Alex Orso - Software

Currently released (or about to be released)

  • MintHint is a novel technique and tool for program repair that is a departure from most of today‚Äôs approaches. Instead of trying to fully automate program repair, which is often an unachievable goal, MintHint performs statistical correlation analysis to identify expressions that are likely to occur in the repaired code and generates, using pattern-matching based synthesis, repair hints from these expressions. Intuitively, these hints suggest how to rectify a faulty statement and help developers find a complete, actual repair. A paper describing the work is available here. You can get more information and download the tool here.

  • F3 (Fault localization for Field Failures) is a tool that builds on BugRedux (see below) and extends it with automated debugging capabilities. F3 can thus help developers not only recreate, but also debug field failures. Given an observed field failure, F3 can synthesize a number of failing and passing executions similar to the observed failure and use these executions, in conjunction with automated fault localization approaches, to help developers identify likely causes of such failure. A paper describing the work is available here. You can also download the tool here.

  • TestEvol is a tool for analyzing test-suite evolution. More precisely, TestEvol facilitates the systematic study of test-suite evolution for Java programs and JUnit test suites. The tool analyzes a sequence of versions of a software system, where a system consists of an application together with its test suite, and allows for studying how the test cases in the test suite evolved when going from one version to the next. A paper describing the work is available here. You can also download the tool here.

  • BugRedux, a general tool for enabling in-house debugging of field failures. BugRedux works by (1) collecting data about failing program executions in the field, (2) extracting from the collected execution data sequences of intermediate goals (i.e., statements in the program), and (3) using a symbolic execution technique to synthesize, in house, executions that reach such goals, mimic the observed executions, and reproduce the corresponding failures. The current implementation of BugRedux can collect four types of increasingly rich execution data: points of failure, call stacks, call sequences, and complete program traces. To perform symbolic execution, BugRedux relies on a suitably modified version of KLEE. A paper describing the work is available here. You can also download the tool here.

  • NIONKA, a tool for execution hijacking. Given a program P and an input I for P, execution hijacking allows for running P with I as input and following a specific path that P would normally not follow under I. By doing so, execution hijacking can expose additional behaviors and benefit different kinds of dynamica analysis. A paper describing the work is available here. You can also download the tool here. Two versions of the tool are available, one for hijacking of Java programs, and the other for x86 programs.

  • BERT (BEhavioral Regression Testing), an Eclipse plug-in that implements our automated behavioral regression testing approach. Every time a new version of a program is saved, BERT (1) analyzes the changes between the new and the old version, (2) generates tests for the changed parts, (3) runs the tests on the old and new versions, (4) analyzes and reports to the developers the behavioral differences between the two versions. Read more about BERT here and click here to download the tool.

  • MINTS (MINimizer for Test Suites), a generic framework for supporting test-suite minimization that allows for (1) easily encoding a wide range of test-suite minimization problems, (2) handling problems that involve any number of minimization criteria, and (3) computing optimal solutions to minimization problems by leveraging a number of integer linear programming solvers. Read more about MINTS here and click here to download the tool.

  • InsECTJ, our second-generation instrumenter, is a generic framework for collecting information on the runtime behavior of a Java program. The tool is implemented as a set of Eclipse plug-ins. Read more about it here.

  • InsECT, our original Instrumentation, Execution, and Coverage/profiling Tool for Java is also available on SourceForge. Check it out at!

Available on a per-request basis

  • WASP, our new tool against SQL-injection attacks, is based on positive tainting and syntax-aware evaluation, is highly automated, has minimal deployment requirements, and can protect existing Java-based Web application from all types of SQL injections. Read more about it here.

  • SCARPE is a tool for Selective CApture and Replay of Program Executions. Given a program, the tool lets users (1) select a subsystem, (2) capture at runtime all the interactions between such subsystem and the rest of the program, and (3) replay the recorded interactions on the subsystem in isolation. Read more about it here.

  • AMNESIA, our tool against SQL-injection attacks, combines static analysis and runtime monitoring to protect web applications. Read more about it here.

  • JDiff is a tool for comparing different versions of object-oriented programs that identifies both differences and correspondences between two versions. The technique and the tool are described here.

  • DejaVOO, is our efficient regression-test-selection tool for Java software that combines static and dynamic analysis to reduce the regression testing effort. The latest paper about DejaVOO is available here.

  • Send me an email if you want to be notified when the tools are released (or if you are interested in getting any of the tools before it is officially released).

HTML style by Antonio Carzaniga Updated by Alex Orso on July 01, 2014 at 10:48:57.0000000000 CEST