STAR: Stack Trace Based Automatic Crash Reproduction via Symbolic Execution

Author(s): Ning Chen, Sunghun Kim
Venue: IEEE Transactions on Software Engineering
Date: 1 Feb 2015

Type of Experiement: Case Study
Sample Size: 3
Data Collection Method: Observation


When reporting analytics, crash reports typically some of the most important pieces of information to have from a users’ session. The stack trace, however, only contains the relevant call stack that causes an unexpected error, not necessary the state of the program at the time of execution. In a traditional workflow, developers would inspect the line of interest and attempt to recreate the system’s state that would cause exception, assuming they can extrapolate the error. From here, this use case is transformed into a unit test and committed to the system’s test suite.

STAR is a Stack-Trace-based Automatic crash Reproduction framework which can automatically reproduces crashes use crash stack traces. The system is comprised of four phases: stack trace processing, initial crash condition inferring, crash precondition computation and test case generation. From a system crash database such as Bugzilla, STAR will use regex to extract the trace and then move on to its inferring stage to analyze the type of exception and line of interest. STAR proceeds to generate a set of weakest preconditions for the parameters of the crash in order to gather resources of the test generation stage. Finally, STAR generates a unit test that will properly test the class in question with the preconditions computed in the previous step. For determining the set of weakest preconditions, STAR contains a backward symbolic execution algorithm which starts the line of interests, analyzes the exception type, and proceeds to recursively determine all related variable states, following the call stack of the crash report. Due to the undecidability problem, STAR is technically indeterminate in its runtime but will stop after a specified amount of time. Similarly, the path explosion problem would cause an exponential analysis but STAR overcomes this problem with path pruning based on non-contributing precondition values. As a result, when STAR was executed on three open source projects, it was able to exploit nearly 60% of all crash reports and generate test cases for 42% of said reports.