Presenter: Thodoris Sotiropoulos Date: 03 October 2022
Developers and practitioners spend considerable amount of their time in testing their software and fixing software bugs. To do so more effectively, they automate the process of finding deep software bugs that are challenging to uncover via manually-written test cases by integrating automated bug-finding tools in the software development process. A challenge of automated bug detection is the identification of subtle and latent defects in software that involves complex functionality. This is because such bugs are easy to remain unnoticed as the software under test does not complain with warnings or other runtime failures (e.g., crashes) during its execution. Worse, subtle defects often confuse users who do not blame the buggy software for the unexpected behavior, because they believe that the error is from their side (e.g., wrong input is given). Another shortcoming of many existing bug-finding tools is their limited applicability. Indeed, many of them are tailored to specific piece of software. This lack of applicability is mainly attributed to fundamental issues related to the design of the underlying methods.
To tackle the aforementioned issues, this thesis investigates ways for improving the effectiveness and applicability of automated software testing by introducing different forms of abstractions in testing workflow. The aim of these abstractions is to provide a common platform for reasoning and identification of (subtle) bugs in software systems and programs that exhibit dissimilar interfaces, implementations, or semantics. The thesis demonstrates this concept by applying abstractions in the context of three important problems: the detection of (1) compiler typing bugs, (2) bugs in data-centric software, and (3) dependency bugs in file system resources. This is achieved through the design and development of three bug-finding tools: Hephaestus, Cynthia, and FSMoVe respectively.
The work presented in this thesis improved the reliability of well-established and critical software used by millions of users and applications. Overall, our bug-finding techniques and tools led to the disclosure and fix of more than 400 bugs found in complex software systems, such as the Java and the Groovy compilers, the Django web framework, or dozens of popular configuration management libraries used for managing critical infrastructures (e.g., the Apache server). This thesis exhibits practical impact on the software industry, and opens new research opportunities related to the application of programming language concepts to automated software testing and software reliability.