专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08656496B2 Global variable security analysis 失效
标题翻译：全局变量安全性分析
公开(公告)号：US08656496B2
公开(公告)日：2014-02-18
申请号：US12951435
申请日：2010-11-22
申请人： Shay Artzi , Ryan Berg , John Peyton , Marco Pistoia , Manu Sridharan , Takaaki Tateishi , Omer Tripp , Robert Wiener
发明人： Shay Artzi , Ryan Berg , John Peyton , Marco Pistoia , Manu Sridharan , Takaaki Tateishi , Omer Tripp , Robert Wiener
IPC分类号： G06F11/07 , G06F9/455
CPC分类号： G06F21/577 , G06F21/00 , G06F2221/034
摘要： A method includes determining selected global variables in a program for which flow of the selected global variables through the program is to be tracked. The selected global variables are less than all the global variables in the program. The method includes using a static analysis performed on the program, tracking flow through the program for the selected global variables. In response to one or more of the selected global variables being used in security-sensitive operations in the flow, use is analyzed of each one of the selected global variables in a corresponding security-sensitive operation. In response to a determination the use may be a potential security violation, the potential security violation is reported. Apparatus and computer program products are also disclosed.
摘要翻译：一种方法包括确定在所述程序中选择的全局变量，通过所述程序，所选择的全局变量的流程将被跟踪。所选的全局变量小于程序中的所有全局变量。该方法包括使用对程序执行的静态分析，跟踪所选择的全局变量的程序流程。响应于在流中的安全敏感操作中使用的一个或多个所选择的全局变量，在相应的安全敏感操作中对所选择的全局变量中的每一个进行分析。为了回应确定，使用可能是潜在的安全违规，报告潜在的安全违规。还公开了装置和计算机程序产品。

2. 发明申请

US20120131670A1 Global Variable Security Analysis 失效
标题翻译：全局变量安全分析
公开(公告)号：US20120131670A1
公开(公告)日：2012-05-24
申请号：US12951435
申请日：2010-11-22
申请人： Shay Artzi , Ryan Berg , John Peyton , Marco Pistoia , Manu Sridharan , Takaaki Tateishi , Omer Tripp , Robert Wiener
发明人： Shay Artzi , Ryan Berg , John Peyton , Marco Pistoia , Manu Sridharan , Takaaki Tateishi , Omer Tripp , Robert Wiener
IPC分类号： G06F21/00
CPC分类号： G06F21/577 , G06F21/00 , G06F2221/034
摘要： A method includes determining selected global variables in a program for which flow of the selected global variables through the program is to be tracked. The selected global variables are less than all the global variables in the program. The method includes using a static analysis performed on the program, tracking flow through the program for the selected global variables. In response to one or more of the selected global variables being used in security-sensitive operations in the flow, use is analyzed of each one of the selected global variables in a corresponding security-sensitive operation. In response to a determination the use may be a potential security violation, the potential security violation is reported. Apparatus and computer program products are also disclosed.
摘要翻译：一种方法包括确定在所述程序中选择的全局变量，通过所述程序，所选择的全局变量的流程将被跟踪。所选的全局变量小于程序中的所有全局变量。该方法包括使用对程序执行的静态分析，跟踪所选择的全局变量的程序流程。响应于在流中的安全敏感操作中使用的一个或多个所选择的全局变量，在相应的安全敏感操作中对所选择的全局变量中的每一个进行分析。为了回应确定，使用可能是潜在的安全违规，报告潜在的安全违规。还公开了装置和计算机程序产品。

3. 发明授权

US08434070B2 Generating specifications of client-server applications for static analysis 失效
标题翻译：生成用于静态分析的客户端 - 服务器应用程序的规范
公开(公告)号：US08434070B2
公开(公告)日：2013-04-30
申请号：US12912345
申请日：2010-10-26
申请人： Shay Artzi , Ryan Berg , John T. Peyton, Jr. , Marco Pistoia , Manu Sridharan , Robert Wiener
发明人： Shay Artzi , Ryan Berg , John T. Peyton, Jr. , Marco Pistoia , Manu Sridharan , Robert Wiener
IPC分类号： G06F9/44 , G06F9/45
CPC分类号： G06F8/30
摘要： Systems and methods are provided for creating a data structure associated with a software application that is based on at least one framework. According to the method, source code and at least one configuration file of the software application is analyzed by at least one framework-specific processor so as to determine entry point information indicating entry points in the source code, request attribute access information indicating where attributes attached to a request data structure are read and written, and forward information indicating forwards performed by the software application. A data structure for a static analysis engine is created based on this information. The data structure includes a list of synthetic methods that model framework-related behavior of the software application, and a list of entry points indicating the synthetic methods and/or application methods of the software application that can be invoked by the framework.
摘要翻译：系统和方法被提供用于创建与基于至少一个框架的软件应用相关联的数据结构。根据该方法，由至少一个特定于框架的处理器分析软件应用的源代码和至少一个配置文件，以便确定指示源代码中的入口点的入口点信息，指示附加属性的属性访问信息读取和写入请求数据结构，以及指示由软件应用执行的转发的转发信息。基于此信息创建静态分析引擎的数据结构。数据结构包括对软件应用程序的框架相关行为进行建模的综合方法列表，以及指示框架可以调用的软件应用程序的合成方法和/或应用方法的入口点列表。

4. 发明申请

US20120102474A1 STATIC ANALYSIS OF CLIENT-SERVER APPLICATIONS USING FRAMEWORK INDEPENDENT SPECIFICATIONS 审中-公开
标题翻译：使用框架独立规范的客户端服务器应用的静态分析
公开(公告)号：US20120102474A1
公开(公告)日：2012-04-26
申请号：US12912382
申请日：2010-10-26
申请人： Shay Artzi , Ryan Berg , Yinnon A. Haviv , John T. Peyton, JR. , Marco Pistoia , Manu Sridharan , Babita Sharma , Omri Weisman , Robert Wiener
发明人： Shay Artzi , Ryan Berg , Yinnon A. Haviv , John T. Peyton, JR. , Marco Pistoia , Manu Sridharan , Babita Sharma , Omri Weisman , Robert Wiener
IPC分类号： G06F9/45
CPC分类号： G06F8/75
摘要： Systems and methods are provided for statically analyzing a software application that is based on at least one framework. According to the method, source code of the software application and a specification associated with the software application are analyzed. The specification includes a list of synthetic methods that model framework-related behavior of the software application, and a list of entry points indicating the synthetic methods and/or application methods of the software application that can be invoked by the framework. Based on the source code and the specification, intermediate representations for the source code and the synthetic methods are generated. Based on the intermediate representations and the specification, call graphs are generated to model which application methods of the software application invoke synthetic methods or other application methods of the software application. The software application is statically analyzed based on the call graphs and the intermediate representations so as to generate analysis results for the software application.
摘要翻译：提供了系统和方法，用于静态分析基于至少一个框架的软件应用程序。根据该方法，分析软件应用的源代码和与软件应用相关的规范。该规范包括对软件应用程序的框架相关行为进行建模的综合方法列表，以及指示框架可以调用的软件应用程序的合成方法和/或应用方法的入口点列表。基于源代码和规范，生成源代码和合成方法的中间表示。基于中间表示和规范，生成调用图来模拟软件应用程序的哪些应用程序调用软件应用程序的合成方法或其他应用程序。基于调用图和中间表示静态分析软件应用程序，以生成软件应用程序的分析结果。

5. 发明授权

US09135147B2 Automated testing of applications with scripting code 有权
标题翻译：使用脚本代码自动测试应用程序
公开(公告)号：US09135147B2
公开(公告)日：2015-09-15
申请号：US13457083
申请日：2012-04-26
申请人： Shay Artzi , Julian Dolby , Salvatore A. Guarnieri , Simon H. Jensen , Marco Pistoia , Manu Sridharan , Frank Tip , Omer Tripp
发明人： Shay Artzi , Julian Dolby , Salvatore A. Guarnieri , Simon H. Jensen , Marco Pistoia , Manu Sridharan , Frank Tip , Omer Tripp
IPC分类号： G06F9/44 , G06F11/36 , G06F11/34
CPC分类号： G06F11/3676 , G06F11/3466 , G06F11/3684 , G06F11/3688
摘要： A novel system, computer program product, and method are disclosed for feedback-directed automated test generation for programs, such as JavaScript, in which execution is monitored to collect information that directs the test generator towards inputs that yield increased coverage. Several instantiations of the framework are implemented, corresponding to variations on feedback-directed random testing, in a tool called Artemis.
摘要翻译：公开了一种新颖的系统，计算机程序产品和方法用于诸如JavaScript的程序的反馈定向的自动测试生成，其中执行被监视以收集将测试发生器引导到产生增加的覆盖的输入的信息。在一个名为Artemis的工具中，实现了框架的几个实例，对应于反馈导向随机测试的变化。

6. 发明授权

US08516449B2 Detecting and localizing security vulnerabilities in client-server application 失效
标题翻译：检测和本地化客户端 - 服务器应用程序中的安全漏洞
公开(公告)号：US08516449B2
公开(公告)日：2013-08-20
申请号：US12902423
申请日：2010-10-12
申请人： Shay Artzi , Julian Dolby , Marco Pistoia , Frank Tip , Omer Tripp
发明人： Shay Artzi , Julian Dolby , Marco Pistoia , Frank Tip , Omer Tripp
IPC分类号： G06F9/44
CPC分类号： G06F11/3604
摘要： The present invention provides a system, computer program product, and a computer implemented method for analyzing a set of two or more communicating applications. The method includes executing a first application, such as a client application, and executing a second application, such as a server application. The applications are communicating with each other. A correlation is recorded between the applications and an execution characteristic exhibited on execution. An oracle is used to determine an analysis of the first application that has been executed. The execution of the first application causes a change of state in the second application and/or a change control flow in the second application. Code fragment in the first application and/or the second application are prioritized based on an evaluation produced by the oracle, and based on the correlation between the code fragments that have been executed and the execution characteristic exhibited by the code fragments.
摘要翻译：本发明提供了一种系统，计算机程序产品和用于分析一组两个或多个通信应用的计算机实现的方法。该方法包括执行诸如客户端应用的第一应用，以及执行诸如服务器应用的第二应用。应用程序正在彼此通信。应用之间记录相关性，执行时执行特性。使用oracle来确定已执行的第一个应用程序的分析。第一应用的执行导致第二应用中的状态改变和/或第二应用中的改变控制流。第一应用程序和/或第二应用程序中的代码片段基于由oracle生成的评估，并且基于已执行的代码片段与代码片段所呈现的执行特性之间的相关性进行优先级排序。

7. 发明授权

US08903702B2 Generating specifications for expression language expressions and tag libraries 有权
标题翻译：生成表达式语言表达式和标签库的规范
公开(公告)号：US08903702B2
公开(公告)日：2014-12-02
申请号：US13222612
申请日：2011-08-31
申请人： Shay Artzi , Manu Sridharan
发明人： Shay Artzi , Manu Sridharan
IPC分类号： G06F9/45 , G06F9/44 , G06F17/30
CPC分类号： G06F17/30 , G06F8/75
摘要： Systems and methods are provided for creating a data structure associated with a software application that is based on at least one framework. According to the method, at least one Java Server Page file associated with the software application is analyzed. The Java Server Page (JSP) file includes at least one call to at least one library tag, and at least one Expression Language (EL) expression. A set of tag library usage information for the JSP file is generated based. The set of tag library usage information includes at least one variable, and a value of the at least one variable created by the at least one call. The EL expression is evaluated based on the variable and the value of the variable. A data structure is created for a static analysis engine based on EL expression. The data structure includes at least one Java expression representing the EL expression.
摘要翻译：系统和方法被提供用于创建与基于至少一个框架的软件应用相关联的数据结构。根据该方法，分析与软件应用程序相关联的至少一个Java服务器页面文件。 Java服务器页面（JSP）文件至少包含一个对至少一个库标签的调用，以及至少一个表达式语言（EL）表达式。基于JSP文件生成一组标签库使用信息。所述标签库使用信息集合包括至少一个变量和由所述至少一个呼叫创建的所述至少一个变量的值。基于变量和变量的值来评估EL表达式。基于EL表达式为静态分析引擎创建数据结构。数据结构包括至少一个表达EL表达式的Java表达式。

8. 发明授权

US08453125B2 Generating inputs for client-server programs for fault-detection and localization 失效
标题翻译：为客户机 - 服务器程序生成输入以进行故障检测和本地化
公开(公告)号：US08453125B2
公开(公告)日：2013-05-28
申请号：US12966556
申请日：2010-12-13
申请人： Shay Artzi , Julian Dolby , Marco Pistoia , Frank Tip
发明人： Shay Artzi , Julian Dolby , Marco Pistoia , Frank Tip
IPC分类号： G06F9/44
CPC分类号： G06F11/3684 , H04L69/40
摘要： The present invention provides a system, computer program product, and a computer implemented method for analyzing a set of two or more communicating applications. The method begins with receiving a first second application that communicates with each other during execution. Next, an initial input for executing the first application and the second application is received. The initial input is added to a set of inputs. An iterative execution loop is performed at least once. The loop begins with selecting inputs out of the set of inputs for execution. Next, using the selected inputs, the first and/or the second application is executed while information regarding the execution and information communicated to the other application are recorded. A set of one or more new application inputs for either applications is generated based the second application recorded information and the first application information. These new inputs are added to the set of inputs.
摘要翻译：本发明提供了一种系统，计算机程序产品和用于分析一组两个或多个通信应用的计算机实现的方法。该方法开始于在执行期间接收彼此通信的第一个第二应用程序。接下来，接收用于执行第一应用和第二应用的初始输入。初始输入被添加到一组输入。执行迭代执行循环至少一次。循环从选择输入集合中的输入开始执行。接下来，使用所选择的输入，执行第一和/或第二应用，同时记录关于执行的信息和传送给其他应用的信息。基于第二应用记录信息和第一应用信息生成用于任一应用的一组或多个新的应用输入。这些新的输入被添加到该组输入。

9. 发明申请

US20120054552A1 FAULT LOCALIZATION USING DIRECTED TEST GENERATION 失效
标题翻译：使用指导性测试生成的故障本地化
公开(公告)号：US20120054552A1
公开(公告)日：2012-03-01
申请号：US12873816
申请日：2010-09-01
申请人： Shay Artzi , Julian Dolby , Marco Pistoia , Frank Tip
发明人： Shay Artzi , Julian Dolby , Marco Pistoia , Frank Tip
IPC分类号： G06F11/36
CPC分类号： G06F11/3684 , G06F11/3688
摘要： Disclosed is a novel computer implemented system, on demand service, computer program product and a method for fault-localization techniques that apply statistical analyses to execution data gathered from multiple tests. The present invention determines the fault-localization effectiveness of test suites generated according to several test-generation techniques based on combined concrete and symbolic (concolic) execution. These techniques are evaluated by applying the Ochiai fault-localization technique to generated test suites in order to localize 35 faults in four PHPWeb applications. The results show that the test-generation techniques under consideration produce test suites with similar high fault-localization effectiveness, when given a large time budget.
摘要翻译：公开了一种新颖的计算机实现系统，按需服务，计算机程序产品和用于故障定位技术的方法，其将统计分析应用于从多个测试收集的执行数据。本发明确定了基于组合的具体和符号（concolic）执行的几种测试生成技术产生的测试套件的故障定位有效性。通过将Ochiai故障定位技术应用于生成的测试套件来评估这些技术，以便在四个PHPWeb应用程序中定位35个故障。结果表明，考虑到的测试生成技术产生具有类似高故障定位效果的测试套件，当给予大的时间预算时。

10. 发明授权

US09043761B2 Fault localization using condition modeling and return value modeling 有权
标题翻译：使用条件建模和返回值建模的故障定位
公开(公告)号：US09043761B2
公开(公告)日：2015-05-26
申请号：US12873843
申请日：2010-09-01
申请人： Shay Artzi , Julian Dolby , Marco Pistoia , Frank Tip
发明人： Shay Artzi , Julian Dolby , Marco Pistoia , Frank Tip
IPC分类号： G06F9/44 , G06F11/36
CPC分类号： G06F11/3688 , G06F11/3692
摘要： Disclosed is a novel computer implemented system, on demand service, computer program product and a method that leverages combined concrete and symbolic execution and several fault-localization techniques to automatically detects failures and localizes faults in PHP Hypertext Preprocessor (“PHP”) Web applications.
摘要翻译：公开了一种新颖的计算机实现系统，按需服务，计算机程序产品和利用组合的具体和符号执行以及多种故障定位技术来自动检测PHP超文本预处理器（“PHP”）Web应用程序中的故障和本地化故障的方法。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式