基于切片谱的错误定位框架影响因素分析

错误定位是软件调试的重要环节,基于切片谱的统计错误定位技术,借助程序切片可以提高错误定位效率.而这类技术执行效果取决于构建切片谱的切片选择策略和怀疑度计算公式的选择.为评估不同的切片选择策略及怀疑度计算公式对错误定位效率的影响,提出一种基于切片谱的错误定位框架.该框架首先计算程序执行失败时的全切片和成功时的执行切片,随后提出一组基于相似度的切片挑选策略以构建切片谱,最后按照选定的公式计算怀疑度并生成定位报告.应用提出的错误定位框架,针对一组典型的Java基准程序开展错误定位实证研究.结果表明：最优怀疑度计算公式Wong,Russel&Rao和Binary的错误定位效率与切片选择策略无关,而提出的怀疑度计算公式HSS,Tarantula,DStar,Naish1和Naish2在低相似度切片谱上定位效果较好.     

基于条件执行切片谱的多错误定位

基于程序谱的错误定位技术由于其较高的定位效率已成为当前软件调试领域研究热点之一.这种技术通常根据测试覆盖信息计算程序语句发生错误的可疑度来进行错误定位.然而,这种技术会随着程序中错误数目的增多效率不断下降.鉴于此,提出了一种基于条件执行切片谱的多错误定位技术(conditioned execution slicing spectrum-based multiple fault localization, CESS-MFL),以提高多错误定位的效率.CESS-MFL技术首先根据输入变量的谓词条件构建错误相关条件执行切片的谱矩阵,然后依次计算错误相关条件执行切片中的元素(语句或语句块)的可疑度,并生成可疑度报告.实验验证了CESS-MFL技术比当前流行的基于程序谱的Tarantula技术、基于程序切片的Intersection技术、Union技术有更高的多错误定位效率,并且可在有效的时间和空间复杂度内完成.     

一种基于层次切片谱的软件错误定位技术

传统的软件错误定位技术通常利用测试覆盖信息计算程序语句发生错误的可疑度进行软件错误定位,但是这种定位技术没有充分考虑程序本身固有的依赖信息,缺乏语句筛选,从而使错误定位的精度受限.提出了一种基于层次切片谱的错误定位技术,以提高面向对象程序中的错误定位效率.这种技术首先分析程序不同粒度层次元素(包、类、方法以及语句)之间的依赖信息,对可能发生错误的元素进行筛选,缩小错误查找范围;在此基础上,建立了层次切片谱模型,并定义了一种可疑度度量方法;最后根据该可疑度结果从大到小的顺序进行错误定位.通过实验验证了基于层次切片谱的错误定位技术的有效性,且比基于程序谱的Tarantula 技术、Union 技术、Intersection 技术效率更高.     

基于词频-逆文件频率的错误定位方法

错误定位方法大多通过分析语句覆盖信息来标识出导致程序失效的可疑语句.其中,语句覆盖信息通常以语句执行或语句未执行的二进制状态信息来表示.然而,该二进制状态信息仅表明该语句是否被执行的信息,无法体现该语句在具体执行中的重要程度,可能会降低错误定位的有效性.为了解决这个问题,提出了基于词频-逆文件频率的错误定位方法.该方法采用词频-逆文件频率技术识别出单个测试用例中语句的影响程度高低,从而构建出具有语句重要程度识别度的信息模型,并基于该模型来计算语句的可疑值.实验结果表明,该方法大幅提升了错误定位的效能.     

面向众包软件开发的错误定位方法

在软件开发中,错误定位是修复软件缺陷的必要前提.为此,研究者们提出了一系列自动化的错误定位方法.这些方法利用了测试用例运行时的覆盖路径和运行结果等信息,大幅减少了定位错误代码的难度.在竞争性众包软件开发中,往往存在多个竞争性实现（解决方案）,提出一种专门面向众包软件工程的错误定位方法.主要思想是,在定位错误语句时,将其多个竞争性实现作为参考程序.针对程序中的各个语句,在参考程序中搜索参考语句,并利用参考语句计算其错误概率.给定一个错误程序和相应的测试用例,首先运行测试用例并使用广泛流行的基于频谱的错误定位方法计算其初始错误概率.然后,根据此语句与其参考语句的相似性调整错误概率.在118个真实的错误程序上进行实验,结果表明所提方法相比基于频谱的方法,定位错误的成本降低了25%以上.     

基于对抗生成网络的缺陷定位模型域数据增强方法

缺陷定位获取并分析测试用例集的运行信息, 从而度量出各个语句为缺陷的可疑性. 测试用例集由输入域数据构建, 包含成功测试用例和失败测试用例两种类型. 由于失败测试用例在输入域分布不规律且比例很低, 失败测试用例数量往往远少于成功测试用例数量. 已有研究表明, 少量失败测试用例会导致测试用例集出现类别不平衡问题, 严重影响着缺陷定位有效性. 为了解决这个问题, 提出基于对抗生成网络的缺陷定位模型域数据增强方法. 该方法基于模型域(即缺陷定位频谱信息)而非传统输入域(即程序输入), 利用对抗生成网络合成覆盖最小可疑集合的模型域失败测试用例, 从模型域上解决类别不平衡的问题. 实验结果表明, 所提方法大幅提升了11种典型缺陷定位方法的效能.     

Slice-based statistical fault localization

Recent techniques for fault localization statistically analyze coverage information of a set of test runs to measure the correlations between program entities and program failures. However, coverage information cannot identify those program entities whose execution affects the output and therefore weakens the aforementioned correlations. This paper proposes a slice-based statistical fault localization approach to address this problem. Our approach utilizes program slices of a set of test runs to capture the influence of a program entity's execution on the output, and uses statistical analysis to measure the suspiciousness of each program entity being faulty. In addition, this paper presents a new slicing approach called approximate dynamic backward slice to balance the size and accuracy of a slice, and applies this slice to our statistical approach. We use two standard benchmarks and three real-life UNIX utility programs as our subjects, and compare our approach with a sufficient number of fault localization techniques. The experimental results show that our approach can significantly improve the effectiveness of fault localization.     

结合语句执行补集的程序错误定位

基于频谱的错误定位方法一般利用覆盖信息为每条语句度量出错的可能,即可疑度,通过逐条检查按可疑度值降序排列的语句序列来确定错误语句.针对已有的方法大多只考虑覆盖信息中语句执行信息的问题,分析了语句执行补集对错误定位的积极影响,进一步提出了在语句执行信息基础上结合语句执行补集的错误定位方法.实验结果表明,与其他方法相比,所...     

基于条件分类可执行切片谱的软件缺陷定位

基于条件执行切片谱的多错误定位（Multiple Fault Localization based on Conditioned Execution Slicing Spectrum，CESS-MFL）考虑了程序的依赖性，可以一定程度降低程序随着缺陷数的增多而效率降低的问题，但该技术仍受与缺陷无关语句的影响比较大。因此，提出了一种基于条件分类可执行切片的软件缺陷定位方法（Conditioned Classification Execution Slicing Spectrum-based Software Fault Localization，CCESS-SFL），该技术对CESS-MFL技术中的谓词条件进行了改进并分类。根据谓词条件与缺陷相关执行切片确定条件特征集，根据条件特征集进行分类得到条件分类执行切片谱，计算元素的可疑度，最后生成可疑度报告。CCESS-SFL技术在西门子7个套件中得到了有效的验证，它优于当前流行的Tarantula、Jaccard、Ochiai以及CESS-MFL技术，可以进一步降低与缺陷无关语句的影响。     

组合认知复杂度的程序谱软件错误定位方法

基于程序谱的软件错误定位(spectrum-based fault localization,SBFL)技术收集测试用例结果和语句覆盖信息,用以计算每条语句的可疑度值.认知复杂度是软件复杂性度量工具,其值高的代码较易出错.为提升错误定位性能,提出一种语句级认知复杂度和SBFL相组合的方法对语句排序.当多条语句可疑度值相等时,新方法优先检查认知复杂度高的语句.测试数据集有925个错误版本,包含Java、C和C++项目.实验结果证实,加入认知复杂度后,传统的SBFL技术能减少待排查语句.     

面向自动修复并融合失效场景的缺陷定位方法

为了应对日益增长的软件修复开销,研究高效的软件自动修复技术成为学术界和工业界的共识。缺陷定位作为自动修复技术的前端,是实现快速准确自动修复的关键,其精度直接影响自动修复的性能。然而,初步研究表明,现有缺陷定位技术缺乏对自修复需求的考虑,对自修复算法支持有限。有必要研究面向自修复的高精度自动化缺陷定位技术,以提升自修复性能。因此,提出了失效场景的缺陷定位方法来应对该问题。提出的方法首先采用程序切片技术,构造出与失效相关的场景;然后对失效场景的各个元素实施可疑值度量;最后将可疑值度量化的场景交给自动修复技术实施修复。初步实验结果表明,本缺陷定位方法能有效提升自动修复性能。     

失效上下文统计分析的软件故障定位方法

针对程序切片方法不提供语句的可疑程度描述,而覆盖分析方法不能充分分析程序元素间的相互影响等问题,提出上下文统计分析的软件故障定位方法。首先,将源程序转换为抽象语法树和程序依赖图;接下来,插桩程序,收集运行时信息;然后,根据失效点,执行按需的反向动态切片,确定失效产生的上下文;最后,对于反向动态切片中的节点,统计计算可疑度,输出带可疑度排序的动态程序切片。该方法不但描述了失效产生的上下文,还计算上下文中各个语句的可疑度。实验结果表明,所提方法与单一的覆盖分析方法相比,平均Expense降低了1.3%,与单一的切片方法相比,平均Expense降低了5.6%,所提方法可以有效辅助开发人员定位与修正软件缺陷。     

基于路径分析和信息熵的错误定位方法

软件错误定位是一项耗时又费力的工作,因此如何提高软件错误定位的自动化程度一直以来都是软件工程领域研究的热点.现有的基于频谱的错误定位方法很少利用程序的上下文信息,而程序的上下文信息对错误定位至关重要.针对这一问题,提出了一种基于路径分析和信息熵的错误定位方法FLPI.该方法在基于频谱信息技术的基础上,通过对所有执行路径...     

增强上下文的错误定位技术

错误定位就是寻找程序错误的位置.现有的错误定位方法大多利用测试用例的覆盖信息,以标识一组导致程序失效的可疑语句,却忽视了这些语句相互作用导致失效的上下文.因此,提出一种增强上下文的错误定位方法Context-FL,以构建上下文的方式来优化错误定位性能.Context-FL利用动态切片技术构建数据与控制相关性的错误传播上下文,显示了导致失效的语句之间传播依赖关系;然后,基于可疑值度量来区分上下文片段中不同语句的可疑度;最后,Context-FL以标记可疑值的上下文作为定位结果.实验结果表明,Context-FL优于8种典型错误定位方法.     

融合代码静态特征和频谱的软件缺陷定位技术

基于频谱的缺陷定位(spectrum-based fault localization, SBFL)通过分析测试用例的覆盖信息和执行结果信息进行快速定位,是目前最常用的缺陷定位技术。然而,该方法未能充分利用代码中隐含的语义和结构信息。若能将缺陷预测中使用到的代码结构信息和频谱信息融合使用,将有助于进一步提升缺陷定位的效果。为此,提出了一种融合代码静态特征和频谱的软件缺陷定位(fault localization combing static features and spectrums, FLFS)技术。首先,从Halstead等度量元集合中选取度量元指标并进行修改,以适用于度量代码的方法级特征;然后,根据选取的度量元指标提取程序中各个方法的静态特征并用于训练缺陷预测模型;最后,使用缺陷预测模型预测程序中各方法存在缺陷的预测可疑度,并与SBFL技术计算的频谱可疑度进行融合,以定位缺陷所在方法。为验证FLFS的有效性,将其与两种定位效果最好的SBFL技术DStar和Ochiai在Defects4J数据集上进行了对比实验。结果表明,FLFS具有更好的缺陷定位性能,对于E_inspe...     

Effective software fault localization using predicted execution results

Software has become ubiquitous in our daily lives, and with its increasing functionality and complexity comes a frequently tedious and prolonged debugging process. Of the three activities in program debugging (failure detection, fault localization, and bug fixing), the focus of this paper is on the first, failure detection, under the condition that there is no test oracle that can be used to automatically determine the success or failure of all the executions. More precisely, the outputs for many executions have to be verified manually, or the expected outputs are not even available. We want to determine whether there is a solution to help programmers predict the execution results. How good are these predicted results when they are used to help programmers find the locations of bugs? A framework is proposed to reduce the effort on output verification using a strategy based on the Hamming distance or K-Means clustering to predict results of test executions. Such data and the statement coverage of each test case are used to compute the suspiciousness of each statement according to a fault localization technique and produce a ranking for examination to locate bugs. Case studies using 22 programs and seven fault localization techniques were conducted to evaluate the fault localization effectiveness of the proposed framework on 1203 faulty versions, some of which have a single bug and others with multiple bugs. A discussion on factors that may affect the accuracy of execution result prediction and the resulting fault localization effectiveness is also presented. Our data suggests that, in general, with respect to fault localization techniques using execution results verified against the expected outputs, those using predicted execution results can be even more effective than (by examining a smaller number of statements to locate the first faulty statement) or as good as the former (the verified).     

基于线性分类算法的软件错误定位模型

基于谱的错误定位（SBFL）方法能帮助程序员减小软件调试的困难。作为一种轻量方法,SBFL只需收集测试用例的覆盖信息和测试结果,计算程序每条语句的运行特征。众多SBFL方法,将四个运行特征组合成不同的可疑度计算公式。然而,这些公式受固定参数的影响,无法适应不同的程序集。因此,提出一种机器学习方法,能自动确定特定程序集的可疑度计算公式。首先,收集已标注错误语句的程序旧版本;再将错误语句与正确语句的运行特征两两相减,构造为训练集的一个样本;最后基于Weka的分类算法,学习到线性函数,作为该程序的错误定位模型。在Siemens程序包、space和gzip三个基准数据集上,使用Logistic、SGD、SMO和LibLinear学习到的模型,性能都要优于SBFL方法。     

面向有效错误定位的测试用例优选方法

针对已有测试用例选择方法在提高错误定位有效性方面存在局限性的问题,首先,定义“失效覆盖向量相似度优先排序”准则,将执行路径与失效执行路径相似的成功测试用例赋予较高的优先级;然后定义“失效覆盖等价划分优化选择”准则,选择能够最大区分失效执行语句的成功测试用例集合;在此基础上,建立测试用例优选模型(effective selection, ES).不同于已有方法,ES充分利用失效执行路径来提高错误定位的有效性.该模型被应用于优选Siemens测试用例集合,其结果被应用于Tarantula等4种错误定位方法.结果表明,ES在约简率Reduction和衡量错误定位有效性的Expense_increase两个指标方面,均优于已有的基于语句和基于向量的测试用例约简方法.ES不但可以获得97%以上的约简率,提高错误定位的效率,而且具有较低的Expense_increase,显著提高了错误定位的有效性.     

A test-suite reduction approach to improving fault-localization effectiveness

In order to improve the effectiveness of fault localization, researchers are interested in test-suite reduction to provide suitable test-suite inputs. Different test-suite reduction approaches have been proposed. However, the results are usually not ideal. Reducing the test-suite improperly or excessively can even negatively affect fault-localization effectiveness. In this paper, we propose a two-step test-suite reduction approach to remove the test cases which have little or no effect on fault localization, and improve the distribution evenness of concrete execution paths of test cases. This approach consists of coverage matrix based reduction and path vector based reduction, so it analyzes not only the test cases coverage but also the concrete path information. We design and implement experiments to verify the effect of our approach. The experimental results show that our reduced test-suite can improve fault-localization effectiveness. On average, our approach can reduce the size of a test-suite in 47.87% (for Siemens programs) and 23.03% (for space program). At the same time, on average our approach can improve the fault-localization effectiveness, 2.12 on Siemens programs and 0.13 on space program by Tarantula approach.     

WAS: A weighted attribute-based strategy for cluster test selection

In past decades, many techniques have been proposed to generate and execute test cases automatically. However, when a test oracle does not exist, execution results have to be examined manually. With increasing functionality and complexity of today's software, this process can be extremely time-consuming and mistake-prone. A CTS-based (cluster test selection) strategy provides a feasible solution to mitigate such deficiency by examining the execution results only with respect to a small number of selected test cases. It groups test cases with similar execution profiles into the same cluster and selects them from each cluster. Some well-known CTS-based strategies are one per cluster, n (a predefined value which is greater than 1) per cluster, adaptive sampling, and execution-spectra-based sampling (ESBS). The ultimate goal is to reduce testing cost by quickly identifying the executions that are likely to fail. However, improperly grouping the test cases will significantly diminish the effectiveness of these strategies (by examining results of more successful executions and fewer failed executions). To overcome this problem, we propose a weighted attribute-based strategy (WAS). Instead of clustering test cases based on the similarity of their execution profiles only once like the aforementioned CTS-based strategies, WAS will conduct more than one iteration of clustering using weighted execution profiles by also considering the suspiciousness of each program element (statement, basic block, decision, etc.), where the suspiciousness in terms of the likelihood of containing bugs can be computed by using various software fault localization techniques. Case studies using seven programs (make, ant, sed, flex, grep, gzip, and space) and four CTS-based strategies (one per cluster sampling, n per cluster sampling, adaptive sampling, and ESBS) were conducted to evaluate the effectiveness of WAS on 184 faulty versions containing either single or multiple bugs. Experimental results suggest that the proposed WAS strategy outperforms other four CTS-based strategies with respect to both recall and precision such that output verification is focused more strongly on failed executions.