Mutation testing is an approach to checking the robustness of test suites. The program code is slightly changed by mutations to inject bugs. A test suite is robust enough if it finds such bugs. Mutation testing tools ...
详细信息
ISBN:
(纸本)9798400705045
Mutation testing is an approach to checking the robustness of test suites. The program code is slightly changed by mutations to inject bugs. A test suite is robust enough if it finds such bugs. Mutation testing tools typically integrate sets of mutation operators such as, for example, swapping arithmetic operators;modern tools typically work with compiled code such as java bytecode. The mutations must be defined in such a way that the mutated program can still be loaded and executed. The results of mutation tests depend directly on the possible mutations. More advanced mutations and even domain-specific mutations can pose another challenge to the test suite. Since the classical, non-model-based mutation testing tools do not support the specification of advanced mutation operators well, we propose a model-driven approach where mutations of java bytecode can be flexibly defined by model transformation. Our approach also provides advanced mutation operators for modifying object-oriented structures, java-specific properties and API method calls, making it the only mutation testing tool for java bytecode that supports such mutations. To further improve the effectiveness of mutation testing, mutants are generated only for bytecode that is covered by tests. Our approach is implemented in the MMT tool. It has been evaluated against non-model-based mutation testing tools for its ability to generate mutants close to real bugs. The experiments make use of Defects4J, a well-established collection of real-world java projects with reproducible bugs.
We develop a framework of definitional abstract interpreters for java bytecode in Sturdy. Specifically, we provide a generic interpreter that abstractly executes java bytecode but resorts to configurable analysis comp...
详细信息
ISBN:
(纸本)9798400711114
We develop a framework of definitional abstract interpreters for java bytecode in Sturdy. Specifically, we provide a generic interpreter that abstractly executes java bytecode but resorts to configurable analysis components for abstracting values and effects. From this, we can derive a concrete reference semantics for java bytecode and sound abstract interpreters.
Copied, reused and modified program code is a common phenomena in software development. As the resulting code clones are often not labeled as such and their proper detection is crucial to software quality and re-engin...
详细信息
ISBN:
(纸本)9798350344424
Copied, reused and modified program code is a common phenomena in software development. As the resulting code clones are often not labeled as such and their proper detection is crucial to software quality and re-engineering, numerous techniques and tools for finding code clones have been developed. This as well applies to the java programming language, though most clone detectors work on java source code. Only some research addresses code clones in java bytecode and an even smaller fraction investigates the relationship between java source code and bytecode code clones. In this paper, we extend the source-code based clone detector StoneDetector to java bytecode. Using BigCloneBench as state-of-the-art benchmark, we are able to assess and analyze its effectiveness in detecting source code clones in java bytecode. We also report on differences in the performance of clone detection for stack-based and register-based representations of java bytecode. The results show that, while code clones found in java source code and bytecode in general can differ, source code clones can be detected in java bytecode with high recall and precision using the presented system.
Mutation testing is an approach to check the robustness of test suites. The program code is slightly changed by mutations to inject errors. A test suite is robust enough if it finds such errors. Tools for mutation tes...
详细信息
ISBN:
(纸本)9798350324983
Mutation testing is an approach to check the robustness of test suites. The program code is slightly changed by mutations to inject errors. A test suite is robust enough if it finds such errors. Tools for mutation testing usually integrate sets of mutation operators such as, for example, swapping arithmetic operators;modern tools typically work with compiled code such as java bytecode. In this case, the mutations must be defined in such a way that the mutated program still can be loaded and executed. The results of mutation tests depend directly on the possible mutations. More advanced mutations and even domain-specific mutations can pose another challenge to the test suite. Since extending the classical approaches to more complex mutations is not well supported and is difficult, we propose a model-driven approach where mutations of java bytecode can be flexibly defined by model transformation. The corresponding tool called MMT has been extended with advanced mutation operators for modifying object-oriented structures, java-specific properties and method calls of APIs, making it the only mutation testing tool for java bytecode that supports such mutations.
A formal translation of CIL (i.e., .Net) bytecode into java bytecode is introduced and proved sound with respect to the language semantics. The resulting code is then analyzed with Julia, an industrial static analyzer...
详细信息
A formal translation of CIL (i.e., .Net) bytecode into java bytecode is introduced and proved sound with respect to the language semantics. The resulting code is then analyzed with Julia, an industrial static analyzer of java bytecode. The overall process of translation and analysis is fast, scales to industrial programs, and introduces a negligible number of false alarms. The main contribution of this work is to leverage existing, mature, and sound analyzers for java bytecode by applying them also to the wide range of .Net software systems. Experimental results show the actual effectiveness of this approach when applied to all the system libraries of the Microsoft .Net framework version 4.0.30319 (about 5 MLOCs). (C) 2020 The Author(s). Published by Elsevier B.V.
Software piracy is one of the most serious issues confronted by software industry creating a huge number of dollars misfortune consistently to the product creating organizations. The worldwide income misfortune was as...
详细信息
ISBN:
(纸本)9789811088483;9789811088476
Software piracy is one of the most serious issues confronted by software industry creating a huge number of dollars misfortune consistently to the product creating organizations. The worldwide income misfortune was assessed to be more than $62.7 billion in the year 2013 because of the product theft. Software watermarking demoralizes theft, as a proof of procurement or origin, and likewise helps in following the wellspring of unlawful redistribution of duplicates of programming. In this paper, we have compared and analyzed the static and dynamic java bytecode watermarking algorithms. Firstly, each java jar file is watermarked using the watermarking algorithms, and after this, distortive attacks are applied to each watermarked program by applying obfuscation and optimizing. After studying the results obtained, we found that dynamic watermarking algorithms are slightly better than static watermarking algorithms.
During compilation from java source code to byte-code, some information is irreversibly lost. In other words, compilation and decompilation of java code is not symmetric. Consequently, the decompilation process, which...
详细信息
ISBN:
(纸本)9781728149370
During compilation from java source code to byte-code, some information is irreversibly lost. In other words, compilation and decompilation of java code is not symmetric. Consequently, the decompilation process, which aims at producing source code from bytecode, must establish some strategies to reconstruct the information that has been lost. Modern java decompilers tend to use distinct strategies to achieve proper decompilation. In this work, we hypothesize that the diverse ways in which bytecode can be decompiled has a direct impact on the quality of the source code produced by decompilers. We study the effectiveness of eight java decompilers with respect to three quality indicators: syntactic correctness, syntactic distortion and semantic equivalence modulo inputs. This study relies on a benchmark set of 14 real-world open-source software projects to be decompiled (2041 classes in total). Our results show that no single modern decompiler is able to correctly handle the variety of bytecode structures coming from real-world programs. Even the highest ranking decompiler in this study produces syntactically correct output for 84% of classes of our dataset and semantically equivalent code output for 78% of classes.
The verification process of software is of growing importance as it helps to assure that an application is correctly built. However, an efficient verification method of implementation of an application should also rej...
详细信息
ISBN:
(纸本)9781538662205
The verification process of software is of growing importance as it helps to assure that an application is correctly built. However, an efficient verification method of implementation of an application should also reject cases of invalid data which provide valid results. Thus, we propose in this paper a constraint-based analysis technique to detect vulnerabilities in java applications at the executable level. We propose to exploit both the information contained in the bytecode structure of the application and the information given by the user specification. Indeed, we show how the user specifications can be used to deduce the invalid input state that put the testing method in valid post-state and then to detect some defections in the bytecode programs.
This paper presents the first Coq formalisation of the full java bytecode instruction set and its semantics. The set of instructions is organised in a hierarchy depending on how the instructions deal with the runtime ...
详细信息
ISBN:
(数字)9783030035921
ISBN:
(纸本)9783030035921;9783030035914
This paper presents the first Coq formalisation of the full java bytecode instruction set and its semantics. The set of instructions is organised in a hierarchy depending on how the instructions deal with the runtime structures of the java Virtual Machine such as threads, stacks, heap etc. The hierarchical nature of Coq modules neatly reinforces this view and facilitates the understanding of the java bytecode semantics. This approach makes it possible to both conduct verification of properties for programs and to prove metatheoretical results for the language. Based upon our formalisation experience, the deficiencies of the current informal bytecode language specification are discussed.
Program analyses are an important tool to check if a system fulfills its specification. A typical implementation strategy for program analyses is to use an imperative, general-purpose language like java;and access the...
详细信息
ISBN:
(纸本)9783319747309;9783319747293
Program analyses are an important tool to check if a system fulfills its specification. A typical implementation strategy for program analyses is to use an imperative, general-purpose language like java;and access the program to be analyzed through libraries for manipulating intermediate code, such as ASM for java bytecode. We show that this hampers composability, interoperability and reuse of analysis implementations. We propose a complete Ecore-metamodel for java bytecode as a common basis for program analysis implementations, as well as an Eclipse plug-in to create bytecode metamodel instances from java bytecode and vice versa. Code analyses can be defined as model transformations in a declarative, domain-specific language. As a consequence, the implementations of program analyses become more composable and more modular in general. We demonstrate the effectiveness of this approach with a case study.
暂无评论