Validating static warnings via testing code fragments

Published in ISSTA, 2021

Recommended citation: Ashwin Kallingal Joshy, Xueyuan Chen, Benjamin Steenhoek, and Wei Le. 2021. Validating static warnings via testing code fragments. In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2021). Association for Computing Machinery, New York, NY, USA, 540–552.

In this paper, we present a novel solution that automatically generates test cases based on static warnings to validate true and false positives. We found that testing code fragments is scalable and useful; it can trigger bugs that testing entire programs or testing procedures failed to trigger, including 4 verified CVE and real-world bugs.