Long H. Pham,Jun Sun,Ly,Jingyi Wang,Xin Peng

DOI: https://doi.org/10.1109/iceccs.2017.12

2017-01-01

Abstract:Debugging is difficult. Recent studies show that automatic bug localization techniques have limited usefulness. One of the reasons is that programmers typically have to understand why the program fails before fixing it. In this work, we aim to help programmers understand a bug by automatically generating likely invariants which are violated in the failed tests. Given a program with an initial assertion and at least one test case failing the assertion, we first generate random test cases, identify potential bug locations through bug localization, and then generate program state mutation based on active learning techniques to identify a predicate "explaining" the cause of the bug. The predicate is a classifier for the passed test cases and failed test cases. Our main contribution is the application of invariant learning for bug explanation, as well as a novel approach to overcome the problem of lack of test cases in practice. We apply our method to real-world bugs and show the generated invariants are often correlated to the actual bug fixes.

Xiaobin Hong

DOI: https://doi.org/10.1088/1742-6596/2066/1/012013

2021-11-01

Journal of Physics: Conference Series

Abstract:Abstract With the rapid development of informatization, computer database software systems have entered various fields of society, which has brought about the explosive growth of industry data. Faced with massive amounts of data, computers with limited storage capacity have to abandon some outdated data, and the application of various data mining technologies related to it has gradually matured. The purpose of this article is to discuss the application research of data mining technology in software engineering. This article analyzes the correlation analysis of a large number of bug repair source code update data and bug defect reports in the version control system SVN and the defect tracking system Bugzilla in the software engineering project development process, and tries to classify the bug report by data mining technology: defect changes and potential defects change. Starting from large-scale software engineering projects, apply data mining technology to the huge software engineeri ng knowledge base. Especially the software development and maintenance are explained, as well as the more challenging problems in the future. This paper uses data mining technology to study the dependency of the source code files of each module of the software system, and helps software developers quickly understand the software architecture by understanding the interrelationships between the modules, and provides suggestions for modification paths. Experimental research shows that this paper compares with F-measure and concludes that FL-M-GSpan algorithm is better than TS-M-GSpan algorithm. At the same time, it is found that the FL-M-GSpan algorithm always has a better accuracy rate close to 95%, while the TS-M-GSpan algorithm always has a better recall rate.

ZHENG Fengzhou,CHEN Wenguang,YANG Bo,ZHENG Weimin

DOI: https://doi.org/10.3321/j.issn:1000-0054.2000.01.020

2000-01-01

Abstract:Data dependence analysis is one of the most important techniques for the exploitation of the inherent parallelism in sequential programs, but traditional automatic data dependence analysis can not manipulate the complexities of real applications. In addition, programs have some semantic information that the automatic tools can never know without the user's knowledge. This situation has limited the performance of automatic parallelizing systems. This paper describes a new technique, interactive data dependence analysis, to improve data dependence analysis. A data dependence information extractor is developed to transform the uncertain result of the automatic data dependence analysis into some simple questions submitted to the user, to combine the power of the computer and the user to improve the data dependence analysis and thus, the performance of parallelizing systems. The interactive data dependence analysis has been implemented in TIPS, a parallelizing compiler being developed at Tsinghua University.

Wei He

DOI: https://doi.org/10.48550/arXiv.1906.11929

2019-06-28

Abstract:Compilers can specialize programs having invariants for performance improvement. Detecting program invariants that span large and complex code, however, is difficult for compilers. Traditional compilers do not perform very expensive analysis and thus only identify limited invariants, which limits the potential of subsequent optimizations. We would like to address the invariant detection problem via more sophisticated analyses using program verification tools. In this paper, we reveal pitfalls of choosing program verification tools for invariant detection, identify challenges of modeling program behavior using one of these tools---CVC4, and propose some ideas about how to address the challenges.

Programming Languages

Yao Shi,Soyeon Park,Zuoning Yin,Shan Lu,Yuanyuan Zhou,Wenguang Chen,Weimin Zheng

DOI: https://doi.org/10.1145/1932682.1869474

2010-01-01

ACM SIGPLAN Notices

Abstract:Software bugs, such as concurrency, memory and semantic bugs, can significantly affect system reliability. Although much effort has been made to address this problem, there are still many bugs that cannot be detected, especially concurrency bugs due to the complexity of concurrent programs. Effective approaches for detecting these common bugs are therefore highly desired. This paper presents an invariant-based bug detection tool, DefUse, which can detect not only concurrency bugs (including the previously under-studied order violation bugs), but also memory and semantic bugs. Based on the observation that many bugs appear as violations to programmers' data flow intentions, we introduce three different types of definition-use invariants that commonly exist in both sequential and concurrent programs. We also design an algorithm to automatically extract such invariants from programs, which are then used to detect bugs. Moreover, DefUse uses various techniques to prune false positives and rank error reports. We evaluated DefUse using sixteen real-world applications with twenty real-world concurrency and sequential bugs. Our results show that DefUse can effectively detect 19 of these bugs, including 2 new bugs that were never reported before, with only a few false positives. Our training sensitivity results show that, with the benefit of the pruning and ranking algorithms, DefUse is accurate even with insufficient training.

Hong Lu,Huitao Wang,Jiacheng Gui,Panfeng Chen,Hao Huang

DOI: https://doi.org/10.1016/j.cola.2022.101135

IF: 1.778

2022-01-01

Journal of Computer Languages

Abstract:Inspired by the procedure that experts construct loop invariants, we propose a novel data-driven approach to automatically infer loop invariants. The approach consists of two phases, data-driven inference of candidate invariants and validity check of loop invariants. Inspired by the procedure that experts construct loop invariants, we propose a novel data-driven approach to automatically infer loop invariants for C programs. The approach consists of two phases, data-driven inference of candidate invariants and validity check of loop invariants. The first phase generates candidate invariants by solving polynomial equations and synthesizing the extended loop conditions. The second phase prunes out spurious predicates and redundant predicates in the candidate invariants. The experimental results demonstrate that the proposed approach generates valid invariants for 35 benchmarks out of 38. The proposed approach costs less time to generate more informative and precise invariants than the state-of-the-art methods.

TANG Lei,LI Chun-ping,YANG Liu

DOI: https://doi.org/10.3969/j.issn.1002-137x.2013.05.040

2013-01-01

Computer Science

Abstract:Nowadays the human beings are more and more reliant on software systems which have high reliability and usability,and the technology of software defect prediction has been one of the most active parts of software engineering.This paper introduced the technology of software defect prediction on the basis of sequential pattern mining and designed a model for software defect prediction with the technology of mining statistically significant pattern.It described the architecture and detailed implementation of the algorithms named and STAMP.The model using InfoMiner and STAMP to mine patterns,chi-square test to feature selection and SVM to classify can find unknown defects with high probability.Experimental results show that the model is able to get high prediction accuracy,so that it is valua-ble and has future prospects.

Wh Yuan,Xk Chen,T Xie,H Mei,Fq Yang

DOI: https://doi.org/10.1109/TOOLS.1998.713598

1998-01-01

Abstract:Program information extracted from source codes is valuable for research in many software engineering fields. Many program analysis tools in these fields usually share some common program information. To support multiple analysis tools based on common program information, it is practical and feasible to store information into database. This paper describes a C++ program information database, which is comprehensive enough to support many analysis tools. To employ the idea of incremental paring, the C++ program information database is linked by multiple incremental databases, which, in turn, are built by extracting information from source codes according to a C++ program conceptual model.

ThanhVu Nguyen,Deepak Kapur,Westley Weimer,Stephanie Forrest

DOI: https://doi.org/10.1145/2568225.2568275

2019-04-16

Abstract:Program invariants are important for defect detection, program verification, and program repair. However, existing techniques have limited support for important classes of invariants such as disjunctions, which express the semantics of conditional statements. We propose a method for generating disjunctive invariants over numerical domains, which are inexpressible using classical convex polyhedra. Using dynamic analysis and reformulating the problem in non-standard "max-plus" and "min-plus" algebras, our method constructs hulls over program trace points. Critically, we introduce and infer a weak class of such invariants that balances expressive power against the computational cost of generating nonconvex shapes in high dimensions. Existing dynamic inference techniques often generate spurious invariants that fit some program traces but do not generalize. With the insight that generating dynamic invariants is easy, we propose to verify these invariants statically using k-inductive SMT theorem proving which allows us to validate invariants that are not classically inductive. Results on difficult kernels involving nonlinear arithmetic and abstract arrays suggest that this hybrid approach efficiently generates and proves correct program invariants.

Software Engineering,Programming Languages

GU Zheng-hua,TANG Hong-wu,DUAN Zi-bing

DOI: https://doi.org/10.3969/j.issn.1005-9865.2006.03.014

2006-01-01

Abstract:In the past artificial analysis of experimental data,those rich measured data were not utilized enough and effectively because of relatively unadvanced and simple analysis means in two aspects: 1) some physical knowledges which can be discovered from the data were not found adequately;2) some physical rules were misapprehensively judged out due to the influence of a few inaccurate data.To solve those problems,a pattern of experiment data mining is presented in this paper by combining artificial neural networks theory with π theorem.It was applied to natural analysis of greyhound's wake field,and results indicate that the pattern can not only solve the above problems but also reduce the need of physical model experiment to group test number,and gain an unlinear formula which has harmonious dimension and uniform format.The pattern will improve the level of physical model experiment in KDD(Knowledge Discovery from Database).

SU Shao-Yong,PAN Jin-Gui

2005-01-01

Computer Science

Abstract:Software maintenance is one of the most important and difficulty stages in software process. Fortunately, the data mining technology has greatly improved the situation of software maintenance. This paper introduces the history of the application of data mining in software maintenance with three aspects: theapplicability of the technology, the typical steps and the major application fields; and based on it we study the key issues. This paper concludes with the directions for future work.

Shiyi Kong,Minyan Lu,Jun Ai,Shuguang Wang

DOI: https://doi.org/10.48550/arXiv.2110.06629

2021-10-13

Abstract:Modern software systems become too complex to be tested and validated. Detecting software partial failures in complex systems at runtime assist to handle software unintended behaviors, avoiding catastrophic software failures and improving software runtime availability. These detection techniques aim to find the manifestation of faults before they finally lead to unavoidable failures, thus supporting following runtime fault tolerant techniques. We review the state of the art articles and find that the content failures account for the majority of all kinds of software failures, but its detection methods are rarely studied. In this work, we propose a novel failure detection indicator based on the software runtime dynamic execution information for software content failures. The runtime information is recorded during software execution, then transformed to a measure named runtime entropy and finally fed into machine learning models. The machine learning models are built to classify the intended and unintended behaviors of the objected software systems. A series of controlled experiments on several open source projects are conducted to prove the feasibility of the method. We also evaluate the accuracy of machine learning models built in this work.

Software Engineering,Systems and Control

Zhenpeng Fang,Xibin Zhao,Min Zhou

DOI: https://doi.org/10.1109/compsac.2017.149

2017-01-01

Abstract:Program invariant is formal description of properties that should hold at certain program location in every valid execution. It is very useful for program analysis and verification. In this paper, we introduce an abstraction interpretation approach for generating program invariant efficiently and precisely. A polynomial interval domain is proposed for representing abstract state and precise loop effect is summarized by recognizing and solving recurrence relations. Our method has implemented and its effectiveness is shown in various kinds of cases. Experiment results show that our approach generates more accurate program invariants quickly.

Yuan Xia,Jyotirmoy V. Deshmukh,Mukund Raghothaman,Srivatsan Ravi

2023-12-29

Abstract:Automatic verification of concurrent programs faces state explosion due to the exponential possible interleavings of its sequential components coupled with large or infinite state spaces. An alternative is deductive verification, where given a candidate invariant, we establish inductive invariance and show that any state satisfying the invariant is also safe. However, learning (inductive) program invariants is difficult. To this end, we propose a data-driven procedure to synthesize program invariants, where it is assumed that the program invariant is an expression that characterizes a (hopefully tight) over-approximation of the reachable program states. The main ideas of our approach are: (1) We treat a candidate invariant as a classifier separating states observed in (sampled) program traces from those speculated to be unreachable. (2) We develop an enumerative, template-free approach to learn such classifiers from positive and negative examples. At its core, our enumerative approach employs decision trees to generate expressions that do not over-fit to the observed states (and thus generalize). (3) We employ a runtime framework to monitor program executions that may refute the candidate invariant; every refutation triggers a revision of the candidate invariant. Our runtime framework can be viewed as an instance of statistical model checking, which gives us probabilistic guarantees on the candidate invariant. We also show that such in some cases, our counterexample-guided inductive synthesis approach converges (in probability) to an overapproximation of the reachable set of states. Our experimental results show that our framework excels in learning useful invariants using only a fraction of the set of reachable states for a wide variety of concurrent programs.

Programming Languages,Systems and Control

Nitin Kanaskar,Remzi Seker,Jiang Bian,Vir V. Phoha

DOI: https://doi.org/10.1109/TSMCC.2012.2208187

2012-01-01

Abstract:Code injection is a common approach which is utilized to exploit applications. We introduce some of the well-established techniques and formalisms of dynamical system theory into analysis of program behavior via system calls to detect code injections into an applications execution space. We accept a program as a blackbox dynamical system whose internals are not known, but whose output we can observe. The blackbox system observable in our model is the system calls the program makes. The collected system calls are treated as signals which are used to reconstruct the system’s phase space. Then, by using the well-established techniques from dynamical system theory, we quantify the amount of complexity of the system’s (program’s) behavior. The change in the behavior of a compromised system is detected as anomalous behavior compared with the baseline established from a clean program. We test the proposed approach against DARPA-98 dataset and a real-world exploit and present code injection experiments to show the applicability of our approach.

XY Wang,JL Sun,XH Yang,ZJ He,SR Maddineni

DOI: https://doi.org/10.1109/icsmc.2004.1400866

2004-01-01

Abstract:Experience in reengineering legacy system shows one shouldn't assume the availability of the system documents; even if they are available, the documents may be inconsistent with the code. The software code becomes more reliable source than any documentation to get business rules. So, it is necessary to extract the business rules from source code. Domain variables can be mapped to important objects in the application domain. Identifying domain variables is a significant step in extracting the business rules from the source code. This paper proposes a solution to identify the domain variables automatically from the source code by applying data dependence graph (DDG). The solution contains three steps: generating the DDG of legacy system; identifying pure domain variables; identifying all domain variables which affect output domain variables; domain variables management. This solution been applied to a large complex financial legacy system which has proven to be successful.

Suresh Thummalapenta,Tao Xie

DOI: https://doi.org/10.1007/s10515-011-0086-z

IF: 1.677

2011-01-01

Automated Software Engineering

Abstract:To improve software quality, static or dynamic defect-detection tools accept programming rules as input and detect their violations in software as defects. As these programming rules are often not well documented in practice, previous work developed various approaches that mine programming rules as frequent patterns from program source code. Then these approaches use static or dynamic defect-detection techniques to detect pattern violations in source code under analysis. However, these existing approaches often produce many false positives due to various factors. To reduce false positives produced by these mining approaches, we develop a novel approach, called Alattin, that includes new mining algorithms and a technique for detecting neglected conditions based on our mining algorithm. Our new mining algorithms mine patterns in four pattern formats: conjunctive, disjunctive, exclusive-disjunctive, and combinations of these patterns. We show the benefits and limitations of these four pattern formats with respect to false positives and false negatives among detected violations by applying those patterns to the problem of detecting neglected conditions.

Juan Zhai,Hanfei Wang,Jianhua Zhao

DOI: https://doi.org/10.1109/sere-c.2014.40

2014-01-01

Abstract:In the automatic code verification, it is often necessary for programmers to provide logical annotations in the form of pre-/post-conditions and loop invariants. In this paper, we propose a framework that automatically infers loop invariants of loops manipulating commonly-used data structures. These data structures include one-dimensional arrays, singly-linked lists, doubly-linked lists and static lists. In practical cases, a majority of the loops operating on such data structures work by iterating over the elements of these data structures. The loop invariants of this kind of loops are usually similar in form with their corresponding post-conditions. The framework takes advantage of this observation by generating invariant candidates automatically from a given post-condition following several heuristics. These invariant candidates are subsequently validated via the SMT solver Z3 and the weakest-precondition calculator provided in the interactive code-verification tool Accumulator. The framework, which has been implemented for a small C-like language, suffices to infer suitable loop invariants of a range of loops w.r.t. given post-conditions. The framework has been integrated into the tool Accumulator to ease the verification tasks by alleviating the burden of providing loop invariants manually.

Q Wei,GQ Chen

DOI: https://doi.org/10.1002/int.20038

IF: 8.993

2004-01-01

International Journal of Intelligent Systems

Abstract:Functional dependency (FD) is an important type of semantic knowledge reflecting integrity constraints in databases, and has nowadays attracted an increasing amount of research attention in data mining. Traditionally, FD is defined in the light of precise or complete data, and can hardly tolerate partial truth due to imprecise or incomplete data (such as noises, nulls, etc.) that may often exist in massive databases, or due to a very tiny insignificance of tuple differences in a huge volume of data. Based on the notion of functional dependencies with degrees of satisfaction (FDs)d, this article presents an efficient approach to discovering all satisfied (FDs)d using some important results obtained from exploration of (FDs)d properties such as extended Armstrong-like axioms and their derivatives. In this way, many dependencies can be inferred from previously discovered ones without scanning databases, and those unsatisfied ones could be filtered out inside (rather than after) the mining process. Fuzzy relation matrix operation is used to infer transitive dependencies in the mining algorithm. Finally, the efficiency is demonstrated with data experiments. © 2004 Wiley Periodicals, Inc. Int J Int Syst 19: 1089–1110, 2004.

Li Xiaoming,Chen Daoxu,Xie Li

DOI: https://doi.org/10.1109/hpc.2000.846548

2000-01-01

Abstract:The data dependence analysis is a hard problem, particularly in the presence of data structures similar to the pointer. The inheritance and the polymorphism in object-oriented languages provide program design and software engineering with new methods. But, at the same time, they bring about more barriers to dependence analysis for object-oriented languages. This paper proposes an object-oriented data dependence analysis model, ODAM. The model can present and analyze the specific concepts in OO languages. We mainly discuss the framework and the key techniques of ODAM, including the object hierarchy graph, the merging of the read-write set and dependence analysis based on the object hierarchy graph.