C Fu,A Milanova,BG Ryder,DG Wonnacott

DOI: https://doi.org/10.1109/tse.2005.51

IF: 7.4

2005-01-01

IEEE Transactions on Software Engineering

Abstract:This paper presents a new compile-time analysis that enables a testing methodology for white-box coverage testing of error recovery code (i.e., exception handlers) of server applications written in Java, using compiler-directed fault injection. The analysis allows compiler-generated instrumentation to guide the fault injection and to record the recovery code exercised. (An injected fault is experienced as a Java exception.) The analysis 1) identifies the exception-flow "def-uses" to be tested in this manner, 2) determines the kind of fault to be requested at a program point, and 3) finds appropriate locations for code instrumentation. The analysis incorporates refinements that establish sufficient context sensitivity to ensure relatively precise def-use links and to eliminate some spurious def-uses due to demonstrably infeasible control flow. A runtime test harness calculates test coverage of these links using an exception def-catch metric. Experiments with the methodology demonstrate the utility of the increased precision in obtaining good test coverage on a set of moderately sized server benchmarks.

Chen Fu,Barbara G. Ryder,Ana Milanova,David Wonnacott

DOI: https://doi.org/10.1145/1007512.1007516

2004-01-01

ACM SIGSOFT Software Engineering Notes

Abstract:This paper presents a new compile-time analysis that enables a testing methodology for white-box coverage testing of error recovery code (i.e., exception handlers) in Java web services using compiler-directed fault injection. The analysis allows compiler-generated instrumentation to guide the fault injection and to record the recovery code exercised. (An injected fault is experienced as a Java exception.) The analysis (i) identifies the exception-flow 'def-uses' to be tested in this manner, (ii) determines the kind of fault to be requested at a program point, and (iii) finds appropriate locations for code instrumentation. The analysis incorporates refinements that establish sufficient context sensitivity to ensure relatively precise def-use links and to eliminate some spurious def-uses due to demonstrably infeasible control flow. A runtime test harness calculates test coverage of these links using an exception def-catch metric. Experiments with the methodology demonstrate the utility of the increased precision in obtaining good test coverage on a set of moderately-sized Java web services benchmarks.

Chen Fu,Barbara G. Ryder

2018-01-01

Abstract:Server applications are expected to handle lower level faults and keep them from bringing down the whole system. Java provides a program-level exception handling mechanism in response to error conditions (that are translated into exceptions by Java VM). However, exception handling code is often widely scattered throughout an application and untested. This paper presents a program visualization tool ExTest that shows precisely all the handlers for exceptions triggered by certain kinds of operations, and for each of these handlers all the witness paths of how the operation would be triggered. Thus ExTest helps programmers understand the exception handling behavior of Java programs and also facilitates testing exception handling code.

Chen Fu,Barbara G. Ryder

DOI: https://doi.org/10.1109/icse.2007.35

2007-01-01

Abstract:Although it is common in large Java programs to rethrow exceptions, existing exception-flow analyses find only single exception-flow links, thus are unable to identify multiple-link exception propagation paths. This paper presents a new static analysis that, when combined with previous exception-flow analyses, computes chains of semantically-related exception-flow links, and thus reports entire exception propagation paths, instead of just discrete segments of them. These chains can be used 1) to show the error handling architecture of a system, 2) to assess the vulnerability of a single component and the whole system, 3) to support better testing of error recovery code, and 4) to facilitate the tracing of the root cause of a logged problem. Empirical findings and a case history for Tomcat show that a significant portion of the chains found in our benchmarks span multiple components, and thus are hard to find manually.

Jiawei Han,Chao Liu

2008-01-01

Abstract:Recent years have seen great advances in software engineering and programming languages. Unfortunately, software is still far from bug-free, even for those deployed. Static analysis is a good approach to eliminating numerous bugs, but its conservative nature of analysis unavoidably constrains its capacity. Dynamic analysis, on the other hand, utilizes program runtime execution data, which complements static approaches. This thesis describes three dynamic techniques that leverage program runtime data to improve software quality.First, we present a statistical debugging algorithm, called S OBER, which automatically localizes software faults without any prior knowledge of the program semantics. This statistical debugging alleviates the high cost associated with manual debugging. Featuring a similar rationale to hypothesis testing, SOBER quantifies the fault relevance of each predicate in a principled way. We systematically evaluate S OBER under the same setting as previous studies, and compare S OBER with other seven algorithms. The result clearly demonstrates the advantages of SOBER over existing approaches.Second, we discuss automated program failure triage, which is a closely related problem with automated debugging. Recent software systems usually feature an automated failure reporting component, with which a huge number of failures are collected from software end-users. In order to effectively leverage the valuable program failure data, the collected failures need to be first triaged, i.e., to locate the most severe failures, and to assign them to appropriate developers. Lying in the center of failure triage is failure indexing, which tries to group failures due to the fault together. In this thesis, we propose a statistical debugging-based approach to program failure triage, called R-PROXIMITY, which better indexes failures and facilitates failure assignment than existing approaches. Finally, we describe a program dynamic slicing-based approach to failure indexing, which complements R-PROXIMITY. R-PROXIMITY is a quality failure indexing tool, but its effectiveness relies on a sufficient number of correct executions, which may or may not be available in practice. The proposed dynamic slicing-based approach does not require any correct executions, and hence perfectly complements R-PROXIMITY . All the three techniques are subject to three mid-sized programs grep, gzip, and flex, and the result validates their advancement of the state of the art.

Chen Fu,Richard P. Martin,Kiran Nagaraja,Thu D. Nguyen,Barbara G. Ryder,David Wonnacott

DOI: https://doi.org/10.1109/DSN.2003.1209969

2003-01-01

Abstract:We present a new approach that uses compiler-directed fault-injection for coverage testing of recovery code in Internet services to evaluate their robustness to operating system and I/O hardware faults. We define a set of program fault coverage metrics that enable quantification of Java catch blocks exercised during fault-injection experiments. We use compiler analyses to instrument application code in two ways: to direct fault injection to occur at appropriate points during execution, and to measure the resulting coverage. As a proof of concept for these ideas, we have applied our techniques manually to Muffin, a proxy server; we obtained a high degree of coverage of catch blocks, with, on average, 85% of the expected faults per catch being experienced as caught exceptions.

Gang Huang,Weihu Wang,Tiancheng Liu,Hong Mei

DOI: https://doi.org/10.1016/j.jss.2011.02.008

2013-01-01

Quality Engineering

Abstract:Being a popular runtime infrastructure in the era of Internet, middleware provides more and more services to support the development, deployment and management of distributed systems. At the same time, the reliability of middleware services has a significant impact on the overall reliability of the system. Different services have different impacts and different service fault-tolerance solutions have different costs and risks. Therefore, the identification of the services that greatly affect the whole system reliability is the major obstacle to achieving reliable middleware-based systems. In this paper, we present an analytical framework to automatically reason and quantify such impacts when deploying the target system. In this framework, faults are represented by exceptions in modern programming languages; service failures are simulated by software fault injection; reliability impacts are measured by scenarios. This framework is demonstrated on multiple JEE application servers, including JBoss, JonAS and PKUAS. The experiments on two JEE blueprint applications, namely JPS and ECperf, show the feasibility, the applicability and the usability of this framework.

Gang Huang,Weihu Wang,Tiancheng Liu,Hong Mei

2013-01-01

Quality Engineering

Abstract:Being a popular runtime infrastructure in the era of Internet, middleware provides more and more services to support the development, deployment and management of distributed systems. At the same time, the reliability of middleware services has a significant impact on the overall reliability of the system. Different services have different impacts and different service fault-tolerance solutions have different costs and risks. Therefore, the identification of the services that greatly affect the whole system reliability is the major obstacle to achieving reliable middleware-based systems. In this paper, we present an analytical framework to automatically reason and quantify such impacts when deploying the target system. In this framework, faults are represented by exceptions in modern programming languages; service failures are simulated by software fault injection; reliability impacts are measured by scenarios. This framework is demonstrated on multiple JEE application servers, including JBoss, JonAS and PKUAS. The experiments on two JEE blueprint applications, namely JPS and ECperf, show the feasibility, the applicability and the usability of this framework.

Ruizhi Gao,W. Eric Wong,Zhenyu Chen,Yabin Wang

DOI: https://doi.org/10.1007/s11219-015-9295-1

2015-01-01

Software Quality Journal

Abstract:Software has become ubiquitous in our daily lives, and with its increasing functionality and complexity comes a frequently tedious and prolonged debugging process. Of the three activities in program debugging (failure detection, fault localization, and bug fixing), the focus of this paper is on the first, failure detection, under the condition that there is no test oracle that can be used to automatically determine the success or failure of all the executions. More precisely, the outputs for many executions have to be verified manually, or the expected outputs are not even available. We want to determine whether there is a solution to help programmers predict the execution results. How good are these predicted results when they are used to help programmers find the locations of bugs? A framework is proposed to reduce the effort on output verification using a strategy based on the Hamming distance or K-Means clustering to predict results of test executions. Such data and the statement coverage of each test case are used to compute the suspiciousness of each statement according to a fault localization technique and produce a ranking for examination to locate bugs. Case studies using 22 programs and seven fault localization techniques were conducted to evaluate the fault localization effectiveness of the proposed framework on 1203 faulty versions, some of which have a single bug and others with multiple bugs. A discussion on factors that may affect the accuracy of execution result prediction and the resulting fault localization effectiveness is also presented. Our data suggests that, in general, with respect to fault localization techniques using execution results verified against the expected outputs, those using predicted execution results can be even more effective than (by examining a smaller number of statements to locate the first faulty statement) or as good as the former (the verified).

Chao Liu,Long Fei,Xifeng Yan,Jiawei Han,Samuel P. Midkiff

DOI: https://doi.org/10.1109/TSE.2006.105

IF: 7.4

2006-01-01

IEEE Transactions on Software Engineering

Abstract:Manual debugging is tedious, as well as costly. The high cost has motivated the development of fault localization techniques, which help developers search for fault locations. In this paper, we propose a new statistical method, called Sober, which automatically localizes software faults without any prior knowledge of the program semantics. Unlike existing statistical approaches that select predicates correlated with program failures, Sober models the predicate evaluation in both correct and incorrect executions and regards a predicate as fault-relevant if its evaluation pattern in incorrect executions significantly diverges from that in correct ones. Featuring a rationale similar to that of hypothesis testing, Sober quantifies the fault relevance of each predicate in a principled way. We systematically evaluate Sober under the same setting as previous studies. The result clearly demonstrates the effectiveness: Sober could help developers locate 68 out of the 130 faults in the Siemens suite by examining no more than 10 percent of the code, whereas the Cause Transition approach proposed by Holger et al. [6] and the statistical approach by Liblit et al. [12] locate 34 and 52 faults, respectively. Moreover, the effectiveness of Sober is also evaluated in an "imperfect world,” where the test suite is either inadequate or only partially labeled. The experiments indicate that Sober could achieve competitive quality under these harsh circumstances. Two case studies with grep 2.2 and bc 1.06 are reported, which shed light on the applicability of Sober on reasonably large programs.

Jun Zhu,Jing Xie,Heather Richter Lipford,Bill Chu

DOI: https://doi.org/10.1016/j.jare.2013.11.006

IF: 12.822

2014-01-01

Journal of Advanced Research

Abstract:Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

Jiang Shujuan,Xu Baowen

DOI: https://doi.org/10.3969/j.issn.1003-7985.2007.04.010

2007-01-01

Abstract:To solve the problems that the exception handling code is hard to test and maintain and that it affects the robustness and reliability of software, a method for evaluating the exception handling of programs is presented. The exception propagation graph (EPG) that describes the large programs with exception handling constructs is proposed by simplifying the control flow graph and it is applied to a case to verify its validity.According to the EPG, the exception handling code that never executes is identified;the points that are the most critical to controlling exception propagation are found;and the irrational exception handling code is corrected. The constructing algorithm for the EPG is given;thus, this provides a basis for automatically constructing the EPG and automatically correcting the irrational exception handling code.

Hao Zhang,Ji Luo,Mengze Hu,Jun Yan,Jian Zhang,Zongyan Qiu

DOI: https://doi.org/10.1109/icse48619.2023.00098

2023-01-01

Abstract:Exception handling is a mechanism in modern programming languages. Studies have shown that the exception handling code is error-prone. However, there is still limited research on detecting exception handling bugs, especially for C++ programs. To tackle the issue, we try to precisely represent the exception control flow in C++ programs and propose an analysis method that makes use of the control flow to detect such bugs. More specifically, we first extend control flow graph by introducing the concepts of five different kinds of basic blocks, and then modify the classic symbolic execution framework by extending the program state to a quadruple and properly processing try, throw and catch statements. Based on the above techniques, we develop a static analysis tool on the top of Clang Static Analyzer to detect exception handling bugs. We run our tool on projects with high stars from GitHub and find 36 exception handling bugs in 8 projects, with a precision of 84%. We compare our tool with four state-of-the-art static analysis tools (Cppcheck, Clang Static Analyzer, Facebook Infer and IKOS) on projects from GitHub and handmade benchmarks. On the GitHub projects, other tools are not able to detect any exception handling bugs found by our tool. On the handmade benchmarks, our tool has a significant higher recall.

JIANG Shu-juan,XU Bao-wen,JIANG Yuan-peng

2008-01-01

Computer Science

Abstract:Exception handling is a technology that tests and handles exception.Exception propagation induces a control flow other than the main control flow,so it changes the data flows,control flows of programs and the dependence relationshi Pbetween the structure elements of programs.For the analysis of C++ programs to be correct and precise,the flows induced by exception propagation must be properly analyzed.The paper describes the design and implementation of the CETool,an exception propagation analysis tool we have developed to provide exception propagation information for C++ systems.The CETool can effectively analyze the exception propagation of C++ program.It can provide the local information of the exception propagation of an exception,and also the whole information of exception propagation for the program.The information is helpful to analyze exception propagation,analyze exception propagation path,and support the improvements to the exception handling structure of a system.

Yanmei Zhang,Shujuan Jiang,Wen Li,Guan Yuan

DOI: https://doi.org/10.1109/CISE.2009.5362699

2009-01-01

Abstract:The control dependency information of inter-class is the foundation of inter-class data-flow testing. This paper proposes an approach to analyzing inter-class control dependence of Java programs with exception-handling constructs by studying the effects of the exception propagation on the dependency in the cluster-level testing of object-oriented programs. According to the relationships of classes, such as inheritance, aggregation and association, we incrementally construct an inter-class control flow graph and presented an efficient algorithm. Finally we apply the analysis method to inter-class program slice. The results show that our inter-class program slice brings about the improvement of the slice accuracy through the analysis the influence of exception-handling structure.

Chen Fu,Barbara G. Ryder

DOI: https://doi.org/10.1145/1117696.1117705

2005-01-01

Abstract:ABSTRACTJava provides a program-level exception handling mechanism in response to error conditions (that are translated into exceptions by Java VM). However, exception handling code is often widely scattered throughout an application and untested. This paper presents a program visualization tool ExTest that shows quite precisely all the handlers for exceptions triggered by certain kinds of operations, and for each of these handlers, all the witness paths of how the operation would be triggered. Thus, ExTest helps programmers understand the exception handling behavior of Java programs and also facilitates testing exception handling code.

Jingxuan Tu,Lin Chen,Yuming Zhou,Jianjun Zhao,Baowen Xu

DOI: https://doi.org/10.1109/QSIC.2012.30

2012-01-01

Abstract:Spectrum-based fault localization (SFL) is a lightweight automated diagnosis technique. However, when applied to object-oriented programs, its diagnostic accuracy is limited as suspicious statements are distributed in different classes. In this paper, we propose an approach to leveraging method call anomalies to improve the effectiveness of SFL techniques for locating faulty statements in an object oriented program. First, we compute the suspiciousness for each class based on the difference in its method call sequences between passed and failed runs. Then, we use the suspiciousness information of classes to refine SFL ranks in order to enhance their fault localization effectiveness of object-oriented software. The empirical results show that the proposed approach is able to improve the effectiveness of SFL techniques.

Han Wan,Wenhao Nie,Shiyang Yue,Xiaoyan Luo

DOI: https://doi.org/10.1109/compsac61105.2024.00023

2024-01-01

Abstract:In programming teaching, teachers or teaching assistants often need to spend a lot of energy helping students solve the problems they face when doing programming. It will be helpful to provide students with valuable programming feedback, such as information on faulty lines. However, most existing algorithms do not perform well on novice programs. Therefore, considering the background in programming teaching, we proposed a novel approach combining static analysis with dynamic detection by using the correct programs submitted by previous students and coverage information for the incorrect program. In particular, the core of the static analysis module is to locate specific faulty lines through syntax tree difference comparison, which includes matching similar programs, variable mapping and replacement, and fault localization based on abstract syntax tree differences. The core of the module on dynamic detection is to perform traditional Spectrum-based Fault Localization. To evaluate the effectiveness of our proposed approach, we conducted some empirical studies on 223 student-failure programs in the real world. The experimental results indicate that our approach outperforms other baselines regarding TOP-l and TOP-3. Furthermore, we analyzed the performance of our method on different categories of programming problems as well as the effectiveness of the combination of static analysis and dynamic detection.

SJ Jiang,BW Xu

DOI: https://doi.org/10.1145/1052659.1052664

2005-01-01

Abstract:This paper proposes an exception handling mechanism for developing reliable object-oriented systems based on analyzing some problems encountered in the C++ programming language. The exceptions are organized into a knowledge sharing inheritance hierarchy and the handlers can be defined within exception classes. This enables the information to be hidden. The separation between the normal codes and the exception handling codes makes the program neat and maintainable. It supports both the termination and the retry model. Binding the exception to the object responsible for its raise can solve the issue of matching the handler relying on only the exception type.

Huo Yan Chen

DOI: https://doi.org/10.1109/icsmc.2002.1175575

2002-01-01

Abstract:To enhance the reliability and quality, software systems should be tested. The object-oriented paradigm is regarded as a most promising methodology for software development. The testing for object-oriented software systems is more difficult and more complex than that for traditional programming systems. In this paper, we describe an approach for object-oriented testing at the method-level. Our approach applies the data flow analysis method combined with state transition diagram technique, access protection checking technique, and compiler technique to the object-oriented method-level tests. Based on this approach, a prototype for C++ programs has been implemented. Some experimental results on this prototype are presented. The experimental results on the prototype indicate that the approach can reveal data flow errors in C++ programs as anticipation. It supplements our previous approaches for object-oriented testing at the class- and cluster-levels.