Dynamic program analysis for error detection using goal-seeking input data generation.
This paper describes the principles of program dynamic analysis for defect detection using input data generation. Presented comparison of dynamic vs static analysis od programs, overview of existing tools for dynamшc analysis such as EXE, KLEE, SAGE, Flayer, Catchconv, Java PathFinder, Java ThreadSanitizer. Techniques of program transformation allowing execution trace extraction, data flow tracing and input data generation for execution path coverage approaches are considered. We clarify in what way such an approach allows us to perform fully automatic analysis using executable or interpretable code based on iterational dynamic analysis with automatic conditional branches alternation through input data generation for target program. This paper also presents dynamic analysis tools developed at Institute for System Programming RAS---Avalanche (Valgrind-based tool) and a prototype tool for Java applications. These tools allows to find critical defects programs which lead to program crash and generate input data sets for reproducing found defects. The paper concludes with an evaluation of practical results of applying Avalanche tool to a set of open source projects as well as results of applying Java analysis tool to detect concurrency defects and describes possible directions for future research.
Proceedings of the Institute for System Programming, vol. 26, issue 1, 2014, pp. 375-394.
ISSN 2220-6426 (Online), ISSN 2079-8156 (Print).
DOI: 10.15514/ISPRAS-2014-26(1)-15Full text of the paper in pdf Back to the contents of the volume