中文摘要：

为了及时对不断更新的大型软件进行漏洞分析,该文提出了一种基于软件代码差异分析的智能模糊测试方法。新旧代码经逆向分析和比对后确定代码差异区,再通过基于数据与控制依赖关系的双向传播分析,识别差异潜在影响区和相关输入变量,生成差异影响模型,在其指导下开展按需模糊测试与基于动态符号执行的智能进化测试,最终生成强针对性的测试用例。已实现原型工具,并对多个不同差异度的PHP软件版本进行了测试实验,检测到4个安全漏洞,覆盖了相邻软件版本85%以上的差异影响区域。实验结果表明：与当前方法相比,该方法既减少了对差异无关区域的冗余测试,又通过聚焦测试导向,提高了测试效率和代码覆盖率。

英文摘要：

This paper presents a smart fuzzy testing method based on software code differential analysis to quickly detect new vulnerabilities in evolving large software packages. The new and old versions of software codes are reverse analyzed and binary compared to identify the code differences. Then, a difference impact model is developed from the impacted areas and related input variations, which are derived from bi directional propagation of the data and control dependences. This model guides the on demand fuzzy testing and the evolution of the testing based on dynamic symbolic execution, which generates target test cases. The prototype has been implemented and tested on several PHP software versions with a range of differences. The prototype detected 4 vulnerabilities and covered more than 85% of the difference impact areas in subsequent versions. Tests show that this method is more efficiency and provides better code coverage than existing methods by reducing redundant test cases for different unrelated areas and focusing the test direction.