Applying dynamic analysis for defect detection in Java-applications

This paper provides an overview of program analysis techniques and describes practical implementation of these techniques for automatic software defect detection. The paper focuses on program dynamic analysis technique based on tainted data flow tracing, instrumentation and constraint set construction for automatic input generation. An overview of practical considerations for developing a dynamic analysis tool for Java applications is given. It is complemented by a detailed description of actual prototype implementation created within the scope of this project. Finally, the paper features an overview of practical results obtained on a number of Java applications and provides an evaluation of these results.

software iterative dynamic analysis, automatic defect detection, Java bytecode instrumentation

1. Novikova N. M. Osnovy optimizatsii [The Basics of Optimization]. M.: MGU [MSU], 1998. 17–22 p. (in Russian)

2. Eén N., Sörensson N. MiniSat solver [HTML] (http://minisat.se/)

3. Ganesh V., Dill D. L. A Decision Procedure for Bit-Vectors and Arrays. In Proceedings of Computer Aided Verification. 2007. P. 524–536.

4. Isaev I. K., Sidorov D. V. Primenenie dinamicheskogo analiza dlya generatsii vkhodnykh dannykh, demonstriruyushhikh kriticheskie oshibki i uyazvimosti v programmakh [The Use of Dynamic Analysis for Generation of Input Data that Demonstrates Critical Bugs and Vulnerabilities in Programs]. Programmirovanie [Programming and Computer Software]. 2010. # 4. P. 1-16. (in Russian)

5. Valgrind. Instrumentation Framework for Building Dynamic Analysis Tools [HTML] (http://valgrind.org/)

6. Apache Commons Byte Code Engineering Library [HTML] (http://commons.apache.org/bcel)