Chao Ni,Cong Tian,Kaiwen Yang,David Lo,Jiachi Chen,Xiaohu Yang

DOI: https://doi.org/10.1109/saner56733.2023.00020

2023-01-01

Abstract:Smart contract, a special software code running on and resided in the blockchain, enlarges the general application of blockchain and exchanges assets without dependence of external parties. With blockchain’s characteristic of immutability, they cannot be modified once deployed. Thus, the contract and the records are persisted on the blockchain forever, including failed transactions that are caused by runtime errors and result in the waste of computation, storage, and fees. In this paper, we refer to smart contracts which will cause runtime errors as crash-inducing smart contracts. However, automatic identification of crash-inducing smart contracts is limited investigated in the literature. The existing approaches to identify crash-inducing smart contracts are either limited in finding vulnerability (e.g., pattern-based static analysis) or very expensive (e.g., program analysis), which is insufficient for Ethereum.To reduce runtime errors on Ethereum, we propose an efficient, generalizable, and machine learning-based crash-inducing smart contract detector, CRASHSCDET, to automatically identify crash-inducing smart contracts. To investigate the effectiveness of CRASHSCDET, we firstly propose 34 static source code metrics from four dimensions (i.e., complexity metrics, count metrics, object-oriented metrics, and Solidity-specific metrics) to characterize smart contracts. Then, we collect a large-scale dataset of verified smart contracts (i.e., 54,739) and label these smart contracts based on their execution traces on Etherscan. We make a comprehensive comparison with three state-of-the-art approaches and the results show that CRASHSCDET can achieve good performance (i.e., 0.937 of F1-measure and 0.980 of AUC on average) and statistically significantly improve the baselines by 0.5%-60.4% in terms of F1-measure and by 41.2%-44.3% in terms of AUC, which indicates the effectiveness of static source code metrics in identifying crash-inducing smart contracts. We further investigate the importance of different types of metrics and find that metrics in different dimensions have varying abilities to depict the characteristic of smart contracts. Especially, metrics belonging to the "Count" dimension are the most discriminative ones but combining all metrics can achieve better prediction performance.

Haoye Wang,Xin Xia,David Lo,John Grundy,Xinyu Wang

DOI: https://doi.org/10.1109/icse43902.2021.00117

2021-01-01

Abstract:The causes of software crashes can be hidden anywhere in the source code and development environment. When encountering software crashes, recurring bugs that are discussed on Q&A sites could provide developers with solutions to their crashing problems. However, it is difficult for developers to accurately search for relevant content on search engines, and developers have to spend a lot of manual effort to find the right solution from the returned results. In this paper, we present CraSolver, an approach that takes into account both the structural information of crash traces and the knowledge of crash-causing bugs to automatically summarize solutions from crash traces. Given a crash trace, CraSolver retrieves relevant questions from Q&A sites by combining a proposed position dependent similarity - based on the structural information of the crash trace - with an extra knowledge similarity, based on the knowledge from official documentation sites. After obtaining the answers to these questions from the Q&A site, CraSolver summarizes the final solution based on a multi-factor scoring mechanism. To evaluate our approach, we built two repositories of Java and Android exception-related questions from Stack Overflow with size of 69,478 and 33,566 questions respectively. Our user study results using 50 selected Java crash traces and 50 selected Android crash traces show that our approach significantly outperforms four baselines in terms of relevance, usefulness, and diversity. The evaluation also confirms the effectiveness of the relevant question retrieval component in our approach for crash traces.

Jayashree Mohan,Ashlie Martinez,Soujanya Ponnapalli,Pandian Raju,Vijay Chidambaram

DOI: https://doi.org/10.48550/arXiv.1810.02904

2018-10-06

Abstract:We present a new approach to testing file-system crash consistency: bounded black-box crash testing (B3). B3 tests the file system in a black-box manner using workloads of file-system operations. Since the space of possible workloads is infinite, B3 bounds this space based on parameters such as the number of file-system operations or which operations to include, and exhaustively generates workloads within this bounded space. Each workload is tested on the target file system by simulating power-loss crashes while the workload is being executed, and checking if the file system recovers to a correct state after each crash. B3 builds upon insights derived from our study of crash-consistency bugs reported in Linux file systems in the last five years. We observed that most reported bugs can be reproduced using small workloads of three or fewer file-system operations on a newly-created file system, and that all reported bugs result from crashes after fsync() related system calls. We build two tools, CrashMonkey and ACE, to demonstrate the effectiveness of this approach. Our tools are able to find 24 out of the 26 crash-consistency bugs reported in the last five years. Our tools also revealed 10 new crash-consistency bugs in widely-used, mature Linux file systems, seven of which existed in the kernel since 2014. Our tools also found a crash-consistency bug in a verified file system, FSCQ. The new bugs result in severe consequences like broken rename atomicity and loss of persisted files.

Operating Systems

Chen Bing,Qingkai Zeng,Weiguang Wang

DOI: https://doi.org/10.1145/2554850.2554875

2014-01-01

Abstract:Concolic testing is a popular method based on symbolic execution and constraint solving, designed for security testing of applications. Unfortunately, the current effectiveness of concolic testing tools are limited when testing large applications due to the enormous number of control paths and limited budget. In this paper, we introduce selective symbolic execution, path selecting, random and incorrect seed input, three approaches to ease the path explosion and speed up bugs exploration. We also develop Crashmaker, a dynamic symbolic execution tool based on Valgrind and constraints solver STP, implementing our three improvement measures. To check the effectiveness and efficiency of Crashmaker, we make experiments with 7 different real-life programs, and compare with Avalanche. The evaluation results show that Crashmaker can effectively find more bugs in a more efficient way.

Shuo Yang,Kai Wu,Yifan Qiao,Dong Li,Jidong Zhai

DOI: https://doi.org/10.1109/cluster.2017.61

2017-01-01

Abstract:Fault tolerance is one of the major design goals for HPC. The emergence of non-volatile memories (NVM) provides a solution to build fault tolerant HPC. Data in NVM-based main memory are not lost when the system crashes because of the non-volatility nature of NVM. However, because of volatile caches, data must be logged and explicitly flushed from caches into NVM to ensure consistence and correctness before crashes, which can cause large runtime overhead. In this paper, we introduce an algorithm-based method to establish crash consistence in NVM for HPC applications. We slightly extend application data structures or sparsely flush cache blocks, which introduce ignorable runtime overhead. Such extension or cache flushing allows us to use algorithm knowledge to reason data consistence or correct inconsistent data when the application crashes. We demonstrate the effectiveness of our method for three algorithms, including an iterative solver, dense matrix multiplication, and Monte-Carlo simulation. Based on comprehensive performance evaluation on a variety of test environments, we demonstrate that our approach has very small runtime overhead (at most 8.2% and less than 3% in most cases), much smaller than that of traditional checkpoint, while having the same or less recomputation cost.

Li Tan,Marc Charest,Nathan DeBardeleben,Qiang Guan,Ben Bergen

DOI: https://doi.org/10.48550/arXiv.1911.02114

2019-11-06

Abstract:The persistently growing resilience concerns of large-scale computing systems today require not only generic fault tolerance approaches, but also application-level resilience, due to demanding efficiency and various domain-specific requirements. Scientific applications within a particular domain generally comply with domain conservation laws, which can be leveraged as an error detection criterion to study the resilience of this domain of applications sharing similar program characteristics. However, it is challenging to achieve application resilience: (a) how to identify the invariants of a given domain of applications, knowing the conservation laws, and (b) how to utilize the invariants to efficiently detect and recover from failures in application runs. In this work, we target several continuum dynamics software packages, FleCSALE [1] and CODY [2] (with intrinsic invariants during computation), study their resilience to soft errors online (injected using an open-source fault injector), and investigate the opportunities for non-intrusive and lightweight failure recovery (checksum-based invariant checking). We propose a checksum-retry approach to achieve our goals, and experimental results on a virtualized platform with extensive fault injection campaigns demonstrate the effectiveness and efficiency of the proposed approach.

Distributed, Parallel, and Cluster Computing

Hayley LeBlanc,Shankara Pailoor,Isil Dillig,James Bornholt,Vijay Chidambaram

DOI: https://doi.org/10.48550/arXiv.2204.06066

2022-04-13

Abstract:We present a study of crash-consistency bugs in persistent-memory (PM) file systems and analyze their implications for file-system design and testing crash consistency. We develop FlyTrap, a framework to test PM file systems for crash-consistency bugs. FlyTrap discovered 18 new bugs across four PM file systems; the bugs have been confirmed by developers and many have been already fixed. The discovered bugs have serious consequences such as breaking the atomicity of rename or making the file system unmountable. We present a detailed study of the bugs we found and discuss some important lessons from these observations. For instance, one of our findings is that many of the bugs are due to logic errors, rather than errors in using flushes or fences; this has important applications for future work on testing PM file systems. Another key finding is that many bugs arise from attempts to improve efficiency by performing metadata updates in-place and that recovery code that deals with rebuilding in-DRAM state is a significant source of bugs. These observations have important implications for designing and testing PM file systems. Our code is available at <a class="link-external link-https" href="https://github.com/utsaslab/flytrap" rel="external noopener nofollow">this https URL</a> .

Operating Systems,Software Engineering

Qing Gao,Hansheng Zhang,Jie Wang,Yingfei Xiong,Lu Zhang,Hong Mei

DOI: https://doi.org/10.1109/ase.2015.81

2015-01-01

Abstract:Recurring bugs are common in software systems, especially in client programs that depend on the same framework. Existing research uses human-written templates, and is limited to certain types of bugs. In this paper, we propose a fully automatic approach to fixing recurring crash bugs via analyzing Q&A sites. By extracting queries from crash traces and retrieving a list of Q&A pages, we analyze the pages and generate edit scripts. Then we apply these scripts to target source code and filter out the incorrect patches. The empirical results show that our approach is accurate in fixing real-world crash bugs, and can complement existing bug-fixing approaches.

Hayley LeBlanc,Nathan Taylor,James Bornholt,Vijay Chidambaram

2024-06-14

Abstract:This work introduces a new approach to building crash-safe file systems for persistent memory. We exploit the fact that Rust's typestate pattern allows compile-time enforcement of a specific order of operations. We introduce a novel crash-consistency mechanism, Synchronous Soft Updates, that boils down crash safety to enforcing ordering among updates to file-system metadata. We employ this approach to build SquirrelFS, a new file system with crash-consistency guarantees that are checked at compile time. SquirrelFS avoids the need for separate proofs, instead incorporating correctness guarantees into the typestate itself. Compiling SquirrelFS only takes tens of seconds; successful compilation indicates crash consistency, while an error provides a starting point for fixing the bug. We evaluate SquirrelFS against state of the art file systems such as NOVA and WineFS, and find that SquirrelFS achieves similar or better performance on a wide range of benchmarks and applications.

Operating Systems

Philip Oliver,Jens Dietrich,Craig Anslow,Michael Homer

2024-05-09

Abstract:Software bugs often lead to software crashes, which cost US companies upwards of $2.08 trillion annually. Automated Crash Reproduction (ACR) aims to generate unit tests that successfully reproduce a crash. The goal of ACR is to aid developers with debugging, providing them with another tool to locate where a bug is in a program. The main approach ACR currently takes is to replicate a stack trace from an error thrown within a program. Currently, ACR has been developed for C, Java, and Python, but there are no tools targeting JavaScript programs. To aid the development of JavaScript ACR tools, we propose CrashJS: a benchmark dataset of 453 Node.js crashes from several sources. CrashJS includes a mix of real-world and synthesised tests, multiple projects, and different levels of complexity for both crashes and target programs.

Software Engineering

WANG Wen-Xiang,GAO Qing,XU Ke,ZHANG Shi-Kun

DOI: https://doi.org/10.13328/j.cnki.jos.006691

2023-01-01

Journal of Software

Abstract:Software crash is a kind of serious software flaw, which can lead to software crashes. Therefore, testing for software crashes is extremely important in the process of software iteration. In recent years, since a large number of test inputs can be automatically generated to trigger software crashes, fuzzing techniques（such as AFL） are widely used in software testing. Nevertheless, most of root causes of crashes that are generated by this technique are same. In this case, software developers have to classify the test inputs one by one, which brings a lot of redundant work. At present, there are many automated methods for testing input classification, mainly including classification algorithms based on program repair and classification algorithms based on software crash information. The former analyzes the program semantics, and re-runs the test input after replacing the repair templates in the program at runtime, and then classifies the inputs. Since this method requires the preparation of repair templates to be completed artificially, the efficiency of its classification is closely related to the quality of the repair templates. At the same time, the repair efficiency of the software has been greatly affected due to the need to repair the crash and classify the crash. Since certain advantages of the latter, this study proposes a lightweight and efficient test inputs classification algorithm, which uses software crash information. Based on the algorithm of software crash point stack information classification, this study introduces dynamic link library information in analyzing CICELY. By distinguishing system dynamic link library from user dynamic link library and combining with location information of user codes, this study gets the set of functions that are focused by programmers to define the crash based on the user function in the classification. In the end, this study also compares CICELY with some existing classification tools based on program repair and software crash information. The experimental test data sets total 19 projects, and 42 test sets. When comparing with other classification tools, Honggfuzz and CERT BFF, whose main classification algorithms are based on software crash information on the same data set, the numbers of classification results of the two are 2112.89% and 135.05% worse than that of CICELY, proving that the experimental effect of CICELY is greatly improved and has higher accuracy compared with similar algorithms. Compared with the classification algorithm "Semantic Crash Bucketing" based on program repair using the test data set provided in their article, CICELY is worse than it by 4.42%. When using the test set consisting of test inputs corresponding to multiple crashes, CICELY got 3% higher repeatability than it. However, Semantic Crash Bucketing can only classify crashes caused by two kinds of crash inputs, null pointer dereference and buffer overflow, while CICELY is not subject to such restrictions.

Ilya Yegorov,Georgy Savidov

2024-05-28

Abstract:Crash report accumulation is a necessary step during continuous fuzzing. Dynamic software analysis techniques like fuzzing and dynamic symbolic execution generate a large number of crashes for analysis. However, the time and resource constraints often lead to the postponement of fixing some less critical issues, potentially introducing new errors in future releases. Thus, there is a need to distinguish new errors from old ones. We propose a crash accumulation method and implemented it as part of the CASR toolset. We evaluated our approach on crash reports collected from fuzzing results.

Cryptography and Security,Software Engineering

Oskar Lundström,Michel Raynal,Elad Michael Schiller

DOI: https://doi.org/10.1016/j.tcs.2024.114886

IF: 1.002

2024-09-26

Theoretical Computer Science

Abstract:The multivalued consensus problem is a fundamental issue in fault-tolerant distributed computing. It encompasses a wide range of agreement problems where processes must unanimously decide on a specific value v∈V , with |V|≥2 . Existing solutions that handle process crash failures simplify the multivalued consensus problem by reducing it to the Binary consensus problem. Examples of such solutions include Mostéfaoui-Raynal-Tronel [IPL 2000] and Zhang-Chen [IPL 2009].In this work, we aim to design an even more reliable solution by leveraging the concept of self-stabilization , which provides a strong form of fault tolerance. Self-stabilizing algorithms can recover from transient faults, which represent any deviation from the system's intended behavior (as long as the algorithm code remains intact) in addition to process and communication failures.To the best of our knowledge, this work presents the first self-stabilizing algorithm for multivalued consensus in asynchronous message-passing systems susceptible to process failures and transient faults. Our solution uses, at most, n concurrent invocations of binary consensus. This is another way we advance state-of-the-art solutions compared to previous non-self-stabilizing ones. For example, Mostéfaoui-Raynal-Tronel's solution requires an unbounded number of sequential invocations of binary consensus.

computer science, theory & methods

Robert M. Hierons,Tao Xie

DOI: https://doi.org/10.1002/stvr.1734

2020-01-01

Software Testing Verification and Reliability

Abstract:This editorial was written during a period of extreme difficulty for many individuals, families, and nations in the ongoing COVID-19 outbreak. We can only hope that measures taken are successful and that the situation has improved considerably. We also do not pretend that we have anything to add regarding health, social, or economic issues. However, the crisis has shown the role that Computer Science can play in informing policy. Society requires evidence and computers are often involved in producing such evidence via, for example, simulation. It is here that we, as a community, can contribute through advances in testing, verification, and reliability in areas such as Scientific Computing and Computer Simulations and maybe also AI/data sciences for helping expedite the process of finding treatment. As a recent example discussed in social media, when commenting on pandemic simulation code used to model control measures against COVID-19, Prof. Guido Salvaneschi said in his tweet: “Ever wondered about the “impact“ of research on programming languages and software engineering? Political decisions affecting hundreds of millions are being taken based on thousands of lines of 13+ years old C code that allegedly nobody understands anymore. #COVID19 #cs” (https://twitter.com/guidosalva/status/1242049884347412482). There is already some truly excellent work for making advances in these areas and we are confident that the community will rise to the challenge. This issue contains two papers. In the first paper, Simons and Lefticaru introduce a new Model-Based Testing approach, which is based on the use of a Stream X-machine (SXM) specification. SXMs provide a state-based formalism and there is a traditional approach to testing from an SXM. This approach typically assumes that the underlying functions/operations have been implemented correctly but these functions may be integrated (into a state machine) in the wrong way. There are a number of automated test generation approaches for SXMs and the authors make two main additional contributions to this area. First, they introduce a number of novel optimisations into test generation. Second, they observe that SXM test generation algorithms return abstract test cases (sequences of functions); the paper shows how corresponding concrete test data can be generated. The approach has been implemented and evaluated on case studies, with the tool also checking that a specification satisfies certain desirable properties. (Recommended by Hyunsook Do). In the second paper, Pouria Derakhshanfar, Xavier Devroey, Gilles Perrouin, Andy Zaidman, and Arie van Deursen introduce behavioural model seeding, a new seeding approach for learning class usages from both the system source code under test and existing test cases. The learned class usages are represented in a state-machine-based behavioural model. The behavioural model is then used to guide search-based crash reproduction, which generates a test case (i.e., objects and sequences of method calls on those objects) to reproduce a crash given its stack trace. This approach is in contrast to the existing seeding strategies, which simply collect and reuse values and object states from the system source code under test and existing test cases without any abstraction. The approach has been implemented in an open-source implementation named the BOTSING toolset and evaluated on 122 crashes from six open-source applications. (Recommended by Phil McMinn).

Li Wei,Mingwei Xu

DOI: https://doi.org/10.1007/978-981-10-8890-2_27

2017-01-01

Abstract:In modern life, software plays an increasingly important role and ensuring the reliability of software is of particular importance. In space, a Single Event Upset occurs because of the strong radiation effects of cosmic rays, which can lead to errors in software. In order to guarantee the reliability of software, many software-based fault tolerance methods have been proposed. The majority of them are based on data redundancy, which duplicates all data to prevent data corruption during the software execution. But this fault tolerant approach will make the data redundant and increase memory overhead and time overhead. Duplicating critical variables only can significantly reduce the memory and performance overheads, while still guaranteeing very high reliable results in terms of fault-tolerance improvement. In this paper, we propose an analysis model, named CDM (Critical Data Model), which can compute the critical of variables in the programs and achieve the purpose of reducing redundancy for the reliable program. According to the experimental results, the model proposed in this paper can enhance the reliability of the software, reduce the time and memory cost, and improve the efficiency of the reliable program.

Weiguang Wang,Qingkai Zeng

DOI: https://doi.org/10.1109/tase.2015.14

2015-01-01

Abstract:Concolic testing is a powerful technique for vulnerability detection. Current concolic testing tools usually randomly select one well-formed concrete input to start their workflow, then employ different path selection methods to explore the execution space. However, experiments have shown that concolic testing tools have different vulnerability detection performance when starting with different well-formed concrete inputs. In this paper, we present an evaluation method to help concolic testing tools select better initial inputs. The key idea is that: if the concolic execution triggered by one candidate initial input covers more error-prone operations with different execution contexts, it is likely to detect more bugs. Specifically, we firstly identify error-prone operations using fine-grained dynamic taint analysis. Then we propose a scoring algorithm to evaluate the vulnerability detection ability of different candidate initial inputs. We implemented this method in a new tool called CrashFinderHB, and applied it to four applications in Linux: readelf, convert, cjpeg, swftool. Experimental results show that using our evaluation method to select starting points can improve the effectiveness of concolic testing. Moreover, starting with carefully selected initial inputs, we found 4 previously unknown errors in readelf and convert.

Guang Chen,Dexi Wang,Tianchi Li,Chao Zhang,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/apsec.2018.00027

2018-01-01

Abstract:Software verification has been well applied in safety critical areas and has shown the ability to provide better quality assurance for modern software. However, as lines of code and complexity of software systems increase, the scalability of verification becomes a challenge. In this paper, we present an automatic software verification framework TSV to address the scalability issues: (i) the extended structural abstraction and property-guided program slicing to solve large-scale program verification problem, saving time and memory without losing accuracy; (ii) automatically select different verification methods according to the program and property context to improve the verification efficiency. For evaluation, we compare TSV's different configurations with existing C program verifiers based on open benchmarks. We found that TSV with auto-selection performs better than with bounded model checking only or with extended structural abstraction only. Compared to existing tools such as CMBC and CPAChecker, it acquires 10%-20% improvement of accuracy and 50%-90% improvement of memory consumption.

Xiaohong Chen,Zhiwei Zhong,Zhi Jin,Min Zhang,Tong Li,Xiang Chen,Tingliang Zhou

DOI: https://doi.org/10.1109/re.2019.00040

2019-01-01

Abstract:Consistency verification of safety requirements is an important but still challenging task for safety-critical systems such as rail transit systems. That is mainly because requirements are typically written in natural language and with strong time constraints. Driven by the practical need from industry, in this paper we propose a systematic approach to specify safety requirements in a quasi-natural language and automatically verify their consistency using formal methods. Specifically, we define a domain specific language SafeNL to specify safety requirements, and then automatically transform them into formal constraints defined in the Clock Constraint Specification Language (CCSL). The transformed constraints can be automatically and efficiently verified by model checking. We conduct two practical case studies to analyze the safety requirements of an interlocking system in CASCO Signal Ltd. Results of the studies show the validity and utility of our approach can pragmatically contribute to industrial practice. We also report some lessons learned from case studies.

David A. Tomassi,Naji Dmeiri,Yichen Wang,Antara Bhowmick,Yen-Chuan Liu,Premkumar Devanbu,Bogdan Vasilescu,Cindy Rubio-González

DOI: https://doi.org/10.48550/arXiv.1903.06725

2019-07-23

Abstract:Fault-detection, localization, and repair methods are vital to software quality; but it is difficult to evaluate their generality, applicability, and current effectiveness. Large, diverse, realistic datasets of durably-reproducible faults and fixes are vital to good experimental evaluation of approaches to software quality, but they are difficult and expensive to assemble and keep current. Modern continuous-integration (CI) approaches, like Travis-CI, which are widely used, fully configurable, and executed within custom-built containers, promise a path toward much larger defect datasets. If we can identify and archive failing and subsequent passing runs, the containers will provide a substantial assurance of durable future reproducibility of build and test. Several obstacles, however, must be overcome to make this a practical reality. We describe BugSwarm, a toolset that navigates these obstacles to enable the creation of a scalable, diverse, realistic, continuously growing set of durably reproducible failing and passing versions of real-world, open-source systems. The BugSwarm toolkit has already gathered 3,091 fail-pass pairs, in Java and Python, all packaged within fully reproducible containers. Furthermore, the toolkit can be run periodically to detect fail-pass activities, thus growing the dataset continually.

Software Engineering

Yongxiang Hu,Hailiang Jin,Xuan Wang,Jiazhen Gu,Shiyu Guo,Chaoyi Chen,Xin Wang,Yangfan Zhou

DOI: https://doi.org/10.1145/3639477.3639748

2024-01-01

Abstract:In industrial practice, many bugs in commercial mobile apps manifest as self-conflicts of data presented in the GUI (Graphical User Interface). Such data inconsistency bugs can bring confusion to the users and deteriorate user experiences. They are a major target of industrial testing practice. However, due to the complication and diversity of GUI implementation and data presentation (e.g., the ways to present the data in natural language), detecting data inconsistency bugs is a very challenging task. It still largely relies on manual efforts. To reduce such human efforts, we proposed Au-toConsis, an automated data inconsistency testing tool we designed for Meituan. one of the largest E-commerce providers with over 600 million transacting users. AutoConsis can automatically analyze GUI pages via a multi-modal deep-learning model and extract target data from textual phrases leveraging LLMs (Large Language Models). With these extracted data, their inconsistencies can then be detected. We evaluate the design of AutoConsis via a set of ablation experiments. Moreover, we demonstrate the effectiveness of AutoConsis when applying it to real-world commercial mobile apps with eight representative cases.