Leveraging Test Generation and Specification Mining for Automated Bug Detection without False Positives

Similar documents
Large-Scale API Protocol Mining for Automated Bug Detection

Fully Automatic and Precise Detection of Thread Safety Violations

Automatic Testing of Sequential and Concurrent Substitutability

Mining Operational Preconditions. Andrzej Wasylkowski Andreas Zeller Saarland University

Statically Checking API Protocol Conformance with Mined Multi-Object Specifications

How Good Are the Specs?

Static Detection of Brittle Parameter Typing

Automatic Defect Detection. Andrzej Wasylkowski

Static program checking and verification

Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)

Feedback-directed Random Test Generation

Typestate Checking for Actionscript 3

FULLY AUTOMATIC AND PRECISE DETECTION OF THREAD SAFETY VIOLATIONS

Static Analysis in C/C++ code with Polyspace

CITS1001 week 4 Grouping objects lecture 2

MEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING

Combined Static and Dynamic Automated Test Generation

An Introduction To Software Agitation

References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1

Object Usage Models. Andrzej Wasylkowski Saarland University

JML tool-supported specification for Java Erik Poll Radboud University Nijmegen

Checked and Unchecked Exceptions in Java

Automatic Generation of Program Specifications

COMP1008 Exceptions. Runtime Error

Mutually Enhancing Test Generation and Specification Inference

CSE 331 Summer 2016 Final Exam. Please wait to turn the page until everyone is told to begin.

Profile-Guided Program Simplification for Effective Testing and Analysis

An Empirical Comparison of Automated Generation and Classification Techniques for Object-Oriented Unit Testing

Assertions & Design-by-Contract using JML Erik Poll University of Nijmegen

CS558 Programming Languages

An Introduction to Systematic Software Testing. Robert France CSU

Automatic Repair of Real Bugs in Java: A Large-Scale Experiment on the Defects4J Dataset

CS558 Programming Languages

Motivation. What s the Problem? What Will we be Talking About? What s the Solution? What s the Problem?

THE ROAD NOT TAKEN. Estimating Path Execution Frequency Statically. ICSE 2009 Vancouver, BC. Ray Buse Wes Weimer

A Gentle Introduction to Program Analysis

Probabilistic Calling Context

Analysiss of Software Artifacts

CSCE 2014 Final Exam Spring Version A

Semantic Analysis. Outline. The role of semantic analysis in a compiler. Scope. Types. Where we are. The Compiler Front-End

Advanced Programming Methods. Introduction in program analysis

Lightweight Verification of Array Indexing

Program Verification (6EC version only)

Automatic Generation of Oracles for Exceptional Behaviors

NDSeq: Runtime Checking for Nondeterministic Sequential Specs of Parallel Correctness

Exploiting Synergy Between Testing and Inferred Partial Specifications

Chronicler: Lightweight Recording to Reproduce Field Failures

Verification and Test with Model-Based Design

Symbolic Execution, Dynamic Analysis

Defensive Programming. Ric Glassey

ESC/Java2 extended static checking for Java Erik Poll Radboud University Nijmegen

Plural and : Protocols in Practice. Jonathan Aldrich Workshop on Behavioral Types April School of Computer Science

The RV System Tutorial

Inner Oracles: Input- Specific Assertions on Internal States

Part 1: Excep-ons, part 2 Part 2: Iterator. Lecture 11 COMP 401, Spring /3/2015

CS 3 Introduction to Software Engineering. 3: Exceptions

Type Checking in COOL (II) Lecture 10

Tao Xie. Nikolai i Tillmann, Peli de Halleux, Wolfram Schulte hlt. North Carolina State University. Microsoft Research

An Eclipse Plug-in for Model Checking

Free-Me: A Static Analysis for Automatic Individual Object Reclamation

The role of semantic analysis in a compiler

SAFE HASKELL. David Terei David Mazières. Simon Marlow Simon Peyton Jones

Software Security: Vulnerability Analysis

Agenda. CSE P 501 Compilers. Java Implementation Overview. JVM Architecture. JVM Runtime Data Areas (1) JVM Data Types. CSE P 501 Su04 T-1

Programming II (CS300)

Outline. Introduction Concepts and terminology The case for static typing. Implementing a static type system Basic typing relations Adding context

Design by Contract: An Overview

17. Classes. Encapsulation: public / private. Member Functions: Declaration. Member Functions: Call. class rational { int n; int d; // INV: d!

Proving liveness. Alexey Gotsman IMDEA Software Institute

Carving Invariants. Andreas Zeller Saarland University. CREST Open Workshop The Oracle Problem for Automated Software Testing, London, May 2012

Analysis of Software Artifacts

CSC System Development with Java. Exception Handling. Department of Statistics and Computer Science. Budditha Hettige

CSCE 314 Programming Languages. Type System

Repairing crashes in Android Apps. Shin Hwei Tan Zhen Dong Xiang Gao Abhik Roychoudhury National University of Singapore

ITI Introduction to Computing II

Using Type Annotations to Improve Your Code

A Trace-based Java JIT Compiler Retrofitted from a Method-based Compiler

Which Configuration Option Should I Change?

CS101 Part 2: Practice Questions Algorithms on Arrays, Classes and Objects, String Class, Stack Class

Assertions. Assertions - Example

Semantic Analysis. Outline. The role of semantic analysis in a compiler. Scope. Types. Where we are. The Compiler so far

Code verification. CSE 331 University of Washington. Michael Ernst

Shin Hwei Tan Darko Marinov Lin Tan Gary T. Leavens University of Illinois. University of Illinois

Object Oriented Programming Exception Handling

Exceptions and assertions

ITI Introduction to Computing II

19. Classes. Encapsulation: public / private. Member Functions: Declaration. Member Functions: Call. class rational { int n; int d; // INV: d!

Administration. Exceptions. Leftovers. Agenda. When Things Go Wrong. Handling Errors. CS 99 Summer 2000 Michael Clarkson Lecture 11

Feedback-controlled Random Test Generation

Day 8. COMP1006/1406 Summer M. Jason Hinek Carleton University

Introduction to JML David Cok, Joe Kiniry, and Erik Poll Eastman Kodak Company, University College Dublin, and Radboud University Nijmegen

Sequence-Based Specification

Automatic Extraction of Abstract- Object-State Machines Based on Branch Coverage

Understanding Undefined Behavior

XFindBugs: extended FindBugs for AspectJ

Announcements. Working on requirements this week Work on design, implementation. Types. Lecture 17 CS 169. Outline. Java Types

Software Construction

Automated Documentation Inference to Explain Failed Tests

Certitude Functional Qualification with Formal Verification. Jean-Marc Forey November 2012

MOPBox: A Library Approach to Runtime Verification

Transcription:

Leveraging Test Generation and Specification Mining for Automated Bug Detection without False Positives Michael Pradel and Thomas R. Gross Department of Computer Science ETH Zurich 1

Motivation API usage Class X API 2

Motivation API usage Client Class X API 2

Motivation API usage Client Class X API X must ensure safe API usage 2

Example from Apache Xalan class X { private Stack s = new Stack(); public String report() { return get().tostring(); private Object get() { s.peek(); 3

Example from Apache Xalan Stack has a... class X { private Stack s = new Stack(); public String report() { return get().tostring(); private Object get() { s.peek(); 3

Example from Apache Xalan Stack has a...... but X fails to ensure it: class X { private Stack s = new Stack(); public String report() { return get().tostring(); private Object get() { s.peek(); X x = new X(); x.report(); EmptyStackException 3

Unsafe API Usage API usage Client Class X API 4

Unsafe API Usage API usage Client Class X API exception 4

Unsafe API Usage API usage Client Class X API exception exception Unsafe API usage: X exposes client to unexpected exception 4

Unsafe API Usage API usage Client Class X exception exception API How to find unsafe API usages? Unsafe API usage: X exposes client to unexpected exception 4

Goal Program Tool Unsafe API usages 5

Goal Program Tool Unsafe API usages Automatic and precise bug detection 5

Goal Tests Program Formal specs Tool Unsafe API usages False positives Automatic and precise bug detection 5

State of the Art (1) (Tests) Program Anomaly detection Unsafe API usages False positives Nguyen et al. 09 Wasylkowski + Zeller 09 Thummalapenta + Xie 09 Monperrus et al. 10 Gabel + Su 10 6

State of the Art (2) Program Formal specs Type state checking Unsafe API usages False positives DeLine + Fähndrich 04 Bierhoff + Aldrich 07 Fink et al. 08 Naeem + Lhotak 08 Bodden 10 7

State of the Art (3) Program Static code checker (Unsafe API usages) False positives FindBugs PMD 8

Goal Program Tool Unsafe API usages Automatic and precise bug detection 9

Approach Test generation Dynamic mining Runtime verification 10

Approach Test generation Dynamic mining Runtime verification provides s requires input to run program 10

Approach Test generation Dynamic mining Runtime verification provides s requires input to run program finds violations requires s and input 10

Approach Test generation provides input requires test oracle to find bugs Dynamic mining Runtime verification provides s requires input to run program finds violations requires s and input 10

Approach Program Test generation tests tests Dynamic mining s Runtime verification Unsafe API usages 10

Approach Program Test generation tests tests Dynamic mining s Runtime verification Unsafe API usages 10

Test Generation Feedback-directed, random test generation [Randoop, Pacheco2007] Two kinds of tests: class Test {... Failing (exception or assertion violation) class Test {... Passing 11

Approach Program Test generation tests tests Dynamic mining s Runtime verification Unsafe API usages 12

Approach Program Test generation tests tests Dynamic mining s Runtime verification Unsafe API usages 12

Protocol Mining class Test {... Execution trace Dynamic mining API usage [ASE 09 and ICSM 10, Pradel et al.] 13

Example new Stack() s s.push() 1 2 3 s.push() s.pop() s.peek() s.removeallelements() 14

Approach Program Test generation tests tests Dynamic mining s Runtime verification Unsafe API usages 15

Approach Program Test generation tests tests Dynamic mining s Runtime verification Unsafe API usages 15

Runtime Protocol Verification class Test {... Execution trace Runtime verification Protocol violations Check all instances of Warn if non-existing transition is taken 16

Example Test: X x = new X(); x.report(); class X { private Stack s = new Stack(); public String report() { return get().tostring(); private Object get() { s.peek(); new Stack() s.push() s 1 2 3 s.removeallelements() s.push() s.pop() s.peek() 17

Example Test: X x = new X(); x.report(); class X { private Stack s = new Stack(); public String report() { return get().tostring(); private Object get() { s.peek(); new Stack() s.push() s 1 2 3 s.removeallelements() s.push() s.pop() s.peek() 17

Example Test: X x = new X(); x.report(); class X { private Stack s = new Stack(); public String report() { return get().tostring(); private Object get() { s.peek(); new Stack() s.push() s 1 2 3 s.removeallelements() s.push() s.pop() s.peek() 17

Example Test: X x = new X(); x.report(); Protocol violation class X { private Stack s = new Stack(); public String report() { return get().tostring(); private Object get() { s.peek(); new Stack() s.push() s 1 2 3 s.removeallelements() s.push() s.pop() s.peek() 17

False Positives Challenge: Incomplete s (depend on mining) new Stack() s.push() s 1 2 3 s.removeallelements() s.push() s.pop() s.peek() 18

False Positives Challenge: Incomplete s (depend on mining) new Stack() s.push() s 1 2 3 s.removeallelements() s.push() s.pop() s.peek() Program: Stack s = new Stack(); s.push(..); s.push(..); 18

False Positives Challenge: Incomplete s (depend on mining) new Stack() s.push() s 1 2 3 s.removeallelements() s.push() s.pop() s.peek() Program: Stack s = new Stack(); s.push(..); s.push(..); False positive violation 18

False Positives Challenge: Incomplete s (depend on mining) new Stack() s.push() Protocol s 1 2 violation 3 Bug s.pop() s.removeallelements() s.push() s.peek() Program: Stack s = new Stack(); s.push(..); s.push(..); False positive violation 18

Warnings without False Positives Protocol violation Program crash Undeclared exception 19

Warnings without False Positives Protocol violation Program crash May be due to incomplete Undeclared exception 19

Warnings without False Positives Protocol violation Program crash May be due to illegal use of class Undeclared exception 19

Warnings without False Positives Protocol violation Program crash Warnings to report Undeclared exception 19

Warnings without False Positives (2) Only report problem if: violated and -violating call fails the test and -violating method does not declare the exception 20

Example (again) new Stack() s.push() s 1 2 3 s.removeallelements() s.push() s.pop() s.peek() Program: Stack s = new Stack(); s.push(..); s.push(..); No warning, since violation doesn t raise exception 21

Approach Program Test generation tests tests Dynamic mining s Runtime verification Unsafe API usages 22

Evaluation Implemented into fully automatic tool Main questions: 1. Effectiveness in finding unsafe API usages 2. Comparison with existing work 3. Performance 23

Setup Programs: DaCapo benchmarks (5,012 classes) APIs: Collection+Iterator Vector+Enumeration including subclasses Stopping criterion: Generate 10,000 tests per program 24

Unsafe API Usages 54 unsafe API usages 0 false positives 25

Example from Jython public class X { protected Iterator iter; public void _begincanonical() { iter = classes.values().iterator(); public Object _next() { if (iter.hasnext()) return iter.next(); else return null; public void _flushcurrent() { iter.remove(); 26

Example from Jython public class X { protected Iterator iter; public void _begincanonical() { iter = classes.values().iterator(); public Object _next() { if (iter.hasnext()) return iter.next(); else return null; public void _flushcurrent() { iter.remove(); 26

Example from Jython public class X { protected Iterator iter; public void _begincanonical() { iter = classes.values().iterator(); public Object _next() { if (iter.hasnext()) return iter.next(); else return null; public void _flushcurrent() { iter.remove(); Safe API usage 26

Example from Jython public class X { protected Iterator iter; public void _begincanonical() { iter = classes.values().iterator(); public Object _next() { if (iter.hasnext()) return iter.next(); else return null; public void _flushcurrent() { iter.remove(); Protocol violation Crash through exception Not declared 26

Kinds of Bugs Diverse kinds of unsafe API usages Invalid indexing of lists and vectors Iterators: Illegal next() and remove() Accessing non-existing elements: E.g., pop() All unsafe API usages for download: http://mp.binaervarianz.de/icse2012-leveraging/ 27

Comparison with Prior Work JDK-API usage in DaCapo: OCD [Gabel+Su, ICSE 10] Our approach 1 potential bug 54 crashing bugs 2 false positives 0 false positives 28

Comparison with Prior Work JDK-API usage in DaCapo: OCD [Gabel+Su, ICSE 10] Our approach 1 potential bug 54 crashing bugs 2 false positives 0 false positives DaCapo input vs. generated input 28

Comparison with Prior Work JDK-API usage in DaCapo: OCD [Gabel+Su, ICSE 10] Our approach 1 potential bug 54 crashing bugs 2 false positives 0 false positives Avoid false positives by construction 28

Performance Between less then a minute and several minutes per program-api pair Optimization: Find bugs with 5x less tests Static analysis: Prioritize methods Guide random test generator towards API-relevant parts of program 29

Summary Program Automatic and precise analysis Unsafe API usages Benefits of dynamic analysis without providing input Find bugs with mined specifications without false positives Guide test generator towards API 30

Conclusion Don t waste precious developer time Lots of testing with little effort Photo: Alfonso Silóniz 31

Leveraging Test Generation and Specification Mining for Automated Bug Detection without False Positives Michael Pradel, Thomas R. Gross Department of Computer Science ETH Zurich Thank you! 32

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback