Automated Customized Bug-Benchmark Generation
IEEE SCAM 2019 We introduce Bug-Injector, a system that automatically creates benchmarks for customized evaluation of static analysis tools. We share a benchmark generated using Bug-Injector and illustrate its efficacy by using it to evaluate the recall of two leading open-source static analysis too...
Gespeichert in:
| Hauptverfasser: | , , , , , , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Kashyap, Vineeth Ruchti, Jason Kot, Lucja Turetsky, Emma Swords, Rebecca Pan, Shih An Henry, Julien Melski, David Schulte, Eric |
| description | IEEE SCAM 2019 We introduce Bug-Injector, a system that automatically creates benchmarks for
customized evaluation of static analysis tools. We share a benchmark generated
using Bug-Injector and illustrate its efficacy by using it to evaluate the
recall of two leading open-source static analysis tools: Clang Static Analyzer
and Infer.
Bug-Injector works by inserting bugs based on bug templates into real-world
host programs. It runs tests on the host program to collect dynamic traces,
searches the traces for a point where the state satisfies the preconditions for
some bug template, then modifies the host program to inject a bug based on that
template. Injected bugs are used as test cases in a static analysis tool
evaluation benchmark. Every test case is accompanied by a program input that
exercises the injected bug. We have identified a broad range of requirements
and desiderata for bug benchmarks; our approach generates on-demand test
benchmarks that meet these requirements. It also allows us to create customized
benchmarks suitable for evaluating tools for a specific use case (e.g., a given
codebase and set of bug types).
Our experimental evaluation demonstrates the suitability of our generated
benchmark for evaluating static bug-detection tools and for comparing the
performance of different tools. |
| doi_str_mv | 10.48550/arxiv.1901.02819 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_1901_02819</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1901_02819</sourcerecordid><originalsourceid>FETCH-LOGICAL-a679-f974aaad89650790c97c2259eda5963b266fcab6fcd74f67c5f2ea289ff5a6b73</originalsourceid><addsrcrecordid>eNotzrsOgjAYBeAuDgZ9ACd9gWIptOUfgXhLTFzYyU9plahguBj16cXLcs6ZTj5CZh5zg1AItsTmUd5dD5jnMh56MCY06rv6ip0pFknfDrN8DTPujzQ2lT5dsTkvNqYyDXZlXU3IyOKlNdN_OyRdr9JkS_eHzS6J9hSlAmpBBYhYhCAFU8A0KM25AFOgAOnnXEqrMR-iUIGVSgvLDfIQrBUoc-U7ZP67_XqzW1MOjmf2cWdft_8Ge9U9fw</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Automated Customized Bug-Benchmark Generation</title><source>arXiv.org</source><creator>Kashyap, Vineeth ; Ruchti, Jason ; Kot, Lucja ; Turetsky, Emma ; Swords, Rebecca ; Pan, Shih An ; Henry, Julien ; Melski, David ; Schulte, Eric</creator><creatorcontrib>Kashyap, Vineeth ; Ruchti, Jason ; Kot, Lucja ; Turetsky, Emma ; Swords, Rebecca ; Pan, Shih An ; Henry, Julien ; Melski, David ; Schulte, Eric</creatorcontrib><description>IEEE SCAM 2019 We introduce Bug-Injector, a system that automatically creates benchmarks for
customized evaluation of static analysis tools. We share a benchmark generated
using Bug-Injector and illustrate its efficacy by using it to evaluate the
recall of two leading open-source static analysis tools: Clang Static Analyzer
and Infer.
Bug-Injector works by inserting bugs based on bug templates into real-world
host programs. It runs tests on the host program to collect dynamic traces,
searches the traces for a point where the state satisfies the preconditions for
some bug template, then modifies the host program to inject a bug based on that
template. Injected bugs are used as test cases in a static analysis tool
evaluation benchmark. Every test case is accompanied by a program input that
exercises the injected bug. We have identified a broad range of requirements
and desiderata for bug benchmarks; our approach generates on-demand test
benchmarks that meet these requirements. It also allows us to create customized
benchmarks suitable for evaluating tools for a specific use case (e.g., a given
codebase and set of bug types).
Our experimental evaluation demonstrates the suitability of our generated
benchmark for evaluating static bug-detection tools and for comparing the
performance of different tools.</description><identifier>DOI: 10.48550/arxiv.1901.02819</identifier><language>eng</language><subject>Computer Science - Programming Languages ; Computer Science - Software Engineering</subject><creationdate>2019-01</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,885</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/1901.02819$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.1901.02819$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Kashyap, Vineeth</creatorcontrib><creatorcontrib>Ruchti, Jason</creatorcontrib><creatorcontrib>Kot, Lucja</creatorcontrib><creatorcontrib>Turetsky, Emma</creatorcontrib><creatorcontrib>Swords, Rebecca</creatorcontrib><creatorcontrib>Pan, Shih An</creatorcontrib><creatorcontrib>Henry, Julien</creatorcontrib><creatorcontrib>Melski, David</creatorcontrib><creatorcontrib>Schulte, Eric</creatorcontrib><title>Automated Customized Bug-Benchmark Generation</title><description>IEEE SCAM 2019 We introduce Bug-Injector, a system that automatically creates benchmarks for
customized evaluation of static analysis tools. We share a benchmark generated
using Bug-Injector and illustrate its efficacy by using it to evaluate the
recall of two leading open-source static analysis tools: Clang Static Analyzer
and Infer.
Bug-Injector works by inserting bugs based on bug templates into real-world
host programs. It runs tests on the host program to collect dynamic traces,
searches the traces for a point where the state satisfies the preconditions for
some bug template, then modifies the host program to inject a bug based on that
template. Injected bugs are used as test cases in a static analysis tool
evaluation benchmark. Every test case is accompanied by a program input that
exercises the injected bug. We have identified a broad range of requirements
and desiderata for bug benchmarks; our approach generates on-demand test
benchmarks that meet these requirements. It also allows us to create customized
benchmarks suitable for evaluating tools for a specific use case (e.g., a given
codebase and set of bug types).
Our experimental evaluation demonstrates the suitability of our generated
benchmark for evaluating static bug-detection tools and for comparing the
performance of different tools.</description><subject>Computer Science - Programming Languages</subject><subject>Computer Science - Software Engineering</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotzrsOgjAYBeAuDgZ9ACd9gWIptOUfgXhLTFzYyU9plahguBj16cXLcs6ZTj5CZh5zg1AItsTmUd5dD5jnMh56MCY06rv6ip0pFknfDrN8DTPujzQ2lT5dsTkvNqYyDXZlXU3IyOKlNdN_OyRdr9JkS_eHzS6J9hSlAmpBBYhYhCAFU8A0KM25AFOgAOnnXEqrMR-iUIGVSgvLDfIQrBUoc-U7ZP67_XqzW1MOjmf2cWdft_8Ge9U9fw</recordid><startdate>20190109</startdate><enddate>20190109</enddate><creator>Kashyap, Vineeth</creator><creator>Ruchti, Jason</creator><creator>Kot, Lucja</creator><creator>Turetsky, Emma</creator><creator>Swords, Rebecca</creator><creator>Pan, Shih An</creator><creator>Henry, Julien</creator><creator>Melski, David</creator><creator>Schulte, Eric</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20190109</creationdate><title>Automated Customized Bug-Benchmark Generation</title><author>Kashyap, Vineeth ; Ruchti, Jason ; Kot, Lucja ; Turetsky, Emma ; Swords, Rebecca ; Pan, Shih An ; Henry, Julien ; Melski, David ; Schulte, Eric</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a679-f974aaad89650790c97c2259eda5963b266fcab6fcd74f67c5f2ea289ff5a6b73</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Computer Science - Programming Languages</topic><topic>Computer Science - Software Engineering</topic><toplevel>online_resources</toplevel><creatorcontrib>Kashyap, Vineeth</creatorcontrib><creatorcontrib>Ruchti, Jason</creatorcontrib><creatorcontrib>Kot, Lucja</creatorcontrib><creatorcontrib>Turetsky, Emma</creatorcontrib><creatorcontrib>Swords, Rebecca</creatorcontrib><creatorcontrib>Pan, Shih An</creatorcontrib><creatorcontrib>Henry, Julien</creatorcontrib><creatorcontrib>Melski, David</creatorcontrib><creatorcontrib>Schulte, Eric</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Kashyap, Vineeth</au><au>Ruchti, Jason</au><au>Kot, Lucja</au><au>Turetsky, Emma</au><au>Swords, Rebecca</au><au>Pan, Shih An</au><au>Henry, Julien</au><au>Melski, David</au><au>Schulte, Eric</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Automated Customized Bug-Benchmark Generation</atitle><date>2019-01-09</date><risdate>2019</risdate><abstract>IEEE SCAM 2019 We introduce Bug-Injector, a system that automatically creates benchmarks for
customized evaluation of static analysis tools. We share a benchmark generated
using Bug-Injector and illustrate its efficacy by using it to evaluate the
recall of two leading open-source static analysis tools: Clang Static Analyzer
and Infer.
Bug-Injector works by inserting bugs based on bug templates into real-world
host programs. It runs tests on the host program to collect dynamic traces,
searches the traces for a point where the state satisfies the preconditions for
some bug template, then modifies the host program to inject a bug based on that
template. Injected bugs are used as test cases in a static analysis tool
evaluation benchmark. Every test case is accompanied by a program input that
exercises the injected bug. We have identified a broad range of requirements
and desiderata for bug benchmarks; our approach generates on-demand test
benchmarks that meet these requirements. It also allows us to create customized
benchmarks suitable for evaluating tools for a specific use case (e.g., a given
codebase and set of bug types).
Our experimental evaluation demonstrates the suitability of our generated
benchmark for evaluating static bug-detection tools and for comparing the
performance of different tools.</abstract><doi>10.48550/arxiv.1901.02819</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.1901.02819 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_1901_02819 |
| source | arXiv.org |
| subjects | Computer Science - Programming Languages Computer Science - Software Engineering |
| title | Automated Customized Bug-Benchmark Generation |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-03T01%3A20%3A49IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Automated%20Customized%20Bug-Benchmark%20Generation&rft.au=Kashyap,%20Vineeth&rft.date=2019-01-09&rft_id=info:doi/10.48550/arxiv.1901.02819&rft_dat=%3Carxiv_GOX%3E1901_02819%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |