Person:
Orso,
Alessandro
Orso,
Alessandro
Permanent Link
Associated Organization(s)
Organizational Unit
ORCID
ArchiveSpace Name Record
4 results
Publication Search Results
Now showing
1 - 4 of 4
-
ItemBugRedux: Reproducing Field Failures for In-house Debugging(Georgia Institute of Technology, 2011) Jin, Wei ; Orso, AlessandroWhen a software system fails in the field, on a user machine, and the failure is reported to the developers, developers in charge of debugging the failure must be able to reproduce the failing behavior in house. Unfortunately, reproducing field failures is a notoriously challenging task that has little support today. Typically, developers are provided with a bug report that contains data about the failure, such as memory dumps and, in the best case, some additional information provided by the user. However, this data is usually insufficient for recreating the problem, as recently reported in a survey conducted among developers of the Apache, Eclipse, and Mozilla projects. Even more advanced approaches for gathering field data and help in-house debugging tend to collect either too little information, which results in inexpensive but often ineffective techniques, or too much information, which makes the techniques effective but too costly. To address this issue, we present a novel general approach for supporting in-house debugging of field failures, called BUGREDUX. The goal of BUGREDUX is to synthesize, using execution data collected in the field, executions that mimic the observed field failures. We define several instances of BUGREDUX that collect different types of execution data and perform, through an empirical study, a cost-benefit analysis of the approach and its variations. In the study, we use a tool that implements our approach to recreate 17 failures of 15 realworld programs. Our results are promising and lead to several findings, some of which unexpected. In particular, they show that by collecting a suitable yet limited set of execution data the approach can synthesize in-house executions that reproduce the observed failures.
-
ItemExecution Hijacking: Improving Dynamic Analysis by Flying off Course(Georgia Institute of Technology, 2010) Tsankov, Petar ; Jin, Wei ; Orso, Alessandro ; Sinha, SaurabhTypically, dynamic-analysis techniques operate on a small subset of all possible program behaviors, which limits their effectiveness and the representativeness of the computed results. To address this issue, a new paradigm is emerging: execution hijacking—techniques that explore a larger set of program behaviors by forcing executions along specific paths. Although hijacked executions are infeasible for the given inputs, they can still produce feasible behaviors that could be observed under other inputs. In such cases, execution hijacking can improve the effectiveness of dynamic analysis without requiring the (expensive) generation of additional inputs. To evaluate the usefulness of execution hijacking, we defined, implemented, and evaluated several variants of it. Specifically, we performed empirical study where we assessed whether execution hijacking could improve the effectiveness of two common dynamic analyses: software testing and memory error detection. The results of the study show that execution hijacking, if suitably performed, can indeed help dynamic analysis techniques.
-
ItemCamouflage: Automated Sanitization of Field Data(Georgia Institute of Technology, 2009) Clause, James ; Orso, AlessandroPrivacy and security concerns have adversely affected the usefulness of many types of techniques that leverage information gathered from deployed applications. To address this issue, we present a new approach for automatically sanitizing failure-inducing inputs. Given an input I that causes a failure f, our technique can generate a sanitized input I' that is different from I but still causes f. I' can then be sent to the developers to help them debug f, without revealing the possibly sensitive information contained in I. We implemented our approach in a prototype tool, camouflage, and performed an empirical evaluation. In the evaluation, we applied camouflage to a large set of failure-inducing inputs for several real applications. The results of the evaluation are promising; they show that camouflage is both practical and effective at generating sanitized inputs. In particular, for the inputs that we considered, I and I' shared no sensitive information.
-
ItemUnderstanding Data Dependences in the Presence of Pointers(Georgia Institute of Technology, 2003) Orso, Alessandro ; Sinha, Saurabh ; Harrold, Mary JeanUnderstanding data dependences in programs is important for many software-engineering activities, such as program understanding, impact analysis, reverse engineering, and debugging. The presence of pointers, arrays, and structures can cause subtle and complex data dependences that can be difficult to understand. For example, in languages such as C, an assignment made through a pointer dereference can assign a value to one of several variables, none of which may appear syntactically in that statement. In the first part of this paper, we describe two techniques for classifying data dependences in the presence of pointer dereferences. The first technique classifies data dependences based on definition type, use type, and path type. The second technique classifies data dependences based on span. We present empirical results to illustrate the distribution of data-dependence types and spans for a set of real C programs. In the second part of the paper, we discuss two applications of the classification techniques. First, we investigate different ways in which the classification can be used to facilitate data-flow testing and verification. We outline an approach that uses types and spans of data dependences to determine the appropriate verification technique for different data dependences; we present empirical results to illustrate the approach. Second, we present a new slicing paradigm that computes slices based on types of data dependences. Based on the new paradigm, we define an incremental slicing technique that computes a slice in multiple steps. We present empirical results to illustrate the sizes of incremental slices and the potential usefulness of incremental slicing for debugging.