System for determining whether screen displayed by program satisfies specification
    1.
    发明授权
    System for determining whether screen displayed by program satisfies specification 失效
    用于确定由程序显示的屏幕是否满足规格的系统

    公开(公告)号:US07849404B2

    公开(公告)日:2010-12-07

    申请号:US11695692

    申请日:2007-04-03

    IPC分类号: G06F17/00

    CPC分类号: G06F11/3604

    摘要: It is determined whether a plurality of screens to be sequentially displayed by a process of a program satisfies a specification without executing this program. A system of the present invention stores a first schema prescribing a specification of a first screen, a second schema prescribing a specification of a second screen, and an event switching the display by program from the first screen to the second screen. First, a partial program executed in response to an event generated during displaying the screen satisfying the first schema is extracted from a program on the basis of the first schema and the event. Next, an intermediate program for calculating a set of screens being displayed in response to an event generated during displaying screens in a set of screens satisfying the first schema from this set is generated on the basis of the partial program. Next, it is determined that these screens satisfy a specification on condition that the first screen satisfies the first schema and a set of screens obtained by applying the intermediate program to the first schema satisfies the second schema.

    摘要翻译: 通过程序的处理来确定要顺序地显示的多个屏幕是否满足规范而不执行该程序。 本发明的系统存储规定第一屏幕的规格的第一模式,规定第二屏幕的指定的第二模式以及通过程序将显示从第一屏幕切换到第二屏幕的事件。 首先,基于第一模式和事件从程序中提取响应于在显示满足第一模式的屏幕期间产生的事件而执行的部分程序。 接下来,基于部分程序生成用于计算响应于在从一组中满足第一模式的一组屏幕中显示屏幕期间产生的事件而产生的事件而显示的屏幕的中间程序。 接下来,确定这些屏幕在第一屏幕满足第一模式的条件下满足规范,并且通过将中间程序应用于第一模式而获得的一组屏幕满足第二模式。

    SYSTEM FOR DETERMINING WHETHER SCREEN DISPLAYED BY PROGRAM SATISFIES SPECIFICATION
    2.
    发明申请
    SYSTEM FOR DETERMINING WHETHER SCREEN DISPLAYED BY PROGRAM SATISFIES SPECIFICATION 失效
    用于确定程序满意度规范显示的屏幕的系统

    公开(公告)号:US20070233737A1

    公开(公告)日:2007-10-04

    申请号:US11695692

    申请日:2007-04-03

    IPC分类号: G06F7/00

    CPC分类号: G06F11/3604

    摘要: It is determined whether a plurality of screens to be sequentially displayed by a process of a program satisfies a specification without executing this program. A system of the present invention stores a first schema prescribing a specification of a first screen, a second schema prescribing a specification of a second screen, and an event switching the display by program from the first screen to the second screen. First, a partial program executed in response to an event generated during displaying the screen satisfying the first schema is extracted from a program on the basis of the first schema and the event. Next, an intermediate program for calculating a set of screens being displayed in response to an event generated during displaying screens in a set of screens satisfying the first schema from this set is generated on the basis of the partial program. Next, it is determined that these screens satisfy a specification on condition that the first screen satisfies the first schema and a set of screens obtained by applying the intermediate program to the first schema satisfies the second schema.

    摘要翻译: 通过程序的处理来确定要顺序地显示的多个屏幕是否满足规范而不执行该程序。 本发明的系统存储规定第一屏幕的规格的第一模式,规定第二屏幕的指定的第二模式以及通过程序将显示从第一屏幕切换到第二屏幕的事件。 首先,基于第一模式和事件从程序中提取响应于在显示满足第一模式的屏幕期间产生的事件而执行的部分程序。 接下来,基于部分程序生成用于计算响应于在从一组中满足第一模式的一组屏幕中显示屏幕期间产生的事件而产生的事件而显示的屏幕的中间程序。 接下来,确定这些屏幕在第一屏幕满足第一模式的条件下满足规范,并且通过将中间程序应用于第一模式而获得的一组屏幕满足第二模式。

    SYSTEM FOR DETERMINING WHETHER SCREEN DISPLAYED BY PROGRAM SATISFIES SPECIFICATION
    3.
    发明申请
    SYSTEM FOR DETERMINING WHETHER SCREEN DISPLAYED BY PROGRAM SATISFIES SPECIFICATION 审中-公开
    用于确定程序满意度规范显示的屏幕的系统

    公开(公告)号:US20080195926A1

    公开(公告)日:2008-08-14

    申请号:US12056952

    申请日:2008-03-27

    IPC分类号: G06F17/00

    CPC分类号: G06F11/3604

    摘要: It is determined whether a plurality of screens to be sequentially displayed by a process of a program satisfies a specification without executing this program. A system of the present invention stores a first schema prescribing a specification of a first screen, a second schema prescribing a specification of a second screen, and an event switching the display by program from the first screen to the second screen. First, a partial program executed in response to an event generated during displaying the screen satisfying the first schema is extracted from a program on the basis of the first schema and the event. Next, an intermediate program for calculating a set of screens being displayed in response to an event generated during displaying screens in a set of screens satisfying the first schema from this set is generated on the basis of the partial program. Next, it is determined that these screens satisfy a specification on condition that the first screen satisfies the first schema and a set of screens obtained by applying the intermediate program to the first schema satisfies the second schema.

    摘要翻译: 通过程序的处理来确定要顺序地显示的多个屏幕是否满足规范而不执行该程序。 本发明的系统存储规定第一屏幕的规格的第一模式,规定第二屏幕的指定的第二模式以及通过程序将显示从第一屏幕切换到第二屏幕的事件。 首先,基于第一模式和事件从程序中提取响应于在显示满足第一模式的屏幕期间产生的事件而执行的部分程序。 接下来,基于部分程序生成用于计算响应于在从一组中满足第一模式的一组屏幕中显示屏幕期间产生的事件而产生的事件而显示的屏幕的中间程序。 接下来,确定这些屏幕在第一屏幕满足第一模式的条件下满足规范,并且通过将中间程序应用于第一模式而获得的一组屏幕满足第二模式。

    System, method, and program for determining validity of string
    4.
    发明授权
    System, method, and program for determining validity of string 失效
    用于确定字符串有效性的系统,方法和程序

    公开(公告)号:US08365280B2

    公开(公告)日:2013-01-29

    申请号:US12825610

    申请日:2010-06-29

    IPC分类号: G06F11/00

    摘要: A computer-implemented method, program product, and system for determining the validity of a string generated by a computer programming language program. The method includes: abstracting a constraint between variables extracted from a source code for a programming language, describing the constraint in M2L, and storing the constraint; and evaluating the validity of the string on an M2L solver on the basis of the constraint and a M2L specification to determine whether the string is safe or unsafe.

    摘要翻译: 用于确定由计算机程序设计语言程序生成的字符串的有效性的计算机实现的方法,程序产品和系统。 该方法包括:从用于编程语言的源代码提取的变量之间抽取约束,描述M2L中的约束,并存储该约束; 并基于约束和M2L规范来评估M2L求解器上的字符串的有效性,以确定字符串是安全还是不安全。

    Systems, methods and computer program products for string analysis with security labels for vulnerability detection
    5.
    发明授权
    Systems, methods and computer program products for string analysis with security labels for vulnerability detection 失效
    使用安全标签进行字符串分析的系统,方法和计算机程序产品进行漏洞检测

    公开(公告)号:US07530107B1

    公开(公告)日:2009-05-05

    申请号:US11960153

    申请日:2007-12-19

    IPC分类号: G06F21/00

    CPC分类号: G06F21/577

    摘要: Systems, methods and computer program products for string analysis with security labels for vulnerability detection. Exemplary embodiments include a method in a computer system configured to analyze security-labeled strings and to detect vulnerability, the method including receiving a program with security labels, translating the program into a static single assignment form, constructing a control flow graph having basic blocks as nodes, extracting instructions relating to string functions and object variables, calculating pre-conditions of variables for the basic blocks, extracting constraints among the variables subject to a rule set for translating pre-conditions, solving the constraints and obtaining a set of strings that he object variables form as a context-free grammar to obtain a set of security-labeled strings, checking if the set of security-labeled strings satisfies a rule of the rule set for translating pre-conditions and identifying locations in the program where a vulnerability is detected.

    摘要翻译: 使用安全标签进行字符串分析的系统,方法和计算机程序产品进行漏洞检测。 示例性实施例包括被配置为分析安全标记的字符串并且检测脆弱性的计算机系统中的方法,所述方法包括接收具有安全标签的程序,将程序转换成静态单个分配形式,构建具有基本块的控制流程图 节点,提取与字符串函数和对象变量相关的指令,计算基本块的变量的前提条件,提取受限于规则集的变量之间的约束,以便翻译前提条件,解决约束并获得一组字符串 对象变量形成为无上下文的语法,以获取一组安全标记的字符串,检查安全标记字符串的集合是否满足规则集的规则,用于翻译前提条件并识别漏洞所在的程序中的位置 检测到。

    SYSTEM, METHOD, AND PROGRAM FOR DETERMINING VALIDITY OF STRING
    6.
    发明申请
    SYSTEM, METHOD, AND PROGRAM FOR DETERMINING VALIDITY OF STRING 失效
    用于确定STRING有效性的系统,方法和程序

    公开(公告)号:US20100333201A1

    公开(公告)日:2010-12-30

    申请号:US12825610

    申请日:2010-06-29

    IPC分类号: G06F11/00

    摘要: A computer-implemented method, program product, and system for determining the validity of a string generated by a computer programming language program. The method includes: abstracting a constraint between variables extracted from a source code for a programming language, describing the constraint in M2L, and storing the constraint; and evaluating the validity of the string on an M2L solver on the basis of the constraint and a M2L specification to determine whether the string is safe or unsafe.

    摘要翻译: 用于确定由计算机程序设计语言程序生成的字符串的有效性的计算机实现的方法,程序产品和系统。 该方法包括:从用于编程语言的源代码提取的变量之间抽取约束,描述M2L中的约束,并存储该约束; 并基于约束和M2L规范来评估M2L求解器上的字符串的有效性,以确定字符串是安全还是不安全。

    USING A HEURISTICALLY-GENERATED POLICY TO DYNAMICALLY SELECT STRING ANALYSIS ALGORITHMS FOR CLIENT QUERIES
    8.
    发明申请
    USING A HEURISTICALLY-GENERATED POLICY TO DYNAMICALLY SELECT STRING ANALYSIS ALGORITHMS FOR CLIENT QUERIES 有权
    使用全景生成策略动态选择客户端查询的分析算法

    公开(公告)号:US20130091079A1

    公开(公告)日:2013-04-11

    申请号:US13412121

    申请日:2012-03-05

    IPC分类号: G06F15/18

    CPC分类号: G06N5/00

    摘要: A method for dynamically selecting string analysis algorithms can begin with the training of the dynamic string analysis handler of a string analysis module to effectively handle a subset of string queries having contextual metadata received from a client application in an instructional environment. The effectiveness of the training module can be based upon feedback from the client application. Upon completion of the training, a string analysis algorithm selection policy can be synthesized. The string analysis algorithm selection policy can correlate a context of a string query in the subset to the usage of a string analysis algorithm. When in the operational environment, the dynamic string analysis handler can dynamically handle string queries having contextual metadata received from the client application in accordance with the string analysis algorithm selection policy. The string analysis algorithm to be used for a string query can be dynamically and independently determined.

    摘要翻译: 用于动态选择字符串分析算法的方法可以开始于字符串分析模块的动态字符串分析处理程序的训练,以有效地处理在教学环境中从客户端应用程序接收的具有上下文元数据的字符串查询的子集。 培训模块的有效性可以基于客户端应用程序的反馈。 完成培训后,可以合成字符串分析算法选择策略。 字符串分析算法选择策略可以将子集中的字符串查询的上下文与字符串分析算法的使用相关联。 在操作环境中,动态字符串分析处理程序可以根据字符串分析算法选择策略来动态地处理具有从客户端应用程序接收的上下文元数据的字符串查询。 用于字符串查询的字符串分析算法可以动态和独立地确定。

    Determining whether method of computer program is a validator
    9.
    发明授权
    Determining whether method of computer program is a validator 失效
    确定计算机程序的方法是否为验证程序

    公开(公告)号:US08365281B2

    公开(公告)日:2013-01-29

    申请号:US12950432

    申请日:2010-11-19

    CPC分类号: G06F21/50 G06F21/563

    摘要: An illegal pattern and a computer program having a method are received. The method has one or more return statements, and a number of basic blocks. The method is normalized so that each return statement of the target method relating to the illegal pattern returns a constant Boolean value. A first path condition and a second path condition for one or more corresponding paths is determined such that one or more corresponding basic blocks return a constant Boolean value of true for the first path condition and a constant Boolean value of false for the second path condition. An unsatisfiability of each path condition is determined using a monadic second-order logic (M2L) technique. Where the unsatisfiability of either path condition is false, the method is reported as not being a validator. Where the unsatisfiability of either path condition is true, the method is reported as being a validator.

    摘要翻译: 接收到具有方法的非法模式和计算机程序。 该方法具有一个或多个返回语句和一些基本块。 该方法被归一化,使得与非法模式相关的目标方法的每个返回语句返回一个常量布尔值。 确定用于一个或多个对应路径的第一路径条件和第二路径条件,使得一个或多个对应的基本块返回针对第一路径条件的常数布尔值为true,对于第二路径条件返回常量布尔值为假。 使用一元二阶逻辑(M2L)技术确定每个路径条件的不满足性。 如果任一路径条件的不满足性为假,则将该方法报告为不是验证器。 如果任一路径条件的不满足性为真,则将该方法报告为验证器。

    Crawling of object model using transformation graph
    10.
    发明授权
    Crawling of object model using transformation graph 失效
    使用变换图来爬行对象模型

    公开(公告)号:US08296722B2

    公开(公告)日:2012-10-23

    申请号:US12246065

    申请日:2008-10-06

    IPC分类号: G06F9/44

    CPC分类号: G06F8/10

    摘要: A transformation tree for an object model (OM) is defined. The transformation tree has nodes interconnected by edges, where each node is connected to at most one other tree node. Each node corresponds to a state of the OM; each edge corresponds to an event causing the OM to transition from the state of one node to the state of another node. A transformation graph for the OM is constructed by simulating the transformation tree. The transformation graph has nodes interconnected by edges, and is a directed graph in which each node is connected to one or more other nodes. Each node corresponds to a state of the OM; each edge corresponds to an event causing the OM to transition from the state of one node to the state of another node. Crawling-oriented actions are performed in relation to the OM by being performed in relation to the transformation graph.

    摘要翻译: 定义了对象模型(OM)的转换树。 转换树具有通过边缘互连的节点,其中每个节点连接到最多一个其他树节点。 每个节点都对应于OM的状态; 每个边缘对应于导致OM从一个节点的状态转变到另一个节点的状态的事件。 通过模拟转换树构建OM的变换图。 转换图具有通过边缘互连的节点,并且是有向图,其中每个节点连接到一个或多个其他节点。 每个节点对应于OM的状态; 每个边缘对应于导致OM从一个节点的状态转变到另一个节点的状态的事件。 通过相对于变换图执行针对OM执行针对爬行的动作。