Applying dynamic analysis for defect detection in Java-applications.
This paper provides an overview of program analysis techniques, and highlights details of practical implementation of static and dynamic approaches for automatic software defect detection, their pros and cons. The paper focuses on dynamic program analysis technique. The major advantage of this technique is the absence of defect reproduction problem. This approach is based on tainted data flow tracing, instrumentation and constraint set construction for automatic input generation. An overview of practical considerations for developing a dynamic analysis tool for Java applications is given. The paper describes distinctive feature of Java bytecode static instrumentation approach and related static dependencies detection problems. It provides details of path conditions generation (set of Boolean formulas), paths coverage-based iterative mechanism. Input generating problem is solved using solver for checking Boolean constraints satisfiability. Heuristics are used for exponential growth problem solving. It is complemented by a detailed description of actual prototype implementation created within the scope of this project. The prototype uses BCEL for static instrumentation and STP solver for path condition solving. Finally, the paper features an overview of practical results obtained on a number of Java applications and provides an evaluation of these results.
Proceedings of the Institute for System Programming, vol. 25, 2013, pp. 9-28.
ISSN 2220-6426 (Online), ISSN 2079-8156 (Print).
DOI: 10.15514/ISPRAS-2013-25-1Full text of the paper in pdf (in Russian) Back to the contents of the volume