303 research outputs found
Recommended from our members
Using formal methods to support testing
Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent
years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing
Testing in context: Efficiency and executability
Testing each software component in isolation is not always feasible. We consider testing a deterministic Implementation Under Test (IUT) together with some other correctly implemented components as its context. One of the essential issues of testing in context is test executability problem, i.e., tests generated solely from the specification of the IUT may not be executable due to the uncontrollable interaction between the IUT and its context. On the other hand, generating a test sequence from the abstract specifications of a stateful IUT and its context often suffers from the well-known state explosion problem. In this dissertation, we solve the problem of generating a minimal-length test sequence from a given specification of a stateful IUT and its embedded context. By adopting model checking techniques, we avoid the state explosion problem during test generation and avoid the test executability problem during testing in context
Extracting Protocol Format as State Machine via Controlled Static Loop Analysis
Reverse engineering of protocol message formats is critical for many security
applications. Mainstream techniques use dynamic analysis and inherit its
low-coverage problem -- the inferred message formats only reflect the features
of their inputs. To achieve high coverage, we choose to use static analysis to
infer message formats from the implementation of protocol parsers. In this
work, we focus on a class of extremely challenging protocols whose formats are
described via constraint-enhanced regular expressions and parsed using
finite-state machines. Such state machines are often implemented as complicated
parsing loops, which are inherently difficult to analyze via conventional
static analysis. Our new technique extracts a state machine by regarding each
loop iteration as a state and the dependency between loop iterations as state
transitions. To achieve high, i.e., path-sensitive, precision but avoid path
explosion, the analysis is controlled to merge as many paths as possible based
on carefully-designed rules. The evaluation results show that we can infer a
state machine and, thus, the message formats, in five minutes with over 90%
precision and recall, far better than state of the art. We also applied the
state machines to enhance protocol fuzzers, which are improved by 20% to 230%
in terms of coverage and detect ten more zero-days compared to baselines
FORTEST: Formal methods and testing
Formal methods have traditionally been used for specification and development of software. However there are potential benefits for the testing stage as well. The panel session associated with this paper explores the usefulness
or otherwise of formal methods in various contexts for improving software testing. A number of different possibilities for the use of formal methods are explored and questions raised. The contributors are all members of the UK FORTEST Network on formal methods and testing. Although
the authors generally believe that formal methods
are useful in aiding the testing process, this paper is intended to provoke discussion. Dissenters are encouraged to put their views to the panel or individually to the authors
- ā¦