1,177 research outputs found
Genetic Algorithms as a Viable Method of Obtaining Branch Coverage
Finding a way to automate the generation of test data is a crucial aspect of software testing. Testing comprises 50% of all software development costs [Korel90]. Finding a way to automate testing would greatly reduce cost and labor involved in the task of software testing. One of the ways to automate software testing is to automate the generation of test data inputs. For example, in statement coverage, creating test cases that will cover all of the conditions required when testing that program would be costly and time-consuming if undertaken manually. Therefore, a way must be found that allows the automation of creating test data inputs to satisfy all test requirements for a given test.
One such way of automating test data generation is the use of genetic algorithms. Genetic algorithms use the creation of generations of test inputs, and then choose the most fit test inputs, or those test inputs that are most likely to satisfy the test requirement, as the test inputs that will be passed to the next generation of inputs. In this way, the solution to the test requirement problem can be found in an evolutionary fashion. Current research suggests that comparison of genetic algorithms with random test input generation produces varied results. While results of these studies show promise for the future use of genetic algorithms as an answer to the issue of discovering test inputs that will satisfy branch coverage, what is needed is additional experimental research that will validate the performance of genetic algorithms in a test environment.
This thesis makes use of the EvoSuite plugin tool, which is a software plugin for the IntelliJ IDEA Integrated Development Environment that runs using a genetic algorithm as its main component. The EvoSuite tool is run against 22 Java classes, and the EvoSuite tool will automatically generate unit tests and will also execute those unit tests while simultaneously measuring branch coverage of the unit tests against the Java classes under test.
The results of this thesis’ experimental research are that, just as the literature indicates, the EvoSuite tool performed with varied results. In particular, Fraser’s study of the EvoSuite tool as an Eclipse plugin was accurate in depicting how the EvoSuite tool would come to perform as an IntelliJ plugin, namely that the EvoSuite tool would perform poorly for a large number of classes tested
Class mutation operators for C++ object-oriented systems
Mutation testing is a fault injection testing technique around which a great variety of studies and tools for different programming languages have been developed. Nevertheless, the mutation testing research with respect to C++ is pending. This paper proposes a set of class mutation operators related to this language and its particular object-oriented (OO) features. In addition, an implementation technique to apply mutation testing based on the traversal of the abstract syntax tree (AST) is presented. Finally, an experiment is conducted to study the operator behaviour with different C++ programs, suggesting their usefulness in the creation of complete test suites. The analysis includes a Web service (WS) library, one of the domains where this technique can prove useful, considering its challenging testing phase and that C++ is still a reference language for critical distributed systems WS
Class mutation operators for C++ object-oriented systems
Mutation testing is a fault injection testing technique around which a great variety of studies and tools for different programming languages have been developed. Nevertheless, the mutation testing research with respect to C++ is pending. This paper proposes a set of class mutation operators related to this language and its particular object-oriented (OO) features. In addition, an implementation technique to apply mutation testing based on the traversal of the abstract syntax tree (AST) is presented. Finally, an experiment is conducted to study the operator behaviour with different C++ programs, suggesting their usefulness in the creation of complete test suites. The analysis includes a Web service (WS) library, one of the domains where this technique can prove useful, considering its challenging testing phase and that C++ is still a reference language for critical distributed systems WS
Automating test oracles generation
Software systems play a more and more important role in our everyday life. Many relevant human activities nowadays involve the execution of a piece of software. Software has to be reliable to deliver the expected behavior, and assessing the quality of software is of primary importance to reduce the risk of runtime errors. Software testing is the most common quality assessing technique for software. Testing consists in running the system under test on a finite set of inputs, and checking the correctness of the results. Thoroughly testing a software system is expensive and requires a lot of manual work to define test inputs (stimuli used to trigger different software behaviors) and test oracles (the decision procedures checking the correctness of the results). Researchers have addressed the cost of testing by proposing techniques to automatically generate test inputs. While the generation of test inputs is well supported, there is no way to generate cost-effective test oracles: Existing techniques to produce test oracles are either too expensive to be applied in practice, or produce oracles with limited effectiveness that can only identify blatant failures like system crashes. Our intuition is that cost-effective test oracles can be generated using information produced as a byproduct of the normal development activities. The goal of this thesis is to create test oracles that can detect faults leading to semantic and non-trivial errors, and that are characterized by a reasonable generation cost. We propose two ways to generate test oracles, one derives oracles from the software redundancy and the other from the natural language comments that document the source code of software systems. We present a technique that exploits redundant sequences of method calls encoding the software redundancy to automatically generate test oracles named CCOracles. We describe how CCOracles are automatically generated, deployed, and executed. We prove the effectiveness of CCOracles by measuring their fault-finding effectiveness when combined with both automatically generated and hand-written test inputs. We also present Toradocu, a technique that derives executable specifications from Javadoc comments of Java constructors and methods. From such specifications, Toradocu generates test oracles that are then deployed into existing test suites to assess the outputs of given test inputs. We empirically evaluate Toradocu, showing that Toradocu accurately translates Javadoc comments into procedure specifications. We also show that Toradocu oracles effectively identify semantic faults in the SUT. CCOracles and Toradocu oracles stem from independent information sources and are complementary in the sense that they check different aspects of the system undertest
A heuristic-based approach to code-smell detection
Encapsulation and data hiding are central tenets of the object oriented paradigm. Deciding what data and behaviour to form into a class and where to draw the line between its public and private details can make the difference between a class that is an understandable, flexible and reusable abstraction and one which is not. This decision is a difficult one and may easily result in poor encapsulation which can then have serious implications for a number of system qualities. It is often hard to identify such encapsulation problems within large software systems until they cause a maintenance problem (which is usually too late) and attempting to perform such analysis manually can also be tedious and error prone. Two of the common encapsulation problems that can arise as a consequence of this decomposition process are data classes and god classes. Typically, these two problems occur together – data classes are lacking in functionality that has typically been sucked into an over-complicated and domineering god class. This paper describes the architecture of a tool which automatically detects data and god classes that has been developed as a plug-in for the Eclipse IDE. The technique has been evaluated in a controlled study on two large open source systems which compare the tool results to similar work by Marinescu, who employs a metrics-based approach to detecting such features. The study provides some valuable insights into the strengths and weaknesses of the two approache
Recommended from our members
Using formal methods to support testing
Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent
years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing
Vulnerabilities preservation using code mutation
Dissertação de mestrado integrado em Informatics EngineeringThe main goal of software security testing is to assess the security risks of an application so that
programmers can eliminate all vulnerabilities, as early as possible, before they are exploited by attackers.
There are several tools on the market that allow to perform these tests during the software development
life cycle to ensure that there are no security flaws in the final product. However, like all tools, these can
also have imperfections, one of them being unable to detect weaknesses in vulnerable software.
The project of this dissertation aims to tackle this problem, so that it is possible to find and correct
flaws in security tests in order to, consequently, increase the effectiveness of the tools that intend to
certify the security of applications. For this, the solution studied in this document is to apply syntactic
transformations in vulnerable code samples without interfering in the presence of the vulnerabilities that
should later be detected. This process is based on: ) code refactoring techniques that allow improving
the internal quality of the software; ) the mutation testing system used to evaluate the quality of software
testing.
To implement this idea, a tool called VSG was developed with the functionality of producing new
code samples with security flaws. This document describes the whole development process, from the
architecture to the implementation of the tool. In the end, there is an analysis with the results obtained
when trying to detect the vulnerabilities present in the samples produced through the CxSAST application
of the company Checkmarx, from which this dissertation emerged.O objetivo principal de testes de segurança de software consiste em avaliar os riscos de segurança de
uma aplicação para que os programadores possam eliminar todas as vulnerabilidades o mais cedo possĂvel, antes que sejam exploradas por atacantes. Existem várias ferramentas no mercado que permitem
realizar estes testes durante o processo de desenvolvimento de software para garantir que nĂŁo existam
falhas de segurança no produto final. Porém, tal como todas as ferramentas, estas também podem apresentar imperfeições, sendo uma delas não conseguir detetar fraquezas em software vulnerável.
O projeto desta dissertação pretende combater este problema, de modo a que seja possĂvel encontrar
e corrigir falhas nos testes de segurança para, consequentemente, aumentar a eficácia das ferramentas
que pretendem certificar a segurança das aplicações. Para isto, a solução estudada neste documento
passa por aplicar transformações sintáticas em amostras de código vulneráveis sem interferir na presença
das vulnerabilidades que deverão, posteriormente, ser detetadas. Este processo baseia-se: ) nas técnicas
de refatoração de código que permitem melhorar a qualidade interna do software; ) no sistema de testes
de mutação usado para avaliar a qualidade de testes de software.
Para implementar esta ideia, uma ferramenta chamada VSG foi desenvolvida com a funcionalidade
de produzir novas amostras de código com falhas de segurança. Neste documento é descrito todo o
processo de desenvolvimento, desde a arquitetura até à implementação da ferramenta. No final, existe
uma análise com os resultados obtidos ao tentar detetar as vulnerabilidades presentes nas amostras
produzidas através da aplicação CxSAST da empresa Checkmarx, da qual esta dissertação surgiu
Dynamic data flow testing
Data flow testing is a particular form of testing that identifies data flow relations as test objectives. Data flow testing has recently attracted new interest in the context of testing object oriented systems, since data flow information is well suited to capture relations among the object states, and can thus provide useful information for testing method interactions. Unfortunately, classic data flow testing, which is based on static analysis of the source code, fails to identify many important data flow relations due to the dynamic nature of object oriented systems. This thesis presents Dynamic Data Flow Testing, a technique which rethinks data flow testing to suit the testing of modern object oriented software. Dynamic Data Flow Testing stems from empirical evidence that we collect on the limits of classic data flow testing techniques. We investigate such limits by means of Dynamic Data Flow Analysis, a dynamic implementation of data flow analysis that computes sound data flow information on program traces. We compare data flow information collected with static analysis of the code with information observed dynamically on execution traces, and empirically observe that the data flow information computed with classic analysis of the source code misses a significant part of information that corresponds to relevant behaviors that shall be tested. In view of these results, we propose Dynamic Data Flow Testing. The technique promotes the synergies between dynamic analysis, static reasoning and test case generation for automatically extending a test suite with test cases that execute the complex state based interactions between objects. Dynamic Data Flow Testing computes precise data flow information of the program with Dynamic Data Flow Analysis, processes the dynamic information to infer new test objectives, which Dynamic Data Flow Testing uses to generate new test cases. The test cases generated by Dynamic Data Flow Testing exercise relevant behaviors that are otherwise missed by both the original test suite and test suites that satisfy classic data flow criteria
Towards quality programming in the automated testing of distributed applications
PhD ThesisSoftware testing is a very time-consuming and tedious activity and accounts for over 25% of
the cost of software development. In addition to its high cost, manual testing is unpopular and
often inconsistently executed. Software Testing Environments (STEs) overcome the deficiencies
of manual testing through automating the test process and integrating testing tools to support a
wide range of test capabilities.
Most prior work on testing is in single-thread applications. This thesis is a contribution to testing
of distributed applications, which has not been well explored. To address two crucial issues in
testing, when to stop testing and how good the software is after testing, a statistics-based
integrated test environment which is an extension of the testing concept in Quality Programming
for distributed applications is presented. It provides automatic support for test execution by the
Test Driver, test development by the SMAD Tree Editor and the Test Data Generator, test failure
analysis by the Test Results Validator and the Test Paths Tracer, test measurement by the Quality
Analyst, test management by the Test Manager and test planning by the Modeller. These tools
are integrated around a public, shared data model describing the data entities and relationships
which are manipulable by these tools. It enables early entry of the test process into the life cycle
due to the definition of the quality planning and message-flow routings in the modelling. After
well-prepared modelling and requirements specification are undertaken, the test process and the
software design and implementation can proceed concurrently.
A simple banking application written using Java Remote Method Invocation (RMI) and Java
DataBase Connectivity (JDBC) shows the testing process of fitting it into the integrated test
environment. The concept of the automated test execution through mobile agents across multiple
platforms is also illustrated on this 3-tier client/server application.The National Science Council, Taiwan:
The Ministry of National Defense, Taiwan
- …