TU Darmstadt / ULB / TUbiblio

Leveraging test generation and specification mining for automated bug detection without false positives

Pradel, Michael and Gross, Thomas R. (2012):
Leveraging test generation and specification mining for automated bug detection without false positives.
In: Proceedings of the 34th International Conference on Software Engineering, IEEE Press, Zurich, Switzerland, In: ICSE '12, ISBN 978-1-4673-1067-3,
DOI: 10.1109/ICSE.2012.6227185,
[Conference or Workshop Item]

Abstract

Mining specifications and using them for bug detection is a promising way to reveal bugs in programs. Existing approaches suffer from two problems. First, dynamic specification miners require input that drives a program to generate common usage patterns. Second, existing approaches report false positives, that is, spurious warnings that mislead developers and reduce the practicability of the approach. We present a novel technique for dynamically mining and checking specifications without relying on existing input to drive a program and without reporting false positives. Our technique leverages automatically generated tests in two ways: Passing tests drive the program during specification mining, and failing test executions are checked against the mined specifications. The output are warnings that show with concrete test cases how the program violates commonly accepted specifications. Our implementation reports no false positives and 54 true positives in ten well-tested Java programs.

Item Type: Conference or Workshop Item
Erschienen: 2012
Creators: Pradel, Michael and Gross, Thomas R.
Title: Leveraging test generation and specification mining for automated bug detection without false positives
Language: German
Abstract:

Mining specifications and using them for bug detection is a promising way to reveal bugs in programs. Existing approaches suffer from two problems. First, dynamic specification miners require input that drives a program to generate common usage patterns. Second, existing approaches report false positives, that is, spurious warnings that mislead developers and reduce the practicability of the approach. We present a novel technique for dynamically mining and checking specifications without relying on existing input to drive a program and without reporting false positives. Our technique leverages automatically generated tests in two ways: Passing tests drive the program during specification mining, and failing test executions are checked against the mined specifications. The output are warnings that show with concrete test cases how the program violates commonly accepted specifications. Our implementation reports no false positives and 54 true positives in ten well-tested Java programs.

Title of Book: Proceedings of the 34th International Conference on Software Engineering
Series Name: ICSE '12
Publisher: IEEE Press
ISBN: 978-1-4673-1067-3
Uncontrolled Keywords: Protocols, Generators, Computer bugs, Receivers, Concrete, Runtime
Divisions: Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Event Location: Zurich, Switzerland
Date Deposited: 28 Aug 2017 14:07
DOI: 10.1109/ICSE.2012.6227185
Identification Number: TUD-CS-2012-0385
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item