Debugging Memory Issues In Embedded Linux: A Case Study

Debugging denotes the process of detecting root causes of unexpected observable behaviors in programs, such as a program crash, an unexpected output value being produced or an assertion violation. Debugging of program errors is a difficult task and often takes a significant amount of time in the software development life cycle. In the context of embedded software, the probability of bugs is quite high. Due to requirements of low code size and less resource consumption, embedded softwares typically do away with a lot of sanity checks during development time. This leads to high chance of errors being uncovered in the production code at run time. In this paper we propose a methodology for debugging errors in BusyBox, a de-facto standard for Linux in embedded systems. Our methodology works on top of Valgrind, a popular memory error detector and Daikon, an invariant analyzer. We have experimented with two published errors in BusyBox and report our findings in this paper.Comment: In proceedings of IEEE TechSym 2011, 14-16 January, 2011, IIT kharagpur, Indi

Combining Static and Dynamic Analysis for Bug Detection and Program Understanding

This work proposes new combinations of static and dynamic analysis for bug detection and program understanding. There are 3 related but largely independent directions: a) In the area of dynamic invariant inference, we improve the consistency of dynamically discovered invariants by taking into account second-order constraints that encode knowledge aboutinvariants; the second-order constraints are either supplied by the programmer or vetted by the programmer (among candidate constraints suggested automatically); b) In the area of testing dataflow (esp. map-reduce) programs, our tool, SEDGE, achieves higher testing coverage by leveraging existinginput data and generalizing them using a symbolic reasoning engine (a powerful SMT solver); c) In the area of bug detection, we identify and present the concept of residual investigation: a dynamic analysis that serves as theruntime agent of a static analysis. Residual investigation identifies with higher certainty whether an error reported by the static analysis is likely true

JWalk: a tool for lazy, systematic testing of java classes by design introspection and user interaction

Popular software testing tools, such as JUnit, allow frequent retesting of modified code; yet the manually created test scripts are often seriously incomplete. A unit-testing tool called JWalk has therefore been developed to address the need for systematic unit testing within the context of agile methods. The tool operates directly on the compiled code for Java classes and uses a new lazy method for inducing the changing design of a class on the fly. This is achieved partly through introspection, using Java’s reflection capability, and partly through interaction with the user, constructing and saving test oracles on the fly. Predictive rules reduce the number of oracle values that must be confirmed by the tester. Without human intervention, JWalk performs bounded exhaustive exploration of the class’s method protocols and may be directed to explore the space of algebraic constructions, or the intended design state-space of the tested class. With some human interaction, JWalk performs up to the equivalent of fully automated state-based testing, from a specification that was acquired incrementally

Equivalence Partitioning as a Basis for Dynamic Conditional Invariant Detection

Program invariants are statements asserting properties of programs at certain points. They can assist developers and testers in understanding the program, and can be used for automated formal verification of the program. However, despite their usefulness they are often omitted from code. Dynamic invariant detection is a technique that discovers program invariants by observing execution of the program. One type of invariants that presents challenge to this technique is conditional invariants, which are considered to be computationally infeasible to be computed exhaustively. We present a new approach to assist conditional invariants detection, by analysing test suites used to drive the execution of the programs for their use of equivalence partitioning – a very common testing technique – and inferring conditional invariants from this information. A prototype implementation, named Yacon, is developed to work in conjunction with a mature dynamic invariant detection tool Daikon. Given a set of splitting conditions, Daikon can use them to infer conditional invariants. Yacon attempts to recover partitioning information from a given test suite, producing splitting conditions as a result. We introduced two strategies to recover partitioning information, one based on the presence of boundary value analysis testing technique; the other based on invariants within the test suite itself. We evaluated the effectiveness of each recovery strategy and the approach as a whole, and found that our approach can help make Daikon perform significantly better. However, the two recovery strategies only work well in limited circumstances, suggesting possible improvement in finding more effective recovery strategies

Equivalence Partitioning as a Basis for Dynamic Conditional Invariant Detection

Program invariants are statements asserting properties of programs at certain points. They can assist developers and testers in understanding the program, and can be used for automated formal verification of the program. However, despite their usefulness they are often omitted from code. Dynamic invariant detection is a technique that discovers program invariants by observing execution of the program. One type of invariants that presents challenge to this technique is conditional invariants, which are considered to be computationally infeasible to be computed exhaustively. We present a new approach to assist conditional invariants detection, by analysing test suites used to drive the execution of the programs for their use of equivalence partitioning – a very common testing technique – and inferring conditional invariants from this information. A prototype implementation, named Yacon, is developed to work in conjunction with a mature dynamic invariant detection tool Daikon. Given a set of splitting conditions, Daikon can use them to infer conditional invariants. Yacon attempts to recover partitioning information from a given test suite, producing splitting conditions as a result. We introduced two strategies to recover partitioning information, one based on the presence of boundary value analysis testing technique; the other based on invariants within the test suite itself. We evaluated the effectiveness of each recovery strategy and the approach as a whole, and found that our approach can help make Daikon perform significantly better. However, the two recovery strategies only work well in limited circumstances, suggesting possible improvement in finding more effective recovery strategies