mistupv
The slicer does not know which Java methods write to arguments (such as System#arrayCopy)
Description During metamorphic testing of the slicing tool (focused on dependency tracking for multi-dimensional arrays and System.arraycopy), a critical defect was identified: the tool fails to include System.arraycopy calls in slices when they are essential for determining the value of the criterion variable. This leads to incomplete slices that produce incorrect results.
Reproduction Steps
- Use the following test code (mutated version for metamorphic testing) as input:
class ArrayCopyMutated {
public static void main(String[] args) {
// 2D source array initialization
int[][] source = { {1, 2, 3}, {4, 5, 6}, {7, 8, 9} };
int[][] target = new int[source.length][]; // Initialize 1st dimension of target
// Copy elements from source to target using System.arraycopy
for (int row = 0; row < source.length; row++) {
target[row] = new int[source[row].length]; // Initialize 2nd dimension of target
System.arraycopy(
source[row], // Source sub-array
0, // Source start index
target[row], // Target sub-array
0, // Target start index
source[row].length // Copy length
);
}
// Slicing criterion: value of target[1][2]
System.out.println(target[1][2]);
}
}
2.Generate a slice with the criterion: target[1][2] (line containing System.out.println(target[1][2])).
Expected Slice The slice should include all code necessary to determine target[1][2], including: Initialization of source (to provide the original value 6 at source[1][2]). Initialization of target (both dimensions). The for loop with System.arraycopy (to copy source[1][2] to target[1][2]).
Example of correct slice:
class ArrayCopyMutated {
public static void main(String[] args) {
int[][] source = { {1, 2, 3}, {4, 5, 6}, {7, 8, 9} };
int[][] target = new int[source.length][];
for (int row = 0; row < source.length; row++) {
target[row] = new int[source[row].length];
System.arraycopy(source[row], 0, target[row], 0, source[row].length);
}
System.out.println(target[1][2]);
}
}
Actual Slice Produced The tool’s output omits the System.arraycopy call, which is critical for populating target with values from source:
class ArrayCopyMutated {
public static void main(String[] args) {
int[][] source = { {1, 2, 3}, {4, 5, 6}, {7, 8, 9} };
int[][] target = new int[source.length][];
for (int row = 0; row < source.length; row++) {
target[row] = new int[source[row].length];
}
System.out.println(target[1][2]);
}
}
Root Cause Hypothesis The tool fails to model data flow dependencies introduced by System.arraycopy (a native method). It does not recognize that target[row][] depends on source[row][] via System.arraycopy, leading it to incorrectly exclude the method call from the slice.
