Software Testing and Its Applications:

Professor Wong’s work related to the impact of code coverage on fault detection, test minimization and prioritization, regression testing, etc. has led to the creation of the χSuds Software Understanding and Diagnosis tool suite, used by real-life projects at Bellcore (Telcordia) and other industry corporations for effective and efficient software testing and analysis. It has also been used at more than ten universities worldwide, including UTD and Purdue, as a teaching aid in software testing courses. Professor Wong’s ongoing research includes, but is not limited to, probing and repairing security vulnerabilities in smartphone and other mobile applications, and achieving high code coverage through automatic test generation supported by an innovative backward tracking followed by a forward validation in conjunction with a constraint solver.

Software Safety:

Distinct from security and reliability, software safety implies that the software should execute within a system context (even in the presence of unexpected adverse conditions) without contributing to hazards. This is especially important for software-dependent systems in which failures can result in significant property damage, injury, or death. Traditional testing for consistency between implementation and functional specifications does not provide safety assurance. In response, Professor Wong’s research focuses on the integration of fault tree models from the safety requirements into specifications from the functional requirements so as to identify testable interactions between intended behaviors and hazardous conditions. Not only is software validated under normal conditions, but its implementation is also more completely verified to ensure that hazardous conditions identified by the fault tree analysis have been properly handled.

Towards the Automation of Program Debugging:

Debugging, when a program execution failure is observed, is essentially a two-step process of first determining the location and nature of a suspected fault, and then fixing the fault itself. Professor Wong has conducted research using different execution slicing, program spectrum and data dependency-based techniques, a crosstab-based statistical analysis, BP and RBF neural networks, and data mining algorithms to prioritize suspicious code in terms of its likelihood of containing faults. Our ongoing research also explores the combination of mutation with fault localization to automatically suggest fixes for software faults, and investigates the interference between multiple faults in a program. Results by Professor Wong and his students have been published in top journals such the IEEE Transactions on Reliability and the IEEE Transactions on Systems, Man and Cybernetics, received the Best Paper Award from the COMPSAC and ACM SAC conferences, as well as having been the most cited among all papers published by the Journal of Systems and Software in 2010.

Information-Retrieval-based Regression Testing:

Regression testing is widely used in practice for validating program changes. However, running large regression suites can be costly. Researchers have developed several techniques for prioritizing tests such that the higher priority tests have a higher likelihood of finding bugs. A vast majority of these techniques are based on dynamic analysis, which can be precise but can also have significant overhead (e.g., for program instrumentation and test-coverage collection). In this project, Professor Lingming Zhang and his colleagues introduce a new approach, REPiR, to address the problem of regression test prioritization by reducing it to a standard Information Retrieval problem such that the differences between two program versions form the query and the tests constitute the document collection. REPiR does not require any dynamic profiling or static program analysis. As an enabling technology we leverage the open-source IR toolkit Indri. An empirical evaluation using eight open-source Java projects shows that REPiR is computationally efficient and performs better than existing (dynamic or static) techniques for the majority of subjects. A paper that reports some of the results of this project will appear in ICSE’15.

Summary-based Context-Sensitive Program Analysis:

Building a summary for library code is a common approach to speeding up the analysis of client code. In presence of callbacks, some reachability relationships between library nodes cannot be obtained during library-code summarization. Thus, the library code may have to be analyzed again during the analysis of the client code with the library summary. In this project, Professor Lingming Zhang and colleagues propose to summarize library code with tree-adjoining-language (TAL) reachability. Compared with the summary built with context-free-language (CFL) reachability, the summary built with TAL reachability further contains conditional reachability relationships. The conditional reachability relationships can lead to much lighter analysis of the library code during the client code analysis with the TAL-reachability-based library summary. We performed an experimental comparison of context-sensitive data-dependence analysis with the TAL-reachability-based library summary and context-sensitive data-dependence analysis with the CFL- reachability based library summary using 15 benchmark subjects. The experimental results demonstrate that the former has an 8X speed-up over the latter on average. A paper reporting some of the results from this project will appear in ACM POPL’15.

iDiscovery — Automated Program Invariant Inference:

Program invariants can help software developers identify program properties that must be preserved as the software evolves, however, formulating correct invariants can be challenging. In this work, Professor Lingming Zhang and colleagues introduce iDiscovery, a technique which leverages symbolic execution to improve the quality of dynamically discovered invariants computed by Daikon. Candidate invariants generated by Daikon are synthesized into assertions and instrumented onto the program. The instrumented code is executed symbolically to generate new test cases that are fed back to Daikon to help further refine the set of candidate invariants. This feedback loop is executed until a fix-point is reached. To mitigate the cost of symbolic execution, optimizations are also proposed to prune the symbolic state space and to reduce the complexity of the generated path conditions. Recent advances in constraint solution reuse techniques are also leveraged to avoid computing results for the same constraints across iterations. Experimental results show that iDiscovery converges to a set of higher quality invariants compared to the initial set of candidate invariants in a small number of iterations. A paper reporting some of the results from this project was accepted to ACM ISSTA’14.