We leverage two existing techniques—combined concrete and symbolic execution, and the Tarantula algorithm for fault localization—to create a uniquely powerful method for finding and localizing faults. The method automatically discovers inputs required to exercise paths through a program, thus overcoming the limitation of many existing fault localization techniques that a test suite be available upfront. We show how the effectiveness of Tarantula can be improved significantly by utilizing a correlation between executed statements and the output that they produce, in combination with an oracle that detects where errors occur in the output. We implemented these ideas in Apollo, a tool for testing PHP applications, using an HTML validator as our oracle. When applied to a number of open-source PHP applications, Apollo found, and precisely localized a significant number of faults.
By: Shay Artzi; Julian Dolby; Frank Tip
Published in: RC24675 in 2008
LIMITED DISTRIBUTION NOTICE:
This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.
Questions about this service can be mailed to reports@us.ibm.com .