Tracking down software bugs using automatic anomaly detection

• Published in: Proceedings - International Conference on Software Engineering pp. 291 - 301
• Main Authors: Hangal, Sudheendra, Lam, Monica S.
• Format: Conference Proceeding Journal Article
• Language: English
• Published: New York, NY, USA ACM 01.01.2002
• Series: ACM Conferences
• Subjects: Applied sciences; Computer science; control theory; systems; Exact sciences and technology; Software; Software and its engineering > Software creation and management > Software verification and validation > Software defect analysis > Software testing and debugging; Software engineering; JAVA language; Debugging program; User assistance; Checking program; Localization; Timed system; Program complexity; Program behavior; Defect detection
• ISBN: 158113472X; 9781581134728
• ISSN: 0270-5257
• DOI: 10.1145/581339.581377

This paper introduces DIDUCE, a practical and effective tool that aids programmers in detecting complex program errors and identifying their root causes. By instrumenting a program and observing its behavior as it runs, DIDUCE dynamically formulates hypotheses of invariants obeyed by the program. DIDUCE hypothesizes the strictest invariants at the beginning, and gradually relaxes the hypothesis as violations are detected to allow for new behavior. The violations reported help users to catch software bugs as soon as they occur. They also give programmers new visibility into the behavior of the programs such as identifying rare corner cases in the program logic or even locating hidden errors that corrupt the program's results.We implemented the DIDUCE system for Java programs and applied it to four programs of significant size and complexity. DIDUCE succeeded in identifying the root causes of programming errors in each of the programs quickly and automatically. In particular, DIDUCE is effective in isolating a timing-dependent bug in a released JSSE (Java Secure Socket Extension) library, which would have taken an experienced programmer days to find. Our experience suggests that detecting and checking program invariants dynamically is a simple and effective methodology for debugging many different kinds of program errors across a wide variety of application domains.