CN106330601A - Test case generation method and device - Google Patents

Abstract

The invention provides a test case generating method and device. The method comprises the steps of firstly, selecting a function code corresponding to a certain function of a MODBUS protocol, then acquiring the definition of each field included in a data packet with the function, and selecting a field for controlling MODBUS protocol communication from the fields as an invariable field, wherein the remaining fields are variable fields; and varying at least one variable field, thereby generating a test case not in conformity with the definitions of the varied fields or data setting. Understandably, the method and the device for generating the test case based on the MODBUS protocol are more specific; and in the method, the field for controlling MODBUS protocol communication is regarded as an invariable field, and the variable fields are specifically varied, so that invalid redundant test cases can be prevented from being generated and the test efficiency is effectively improved.

Description

Test case generation method and device

technical field

The invention belongs to the technical field of software, and in particular relates to a test case generation method and device.

Background technique

With the development of network technology, the equipment in the field of industrial control relies on the powerful Internet and becomes more and more closely connected. Data interaction and communication between various industrial control devices are generally based on the Internet protocol. For example, the Modbus/TCP protocol has been widely used in the industrial control industry. It is not only a PLC communication protocol, but also widely used in many smart devices such as smart instruments and frequency converters. Although it is convenient to connect industrial control equipment to the network to achieve remote management and monitoring, the communication also exposes the control equipment itself, making the control equipment vulnerable to malware and malicious attacks from hackers. Once the industrial control network information security Loopholes will cause major hidden dangers to industrial production and operation. Therefore, how to reduce the security risks of the industrial control network communication protocol is an urgent problem to be solved.

At present, the main method used for protocol security testing is the fuzzy testing method. Fuzz testing is a black-box testing technique or random testing technique. It is a method of protocol security testing. Its basic principle is to input a large amount of malformed data into the target program and monitor any abnormalities generated during the execution of the target program. , and record the input data that caused the exception, so as to locate the position of the defect in the target program and discover possible security holes.

The most critical part of fuzz testing is the stage of generating fuzz test data, that is, the generation of test cases. However, due to the blindness of fuzz testing, the existing fuzz testing takes arbitrary values in the input data space when generating test cases, automatically generates and sends a large number of random values, and a large part of the test cases generated in this way have not entered It is rejected within the target program, that is, many useless test cases are generated, resulting in long test time generated by random tests, a large number of redundant test inputs, and low test efficiency. In addition, most of the test cases generated by existing fuzz tests are test cases for Internet network protocols. For industrial control protocols, such as Modbus/TCP protocol, there is no dedicated test case generation method, so that the test of Modbus/TCP protocol does not have specific , and the test efficiency is low.

Contents of the invention

The invention provides a method and device for generating test cases, which are used to solve the defects in the prior art that the test cases are blind, not targeted, and have low test efficiency when using a fuzzy testing method to test the Modbus protocol.

First aspect, the present invention provides a kind of test case generation method, is used for generating the test case for Modbus agreement, and described method comprises:

Select one as the target function code in several pre-stored function codes; wherein, the several function codes are several function codes corresponding to data packets that perform different functional operations as stipulated by the Modbus protocol;

According to the Modbus protocol, obtain the definition of each field in the data packet corresponding to the target function code;

Select the function code field and the field used to control the communication function of the test case in each field as an immutable field, and use the rest of the fields as variable fields; set the immutable field as a preset value so that the test case supports based on The Modbus protocol is used for communication; at least one field in the variable fields is randomly mutated to generate a test case inconsistent with the definition or data setting of the at least one field.

Optionally, the step of randomly mutating at least one of the variable fields to generate a test case inconsistent with the definition or data setting of the at least one field includes:

Randomly mutate the data of all variable fields to generate test cases that do not conform to the definition of said variable field data.

Optionally, the step of randomly mutating at least one of the variable fields to generate a test case inconsistent with the definition or data setting of the at least one field includes:

Setting the data of a part of the variable fields as a preset value one by one or in combination, the preset value including a maximum value, a minimum value or an intermediate value within the value range defined by the fields;

Randomly mutating the data of another part of the variable fields to generate a test case inconsistent with the definition of the other part of the field data.

Optionally, the step of randomly mutating at least one of the variable fields to generate a test case inconsistent with the definition or data setting of the at least one field includes:

Set the length field used to represent the unit identifier field, the function code field and the length of the data field in the variable field to a preset value, and any one of the unit identifier field, the function code field and the data field or a combination thereof to lengthen or compress the actual length, so as to generate a test case whose actual length does not match the preset value of the length field.

Optionally, the random variation includes data element deletion variation, data element repetition variation, effective value variation, or numerical boundary variation within the numerical range defined by each field.

Second aspect, the present invention provides a kind of test case generating device, is used for generating the test case for Modbus agreement, and described device comprises:

The function code selection unit is used to select one of the pre-stored function codes as the target function code; wherein, the several function codes are the corresponding function codes of the data packets that perform different functional operations specified by the Modbus protocol ;

The acquisition unit is used to obtain the definition of each field in the data packet corresponding to the target function code according to the Modbus protocol;

The field selection mutation unit is used to select the function code field and the field used to control the communication function of the test case in each field as an immutable field, and use the rest of the fields as variable fields; set the immutable fields as preset values to Making the test case support communication based on the Modbus protocol; randomly mutating at least one of the variable fields to generate a test case inconsistent with the definition or data setting of the at least one field.

Optionally, the field selection mutation unit is further configured to randomly mutate the data of all variable fields, so as to generate test cases inconsistent with the definition of the variable field data.

Optionally, the field selection mutation unit is also used for:

Setting the data of a part of the variable fields as a preset value one by one or in combination, the preset value including a maximum value, a minimum value or an intermediate value within the value range defined by the fields;

Randomly mutating the data of another part of the variable fields to generate a test case inconsistent with the definition of the other part of the field data.

Optionally, the field selection mutation unit is also used for:

Set the length field used to represent the unit identifier field, the function code field and the length of the data field in the variable field to a preset value, and any one of the unit identifier field, the function code field and the data field or a combination thereof to lengthen or compress the actual length, so as to generate a test case whose actual length does not match the preset value of the length field.

Optionally, the random variation includes data element deletion variation, data element repetition variation, effective value variation, or numerical boundary variation within the numerical range defined by each field.

The invention provides a test case generation method and device. In the method, first select a function code corresponding to a certain function of the MODBUS protocol, and then obtain the definition of each field contained in a data packet with the function. In each field Select the field that controls MODBUS protocol communication as an immutable field, and the rest are variable fields, and mutate at least one variable field to generate test cases that do not match the definition or data settings of these mutated fields. It can be understood that, since the field controlling MODBUS protocol communication is used as an immutable field in the method provided by the present invention, only the variable field is mutated, thereby avoiding generation of invalid redundant test cases that cannot communicate based on the MODBUS protocol, The test efficiency is effectively improved. In addition, the method provided by the invention generates test cases aimed at the MODBUS protocol, so it is more targeted and further improves the test efficiency.

Description of drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following will briefly introduce the accompanying drawings that need to be used in the description of the embodiments. Obviously, the accompanying drawings in the following description are only of the present invention. For some examples, those of ordinary skill in the art can also obtain other drawings based on these drawings on the premise of not paying creative efforts.

Fig. 1 is a kind of test case generating method flowchart provided by the present invention;

Fig. 2 is a schematic diagram of normal packet capture of the device under test provided by the present invention;

Fig. 3 is a schematic diagram of abnormal packet capture of the device under test provided by the present invention after receiving the test case;

4(a)-4(b) are schematic diagrams of the TCP communication connection status of the device under test before and after receiving the test cases provided by the present invention.

FIG. 5 is a schematic structural diagram of a test case generation device provided by the present invention.

detailed description

The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

For ease of understanding, the Modbus bus protocol involved in the present invention and the data format specified by the protocol will be described in detail at first.

Modbus/TCP is an application layer message transmission protocol, which is mainly used for communication between clients and servers under different types of buses or network connections. Modbus/TCP data frame includes three parts: message header, function code field and data field.

Wherein, the function code here is used to indicate the type of operation performed by the server when the client sends a message to the server device. Function codes can be divided into public function codes, user-defined function codes and reserved function codes. Table 1 lists some commonly used public function codes.

Table 1 Definition of some public function codes in the Modbus protocol

Based on the foregoing, in the first aspect, the present invention provides a method for generating a test case, which is used to generate a test case for testing the Modbus protocol, as shown in Figure 1, including:

S101. Select one of the pre-stored function codes as the target function code; wherein, the several function codes are the corresponding function codes of the data packets that perform different functional operations specified by the Modbus protocol;

S102. Obtain the definition of each field in the data packet corresponding to the target function code according to the Modbus protocol;

S103. Select the function code field and the field used to control the communication function of the test case in each field as an immutable field, and use the remaining fields as variable fields; set the immutable field as a preset value, so that the test case Supporting communication based on the Modbus protocol; randomly mutating at least one of the variable fields to generate a test case inconsistent with the definition or data setting of the at least one field.

The test case generation method provided by the present invention first selects the function code corresponding to a certain function of the MODBUS protocol, then obtains the definition of each field contained in the data packet with this function, and selects the field of controlling MODBUS protocol communication in each field as Immutable fields, the rest are variable fields, and at least one variable field is mutated, so as to generate test cases that do not conform to the definitions of these mutated fields or data settings. It can be understood that, since the field controlling MODBUS protocol communication is used as an immutable field in the method provided by the present invention, only the variable field is mutated, thereby avoiding generation of invalid redundant test cases that cannot communicate based on the MODBUS protocol, The test efficiency is effectively improved. In addition, the method provided by the invention generates test cases aimed at the MODBUS protocol, so it is more targeted and further improves the test efficiency.

It can be understood that, during specific implementation, step S103 in the foregoing method embodiment may be implemented in various ways, and several optional embodiments thereof will be described in detail below.

Example 1. Randomly mutate the data of all variable fields to generate test cases that do not match the definition of variable field data.

Specifically, the function code field is used to indicate the field of which function operation the server will perform when sending a message from the client computer to the server device. Since the present invention is mainly tested for each function of Modbus, it is necessary to keep Function code field. Taking the test case generation method of the read/write multi-register function with the function code field as 0x17 as an example, how to generate the test case for the read/write multi-register function by the method provided by the present invention is described in detail below.

Table 2 shows the definition of each field of the application data unit ADU of the data packet (including message header, function code field and data field) when the function code field is 0x17.

Table 2 Field definition of the application data unit ADU for reading and writing multi-register functions

In these fields of Table 2, the protocol identifier here is immutable, because the protocol identifier identifies the Modbus protocol by 0 value. Of course, in particular, a test case in which the protocol identifier is set to a non-zero value can also be generated, and this type of special test case is not considered in the present invention.

The unit identifier here has little effect on the fuzz test results, so it can be set to be variable or immutable. Since TCP/IP utilizes IP address to address the Modbus server, set the unit identifier to a fixed value, for example, it can be set to use the value 0xFF, and of course it can also be set to other values.

The transaction identifier is similar to the unit identifier, and it also has little effect on the fuzz test results, so it can be set to be variable or not. The transaction identifier is used to establish a link between the request and the response, and the identifier must be unique at the same time. Since Modbus/Tcp can send multiple requests to the same server without waiting for the confirmation of the server, the number of requests received by the server depends on its capacity. Therefore, the transaction identifier can be set to 1~ according to the type of the device. One of 16 values. In addition, the transaction identifier can also be set in an incremental form, thereby forming multiple test cases.

Based on the narration of the above-mentioned definitions for these fields, here we think that the above-mentioned fields can be used to control the communication of the Modbus/Tcp protocol, so in this embodiment, the above-mentioned fields are set as immutable fields, and these fields cannot The variable fields are assigned corresponding preset values, so that the generated test cases can communicate normally based on the Modbus/Tcp protocol. Then all the fields in Table 2 except these fields are randomly mutated, so that test cases that do not match the definition of the variable fields can be generated to test the read and write multi-register function of the Modbus/Tcp protocol.

Example 2: Set the data of some fields in the variable field to the preset value one by one or in combination, and the preset value includes the maximum value, minimum value or intermediate value within the value range defined by the field; for the variable field The data of another part of the field is randomly mutated to generate a test case that does not match the definition of another part of the field data.

Specifically, the test case generation method for reading and writing multi-register functions is taken as an example. First, similar to Example 1, select the function code field, protocol identifier field, unit identifier field, and transaction processing from Table 2. As an immutable field, the identifier field is set to a preset value, so as to ensure that the generated test cases can communicate normally based on the Modbus/Tcp protocol. Select m fields from the n variable fields in Table 2, and then set these m fields as preset values one by one or in combination, wherein the preset value here can be that the field has within the value range Representative values, such as maximum, minimum, or median. Finally, random value mutation is performed on the other n-m fields, so as to generate test cases that do not match the definition of the n-m field data. Here, each field in the m fields can take different preset values, and then arrange and combine them, so that multiple test cases can be generated. For example, if m=2, the two selected fields take the maximum value, minimum value or intermediate value within the range of values respectively, then there are 9 cases of permutation and combination, and 9 test cases are generated.

It is not difficult to understand that, for the method provided in Example 1, when the content contained in a field is randomly mutated, there is only a small probability that the content of the field can be mutated into a representative value within the value range, for example Maximum, minimum, or median. This makes it difficult to test cases where the field contents are representative values. Therefore, the generation method provided by Example 2 can be used as a supplement to the method of Example 1, so that the test coverage of the method provided by the present invention is larger, thereby improving the effectiveness of the test.

Example 3: Set the length field used to indicate the length of the unit identifier field, function code field and data field in the variable field to a preset value, and set any of the unit identifier field, function code field and data field or The combination is mutated to lengthen or compress the actual length to generate test cases whose actual length does not match the preset value of the length field. Here still take the function code of reading and writing multiple registers as an example, as shown in Table 2, for the function code of reading and writing multiple registers, the length value of unit identifier, function code and data field length is 11+N*2 byte. The function of the length value here is to indicate the length of the message. Even if the message is divided into multiple information packets for transmission, the length information can enable the receiver to identify the boundary of the message. If any one or combination of the unit identifier field, function code field, and data field is mutated to lengthen or compress the actual length, so that the actual length does not match the length value set above, a test case with abnormal length can be generated . In this case, the receiver cannot correctly identify the actual packet boundary, and a reception exception will occur, so that the abnormal length can be tested.

It can be understood that the above-mentioned method is mainly for situations with constraints. For example, the length field in the data packet refers to the length of the subsequent byte in the Modbus protocol specification, which needs to be determined according to the calculation result of the byte length. When When the Modbus data packet is deliberately lengthened or shortened and the value of the length field is fixed, if there is no fault tolerance for the constraint conditions in the target program, it is easy to go wrong, so that such a situation can be tested.

To sum up, the present invention is about how to select at least some of the remaining fields to mutate, that is, which part of the fields to mutate:

The function code is the first-level classification, and different function codes follow different fields;

For each function code, the following fields are different, and then specifically determine which fields are immutable and variable; immutable fields remain unchanged, and for variable fields:

It can be fully mutated, that is, the second-level classification. The advantage is that the test is comprehensive, as described in Example 1;

You can also select certain fields to take preset values within their value range, as described in Example 2;

You can also choose some fields to take preset values according to the constraint relationship, such as length. Which fields are selected to set the default value is the third-level classification.

Therefore, the test cases will be distributed like a tree structure according to the three-level classification.

Specifically, there are 10 first-level child nodes for 10 function codes, and for each first-level child node, according to the second-level classification, there will be test cases in which all variable fields are mutated;

For each first-level child node, according to the third-level classification, there will be test cases in which some fields in the variable fields take preset values, and the preset values can be preset values within its value range, or Take the default value according to the constraint relationship.

It should be noted that the mutations in the above method embodiments can be realized by various random algorithms, and the random algorithms can include numerical boundary mutations, data element deletion mutations, data element repetition mutations, effective value mutations, and the like. There can also be special variants for special characters. For example, for data frames containing character fields, in addition to pure numerical variation, you can also construct character-type variable data, that is to say, the malformed data generation strategy specifically includes: Integer fields construct integer overflow types by setting different special values Malformed data packets; character-type fields construct malformed data packets by setting different special characters, including using super long strings to detect string overflow, illegal strings with missing NULL terminators, formatted strings, etc. Of course, other variation types may also be included, which is not specifically limited in the present invention.

It is not difficult to understand that the illustrations in the above method embodiments are only for better understanding of the method for generating test cases provided by the embodiments of the present invention, and cannot constitute a specific limitation of the present invention. Moreover, the above-mentioned preferred implementation modes will not affect each other, and the solution obtained by any combination of the preferred implementation modes shall fall within the scope of protection of the present invention.

In addition, during specific implementation, the methods for generating test cases provided in this embodiment may use a fuzzy testing framework to generate a file defining test case data for a certain function. Preferably, the test case is an xml file containing the following tag fields:

in,

1) The first-level tag <Peach></Peach> includes the entire file and is used for version introduction, etc.

2) The second-level tags include Include, DataModel, StateModel, Agent, Test, Run, where:

3) The Include tag field is used to include external files, including basic methods, classes, data types, etc. of the fuzzing framework.

4) The DataModel tag domain is used to define the data structure, and there may be several levels and several kinds of lower-level tags under this tag. Using these subtags can easily define the data type, size, relationship between each data block, and CRC checksum, etc. In addition, multiple DataModels can be defined, and there may or may not be a relationship between multiple DataModels.

5) The StateModel tag field is used to define the logic of the test, which is actually equivalent to a state machine. Subordinate tags include State to represent a state, and each State can contain several Action tags, which are used to execute commands such as sending data packets.

6) The Agent tag field is used to detect exception, crash, etc., that is, to monitor the reaction of the measured target.

7) The Test tag field is used to specify the state, Agent, publisher, etc. to be used, the method to send data, and the method to process data.

8) The Run tag field is used to specify the entry point of the fuzz test execution, that is, which Test is used for the current fuzz test.

Certainly, the method for generating the above data definition file is only an optional embodiment, and may also be generated in other ways, which is not specifically limited in the present invention.

In order to prove the superiority of the present invention, the present invention has done a series of test experiments. Here still take the function code of reading and writing multiple registers as an example, based on the method provided in Example 1, keep the function code unchanged, and keep the contents contained in the read quantity field, write start address field, write quantity field, and write byte number field Unchanged, the attributes of the read start address field and the write value field are mutated to true, and the state of the device under test before and after receiving the test case can be shown in Figure 2-Figure 4.

Obviously, as shown in Figure 2, when the device under test does not receive the test case, it can normally establish a TCP connection and is in a normal packet capture state. Once the test case is received, an exception will occur as shown in Figure 3, the TCP connection cannot be established, and the server does not respond to the TCP connection. Correspondingly, the communication connection status of TCP is also changed from ON shown in Figure 4(a) to OFF shown in Figure 4(b), so that this function can be effectively tested for vulnerabilities.

It should be noted that, in order to generate test cases with high coverage, in addition to the above-mentioned function codes for reading and writing multiple registers, other function codes can also be analyzed based on the methods provided by the above method embodiments to generate test cases for other function codes. At the same time, it is also possible to test different fields of interest for each function code to find possible loopholes, which are not listed here. Table 3 is a statistical table of errors caused by different function codes testing different fields.

Table 3 Statistical table of errors caused by testing different fields with different function codes

In a second aspect, the present invention provides a test case generation device, corresponding to the method provided in the first aspect of the present invention, for generating a test case for testing the Modbus protocol protocol, as shown in Figure 5, including:

The function code selection unit 501 is used to select one as the target function code in several prestored function codes; wherein, the several function codes are corresponding several function codes for the data packets that perform different functional operations specified by the Modbus protocol;

Obtaining unit 502, for obtaining the definition of each field in the data packet corresponding to the target function code according to the Modbus protocol;

The field selection variation unit 503 is used to select the function code field and the field used to control the communication function of the test case in each field as an immutable field, and use the remaining fields as a variable field; the immutable field is set to a preset value, so that The test case supports communication based on the Modbus protocol; at least one field in the variable field is randomly mutated to generate a test case that does not match the definition or data setting of at least one field.

During specific implementation, the field selection mutation unit 503 is further configured to randomly mutate the data of all variable fields, so as to generate test cases inconsistent with the definition of variable field data.

In a specific implementation, the field selection variation unit 503 is also used to: set the data of some fields in the variable fields as preset values one by one or in combination, and the preset value includes the maximum value within the value range defined by the field , the minimum value or the median value; the data in another part of the variable field is randomly mutated to generate a test case that does not match the definition of another part of the field data.

During specific implementation, the field selection variation unit 503 is also used to: set the length field used to represent the unit identifier field, function code field and data field length in the variable field as a preset value, and set the unit identifier field, Any one or combination of the function code field and the data field is mutated to lengthen or compress the actual length, so as to generate a test case whose actual length does not match the preset value of the length field.

During specific implementation, the random variation here includes data element deletion variation, data element repetition variation, effective value variation, or numerical boundary variation within the numerical range defined by each field.

Since the test case generation device introduced in this embodiment is a device that can execute the test case generation method in the embodiment of the present invention, based on the test case generation method described in the embodiment of the present invention, those skilled in the art can understand The specific implementation of the test case generating device in this embodiment and its various variants, so how the test case generating device implements the test case generating method in the embodiment of the present invention will not be described in detail here. As long as a person skilled in the art implements the device used by the test case generation method in the embodiment of the present invention, it all belongs to the protection scope of the present application.

The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the contents of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.

In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

Furthermore, those skilled in the art will understand that although some embodiments herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. And form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) can be used in practice to implement some or all functions of some or all components in the gateway, proxy server, and system according to the embodiments of the present invention. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.

It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

Claims (10)

1. a test case generation method, is characterized in that, for generating the test case for Modbus agreement, described method comprises: Select one as the target function code in several pre-stored function codes; wherein, the several function codes are several function codes corresponding to data packets that perform different functional operations as stipulated by the Modbus protocol; According to the Modbus protocol, obtain the definition of each field in the data packet corresponding to the target function code; Select the function code field and the field used to control the communication function of the test case in each field as an immutable field, and use the rest of the fields as variable fields; set the immutable field as a preset value so that the test case supports based on The Modbus protocol is used for communication; at least one field in the variable fields is randomly mutated to generate a test case inconsistent with the definition or data setting of the at least one field. 2. The method according to claim 1, wherein the at least one field in the variable field is randomly mutated to generate a test case inconsistent with the definition or data setting of the at least one field steps, including: Randomly mutate the data of all variable fields to generate test cases that do not conform to the definition of said variable field data. 3. The method according to claim 1, wherein the at least one field in the variable field is randomly mutated to generate a test case inconsistent with the definition or data setting of the at least one field steps, including: Setting the data of a part of the variable fields as a preset value one by one or in combination, the preset value including a maximum value, a minimum value or an intermediate value within the value range defined by the fields; Randomly mutating the data of another part of the variable fields to generate a test case inconsistent with the definition of the other part of the field data. 4. The method according to claim 1, wherein the at least one field in the variable field is randomly mutated to generate a test case inconsistent with the definition or data setting of the at least one field steps, including: Set the length field used to represent the unit identifier field, the function code field and the length of the data field in the variable field to a preset value, and any one of the unit identifier field, the function code field and the data field or a combination thereof to lengthen or compress the actual length, so as to generate a test case whose actual length does not match the preset value of the length field. 5. The method according to any one of claims 1-4, wherein the random variation includes data element deletion variation, data element repetition variation, effective value variation, or numerical boundaries within the numerical range defined by each field Mutations. 6. A test case generating device, characterized in that, for generating a test case for the Modbus protocol, the device comprises: The function code selection unit is used to select one of the pre-stored function codes as the target function code; wherein the several function codes are the corresponding several function codes of the data packets that perform different functional operations specified by the Modbus protocol ; The acquisition unit is used to obtain the definition of each field in the data packet corresponding to the target function code according to the Modbus protocol; The field selection mutation unit is used to select the function code field and the field used to control the communication function of the test case in each field as an immutable field, and use the remaining fields as variable fields; set the immutable field as a preset value to Making the test case support communication based on the Modbus protocol; randomly mutating at least one of the variable fields to generate a test case inconsistent with the definition or data setting of the at least one field. 7. The device of claim 6, wherein: The field selection mutation unit is also used to randomly mutate the data of all variable fields to generate test cases that do not conform to the definition of the variable field data. 8. The device according to claim 6, wherein the field selection mutation unit is further configured to: Setting the data of a part of the variable fields as a preset value one by one or in combination, the preset value including a maximum value, a minimum value or an intermediate value within the value range defined by the fields; Randomly mutating the data of another part of the variable fields to generate a test case inconsistent with the definition of the other part of the field data. 9. The device according to claim 6, wherein the field selection variation unit is further used for: In the variable field, the length field used to represent the unit identifier field, the function code field and the length of the data field is set to a preset value, and any one of the unit identifier field, the function code field and the data field or a combination thereof to lengthen or compress the actual length, so as to generate a test case whose actual length does not match the preset value of the length field. 10. The device according to any one of claims 6-9, wherein the random variation includes data element deletion variation, data element repetition variation, effective value variation, or numerical boundaries within the numerical range defined by each field Mutations.