1. Directed Test Generation for Effective Fault Localization Shay Artzi, Julian Dolby , Frank Tip, Marco Pistoia IBM T.J. Watson Research Center ISSTA – July 14, 2010 – Trento, Italy
11. Running PHP Example 1 if (isset($_REQUEST['query']) ){ 2 3 switch ($_REQUEST['query']) { 4 case "model": 5 $kf="model_id"; break; 6 case "make": 7 $kf="make_id"; break; 8 } 9 $v =_REQUEST['key']; 10 11 $sql="SELECT * FROM VEHICLES WHERE " . $kf . " = '” . $v . “'”; 12 $result=mysql_query($sql); 13 $n = mysql_numrows($result); 14 15 } else if (isset($_REQUEST['update']) ) { … }
12. Running Example – Success 1 if (isset($_REQUEST['query']) ){ 2 3 switch ($_REQUEST['query']) { 4 case "model": 5 $kf="model_id"; break; 6 case "make": 7 $kf="make_id"; break; 8 } 9 $v =_REQUEST['key']; 10 11 $sql="SELECT * FROM VEHICLES WHERE " . $kf . " = '” . $v . “'”; 12 $result=mysql_query($sql); 13 $n = mysql_numrows($result); 14 15 } else if (isset($_REQUEST['update']) ) { … } query -> 'make' key -> 'Ford' 'query' is set in request $kf set to 'make_id' SELECT * FROM VEHICLES WHERE make_id = 'Ford'; returns 2 result rows $n is assigned 2
13. Running Example – Failure 1 if (isset($_REQUEST['query']) ){ 2 3 switch ($_REQUEST['query']) { 4 case "model": 5 $kf="model_id"; break; 6 case "make": 7 $kf="make_id"; break; 8 } 9 $v =_REQUEST['key']; 10 11 $sql="SELECT * FROM VEHICLES WHERE " . $kf . " = '” . $v . “'”; 12 $result=mysql_query($sql); 13 $n = mysql_numrows($result); 14 15 } else if (isset($_REQUEST['update']) ) { … } 'query' is set in request switch falls through $kf is never assigned SELECT * FROM VEHICLES WHERE = 'Ford'; returns null due to invalid sql mysql_numrows(): supplied argument is not a valid MySQL result resource query -> 'company' key -> 'Ford'
non-conditional statements are handled the same as before conditional statements are assigned the maximum of the suspiciousness of each of their branches