Jian Xu,W. K. Chan,Zhenyu Zhang,T. H. Tse,Shanping Li

DOI: https://doi.org/10.1109/qsic.2011.32

2011-01-01

Abstract:Existing fault localization techniques combine various program features and similarity coefficients with the aim of precisely assessing the similarities among the dynamic spectra of these program features to predict the locations of faults. Many such techniques estimate the probability of a particular program feature causing the observed failures. They ignore the noise introduced by the other features on the same set of executions that may lead to the observed failures. In this paper, we propose both the use of chains of key basic blocks as program features and an innovative similarity coefficient that has noise reduction effect. We have implemented our proposal in a technique known as MKBC. We have empirically evaluated MKBC using three real-life medium-sized programs with real faults. The results show that MKBC outperforms Tarantula, Jaccard, SBI, and Ochiai significantly.

Ruizhi Gao,W. Eric Wong,Zhenyu Chen,Yabin Wang

DOI: https://doi.org/10.1007/s11219-015-9295-1

2015-01-01

Software Quality Journal

Abstract:Software has become ubiquitous in our daily lives, and with its increasing functionality and complexity comes a frequently tedious and prolonged debugging process. Of the three activities in program debugging (failure detection, fault localization, and bug fixing), the focus of this paper is on the first, failure detection, under the condition that there is no test oracle that can be used to automatically determine the success or failure of all the executions. More precisely, the outputs for many executions have to be verified manually, or the expected outputs are not even available. We want to determine whether there is a solution to help programmers predict the execution results. How good are these predicted results when they are used to help programmers find the locations of bugs? A framework is proposed to reduce the effort on output verification using a strategy based on the Hamming distance or K-Means clustering to predict results of test executions. Such data and the statement coverage of each test case are used to compute the suspiciousness of each statement according to a fault localization technique and produce a ranking for examination to locate bugs. Case studies using 22 programs and seven fault localization techniques were conducted to evaluate the fault localization effectiveness of the proposed framework on 1203 faulty versions, some of which have a single bug and others with multiple bugs. A discussion on factors that may affect the accuracy of execution result prediction and the resulting fault localization effectiveness is also presented. Our data suggests that, in general, with respect to fault localization techniques using execution results verified against the expected outputs, those using predicted execution results can be even more effective than (by examining a smaller number of statements to locate the first faulty statement) or as good as the former (the verified).

Jian Xu,Zhenyu Zhang,W. K. Chan,T. H. Tse,Shanping Li

DOI: https://doi.org/10.1016/j.infsof.2012.08.006

IF: 3.9

2012-01-01

Information and Software Technology

Abstract:Context: Existing fault-localization techniques combine various program features and similarity coefficients with the aim of precisely assessing the similarities among the dynamic spectra of these program features to predict the locations of faults. Many such techniques estimate the probability of a particular program feature causing the observed failures. They often ignore the noise introduced by other features on the same set of executions that may lead to the observed failures. It is unclear to what extent such noise can be alleviated. Objective: This paper aims to develop a framework that reduces the noise in fault-failure correlation measurements. Method: We develop a fault-localization framework that uses chains of key basic blocks as program features and a noise-reduction methodology to improve on the similarity coefficients of fault-localization techniques. We evaluate our framework on five base techniques using five real-life median-scaled programs in different application domains. We also conduct a case study on subjects with multiple faults. Results: The experimental result shows that the synthesized techniques are more effective than their base techniques by almost 10%. Moreover, their runtime overhead factors to collect the required feature values are practical. The case study also shows that the synthesized techniques work well on subjects with multiple faults. Conclusion: We conclude that the proposed framework has a significant and positive effect on improving the effectiveness of the corresponding base techniques.

Wenhao Fu,Huiqun Yu,Guisheng Fan,Xiang Ji

DOI: https://doi.org/10.1109/sate.2016.17

2016-01-01

Abstract:Fault localization aims to use testing information from executed test cases to help locate the fault position. However, obtaining testing information (including test results and coverage information) is expensive because it needs much manual effort. How to orderly choose and execute a small number of test cases, and in the meantime achieve a good effectiveness of fault localization in the case of unknowing testing information is still a challenge for us. In this paper, we propose a new test case prioritization algorithm for fault localization, which is based on the rank changes of suspicious values of program elements. Test case which can maximize the improvements of suspicious ranks of program elements may assign the highest priority for execution. A set of empirical studies have been designed and conducted on Siemens programs and four medium-sized programs. The results show that our algorithm can help reduce the debugging effort in terms of the percentage of statements needed to be inspected to locate faults in both single-fault and multi-fault programs.

Xin Xia,Lingfeng Bao,David Lo,Shanping Li

DOI: https://doi.org/10.1109/icsme.2016.67

2016-01-01

Abstract:Due to the complexity of software systems, bugs are inevitable. Software debugging is tedious and time consuming. To help developers perform this crucial task, a number of spectra-based fault localization techniques have been proposed. In general, spectra-based fault localization helps developers to find the location of a bug given its symptoms (e.g., program failures). A previous study by Parnin and Orso however implies that several assumptions made by existing work on spectra-based fault localization do not hold in practice, which hinders the practical usage of these tools. Moreover, a recent study by Xie et al. claims that spectra-based fault localization can potentially "weaken programmers' abilities in fault detection".Unfortunately, these studies are performed either using only 2 bugs from small systems (Parnin and Orso's study) or synthetic bugs injected into toy programs (Xie et al.'s study), only involve students, and use dated spectra-based fault localization tools. Thus, the question whether spectra-based fault localization techniques can help professionals to improve their debugging efficiency in a reasonably large project is still insufficiently answered.In this paper, we perform a more realistic investigation of how professionals can use and benefit from spectra-based fault localization techniques. We perform a user study of spectra-based fault localization with a total of 16 real bugs from 4 reasonably large open-source projects, with 36 professionals, amounting to 80 recorded debugging hours. The 36 professionals are divided into 3 groups, i.e., those that use an accurate fault localization tool, use a mediocre fault localization tool, and do not use any fault localization tool. Our study finds that both the accurate and mediocre spectra-based fault localization tools can help professionals to save their debugging time, and the improvements are statistically significant and substantial. We also discuss implications of our findings to future directions of spectra-based fault localization.

Meng Yan,Xin Xia,Yuanrui Fan,Ahmed E. Hassan,David Lo,Shanping Li

DOI: https://doi.org/10.1109/tse.2020.2978819

IF: 7.4

2022-01-01

IEEE Transactions on Software Engineering

Abstract:Defect localization aims to locate buggy program elements (e.g., buggy files, methods or lines of code) based on defect symptoms, e.g., bug reports or program spectrum. However, when we receive the defect symptoms, the defect has been exposed and negative impacts have been introduced. Thus, one challenging task is: whether we can locate buggy program prior to the appearance of the defect symptom (e.g., when buggy program elements are being committed to a version control system). We refer to this type of defect localization as “Just-In-Time (JIT) Defect localization”. Although many prior studies have proposed various JIT defect identification methods to identify whether a new change is buggy, these prior methods do not locate the suspicious positions. Thus, JIT defect localization is the next step of JIT defect identification (i.e., after a buggy change is identified, suspicious source code lines are located). To address this problem, we propose a two-phase framework, i.e., JIT defect identification and JIT defect localization. Given a new change, JIT defect identification will identify it as buggy change or clean change first. If a new change is identified as buggy, JIT defect localization will rank the source code lines introduced by the new change according to their suspiciousness scores. The source code lines ranked at the top of the list are estimated as the defect location. For JIT defect identification phase, we use 14 change-level features to build a classifier by following existing approach. For JIT defect localization phase, we propose a JIT defect localization approach that leverages software naturalness with the N-gram model. To evaluate the proposed framework, we conduct an empirical study on 14 open source projects with a total of 177,250 changes. The results show that software naturalness is effective for our JIT defect localization. Our model achieves a reasonable performance, and outperforms the two baselines (i.e., random guess and a static bug finder (i.e., PMD)) by a substantial margin in terms of four ranking measures.

Chih-Chiang Fang,Chin-Yu Huang

DOI: https://doi.org/10.1109/compsac61105.2024.00243

2024-01-01

Abstract:In software debugging, fault localization (FL) is an essential stage that is used to identify accurate location of faulty statement. It is well known that coverage data plays an important role in FL. In past studies, traditional principal component analysis (PCA) or revised PCA techniques were used to reduce coverage data. However, two kinds of PCA have a great opportunity to remove the actual faulty statement, especially in multiple fault localization. On the other hand, they cannot reflect the status of the statements. In this paper, we propose a novel approach based on revised PCA and incorporate the result of failed and passed test case different combinations to update contribution value of each statement. We used two Linux open-source codes (Sed, Grep) with 4 fault injections to verify the correctness. Preliminary experiments have shown that our proposed method is feasible, scalable, and shorter execution time of FL process, and also can alleviate the situations for removed faulty statements compared to the revised PCA method.

Yu-Min Chung,Chin-Yu Huang,Yu-Chi Huang

DOI: https://doi.org/10.1109/PRDC.2008.34

2008-01-01

Abstract:In software development and maintenance, locating faults is generally a complex and time-consuming process. In order to effectively identify the locations of program faults, several approaches have been proposed. Similarity-aware fault localization (SAFL) is a testing-based fault localization method that utilizes testing information to calculate the suspicion probability of each statement. Dicing is also another method that we have used. In this paper, our proposed method focuses on predicates and their influence, instead of on statements in traditional SAFL. In our method, fuzzy theory, matrix calculating, and some probability are used. Our method detects the importance of each predicate and then provides more test data for programmers to analyze the fault locations. Furthermore, programmers will also gain some important information about the program in order to maintain their program accordingly. In order to speed up the efficiency, we also simplified the program. We performed an experimental study for several programs, together with another two testing-based fault localization (TBFL) approaches. These three methods were discussed in terms of different criteria such as line of code and suspicious code coverage. The experimental results show that the proposed method from our study can decrease the number of codes which have more probability of suspicion than real bugs.

Xiaoli Zhou,Hanfei Wang,Jianhua Zhao

DOI: https://doi.org/10.1109/qrs.2015.48

2015-01-01

Abstract:Coverage-based fault localization is a spectrum-based technique that identifies the executing program elements that correlate with failure. However, the effectiveness of coverage-based fault localization suffers from the effect of coincidental correctness which occurs when a fault is executed but no failure is detected. Coincidental correctness is prevalent and proved as a safety reducing factor for the coverage-based fault location techniques. In this paper, we propose a new fault-localization approach based on the coincidental correctness probability. We estimate the probability that coincidental correctness happens for each program execution using dynamic data-flow analysis and control-flow analysis. To evaluate our approach, we use safety and precision as evaluation metrics. Our experiment involved 62 seeded versions of C programs from SIR. We discuss the comparison results with Tarantula and two improved CBFL techniques cleansing test suites from coincidental correctness. The results show that our approach can improve the safety and precision of the fault-localization technique to a certain degree.

Yibiao Yang,Yuming Zhou,Hao Sun,Zhendong Su,Zhiqiang Zuo,Lei Xu,Baowen Xu

DOI: https://doi.org/10.1109/ICSE.2019.00061

2019-01-01

Abstract:Reliable code coverage tools are critically important as it is heavily used to facilitate many quality assurance activities, such as software testing, fuzzing, and debugging. However, little attention has been devoted to assessing the reliability of code coverage tools. In this study, we propose a randomized differential testing approach to hunting for bugs in the most widely used C code coverage tools. Specifically, by generating random input programs, our approach seeks for inconsistencies in code coverage reports produced by different code coverage tools, and then identifies inconsistencies as potential code coverage bugs. To effectively report code coverage bugs, we addressed three specific challenges: (1) How to filter out duplicate test programs as many of them triggering the same bugs in code coverage tools; (2) how to automatically reduce large test programs to much smaller ones that have the same properties; and (3) how to determine which code coverage tools have bugs? The extensive evaluations validate the effectiveness of our approach, resulting in 42 and 28 confirmed/fixed bugs for gcov and llvm-cov, respectively. This case study indicates that code coverage tools are not as reliable as it might have been envisaged. It not only demonstrates the effectiveness of our approach, but also highlights the need to continue improving the reliability of code coverage tools. This work opens up a new direction in code coverage validation which calls for more attention in this area.

Ke-chao Wang,Tian-tian Wang,Xiao-hong Su

DOI: https://doi.org/10.1007/s00607-018-0610-0

2018-01-01

Computing

Abstract:As spectra-based fault localization techniques report suspicious statements by analyzing the coverage of test cases, the effectiveness of the results is highly dependent on the composition of test suites. This paper proposes an approach for selecting a subset of the passed test suite when a failure revealed by a failed test case. The goal is to obtain a more effective fault localization using a minimal number of test cases than using the originally given large number of test cases. A novelty is that a prioritization criterion and a selection criterion are defined. Different from previous studies, the failed trace is fully considered. The prioritization criterion partitions statements in the failed trace into more suspicious and less suspicious, and then ranks passed test cases by their ability in distinguishing the more suspicious statements from the less suspicious ones. The selection criterion selects the minimal passed test suite which can maximize the number of coverage equivalent classes in the failed trace, so as to distinguish the suspicious statements and meanwhile reduce the size of the test suite. Another novelty is that our approach turns the test case selection into a multi-criteria optimization to make the prioritization and the selection criteria complement each other. This approach was evaluated with 5 fault localization techniques, 8 subject programs and 35,392 test cases. The results show that the fault localization effectiveness can be significantly improved with less than 5% passed test cases. Our approach has advantages over the statement- based and vector-based test suite reduction approaches in both fault localization effectiveness and test suite reduction rate.

Laleh Sh Ghandehari,Yu Lei,Raghu Kacker,Richard Kuhn,Tao Xie,David Kung

DOI: https://doi.org/10.1109/tse.2018.2865935

IF: 7.4

2020-01-01

IEEE Transactions on Software Engineering

Abstract:Combinatorial testing has been shown to be a very effective strategy for software testing. After a failure is detected, the next task is to identify one or more faulty statements in the source code that have caused the failure. In this paper, we present a fault localization approach, called BEN, which produces a ranking of statements in terms of their likelihood of being faulty by leveraging the result of combinatorial testing. BEN consists of two major phases. In the first phase, BEN identifies a combination that is very likely to be failure-inducing. A combination is failure-inducing if it causes any test in which it appears to fail. In the second phase, BEN takes as input a failure-inducing combination identified in the first phase and produces a ranking of statements in terms of their likelihood to be faulty. We conducted an experiment in which our approach was applied to the Siemens suite and four real-world programs, flex, grep, gzip and sed, from Software Infrastructure Repository (SIR). The experimental results show that our approach can effectively and efficiently localize the faulty statements in these programs.

Yunqian Zhang,Lin Chen,Bo Jiang,Zhenyu Zhang

DOI: https://doi.org/10.1109/issrew.2012.51

2012-01-01

Abstract:Program debugging is a laborious but necessary phase of software development. It generally consists of fault localization, bug fix, and regression testing. Statistical software fault localization automates the manual and error-prone first task. It predicts fault locations by analyzing dynamic program spectrum captured in program runs. Previous studies mostly focused on how to provide reliable input data to such a technique and how to process the data accurately, but inadequately studied how to wield the output result of such a technique. In this work, we raise the assumption of symmetric distribution on the effectiveness of such a technique in locating faults, based on empirical results. We use maximum likelihood estimate and linear programming to develop a tuning method to enhance the result of a statistical fault localization technique. Experiments with two representative such techniques on two realistic UNIX utility programs validate our assumption and show our method effective.

Yonghao Wu,Yong Liu,Weibo Wang,Zheng Li,Xiang Chen,Paul Doyle

DOI: https://doi.org/10.1109/tr.2022.3165126

IF: 5.883

2022-06-04

IEEE Transactions on Reliability

Abstract:To improve the efficiency of the fault localization process, different automatic fault localization approaches have been proposed. Among these approaches, the spectrum-based fault localization (SBFL) approach has been widely used and studied due to its lightweight and high effectiveness. However, while the existence of coincidental correct (CC) test cases can influence the usefulness of SBFL in single-fault programs, their influence on multiple fault programs has not been thoroughly investigated. Therefore, in this article, we conduct a theoretical analysis and an empirical study to investigate the effect of CC test cases on multiple fault localization. The theoretical analysis is based on a suspiciousness calculation formula of SBFL, which divides CC test cases into three categories (specific, irrelevant, and unspecific) according to their association with a specific faulty statement. Following this analysis, we conduct an empirical study on two well-known open-source repositories (SIR and Defects4J), and the experimental results verify the correctness of our theoretical analysis. Specifically, reducing the number of specific CC test cases for a faulty statement can improve or maintain fault localization accuracy, while eliminating irrelevant CC test cases can have a negative effect. Finally, we design a CC test case identification solution based on the isolation-based multiple fault localization approach and demonstrate its effectiveness via a simulation experiment.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Xinping Wang,Qing Gu,Xin Zhang,Xiang Chen,Daoxu Chen

DOI: https://doi.org/10.1109/apsec.2009.45

2009-01-01

Abstract:Since automated fault localization can improve the efficiency of both the testing and debugging process, it is an important technique for the development of reliable software. This paper proposes a novel fault localization approach based on multi-level similarity of execution traces, which is suitable for object-oriented software. It selects useful test cases at class level and computes code suspiciousness at block level. We develop a tool that implements the approach, and conduct empirical studies to evaluate its effectiveness. The experimental results show that our approach has the potential to be effective in localizing faults for object-oriented software.

Long Zhang,Zijie Li,Yang Feng,Zhenyu Zhang,Kwong Chan,Jian Zhang,Yuming Zhou,Wing Kwong Chan

DOI: https://doi.org/10.1109/tr.2020.2982975

IF: 5.883

2020-09-01

IEEE Transactions on Reliability

Abstract:Spectrum-based fault localization (SBFL) techniques can automatically localize software faults. They employ the program spectrum, such as code coverage profile with test verdicts, to rank the program entities based on their code suspiciousness. In the past decades, researchers have proposed many approaches to optimize these techniques; however, the program structure, which can influence their performance, is not taken into consideration in developing and improving these techniques. In this article, we identify and analyze the effect of the program structure on the application of SBFL techniques. We observe that some specific program structures may introduce structure bias to code suspiciousness and negatively influence the output of SBFL techniques. To mitigate these effects and improve the performance of fault localization, we propose Delta4Ts, a structure-aware technique. Delta4Ts references debugging history to alleviate the impact of structure bias in the calculation of code suspiciousness. It reasons from the observable suspicious value towards the desired suspicious value and the impact of structure bias. To evaluate Delta4Ts under practical constraints, we conduct a controlled experiment using nine widely-studied SBFL formulae on 12 C programs and 6 Java programs. The experiment results show that Delta4Ts can significantly improve the accuracy of the studied SBFL formulae by an average of 34.8% on 12 C programs and 30.6% on 6 Java programs, and improve more on subject programs associated with more history versions or having larger code sizes.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Hui He,Dongyan Zhang,Min Liu,Weizhe Zhang,Dongmin Gao

DOI: https://doi.org/10.1155/2014/463912

2014-01-01

Abstract:Software security defects have a serious impact on the software quality and reliability. It is a major hidden danger for the operation of a system that a software system has some security flaws. When the scale of the software increases, its vulnerability has becoming much more difficult to find out. Once these vulnerabilities are exploited, it may lead to great loss. In this situation, the concept of Software Assurance is carried out by some experts. And the automated fault localization technique is a part of the research of Software Assurance. Currently, automated fault localization method includes coverage based fault localization (CBFL) and program slicing. Both of the methods have their own location advantages and defects. In this paper, we have put forward a new method, named Reverse Data Dependence Analysis Model, which integrates the two methods by analyzing the program structure. On this basis, we finally proposed a new automated fault localization method. This method not only is automation lossless but also changes the basic location unit into single sentence, which makes the location effect more accurate. Through several experiments, we proved that our method is more effective. Furthermore, we analyzed the effectiveness among these existing methods and different faults.

Gong Dandan,Su Xiaohong,Wang Tiantian,Ma Peijun

DOI: https://doi.org/10.4028/www.scientific.net/amm.577.1022

2014-01-01

Applied Mechanics and Materials

Abstract:Path-based fault-localization technique is proved to be more effective than coverage-based fault localization because of analyzing the semantics of a program. Most previous work focused on investigating coverage-based test-suite reduction approach for fault localization. But it is not suitable for path-based fault localization, because it only analyzes coverage information, and does not take the execution path information of test cases into account. In this paper, we propose a test-suite reduction approach for path-based fault localization. This approach analyzes the concrete execution path of test cases. The experimental results show that the proposed method works well in improving the effectiveness of path-based fault localization.

Chu-Pan Wong,Yingfei Xiong,Hongyu Zhang,Dan Hao,Lu Zhang,Hong Mei

DOI: https://doi.org/10.1109/ICSME.2014.40

2014-01-01

Abstract:To deal with post-release bugs, many software projects set up public bug repositories for users all over the world to report bugs that they have encountered. Recently, researchers have proposed various information retrieval based approaches to localizing faults based on bug reports. In these approaches, source files are processed as single units, where noise in large files may affect the accuracy of fault localization. Furthermore, bug reports often contain stack-trace information, but existing approaches often treat this information as plain text. In this paper, we propose to use segmentation and stack-trace analysis to improve the performance of bug localization. Specifically, given a bug report, we divide each source code file into a series of segments and use the segment most similar to the bug report to represent the file. We also analyze the bug report to identify possible faulty files in a stack trace and favor these files in our retrieval. According to our empirical results, our approach is able to significantly improve Bug Locator, a representative fault localization approach, on all the three software projects (i.e., Eclipse, AspectJ, and SWT) used in our empirical evaluation. Furthermore, segmentation and stack-trace analysis are complementary to each other for boosting the performance of bug-report-oriented fault localization.

Wenhao Fu,Huiqun Yu,Guisheng Fan,Xiang Ji,Xin Pei

DOI: https://doi.org/10.1109/sate.2017.10

2017-01-01

Abstract:In order to improve the effectiveness of fault localization, various test suite reduction techniques have been proposed. However, excessive or improper reduction of test cases may lose some testing information, thus causing a negative impact on fault localization. In this paper, we propose a new similarity-based test suite reduction approach to improving spectrum-based fault localization. Firstly, this approach extracts the high suspicious statements in the faulty program and removes the coincidental passed test cases for test suite selection. Then, it selects similar passed test cases for each different failed test case from the new passed test set based on the similar proportion of their execution traces, and determines the final composition of each similar test set based on the contribution of failed test cases to fault localization. By using the execution information of each similar test set with a spectrum-based fault localization approach, the ranks of statements can be obtained. Finally, synthesizing all ranks of statements in each rank list, we obtain the final rank list of statements. Several experiments show that our approach can help reduce the debugging effort in terms of the percentage of statements needed to be inspected when locating faults in both single-fault and multi-fault programs. Moreover, the results demonstrate that the value of similar proportion have nontrivial influence on the effectiveness of fault localization.