Automatically identifying critical input regions and code in applications
Applications that process complex inputs often react in different ways to changes in different regions of the input. Small changes to forgiving regions induce correspondingly small changes in the behavior and output. Small changes to critical regions, on the other hand, can induce disproportionally...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | en_US |
| Published: |
Association for Computing Machinery
2011
|
| Online Access: | http://hdl.handle.net/1721.1/62576 https://orcid.org/0000-0001-8095-8523 |
| _version_ | 1826209680322461696 |
|---|---|
| author | Carbin, Michael James Rinard, Martin C. |
| author2 | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory |
| author_facet | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Carbin, Michael James Rinard, Martin C. |
| author_sort | Carbin, Michael James |
| collection | MIT |
| description | Applications that process complex inputs often react in different ways to changes in different regions of the input. Small changes to forgiving regions induce correspondingly small changes in the behavior and output. Small changes to critical regions, on the other hand, can induce disproportionally large changes in the behavior or output. Identifying the critical and forgiving regions in the input and the corresponding critical and forgiving regions of code is directly relevant to many software engineering tasks.
We present a system, Snap, for automatically grouping related input bytes into fields and classifying each field and corresponding regions of code as critical or forgiving. Given an application and one or more inputs, Snap uses targeted input fuzzing in combination with dynamic execution and influence tracing to classify regions of input fields and code as critical or forgiving. Our experimental evaluation shows that Snap makes classifications with close to perfect precision (99%) and very good recall (between 99% and 73%, depending on the application). |
| first_indexed | 2024-09-23T14:27:28Z |
| format | Article |
| id | mit-1721.1/62576 |
| institution | Massachusetts Institute of Technology |
| language | en_US |
| last_indexed | 2024-09-23T14:27:28Z |
| publishDate | 2011 |
| publisher | Association for Computing Machinery |
| record_format | dspace |
| spelling | mit-1721.1/625762022-10-01T21:23:34Z Automatically identifying critical input regions and code in applications Carbin, Michael James Rinard, Martin C. Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science Rinard, Martin C. Carbin, Michael James Rinard, Martin C. Applications that process complex inputs often react in different ways to changes in different regions of the input. Small changes to forgiving regions induce correspondingly small changes in the behavior and output. Small changes to critical regions, on the other hand, can induce disproportionally large changes in the behavior or output. Identifying the critical and forgiving regions in the input and the corresponding critical and forgiving regions of code is directly relevant to many software engineering tasks. We present a system, Snap, for automatically grouping related input bytes into fields and classifying each field and corresponding regions of code as critical or forgiving. Given an application and one or more inputs, Snap uses targeted input fuzzing in combination with dynamic execution and influence tracing to classify regions of input fields and code as critical or forgiving. Our experimental evaluation shows that Snap makes classifications with close to perfect precision (99%) and very good recall (between 99% and 73%, depending on the application). United States. Defense Advanced Research Projects Agency (DARPA) (Cooperative Agreement FA8750-06-2-0189) National Science Foundation (U.S.) (Awards 0811397, 0835652, and 0905224) 2011-05-02T18:03:44Z 2011-05-02T18:03:44Z 2010-07 2010-07 Article http://purl.org/eprint/type/ConferencePaper 978-1-60558-823-0 http://hdl.handle.net/1721.1/62576 Michael Carbin and Martin C. Rinard. 2010. Automatically identifying critical input regions and code in applications. In Proceedings of the 19th international symposium on Software testing and analysis (ISSTA '10). ACM, New York, NY, USA, 37-48 https://orcid.org/0000-0001-8095-8523 en_US http://dx.doi.org/10.1145/1831708.1831713 Proceedings of the 19th international symposium on Software testing and analysis Creative Commons Attribution-Noncommercial-Share Alike 3.0 http://creativecommons.org/licenses/by-nc-sa/3.0/ application/pdf Association for Computing Machinery MIT web domain |
| spellingShingle | Carbin, Michael James Rinard, Martin C. Automatically identifying critical input regions and code in applications |
| title | Automatically identifying critical input regions and code in applications |
| title_full | Automatically identifying critical input regions and code in applications |
| title_fullStr | Automatically identifying critical input regions and code in applications |
| title_full_unstemmed | Automatically identifying critical input regions and code in applications |
| title_short | Automatically identifying critical input regions and code in applications |
| title_sort | automatically identifying critical input regions and code in applications |
| url | http://hdl.handle.net/1721.1/62576 https://orcid.org/0000-0001-8095-8523 |
| work_keys_str_mv | AT carbinmichaeljames automaticallyidentifyingcriticalinputregionsandcodeinapplications AT rinardmartinc automaticallyidentifyingcriticalinputregionsandcodeinapplications |