Pradel, Michael ; Gross, Thomas R. (2012)
Leveraging test generation and specification mining for automated bug detection without false positives.
Zurich, Switzerland
doi: 10.1109/ICSE.2012.6227185
Conference or Workshop Item, Bibliographie
Abstract
Mining specifications and using them for bug detection is a promising way to reveal bugs in programs. Existing approaches suffer from two problems. First, dynamic specification miners require input that drives a program to generate common usage patterns. Second, existing approaches report false positives, that is, spurious warnings that mislead developers and reduce the practicability of the approach. We present a novel technique for dynamically mining and checking specifications without relying on existing input to drive a program and without reporting false positives. Our technique leverages automatically generated tests in two ways: Passing tests drive the program during specification mining, and failing test executions are checked against the mined specifications. The output are warnings that show with concrete test cases how the program violates commonly accepted specifications. Our implementation reports no false positives and 54 true positives in ten well-tested Java programs.
Item Type: | Conference or Workshop Item |
---|---|
Erschienen: | 2012 |
Creators: | Pradel, Michael ; Gross, Thomas R. |
Type of entry: | Bibliographie |
Title: | Leveraging test generation and specification mining for automated bug detection without false positives |
Language: | German |
Date: | June 2012 |
Publisher: | IEEE Press |
Book Title: | Proceedings of the 34th International Conference on Software Engineering |
Series: | ICSE '12 |
Event Location: | Zurich, Switzerland |
DOI: | 10.1109/ICSE.2012.6227185 |
Abstract: | Mining specifications and using them for bug detection is a promising way to reveal bugs in programs. Existing approaches suffer from two problems. First, dynamic specification miners require input that drives a program to generate common usage patterns. Second, existing approaches report false positives, that is, spurious warnings that mislead developers and reduce the practicability of the approach. We present a novel technique for dynamically mining and checking specifications without relying on existing input to drive a program and without reporting false positives. Our technique leverages automatically generated tests in two ways: Passing tests drive the program during specification mining, and failing test executions are checked against the mined specifications. The output are warnings that show with concrete test cases how the program violates commonly accepted specifications. Our implementation reports no false positives and 54 true positives in ten well-tested Java programs. |
Uncontrolled Keywords: | Protocols, Generators, Computer bugs, Receivers, Concrete, Runtime |
Identification Number: | TUD-CS-2012-0385 |
Divisions: | Profile Areas Profile Areas > Cybersecurity (CYSEC) |
Date Deposited: | 28 Aug 2017 14:07 |
Last Modified: | 12 Jan 2019 21:20 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Send an inquiry |
Options (only for editors)
Show editorial Details |