Microsoft Word - CBJ - Schneider - Assembly FrameworkDocument Transcript
Volume 1, Issue 1, 2006
Towards a Framework for Assembly Language Testing
Dr. Thorsten Schneider [Schneider@Secure-Software-Engineering.com]
Testing of software is crucial for assuring software quality, validity and reliability. With the background of
many existing software testing frameworks for high level languages, this paper introduces the concept of an
Assembly Testing Framework (ATF) including Code Metrics, Code Coverage and Unit respective Functional
Testing for the Assembly programming language. There is no testing framework for Assembly language to my
Beginning the software testing process one which are common techniques for copy
has to define Test Cases using Assert protected applications. Additional one future
Statements. Common used Asserts are feature of ATF can be to generate automated
AssertEquals or AssertTrue respective tests from code as described by Boyapati et
AssertFalse. As comparison to HLL testing al.  and Marinov et al. . This gives the
frameworks, Assembly setUp and tearDown ability to compare self-defined tests against
methods differ. Since assembly language is the automated results to increase code
based on heavy usage of processor registers, coverage productivity.
Figure 2: Code fragmentation of a MASM style source code (left). After source code fragmentation the fragments are
converted to the corresponding control flow graph (CFG, center). Using Program Slicing the Region Of Interest (ROI) is
one is able only to preset and to evaluate
values within registers like EAX, EBX, ESI and In the next step the Test Case is connecting to
others including corresponding Flags. This ATF. According to the decision of the tester,
differs from HLL testing since it is not possible ATF takes either source code or disassembly
to use complex constructs within an Assert for further testing and analysis. Since source
Statement, like code - given in a special syntax like the
[AssertEquals("2",myClass.getResult("1+ MASM, TASM or NASM syntax - differs only
1"))]. Instead a valid Assert statement would slightly from the resulting assembly code, it is
be [AssertEquals(EAX,"2")]. Note the an easy task to convert source statements to
different sequence in comparison to HLL resulting assembly code.
asserts, which reflects the reverse parameters
of Assembly opcode mnemonics. Playing with Within the next steps the Assembly code is
these registers needs careful handling and a fragmented (see figure 2) into its substantial
secure emulation engine to prevent buffer parts and converted into a control flow graph
overflows or abuse of registers which might (CFG) as described by Cooper et al. . The
crash the testers host machine. Especially for resulting CFG is used to gain first information
high security applications this raises to about the code structure. At this point code
problems due possible heavy usage of complexity measures like Code Metrics are
polymorphic code, self-modifying code (SMC) detached. Using the CFG one is able to reduce
or anti-debugging and anti-tracing tricks the working element by using Program Slicing
methodologies on the CFG as proposed by
the Cyclomatic Complexity Metric. NIST
References Special Publication 500-235 1996.
16. Woodward M, Hennell M, Hedley D: A
1. Perry WE: Effective Methods for Measure of Control Flow Complexity in
Software Testing, 2nd edn: John Wiley & Program Text. IEEE Trans Software Eng
Sons; 2000. 1979:45-50.
2. Beck K: Test Driven Development: By 17. Cornett S: Code Coverage Analysis.
Example: John Wiley & Sons; 2002. http://wwwbullseyecom/coveragehtml
3. Burke E: eXtreme Testing. St Louis Java 2004.
User's Group, 18. Beizer B: Software Testing Techniques,
http://wwwociwebcom/javasig/knowledgeb 2nd edn: Van Nostrand Reinhold, New York;
ase/Oct2000/ 2000. 1990.
4. Marick B: Testing for Programmers. 19. Morell L: A Theory of Fault-Based
http://wwwtestingcom/writings/half-day- Testing. IEEE Trans Software Eng 1990,
programmerpdf 2000. 16(8):844-857.
5. Clark M: JUnit Primer. 20. Kästner D, Wilhelm S: Generic Control
http://wwwclarkwarecom/articles/JUnitPrim Flow Reconstruction from Assembly
erhtml 2000. Code. In: LCTES'02-SCOPES'02, Berlin,
6. Dyuzhev V: TUT: C++ Unit Test Germany: 2002; 2002.
Framework. 2004. 21. Venkitaraman R, Gupta G: Static Analysis
7. Hiroshimator: Win32ASM Community of Embedded Executable Assembly
Messageboard. Code. 2004.
http://boardwin32asmcommunitynet/ 2005. 22. Boyapati C, Khurshid S, Marinov D: Korat:
8. KetilO: RadASM assembler IDE. Automated Testing Based on Java
http://wwwradasmcom/ 2006. Predicates. In: ACM International
9. Blaine JD, Kemmerer RA: Complexity Symposium on Software Testing and
Measures for Assembly Language Analysis (ISSTA): July 2002 2002: ACM;
Programs. Journal of Systems and 2002.
Software, Elsevier Science Publishing Co Inc 23. Marinov D, Khurshid S: TestEra: A Novel
1985:229-245. Framework for Automated Testing of
10. Boetticher G, Srinivas K, Eichmann D: A Java Programs. 2002.
Neural Net-Based Approach to 24. Cooper KD, Harvey JT, Waterman T:
Software Metrics. In: Fifth International Building a Control-Flow Graph from
Conference on Software Engineering and Scheduled Assembly Code. Rice
Knowledge Engineering: June 16-18 1993; Technical Report, TR02-399 1999.
San Francisco, CA; 1993: 271-274. 25. Beck J, Eichmann D: Program and
11. Halstead MH: Elements of Software interface slicing for reverse
Science. Elsevier North-Holland, New York engineering. In: Proceedings of the 15th
1977. international conference on Software
12. Gilb T: Software Metrics. Winthrop Engineering: 1993; Baltimore, Maryland,
Publishers, Cambridge, MA 1977. United States: IEEE Computer Society
13. Bailey CT, Dingee WL: A Software Study Press; 1993: 509--518.
Using Halstead Metrics. ACM 26. Knizhnik K: Reflection for C++.
SIGMETRICS Performance Evaluation http://wwwgarretru/~knizhnik/cppreflection
Review 1981, 10(1):189-197. /docs/reflecthtml 2004.
14. McCabe T: A Complexity Measure. IEEE 27. Roiser S: Seal C++ Reflection Package.
Transactions Software Eng 1976:308-320. http://sealwebcernch/seal/snapshot/workbo
15. Watson AH, McCabe T: Structured ok/reflectionhtml 2004.
Testing: A Testing Methodology Using