DiverJS: path exploration heuristic for difference analysis of event-driven code
Pages 1768 - 1777
Abstract
The existing methods of difference analysis cannot cope with event-driven code well, since they explore only the input space for program input like integers and strings, but do not explore the event space for all possible event sequences.
This paper proposes a novel heuristic, as well as a tool called DiverJS, for performing difference analysis that copes well with both the input space and event space. To efficiently explore huge space, DiverJS prunes redundant event sequences based on Dynamic Partial Order Reduction (DPOR). DiverJS also stochastically switches two exploration heuristics: (1) one aims to increase code coverage, using shared variable information, derived from Write-Read (WR) set and dynamic taint analysis, (2) the other aims to guide the execution to the location of code changes, using the distance between the branch to be negated and the change.
We conducted a preliminary experiment to evaluate the detection accuracy of program behavioral differences, and the efficiency of exploration by the number of paths. The result shows DiverJS outperformed the existing methods; DiverJS detected the differences with higher detection accuracy in fewer paths, which suggests our DiverJS's difference analysis is effective and efficient.
References
[1]
D. A. Ramos and D. R. Engler: "Practical, Low-Effort Equivalence Verification of Real Code", Proc. 23rd Int. Conf. on Computer aided verification, pp. 669--685 (2011).
[2]
C. Cadar, D. Dunbar and D. Engler: "KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs", Proc. 8th USENIX Conf. on Operating systems design and implementation, pp. 209--224 (2008).
[3]
C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill and D. R. Engler: "EXE: Automatically Generating Inputs of Death", Proc. 13th ACM Conf. on Computer and communications security, pp. 322--335 (2006).
[4]
P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant and D. Song: "A Symbolic Execution Framework for JavaScript", Proc. 2010 IEEE Sympo. on Security and Privacy, pp. 513--528 (2010).
[5]
G. Li, E. Andreasen and I. Ghosh: "SymJS: Automatic Symbolic Testing of JavaScript Web Applications", Proc. 22nd ACM SIGSOFT Int. Sympo. on Foundations of Software Engineering, pp. 449--459 (2014).
[6]
D. Qi, A. Roychoudhury and Z. Liang: "Test Generation to Expose Changes in Evolving Programs", Proc. of the IEEE/ACM Int. Conf. on Automated Software Engineering, pp. 397--406 (2010).
[7]
T. Kuchta, H. Palikareva and C. Cadar: "Shadow Symbolic Execution for Testing Software Patches", ACM Trans. on Software Engineering and Methodology Article No. 10 (2018).
[8]
P. Dan Marinescu and C. Cadar: "KATCH: high-coverage testing of software patches", Proc. 2013 9th Joint Meeting on Foundations of Software Engineering, pp. 235--245 (2013).
[9]
M. Bøhme, V. T. Pham, M. D. Nguyen and A. Roychoudhury: "Directed Greybox Fuzzing", Proc. 2017 ACM SIGSAC Conf. on Computer and Communications Security, pp. 2329--2344 (2017).
[10]
S. Person, G. Yang, N. Rungta and S. Khurshid: "Directed incremental symbolic execution", Proc. 32nd ACM SIGPLAN Conf. on Programming Language Design and Implementation, pp. 504--515 (2011).
[11]
J. Branchaud, S. Person and N. Rungta: "A change impact analysis to characterize evolving program behaviors", Proc. of the 2012 IEEE Int. Conf. on Software Maintenance, pp. 109--118 (2012).
[12]
S. Guo, M. Kusano and C. Wang: "Conc-iSE: incremental symbolic execution of concurrent software", Proc. 31st IEEE/ACM Int. Conf. on Automated Software Engineering, pp. 531--542 (2016).
[13]
C. S. Jensen, Møller, V. Raychev, D. Dimitrov and M. Vechev: "Stateless model checking of event-driven applications", Proc. 2015 ACM SIGPLAN Int. Conf. on Object-Oriented Programming, Systems, Languages, and Applications, pp. 57--73 (2015).
[14]
J. Davis, A. Thekumparampil and D. Lee: "Node.fz: Fuzzing the Server-Side Event-Driven Architecture", Proc. Twelfth European Conf. on Computer Systems, pp. 145--160 (2017).
[15]
X. Chang, W. Dou, Y. Gao, J. Wang, J. Wei and T. Huang: "Detecting atomicity violations for event-driven Node.js applications", Proc. 41st Int. Conf. on Software Engineering, pp. 631--642 (2019).
[16]
C. Flanagan and P. Godefroid: "Dynamic partial-order reduction for model checking software", ACM SIGPLAN Notices (2005).
[17]
B. Loring, D. Mitchell and J. Kinder: "ExpoSE: practical symbolic execution of standalone JavaScript", Proc. 24th ACM SIGSOFT Int. SPIN Sympo. on Model Checking of Software, pp. 196--199 (2017).
[18]
Github: jalangi2, "https://github.com/Samsung/jalangi2".
[19]
Github: Z3, "https://github.com/Z3Prover/z3".
[20]
S. Holm Jensen, A. Møller and P. Thiemann: "Type Analysis for JavaScript", Proc. 16th Int. Sympo. on Static Analysis, pp. 238--255 (2009).
[21]
A. Feldthaus, M. Schäfer, M. Sridharan, J. Dolby and F. Tip: "Efficient Construction of Approximate Call Graphs for JavaScript IDE Services", Proc. 2013 Int. Conf. on Software Engineering, pp. 752--761 (2013).
- DiverJS: path exploration heuristic for difference analysis of event-driven code
Recommendations
The Generalized Form of Cassical Edge Detecting Masks
ICICTA '10: Proceedings of the 2010 International Conference on Intelligent Computation Technology and Automation - Volume 03Edge detecting is the most important pre-processing in image analysis, feature extraction and recognition. Gradient is a basilic measure of edge images, and we can calculate the values of magnitude and rotation of edges with it. We analyse the first-...
Discovering bug patterns in JavaScript
FSE 2016: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software EngineeringJavaScript has become the most popular language used by developers for client and server side programming. The language, however, still lacks proper support in the form of warnings about potential bugs in the code. Most bug finding tools in use today ...
GRASP with Path Relinking for Three-Index Assignment
This paper proposes and tests variants of GRASP (greedy randomized adaptive search procedure) with path relinking for the three-index assignment problem (AP3). GRASP is a multistart metaheuristic for combinatorial optimization. It usually consists of a ...
Comments
Information & Contributors
Information
Published In
March 2021
2075 pages
ISBN:9781450381048
DOI:10.1145/3412841
- Conference Chairs:
- Chih-Cheng Hung,
- Jiman Hong,
- Program Chairs:
- Alessio Bechini,
- Eunjee Song
Copyright © 2021 ACM.
Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of a national government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 April 2021
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
SAC '21
Sponsor:
SAC '21: The 36th ACM/SIGAPP Symposium on Applied Computing
March 22 - 26, 2021
Virtual Event, Republic of Korea
Acceptance Rates
Overall Acceptance Rate 1,650 of 6,669 submissions, 25%
Upcoming Conference
SAC '25
- Sponsor:
- sigapp
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 55Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)0
Reflects downloads up to 28 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in