40,664 research outputs found
Harvey: A Greybox Fuzzer for Smart Contracts
We present Harvey, an industrial greybox fuzzer for smart contracts, which
are programs managing accounts on a blockchain. Greybox fuzzing is a
lightweight test-generation approach that effectively detects bugs and security
vulnerabilities. However, greybox fuzzers randomly mutate program inputs to
exercise new paths; this makes it challenging to cover code that is guarded by
narrow checks, which are satisfied by no more than a few input values.
Moreover, most real-world smart contracts transition through many different
states during their lifetime, e.g., for every bid in an auction. To explore
these states and thereby detect deep vulnerabilities, a greybox fuzzer would
need to generate sequences of contract transactions, e.g., by creating bids
from multiple users, while at the same time keeping the search space and test
suite tractable. In this experience paper, we explain how Harvey alleviates
both challenges with two key fuzzing techniques and distill the main lessons
learned. First, Harvey extends standard greybox fuzzing with a method for
predicting new inputs that are more likely to cover new paths or reveal
vulnerabilities in smart contracts. Second, it fuzzes transaction sequences in
a targeted and demand-driven way. We have evaluated our approach on 27
real-world contracts. Our experiments show that the underlying techniques
significantly increase Harvey's effectiveness in achieving high coverage and
detecting vulnerabilities, in most cases orders-of-magnitude faster; they also
reveal new insights about contract code.Comment: arXiv admin note: substantial text overlap with arXiv:1807.0787
MatriVasha: A Multipurpose Comprehensive Database for Bangla Handwritten Compound Characters
At present, recognition of the Bangla handwriting compound character has been
an essential issue for many years. In recent years there have been
application-based researches in machine learning, and deep learning, which is
gained interest, and most notably is handwriting recognition because it has a
tremendous application such as Bangla OCR. MatrriVasha, the project which can
recognize Bangla, handwritten several compound characters. Currently, compound
character recognition is an important topic due to its variant application, and
helps to create old forms, and information digitization with reliability. But
unfortunately, there is a lack of a comprehensive dataset that can categorize
all types of Bangla compound characters. MatrriVasha is an attempt to align
compound character, and it's challenging because each person has a unique style
of writing shapes. After all, MatrriVasha has proposed a dataset that intends
to recognize Bangla 120(one hundred twenty) compound characters that consist of
2552(two thousand five hundred fifty-two) isolated handwritten characters
written unique writers which were collected from within Bangladesh. This
dataset faced problems in terms of the district, age, and gender-based written
related research because the samples were collected that includes a verity of
the district, age group, and the equal number of males, and females. As of now,
our proposed dataset is so far the most extensive dataset for Bangla compound
characters. It is intended to frame the acknowledgment technique for
handwritten Bangla compound character. In the future, this dataset will be made
publicly available to help to widen the research.Comment: 19 fig, 2 tabl
Determining Basis Test Paths Using Genetic Algorithm and J4
Basis test paths is a method that uses a graph contains nodes as a representation of codes and the lines as a sequence of code execution steps. Determination of basis test paths can be generated using a Genetic Algorithm, but the drawback was the number of iterations affect the possibility of visibility of the appropriate basis path. When the iteration is less, there is a possibility the paths do not appear all. Conversely, if the iteration is too much, all the paths have appeared in the middle of iteration. This research aims to optimize the performance of Genetic Algorithms for the generation of Basis Test Paths by determining how many iterations level corresponding to the characteristics of the code. Code metrics Node, Edge, VG, NBD, LOC were used as features to determine the number of iterations. J48 classifier was employed as a method to predict the number of iterations. There were 17 methods have selected as a data training, and 16 methods as a data test. The system was able to predict 84.5% of 58 basis paths. Efficiency test results also show that our system was able to seek Basis Paths 35% faster than the old system
Recommended from our members
Using formal methods to support testing
Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent
years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing
Industrial Surveys on Software Testing Practices: A Literature Review
A US government agency estimated the national cost of inadequate software testing to be \$60 billion annually, and that was 20 years ago. As the role of technology and software has been rapidly increasing worldwide for decades, it suffices to say that the worldwide fiscal effect of poor testing practices today is probably ``quite a bit``.
An increasing number of industry-focused survey studies on testing have been published worldwide in recent years, signalling an increased need to characterize the testing practices of the software development industry. These types of studies can help to guide future research efforts towards subjects that are meaningful to the industry, and provide practitioners with an opportunity to compare their own practice to those of their peers and recognize the main improvement areas.
As no secondary study devoted to these types of survey studies could be identified, the opportunity was seized to carry out a literature review was to find out what the data from these studies can tell us when aggregated. The precise topics focused on were the usage of test levels, test types, test design techniques, test tools and test automation.
Looking at these studies in aggregate tells us about some general trends: unit testing, functional testing and regression testing are popular everywhere, and also quite popular regardless of the surveyed population are performance testing and usability testing. The popularity of the other test levels and test types vary from survey to survey or region to region. Black-box techniques and experience-based techniques are more popular than white-box techniques. Exploratory testing, error guessing, use case testing and boundary value analysis are some of the most popular test design techniques. Much of the industry relies on manual testing over automated testing and/or have inadequately adopted the usage of testing tools
- âŠ