摘要
精细分析对提高关键软件的安全非常重要,并因计算量大而需要自动化.本文基于J M Voas的Fault/Failure概念模型及其PIE分析,提出一个实用的软件代码精细分析技术和工具.文中描述了软件代码精细分析的全过程,重点讲述“自动分析记录”的工作流程及执行、感染和传播这三个关键分析的概念性算法,并给出了工具的框架图解.此外还提出粒度可调思想,能调节分析的精度和范围,较好地解决了Fault/Failure模型的限制,拓展了用途.最后本文给出了一些具体的应用思路,如放置警报器、评估可靠性、配置资源、设计测试实例等,以及对面向对象软件测试的启发.
Precision analysis is very important for key software to improve security, and needs to be automated because of large computing. Based on J M Voas' notional model of Fault/Failure and the PIE analysis, this paper develops a practical technology and presents an automated tool to analyze software code in detail. it describes the whole work flow of precision analytical process, especially the 'automated analysis & record' phase and the notional arithmetic of three key analyses:execution,infection,propagation,and gives frame diagram of the tool. What is more, it presents the idea of adjustable granularity, which can change the precision class and analysis range, has in a way overcome the limits of Fault/Failure model and expands the possible applications. At the end, it also points out some applications such as to place assertion,estimate teliability,configure resource,design test case,and mention the elicitation to OO software testing.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2002年第12A期2163-2165,共3页
Acta Electronica Sinica
