research-article

Practical fault localization for dynamic web applications

Authors:

Marco PistoiaAuthors Info & Claims

ICSE '10: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1

Pages 265 - 274

https://doi.org/10.1145/1806799.1806840

Published: 01 May 2010 Publication History

Abstract

We leverage combined concrete and symbolic execution and several fault-localization techniques to create a uniquely powerful tool for localizing faults in PHP applications. The tool automatically generates tests that expose failures, and then automatically localizes the faults responsible for those failures, thus overcoming the limitation of previous fault-localization techniques that a test suite be available upfront. The fault-localization techniques we employ combine variations on the Tarantula algorithm with a technique based on maintaining a mapping between statements and the fragments of output they produce. We implemented these techniques in a tool called Apollo, and evaluated them by localizing 75 randomly selected faults that were exposed by automatically generated tests in four PHP applications. Our findings indicate that, using our best technique, 87.7% of the faults under consideration are localized to within 1% of all executed statements, which constitutes an almost five-fold improvement over the Tarantula algorithm.

References

[1]

R. Abreu, P. Zoeteweij, and A. J. C. van Gemund. An evaluation of similarity coefficients for software fault localization. In PRDC 2006, pages 39--46, 2006.

Digital Library

[2]

H. Agrawal, J. R. Horgan, S. London, and W. E. Wong. Fault localization using execution slices and dataflow tests. In ISSRE, Toulouse, France, 1995.

[3]

S. Artzi, A. Kiežun, J. Dolby, F. Tip, D. Dig, A. Paradkar, and M. D. Ernst. Finding bugs in dynamic web applications. In ISSTA, pages 261--272, 2008.

Digital Library

[4]

S. Artzi, A. Kiežun, J. Dolby, F. Tip, D. Dig, A. Paradkar, and M. D. Ernst. Finding bugs in web applications using dynamic test generation and explicit state model checking. IEEE Transactions on Software Engineering, 2010. To appear.

Digital Library

[5]

C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill, and D. R. Engler. EXE: automatically generating inputs of death. In CCS, 2006.

Digital Library

[6]

T. M. Chilimbi, B. Liblit, K. K. Mehra, A. V. Nori, and K. Vaswani. Holmes: Effective statistical debugging via efficient path profiling. In ICSE, 2009.

Digital Library

[7]

H. Cleve and A. Zeller. Locating causes of program failures. In ICSE, pages 342--351, May 2005.

Digital Library

[8]

V. Dallmeier, C. Lindig, and A. Zeller. Lightweight defect localization for java. In ECOOP, pages 528--550, 2005.

Digital Library

[9]

P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In PLDI, 2005.

Digital Library

[10]

P. Godefroid, M. Y. Levin, and D. Molnar. Automated whitebox fuzz testing. In NDSS, 2008.

[11]

S. Horwitz, T. Reps, and D. Binkley. Interprocedural slicing using dependence graphs. ACM Trans. Program. Lang. Syst., 12(1):26--60, 1990.

Digital Library

[12]

M. Hutchins, H. Foster, T. Goradia, and T. Ostrand. Experiments of the effectiveness of dataflow- and controlflow-based test adequacy criteria. In ICSE, pages 191--200, 1994.

Digital Library

[13]

D. Jeffrey, N. Gupta, and R. Gupta. Fault localization using value replacement. In ISSTA, pages 167--178, 2008.

Digital Library

[14]

J. A. Jones and M. J. Harrold. Empirical evaluation of the tarantula automatic fault-localization technique. In ASE, pages 273--282, 2005.

Digital Library

[15]

J. A. Jones, M. J. Harrold, and J. Stasko. Visualization of test information to assist fault localization. In ICSE, pages 467--477, 2002.

Digital Library

[16]

B. Liblit, A. Aiken, A. X. Zheng, and M. I. Jordan. Bug isolation via remote program sampling. In PLDI, pages 141--154, 2003.

Digital Library

[17]

B. Liblit, M. Naik, A. X. Zheng, A. Aiken, and M. I. Jordan. Scalable statistical bug isolation. In PLDI'05, pages 15--26, 2005.

Digital Library

[18]

C. Liu, X. Yan, L. Fei, J. Han, and S. P. Midkiff. Sober: statistical model-based bug localization. In FSE, pages 286--295, 2005.

Digital Library

[19]

J. Lyle and M. Weiser. Automatic bug location by program slicing. In ICCEA, pages 877--883, Beijing (Peking), China, 1987.

[20]

Y. Minamide. Static approximation of dynamically generated Web pages. In WWW, 2005.

Digital Library

[21]

H. Pan and E. H. Spafford. Heuristics for automatic localization of software faults. Technical Report SERC-TR-116-P, Purdue University, July 1992.

[22]

X. Ren and B. G. Ryder. Heuristic ranking of java program edits for fault localization. In ISSTA, pages 239--249, 2007.

Digital Library

[23]

M. Renieris and S. P. Reiss. Fault localization with nearest neighbor queries. In ASE, pages 30--39, 2003.

[24]

R. Santelices, J. A. Jones, Y. Yu, and M. J. Harrold. Lightweight fault-localization using multiple coverage types. In ICSE, pages 56--66, 2009.

Digital Library

[25]

K. Sen, D. Marinov, and G. Agha. CUTE: A concolic unit testing engine for C. In FSE, 2005.

Digital Library

[26]

M. Stoerzer, B. G. Ryder, X. Ren, and F. Tip. Finding Failure-inducing Changes in Java Programs Using Change Classification. In FSE, pages 57--68, Portland, OR, USA, Nov. 7--9, 2006.

Digital Library

[27]

F. Tip. A survey of program slicing techniques. Journal of Programming Languages, 3(3):121--189, 1995.

[28]

G. Wassermann, D. Yu, A. Chander, D. Dhurjati, H. Inamura, and Z. Su. Dynamic test input generation for web applications. In ISSTA, 2008.

Digital Library

[29]

C. Yilmaz, A. M. Paradkar, and C. Williams. Time will tell: fault localization using time spectra. In ICSE, pages 81--90, 2008.

Digital Library

[30]

A. Zeller. Isolating cause-effect chains from computer programs. In FSE, pages 1--10. ACM Press, November 2002.

Digital Library

[31]

X. Zhang, N. Gupta, and R. Gupta. Locating faults through automated predicate switching. In ICSE, pages 272--281, 2006.

Digital Library

[32]

Z. Zhang, W. K. Chan, T. H. Tse, B. Jiang, and X. Wang. Capturing propagation of infected program states. In ESEC/FSE, pages 43--52, 2009.

Digital Library

Cited By

Wang BKolluri ANikolić IBaluta TSaxena P(2023)User-Customizable Transpilation of Scripting LanguagesProceedings of the ACM on Programming Languages10.1145/35860347:OOPSLA1(201-229)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586034
Wong WGao RLi YAbreu RWotawa FLi D(2023)Software Fault Localization: an Overview of Research, Techniques, and ToolsHandbook of Software Fault Localization10.1002/9781119880929.ch1(1-117)Online publication date: 21-Apr-2023
https://doi.org/10.1002/9781119880929.ch1
Cao JLi MChen XWen MTian YWu BCheung SDwyer MDamian DZeller A(2022)DeepFDProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510099(573-585)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3510099
Show More Cited By

Recommendations

Finding bugs in dynamic web applications
ISSTA '08: Proceedings of the 2008 international symposium on Software testing and analysis

Web script crashes and malformed dynamically-generated Web pages are common errors, and they seriously impact usability of Web applications. Current tools for Web-page validation cannot handle the dynamically-generated pages that are ubiquitous on today'...
Empirical evaluation of the tarantula automatic fault-localization technique
ASE '05: Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering

The high cost of locating faults in programs has motivated the development of techniques that assist in fault localization by automating part of the process of searching for faults. Empirical studies that compare these techniques have reported the ...
Directed test generation for effective fault localization
ISSTA '10: Proceedings of the 19th international symposium on Software testing and analysis

Fault-localization techniques that apply statistical analyses to execution data gathered from multiple tests are quite effective when a large test suite is available. However, if no test suite is available, what is the best approach to generate one? ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE '10: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1

May 2010

627 pages

ISBN:9781605587196

DOI:10.1145/1806799

General Chairs:
Jeff Kramer
Imperial College, London, UK
,
Judith Bishop
Microsoft Research, Redmond
,
Program Chairs:
Prem Devanbu
University of California at Davis
,
Sebastian Uchitel
University of Buenos Aires, Argentina and Imperial College London, UK

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

ICSE '10

Sponsor:

SIGSOFT

ICSE '10: 32nd International Conference on Software Engineering

May 1 - 8, 2010

Cape Town, South Africa

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

58
Total Citations
View Citations
940
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang BKolluri ANikolić IBaluta TSaxena P(2023)User-Customizable Transpilation of Scripting LanguagesProceedings of the ACM on Programming Languages10.1145/35860347:OOPSLA1(201-229)Online publication date: 6-Apr-2023
https://dl.acm.org/doi/10.1145/3586034
Wong WGao RLi YAbreu RWotawa FLi D(2023)Software Fault Localization: an Overview of Research, Techniques, and ToolsHandbook of Software Fault Localization10.1002/9781119880929.ch1(1-117)Online publication date: 21-Apr-2023
https://doi.org/10.1002/9781119880929.ch1
Cao JLi MChen XWen MTian YWu BCheung SDwyer MDamian DZeller A(2022)DeepFDProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510099(573-585)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3510099
Qiu ZShao SZhao QJin G(2021)A Characteristic Study of Deadlocks in Database-Backed Web Applications2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE52982.2021.00059(510-521)Online publication date: Oct-2021
https://doi.org/10.1109/ISSRE52982.2021.00059
Ocariza FZhao B(2020)Localizing software performance regressions in web applications by comparing execution timelinesSoftware Testing, Verification and Reliability10.1002/stvr.175031:5Online publication date: 11-Aug-2020
https://doi.org/10.1002/stvr.1750
Hoang TOentaryo RLe TLo D(2019)Network-Clustered Multi-Modal Bug LocalizationIEEE Transactions on Software Engineering10.1109/TSE.2018.281089245:10(1002-1023)Online publication date: 1-Oct-2019
https://doi.org/10.1109/TSE.2018.2810892
Ryu SPark JPark J(2019)Toward Analysis and Bug Finding in JavaScript Web Applications in the WildIEEE Software10.1109/MS.2018.11011340836:3(74-82)Online publication date: May-2019
https://doi.org/10.1109/MS.2018.110113408
Farashahi AMoosavi MDejam Shahabi MBeheshtian E(2019)An Empirical Framework for Evaluation of Spectral-based Fault Localization Techniques2019 27th Iranian Conference on Electrical Engineering (ICEE)10.1109/IranianCEE.2019.8786754(1834-1838)Online publication date: Apr-2019
https://doi.org/10.1109/IranianCEE.2019.8786754
Eda RDo H(2019)An efficient regression testing approach for PHP Web applications using test selection and reusable constraintsSoftware Quality Journal10.1007/s11219-019-09449-227:4(1383-1417)Online publication date: 11-Jun-2019
https://doi.org/10.1007/s11219-019-09449-2
Hammoudi MAlakeel ABurg BBae GRothermel G(2018)RETRACTED ARTICLEEmpirical Software Engineering10.1007/s10664-017-9519-z23:6(3821-3821)Online publication date: 1-Dec-2018
https://dl.acm.org/doi/10.1007/s10664-017-9519-z
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents