Improving software maintenance and security testing through dynamic compilers.

摘要

Resource constraints force software testers to limit the amount of program testing performed. Testers focus most on the portions of the program that the user is likely to utilize. This testing strategy skips portions of the program that the tester regards as "uncommon," which often includes error handling code and security code. Furthermore, even if testers were given more time and resources for testing, some code could not be easily tested as it requires external environmental conditions to trigger, such as memory exhaustion, disk hardware failures, etc. Resource constraints also limit the amount of time spent performing program analyses, such as impact analysis, that benefit software testing.;This dissertation addresses these concerns by providing practical solutions through the use of dynamic compilers, which allow for program analysis and/or transformation during execution. For testing, we present the Rugrat testing framework, which is capable of automatically generating test cases for code handling uncommon situations, such as error handling code and security mechanisms. Our empirical studies indicate that Rugrat is effective at providing test cases for code that may otherwise go untested.;For impact analysis, we present several online impact analysis algorithms, which are performed during program execution. Empirical studies indicate that the online impact analysis algorithms scale better to larger programs than current techniques. Furthermore, by performing the analysis during program execution, expensive post processing steps are avoided, reducing the overhead of the analysis compared to current, state of the art, techniques. We also present several ways to improve the results of the analysis by approximating program data flow.