure-inducing input is found, in order to enhance fault localization. Further, described is a computer-implemented flow for extending the existing idea of concolic testing to applications that interact with persistent state.

摘要翻译： 本发明提供了一种系统，计算机程序产品和计算机实现的方法，用于基于使用软件oracle以及所执行的代码片段与其产生的输出之间的相关性对代码片段进行优先级排序。 还描述了一种基于计算机实现的方法，其基于与路径约束相关联的执行信息并且基于来自oracle的信息生成额外的用户输入。 有利地，该实施例对于在发现故障诱导输入时产生许多相似输入的测试生成工具中是有用的，以便增强故障定位。 此外，描述了一种计算机实现的流程，用于将现有的concolic测试思想扩展到与持久状态交互的应用程序。

公开(公告)号：US20080189696A1

公开(公告)日：2008-08-07

申请号：US12034359

申请日：2008-02-20

申请人： BJORN DE SUTTER ,  Julian Dolby ,  Frank Tip

发明人： BJORN DE SUTTER ,  Julian Dolby ,  Frank Tip

IPC分类号： G06F9/44

CPC分类号： G06F8/443 ,  G06F8/36

摘要： A method and computer readable medium for automatic replacement of object classes in a library with custom classes to improve program efficiency. The method begins with static analysis preformed on a program containing a plurality of objects in order to determine type-correctness constraints and to detect unused functionality in one or more of the objects to be replaced. The plurality of objects is instrumented to detect usage patterns of functionality in one or more objects. Customized classes are generated based upon the static analysis and usage patterns detected. Bytecode is rewritten which is used for generating classes. The present invention provides transparency in the replacement of the objects.

公开(公告)号：US20060282476A1

公开(公告)日：2006-12-14

申请号：US11150611

申请日：2005-06-10

申请人： Julian Dolby ,  Frank Tip ,  Mandana Vaziri

发明人： Julian Dolby ,  Frank Tip ,  Mandana Vaziri

IPC分类号： G06F17/30

CPC分类号： G06F8/458

摘要： A system and method includes steps or acts of receiving and examining a computer program written in an object-oriented language; receiving sequences of accesses that form logical operations on a set of memory locations used by the program; receiving definitions of atomic sets of memory locations, each consisting of pieces of data; providing a message indicating where the synchronization is required.

摘要翻译： 一种系统和方法包括接收和检查以面向对象语言编写的计算机程序的步骤或动作; 接收在程序使用的一组存储器位置上形成逻辑操作的访问序列; 接收存储器位置的原子集的定义，每个存储器位置由数据段组成; 提供指示需要同步的位置的消息。

公开(公告)号：US20120254839A1

公开(公告)日：2012-10-04

申请号：US13493067

申请日：2012-06-11

申请人： Stephen Fink ,  Yinnon A. Haviv ,  Roee Hay ,  Marco Pistoia ,  Ory Segal ,  Adi Sharabani ,  Manu Sridharan ,  Frank Tip ,  Omer Tripp ,  Omri Weisman

发明人： Stephen Fink ,  Yinnon A. Haviv ,  Roee Hay ,  Marco Pistoia ,  Ory Segal ,  Adi Sharabani ,  Manu Sridharan ,  Frank Tip ,  Omer Tripp ,  Omri Weisman

IPC分类号： G06F9/44

CPC分类号： G06F11/3604 ,  G06F9/44589 ,  G06F9/455 ,  G06F11/36 ,  G06F11/362 ,  G06F21/577 ,  G06F2221/033

摘要： Systems, methods are program products for simulating black box test results using information obtained from white box testing, including analyzing computer software (e.g., an application) to identify a potential vulnerability within the computer software application and a plurality of milestones associated with the potential vulnerability, where each of the milestones indicates a location within the computer software application, tracing a path from a first one of the milestones to an entry point into the computer software application, identifying an input to the entry point that would result in a control flow from the entry point and through each of the milestones, describing the potential vulnerability in a description indicating the entry point and the input, and presenting the description via a computer-controlled output medium.

摘要翻译： 系统，方法是使用从白盒测试获得的信息来模拟黑盒测试结果的程序产品，包括分析计算机软件（例如应用程序）以识别计算机软件应用程序中的潜在漏洞以及与潜在漏洞相关联的多个里程碑 ，其中每个里程碑指示计算机软件应用程序内的位置，跟踪从第一个里程碑到入口点的路径到计算机软件应用程序中，识别入口点的输入将导致控制流从 描述在描述入口点和输入的描述中的潜在漏洞，以及经由计算机控制的输出介质呈现描述的入口点和通过每个里程碑。

公开(公告)号：US20120054553A1

公开(公告)日：2012-03-01

申请号：US12873843

申请日：2010-09-01

申请人： Shay ARTZI ,  Julian Dolby ,  Marco Pistoia ,  Frank Tip

发明人： Shay ARTZI ,  Julian Dolby ,  Marco Pistoia ,  Frank Tip

IPC分类号： G06F11/36

CPC分类号： G06F11/3688 ,  G06F11/3692

摘要： Disclosed is a novel computer implemented system, on demand service, computer program product and a method that leverages combined concrete and symbolic execution and several fault-localization techniques to create a uniquely powerful tool that automatically detects failures and localizes faults in PHP Web applications. The fault-localization techniques evaluated combine variations on the Tarantula algorithm with a technique based on maintaining a mapping between executed statements and the fragments of output they produce, mapping of conditional results, and values returned from function calls. These techniques have been implemented in a tool called Apollo, and evaluated by localizing 75 randomly selected faults that were exposed by automatically generated tests in four PHP applications. Our findings indicate that, using our best technique, 87.7% of the faults under consideration are localized to within 1% of all executed statements, which constitutes an almost five-fold improvement over the Tarantula algorithm.

摘要翻译： 公开了一种新颖的计算机实现系统，按需服务，计算机程序产品和利用组合的具体和符号执行以及多种故障定位技术的方法来创建一个独特强大的工具，可自动检测故障并定位PHP Web应用程序中的故障。 评估的故障定位技术将Tarantula算法的变化与基于维护执行语句之间的映射及其产生的输出片段，条件结果映射以及函数调用返回值的技术相结合。 这些技术已经在一个名为Apollo的工具中实现，并通过将四个PHP应用程序中自动生成的测试暴露的75个随机选择的故障进行本地化评估。 我们的研究结果表明，使用我们最好的技术，所考虑的故障的87.7％被定位在所有执行语句的1％内，这比Tarantula算法提高了近5倍。

公开(公告)号：US20110016456A1

公开(公告)日：2011-01-20

申请号：US12502545

申请日：2009-07-14

申请人： SHAY ARTZI ,  Julian Dolby ,  Frank Tip

发明人： SHAY ARTZI ,  Julian Dolby ,  Frank Tip

IPC分类号： G06F9/44

CPC分类号： G06F11/3692 ,  G06F11/3684

摘要： The present invention provides a system, computer program product and a computer implemented method for prioritizing code fragments based on the use of a software oracle and on a correlation between the executed code fragments and the output they produce. Also described is a computer-implemented method generates additional user inputs based on execution information associated with path constraints and based on information from the oracle. Advantageously, the embodiment is useful in a test generation tool that generated many similar inputs when a failure-inducing input is found, in order to enhance fault localization. Further, described is a computer-implemented flow for extending the existing idea of concolic testing to applications that interact with persistent state.

摘要翻译： 本发明提供了一种系统，计算机程序产品和计算机实现的方法，用于基于使用软件oracle以及所执行的代码片段与其产生的输出之间的相关性对代码片段进行优先级排序。 还描述了一种基于计算机实现的方法，其基于与路径约束相关联的执行信息并且基于来自oracle的信息生成额外的用户输入。 有利地，该实施例对于在发现故障诱导输入时产生许多相似输入的测试生成工具中是有用的，以便增强故障定位。 此外，描述了一种计算机实现的流程，用于将现有的concolic测试思想扩展到与持久状态交互的应用程序。