Code Clone Discovery Based on Concolic Analysis

Software is often large, complicated and expensive to build and maintain. Redundant code can make these applications even more costly and difficult to maintain. Duplicated code is often introduced into these systems for a variety of reasons. Some of which include developer churn, deficient developer application comprehension and lack of adherence to proper development practices. Code redundancy has several adverse effects on a software application including an increased size of the codebase and inconsistent developer changes due to elevated program comprehension needs. A code clone is defined as multiple code fragments that produce similar results when given the same input. There are generally four types of clones that are recognized. They range from simple type-1 and 2 clones, to the more complicated type-3 and 4 clones. Numerous clone detection mechanisms are able to identify the simpler types of code clone candidates, but far fewer claim the ability to find the more difficult type-3 clones. Before CCCD, MeCC and FCD were the only clone detection techniques capable of finding type-4 clones. A drawback of MeCC is the excessive time required to detect clones and the likely exploration of an unreasonably large number of possible paths. FCD requires extensive amounts of random data and a significant period of time in order to discover clones. This dissertation presents a new process for discovering code clones known as Concolic Code Clone Discovery (CCCD). This technique discovers code clone candidates based on the functionality of the application, not its syntactical nature. This means that things like naming conventions and comments in the source code have no effect on the proposed clone detection process. CCCD finds clones by first performing concolic analysis on the targeted source code. Concolic analysis combines concrete and symbolic execution in order to traverse all possible paths of the targeted program. These paths are represented by the generated concolic output. A diff tool is then used to determine if the concolic output for a method is identical to the output produced for another method. Duplicated output is indicative of a code clone. CCCD was validated against several open source applications along with clones of all four types as defined by previous research. The results demonstrate that CCCD was able to detect all types of clone candidates with a high level of accuracy. In the future, CCCD will be used to examine how software developers work with type-3 and type-4 clones. CCCD will also be applied to various areas of security research, including intrusion detection mechanisms

Automated Black Box Generation of Structured Inputs for Use in Software Testing

A common problem in automated software testing is the need to generate many inputs with complex structure in a black-box fashion. For example, a library for manipulating red-black trees may require that inputs are themselves valid red-black trees, meaning anything invalid is not suitable for testing. As another example, in order to test code generation in a compiler, it is necessary to use input programs which are both syntactically valid and well-typed. Despite the importance of this problem, we observe that existing solutions are few in number and have severe drawbacks, including unreasonably slow performance and a lack of generality to testing different systems.This thesis presents a solution to this problem of black-box structured input generation. I observe that test inputs can be described as solutions to systems of logical constraints, and that more expressive constraints can lead to more complex tests. In order to test effectively and generate many tests, we need high-performance constraint solvers capable of finding many solutions to these constraints. I observe that constraint logic programming (CLP) offers an expressive constraint language paired with a high-performance constraint solver, and thus serves as a potential solution to this problem. Via a series of case studies, I have found that CLP (1) is applicable to testing a wide variety of systems; (2) can scale to more complex constraints than ever previously described; and (3) is often orders of magnitude faster than competing solutions. These case studies have also exposed dozens of bugs in high-profile software, including the Rust compiler and the Z3 SMT solver

Enterprise Module for Exercise Formal Validation applied on Java Concurrent Programming

[EN] Tools that allow detecting programming faults are useful for both docents, who may test submitted exercises, and students, who may use these tools in advance. In this article the authors develop one tool for detecting failures in applications. In many cases there are previous tools that may be readapted to be used in an educational scope. This article integrates of one of these tools, which avoids code with dead-locks and race-conditions, into the Internet. The tool integrated is JPF (Java Path Finder) and it is accessed from a Java EE web frontend which carries out the exercise assessment. The article deals with the definition of the module and its evaluation on a realistic scenario. The results show that many assignments may benefit from the output of the tool.[ES] La utilización de herramientas que permitan detectar problemas de programación es de utilidad tanto para el docente, el cual puede probar de una forma más exhaustiva las prácticas entregadas, como para el discente, el cual puede utilizar dichas herramientas. En muchos casos, existen herramientas previas utilizadas en el desarrollo software, que pueden ser adaptadas para ser utilizadas en un entorno formativo. Este trabajo aporta la integración de una herramienta de validación formal de sistemas concurrentes Java, la cual garantiza la no existencia de defectos como son el abrazo mortal y las condiciones de carrera, en un entorno Web abierto. Más concretamente, la herramienta que se ha escogido es denominada JPF (Java Path Finder) y se la ha dotado de interfaces dentro de un servidor Java EE (Enterprise Edition), lo que facilita la utilización de servicios propios de la plataforma Java EE y la interoperabilidad entre estos con el módulo diseñado. El artículo trata aspectos tecnológicos derivados de dicha integración como son el diseño de una arquitectura que da soporte a la validación vía web. También detalla una serie de experimentos relativos al rendimiento de la plataforma realizados sobre un curso real, lo que permite medir costes computacionales y su utilidad en la evaluación.Este trabajo ha sido realizado con el apoyo del proyecto iLAND (ARTEMIS-JU 100026) parcialmente financiado por ARTEMIS JTU y el Ministerio de Industria, Comercio y Turismo español. También ha sido parcialmente financiado por ARTISTDesign NoE (IST-2007-214373) del 7º programa marco de la Unión Europea, por REM4VSS (TIN2011-28339) del Ministerio de Ciencia e Innovación y por LEARN3 (TIN2008-0513) del Ministerio de Ciencia e Innovación.Basanta Val, P.; García Valls, M.; Estévez Ayres, I.; Martin Gutiérrez, M. (2012). Módulo Empresarial para la Validación Formal de Ejercicios aplicado a la Programación Concurrente en Java. Revista Iberoamericana de Automática e Informática industrial. 9(3):290-299. https://doi.org/10.1016/j.riai.2012.05.013OJS29029993Alonso D., Pastor, J.A., Alvarez, B., 2004. Real-Time Teaching with Java: JPR 3. En: OTM Workshops. Larnaca (Chipre).Basanta-Val, P., Garcia-Valls, M. y Estevez-Ayres, I., 2010. No-Heap remote objects for distributed real-time Java. ACM Trans.Embed.Comput.Syst. 10 (1): 1-25.Basanta-Val, P., Garcia-Valls, M. y Estevez-Ayres, I., 2005. Towards the Integration of Scoped Memory in Distributed Real-Time Java. ISORC 2005. Seatle(US).Basanta-Val, P., Garcia-Valls, M. y Estevez-Ayres, I., 2004. No Heap remote objects: Leaving the garbage collector at the server-side. En: OTM Workshops. Larnaca (Chipre).Bollella G. et al., 2001. The Real-Time Specification for Java, Adisson- Wesley.Caspi P., Sangiovanni-Vincentelli, A.L, Almeida, L., Benveniste, A., Bouyssounouse, B., Buttazzo, G.C., Crnkovic, I., Damm, W., Engblom, J., Fohler, G., García-Valls, M., Kopetz, H., Lakhnech, Y., Laroussinie, F., Lavagno, L., Lipari, G., Maraninchi, F., Peti, P., de la Puente, J.A, Scaife, N., Sifakis, J., de Simone, R., Törngren, M., Veríssimo, P., Wellings, A.J., Wilhelm, R., Willemse, Wang Yi, T.A.C., 2005. Guidelines for a graduate curriculum on embedded software and systems. ACM Trans. Embedded Comput. Syst. 4 (3) 587-611.de La Puente, J., Alonso, A., Garcia-Valls, M., Ruiz, J.F., 1998. Teaching real-time systems at DIT/UPM, En: Real-Time Systems, Montreal (Canada).de Tomas, M.A., Gomez, L., Perez A., 1991. Vestal: a tool for teaching concurrency in Ada. En: Proceedings of the conference on TRI-Ada’91: today's accomplishments; tomorrow's expectations. USA.Estévez-Ayres, I., Basanta-Val, P., García-Valls, M., 2004. Docencia de Programación Concurrente. Experiencias de laboratorio. En: VII Jornadas de Tiempo Real. Málaga, Spain.García-Valls, M., Alonso, A., De La Puente, J.A., 2012. A dual-band priority assignment algorithm for dynamic QoS resource management. Accepted in Future Generation Computer Systems. doi:10.1016/j.future.2011.10.005 Glassfish, Servidor GlassFish, disponible en octubre del 2011 desde http://glassfish.java.net.Guaspari, D., Marceau, C., Polak, W., 1990. Formal Verification of Ada Programs. IEEE Transactions on Software Engineering 16 (9): 1058-1075Henzinger, T.A, Sifakis, J. (2007) The Discipline of Embedded Systems Design. IEEE Computer 40 (10): 32-40.Ihantola, P., 2006. Test data generation for programming exercises with symbolic execution in Java PathFinder. En: 6° Baltic Sea conference on Computing education research. USA.JavaEJB, Enterprise Java Beans Container, disponible en octubre del 2011 desde http http://jcp.org/en/jsr/detail?id=220.JavaEE, Java Enterprise Edittion, disponible en octubre del 2011 desde oracle.com/technetwork/java/javaee/.JPF. Java Path Finder, disponible en octubre del 2011 desde http://javapathfinder.sourceforge.net.JavaServ, Java Servlets, disponible en octubre del 2011 desde http://jcp.org/en/jsr/detail?id=340.JMail, Java Mail, disponible en octubre del 2011 desde http://jcp.org/en/jsr/detail?id=919.JMS, Java Messaging System, disponible en octubre del 2011 desde http://jcp.org/en/jsr/detail?id=914.Kalibera, T., Parizek, P., Malohlava, M., 2010. Exhaustive Testing of Safety.Critical Java. En: JTRES’10, 2010 Prague,Czech Republic.Muñoz-Merino, P.J., Delgado-Kloos, C., Fernández-Naranjo, J., 2009. Enabling interoperability for LMS educational services. Computer Standards & Interfaces 31 (2): 484-498Rajan, S.P, Tkuchuk, O., Prasad, M., Ghosh, I., Goel, N., 2009. WEAVE: Web Applications Validation Environment. En: ICSE’09. Vancouver (Canada).Visser, W., Pireanu, C.S., Khurshid, S., 2004. Test input generation with java PathFinder. SIGSOFT Softw. Eng. Notes 29 (4): 97-107Visser,W., Havelund, K., Brat, G., Park,S., Lerda,. F. Model Checking Programs. Automated Software Engineering Journal. Volume 10, Number 2, April 2003.Volanschi, N., 2008.A portable compiler-integrated approach to permanent checking. Journal: Automated Software Engineering 15 (1). 21-37.Wellings, A., 2004. Concurrent and Real-Time Programming in Java. Wiley

Lightweight Web-Tool for C Concurrent Programming

[ES] El uso de herramientas a la hora de enseñar una determinada disciplina aporta múltiples beneficios desde el punto de vista de la actividad docente pues permite enfatizar o ilustrar determinados cuestiones que a veces resultan difíciles de enfatizar sin tal apoyo. Ese es también el caso de las herramientas que permiten detectar si ha habido algún tipo de problema en un programa escrito en C- concurrente. Dichas herramientas ofrecen interfaces que pueden complementar la información dada por un compilador con información adicional sobre diferentes tipos de condiciones de carrera o fugas de memoria que aparecen en el código. El presente trabajo tiene por objetivo ver cómo se ha integrado un núcleo de validación para C ya existente como aplicación web, lo que le permite estar accesible a través de la red. Dicha herramienta ha sido evaluada en un curso de programación ya existente, donde ha mostrado que es capaz aportar información adicional de utilidad para el discente y el docente. También se han realizado una serie de mediciones de rendimiento para establecer los límites operativos de la herramienta diseñada dentro de los límites de una asignatura donde se enseña C concurrente.[EN] Tools for computer-aided teaching and learning provide multiple benefits from the point of view of teaching because it allows emphasizing or illustrating certain issues that are sometimes difficult to emphasize without such type of support. This is exactly the case for the tools to detect if there is any type of problem in a concurrent-C program. These tools provide interfaces that can complement the information given by a compiler with additional information about different types of race conditions and memory leaks that appear in the code. This article aims to address how to integrate a core validation tools for concurrent-C as a web application, allowing you to be accessible through the Internet. This tool has been evaluated in an existing programming course, which has shown to be able to provide additional information useful to the learner and the teacher. There have also been a number of performance measures to establish operational limits designed tool within a course that teaches concurrent-C programming.Parcialmente financiado por ARTEMIS JTU y el Ministerio de Industria, Comercio y Turismo español y también de forma parcial por REM4VSS (TIN2011- 28339) del Ministerio de Ciencia e Innovación y e-Madrid (S2009/TIC-1650).Basanta Val, P.; García Valls, M.; López Anastasio, P. (2013). Herramienta Web Ligera para La Programación en C-Concurrente. Revista Iberoamericana de Automática e Informática industrial. 10(4):465-476. https://doi.org/10.1016/j.riai.2013.05.010OJS465476104Alonso, D., Pastor, J. & Álvarez, B. 2004, “Real–Time Teaching with Java: JPR 3” in On the Move to Meaningful Internet Systems 2004: OTM 2004 Workshops, eds. R. Meersman, Z. Tari & A. Corsaro, Springer Berlin Heidelberg,, pp. 246-255.Basanta Val, P. & Garcia-Valls, M. 2013, “A Distributed Real-Time Java- centric Architecture for Industrial Systems”, Industrial Informatics, IEEE Transactions on, vol. PP, no. 99, pp. 1-1.Basanta-Val .P, García-Valls, M., Estévez-Ayres, I. & Martin-Gutiérrez, M.J. 2012, “Módulo Empresarial para la Validación Formal de Ejercicios aplicado a la Programación Concurrente en Java”, Revista Iberoamericana de Automática e Informática Industrial RIAI, vol. 9, no. 3, pp. 209-299.Bouyssounouse, B. & Sifakis, J. 2005, Embedded systems design: the ARTIST roadmap for research and development, Springer, Verlag, NJ, USA.Caspi, P., Folher, G., Garcia-Valls, M., Kopetz, H., Lakhnech, Y., Laroussinie, F., Lavagno, L., Lipari, G., Maraninchi, F., Peti, P., Puente, J.d.l., Sangiovanni-Vincentelli, A., Scaife, N., Sifakis, J., de Simone, R., Torngren, M., Veríssimo, P., Wellings, A.J., Wilhelm, R., Willemse, T., Yi, W., Almeida, L., Benveniste, A., Bouyssounouse, B., Buttazzo, G., Crnkovic, I., Damm, W. & Engblom, J. 2005, “Guidelines for a graduate curriculum on embedded software and systems”, ACM Transactions on Embedded Computing Systems, vol. 4, no. 3.Committee, P.A.S. 2003, POSIX Realtime and Embedded application Support, IEEE Standard for Information Technology.Crenshaw, T. L. A. (2013). Using Robots and Contract Learning to Teach Cyber-Physical Systems to Undergraduates. IEEE Transactions on Education, 56(1), 116-120. doi:10.1109/te.2012.2217967Cuevas, C., Barros, L., Martínez, P. L., & Drake, J. M. (2013). Beneficios que aporta la metodología MDE a los entornos de desarrollo de sistemas de tiempo real. Revista Iberoamericana de Automática e Informática Industrial RIAI, 10(2), 216-227. doi:10.1016/j.riai.2013.03.011Estevez-Avres, I., Basanta-Val P. & García-Valls, M. 2004, “Docencia de programación concurrente. Experiencias de Laboratorio.”, VII Jornadas de Tiempo Real.Hamblen, J. O., & van Bekkum, G. M. E. (2013). An Embedded Systems Laboratory to Support Rapid Prototyping of Robotics and the Internet of Things. IEEE Transactions on Education, 56(1), 121-128. doi:10.1109/te.2012.2227320Havelund, K., & Pressburger, T. (2000). Model checking JAVA programs using JAVA PathFinder. International Journal on Software Tools for Technology Transfer (STTT), 2(4), 366-381. doi:10.1007/s100090050043Ihantola, P. 2006, “Test data generation for programming exercises with symbolic execution in Java PathFinder”, Proceedings of the 6th Baltic Sea conference on Computing education research: Koli Calling 2006ACM, New York, NY, USA, pp. 87.Jannesari, A., Kaibin Bao, Pankratius, V. & Tichy, W.F. 2009, “Helgrind+: An efficient dynamic race detector”, Parallel Distributed Processing, 2009. IPDPS 2009. IEEE International Symposium on, may, pp. 1.Kim, S. H., & Jeon, J. W. (2009). Introduction for Freshmen to Embedded Systems Using LEGO Mindstorms. IEEE Transactions on Education, 52(1), 99-108. doi:10.1109/te.2008.919809Lawrence Livermore National Laboratory, POSIX Threads Programming Exercise [2012,8].Lee, J.W., Kester, M.S. & Schulzrinne, H. 2011, “Follow the river and you will find the C”, Proceedings of the 42nd ACM technical symposium on Computer science educationACM, New York, NY, USA, pp. 411.Muñoz-Merino, P. J., Fernández Molina, M., Muñoz-Organero, M., & Delgado Kloos, C. (2012). An adaptive and innovative question-driven competition-based intelligent tutoring system for learning. Expert Systems with Applications, 39(8), 6932-6948. doi:10.1016/j.eswa.2012.01.020Nethercote, N., & Seward, J. (2007). Valgrind. ACM SIGPLAN Notices, 42(6), 89-100. doi:10.1145/1273442.1250746Pardo, A., & Kloos, C. D. (2010). SubCollaboration: large-scale group management in collaborative learning. Software: Practice and Experience, 41(4), 449-465. doi:10.1002/spe.1023Sáez, S., & Crespo, A. (2013). Mejora de los Test de Planificabilidad para Asignación Incremental de Tareas en Sistemas Multiprocesadores de Tiempo Real. Revista Iberoamericana de Automática e Informática Industrial RIAI, 10(2), 197-203. doi:10.1016/j.riai.2013.03.006Salido, J., Lillo, A., Déniz, Ó., & Bueno, M. G. (2011). CtrWeb: Una herramienta de programación para telecontrol de sistemas físicos educativos. Revista Iberoamericana de Automática e Informática Industrial RIAI, 8(1), 89-99. doi:10.1016/s1697-7912(11)70011-5Savage, S., Burrows, M., Nelson, G., Sobalvarro, P., & Anderson, T. (1997). Eraser. ACM Transactions on Computer Systems, 15(4), 391-411. doi:10.1145/265924.265927Serebryany, K., & Iskhodzhanov, T. (2009). ThreadSanitizer. Proceedings of the Workshop on Binary Instrumentation and Applications - WBIA ’09. doi:10.1145/1791194.1791203Sierra, A.J., Ariza, T., Fernandez, F.J. & Madinabeitia, G. 2012, “TVSP: A Tool for Validation Software Projects in programming labs”, Global Engineering Education Conference (EDUCON), 2012 IEEE, april, pp. 1.Sun Microsystems. 2005, Online [2005] at http://jcp.org/aboutJava/communityprocess/pr/jsr220/index.html-last update, Enterprise Java Beans [Homepage of SUN],.[Online].Weber, J. & Rehkopf, A. 2009, “A Java-based remote GUI concept for distributed automation systems”, Emerging Technologies Factory Automation, 2009. ETFA 2009. IEEE Conference on, sept., pp. 1