| 发明名称 |
Code coverage-based taint perimeter detection |
| 摘要 |
A code coverage-based taint perimeter detection system and method for testing software code by determining code coverage and detecting new coverage of the code. Embodiments of the system and method perform tainted data flow analysis on execution traces of the code to determine tainted branch targets. The tainted branch targets may be filtered to remove any tainted branch targets that have already been covered. New coverage can be determined by monitoring the filtered tainted branch targets, which in some embodiments involves the use of software breakpoints that are automatically placed at the locations in the tainted branch targets at runtime. Embodiments of the system and method use an iterative process to ensure that only tainted branch targets that have not already been covered or tested are examined. |
| 申请公布号 |
US8839203(B2) |
申请公布日期 |
2014.09.16 |
| 申请号 |
US201113115985 |
申请日期 |
2011.05.25 |
| 申请人 |
Microsoft Corporation |
发明人 |
Opstad Edwin Lars;Renk Andrew;Margolis Daniel |
| 分类号 |
G06F9/44 |
主分类号 |
G06F9/44 |
| 代理机构 |
|
代理人 |
Choi Dan;Yee Judy;Minhas Micky |
| 主权项 |
1. A method implemented by at least one computing device, the method comprising:
generating multiple execution traces of software code using a set of multiple different inputs to the software code; determining tainted branch targets by performing data flow analysis on the multiple execution traces of the software code, the tainted branch targets being associated with tainted conditional branches in the software code; filtering the tainted branch targets to identify a taint perimeter of the software code, the taint perimeter comprising a subset of the tainted branch targets that have not been covered by the multiple different inputs; automatically placing breakpoints into the taint perimeter during runtime of the software code while the software code is currently executing on the at least one computing device; upon triggering of an individual breakpoint in the taint perimeter when executing the software code using a particular input, detecting that new code from the software code has been covered by the particular input; generating a new execution trace for the new code; performing additional data flow analysis on the new execution trace to identify additional tainted branch targets in the new code; filtering the additional tainted branch targets to identify an updated taint perimeter of the software code; automatically placing a new breakpoint into the updated taint perimeter; and upon triggering of the new breakpoint when executing the software code using a further input, detecting that further new code from the software code has been covered by the further input. |
| 地址 |
Redmond WA US |
