Talk at the 30th CREST Open Workshop on Search Based Software Testing (SBST) and Dynamic Symbolic Execution (DSE) -- http://crest.cs.ucl.ac.uk/cow/30/
University College London, January 2014
Video available at http://youtu.be/i4T2g-mdJ-U
A recent survey conducted among developers of the Apache, Eclipse, and Mozilla projects showed that the ability to recreate field failures is considered of fundamental importance when investigating bug reports. Unfortunately, the information typically contained in a bug report, such as memory dumps or call stacks, is usually insufficient for recreating the problem. Even more advanced approaches for gathering field data and help in-house debugging tend to collect either too little information, and be ineffective, or too much information, and be inefficient. This talk presents two techniques that address these issues: BugRedux and SBFR. Both techniques aim to provide support for in-house debugging of field failures by synthesizing, using execution data collected in the field, executions that mimic the observed field failures. BugRedux relies on symbolic execution, whereas SBFR leverages dynamic programming. The talk discusses the two techniques' complementary strengths and weaknesses.
CRAXweb: Automatic web application testing and attack generationShih-Kun Huang
This paper proposes to test web applications and
generate the feasible exploits directly and automatically, including cross-site scripting and SQL injection attacks. Our target is to generate the attack string and reproduce the results, emulating the manual attack behavior. In contrast with other traditional detection and prevention methods, we can certainly determine the presence of vulnerabilities and prove the feasibility of attacks. This automatic generation process is mainly based on a dynamic software testing method-symbolic execution by
S2E. We have applied this automatic process to several known vulnerabilities on large-scale open source web applications, and generated the attack strings successfully. Our method is web platform independent, covering PHP, JSP, Rails, and Django.
Symbolic Reasoning and Concrete Execution - Andrii Vozniuk Andrii Vozniuk
My presentation for the Advanced Topics in Software Systems course at EPFL by George Candea
It is based on the following two papers:
1) Higher Order Test Generation, P. Godefroid, PLDI 2011
2) Symbolic Execution with Mixed Concrete-Symbolic Solving, C. Păsăreanu, N. Rungta, W. Visser, ISSTA 2011
These slides contain an introduction to Symbolic execution and an introduction to KLEE.
I made this for a small demo/intro for my research group's meeting.
CRAXweb: Automatic web application testing and attack generationShih-Kun Huang
This paper proposes to test web applications and
generate the feasible exploits directly and automatically, including cross-site scripting and SQL injection attacks. Our target is to generate the attack string and reproduce the results, emulating the manual attack behavior. In contrast with other traditional detection and prevention methods, we can certainly determine the presence of vulnerabilities and prove the feasibility of attacks. This automatic generation process is mainly based on a dynamic software testing method-symbolic execution by
S2E. We have applied this automatic process to several known vulnerabilities on large-scale open source web applications, and generated the attack strings successfully. Our method is web platform independent, covering PHP, JSP, Rails, and Django.
Symbolic Reasoning and Concrete Execution - Andrii Vozniuk Andrii Vozniuk
My presentation for the Advanced Topics in Software Systems course at EPFL by George Candea
It is based on the following two papers:
1) Higher Order Test Generation, P. Godefroid, PLDI 2011
2) Symbolic Execution with Mixed Concrete-Symbolic Solving, C. Păsăreanu, N. Rungta, W. Visser, ISSTA 2011
These slides contain an introduction to Symbolic execution and an introduction to KLEE.
I made this for a small demo/intro for my research group's meeting.
NASA's Apollo Space team developed the first Calculus-level language, Slang, to solve complex math equations with minimum effort and time. Slang was renamed Prose and was introduced to the industrial world in 1974. Today, a (free) Windows version is available for the FortranCalculus language/compiler.
Jogging While Driving, and Other Software Engineering Research Problems (invi...David Rosenblum
invited talk presented for the Distinguished Lecturer Series of the Department of Computer Science at the University of Illinois at Chicago, 10 April 2014
Test First Refresh Second: Test-Driven Development in GrailsTim Berglund
Grails provides solid support for unit testing of parts of your application that are usually very difficult to test. Learn how to enable test-first development practices using the Grails framework.
In the ‘old’ days, when a circuit seemed to have a problem, one could look at each circuit to see if they could detect a bad circuit. Today, finding a bad chip is hard to due. Seeing a chip’s circuit may not be possible, how then can one determine a bad chip?
For example, in the 1970s, Memorex Corp. was designing their first “Thin Film Head” (TFH) and using micro chip components. It was soon realized that something was wrong with a small percent of its disc drives being made with these chips. But, how to detect or find the bad drives was not known. Destructive testing seemed like the only choice. Years went bye. No solution!
Tips And Tricks For Bioinformatics Software Engineeringjtdudley
This is a talk I've given twice at Stanford recently. It's essentially a brain dump of my thoughts on being a Bioinformatician with lots of links to useful tools.
Bidirectional Programming for Self-adaptive SoftwareLionel Montrieux
Talk given at the 2015 Shonan meeting on Engineering Adaptive Software Systems (EASSY), 6-10 Sept. 2015. I present new ideas on how bidirectional programs can be used to efficiently and reliably implement self-adaptive software systems.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
NASA's Apollo Space team developed the first Calculus-level language, Slang, to solve complex math equations with minimum effort and time. Slang was renamed Prose and was introduced to the industrial world in 1974. Today, a (free) Windows version is available for the FortranCalculus language/compiler.
Jogging While Driving, and Other Software Engineering Research Problems (invi...David Rosenblum
invited talk presented for the Distinguished Lecturer Series of the Department of Computer Science at the University of Illinois at Chicago, 10 April 2014
Test First Refresh Second: Test-Driven Development in GrailsTim Berglund
Grails provides solid support for unit testing of parts of your application that are usually very difficult to test. Learn how to enable test-first development practices using the Grails framework.
In the ‘old’ days, when a circuit seemed to have a problem, one could look at each circuit to see if they could detect a bad circuit. Today, finding a bad chip is hard to due. Seeing a chip’s circuit may not be possible, how then can one determine a bad chip?
For example, in the 1970s, Memorex Corp. was designing their first “Thin Film Head” (TFH) and using micro chip components. It was soon realized that something was wrong with a small percent of its disc drives being made with these chips. But, how to detect or find the bad drives was not known. Destructive testing seemed like the only choice. Years went bye. No solution!
Tips And Tricks For Bioinformatics Software Engineeringjtdudley
This is a talk I've given twice at Stanford recently. It's essentially a brain dump of my thoughts on being a Bioinformatician with lots of links to useful tools.
Bidirectional Programming for Self-adaptive SoftwareLionel Montrieux
Talk given at the 2015 Shonan meeting on Engineering Adaptive Software Systems (EASSY), 6-10 Sept. 2015. I present new ideas on how bidirectional programs can be used to efficiently and reliably implement self-adaptive software systems.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
Field Failure Reproduction Using Symbolic Execution and Genetic Programming
1. FIELD FAILURE REPRODUCTION
USING SYMBOLIC EXECUTION AND
GENETIC PROGRAMMING
Alessandro (Alex) Orso
School of Computer Science – College of Computing
Georgia Institute of Technology
Partially supported by: NSF, IBM, and MSR
2. DSE
SBST
FIELD FAILURE REPRODUCTION
USING SYMBOLIC EXECUTION AND
GENETIC PROGRAMMING
Alessandro (Alex) Orso
School of Computer Science – College of Computing
Georgia Institute of Technology
Partially supported by: NSF, IBM, and MSR
3. DSE
SBST
FIELD FAILURE REPRODUCTION
USING SYMBOLIC EXECUTION AND
GENETIC PROGRAMMING
Alessandro (Alex) Orso
School of Computer Science – College of Computing
Georgia Institute of Technology
Partially supported by: NSF, IBM, and MSR
4. DSE
SBST
FIELD FAILURE REPRODUCTION
USING SYMBOLIC EXECUTION AND
GENETIC PROGRAMMING
es are
failur
Field
Alessandro (Alex)ble!
oida Orso
unav
School of Computer Science – College of Computing
Georgia Institute of Technology
Partially supported by: NSF, IBM, and MSR
5. DSE
SBST
FIELD FAILURE REPRODUCTION
USING SYMBOLIC EXECUTION AND
GENETIC PROGRAMMING
es are
failur
Field
Alessandro (Alex)ble!
oida Orso
unav
School of Computer Science – College of Computing
Georgia Institute of Technology
Partially supported by: NSF, IBM, and MSR
7. TYPICAL DEBUGGING PROCESS
Recent survey of
Apache, Eclipse, and Mozilla developers:
Information on how to reproduce field failures is the most
valuable, and difficult to obtain, piece of information for
investigating such failures.
[Zimmermann10]
Bug Repository
Very hard to
(1) reproduce
(2) debug
8. TYPICAL DEBUGGING PROCESS
Recent survey of
Apache, Eclipse, and Mozilla developers:
Information on how to reproduce field failures is the most
valuable, and difficult to obtain, piece of information for
investigating such failures.
[Zimmermann10]
Bug Repository
OVERARCHING GOAL: help developers
(1) investigate field failures,
(2) understand their causes, and
(3) eliminate such causes.
Very hard to
(1) reproduce
(2) debug
9. OUR WORK SO FAR
Recording and replaying executions
[icsm 2007, icse 2007]
✘
Input minimization
[woda 2006, icse 2007]
Input anonymization
[icse 2011]
Mimicking field failures
[icse 2012, icst 2014]
Explaining field failures
[issta 2013, TR]
10. MIMICKING FIELD FAILURES
User run (R)
Mimicked run (R’)
•F’ is analogous to F
•R’ is an actual execution
in the field
F
F’
in house
14. ith Wei
Joint wor k w
Jin
BUGREDUX
Crash report
(execution data)
Synthesized
Executions
15. ith Wei
Joint wor k w
Test Input
Jin
BUGREDUX
Crash report
(execution data)
16. ith Wei
Joint wor k w
Jin
BUGREDUX
Candidate
input
Oracle
Test Input
•
Crash report
(execution data)
Execution data
•
•
•
•
•
Input
generator
Point of failure (POF)
Failure call stack
Call sequence
Complete trace
Input generation technique
•
Guided symbolic execution
17. ALGORITHM (SIMPLIFIED)
Input
icfg for P
goals (list of code locations)
Output
If (candidate input)
Main algorithm
init; currGoal = first(goals)
repeat
currState = SelNextState()
if (!currState) backtrack or fail
if (currState.cl == currGoal)
if (currGoal == last(goals))
return solve(currState.pc)
else
currGoal = next(goals)
currState.goal = currGoal
symbolicallyExec(currState)
statesSet= {<cl, pc, ss, goal>}
SelNextState
minDis = ∞
retState = null
foreach state in statesSet
if (state.goal = currGoal)
if (state.cl can reach currGoal)
d = |shortest path state.cl, currGoal|
if d < minDis
minDis = d
retState = state
return retState
18. ALGORITHM (SIMPLIFIED)
Input
icfg for P
goals (list of code locations)
Output
If (candidate input)
statesSet= {<cl, pc, ss, goal>}
Main algorithm
SelNextState s
/Heuristic ut space
ns
init; currGoal = first(goals) izatio minDiss=mbolic inp
tim
Op
the y ∞
e
e
repeat
null
ting to reducretStater=ne the search spac
Dyn=mic tain information to p u
ion
currState a SelNextState()
th computat
alysis
shor test pa
Program an
if (!currState) backtrack orss in the foreach state in statesSet
fail
an omne
e r==dcurrGoal)
if (currState.cl
if (state.goal = currGoal)
Som
if (currGoal == last(goals))
if (state.cl can reach currGoal)
return solve(currState.pc)
d = |shortest path state.cl, currGoal|
else
if d < minDis
currGoal = next(goals)
minDis = d
currState.goal = currGoal
retState = state
symbolicallyExec(currState)
return retState
20. BUGREDUX EVALUATION – FAILURES CONSIDERED
Name
sed
grep
gzip
ncompress
polymorph
aeon
glftpd
htget
socat
tipxd
aspell
exim
rsync
xmail
Repository
Size(KLOC)
# Faults
SIR
14
2
SIR
10
1
SIR
5
2
BugBench
2
1
BugBench
1
1
exploit-db
3
scovered by 1
di
faults can6be
exploit-db se
rs 1
ut of 72 hou
None of the
meo
exploit-db EE with a ti 3
1
vanilla KL
a
exploit-db
35
1
exploit-db
7
1
exploit-db
0.5
1
exploit-db
241
1
exploit-db
67
1
exploit-db
1
1
21. BUGREDUX EVALUATION – RESULTS
Name
sed #1
sed #2
grep
gzip #1
gzip #2
ncompress
polymorph
aeon
rsync
glftpd
htget
socat
tipxd
aspell
xmail
exim
POF
Call Stack
Call Seq.
One of three outcomes:
✘: fail
∼: synthesize
✔: (synthesize and) mimic
Compl. Trace
23. 16/16
2/16
Synth.: 9/16
BUGREDUX6/16 Synth.: 10/16 Synth.:– RESULTS
EVALUATION 16/16 Synth.: 2/16
Mimic: 6/16
Mimic:
Mimic:
Mimic:
Name
POF
Call Stack
sed #1
✘
✘
sed #2
✘
✘
grep
✘
∼
s:
n
gzip #1 Observatio
✔
✔
gzip #2
∼
∼
from
nt
ncompress ults can be dista
✔
✔
• Fa
polymorph e failure ✔ oints:
✔
p
th
s
aeon
✔nd call stack ✔
a
=> POFs ✘
rsync
✘
ely to help
nlik
t
glftpd u
✔mation is no✔
r
• More info
htget
∼
∼
t
be✘ter
s
socat alway
✘
xecution can
ce
tipxd• Symboli ✔
✔
factor ∼
ting
aspell be a limi∼
xmail
✘
✘
exim
✘
✘
Call Seq.
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
Compl. Trace
✘
✘
✘
✘
✘
✘
✘
✔
✘
✘
✘
✘
✘
✘
✘
✔
24. 16/16
2/16
Synth.: 9/16
BUGREDUX6/16 Synth.: 10/16 Synth.:– RESULTS
EVALUATION 16/16 Synth.: 2/16
Mimic: 6/16
Mimic:
Mimic:
Mimic:
Name
POF
Call Stack
sed #1
✘
✘
sed #2
✘
✘
grep
✘
∼
s: can
n
gzip #1 Observatiotion
✔ cu
✔
lic exe
Sym
gzip #2 bo
∼
∼
e o
fectivstafntrfrom
be s ef ✔
ncompress ultincan be di
✔
• Fa
polymorph e failure ✔ ointhighly
✔
p ith s:
th rograms w all stacks
aeon• p POFs ✔nd c
✔
a
>
=str uctured inputs
rsync
p
a ✘
elyato✘htelat internctt
nlik
glftpd •u progr ms mation is o✔
✔ h
s
nf t r
• Moire iexoer nal libr ar ie ∼
htget
∼
w ths better
r rams
alwraye co✘ plex tpoogcan
m ecu i n ✘
socat • la g
ce
Syn genlieralx tor ✔
tipxd• i mbo ✔
ting fac
aspell be a limi∼
∼
xmail
✘
✘
exim
✘
✘
Call Seq.
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
✔
Compl. Trace
✘
✘
✘
✘
✘
✘
✘
✔
✘
✘
✘
✘
✘
✘
✘
✔
25. SBFR
ith
Joint wor k w nella
iella, To
Kifetew, Jin, T
Crash report
(execution data)
•
Execution data
•
•
Call sequence
Input generation technique
•
Genetic Programming
Test Input
26. ith
Joint wor k w nella
iella, To
Kifetew, Jin, T
SBFR
<a> ::=
<b> |λ
Grammar
Crash report
(execution data)
Test Input
27. ith
Joint wor k w nella
iella, To
Kifetew, Jin, T
SBFR
<a> ::=
<b> |λ
Grammar
Derivation
Tree
Genetic
Programming
Crash report
(execution data)
Sentence derivation from the grammar:
Random application of grammar rules
• Uniform
• 80/20
• Stochastic (from a corpus)
Test Input
28. ith
Joint wor k w nella
iella, To
Kifetew, Jin, T
SBFR
<a> ::=
<b> |λ
Grammar
Derivation
Tree
Genetic
Programming
Crash report
(execution data)
Evolution:
Test Input
Fitness function:
Sentence derivation from the grammar:
Distance b/w execution traces
Random application of grammar rules
(candidate–actual failure)
• Uniform
• 80/20
• Stochastic (from a corpus)
29. ith
Joint wor k w nella
iella, To
Kifetew, Jin, T
SBFR
<a> ::=
<b> |λ
Grammar
Derivation
Tree
✔︎
Genetic
Programming
Crash report
(execution data)
Stopping criterion:
• Success
• Ic reaches the point of failure
• The program fails “in the same way”
• Search budget exhausted
Test Input
30. SBFR EVALUATION – FAILURES CONSIDERED
Name
Language Size(KLOC) # Productions # Faults
calc
Java
2
38
2
bc
C
12
80
1
MSDL
Java
13
140
5
PicoC
C
11
194
1
Lua
C
17
106
2
31. SBFR EVALUATION – FAILURES CONSIDERED
Name
Language Size(KLOC) # Productions # Faults
calc
Java
2
38
2
bc
C
12
80
duce any of
pro
unable to re
rs
as 13
72
MSDL BugRedux w
Java
ut of 140 hou
o
s with a time
these failure
1
PicoC
C
11
194
1
Lua
C
17
106
2
5
35. SBFR EVALUATION – RESULTS
Name
calc bug 1
FRP (SBFR)
0.6
FRP (Random)
0.0
calc bug 2
0.8
0.0
bc
1.0
0.0
1.0failure in bc
le:
0.0
Lua bug 1
0.0
0.0
Lua bug 2
0.5
0.0
MSDL bug 1
MSDL bug 2
Examp
1.0
0.0
str uction
in
gered by an
tri
MSDL bug 3 tion fault 1.0g
an
arrays 1.0 d
nta
t 32
me
eas
seg
allocates at l
n
MSDL bug ence that
4
1.0
ha0.0
sequ
bles higher t
o r ia
umber1.0f va rays
MSDLdbuglares a n
0.0
ec 5
ar
d
er of allocate
PicoC numb
0.8
0.1
the
36. SBFR EVALUATION – RESULTS
Name
calc bug 1
FRP (SBFR)
0.6
FRP (Random)
0.0
calc bug 2
0.8
0.0
Lua bug 1
0.0
0.0
Lua bug 2
0.5
0.0
:
ervations
1.0
0.0
Ob s
c
MSDL bug 1
1.0failure in an be effective in
0.0
:
eroaches c b
mplp
Exa
based ap1.0
annotchiandle
rchMSDL bug 2
0.0
• Sea
t on c i
olic execubiy an ivnstr u t on
b
a
e
s
a3es thot sfymlt 1.0ar s red effect e rays 1.0 d
c
MSDL bug
i tin gau mtrigg are ast 32 ar ted an
t
segmentaas c raocmtes atulteless direc
och hat all 1.0 le, b
a
n
MSDL • Stence t e scalab
bug 4
a0.0
u
les h em r th
seqSBST mor ber of vare bompilgheentar y,
ia
•
um d DSE ar c ays
MSDLdbuglares BST an 1.0
ec=5 S a n
artrechniques 0.0
>
of a ernatd
er an allltocate ive
PicoC rnuheb th
0.8
0.1
the at m r
bc
37. FUTURE WORK / FOOD
FOR THOUGHTS
Relevant execution data identification
• Which types?
• Which specific ones?
• Failure explanation
• Reproduction is not enough
• Can DSE and SBST help?
• Use of different input generation techniques
• Grammar-based symbolic execution
• Backward symbolic analysis?
• Other SBST approaches?
• SBST targeted at different kinds of programs?
• Combination of techniques
•