Ena Tominaga
ABSTRACT
The existing methods of difference analysis cannot cope with event-driven code well, since they explore only the input space for program input like integers and strings, but do not explore the event space for all possible event sequences.
This paper proposes a novel heuristic, as well as a tool called DiverJS, for performing difference analysis that copes well with both the input space and event space. To efficiently explore huge space, DiverJS prunes redundant event sequences based on Dynamic Partial Order Reduction (DPOR). DiverJS also stochastically switches two exploration heuristics: (1) one aims to increase code coverage, using shared variable information, derived from Write-Read (WR) set and dynamic taint analysis, (2) the other aims to guide the execution to the location of code changes, using the distance between the branch to be negated and the change.
We conducted a preliminary experiment to evaluate the detection accuracy of program behavioral differences, and the efficiency of exploration by the number of paths. The result shows DiverJS outperformed the existing methods; DiverJS detected the differences with higher detection accuracy in fewer paths, which suggests our DiverJS's difference analysis is effective and efficient.
- D. A. Ramos and D. R. Engler: "Practical, Low-Effort Equivalence Verification of Real Code", Proc. 23rd Int. Conf. on Computer aided verification, pp. 669--685 (2011).Google Scholar
Digital Library
- C. Cadar, D. Dunbar and D. Engler: "KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs", Proc. 8th USENIX Conf. on Operating systems design and implementation, pp. 209--224 (2008).Google ScholarDigital Library
- C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill and D. R. Engler: "EXE: Automatically Generating Inputs of Death", Proc. 13th ACM Conf. on Computer and communications security, pp. 322--335 (2006).Google ScholarDigital Library
- P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant and D. Song: "A Symbolic Execution Framework for JavaScript", Proc. 2010 IEEE Sympo. on Security and Privacy, pp. 513--528 (2010).Google ScholarDigital Library
- G. Li, E. Andreasen and I. Ghosh: "SymJS: Automatic Symbolic Testing of JavaScript Web Applications", Proc. 22nd ACM SIGSOFT Int. Sympo. on Foundations of Software Engineering, pp. 449--459 (2014).Google ScholarDigital Library
- D. Qi, A. Roychoudhury and Z. Liang: "Test Generation to Expose Changes in Evolving Programs", Proc. of the IEEE/ACM Int. Conf. on Automated Software Engineering, pp. 397--406 (2010).Google ScholarDigital Library
- T. Kuchta, H. Palikareva and C. Cadar: "Shadow Symbolic Execution for Testing Software Patches", ACM Trans. on Software Engineering and Methodology Article No. 10 (2018).Google ScholarDigital Library
- P. Dan Marinescu and C. Cadar: "KATCH: high-coverage testing of software patches", Proc. 2013 9th Joint Meeting on Foundations of Software Engineering, pp. 235--245 (2013).Google ScholarDigital Library
- M. Bøhme, V. T. Pham, M. D. Nguyen and A. Roychoudhury: "Directed Greybox Fuzzing", Proc. 2017 ACM SIGSAC Conf. on Computer and Communications Security, pp. 2329--2344 (2017).Google ScholarDigital Library
- S. Person, G. Yang, N. Rungta and S. Khurshid: "Directed incremental symbolic execution", Proc. 32nd ACM SIGPLAN Conf. on Programming Language Design and Implementation, pp. 504--515 (2011).Google ScholarDigital Library
- J. Branchaud, S. Person and N. Rungta: "A change impact analysis to characterize evolving program behaviors", Proc. of the 2012 IEEE Int. Conf. on Software Maintenance, pp. 109--118 (2012).Google Scholar
- S. Guo, M. Kusano and C. Wang: "Conc-iSE: incremental symbolic execution of concurrent software", Proc. 31st IEEE/ACM Int. Conf. on Automated Software Engineering, pp. 531--542 (2016).Google ScholarDigital Library
- C. S. Jensen, Møller, V. Raychev, D. Dimitrov and M. Vechev: "Stateless model checking of event-driven applications", Proc. 2015 ACM SIGPLAN Int. Conf. on Object-Oriented Programming, Systems, Languages, and Applications, pp. 57--73 (2015).Google ScholarDigital Library
- J. Davis, A. Thekumparampil and D. Lee: "Node.fz: Fuzzing the Server-Side Event-Driven Architecture", Proc. Twelfth European Conf. on Computer Systems, pp. 145--160 (2017).Google ScholarDigital Library
- X. Chang, W. Dou, Y. Gao, J. Wang, J. Wei and T. Huang: "Detecting atomicity violations for event-driven Node.js applications", Proc. 41st Int. Conf. on Software Engineering, pp. 631--642 (2019).Google ScholarDigital Library
- C. Flanagan and P. Godefroid: "Dynamic partial-order reduction for model checking software", ACM SIGPLAN Notices (2005).Google ScholarDigital Library
- B. Loring, D. Mitchell and J. Kinder: "ExpoSE: practical symbolic execution of standalone JavaScript", Proc. 24th ACM SIGSOFT Int. SPIN Sympo. on Model Checking of Software, pp. 196--199 (2017).Google ScholarDigital Library
- Github: jalangi2, "https://github.com/Samsung/jalangi2".Google Scholar
- Github: Z3, "https://github.com/Z3Prover/z3".Google Scholar
- S. Holm Jensen, A. Møller and P. Thiemann: "Type Analysis for JavaScript", Proc. 16th Int. Sympo. on Static Analysis, pp. 238--255 (2009).Google Scholar
- A. Feldthaus, M. Schäfer, M. Sridharan, J. Dolby and F. Tip: "Efficient Construction of Approximate Call Graphs for JavaScript IDE Services", Proc. 2013 Int. Conf. on Software Engineering, pp. 752--761 (2013).Google ScholarDigital Library
- DiverJS: path exploration heuristic for difference analysis of event-driven code
Recommendations
The Generalized Form of Cassical Edge Detecting Masks
ICICTA '10: Proceedings of the 2010 International Conference on Intelligent Computation Technology and Automation - Volume 03Edge detecting is the most important pre-processing in image analysis, feature extraction and recognition. Gradient is a basilic measure of edge images, and we can calculate the values of magnitude and rotation of edges with it. We analyse the first-...
Discovering bug patterns in JavaScript
FSE 2016: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software EngineeringJavaScript has become the most popular language used by developers for client and server side programming. The language, however, still lacks proper support in the form of warnings about potential bugs in the code. Most bug finding tools in use today ...
GRASP with Path Relinking for Three-Index Assignment
This paper proposes and tests variants of GRASP (greedy randomized adaptive search procedure) with path relinking for the three-index assignment problem (AP3). GRASP is a multistart metaheuristic for combinatorial optimization. It usually consists of a ...
Comments