Statically-directed dynamic automated test generation

Babić, Domagoj; Martignoni, Lorenzo; McCamant, Stephen; Song, Dawn

doi:10.1145/2001420.2001423

Cited by 90 publications

(65 citation statements)

References 54 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…requiring no program execution). We suspect that the main reason behind the scarcity of studies focusing on dynamic metrics lies in the difficulty of running multiple software versions, 1 especially since doing so involves evolving dependencies and unstable (including non-compilable) versions. For example, prior work [41] cites the manual effort and the long time needed to run different revisions as the reason for reporting dynamic measurements for only a small number of versions.…”

Section: Introductionmentioning

confidence: 99%

“…For example, the research community has invested a lot of effort in designing techniques for improving the testing of software patches, ranging from test suite prioritisation and selection algorithms [11,30,35] to program analysis techniques for test case generation and bug finding [1,2,20,21,27,28,36,40] to methods for surviving errors introduced by patches at runtime [14]. Many of these techniques depend on the existence of a manual test suite, sometimes requiring the availability of a test exercising the patch [24,37], sometimes making assumptions about the stability of program coverage or external behaviour over time [14,29], other times using it as a starting point for exploration [10,16,22,39], and often times employing it as a baseline for comparison [3,6,9,26].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Covrig: a framework for the analysis of code, test, and coverage evolution in real software

Marinescu

Hošek

Cadar

2014

Proceedings of the 2014 International Symposium on Software Testing and Analysis

View full text Add to dashboard Cite

Software repositories provide rich information about the construction and evolution of software systems. While static data that can be mined directly from version control systems has been extensively studied, dynamic metrics concerning the execution of the software have received much less attention, due to the inherent difficulty of running and monitoring a large number of software versions.In this paper, we present Covrig, a flexible infrastructure that can be used to run each version of a system in isolation and collect static and dynamic software metrics, using a lightweight virtual machine environment that can be deployed on a cluster of local or cloud machines.We use Covrig to conduct an empirical study examining how code and tests co-evolve in six popular open-source systems. We report the main characteristics of software patches, analyse the evolution of program and patch coverage, assess the impact of nondeterminism on the execution of test suites, and investigate whether the coverage of code containing bugs and bug fixes is higher than average.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Covrig: a framework for the analysis of code, test, and coverage evolution in real software

Marinescu

Hošek

Cadar

2014

Proceedings of the 2014 International Symposium on Software Testing and Analysis

View full text Add to dashboard Cite

show abstract

“…In this CFG, control flow can even reach addresses such as 1 and 2, which lie between existing instructions. 1 Moreover, the imprecision of over-approximating the jump edges propagates: through the spurious edge (6, assume (x = 22), 22), the second indirect jump can be reached, leading to a self-loop at location 22.…”

Section: Overviewmentioning

confidence: 99%

“…In recent work, Babic et al [1] construct a CFG by folding a set of concrete traces and exploring the unexecuted branches of conditional jumps. In our own framework, this corresponds to using trace replay with a trivial static analysis that only knows a single state and thus always enables both branches of conditional jumps.…”

Section: Related Workmentioning

confidence: 99%

Alternating Control Flow Reconstruction

Kinder

Kravchenko

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Unresolved indirect branch instructions are a major obstacle for statically reconstructing a control flow graph (CFG) from machine code. If static analysis cannot compute a precise set of possible targets for a branch, the necessary conservative over-approximation introduces a large amount of spurious edges, leading to even more imprecision and a degenerate CFG. In this paper, we propose to leverage under-approximation to handle this problem. We provide an abstract interpretation framework for control flow reconstruction that alternates between over-and under-approximation. Effectively, the framework imposes additional preconditions on the program on demand, allowing to avoid conservative over-approximation of indirect branches. We give an example instantiation of our framework using dynamically observed execution traces and constant propagation. We report preliminary experimental results confirming that our alternating analysis yields CFGs closer to the concrete CFG than pure over-or under-approximation.

show abstract

“…Synthesizing inputs which cover a target is an essential problem in automated test generation and debugging [1,16,27,29,30,32]. While we borrow ideas from the state of the art in these areas, and combine symbolic execution, static analysis and various heuristics, our approach differs by treating the task as an optimization problem with the goal of exploring paths that minimize the estimated distance to the target.…”

Section: Designmentioning

confidence: 99%

High-Coverage Symbolic Patch Testing

Marinescu

Cadar

2012

Model Checking Software

View full text Add to dashboard Cite

Abstract. Software patches are often poorly tested, with many of them containing faults that affect the correct operation of the software. In this paper, we propose an automatic technique based on symbolic execution, that aims to increase the quality of patches by providing developers with an automated mechanism for generating a set of comprehensive test cases covering all or most of the statements in a software patch. Our preliminary evaluation of this technique has shown promising results on several real patches from the lighttpd web server.

show abstract

Statically-directed dynamic automated test generation

Cited by 90 publications

References 54 publications

Covrig: a framework for the analysis of code, test, and coverage evolution in real software

Covrig: a framework for the analysis of code, test, and coverage evolution in real software

Alternating Control Flow Reconstruction

High-Coverage Symbolic Patch Testing

Contact Info

Product

Resources

About