Blogs (1) >>
ASE 2019
Sun 10 - Fri 15 November 2019 San Diego, California, United States
ASE 2019 (series) / Research Papers /

Detecting Error-Handling Bugs without Error Specification Input

Zhouyang Jia, Shanshan Li, Tingting Yu, Xiangke Liao, Ji Wang, Xiaodong Liu, Yunhuai Liu
ASE 2019 Research Papers
Tue 12 Nov 2019 14:20 - 14:40 at Cortez 1 - Testing and Verification Chair(s): Weihang Wang

Most software systems frequently encounter errors when interacting with their environments. When errors occur, error-handling code must execute flawlessly to facilitate system recovery. Implementing correct error handling is repetitive but non-trivial, and developers often inadvertently introduce bugs into error-handling code. Existing tools require correct error specifications to detect error-handling bugs. Manually generating error specifications is error-prone and tedious, while automatically mining error specifications is hard to achieve a satisfying accuracy. In this paper, we propose EH-Miner, a novel and practical tool that can automatically detect error-handling bugs without the need for error specifications. Given a function, EH-Miner mines its error-handling rules when the function is frequently checked by an equivalent condition, and handled by the same action. We applied EH-Miner to 117 mature applications across 15 software domains. EH-Miner mined error-handling rules with the precision rate of 91.1% and the recall rate of 46.9%. We reported 142 bugs to developers, and 106 bugs had been confirmed and fixed at the time of writing. We further applied EH-Miner to Linux kernel, and reported 68 bugs for kernel-4.17, of which 42 had been confirmed.

small-avatar
Zhouyang Jia
National University of Defense Technology
small-avatar
Shanshan Li
National University of Defense Technology
Tingting Yu
Tingting Yu
University of Kentucky
United States
small-avatar
Xiangke Liao
National University of Defense Technology, China
small-avatar
Ji Wang
National University of Defense Technology
small-avatar
Xiaodong Liu
National University of Defense Technology
small-avatar
Yunhuai Liu
Peking University

Tue 12 Nov

ase-2019-paper-presentations
13:40 - 15:20: Papers - Testing and Verification at Cortez 1
Chair(s): Weihang WangUniversity at Buffalo, SUNY
ase-2019-papers13:40 - 14:00
Talk		Systematically Covering Input Structure
Nikolas HavrikovCISPA Helmholtz Center for Information Security, Andreas ZellerCISPA Helmholtz Center for Information Security
Pre-print
ase-2019-papers14:00 - 14:20
Talk		SEGATE: Unveiling Semantic Inconsistencies between Code and Specification of String Inputs
Devika SondhiIIIT Delhi, Rahul PurandareIIIT-Delhi
Pre-print
ase-2019-papers14:20 - 14:40
Talk		Detecting Error-Handling Bugs without Error Specification Input
Zhouyang JiaNational University of Defense Technology, Shanshan LiNational University of Defense Technology, Tingting YuUniversity of Kentucky, Xiangke LiaoNational University of Defense Technology, China, Ji WangNational University of Defense Technology, Xiaodong LiuNational University of Defense Technology, Yunhuai LiuPeking University
ase-2019-Industry-Showcase14:40 - 15:00
Talk		Test Automation and its Limitations
Ahyoung SungSamsung Electronics, Yangsu KimSamsung Electronics, Sangjun KimSamsung Electronics, Jongin KimSamsung Electronics, Neo JangSamsung Electronics
ase-2019-papers15:00 - 15:10
Talk		Grading-Based Test Suite Augmentation
Jonathan Osei-OwusuUniversity of Illinois at Urbana-Champaign, Angello AstorgaUniversity of Illinois at Urbana-Champaign, Liia ButlerUniversity of Illinois at Urbana-Champaign, Tao XiePeking University, Geoffrey ChallenUniversity of Illinois at Urbana-Champaign
ase-2019-Demonstrations15:10 - 15:20
Demonstration		MutAPK: Source-Codeless Mutant Generation for Android Apps
Camilo Escobar-VelásquezUniversidad de los Andes, Michael Osorio-RiañoUniversidad de los Andes, Mario Linares-VásquezSystems and Computing Engineering Department , Universidad de los Andes , Bogotá, Colombia

Systematically Covering Input Structure Research Papers

Session: Testing and Verification Chair(s): Weihang WangUniversity at Buffalo, SUNY

Grammar-based testing uses a given grammar to produce syntactically valid inputs. To cover program features, it is necessary to also cover input features—say, all URL variants for a URL parser. Our k-path algorithm for grammar production systematically covers syntactic elements as well as their combinations. In our evaluation, we show that this results in a significantly higher code coverage than state of the art.

Nikolas Havrikov
Nikolas Havrikov
CISPA Helmholtz Center for Information Security
Germany
Andreas Zeller
Andreas Zeller
CISPA Helmholtz Center for Information Security
Germany
All Details Close

SEGATE: Unveiling Semantic Inconsistencies between Code and Specification of String Inputs Research Papers

Session: Testing and Verification Chair(s): Weihang WangUniversity at Buffalo, SUNY

Automated testing techniques are often assessed on coverage based metrics. However, despite giving good coverage, the test cases may miss the gap between functional specification and the code implementation. This gap may be subtle in nature, arising due to the absence of logical checks, either in the implementation or in the specification, resulting in inconsistencies in the input definition. The inconsistencies may be prevalent especially for structured inputs, commonly specified using string-based data types. Our study on defects reported over popular libraries reveals that such gaps may not be limited to input validation checks. We propose a test generation technique for structured string inputs where we infer inconsistencies in input definition to expose semantic gaps in the method under test and the method specification. We assess this technique using our tool SEGATE, Semantic Gap Tester. SEGATE uses static analysis and automaton modeling to infer the gap and generate test cases. On our benchmark dataset, comprising of defects reported in 15 popular open-source libraries, written in Java, SEGATE was able to generate tests to expose 80% of the defects.

Devika Sondhi
Devika Sondhi
IIIT Delhi
Rahul Purandare
Rahul Purandare
IIIT-Delhi
India
All Details Close

Detecting Error-Handling Bugs without Error Specification Input Research Papers

Session: Testing and Verification Chair(s): Weihang WangUniversity at Buffalo, SUNY

Most software systems frequently encounter errors when interacting with their environments. When errors occur, error-handling code must execute flawlessly to facilitate system recovery. Implementing correct error handling is repetitive but non-trivial, and developers often inadvertently introduce bugs into error-handling code. Existing tools require correct error specifications to detect error-handling bugs. Manually generating error specifications is error-prone and tedious, while automatically mining error specifications is hard to achieve a satisfying accuracy. In this paper, we propose EH-Miner, a novel and practical tool that can automatically detect error-handling bugs without the need for error specifications. Given a function, EH-Miner mines its error-handling rules when the function is frequently checked by an equivalent condition, and handled by the same action. We applied EH-Miner to 117 mature applications across 15 software domains. EH-Miner mined error-handling rules with the precision rate of 91.1% and the recall rate of 46.9%. We reported 142 bugs to developers, and 106 bugs had been confirmed and fixed at the time of writing. We further applied EH-Miner to Linux kernel, and reported 68 bugs for kernel-4.17, of which 42 had been confirmed.

small-avatar
Zhouyang Jia
National University of Defense Technology
small-avatar
Shanshan Li
National University of Defense Technology
Tingting Yu
Tingting Yu
University of Kentucky
United States
small-avatar
Xiangke Liao
National University of Defense Technology, China
small-avatar
Ji Wang
National University of Defense Technology
small-avatar
Xiaodong Liu
National University of Defense Technology
small-avatar
Yunhuai Liu
Peking University
All Details Close

Test Automation and its Limitations Industry Showcase

Session: Testing and Verification Chair(s): Weihang WangUniversity at Buffalo, SUNY

Modern embedded systems are increasingly complex and contain multiple software layers from BSP (Board Support Packages) to OS to middleware to AI (Artificial Intelligence) algorithms like perception and voice recognition. Integrations of inter-layer and intra-layer in embedded systems provide dedicated services such as taking a picture or movie-streaming. Accordingly, it gets more complicated to find out the root cause of a system failure. This industrial proposal describes a difficulty of testing embedded systems, and presents a case study in terms of integration testing.

small-avatar
Ahyoung Sung
Samsung Electronics
small-avatar
Yangsu Kim
Samsung Electronics
small-avatar
Sangjun Kim
Samsung Electronics
small-avatar
Jongin Kim
Samsung Electronics
small-avatar
Neo Jang
Samsung Electronics
All Details Close

Grading-Based Test Suite Augmentation Research Papers

Session: Testing and Verification Chair(s): Weihang WangUniversity at Buffalo, SUNY

As Introductory Programming classes continue to grow, it becomes ever more important to ensure that automatic grading is both efficient yet still maintains high accuracy. Specifically, the use of automated testing for this type of grading has become standard, but it is not without fault. Instructor test suites can often misclassify correct student submissions as incorrect or vice versa. To address this discrepancy, we propose a novel approach which adapts the technique of Test Suite Augmentation to an educational setting in order to improve instructor test suite quality. Our approach first partitions student programs into clusters based on Behavioral Equivalence. We then use these clusters to better guide the Pex test-generator in generating a minimal set of tests which can augment an instructor’s suite and improve grading accuracy. We evaluated our approach on an extensive set of student submissions from a CS1 course and were able to find flaws in existing instructor test suites, and then augment these suites to substantially improve their quality.

small-avatar
Jonathan Osei-Owusu
University of Illinois at Urbana-Champaign
Angello Astorga
Angello Astorga
University of Illinois at Urbana-Champaign
small-avatar
Liia Butler
University of Illinois at Urbana-Champaign
Tao Xie
Tao Xie
Peking University
China
small-avatar
Geoffrey Challen
University of Illinois at Urbana-Champaign
All Details Close

MutAPK: Source-Codeless Mutant Generation for Android Apps Demonstrations

Session: Poster Session: Tool Demonstrations 3, Testing and Verification Chair(s): Weihang WangUniversity at Buffalo, SUNY

The amount of android applications is having a tremendous increasing trend, exerting pressure over practitioners and researchers around application quality, frequent releases, and quick fixing of bugs. This pressure leads practitioners to make use of automated approaches. However, most of those use source-code as input. Nevertheless, third-party services are not able to use this approaches due to privacy factors. In this paper we present MutAPK, an open source mutation testing tool that enables the usage of APKs as input for this task. MutAPK generates mutants without the need of having access to source code, because the mutations are done in an intermediate representation of the code (i.e., SMALI) that does not require compilation. MutAPK is publicly available at GitHub https://bit.ly/2KYvgP9 VIDEO: https://bit.ly/2WOjiyy

Camilo Escobar-Velásquez
Camilo Escobar-Velásquez
Universidad de los Andes
Colombia
small-avatar
Michael Osorio-Riaño
Universidad de los Andes
Mario Linares-Vásquez
Mario Linares-Vásquez
Systems and Computing Engineering Department , Universidad de los Andes , Bogotá, Colombia
Colombia
All Details Close