JavaScript kütüphaneleri için girdi doğrulama analizi

9th Turkish National Software Engineering Symposium, UYMS 2015; Yasar UniversityIzmir; Turkey; 9 September 2015 through 11 September 2015Bugün artık mobil ve web temelli yazılımlar günlük hayatın bir parçası olmuştur. Bu yazılımlar içinde JavaScript kütüphanelerinin kullanımı da son yıllarda önemli artış göstermiştir. Bu kütüphaneler sağladıkları uygulama programlama arayüzleri ile daha ziyade söz verdikleri işlevleri yerine getirmekte ancak beklenmeyen girdilere karşı dayanıklı bir yapı sunamamak-tadır. Bu çalışmada mobil ve web temelli yazılımlarda yoğun olarak kullanılmakta olan beş JavaScript kütüphanesine ait işlevlerin aldığı para-metreler ile kullandıkları global değişkenler üzerinde doğrulama yapıp yap-madıkları analiz edilmiştir. Bunun için bir girdi doğrulama modeli ortaya konmuştur. Bu model üzerinde geliştirilen algoritma ile JavaScript programları için tip analiz yapan TAJS yazılımı genişletilmiş ve beş JavaScript kütüphane-sine uygulanmış ve elde edilen sonuçlar paylaşılmıştır.Nowadays, mobile and web based software has been an integral part of our lives. In recent years, there has been an increase in usage of JavaScript libraries in those kind of software. Although these JavaScript libraries fulfill the functions they have promised with respect to the application program interfaces they provide, they are not robust against unexpected inputs. In this study, the parameters and global variables of functions in the five selected JavaScript li-braries that are frequently used in mobile and web based software are analyzed for input validation. For this purpose, an input validation model has been pro-posed. Based on this model, a tool called TAJS that performs a type analysis on JavaScript programs has been extended with a proposed algorithm. The result-ing tool is executed on five JavaScript libraries and obtained results are shared

An Empirical Evaluation of the Effectiveness of JML Assertions as Test Oracles

Test oracles remain one of the least understood aspects of the modern testing process. An oracle is a mechanism used by software testers and software engineers for determining whether a test has passed or failed. One widely-supported approach to oracles is the use of runtime assertion checking during the testing activity. Method invariants,pre- and postconditions help detect bugs during runtime. While assertions are supported by virtually all programming environments, are used widely in practice, and are often assumed to be effective as test oracles, there are few empirical studies of their efficacy in this role. In this thesis, we present the results of an experiment we conducted to help understand this question. To do this, we studied seven of the core Java classes that had been annotated by others with assertions in the Java Modeling Language, used the muJava mutation analysis tool to create mutant implementations of these classes, exercised them with input-only (i.e., no oracle) test suites that achieve branch coverage, and used a machine learning tool, Weka, to determine which annotations were effective at ``killing\u27\u27 these mutants. We also evaluate how effective the ``null oracle\u27\u27 (in our case, the Java runtime system) is at catching these bugs. The results of our study are interesting, and help provide software engineers with insight into situations in which assertions can be relied upon to find bugs, and situations in which assertions may need to be augmented with other approaches to test oracles

On the Effectiveness of Contracts as Test Oracles in the Detection and Diagnosis of Faults in Concurrent Object-Oriented Software

Design by Contract (DbC) is a software development methodology that focuses on clearly defining the interfaces between components to produce better quality object-oriented software. The idea behind DbC is that a method defines a contract stating the requirements a client needs to fulfill to use it, the precondition, and the properties it ensures after its execution, the postcondition. Though there exists ample support for DbC for sequential programs, applying DbC to concurrent programs presents several challenges. Using Java as the target programming language, this paper tackles such challenges by augmenting the Java Modelling Language (JML) and modifying the JML compiler to generate Runtime Assertion Checking (RAC) code to support DbC in concurrent programs. We applied our solution in a carefully designed case study on a highly concurrent industrial software system from the telecommunications domain to assess the effectiveness of contracts as test oracles in detecting and diagnosing functional faults in concurrent software. Based on these results, clear and objective requirements are defined for contracts to be effective test oracles for concurrent programs whilst balancing the effort to design them. Main results include that contracts of a realistic level of completeness and complexity can detect around 76% of faults and reduce the diagnosis effort for such faults by at least ten times. We, therefore, show that DbC can not only be applied to concurrent software but can also be a valua

Robustness and Diagnosability of OO Systems Designed by Contracts

While there is a growing interest for component-based systems in industry, little effort has so far been devoted to quality evaluation of these systems. This paper presents the definition of measures for two quality factors, namely robustness and "diagnosability" for the special case of OO systems for which thee approach known as Design by Contract has been used. The main steps in constructing these measures are given, from informal definitions of the factors to be measured to the mathematical model of the measures. To fix the parameters, experimental studies have been conducted, essentially based on applying mutation analysis in the OO context. Several measures are presented that reveal and estimate the contribution of contracts quality and density to the overall quality of a system in terms of robustness and "diagnosability"

Methodologies for Evaluating User Centric Performance of Mobile Network Applications

Performance is an important attribute of mobile software applications, having a direct impact on end-user's experience. One of the obstacles that make software performance testing difficult to pursue is the lack of performance requirements that complicates the process of verifying the correctness of the test case output. Moreover, compared to other platforms, mobile applications' quality assurance is more challenging, since their functionality is affected by the surrounding environment. In this work, we propose methodologies and frameworks to evaluate the impact of interaction of the quality of the wireless network connection and application configurations on performance behaviour and performance robustness of a mobile networked application as perceived by the end user. We follow a model-based approach. The thesis starts by defining the system model of software applications that we target, the network stack that the application is assumed to use to provide the service to the end user, and the metric used to capture the quality of the provided network service. Then, an analytical performance model that captures the application-network interactions is developed using the Markovian framework. To model realistic interactions with the network, the performance model is developed and solved using supplementary variable technique (SVT). The model is intensively verified with simulation. Furthermore, two input network models are analytically developed. In both models, the mobile application is assumed to have a wireless network access through a WiFi access point that implements IEEE 802.11 protocol. In the first model, data transfer is achieved using user datagram protocol (UDP), while in the second, data transfer is accomplished using transmission control protocol (TCP). For the TCP model, two scenarios are considered. In the first scenario, an application data unit (APDU) is assumed to fit in one TCP packet, while in the second scenario, an APDU is assumed to fit in multiple TCP packets. All models are verified using the well-known NS2 network simulator. Third, we propose a model based test generation methodology to evaluate the impact of the interaction of the environment, the wireless network, and the application configurations on the performance of a mobile networked application. The methodology requires four artefacts as inputs, namely, a behaviour model of the software under test, a network model, a test coverage criterion, and a set of desired performance levels. The methodology consists of three steps: performance model development, test generation, and estimation of test execution parameters. To evaluate the end-user quality of experience, test generation is formulated as an inversion problem and solved as an optimization problem. To generate an efficient set of test cases, two test coverage criteria are proposed: user experience (UE) and user experience and input interaction (UEII). Test execution optimizations are inferred using a performance simulation model. To show the applicability of the methodology, two mobile networked app examples are used: multimedia streaming and web browsing. The effectiveness of the methodology is evaluated by comparing the time cost to design a test suite with random testing. The obtained results are very promising. Fourth, to minimize the incurred cost of performance model evaluations, we utilize metamorphic testing to generate test cases. Metamorphic testing is a technique that is proposed to alleviate the test oracle problem. By utilizing certain inherent properties of the system under test (metamorphic relations), test cases are generated and verified without the need to know the expected output of each individual test case in advance. By hybridizing our proposed test generation methodology with metamorphic testing, the time cost of generating a test suite is reduced tremendously. We first generate a limited set of seed test cases using our test generation methodology. Then, we generate a set of follow-up test cases by utilizing the developed network models as metamorphic relations and without the need to invoke the performance model. Follow-up test generation is formulated as a maximization problem. The objective is to maximize the distance between a seed test case and follow-up test cases so that to generate a non-redundant set of test cases. Three distance metrics are used: Euclidean, squared Euclidean, and Manhattan. The modified methodology is used to generate test cases for a multimedia streaming application. We empirically evaluate the modified test generation methodology using two evaluation metrics: the incurred time cost and the percentage of redundancy in the generated test suite. The obtained results show the advantage of the modified methodology in minimizing the cost of test generation process. Fifth, we propose a third methodology to evaluate the impact of the wireless network conditions on robustness of performance of adaptive and non-adaptive mobile networked applications. Software robustness is mainly about how the system behaves under stressful conditions. In this work, we target performance robustness under stressful network conditions. The proposed methodology consists of three steps and it requires three different artefacts as inputs. To quantify robustness, two metrics (static and dynamic robustness) are proposed. The main challenge in evaluating robustness is the combinatorial growth of network-application interactions that need to be evaluated. To mitigate this issue, we propose an algorithm to limit the number of interactions, utilizing the monotonicity property of the performance model. To evaluate the dynamic robustness metric, the ability of the adaptive application to tolerate degraded network conditions has to be evaluated. This problem is formulated as a minimization problem. The methodology is used to evaluate the performance robustness of a mobile multimedia streaming application. The effectiveness of the proposed methodology is evaluated. The obtained results show three to five times reduction in total cost compared to the naive approach in which all combinations are exhaustively evaluated

Amélioration du processus de vérification des architectures générées à l'aide d'outils de synthèse de haut-niveau

L'augmentation de la capacité d'intégration des circuits a permis le développement des systèmes de plus en plus complexes. De cette complexité sont nés des besoins conséquents quant aux méthodes de conception et de vérification. Les outils de synthèse de haut-niveau (HLS) sont une des réponses à ces besoins. Les travaux présentés dans cette thèse ont pour cadre l'amélioration du processus de vérification des architectures matérielles synthétisées par HLS. En particulier, ils proposent une méthode pour la transformation des assertions booléennes spécifiées dans la description algorithmique d'une application en moniteurs matériels pour la simulation. Une deuxième méthode est proposée. Elle cible la synthèse automatique d'un gestionnaire d'erreurs matériel dont le rôle est d'archiver les erreurs survenant dans un circuit en fonctionnement réel, ainsi que leurs contextes d'exécution.The fast growing complexity of hardware circuits, during the last three decades, has change devery step of their development cycle. Design methods evolved a lot, and this evolutionwas necessary to cope with an always shorter time-to-market, mainly driven by the internationalcompetition.An increased complexity also means more errors, harder to find corner-cases, and morelong and expensive simulations. The verification of hardware systems requires more andmore resources, and is the main cost factor of the whole development of a circuit. Since thecomplexity of any system increases, the cost of an error undetected until the foundry stepbecame prohibitive. Therefore, the verification process is divided between multiple stepsinvolved at every moment of the design process : comparison of models behavior, simulationof RTL descriptions, formal analysis of algorithms, assertions usage, etc. The verificationmethodologies evolved a lot, in order to follow the progress of design methods. Somemethods like the Assertion-Based Verification became so important that they are nowwidely adopted among the developers community, providing near-source error detection.Thus, the work described here aims at improving the assertion-based verification process,in order to offer a consequent timing improvment to designers. Two contributions aredetailed. The first one deals with the transformation of Boolean assertions found in algorithmicdescriptions into equivalent temporal assertions in the RTL description generatedby high-level synthesis (HLS) methodologies. Therefore, the assertions are usable duringthe simulation process of the generated architectures. The second contribution targets theverification of hardware systems in real-time. It details the synthesis process of a hardwareerror manager, which has to save and serialize the execution context when an error isdetected. Thus, it is easier to understand the cause of an error and to find its source. Theerrors and their contexts are serialized as reports in a memory readable by the system ordirectly by the designer. The behavior of a circuit can be analyzed without requiring anyprobe or integrated logic analyzer.BORDEAUX1-Bib.electronique (335229901) / SudocSudocFranceF