Spectrum-Base Fault Localization by Exploiting the Failure Path

Abstract

Software security is crucial in every aspect of information technology. As today's software has become larger and more complex than ever before, software fault localization has become more time consuming and labor intensive accordingly. Consequently, a broad spectrum of software fault localization techniques are proposed and implemented. However, most of these techniques assume the existence of a test suite to enable their execution traces and results to be used in locating program bugs. However, this is not always true in practice. After the release of software, programmers begin debugging immediately after one failure is detected. Only the test case that results in the failure is available for programmers. In such a situation, fault localization techniques, which require multiple failed and successful test cases, cannot be applied. Hence, in this paper, we propose an innovative fault localization framework, CRAXfault, based on single-path concolic execution, which exploits the execution path of one failed test case to automatically generate numerous test cases that are then used in a fault localization technique (e.g., Tarantula, Ochiai, Crosstab, and DStar). CRAXfault is evaluated across 15 real-life programs. The results demonstrate a remarkable effectiveness of CRAXfault in the number of statements that must be examined before the first faulty statement for a given bug is identified and acceptable efficiency in the time cost for generating test cases.