Write a Blog >>
ISSTA 2021
Sun 11 - Sat 17 July 2021 Online
co-located with ECOOP and ISSTA 2021
Fri 16 Jul 2021 18:40 - 19:00 at ISSTA 1 - Session 19 (time band 1) Testing 2 Chair(s): Rohan Padhye
Sat 17 Jul 2021 02:40 - 03:00 at ISSTA 1 - Session 23 (time band 2) Testing 4 Chair(s): Wensheng Dou

Static analysis is an important approach for finding bugs and vulnerabilities in software. However, inspecting and confirming static warnings are challenging and time-consuming. In this paper, we present a novel solution that automatically generates test cases based on static warnings to validate true and false positives. We designed a syntactic patching algorithm that can generate syntactically valid, semantic preserving executable code fragments from static warnings. We developed a build and testing system to automatically test code fragments using fuzzers, KLEE and Valgrind. We evaluated our techniques using 12 real-world C projects and 1955 warnings from two commercial static analysis tools. We successfully built 68.5% code fragments and generated 1003 test cases. Through automatic testing, we identified 48 true positives and 27 false positives, and 205 likely false positives. We matched 4 CVE and real-world bugs using Helium, and they are only triggered by our tool but not other baseline tools. We found that testing code fragments is scalable and useful; it can trigger bugs that testing entire programs or testing procedures failed to trigger.

Fri 16 Jul

Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

18:20 - 20:00
Session 19 (time band 1) Testing 2Technical Papers at ISSTA 1
Chair(s): Rohan Padhye Carnegie Mellon University
18:20
20m
Talk
Model-Based Testing of Networked Applications
Technical Papers
Yishuai Li University of Pennsylvania, Benjamin C. Pierce University of Pennsylvania, Steve Zdancewic University of Pennsylvania
DOI Pre-print
18:40
20m
Talk
Validating Static Warnings via Testing Code Fragments
Technical Papers
Ashwin Kallingal Joshy Iowa State University, Xueyuan Chen Iowa State University, Benjamin Steenhoek Iowa State University, Wei Le Iowa State University
DOI
19:00
20m
Talk
Gramatron: Effective Grammar-Aware Fuzzing
Technical Papers
Prashast Srivastava Purdue University, Mathias Payer EPFL
DOI Pre-print Media Attached File Attached
19:20
20m
Talk
Empirically Evaluating Readily Available Information for Regression Test Optimization in Continuous Integration
Technical Papers
Daniel Elsner TU Munich, Florian Hauer TU Munich, Alexander Pretschner TU Munich, Silke Reimer IVU Traffic Technologies
DOI
19:40
20m
Talk
Log-Based Slicing for System-Level Test Cases
Technical Papers
Salma Messaoudi University of Luxembourg, Donghwan Shin University of Luxembourg, Annibale Panichella Delft University of Technology; University of Luxembourg, Domenico Bianculli University of Luxembourg, Lionel Briand University of Luxembourg; University of Ottawa
DOI Media Attached

Sat 17 Jul

Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

02:40 - 03:40
Session 23 (time band 2) Testing 4Technical Papers at ISSTA 1
Chair(s): Wensheng Dou Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences
02:40
20m
Talk
Validating Static Warnings via Testing Code Fragments
Technical Papers
Ashwin Kallingal Joshy Iowa State University, Xueyuan Chen Iowa State University, Benjamin Steenhoek Iowa State University, Wei Le Iowa State University
DOI
03:00
20m
Talk
Empirical Evaluation of Smart Contract Testing: What Is the Best Choice?
Technical Papers
Meng Ren Tsinghua University, Zijing Yin Tsinghua University, Fuchen Ma Tsinghua University, Zhenyang Xu University of Waterloo, Yu Jiang Tsinghua University, Chengnian Sun University of Waterloo, Huizhong Li WeBank, Yan Cai Institute of Software at Chinese Academy of Sciences
DOI File Attached
03:20
20m
Talk
Model-Based Testing of Networked Applications
Technical Papers
Yishuai Li University of Pennsylvania, Benjamin C. Pierce University of Pennsylvania, Steve Zdancewic University of Pennsylvania
DOI Pre-print