Cross-language program analysis for dynamic web applications

Web applications have become one of the most important and prevalent types of software. In modern web applications, the display of any web page is usually an interplay of multiple languages and involves code execution at different locations (the server side, the database side, and the client side). These characteristics make it hard to write and maintain web applications. Much of the existing research and tool support often deals with one single language and therefore is still limited in addressing those challenges. To fill in this gap, this dissertation is aimed at developing an infrastructure for cross-language program analysis for dynamic web applications to support creating reliable and robust web applications with higher quality and lower costs. To reach that goal, we have developed the following research components. First, to understand the client-side code that is embedded in the server-side code, we develop an output-oriented symbolic execution engine that approximates all possible outputs of a server-side program. Second, we use variability-aware parsing, a technique recently developed for parsing conditional code in software product lines, to parse those outputs into a compact tree representation (called VarDOM) that represents all possible DOM variants of a web application. Third, we leverage the VarDOM to extract semantic information from the server-side code. Specifically, we develop novel concepts, techniques, and tools (1) to build call graphs for embedded client code in different languages, (2) to compute cross-language program slices, and (3) to compute a novel test coverage criterion called output coverage that aids testers in creating effective test suites for detecting output-related bugs. The results have been demonstrated in a wide range of applications for web programs such as IDE services, fault localization, bug detection, and testing

Automatic Software Repair: a Bibliography

This article presents a survey on automatic software repair. Automatic software repair consists of automatically finding a solution to software bugs without human intervention. This article considers all kinds of repairs. First, it discusses behavioral repair where test suites, contracts, models, and crashing inputs are taken as oracle. Second, it discusses state repair, also known as runtime repair or runtime recovery, with techniques such as checkpoint and restart, reconfiguration, and invariant restoration. The uniqueness of this article is that it spans the research communities that contribute to this body of knowledge: software engineering, dependability, operating systems, programming languages, and security. It provides a novel and structured overview of the diversity of bug oracles and repair operators used in the literature

相互作用に着目したAjax Webアプリケーションの予防保守

学位の種別: 課程博士審査委員会委員 : (主査)東京大学教授 萩谷 昌己,, 東京大学教授 須田 礼仁, 東京大学教授 小林 直樹, 東京大学講師 蓮尾 一郎, 東京大学教授 千葉 滋University of Tokyo(東京大学

Automated repair of internationalization presentation failures in web pages using style similarity clustering and search-based techniques

Internationalization enables companies to reach a global audience by adapting their websites to locale specific language and content. However, such translations can often introduce Internationalization Presentation Failures (IPFs) - distortions in the intended appearance of a website. It is challenging for developers to design websites that can inherently adapt to varying lengths of text from different languages. Debugging and repairing IPFs is complicated by the large number of HTML elements and CSS properties that define a web page's appearance. Tool support is also limited as existing techniques can only detect IPFs, with the repair remaining a labor intensive manual task. To address this problem, we propose a search-based technique for automatically repairing IPFs in web applications. Our empirical evaluation showed that our approach was able to successfully resolve 98% of the reported IPFs for 23 real-world web pages. In a user study, participants rated the visual quality of our fixes significantly higher than the unfixed versions

Dynamically fighting bugs : prevention, detection and elimination

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2009.Cataloged from PDF version of thesis.Includes bibliographical references (p. 147-160).This dissertation presents three test-generation techniques that are used to improve software quality. Each of our techniques targets bugs that are found by different stake-holders: developers, testers, and maintainers. We implemented and evaluated our techniques on real code. We present the design of each tool and conduct experimental evaluation of the tools with available alternatives. Developers need to prevent regression errors when they create new functionality. This dissertation presents a technique that helps developers prevent regression errors in object-oriented programs by automatically generating unit-level regression tests. Our technique generates regressions tests by using models created dynamically from example executions. In our evaluation, our technique created effective regression tests, and achieved good coverage even for programs with constrained APIs. Testers need to detect bugs in programs. This dissertation presents a technique that helps testers detect and localize bugs in web applications. Our technique automatically creates tests that expose failures by combining dynamic test generation with explicit state model checking. In our evaluation, our technique discovered hundreds of faults in real applications. Maintainers have to reproduce failing executions in order to eliminate bugs found in deployed programs. This dissertation presents a technique that helps maintainers eliminate bugs by generating tests that reproduce failing executions. Our technique automatically generates tests that reproduce the failed executions by monitoring methods and storing optimized states of method arguments.(cont.) In our evaluation, our technique reproduced failures with low overhead in real programs Analyses need to avoid unnecessary computations in order to scale. This dissertation presents a technique that helps our other techniques to scale by inferring the mutability classification of arguments. Our technique classifies mutability by combining both static analyses and a novel dynamic mutability analysis. In our evaluation, our technique efficiently and correctly classified most of the arguments for programs with more than hundred thousand lines of code.by Shay Artzi.Ph.D

Automatic Detection and Classification of Identifier Renamings

RÉSUMÉ Le lexique du code source joue un rôle primordial dans la maintenabilité des logiciels. Un lexique pauvre peut induire à une mauvaise compréhension du programme et à l'augmentation des erreurs du logiciel. Il est donc important que les développeurs maintiennent le lexique de leur code source en renommant les identifiants afin qu'ils reflètent les concepts qu'ils expriment. Dans cette thèse, nous étudions le lexique et proposons une approche pour détecter et classifier les renommages des identifiants dans le code source. La détection des renommages est basée sur la combinaison de deux techniques: la différenciation des codes sources et l'analyse de flux de données. Tandis que le classificateur de renommage utilise une base de données ontologique et un analyseur syntaxique du langage naturel pour classer les renommages selon la taxonomie que nous avons défini. Afin d'évaluer l'exactitude et l'exhaustivité du détecteur de renommage, nous avons réalisé une étude empirique sur l’historique de cinq programmes Java open-source. Les résultats de cette étude rapportent une précision de 88% et un rappel 92%. Nous avons également mené une étude exploratoire qui analyse et discute comment les identifiants sont renommés, selon la taxonomie proposée, dans les cinq programmes Java de l’étude précédente. Les résultats de cette étude exploratoire montrent qu’il existe des renommages dans chaque dimension de notre taxonomie. Afin d’appliquer l’approche proposée aux programmes PHP, nous avons adapte notre détecteur de renommages pour prendre en compte les caractéristiques inhérentes à ces programmes. Une étude préliminaire effectuée sur trois programmes PHP montre que notre approche est applicable aux programmes PHP. Cependant, ces programmes ont des tendances de renommages différentes de celles observées dans les programmes Java. Cette thèse propose deux résultats. Tout d'abord, la détection et la classification des renommages et un outil, qui peut être utilisé pour documenter les renommages. Les développeurs seront en mesure de, par exemple, rechercher des méthodes qui font partie de l’interface de programmation car celles-ci impactent les applications clientes. Ils pourront également identifier les incohérences entre le nom et la fonctionnalité d'une entité en cas de renommage dit risqué comme lors d’un renommage vers un antonyme. Deuxièmement, les résultats de nos études nous fournissent des leçons qui constituent une base de connaissance et de conseils pouvant aider les développeurs à éviter des renommages inappropriés ou inutiles et ainsi maintenir la cohérence du lexique de leur code source.----------ABSTRACT Source code lexicon plays a paramount role in software maintainability: a poor lexicon can lead to poor comprehensibility and increase software fault-proneness. For this reason, developers should maintain their source code lexicon by renaming identifiers when they do not reflect the concepts that they should express. In this thesis, we study lexicon and propose an approach to detect and classify identifier renamings in source code. The renaming detection is based on a combination of source code differencing and data flow analysis, while the renaming classifier uses an ontological database and a natural language parser to classify renamings according to a taxonomy we define. We report a study—conducted on the evolution history of five open-source Java programs—aimed at evaluating the accuracy and completeness of the renaming detector. The study reports a precision of 88% and a recall of 92%. In addition, we report an exploratory study investigating and discussing how identifiers are renamed in the five Java programs, according to our taxonomy. Moreover, we report the challenges and applicability of the proposed approach to PHP programs and report our preliminary results of renaming detection and classification for three programs. This thesis provides two outcomes. First, the renaming detection and classification approach and tool, which can be used for documenting renamings. Developers will be able to, for example, look up methods that are part of the public API (as they impact client applications), or look for inconsistencies between the name and the implementation of an entity that underwent a high risk renaming (e.g., towards the opposite meaning). Second, pieces of actionable knowledge, based on our qualitative study of renamings, that provide advice on how to avoid some unnecessary renamings

Automated Repair of Layout Cross Browser Issues Using Search-Based Techniques

A consistent cross-browser user experience is crucial for the success of a website. Layout Cross Browser Issues (XBIs) can severely undermine a website’s success by causing web pages to render incorrectly in certain browsers, thereby negatively impacting users’ impression of the quality and services that the web page delivers. Existing Cross Browser Testing (XBT) techniques can only detect XBIs in websites. Repairing them is, hitherto, a manual task that is labor intensive and requires significant expertise. Addressing this concern, our paper proposes a technique for automatically repairing layout XBIs in websites using guided search-based techniques. Our empirical evaluation showed that our approach was able to successfully fix 86% of layout XBIs reported for 15 different web pages studied, thereby improving their cross-browser consistency

Automated repair of mobile friendly problems in web pages

Mobile devices have become a primary means of accessing the Internet. Unfortunately, many websites are not designed to be mobile friendly. This results in problems such as unreadable text, cluttered navigation, and content overflowing a device's viewport; all of which can lead to a frustrating and poor user experience. Existing techniques are limited in helping developers repair these mobile friendly problems. To address this limitation of prior work, we designed a novel automated approach for repairing mobile friendly problems in web pages. Our empirical evaluation showed that our approach was able to successfully resolve mobile friendly problems in 95% of the evaluation subjects. In a user study, participants preferred our repaired versions of the subjects and also considered the repaired pages to be more readable than the originals

Certifications of Critical Systems – The CECRIS Experience

In recent years, a considerable amount of effort has been devoted, both in industry and academia, to the development, validation and verification of critical systems, i.e. those systems whose malfunctions or failures reach a critical level both in terms of risks to human life as well as having a large economic impact.Certifications of Critical Systems – The CECRIS Experience documents the main insights on Cost Effective Verification and Validation processes that were gained during work in the European Research Project CECRIS (acronym for Certification of Critical Systems). The objective of the research was to tackle the challenges of certification by focusing on those aspects that turn out to be more difficult/important for current and future critical systems industry: the effective use of methodologies, processes and tools.The CECRIS project took a step forward in the growing field of development, verification and validation and certification of critical systems. It focused on the more difficult/important aspects of critical system development, verification and validation and certification process. Starting from both the scientific and industrial state of the art methodologies for system development and the impact of their usage on the verification and validation and certification of critical systems, the project aimed at developing strategies and techniques supported by automatic or semi-automatic tools and methods for these activities, setting guidelines to support engineers during the planning of the verification and validation phases

Exploring means to facilitate software debugging

In this thesis, several aspects of software debugging from automated crash reproduction to bug report analysis and use of contracts have been studied.Algorithms and the Foundations of Software technolog