This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: DSD-Crasher: A Hybrid Analysis Tool for Bug Finding CHRISTOPH CSALLNER Georgia Institute of Technology YANNIS SMARAGDAKIS University of Oregon TAO XIE North Carolina State University DSD-Crasher is a bug finding tool that follows a three-step approach to program analysis: D. Capture the program’s intended execution behavior with dynamic invariant detection. The derived invariants exclude many unwanted values from the program’s input domain. S. Statically analyze the program within the restricted input domain to explore many paths. D. Automatically generate test cases that focus on reproducing the predictions of the static analysis. Thereby confirmed results are feasible. This three-step approach yields benefits compared to past two-step combinations in the litera- ture. In our evaluation with third-party applications, we demonstrate higher precision over tools that lack a dynamic step and higher efficiency over tools that lack a static step. Categories and Subject Descriptors: D.2.4 [ Software Engineering ]: Software/Program Verifi- cation— formal methods, reliability ; D.2.5 [ Software Engineering ]: Testing and Debugging— testing tools ; I.2.2 [ Artificial Intelligence ]: Automatic Programming— program verification General Terms: Reliability, Verification Additional Key Words and Phrases: Automatic testing, bug finding, dynamic analysis, dynamic invariant detection, extended static checking, false positives, static analysis, test case generation, usability 1. INTRODUCTION Dynamic program analysis offers the semantics and ease of concrete program ex- ecution. Static analysis lends itself to obtaining generalized properties from the program text. The need to combine the two approaches has been repeatedly stated in the software engineering community [Young 2003; Ernst 2003; Xie and Notkin 2003; Beyer et al. 2004; Csallner and Smaragdakis 2005]. In this article, we present DSD-Crasher: a bug-finding tool that uses dynamic analysis to infer likely program invariants, explores the space defined by these invariants exhaustively through static Authors’ addresses: [email protected], [email protected], [email protected] This is a re- vised and extended version of [Csallner and Smaragdakis 2006a], presented at ISSTA 2006 in Portland, Maine, and also contains material from [Smaragdakis and Csallner 2007]. Permission to make digital/hard copy of all or part of this material without fee for personal or classroom use provided that the copies are not made or distributed for profit or commercial advantage, the ACM copyright/server notice, the title of the publication, and its date appear, and notice is given that copying is by permission of the ACM, Inc. To copy otherwise, to republish, to post on servers, or to redistribute to lists requires prior specific permission and/or a fee....
View Full Document
- Spring '11
- ACM journal, static analysis, Dynamic program analysis, Static code analysis, ACM Journal Name