Pradel, Michael ; Gross, Thomas R. (2012)
Leveraging test generation and specification mining for automated bug detection without false positives.
Zurich, Switzerland
doi: 10.1109/ICSE.2012.6227185
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Mining specifications and using them for bug detection is a promising way to reveal bugs in programs. Existing approaches suffer from two problems. First, dynamic specification miners require input that drives a program to generate common usage patterns. Second, existing approaches report false positives, that is, spurious warnings that mislead developers and reduce the practicability of the approach. We present a novel technique for dynamically mining and checking specifications without relying on existing input to drive a program and without reporting false positives. Our technique leverages automatically generated tests in two ways: Passing tests drive the program during specification mining, and failing test executions are checked against the mined specifications. The output are warnings that show with concrete test cases how the program violates commonly accepted specifications. Our implementation reports no false positives and 54 true positives in ten well-tested Java programs.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2012 |
| Autor(en): | Pradel, Michael ; Gross, Thomas R. |
| Art des Eintrags: | Bibliographie |
| Titel: | Leveraging test generation and specification mining for automated bug detection without false positives |
| Sprache: | Deutsch |
| Publikationsjahr: | Juni 2012 |
| Verlag: | IEEE Press |
| Buchtitel: | Proceedings of the 34th International Conference on Software Engineering |
| Reihe: | ICSE '12 |
| Veranstaltungsort: | Zurich, Switzerland |
| DOI: | 10.1109/ICSE.2012.6227185 |
| Kurzbeschreibung (Abstract): | Mining specifications and using them for bug detection is a promising way to reveal bugs in programs. Existing approaches suffer from two problems. First, dynamic specification miners require input that drives a program to generate common usage patterns. Second, existing approaches report false positives, that is, spurious warnings that mislead developers and reduce the practicability of the approach. We present a novel technique for dynamically mining and checking specifications without relying on existing input to drive a program and without reporting false positives. Our technique leverages automatically generated tests in two ways: Passing tests drive the program during specification mining, and failing test executions are checked against the mined specifications. The output are warnings that show with concrete test cases how the program violates commonly accepted specifications. Our implementation reports no false positives and 54 true positives in ten well-tested Java programs. |
| Freie Schlagworte: | Protocols, Generators, Computer bugs, Receivers, Concrete, Runtime |
| ID-Nummer: | TUD-CS-2012-0385 |
| Fachbereich(e)/-gebiet(e): | Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) |
| Hinterlegungsdatum: | 28 Aug 2017 14:07 |
| Letzte Änderung: | 12 Jan 2019 21:20 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum