TU Darmstadt / ULB / TUbiblio

Leveraging test generation and specification mining for automated bug detection without false positives

Pradel, Michael ; Gross, Thomas R. (2012)
Leveraging test generation and specification mining for automated bug detection without false positives.
Zurich, Switzerland
doi: 10.1109/ICSE.2012.6227185
Conference or Workshop Item, Bibliographie

Abstract

Mining specifications and using them for bug detection is a promising way to reveal bugs in programs. Existing approaches suffer from two problems. First, dynamic specification miners require input that drives a program to generate common usage patterns. Second, existing approaches report false positives, that is, spurious warnings that mislead developers and reduce the practicability of the approach. We present a novel technique for dynamically mining and checking specifications without relying on existing input to drive a program and without reporting false positives. Our technique leverages automatically generated tests in two ways: Passing tests drive the program during specification mining, and failing test executions are checked against the mined specifications. The output are warnings that show with concrete test cases how the program violates commonly accepted specifications. Our implementation reports no false positives and 54 true positives in ten well-tested Java programs.

Item Type: Conference or Workshop Item
Erschienen: 2012
Creators: Pradel, Michael ; Gross, Thomas R.
Type of entry: Bibliographie
Title: Leveraging test generation and specification mining for automated bug detection without false positives
Language: German
Date: June 2012
Publisher: IEEE Press
Book Title: Proceedings of the 34th International Conference on Software Engineering
Series: ICSE '12
Event Location: Zurich, Switzerland
DOI: 10.1109/ICSE.2012.6227185
Abstract:

Mining specifications and using them for bug detection is a promising way to reveal bugs in programs. Existing approaches suffer from two problems. First, dynamic specification miners require input that drives a program to generate common usage patterns. Second, existing approaches report false positives, that is, spurious warnings that mislead developers and reduce the practicability of the approach. We present a novel technique for dynamically mining and checking specifications without relying on existing input to drive a program and without reporting false positives. Our technique leverages automatically generated tests in two ways: Passing tests drive the program during specification mining, and failing test executions are checked against the mined specifications. The output are warnings that show with concrete test cases how the program violates commonly accepted specifications. Our implementation reports no false positives and 54 true positives in ten well-tested Java programs.

Uncontrolled Keywords: Protocols, Generators, Computer bugs, Receivers, Concrete, Runtime
Identification Number: TUD-CS-2012-0385
Divisions: Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Date Deposited: 28 Aug 2017 14:07
Last Modified: 12 Jan 2019 21:20
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details