Combining Static and Dynamic Reasoning for Bug Detection

  • Yannis Smaragdakis
  • Christoph Csallner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4454)


Many static and dynamic analyses have been developed to improve program quality. Several of them are well known and widely used in practice. It is not entirely clear, however, how to put these analyses together to achieve their combined benefits. This paper reports on our experiences with building a sequence of increasingly more powerful combinations of static and dynamic analyses for bug finding in the tools JCrasher, Check ’n’ Crash, and DSD-Crasher. We contrast the power and accuracy of the tools using the same example program as input to all three.

At the same time, the paper discusses the philosophy behind all three tools. Specifically, we argue that trying to detect program errors (rather than to certify programs for correctness) is well integrated in the development process and a promising approach for both static and dynamic analyses. The emphasis on finding program errors influences many aspects of analysis tools, including the criteria used to evaluate them and the vocabulary of discourse.


Execution Trace Generate Test Case Static Analysis Tool Execution Semantic Dynamic Reasoning 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Beck, K., Gamma, E.: Test infected: Programmers love writing tests. Java Report 3(7), 37–50 (1998)Google Scholar
  2. 2.
    Cok, D.R., Kiniry, J.R.: ESC/Java2: Uniting ESC/Java and JML: Progress and issues in building and using ESC/Java2. Technical Report NIII-R0413, Nijmegen Institute for Computing and Information Science (May 2004)Google Scholar
  3. 3.
    Csallner, C., Smaragdakis, Y.: JCrasher: An automatic robustness tester for Java. Software—Practice & Experience 34(11), 1025–1050 (2004)CrossRefGoogle Scholar
  4. 4.
    Csallner, C., Smaragdakis, Y.: Check ’n’ Crash: Combining static checking and testing. In: ICSE 2005, pp. 422–431. ACM, New York (2005)CrossRefGoogle Scholar
  5. 5.
    Csallner, C., Smaragdakis, Y.: DSD-Crasher: A hybrid analysis tool for bug finding. In: ISSTA. Proc. ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 245–254. ACM Press, New York (2006)CrossRefGoogle Scholar
  6. 6.
    Csallner, C., Smaragdakis, Y.: Dynamically discovering likely interface invariants. In: ICSE. Proc. 28th International Conference on Software Engineering, Emerging Results Track, pp. 861–864. ACM Press, New York (2006)CrossRefGoogle Scholar
  7. 7.
    Detlefs, D., Nelson, G., Saxe, J.B.: Simplify: A theorem prover for program checking. Technical Report HPL-2003-148, Hewlett-Packard Systems Research Center (July 2003)Google Scholar
  8. 8.
    Engler, D., Musuvathi, M.: Static analysis versus software model checking for bug finding. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 191–210. Springer, Heidelberg (2004)Google Scholar
  9. 9.
    Ernst, M.D., Cockrell, J., Griswold, W.G., Notkin, D.: Dynamically discovering likely program invariants to support program evolution. IEEE Transactions on Software Engineering 27(2), 99–123 (2001)CrossRefGoogle Scholar
  10. 10.
    Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: PLDI. Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 234–245. ACM Press, New York (2002)Google Scholar
  11. 11.
    Hovemeyer, D., Pugh, W.: Finding bugs is easy. In: OOPSLA. Companion to the 19th ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications, pp. 132–136. ACM Press, New York (2004)Google Scholar
  12. 12.
    Jackson, D., Rinard, M.: Software analysis: A roadmap. In: Proc. Conference on The Future of Software Engineering, pp. 133–145. ACM Press, New York (2000)CrossRefGoogle Scholar
  13. 13.
    Leavens, G.T., Baker, A.L., Ruby, C.: Preliminary design of JML: A behavioral interface specification language for Java. Technical Report TR98-06y, Department of Computer Science, Iowa State University (June 1998)Google Scholar
  14. 14.
    Lindahl, T., Sagonas, K.: Practical type inference based on success typings. In: PPDP. Proc. 8th ACM SIGPLAN Symposium on Principles and Practice of Declarative Programming, pp. 167–178. ACM Press, New York (2006)Google Scholar
  15. 15.
    Meyer, B.: Object-Oriented Software Construction, 2nd edn. Prentice Hall PTR, Englewood Cliffs (1997)zbMATHGoogle Scholar
  16. 16.
    Meyer, B., Ciupa, I., Leitner, A., Liu, L.: Automatic testing of object-oriented software. In: van Leeuwen, J., Italiano, G.F., van der Hoek, W., Meinel, C., Sack, H., Plášil, F. (eds.) SOFSEM 2007. LNCS, vol. 4362, Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    Nimmer, J.W., Ernst, M.D.: Invariant inference for static checking: An empirical evaluation. In: FSE 2002. Proc. 10th ACM SIGSOFT International Symposium on the Foundations of Software Engineering, pp. 11–20. ACM Press, New York (2002)Google Scholar
  18. 18.
    Parasoft Inc.: Jtest (October 2002) (accessed March 2007),
  19. 19.
    Rutar, N., Almazan, C.B., Foster, J.S.: A comparison of bug finding tools for Java. In: ISSRE. Proc. 15th International Symposium on Software Reliability Engineering, pp. 245–256. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  20. 20.
    Xie, T., Notkin, D.: Tool-assisted unit test selection based on operational violations. In: ASE. Proc. 18th IEEE International Conference on Automated Software Engineering, pp. 40–48. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Yannis Smaragdakis
    • 1
  • Christoph Csallner
    • 2
  1. 1.Department of Computer Science, University of Oregon, Eugene, OR 97403-1202USA
  2. 2.College of Computing, Georgia Institute of Technology, Atlanta, GA 30332USA

Personalised recommendations