Path-based fault correlations

Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering

Volumn , Issue , 2010, Pages 307-316

  Le, Wei ^a   Soffa, Mary Lou ^a  

^a University of Virginia   (United States)

Author keywords

demand driven; error state; fault correlation; path sensitive

Indexed keywords

AUTOMATIC TOOLS; CAUSAL RELATIONSHIPS; CORRELATION ALGORITHM; DEMAND-DRIVEN; DYNAMIC BEHAVIORS; ERROR STATE; FAULT CORRELATION; INTER-PROCEDURAL; MULTIPLE FAULTS; PATH-BASED; PATH-SENSITIVE; PRIORITIZATION; ROOT CAUSE; SCALABLE ALGORITHMS;

ALGORITHMS; SOFTWARE ENGINEERING;

CORRELATION METHODS;

EID: 78751503884     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1882291.1882336     Document Type: Conference Paper

References (33)

1. Personal communication with Mingdong Shang, Code Reviewer at Microsoft, 2006.
2. T. Ball, M. Naik, and S. K. Rajamani. From symptom to cause: localizing errors in counterexample traces. In Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, 2003.
3. R. Bodik, R. Gupta, and M. L. Soffa. Refining data flow information using infeasible paths. In Proceedings of the ACM SIGSOFT International Symposium on Foundations of Software Engineering, 1997.
4. D. Brumley, T. Chiueh, R. Johnson, H. Lin, and D. Song. RICH: Automatically protecting against integer-based vulnerabilities. In Symposium on Network and Distributed Systems Security, 2007.
5. W. R. Bush, J. D. Pincus, and D. J. Sielaff. A static analyzer for finding dynamic programming errors. Software Practice and Experience, 2000.
6. S. Chen, Z. Kalbarczyk, J. Xu, and R. K. Iyer. A data-driven finite state machine model for analyzing security vulnerabilities. In International Conference on Dependable Systems and Networks, 2003.
7. J. Clause and A. Orso. Penumbra: automatically identifying failure-relevant inputs using dynamic tainting. In Proceedings of the eighteenth international symposium on software testing and analysis, 2009.
8. CVE. http://cve.mitre.org/.
9. M. Das, S. Lerner, and M. Seigle. ESP: path-sensitive program verification in polynomial time. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, 2002.
10. E. Duesterwald, R. Gupta, and M. L. Soffa. A practical framework for demand-driven interprocedural data flow analysis. ACM Transactions on Programming Languages and Systems, 1997.
11. D. Evans. Static detection of dynamic memory errors. In Proceedings of the ACM SIGPLAN 1996 Conference on Programming Language Design and Implementation, 1996.
12. FindBugs. http://findbugs.sourceforge.net/.
13. A. K. Ghosh, T. O'Connor, and G. Mcgraw. An automated approach for identifying potential vulnerabilities in software. In 1998 IEEE Symposium on Security and Privacy, 1998.
14. T. Goradia. Dynamic impact analysis: a cost-effective technique to enforce error-propagation. SIGSOFT Software Engineering Notes, 1993.
15. B. Hackett, M. Das, D. Wang, and Z. Yang. Modular checking for buffer overflows in the large. In Proceeding of the 28th International Conference on Software Engineering, 2006.
16. Y. Hamadi. Disolver: A Distributed Constraint Solver. Technical Report MSR-TR-2003-91, Microsoft.
17. L. Hatton. Testing the value of checklists in code inspections. IEEE Software, 2008.
18. S. Heckman and L. Williams. A model building process for identifying actionable static analysis alerts. In Proceedings of the 2009 International Conference on Software Testing Verification and Validation, 2009.
19. D. Jeffrey, N. Gupta, and R. Gupta. Fault localization using value replacement. In Proceedings of the 2008 international symposium on Software testing and analysis, 2008.
20. T. Kremenek, K. Ashcraft, J. Yang, and D. Engler. Correlation exploitation in error ranking. SIGSOFT Software Engineering Notes, 2004.
21. T. Kremenek and D. Engler. Z-ranking: Using statistical analysis to counter the impact of static analysis approximations. In Proceedings of the 10th International Static Analysis Symposium, 2002.
22. W. Le and M. L. Soffa. Marple: a demand-driven path-sensitive buffer overflow detector. In Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering, 2008.
23. W. Le and M. L. Soffa. General, scalable path-sensitive fault detection. Technical Report CS-2010-11 by Computer Science Department, University of Virginia, 2010.
24. S. Lu, Z. Li, F. Qin, L. Tan, P. Zhou, and Y. Zhou. Bugbench: Benchmarks for evaluating bug detection tools. In Proceedings of Workshop on the Evaluation of Software Defect Detection Tools, 2005.
25. F. Mueller and D. B. Whalley. Avoiding conditional branches by code replication. In Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation, 1995.
26. Phoenix. http://research.microsoft.com/phoenix/.
27. J. R. Ruthruff, J. Penix, J. D. Morgenthaler, S. Elbaum, and G. Rothermel. Predicting accurate and actionable static analysis warnings: an experimental approach. In Proceedings of the 30th international conference on Software engineering, 2008.
28. B. Schwarz, H. Chen, D. Wagner, J. Lin, W. Tu, G. Morrison, and J. West. Model checking an entire linux distribution for security violations. In Proceedings of the 21st Annual Computer Security Applications Conference, 2005.
29. G. Snelting. Combining slicing and constraint solving for validation of measurement software. In Proceedings of the Third International Symposium on Static Analysis, 1996.
30. K. Wu and Y. Malaiya. The effect of correlated faults on software reliability. In Proceedings of Software Reliability Engineering, 4th International Symposium on, 1993.
31. A. Zeller. Yesterday, my program worked. today, it does not. why? SIGSOFT Software Engineering Notes, 1999.
32. Z. Zhang, W. K. Chan, T. H. Tse, B. Jiang, and X. Wang. Capturing propagation of infected program states. In Proceedings of the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium, 2009.
33. M. Zitser, R. Lippmann, and T. Leek. Testing static analysis tools using exploitable buffer overflows from open source code. In Proceedings of the 12th International Symposium on Foundations of Software Engineering, 2004.