Combining Invariant Violation with Execution Path Classification for Detecting Multiple Types of Logical Errors and Race Conditions

Context: Modern automated source code analysis techniques can be very successful in detecting a priori de- fined defect patterns and security vulnerabilities. Yet, they cannot detect flaws that manifest due to erroneous translation of the software’s functional requirements into the source code. The automated detection of logical errors that are attributed to a faulty implementation of applications’ functionality, is a relatively uncharted territory. In previous research, we proposed a combination of automated analyses for logical error detection. In this paper, we develop a novel business-logic oriented method able to filter mathematical depictions of software logic in order to augment logical error detection, eliminate previous limitations in analysis and provide a formal tested logical error detection classification without subjective discrepancies. As a proof of concept, our method has been implemented in a prototype tool called PLATO that can detect various types of logical errors. Potential logical errors are thus detected that are ranked using a fuzzy logic system with two scales characterizing their impact: (i) a Severity scale, based on the execution paths’ characteristics and Information Gain, (ii) a Reliability scale, based on the measured program’s Computational Density. The method’s effectiveness is shown using diverse experiments. Albeit not without restrictions, the proposed automated analysis seems able to detect a wide variety of logical errors, while at the same time limiting the false positives.

[1]  Gerald Albaum,et al.  The Likert Scale Revisited , 1997 .

[2]  Jesús Alcalá-Fdez,et al.  jFuzzyLogic: a robust and flexible Fuzzy-Logic inference system language implementation , 2012, 2012 IEEE International Conference on Fuzzy Systems.

[3]  Alexander Aiken,et al.  Interactively verifying absence of explicit information flows in Android apps , 2015, OOPSLA.

[4]  Christopher Krügel,et al.  Toward Automated Detection of Logic Vulnerabilities in Web Applications , 2010, USENIX Security Symposium.

[5]  David A. Fisher,et al.  C4 Software Technology Reference Guide - A Prototype. , 1997 .

[6]  Letha H. Etzkorn,et al.  Automatically Identifying Reusable OO Legacy Code , 1997, Computer.

[7]  Miryung Kim,et al.  Validity concerns in software engineering research , 2010, FoSER '10.

[8]  William P. Birmingham,et al.  Improving category specific Web search by learning query modifications , 2001, Proceedings 2001 Symposium on Applications and the Internet.

[9]  Gregg Rothermel,et al.  Supporting Controlled Experimentation with Testing Techniques: An Infrastructure and its Potential Impact , 2005, Empirical Software Engineering.

[10]  Dimitris Gritzalis,et al.  Automated Detection of Logical Errors in Programs , 2014, CRiSIS.

[11]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[12]  A. Zeller Isolating cause-effect chains from computer programs , 2002, SIGSOFT '02/FSE-10.

[13]  Dolores R. Wallace,et al.  Software Error Analysis , 1995 .

[14]  George K. Baah Statistical causal analysis for fault localization , 2012 .

[15]  Mark Harman,et al.  The Oracle Problem in Software Testing: A Survey , 2015, IEEE Transactions on Software Engineering.

[16]  Wilfred J. Hansen,et al.  Measurement of program complexity by the pair: (Cyclomatic Number, Operator Count) , 1978, SIGP.

[17]  Xiangyu Zhang,et al.  Locating faults through automated predicate switching , 2006, ICSE.

[18]  Robert A. Martin,et al.  Common weakness enumeration (CWE) status update , 2008, ALET.

[19]  W W. Peng,et al.  Software Error Analysis | NIST , 1993 .

[20]  Corina S. Pasareanu,et al.  Verification of Java Programs Using Symbolic Execution and Invariant Generation , 2004, SPIN.

[21]  David Hovemeyer,et al.  Finding bugs is easy , 2004, SIGP.

[22]  Christopher Krügel,et al.  Fear the EAR: discovering and mitigating execution after redirect vulnerabilities , 2011, CCS '11.

[23]  Giovanni Vigna,et al.  Multi-module vulnerability analysis of web-based applications , 2007, CCS '07.

[24]  Chris F. Kemerer,et al.  Cyclomatic Complexity Density and Software Maintenance Productivity , 1991, IEEE Trans. Software Eng..

[25]  C. Lee Giles,et al.  What's the code?: automatic classification of source code archives , 2002, KDD.

[26]  Dimitris Gritzalis,et al.  Using Logical Error Detection in Software Controlling Remote-Terminal Units to Predict Critical Information Infrastructures Failures , 2015, HCI.

[27]  Paul E. Black,et al.  Juliet 1.1 C/C++ and Java Test Suite , 2012, Computer.

[28]  Dimitris Gritzalis,et al.  Automated exploit detection using path profiling: The disposition should matter, not the position , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[29]  Dimitris Gritzalis,et al.  Hunting Application-Level Logical Errors , 2012, ESSoS.

[30]  - 1-On Analyzing Static Analysis Tools , 2011 .

[31]  Elliotte Rusty Harold Java I/O , 1999 .

[32]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[33]  Stephen McCamant,et al.  The Daikon system for dynamic detection of likely invariants , 2007, Sci. Comput. Program..

[34]  Željko Ilić,et al.  Introduction to information theory and coding , 2007 .

[35]  Lalit Bansal,et al.  An Effective Implementation of Improved Halstead Metrics for Software Parameters Analysis , 2014 .

[36]  Dimitris Gritzalis,et al.  On Business Logic Vulnerabilities Hunting: The APP_LogGIC Framework , 2013, NSS.