|
Currently released (or about to be released)
- MintHint is a
novel technique and tool for program repair that is a departure from
most of today’s approaches. Instead of trying to fully automate
program repair, which is often an unachievable goal, MintHint performs
statistical correlation analysis to identify expressions that are
likely to occur in the repaired code and generates, using
pattern-matching based synthesis, repair hints from these
expressions. Intuitively, these hints suggest how to rectify a faulty
statement and help developers find a complete, actual repair. A paper
describing the work is available here.
You can get more information and download the tool here.
- F3
(Fault localization for Field Failures) is a tool that builds on
BugRedux (see below) and extends it with automated debugging
capabilities. F3 can thus help developers not only recreate, but also
debug field failures. Given an observed field failure, F3 can
synthesize a number of failing and passing executions similar to the
observed failure and use these executions, in conjunction with
automated fault localization approaches, to help developers identify
likely causes of such failure. A paper describing the work is
available here.
You can also download the tool here.
- TestEvol
is a tool for analyzing test-suite evolution. More precisely, TestEvol
facilitates the systematic study of test-suite evolution for Java
programs and JUnit test suites. The tool analyzes a sequence of
versions of a software system, where a system consists of an
application together with its test suite, and allows for studying how
the test cases in the test suite evolved when going from one version
to the next. A paper describing the work is available here.
You can also download the tool here.
- BugRedux,
a general tool for enabling in-house debugging of field failures.
BugRedux works by (1) collecting data about failing program executions
in the field, (2) extracting from the collected execution data
sequences of intermediate goals (i.e., statements in the program), and
(3) using a symbolic execution technique to synthesize, in house,
executions that reach such goals, mimic the observed executions, and
reproduce the corresponding failures. The current implementation of
BugRedux can collect four types of increasingly rich execution data:
points of failure, call stacks, call sequences, and complete program
traces. To perform symbolic execution, BugRedux relies on a suitably
modified version of KLEE. A paper
describing the work is available here.
You can also download the tool here.
- NIONKA, a
tool for execution hijacking. Given a program P and an input I for P,
execution hijacking allows for running P with I as input and
following a specific path that P would normally not follow under I.
By doing so, execution hijacking can expose additional behaviors and
benefit different kinds of dynamica analysis. A paper describing the
work is available here. You can also download the tool here. Two versions
of the tool are available, one for hijacking of Java programs, and the
other for x86 programs.
- BERT
(BEhavioral Regression Testing), an Eclipse plug-in that
implements our automated behavioral regression testing
approach. Every time a new version of a program is saved, BERT (1)
analyzes the changes between the new and the old version, (2)
generates tests for the changed parts, (3) runs the tests on the
old and new versions, (4) analyzes and reports to the developers
the behavioral differences between the two versions. Read more
about BERT here and
click here
to download the tool.
- MINTS
(MINimizer for Test Suites), a generic framework for supporting
test-suite minimization that allows for (1) easily encoding a wide
range of test-suite minimization problems, (2) handling problems
that involve any number of minimization criteria, and (3) computing
optimal solutions to minimization problems by leveraging a number of
integer linear programming solvers. Read more about MINTS here and click here to download
the tool.
- InsECTJ, our
second-generation instrumenter, is a generic framework for
collecting information on the runtime behavior of a Java
program. The tool is implemented as a set of Eclipse plug-ins. Read more
about it here.
- InsECT, our original
Instrumentation, Execution, and Coverage/profiling Tool for Java is
also available on SourceForge. Check it out at http://sourceforge.net/projects/insectj!
Available on a per-request basis
-
WASP, our new tool
against SQL-injection attacks, is based on positive tainting and
syntax-aware evaluation, is highly automated, has minimal deployment
requirements, and can protect existing Java-based Web application
from all types of SQL injections. Read more about it here.
-
SCARPE is a tool for
Selective CApture and Replay of Program Executions. Given a program,
the tool lets users (1) select a subsystem, (2) capture at runtime
all the interactions between such subsystem and the rest of the
program, and (3) replay the recorded interactions on the subsystem
in isolation. Read more about it here.
-
AMNESIA, our tool
against SQL-injection attacks, combines static analysis and runtime
monitoring to protect web applications. Read more about it here.
-
JDiff is a tool for
comparing different versions of object-oriented programs that
identifies both differences and correspondences between two
versions. The technique and the tool are described here.
-
DejaVOO, is our
efficient regression-test-selection tool for Java software that
combines static and dynamic analysis to reduce the regression
testing effort. The latest paper about DejaVOO is available here.
|
|