DSD-Crasher: A hybrid analysis tool for bug finding

Christoph Csallner; Yannis Smaragdakis; Tao Xie

doi:10.1145/1348250.1348254

DSD-Crasher: A hybrid analysis tool for bug finding

Christoph Csallner, Yannis Smaragdakis, Tao Xie

Research output: Contribution to journal › Article › peer-review

Abstract

DSD-Crasher is a bug finding tool that follows a three-step approach to program analysis: D. Capture the program's intended execution behavior with dynamic invariant detection. The derived invariants exclude many unwanted values from the program's input domain. S. Statically analyze the program within the restricted input domain to explore many paths. D. Automatically generate test cases that focus on reproducing the predictions of the static analysis. Thereby confirmed results are feasible. This three-step approach yields benefits compared to past two-step combinations in the literature. In our evaluation with third-party applications, we demonstrate higher precision over tools that lack a dynamic step and higher efficiency over tools that lack a static step.

Original language	English (US)
Article number	8
Journal	ACM Transactions on Software Engineering and Methodology
Volume	17
Issue number	2
DOIs	https://doi.org/10.1145/1348250.1348254
State	Published - Apr 1 2008
Externally published	Yes

Keywords

Automatic testing
Bug finding
Dynamic analysis
Dynamic invariant detection
Extended static checking
False positives
Static analysis
Test case generation
Usability

ASJC Scopus subject areas

Software

Online availability

10.1145/1348250.1348254

Library availability

Discover UIUC Full Text

Cite this

@article{f8ca6761e1ac4642bb70379565d82ce6,

title = "DSD-Crasher: A hybrid analysis tool for bug finding",

abstract = "DSD-Crasher is a bug finding tool that follows a three-step approach to program analysis: D. Capture the program's intended execution behavior with dynamic invariant detection. The derived invariants exclude many unwanted values from the program's input domain. S. Statically analyze the program within the restricted input domain to explore many paths. D. Automatically generate test cases that focus on reproducing the predictions of the static analysis. Thereby confirmed results are feasible. This three-step approach yields benefits compared to past two-step combinations in the literature. In our evaluation with third-party applications, we demonstrate higher precision over tools that lack a dynamic step and higher efficiency over tools that lack a static step.",

keywords = "Automatic testing, Bug finding, Dynamic analysis, Dynamic invariant detection, Extended static checking, False positives, Static analysis, Test case generation, Usability",

author = "Christoph Csallner and Yannis Smaragdakis and Tao Xie",

year = "2008",

month = apr,

day = "1",

doi = "10.1145/1348250.1348254",

language = "English (US)",

volume = "17",

journal = "ACM Transactions on Software Engineering and Methodology",

issn = "1049-331X",

publisher = "Association for Computing Machinery",

number = "2",

}

TY - JOUR

T1 - DSD-Crasher

T2 - A hybrid analysis tool for bug finding

AU - Csallner, Christoph

AU - Smaragdakis, Yannis

AU - Xie, Tao

PY - 2008/4/1

Y1 - 2008/4/1

N2 - DSD-Crasher is a bug finding tool that follows a three-step approach to program analysis: D. Capture the program's intended execution behavior with dynamic invariant detection. The derived invariants exclude many unwanted values from the program's input domain. S. Statically analyze the program within the restricted input domain to explore many paths. D. Automatically generate test cases that focus on reproducing the predictions of the static analysis. Thereby confirmed results are feasible. This three-step approach yields benefits compared to past two-step combinations in the literature. In our evaluation with third-party applications, we demonstrate higher precision over tools that lack a dynamic step and higher efficiency over tools that lack a static step.

AB - DSD-Crasher is a bug finding tool that follows a three-step approach to program analysis: D. Capture the program's intended execution behavior with dynamic invariant detection. The derived invariants exclude many unwanted values from the program's input domain. S. Statically analyze the program within the restricted input domain to explore many paths. D. Automatically generate test cases that focus on reproducing the predictions of the static analysis. Thereby confirmed results are feasible. This three-step approach yields benefits compared to past two-step combinations in the literature. In our evaluation with third-party applications, we demonstrate higher precision over tools that lack a dynamic step and higher efficiency over tools that lack a static step.

KW - Automatic testing

KW - Bug finding

KW - Dynamic analysis

KW - Dynamic invariant detection

KW - Extended static checking

KW - False positives

KW - Static analysis

KW - Test case generation

KW - Usability

UR - http://www.scopus.com/inward/record.url?scp=43449101485&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=43449101485&partnerID=8YFLogxK

U2 - 10.1145/1348250.1348254

DO - 10.1145/1348250.1348254

M3 - Article

AN - SCOPUS:43449101485

SN - 1049-331X

VL - 17

JO - ACM Transactions on Software Engineering and Methodology

JF - ACM Transactions on Software Engineering and Methodology

IS - 2

M1 - 8

ER -

DSD-Crasher: A hybrid analysis tool for bug finding

Abstract

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this