1,814 research outputs found
A Template–Based Approach to Describing Metamorphic Relations
Metamorphic testing enables the generation of test
cases in the absence of an oracle by exploiting relations among
different executions of the program under test, called metamorphic
relations. In a recent survey, we observed a great variability
in the way metamorphic relations are described, typically in
an informal manner using natural language. We noticed that
the lack of a standard mechanism to describe metamorphic
relations often makes them hard to read and understand, which
hinders the widespread adoption of the technique. In this paper,
we propose a template–based approach for the description of
metamorphic relations. The proposed template aims to ease
communication among practitioners as well as to contribute to
research dissemination. Also, it provides a helpful guide for
those approaching metamorphic testing for the first time. For
the validation of the approach, we used the proposed template
to describe 17 previously published metamorphic relations from
different domains and groups of authors, without finding expressiveness
problems. We hope that this work eases the diffusion and
adoption of metamorphic testing, contributing to the progress of
this thriving testing technique.Comisión Interministerial de Ciencia y TecnologÃa TIN2015-70560-RJunta de AndalucÃa P12-TIC-186
Bringing the Field into the Classroom by Using Dynamic Digital Maps to Engage Undergraduate Students in Petrology Research
This article describes the use of Dynamic Digital Maps (DDMs) in undergraduate petrology courses. A DDM is a stand-alone computer program that presents interactive geologic maps, digital images, movies, animations, text and data. DDMs were developed for use in two undergraduate research projects, and impacts on student learning were evaluated by administering assessments on students before and after participation in one of the projects. Researchers found significant gains in both students' confidence in their ability to do research and to understand petrology, and noted that DDMs are versatile and can potentially be adapted effectively from 100-level introductory geology labs to research-oriented gradute level courses and in a variety of geologic subdisciplines. Educational levels: Graduate or professional, Graduate or professional
Automated Black-box Testing of Mass Assignment Vulnerabilities in RESTful APIs
Mass assignment is one of the most prominent vulnerabilities in RESTful APIs that originates from a misconfiguration in common web frameworks. This allows attackers to exploit naming convention and automatic binding to craft malicious requests that (massively) override data supposed to be read-only.In this paper, we adopt a black-box testing perspective to automatically detect mass assignment vulnerabilities in RESTful APIs. Indeed, execution scenarios are generated purely based on the OpenAPI specification, that lists the available operations and their message format. Clustering is used to group similar operations and reveal read-only fields, the latter are candidates for mass assignment. Then, test interaction sequences are automatically generated by instantiating abstract testing templates, with the aim of trying to use the found read-only fields to carry out a mass assignment attack. Test interactions are run, and their execution is assessed by a specific oracle, in order to reveal whether the vulnerability could be successfully exploited.The proposed novel approach has been implemented and evaluated on a set of case studies written in different programming languages. The evaluation highlights that the approach is quite effective in detecting seeded vulnerabilities, with a remarkably high accuracy
Performance-Driven Metamorphic Testing of Cyber-Physical Systems
Cyber-physical systems (CPSs) are a new generation
of systems, which integrate software with physical processes. The
increasing complexity of these systems, combined with the un certainty in their interactions with the physical world, makes the
definition of effective test oracles especially challenging, facing the
well-known test oracle problem. Metamorphic testing has shown
great potential to alleviate the test oracle problem by exploiting the
relations among the inputs and outputs of different executions of
the system, so-called metamorphic relations (MRs). In this article,
we propose an MR pattern called PV for the identification of
performance-driven MRs, and we show its applicability in two
CPSs from different domains, which are automated navigation
systems and elevator control systems. For the evaluation, we as sessed the effectiveness of this approach for detecting failures in an
open-source simulation-based autonomous navigation system, as
well as in an industrial case study from the elevation domain. We
derive concrete MRs based on the PV pattern for both case studies,
and we evaluate their effectiveness with seeded faults. Results show
that the approach is effective at detecting over 88% of the seeded
faults, while keeping the ratio of FPs at 4% or lower.European Union's Horizon 2020 Research and Innovation Programme (Grant Number: 871319)Junta de AndalucÃa US-1264651 (APOLO)Junta de AndalucÃa P18-FR-2895 (EKIPMENT-PLUS)Ministerio de Ciencia e Innovación RTI2018-101204-B-C21 (HORATIO)Mondragon Unibertsitatea IT1519-2
Unveiling metamorphism by abstract interpretation of code properties
Metamorphic code includes self-modifying semantics-preserving transformations to exploit code diversification. The impact of metamorphism is growing in security and code protection technologies, both for preventing malicious host attacks, e.g., in software diversification for IP and integrity protection, and in malicious software attacks, e.g., in metamorphic malware self-modifying their own code in order to foil detection systems based on signature matching. In this paper we consider the problem of automatically extracting metamorphic signatures from metamorphic code. We introduce a semantics for self-modifying code, later called phase semantics, and prove its correctness by showing that it is an abstract interpretation of the standard trace semantics. Phase semantics precisely models the metamorphic code behavior by providing a set of traces of programs which correspond to the possible evolutions of the metamorphic code during execution. We show that metamorphic signatures can be automatically extracted by abstract interpretation of the phase semantics. In particular, we introduce the notion of regular metamorphism, where the invariants of the phase semantics can be modeled as finite state automata representing the code structure of all possible metamorphic change of a metamorphic code, and we provide a static signature extraction algorithm for metamorphic code where metamorphic signatures are approximated in regular metamorphism
Oxygen Isotope Variations of Basaltic Lavas and Upper Mantle Rocks
This chapter summarizes the oxygen isotope geochemistry of terrestrial basalts and
their mantle sources, including the conceptual framework for interpreting such data and
the phenomenology of known variations. In particular, the first section outlines the
motivations for and first-order results of oxygen isotope studies of terrestrial and lunar
basalts over the last 30 years; the second section reviews oxygen isotopic fractionations
among phases relevant for studying basalts and mantle rocks; the third summarizes
variations in δ^(18)O of various crustal rocks that may contribute to the petrogenesis of
basalts either as subducted source components or lithospheric contaminants; and the
final and longest section describes observed oxygen isotope variations of major classes
of terrestrial basalts and related mantle nodules with an emphasis on data generated
within the last six years using laser-based fluorination techniques. In the interests of
brevity, I do not describe in detail methods for oxygen isotope analysis or changes in
δ^(18)O of volcanic rocks caused by sub-solidus alteration; however, these issues are
important practical considerations for anyone studying oxygen isotope compositions of
basalts and interested readers are directed to the following references: analytical
methods: Sharp (1990), Mattey and Macpherson (1993), and Valley et al. (1995); basalt
alteration: Muehlenbachs (1986), Alt (1993), and Staudigel et al. (1995)
Smoke Testing for Machine Learning: Simple Tests to Discover Severe Defects
Machine learning is nowadays a standard technique for data analysis within
software applications. Software engineers need quality assurance techniques
that are suitable for these new kinds of systems. Within this article, we
discuss the question whether standard software testing techniques that have
been part of textbooks since decades are also useful for the testing of machine
learning software. Concretely, we try to determine generic and simple smoke
tests that can be used to assert that basic functions can be executed without
crashing. We found that we can derive such tests using techniques similar to
equivalence classes and boundary value analysis. Moreover, we found that these
concepts can also be applied to hyperparameters, to further improve the quality
of the smoke tests. Even though our approach is almost trivial, we were able to
find bugs in all three machine learning libraries that we tested and severe
bugs in two of the three libraries. This demonstrates that common software
testing techniques are still valid in the age of machine learning and that
considerations how they can be adapted to this new context can help to find and
prevent severe bugs, even in mature machine learning libraries.Comment: Accepted at Empirical Software Engineering, Springe
MT-EA4Cloud: A Methodology For testing and optimising energy-aware cloud systems
Currently, using conventional techniques for checking and optimising the energy consumption in cloud systems is unpractical, due to the massive computational resources required. An appropriate test suite focusing on the parts of the cloud to be tested must be efficiently synthesised and executed, while the correctness of the test results must be checked. Additionally, alternative cloud configurations that optimise the energetic consumption of the cloud must be generated and analysed accordingly, which is challenging. To solve these issues we present MT-EA4Cloud, a formal approach to check the correctness – from an energy-aware point of view – of cloud systems and optimise their energy consumption. To make the checking of energy consumption practical, MT-EA4Cloud combines metamorphic testing, evolutionary algorithms and simulation. Metamorphic testing allows to formally model the underlying cloud infrastructure in the form of metamorphic relations. We use metamorphic testing to alleviate both the reliable test set problem, generating appropriate test suites focused on the features reflected in the metamorphic relations, and the oracle problem, using the metamorphic relations to check the generated results automatically. MT-EA4Cloud uses evolutionary algorithms to efficiently guide the search for optimising the energetic consumption of cloud systems, which can be calculated using different cloud simulatorsThis work was supported by the Spanish MINECO/FEDER projects DArDOS, FAME and MASSIVE under Grants TIN2015-65845-C3-1-R, RTI2018-093608-B-C31 and RTI2018-095255- B-I00, and the Comunidad de Madrid project FORTE-CM under grant S2018/TCS-4314. The first author is also supported by the Universidad Complutense de Madrid Santander Universidades grant (CT17/17-CT18/17
Eliciting Expertise
Since the last edition of this book there have been rapid developments in the use and exploitation of formally elicited knowledge. Previously, (Shadbolt and Burton, 1995) the emphasis was on eliciting knowledge for the purpose of building expert or knowledge-based systems. These systems are computer programs intended to solve real-world problems, achieving the same level of accuracy as human experts. Knowledge engineering is the discipline that has evolved to support the whole process of specifying, developing and deploying knowledge-based systems (Schreiber et al., 2000) This chapter will discuss the problem of knowledge elicitation for knowledge intensive systems in general
- …