Combining Static and Dynamic Reasoning for Bug Detection
Many static and dynamic analyses have been developed to improve program quality. Several of them are well known and widely used in practice. It is not entirely clear, however, how to put these analyses together to achieve their combined benefits. This paper reports on our experiences with building a sequence of increasingly more powerful combinations of static and dynamic analyses for bug finding in the tools JCrasher, Check ’n’ Crash, and DSD-Crasher. We contrast the power and accuracy of the tools using the same example program as input to all three.
At the same time, the paper discusses the philosophy behind all three tools. Specifically, we argue that trying to detect program errors (rather than to certify programs for correctness) is well integrated in the development process and a promising approach for both static and dynamic analyses. The emphasis on finding program errors influences many aspects of analysis tools, including the criteria used to evaluate them and the vocabulary of discourse.
KeywordsExecution Trace Generate Test Case Static Analysis Tool Execution Semantic Dynamic Reasoning
Unable to display preview. Download preview PDF.
- 1.Beck, K., Gamma, E.: Test infected: Programmers love writing tests. Java Report 3(7), 37–50 (1998)Google Scholar
- 2.Cok, D.R., Kiniry, J.R.: ESC/Java2: Uniting ESC/Java and JML: Progress and issues in building and using ESC/Java2. Technical Report NIII-R0413, Nijmegen Institute for Computing and Information Science (May 2004)Google Scholar
- 7.Detlefs, D., Nelson, G., Saxe, J.B.: Simplify: A theorem prover for program checking. Technical Report HPL-2003-148, Hewlett-Packard Systems Research Center (July 2003)Google Scholar
- 8.Engler, D., Musuvathi, M.: Static analysis versus software model checking for bug finding. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 191–210. Springer, Heidelberg (2004)Google Scholar
- 10.Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: PLDI. Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 234–245. ACM Press, New York (2002)Google Scholar
- 11.Hovemeyer, D., Pugh, W.: Finding bugs is easy. In: OOPSLA. Companion to the 19th ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications, pp. 132–136. ACM Press, New York (2004)Google Scholar
- 13.Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML: A behavioral interface specification language for Java. Technical Report TR98-06y, Department of Computer Science, Iowa State University (June 1998)Google Scholar
- 14.Lindahl, T., Sagonas, K.: Practical type inference based on success typings. In: PPDP. Proc. 8th ACM SIGPLAN Symposium on Principles and Practice of Declarative Programming, pp. 167–178. ACM Press, New York (2006)Google Scholar
- 17.Nimmer, J.W., Ernst, M.D.: Invariant inference for static checking: An empirical evaluation. In: FSE 2002. Proc. 10th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, pp. 11–20. ACM Press, New York (2002)Google Scholar
- 18.Parasoft Inc.: Jtest (October 2002) (accessed March 2007), http://www.parasoft.com/
- 19.Rutar, N., Almazan, C.B., Foster, J.S.: A comparison of bug finding tools for Java. In: ISSRE. Proc. 15th International Symposium on Software Reliability Engineering, pp. 245–256. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
- 20.Xie, T., Notkin, D.: Tool-assisted unit test selection based on operational violations. In: ASE. Proc. 18th IEEE International Conference on Automated Software Engineering, pp. 40–48. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar