research-article

Program slicing enhances a verification technique combining static and dynamic analysis

Authors:

Nikolai Kosmatov,

Alain Giorgetti,

Jacques JulliandAuthors Info & Claims

SAC '12: Proceedings of the 27th Annual ACM Symposium on Applied Computing

Pages 1284 - 1291

https://doi.org/10.1145/2245276.2231980

Published: 26 March 2012 Publication History

Abstract

Recent research proposed efficient methods for software verification combining static and dynamic analysis, where static analysis reports possible runtime errors (some of which may be false alarms) and test generation confirms or rejects them. However, test generation may time out on real-sized programs before confirming some alarms as real bugs or rejecting some others as unreachable.

To overcome this problem, we propose to reduce the source code by program slicing before test generation. This paper presents new optimized and adaptive usages of program slicing, provides underlying theoretical results and the algorithm these usages rely on. The method is implemented in a tool prototype called sante (Static ANalysis and TEsting). Our experiments show that our method with program slicing outperforms previous combinations of static and dynamic analysis. Moreover, simplifying the program makes it easier to analyze detected errors and remaining alarms.

References

[1]

R. W. Barraclough, D. Binkley, S. Danicic, M. Harman, R. M. Hierons, A. Kiss, M. Laurence, and L. Ouarbya. A trajectory-based strict semantics for program slicing. Theor. Comp. Sci., 411(11--13): 1372--1386, 2010.

Digital Library

[2]

N. E. Beckman, A. V. Nori, S. K. Rajamani, and R. J. Simmons. Proofs from tests. In ISSTA, pages 3--14. ACM, 2008.

Digital Library

[3]

D. Beyer, T. A. Henzinger, R. Jhala, and R. Majumdar. The software model checker Blast: Applications to software engineering. Int. J. Softw. Tools Technol. Transfer, 9(5--6): 505--525, 2007.

Digital Library

[4]

B. Botella, M. Delahaye, S. Hong-Tuan-Ha, N. Kosmatov, P. Mouy, M. Roger, and N. Williams. Automating structural testing of C programs: Experience with PathCrawler. In AST, pages 70--78, 2009.

[5]

C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill, and D. R. Engler. EXE: automatically generating inputs of death. In CCS, pages 322--335. ACM, 2006.

Digital Library

[6]

G. Canet, P. Cuoq, and B. Monate. A value analysis for C programs. In SCAM, pages 123--124, 2009.

Digital Library

[7]

O. Chebaro, N. Kosmatov, A. Giorgetti, and J. Julliand. Combining static analysis and test generation for C program debugging. In TAP, volume 6143 of LNCS, pages 652--666. Springer, 2010.

Digital Library

[8]

O. Chebaro, N. Kosmatov, A. Giorgetti, and J. Julliand. The SANTE tool: Value analysis, program slicing and test generation for C program debugging. In TAP, pages 78--83, 2011.

Digital Library

[9]

P. Cousot and R. Cousot. Abstract interpretation frameworks. J. Log. Comput., 2(4): 511--547, 1992.

[10]

P. Cuoq and J. Signoles. Experience report: Ocaml for an industrial-strength static analysis framework. In ICFP, pages 281--286, 2009.

Digital Library

[11]

A. Deutsch. On the complexity of escape analysis. In POPL, pages 358--371. ACM, 1997.

Digital Library

[12]

M. D. Ernst, J. H. Perkins, P. J. Guo, S. McCamant, C. Pacheco, M. S. Tschantz, and C. Xiao. The Daikon system for dynamic detection of likely invariants. Sci. Comput. Program., 69(1--3): 35--45, 2007.

Digital Library

[13]

J. Ferrante, K. J. Ottenstein, and J. D. Warren. The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst., 9: 319--349, 1987.

Digital Library

[14]

Frama-C. Framework for static analysis of C programs, 2007--2011. http://frama-c.com/.

[15]

X. Ge, K. Taneja, T. Xie, and N. Tillmann. DyTa: dynamic symbolic execution guided with static verification results. In ICSE, pages 992--994, 2011.

Digital Library

[16]

P. Godefroid, M. Y. Levin, and D. A. Molnar. Active property checking. In EMSOFT, pages 207--216, 2008.

Digital Library

[17]

S. Graf and H. Saïdi. Construction of abstract state graphs with PVS. In CAV, volume 1254 of LNCS, pages 72--83. Springer, 1997.

Digital Library

[18]

B. S. Gulavani, T. A. Henzinger, Y. Kannan, A. V. Nori, and S. K. Rajamani. SYNERGY: a new algorithm for property checking. In SIGSOFT FSE, pages 117--127. ACM, 2006.

Digital Library

[19]

N. Kosmatov. Artificial Intelligence Applications for Improved Software Engineering Development: New Prospects, chapter XI: Constraint-Based Techniques for Software Testing. IGI Global, 2010.

[20]

N. Kosmatov. Online version of the PathCrawler test generator, 2010--2011. http://pathcrawler-online.com/.

[21]

K. Ku, T. E. Hart, M. Chechik, and D. Lie. A buffer overflow benchmark for software model checkers. In ASE, pages 389--392. ACM, 2007.

Digital Library

[22]

C. Lee, M. Potkonjak, and W. H. Mangione-Smith. Mediabench: a tool for evaluating and synthesizing multimedia and communicatons systems. In MICRO, pages 330--335. IEEE Computer Society, 1997.

Digital Library

[23]

C. Pasareanu, R. Pelanek, and W. Visser. Concrete Model Checking with Abstract Matching and Refinement. In CAV, volume 3576 of LNCS, pages 52--66. Springer, 2005.

Digital Library

[24]

Polyspace. Software verification tool, 1994--2011. http://mathworks.com/products/polyspace/.

[25]

T. W. Reps and W. Yang. The semantics of program slicing. Technical report, Univ. of Wisconsin, 1988.

[26]

K. Sen, D. Marinov, and G. Agha. CUTE: a concolic unit testing engine for C. In ESEC/FSE, pages 263--272. ACM, 2005.

Digital Library

[27]

Y. Smaragdakis and C. Csallner. Combining static and dynamic reasoning for bug detection. In TAP, volume 4454 of LNCS, pages 1--16. Springer, 2007.

Digital Library

[28]

M. Weiser. Program slicing. In ICSE, pages 439--449. IEEE Computer Society, 1981.

Digital Library

[29]

N. Williams, B. Marre, P. Mouy, and M. Roger. PathCrawler: automatic generation of path tests by combining static and dynamic analysis. In EDCC, volume 3463 of LNCS, pages 281--292. Springer, 2005.

Digital Library

Cited By

Barakat RWeiß PVon Blanckenburg JKraus RSchneider M(2024)Enhancing Software Security Analysis: Targeted Test Case Generation through Constraint Solving in Interactive Application Security Testing2024 IEEE 24th International Conference on Software Quality, Reliability, and Security Companion (QRS-C)10.1109/QRS-C63300.2024.00018(57-63)Online publication date: 1-Jul-2024
https://doi.org/10.1109/QRS-C63300.2024.00018
Haltermann JJakobs MRichter CWehrheim H(2024)Parallel program analysis on path rangesScience of Computer Programming10.1016/j.scico.2024.103154238:COnline publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1016/j.scico.2024.103154
Kosmatov NPlaunov AShankar SSignoles J(2024)Combining Analyses Within Frama-CGuide to Software Verification with Frama-C10.1007/978-3-031-55608-1_9(423-455)Online publication date: 10-Jul-2024
https://doi.org/10.1007/978-3-031-55608-1_9
Show More Cited By

Recommendations

Combining static analysis and test generation for C program debugging
TAP'10: Proceedings of the 4th international conference on Tests and proofs

This paper presents our ongoing work on a tool prototype called SANTE (Static ANalysis and TEsting), implementing a combination of static analysis and structural program testing for detection of run-time errors in C programs. First, a static analysis ...
The sante tool: value analysis, program slicing and test generation for C program debugging
TAP'11: Proceedings of the 5th international conference on Tests and proofs

This short paper presents a prototype tool called SANTE (Static ANalysis and TEsting) implementing an original method combining value analysis, program slicing and structural test generation for verification of C programs. First, value analysis is ...
Combined Static and Dynamic Analysis

Static analysis is usually faster than dynamic analysis but less precise. Therefore it is often desirable to retain information from static analysis for run-time verification, or to compare the results of both techniques. However, this requires writing ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '12: Proceedings of the 27th Annual ACM Symposium on Applied Computing

March 2012

2179 pages

ISBN:9781450308571

DOI:10.1145/2245276

Conference Chairs:
Sascha Ossowski
University Rey Juan Carlos, Spain
,
Paola Lecca
The Microsoft Research - University of Trento COSBI, Italy

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 March 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SAC 2012

Sponsor:

SIGAPP

SAC 2012: ACM Symposium on Applied Computing

March 26 - 30, 2012

Trento, Italy

Acceptance Rates

SAC '12 Paper Acceptance Rate 270 of 1,056 submissions, 26%;

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

43
Total Citations
View Citations
453
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)3

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Barakat RWeiß PVon Blanckenburg JKraus RSchneider M(2024)Enhancing Software Security Analysis: Targeted Test Case Generation through Constraint Solving in Interactive Application Security Testing2024 IEEE 24th International Conference on Software Quality, Reliability, and Security Companion (QRS-C)10.1109/QRS-C63300.2024.00018(57-63)Online publication date: 1-Jul-2024
https://doi.org/10.1109/QRS-C63300.2024.00018
Haltermann JJakobs MRichter CWehrheim H(2024)Parallel program analysis on path rangesScience of Computer Programming10.1016/j.scico.2024.103154238:COnline publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1016/j.scico.2024.103154
Kosmatov NPlaunov AShankar SSignoles J(2024)Combining Analyses Within Frama-CGuide to Software Verification with Frama-C10.1007/978-3-031-55608-1_9(423-455)Online publication date: 10-Jul-2024
https://doi.org/10.1007/978-3-031-55608-1_9
Guo ZTan TLiu SLiu XLai WYang YLi YChen LDong WZhou Y(2023)Mitigating False Positive Static Analysis Warnings: Progress, Challenges, and OpportunitiesIEEE Transactions on Software Engineering10.1109/TSE.2023.332966749:12(5154-5188)Online publication date: Dec-2023
https://doi.org/10.1109/TSE.2023.3329667
Barakat RBlanckenburg JKraus RJezuita FLüdtke SSchneider M(2023)Interactive Application Security Testing with Hybrid Fuzzing and Statistical EstimatorsCyberSecurity in a DevOps Environment10.1007/978-3-031-42212-6_6(161-191)Online publication date: 23-Aug-2023
https://doi.org/10.1007/978-3-031-42212-6_6
Haltermann JJakobs MRichter CWehrheim H(2023)Parallel Program Analysis via Range SplittingFundamental Approaches to Software Engineering10.1007/978-3-031-30826-0_11(195-219)Online publication date: 22-Apr-2023
https://dl.acm.org/doi/10.1007/978-3-031-30826-0_11
Nembhard FM. Carvalho M(2022)Conversational Code Analysis: The Future of Secure CodingCoding Theory - Recent Advances, New Perspectives and Applications10.5772/intechopen.98362Online publication date: 25-May-2022
https://doi.org/10.5772/intechopen.98362
Jakobs M(2022)Reusing Predicate Precision in Value AnalysisIntegrated Formal Methods10.1007/978-3-031-07727-2_5(63-85)Online publication date: 1-Jun-2022
https://doi.org/10.1007/978-3-031-07727-2_5
Kumar NNeema SDas MMohan B(2021)Program Slicing Analysis with KLEE, DIVINE and Frama-C2021 26th International Conference on Automation and Computing (ICAC)10.23919/ICAC50006.2021.9594142(1-5)Online publication date: 2-Sep-2021
https://doi.org/10.23919/ICAC50006.2021.9594142
Kallingal Joshy AChen XSteenhoek BLe WCadar CZhang X(2021)Validating static warnings via testing code fragmentsProceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3460319.3464832(540-552)Online publication date: 11-Jul-2021
https://dl.acm.org/doi/10.1145/3460319.3464832
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten