| As the soul of information systems, software defects are very hard to be completely avoided in software releases. To improve the quality of software and reduce the chance of software failures is always a realistic but challenging task in software engineering research.Many software failures are caused by program faults, which are mistakenly imported into software by developers. To detect and fix such program faults, software debugging is a significant and practical process. Automatic and effective techniques to assist fault localization and fault diagnose are promising to alleviate the problem of software debugging.In previous studies, execution context is seldom analyzed whereas it is significant important to improve the effectiveness of fault localization, to assist the diagnosing of faults and software vulnerabilities. Based on the analysis on execution context, this thesis includes several subsections, which are shown as below.1. To alleviate the impact of execution similarity and improve the effectiveness of Coverage-based fault localization (CBFL) techniques, we propose a general fault localization technique for current execution spectra based CBFL techniques. It could synthesize a fault localization technique based on a given base technique. To synthesize the new technique, we use the concept of coverage vector to model execution spectra and capture the execution similarity, then reduce the impact of execution similarity by counting distinct coverage vectors, and finally assess the suspiciousness of basic blocks with the spectra of distinct coverage vectors.2. We present a statistical fault localization approach via semi-dynamic slicing in this paper. In our technique, we first distinguish the faulty elements among the execution results. Second, we use the backward slicing to analyze the dependence relationships, obtain sliced statements and calculate the coverage statistics.3. CBFL techniques assess the suspiciousness of program entities individually, whereas the individual coverage information cannot reflect the complicated control-and data-dependency relationships, and thus oversimplify the execution spectra. We propose the rules of program failures and design the execution analysis model based on the coverage of different program execution spectrum. By computing the frequency items for statements with high suspiciousness, we also bring out the coverage vector to mine fault-prone statements.4. Emprical studies have shown that fault localization techniques are effective to locate faults. On the contrary, other studies have also shown that the fault localization techniques are not well adopted in realistic debugging progresses. Thus, how to bridge the gap between fault localization and fault diagnose is a meaningful and significant research issue. In this thesis, we propose a fault localization guided selection on test cases. The basic insight is program entities with high suspiciousness scores should have higher priority to be inspected, thus how to highlight the infected states is the key problem. We claim that such selection chould assist the developer understand the process of triggering fault, the propagation of infected states and the software failure.5. To effective locate the root causes of software vulnerabilities, we propose a structural dynamic taint tracking technique to capture the execution deviations between the benign and abnormal executions. The basic insight is that different parts of an input are usually processed in different ways, e.g., by different instructions. Identifying individual parts in an input and learning the pattern in which they are processed is an attractive approach to detect memory corruptions. Based on the fine-grained dynamic taint analysis, we dynamically detect different fields in an input and monitor the propagation of these fields, and show that deviations from the execution pattern learned signal a memory corruption. |
PDF Full Text Request