Constraint-Based Test Oracles for Program Analyzers

Fleischmann, Markus; Kaindlstorfer, David Michael; Isychev, Anastasia; Wüstholz, Valentin; Christakis, Maria

doi:10.1145/3691620.3695035

DC Field

Value

Language

dc.contributor.author

Fleischmann, Markus

dc.contributor.author

Kaindlstorfer, David Michael

dc.contributor.author

Isychev, Anastasia

dc.contributor.author

Wüstholz, Valentin

dc.contributor.author

Christakis, Maria

dc.contributor.editor

Filkov, Vladimir

dc.contributor.editor

Ray, Baishakhi

dc.contributor.editor

Zhou, Minghui

dc.date.accessioned

2024-11-11T13:19:54Z

dc.date.available

2024-11-11T13:19:54Z

dc.date.issued

2024

dc.identifier.citation

<div class="csl-bib-body"> <div class="csl-entry">Fleischmann, M., Kaindlstorfer, D. M., Isychev, A., Wüstholz, V., & Christakis, M. (2024). Constraint-Based Test Oracles for Program Analyzers. In V. Filkov, B. Ray, & M. Zhou (Eds.), <i>ASE ’24: Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering</i> (pp. 344–355). Association for Computing Machinery. https://doi.org/10.1145/3691620.3695035</div> </div>

dc.identifier.uri

http://hdl.handle.net/20.500.12708/204056

dc.description.abstract

Program analyzers implement complex algorithms and, as any software, can contain bugs. Bugs in their implementation may lead to analyzers being imprecise and failing to verify safe programs, i.e., programs with no reachable error locations; or worse, analyzer bugs may lead to reporting unsound results by verifying unsafe programs, i.e., programs with reachable error locations. In this paper, we propose a method to detect such bugs by generating constraint-based test oracles for analyzers. We re-purpose and extend Fuzzle, a tool for benchmarking fuzzers, in a tool called Minotaur. Minotaur generates C programs from SMT constraints, and based on the satisfiability of the constraints, derives whether the generated programs are safe or unsafe. For instance, for an unsafe program, an analyzer under test contains a soundness issue if it proves it safe. Using Minotaur, we found 30 unique soundness and precision issues in 11 well-known analyzers that reason about reachability properties.

dc.description.sponsorship

European Commission

dc.language.iso

dc.rights.uri

http://creativecommons.org/licenses/by-sa/4.0/

dc.subject

constraint-based test oracles

dc.subject

program analyzers

dc.subject

unsoundness

dc.subject

imprecision

dc.title

Constraint-Based Test Oracles for Program Analyzers

dc.type

Inproceedings

dc.type

Konferenzbeitrag

dc.rights.license

Creative Commons Namensnennung - Weitergabe unter gleichen Bedingungen 4.0 International

dc.rights.license

Creative Commons Attribution-ShareAlike 4.0 International

dc.contributor.editoraffiliation

Columbia University, United States of America (the)

dc.relation.isbn

979-8-4007-1248-7

dc.relation.doi

10.1145/3691620

dc.description.startpage

344

dc.description.endpage

355

dc.relation.grantno

101076510

dc.rights.holder

dc.type.category

Full-Paper Contribution

tuw.booktitle

ASE '24: Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering

tuw.peerreviewed

true

tuw.relation.publisher

Association for Computing Machinery

tuw.relation.publisherplace

New York, NY, USA

tuw.project.title

Testing Program Analyzers Ad Absurdum

tuw.researchTopic.id

tuw.researchTopic.name

Information Systems Engineering

tuw.researchTopic.value

100

tuw.publication.orgunit

E194-01 - Forschungsbereich Software Engineering

tuw.publisher.doi

10.1145/3691620.3695035

dc.identifier.libraryid

AC17359499

dc.description.numberOfPages

tuw.author.orcid

0009-0001-7072-8908

tuw.author.orcid

0000-0001-6375-0421

tuw.author.orcid

0000-0003-1496-1104

tuw.author.orcid

0000-0002-2649-1958

dc.rights.identifier

CC BY-SA 4.0

dc.rights.identifier

CC BY-SA 4.0

tuw.editor.orcid

0000-0003-0492-4393

tuw.editor.orcid

0000-0003-3406-5235

tuw.event.name

ASE '24: 39th IEEE/ACM International Conference on Automated Software Engineering

dc.description.sponsorshipexternal

ERC Starting Grant

dc.relation.grantnoexternal

HORIZON-ERC-STG-2022

tuw.event.startdate

27-10-2024

tuw.event.enddate

01-11-2024

tuw.event.online

On Site

tuw.event.type

Event for scientific audience

tuw.event.place

Sacramento

tuw.event.country

tuw.event.presenter

Fleischmann, Markus

tuw.event.track

Single Track

wb.sciencebranch

Informatik

wb.sciencebranch.oefos

1020

wb.sciencebranch.value

100

item.cerifentitytype

Publications

item.languageiso639-1

item.mimetype

application/pdf

item.fulltext

with Fulltext

item.openairetype

conference paper

item.openaccessfulltext

Open Access

item.openairecristype

http://purl.org/coar/resource_type/c_5794

item.grantfulltext

open

crisitem.project.funder

European Commission

crisitem.project.grantno

101076510

crisitem.author.dept

E194-01 - Forschungsbereich Software Engineering

crisitem.author.dept

E194-01 - Forschungsbereich Software Engineering

crisitem.author.dept

E194-01 - Forschungsbereich Software Engineering

crisitem.author.dept

E194-01 - Forschungsbereich Software Engineering

crisitem.author.orcid

0009-0001-7072-8908

crisitem.author.orcid

0000-0001-6375-0421

crisitem.author.orcid

0000-0003-1496-1104

crisitem.author.orcid

0000-0002-2649-1958

crisitem.author.parentorg

E194 - Institut für Information Systems Engineering

crisitem.author.parentorg

E194 - Institut für Information Systems Engineering

crisitem.author.parentorg

E194 - Institut für Information Systems Engineering

crisitem.author.parentorg

E194 - Institut für Information Systems Engineering

Appears in Collections:

Conference Paper

Fulltext (Version of Record (published version))

Adobe PDF

(712.27 kB)

CC BY-SA 4.0

Show simple item record

Page view(s)

225

checked on Nov 11, 2024

Download(s)

checked on Nov 11, 2024

Google Scholar^TM

Check

Page view(s)

Download(s)

Google ScholarTM

Google Scholar^TM