AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
We have presented DSD-Crasher: a tool based on a hybrid analysis approach to program analysis, for automatic bug finding

DSD-Crasher: A hybrid analysis tool for bug finding

ACM Transactions on Software Engineering and Methodology, no. 2 (2008): ArticleNo.8-ArticleNo.8

Cited by: 241|Views136
EI

Abstract

DSD-Crasher is a bug finding tool that follows a three-step approach to program analysis: D. Capture the program's intended execution behavior with dynamic invariant detection. The derived invariants exclude many unwanted values from the program's input domain. S. Statically analyze the program within the restricted input domain to explor...More

Code:

Data:

Introduction
  • Dynamic program analysis offers the semantics and ease of concrete program execution.
  • CnC employs the ESC/Java static analysis tool [15], applies constraint-solving techniques on the ESC/Java-generated error conditions, and produces and executes concrete test cases.
  • The exceptions produced by the execution of generated test cases are processed in a way that takes into account which methods were annotated by Daikon, for more accurate error reporting.
  • The authors' three-step DSD-Crasher approach is based on two existing tools: Daikon (Section 2.1) and CnC (Section 2.3), which combines ESC/Java (Section 2.2) and the JCrasher test case generator [8].
  • Daikon can annotate the testee’s source code with the inferred invariants as JML preconditions, postconditions, and class invariants [22]
Highlights
  • Dynamic program analysis offers the semantics and ease of concrete program execution
  • We present DSD-Crasher: a tool that uses dynamic analysis to infer likely program invariants, explores the space defined by these invariants exhaustively through static analysis, and produces and executes test cases to confirm that the behavior is observable under some real inputs and not just due to overgeneralization in the static analysis phase
  • We have presented DSD-Crasher: a tool based on a hybrid analysis approach to program analysis, for automatic bug finding
  • The dynamic inference step uses Daikon [14] to characterize a program’s intended input domains in the form of preconditions, the static analysis step uses ESC/Java [15] to explore many paths within the intended input domain, and the dynamic verification step uses JCrasher [8] to automatically generate tests to verify the results of the static analysis
  • The preconditions derived in the dynamic inference step reduce the false positives produced by the static analysis and dynamic verification steps alone
  • The derived preconditions can help the static analysis to reach a problematic statement in a method by bypassing unintended input domains of the method’s callees
Methods
  • Daikon-inferred invariants can play two different roles.
  • They can be used as assumptions on a method’s formal arguments inside its body, and on its return value at the method’s call site.
  • One should remember that the Daikon-inferred invariants are only reflecting the behavior that Daikon observed during the test suite execution.
  • When Daikon outputs an invariant, it is typically much more general than the specific values it observed during test suite execution.
  • The authors discuss how this observation has not affected DSD-Crasher’s bug finding ability for any of the case studies
Results
  • All experiments were conducted on a 1.2 GHz Pentium III-M with 512 MB of RAM
  • The authors excluded those source files from the experiments which any of the tested tools could not handle due to engineering shortcomings.
  • JBoss JMS is the JMS module of the JBoss open source J2EE application server
  • It is an implementation of Sun’s Java Message Service API [18].
  • The authors used the Groovy 1.0 beta 1 version, whose application classes contain some eleven thousand NCSS.
  • The authors used 603 of the unit test cases that came with the tested Groovy version, from which Daikon produced a 1.5 MB file of compressed invariants. (The source code of the testee and its unit tests are available from http://groovy.codehaus.org/)
Conclusion
  • CONCLUSIONS AND FUTURE WORK

    The authors have presented DSD-Crasher: a tool based on a hybrid analysis approach to program analysis, for automatic bug finding.
  • The approach combines three steps: dynamic inference, static analysis, and dynamic verification.
  • The preconditions derived in the dynamic inference step reduce the false positives produced by the static analysis and dynamic verification steps alone.
  • The static analysis step provides more systematic exploration of input domains than the dynamic inference and dynamic verification alone
Tables
  • Table1: Groovy results: DSD-Crasher vs. the static-dynamic CnC (SD)
  • Table2: JBoss JMS results: ClassCastException reports by DSD-Crasher and the dynamic-dynamic
  • Table3: Groovy results: DSD-Crasher vs. the dynamic-dynamic Eclat. This table omits all of
Download tables as Excel
Related work
  • There is clearly an enormous amount of work in the general areas of test case generation and program analysis. We discuss representative recent work below.

    There are important surveys that concur with our estimate that an important problem is not just reporting potential errors, but minimizing false positives so that inspection by humans is feasible. Rutar et al [29] evaluate five tools for finding bugs in Java programs, including ESC/Java 2, FindBugs [19], and JLint. The number of reports differs widely between the tools. For example, ESC reported over 500 times more possible null dereferences than FindBugs, 20 times more than JLint, and six times more array bounds violations than JLint. Overall, Rutar et al conclude: “The main difficulty in using the tools is simply the quantity of output.”
Funding
  • We gratefully acknowledge support by the NSF under Grants CCR-0220248 and CCR-0238289
Reference
  • Apache Software Foundation. Bytecode engineering library (BCEL). http://jakarta.apache.org/bcel/, Apr.2003. Accessed May 2006.
    Findings
  • T. Ball. Abstraction-guided test generation: A case study. Technical Report MSR-TR-2003-86, Microsoft Research, Nov. 2003.
    Google ScholarFindings
  • K. Beck and E. Gamma. Test infected: Programmers love writing tests. Java Report, 3(7):37–50, July 1998.
    Google ScholarLocate open access versionFindings
  • D. Beyer, A. J. Chlipala, T. A. Henzinger, R. Jhala, and R. Majumdar. Generating tests from counterexamples. In Proc. 26th International Conference on Software Engineering, pages 326–335, May 2004.
    Google ScholarLocate open access versionFindings
  • C. Boyapati, S. Khurshid, and D. Marinov. Korat: Automated testing based on Java predicates. In Proceedings of the 2002 ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 123–133. ACM Press, July 2002.
    Google ScholarLocate open access versionFindings
  • Y. Cheon and G. T. Leavens. A simple and practical approach to unit testing: The JML and JUnit way. In B. Magnusson, editor, ECOOP 2002 - Object-Oriented Programming: 16th European Conference, volume 2374, pages 231–255. Springer, June 2002.
    Google ScholarLocate open access versionFindings
  • D. R. Cok and J. R. Kiniry. ESC/Java2: Uniting ESC/Java and JML: Progress and issues in building and using ESC/Java2. Technical Report NIII-R0413, Nijmegen Institute for Computing and Information Science, May 2004.
    Google ScholarFindings
  • C. Csallner and Y. Smaragdakis. JCrasher: An automatic robustness tester for Java. Software—Practice & Experience, 34(11):1025–1050, Sept. 2004.
    Google ScholarLocate open access versionFindings
  • C. Csallner and Y. Smaragdakis. Check ’n’ Crash: Combining static checking and testing. In Proc. 27th International Conference on Software Engineering, pages 422–431, May 2005.
    Google ScholarLocate open access versionFindings
  • C. Csallner and Y. Smaragdakis. Dynamically discovering likely interface invariants. In Proc. International Conference on Software Engineering (Emerging Results Track), to appear 2006.
    Google ScholarLocate open access versionFindings
  • D. Detlefs, G. Nelson, and J. B. Saxe. Simplify: A theorem prover for program checking. Technical Report HPL-2003-148, Hewlett-Packard Systems Research Center, July 2003.
    Google ScholarFindings
  • S. H. Edwards. A framework for practical, automated black-box testing of component-based software. Software Testing, Verification & Reliability, 11(2):97–111, June 2001.
    Google ScholarLocate open access versionFindings
  • M. D. Ernst. Static and dynamic analysis: Synergy and duality. In Proc. ICSE Workshop on Dynamic Analysis, pages 24–27, May 2003.
    Google ScholarLocate open access versionFindings
  • M. D. Ernst, J. Cockrell, W. G. Griswold, and D. Notkin. Dynamically discovering likely program invariants to support program evolution. IEEE Transactions on Software Engineering, 27(2):99–123, Feb. 2001.
    Google ScholarLocate open access versionFindings
  • C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In Proc. ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pages 234–245, June 2002.
    Google ScholarLocate open access versionFindings
  • S. Hallem, B. Chelf, Y. Xie, and D. Engler. A system and language for building system-specific, static analyses. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pages 69–82. ACM Press, June 2002.
    Google ScholarLocate open access versionFindings
  • S. Hangal and M. S. Lam. Tracking down software bugs using automatic anomaly detection. In Proceedings of the 24th International Conference on Software Engineering, pages 291–301, May 2002.
    Google ScholarLocate open access versionFindings
  • M. Hapner, R. Burridge, R. Sharma, and J. Fialli. Java message service: Version 1.1. Sun Microsystems, Inc., Apr. 2002.
    Google ScholarFindings
  • D. Hovemeyer and W. Pugh. Finding bugs is easy. In Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications, pages 132–136. ACM Press, Oct. 2004.
    Google ScholarLocate open access versionFindings
  • D. Jackson and M. Vaziri. Finding bugs with a constraint solver. In M. J. Harrold, editor, Proceedings of the 2000 ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 14–25. ACM Press, Aug. 2000.
    Google ScholarLocate open access versionFindings
  • D. Kroening, A. Groce, and E. M. Clarke. Counterexample guided abstraction refinement via program execution. In J. Davies, W. Schulte, and M. Barnett, editors, Formal Methods and Software Engineering: 6th International Conference on Formal Engineering Methods, pages 224–238. Springer, Nov. 2004.
    Google ScholarLocate open access versionFindings
  • G. T. Leavens, A. L. Baker, and C. Ruby. Preliminary design of JML: A behavioral interface specification language for Java. Technical Report TR98-06y, Department of Computer Science, Iowa State University, June 1998.
    Google ScholarFindings
  • K. R. M. Leino, G. Nelson, and J. B. Saxe. ESC/Java user’s manual. Technical Report 2000-002, Compaq Computer Corporation Systems Research Center, Oct. 2000.
    Google ScholarFindings
  • B. Meyer. Object-Oriented Software Construction. Prentice Hall PTR, 2nd edition, 1997.
    Google ScholarFindings
  • J. W. Nimmer and M. D. Ernst. Automatic generation of program specifications. In Proceedings of the 2002 ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 229–239, July 2002.
    Google ScholarLocate open access versionFindings
  • J. W. Nimmer and M. D. Ernst. Invariant inference for static checking: An empirical evaluation. In Proc. ACM SIGSOFT 10th International Symposium on the Foundations of Software Engineering (FSE 2002), pages 11–20, Nov. 2002.
    Google ScholarLocate open access versionFindings
  • C. Pacheco and M. D. Ernst. Eclat: Automatic generation and classification of test inputs. In Proc. 19th European Conference on Object-Oriented Programming, pages 504–527, July 2005.
    Google ScholarLocate open access versionFindings
  • Parasoft Inc. Jtest. http://www.parasoft.com/, Oct.2002. Accessed May 2006.
    Findings
  • N. Rutar, C. B. Almazan, and J. S. Foster. A comparison of bug finding tools for Java. In Proceedings of the 15th International Symposium on Software Reliability Engineering (ISSRE’04), pages 245–256. IEEE Computer Society Press, Nov. 2004.
    Google ScholarLocate open access versionFindings
  • S. Sankar and R. Hayes. Adl—an interface definition language for specifying and testing software. In J. M. Wing and R. L. Wexelblat, editors, Proceedings of the workshop on Interface definition languages, volume 29, pages 13–21. ACM Press, Aug. 1994.
    Google ScholarLocate open access versionFindings
  • H. Schlenker and G. Ringwelski. POOC: A platform for object-oriented constraint programming. In Proc. Joint ERCIM/CologNet International Workshop on Constraint Solving and Constraint Logic Programming, pages 159–170, June 2002.
    Google ScholarLocate open access versionFindings
  • M. Vaziri and D. Jackson. Checking properties of heap-manipulating procedures with a constraint solver. In H. Garavel and J. Hatcliff, editors, Tools and Algorithms for the Construction and Analysis of Systems: 9th International Conference, pages 505–520. Springer, Apr. 2003.
    Google ScholarLocate open access versionFindings
  • T. Xie and D. Notkin. Tool-assisted unit test selection based on operational violations. In Proc. 18th Annual International Conference on Automated Software Engineering (ASE 2003), pages 40–48, Oct. 2003.
    Google ScholarLocate open access versionFindings
  • Y. Xie and D. Engler. Using redundancies to find errors. IEEE Transactions on Software Engineering, 29(10):915–928, Oct. 2003.
    Google ScholarLocate open access versionFindings
  • M. Young. Symbiosis of static analysis and program testing. In Proc. 6th International Conference on Fundamental Approaches to Software Engineering, pages 1–5, Apr. 2003.
    Google ScholarLocate open access versionFindings
  • S. H. Zweben, W. D. Heym, and J. Kimmich. Systematic testing of data abstractions based on software specifications. Software Testing, Verification & Reliability, 1(4):39–55, Jan. 1992.
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科