Automatically identifying critical input regions and code in applications

Author(s)

Carbin, Michael James; Rinard, Martin C.

Abstract

Applications that process complex inputs often react in different ways to changes in different regions of the input. Small changes to forgiving regions induce correspondingly small changes in the behavior and output. Small changes to critical regions, on the other hand, can induce disproportionally large changes in the behavior or output. Identifying the critical and forgiving regions in the input and the corresponding critical and forgiving regions of code is directly relevant to many software engineering tasks. We present a system, Snap, for automatically grouping related input bytes into fields and classifying each field and corresponding regions of code as critical or forgiving. Given an application and one or more inputs, Snap uses targeted input fuzzing in combination with dynamic execution and influence tracing to classify regions of input fields and code as critical or forgiving. Our experimental evaluation shows that Snap makes classifications with close to perfect precision (99%) and very good recall (between 99% and 73%, depending on the application).

Date issued

2010-07

URI

http://hdl.handle.net/1721.1/62576

Department

Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

Proceedings of the 19th international symposium on Software testing and analysis

Publisher

Association for Computing Machinery

Citation

Michael Carbin and Martin C. Rinard. 2010. Automatically identifying critical input regions and code in applications. In Proceedings of the 19th international symposium on Software testing and analysis (ISSTA '10). ACM, New York, NY, USA, 37-48

Version: Author's final manuscript

ISBN

978-1-60558-823-0