Saeid Tizpaz-Niari,Verya Monjezi,Morgan Wagner,Shiva Darian,Krystia Reed,Ashutosh Trivedi

DOI: https://doi.org/10.48550/arXiv.2205.04998

2023-02-11

Abstract:This paper presents a data-driven framework to improve the trustworthiness of US tax preparation software systems. Given the legal implications of bugs in such software on its users, ensuring compliance and trustworthiness of tax preparation software is of paramount importance. The key barriers in developing debugging aids for tax preparation systems are the unavailability of explicit specifications and the difficulty of obtaining oracles. We posit that, since the US tax law adheres to the legal doctrine of precedent, the specifications about the outcome of tax preparation software for an individual taxpayer must be viewed in comparison with individuals that are deemed similar. Consequently, these specifications are naturally available as properties on the software requiring similar inputs provide similar outputs. Inspired by the metamorphic testing paradigm, we dub these relations metamorphic relations. In collaboration with legal and tax experts, we explicated metamorphic relations for a set of challenging properties from various US Internal Revenue Services (IRS) publications including Publication 596 (Earned Income Tax Credit), Schedule 8812 (Qualifying Children/Other Dependents), and Form 8863 (Education Credits). We focus on an open-source tax preparation software for our case study and develop a randomized test-case generation strategy to systematically validate the correctness of tax preparation software guided by metamorphic relations. We further aid this test-case generation by visually explaining the behavior of software on suspicious instances using easy to-interpret decision-tree models. Our tool uncovered several accountability bugs with varying severity ranging from non-robust behavior in corner-cases (unreliable behavior when tax returns are close to zero) to missing eligibility conditions in the updated versions of software.

Software Engineering,Computers and Society

Dananjay Srinivas,Rohan Das,Saeid Tizpaz-Niari,Ashutosh Trivedi,Maria Leonor Pacheco

2023-11-21

Abstract:Due to the ever-increasing complexity of income tax laws in the United States, the number of US taxpayers filing their taxes using tax preparation software (henceforth, tax software) continues to increase. According to the U.S. Internal Revenue Service (IRS), in FY22, nearly 50% of taxpayers filed their individual income taxes using tax software. Given the legal consequences of incorrectly filing taxes for the taxpayer, ensuring the correctness of tax software is of paramount importance. Metamorphic testing has emerged as a leading solution to test and debug legal-critical tax software due to the absence of correctness requirements and trustworthy datasets. The key idea behind metamorphic testing is to express the properties of a system in terms of the relationship between one input and its slightly metamorphosed twinned input. Extracting metamorphic properties from IRS tax publications is a tedious and time-consuming process. As a response, this paper formulates the task of generating metamorphic specifications as a translation task between properties extracted from tax documents - expressed in natural language - to a contrastive first-order logic form. We perform a systematic analysis on the potential and limitations of in-context learning with Large Language Models(LLMs) for this task, and outline a research agenda towards automating the generation of metamorphic specifications for tax preparation software.

Software Engineering,Computation and Language

Severin Kacianka,Alexander Pretschner

DOI: https://doi.org/10.1145/3442188.3445905

2021-01-20

Abstract:Accountability is an often called for property of technical systems. It is a requirement for algorithmic decision systems, autonomous cyber-physical systems, and for software systems in general. As a concept, accountability goes back to the early history of Liberalism and is suggested as a tool to limit the use of power. This long history has also given us many, often slightly differing, definitions of accountability. The problem that software developers now face is to understand what accountability means for their systems and how to reflect it in a system's design. To enable the rigorous study of accountability in a system, we need models that are suitable for capturing such a varied concept. In this paper, we present a method to express and compare different definitions of accountability using Structural Causal Models. We show how these models can be used to evaluate a system's design and present a small use case based on an autonomous car.

Software Engineering

Xiaoyuan Xie,Joshua Ho,Christian Murphy,Gail Kaiser,Baowen Xu,T. Y. Chen

2009-01-01

Abstract:Many applications in the field of scientific computing - such as computational biology, computational linguistics, and others - depend on Machine Learning algorithms to provide important core functionality to support solutions in the particular problem domains. However, it is difficult to test such applications because often there is no "test ora- cle" to indicate what the correct output should be for arbi- trary input. To help address the quality of scientific com- puting software, in this paper we present a technique for testing the implementations of machine learning classifica- tion algorithms on which such scientific computing software depends. Our technique is based on an approach called "metamorphic testing", which has been shown to be ef- fective in such cases. In addition to presenting our tech- nique, we describe a case study we performed on a real- world machine learning application framework, and dis- cuss how programmers implementing machine learning al- gorithms can avoid the common pitfalls discovered in our study. We also discuss how our findings can be of use to other areas of computational science and engineering.

Hao Jin,Yanyan Jiang,Na Liu,Chang Xu,Xiaoxing Ma,Jian Lu

DOI: https://doi.org/10.1109/COMPSAC.2015.79

2015-01-01

Abstract:Debugging is challenging and labor-intensive. Debugging programs with weak or no oracle is even more difficult due to lack of passing and failing test runs as well as their comparisons. To address these challenges, we exploit metamorphic relations to construct new programs that are enhanced with synthesized oracle, and combine concolic testing and branch-switching debugging to localize potentially faulty places in original programs. We name our approach concolic metamorphic debugging (or Comedy for short). We experimentally evaluated Comedy with real-world Java programs. The experimental results reported that Comedy successfully generated debugging report for 88.4% of 2,330 faulty programs. The average branch distance between the reported locations and the real fault places is only 1.68. Besides, 36% of the debugging reports precisely locate the fault.

Junhua Ding,Dongmei Zhang,Xin-Hua Hu

DOI: https://doi.org/10.1145/2896971.2896981

2016-01-01

Abstract:One of the grand challenges for adequately testing scientific software is due to the oracle problem. Metamorphic testing is the promise technique for addressing the problem through checking the satisfaction of a metamorphic relation that defines the correlation on the relation of paired test inputs and the one of their corresponding outputs. Therefore, checking the correctness of an individual test is replaced by checking the satisfaction of the metamorphic relation among a group of tests. However, the quality of the testing is highly depended on the identification of metamorphic relations. In this paper, we use an iterative approach for the development and refinement of metamorphic relations during testing process through testing an open source discrete dipole approximation program called ADDA. Through studying ADDA program, we discuss the experience and challenges of metamorphic testing for testing scientific software.

Rui Li,Huai Liu,Pak-Lok Poon,Dave Towey,Chang-Ai Sun,Zheng Zheng,Zhi Quan Zhou,Tsong Yueh Chen

2024-06-11

Abstract:Metamorphic testing has become one mainstream technique to address the notorious oracle problem in software testing, thanks to its great successes in revealing real-life bugs in a wide variety of software systems. Metamorphic relations, the core component of metamorphic testing, have continuously attracted research interests from both academia and industry. In the last decade, a rapidly increasing number of studies have been conducted to systematically generate metamorphic relations from various sources and for different application domains. In this article, based on the systematic review on the state of the art for metamorphic relations' generation, we summarize and highlight visions for further advancing the theory and techniques for identifying and constructing metamorphic relations, and discuss potential research trends in related areas.

Software Engineering

Mingchen Gao,Huiyan Wang,Chang Xu

DOI: https://doi.org/10.1109/saner60148.2024.00096

2024-01-01

Abstract:Constraint checking techniques are being widely used for ensuring the consistency of software artifacts during their development and evolution (e.g., detecting inconsistency in an application's running contexts or identifying rule violation in the code being developed). Typically, consistency constraints are formulated and checked upon the changes of software artifacts under checking. When any constraint is violated, an inconsistency is said to occur and then follow-up actions can be taken to remedy the problem. Currently, various constraint checking techniques have been proposed and implemented with sophisticated mechanisms for higher efficiency and scalability. However, these implementations could be far from being well tested due to their oracle problems, i.e., hardly able to tell what the checking result should be, given any software artifacts and their consistency constraints to check. In this paper, we leverage metamorphic testing and propose a family of metamorphic relations catered for testing constraint checking implementations. We dedicatedly design these relations by following the sensitivity principle via a fine-granularity control and the diversity principle via input-oriented transformations. Our experiments reported promising results (disclosing 80 % mutation bugs and five real bugs) without the need of any manual labeling.

Junhua Ding,XinChuan Li,Xin-Hua Hu

DOI: https://doi.org/10.1109/QRS.2019.00057

2019-01-01

Abstract:Adequately testing scientific software is essential to the quality of the software. However, it is a grand challenge due to the oracle problem. Metamorphic testing has shown its effectiveness for alleviating the problem. But the effectiveness of metamorphic testing is highly dependent on the quality of metamorphic relations that are developed for testing the software. In this paper, we propose a framework for iteratively developing metamorphic relations for adequately testing scientific software. The basic idea is to refine metamorphic relations that are loosely defined to those that can be verified with only limited number of cases so that the relations can be accurately tested. We explain the framework through testing a scientific software system that is used for modeling light scattering of particles. Based on domain knowledge and general guidelines, a group of metamorphic relations are first identified and tested. According to testing results, the metamorphic relations are refined step by step until each of them can be accurately tested. In particular, an invariant transform is applied to the metamorphic relations for significantly reducing the number of cases that can satisfy the relations. Finally the relations are further transformed with a carefully defined hash function to ensure each of the metamorphic relations can be automatically verified. The proposed approach truly solves the oracle problem and greatly improves the effectiveness of metamorphic testing. Its effectiveness is evaluated by mutation testing and demonstrated by new problems found in the software.

Seung Yeob Shin,Fabrizio Pastore,Domenico Bianculli,Alexandra Baicoianu

2024-10-11

Abstract:Metamorphic testing (MT) has proven to be a successful solution to automating testing and addressing the oracle problem. However, it entails manually deriving metamorphic relations (MRs) and converting them into an executable form; these steps are time-consuming and may prevent the adoption of MT. In this paper, we propose an approach for automatically deriving executable MRs (EMRs) from requirements using large language models (LLMs). Instead of merely asking the LLM to produce EMRs, our approach relies on a few-shot prompting strategy to instruct the LLM to perform activities in the MT process, by providing requirements and API specifications, as one would do with software engineers. To assess the feasibility of our approach, we conducted a questionnaire-based survey in collaboration with Siemens Industry Software, a worldwide leader in providing industry software and services, focusing on four of their software applications. Additionally, we evaluated the accuracy of the generated EMRs for a Web application. The outcomes of our study are highly promising, as they demonstrate the capability of our approach to generate MRs and EMRs that are both comprehensible and pertinent for testing purposes.

Software Engineering

Jiahao Li

DOI: https://doi.org/10.48550/arXiv.2303.03179

2023-03-06

Abstract:Despite the rapid growth of smart contracts, they are suffering numerous security vulnerabilities due to the absence of reliable development and testing. In this article, we apply the metamorphic testing technique to detect smart contract vulnerabilities. Based on the anomalies we observed in vulnerable smart contracts, we define five metamorphic relations to detect abnormal gas consumption and account interaction inconsistency of the target smart contract. Through dynamically executing transactions and checking the final violation of metamorphic relations, we determine whether a smart contract is vulnerable. We evaluate our approach on a benchmark of 67 manually annotated smart contracts. The experimental results show that our approach achieves a higher detection rate (TPR, true positive rate) with a lower misreport rate (FDR, false discovery rate) than the other three state-of-the-art tools. These results further suggest that metamorphic testing is a promising method for detecting smart contract vulnerabilities.

Software Engineering

Yingzhuo Yang,Zenan Li,Huiyan Wang,Chang Xu,Xiaoxing Ma

DOI: https://doi.org/10.1016/j.jss.2021.111012

IF: 3.5

2021-01-01

Journal of Systems and Software

Abstract:The quality assurance for machine learning systems is becoming increasingly critical nowadays. While many efforts have been paid on trained models from such systems, we focus on the quality of these systems themselves, as the latter essentially decides the quality of numerous models thus trained. In this article, we focus particularly on detecting bugs in implementing one class of model-training systems, namely, linear classification algorithms, which are known to be challenging due to the lack of test oracle. Existing work has attempted to use metamorphic testing to alleviate the oracle problem, but fallen short on overlooking the statistical nature of such learning algorithms, leading to premature metamorphic relations (MRs) suffering efficacy and necessity issues. To address this problem, we first derive MRs from a fundamental property of linear classification algorithms, i.e., algorithm stability, with the soundness guarantee. We then formulate such MRs in a way that is rare in usage but could be more effective according to our field study and analysis, i.e., Past-execution Dependent MR (PD-MR), as contrast to the traditional way, i.e., Past-execution Independent MR (PI-MR), which has been extensively studied. We experimentally evaluated our new MRs upon nine well-known linear classification algorithms. The results reported that the new MRs detected 37.6–329.2% more bugs than existing benchmark MRs.

Jirayus Jiarpakdee,Chakkrit Kla Tantithamthavorn,Hoa Khanh Dam,John Grundy

DOI: https://doi.org/10.1109/tse.2020.2982385

IF: 7.4

2022-01-01

IEEE Transactions on Software Engineering

Abstract:Software analytics have empowered software organisations to support a wide range of improved decision-making and policy-making. However, such predictions made by software analytics to date have not been explained and justified. Specifically, current defect prediction models still fail to explain why models make such a prediction and fail to uphold the privacy laws in terms of the requirement to explain any decision made by an algorithm. In this paper, we empirically evaluate three model-agnostic techniques, i.e., two state-of-the-art Local Interpretability Model-agnostic Explanations technique (LIME) and BreakDown techniques, and our improvement of LIME with Hyper Parameter Optimisation (LIME-HPO). Through a case study of 32 highly-curated defect datasets that span across 9 open-source software systems, we conclude that (1) model-agnostic techniques are needed to explain individual predictions of defect models; (2) instance explanations generated by model-agnostic techniques are mostly overlapping (but not exactly the same) with the global explanation of defect models and reliable when they are re-generated; (3) model-agnostic techniques take less than a minute to generate instance explanations; and (4) more than half of the practitioners perceive that the contrastive explanations are necessary and useful to understand the predictions of defect models. Since the implementation of the studied model-agnostic techniques is available in both Python and R, we recommend model-agnostic techniques be used in the future.

engineering, electrical & electronic,computer science, software engineering

Pengyu Xue,Linhao Wu,Zhen Yang,Xinyi Li,Zhongxing Yu,Zhi Jin,Ge Li,Yan Xiao,Jingwen Wu

2024-10-10

Abstract:In recent years, Large language model-powered Automated Program Repair (LAPR) techniques have achieved state-of-the-art bug-fixing performance and have been pervasively applied and studied in both industry and academia. Nonetheless, LLMs were proved to be highly sensitive to input prompts, with slight differences in the expressions of semantically equivalent programs potentially causing repair failures. Therefore, it is crucial to conduct robustness testing on LAPR techniques before their practical deployment. However, related research is scarce. To this end, we propose MT-LAPR, a Metamorphic Testing framework exclusively for LAPR techniques, which summarizes nine widely-recognized Metamorphic Relations (MRs) by developers across three perturbation levels: token, statement, and block. Afterward, our proposed MRs are applied to buggy codes to generate test cases, which are semantically equivalent yet to affect the inference of LAPR. Experiments are carried out on two extensively examined bug-fixing datasets, i.e., Defect4J and QuixBugs, and four bug-fixing abled LLMs released recently, demonstrating that 34.4% - 48.5% of the test cases expose the instability of LAPR techniques on average, showing the effectiveness of MT-LAPR and uncovering a positive correlation between code readability and the robustness of LAPR techniques. Inspired by the above findings, this paper uses the test cases generated by MT-LAPR as samples to train a CodeT5-based code editing model aiming at improving code readability and then embeds it into the LAPR workflow as a data preprocessing step. Extensive experiments demonstrate that this approach significantly enhances the robustness of LAPR by 49.32% at most.

Software Engineering

Jacob Metcalf,Emanuel Moss,Ranjit Singh,Emnet Tafese,Elizabeth Anne Watkins

DOI: https://doi.org/10.48550/arXiv.2203.01455

2022-03-03

Abstract:Central to a number of scholarly, regulatory, and public conversations about algorithmic accountability is the question of who should have access to documentation that reveals the inner workings, intended function, and anticipated consequences of algorithmic systems, potentially establishing new routes for impacted publics to contest the operations of these systems. Currently, developers largely have a monopoly on information about how their systems actually work and are incentivized to maintain their own ignorance about aspects of how their systems affect the world. Increasingly, legislators, regulators and advocates have turned to assessment documentation in order to address the gap between the public's experience of algorithmic harms and the obligations of developers to document and justify their design decisions. However, issues of standing and expertise currently prevent publics from cohering around shared interests in preventing and redressing algorithmic harms; as we demonstrate with multiple cases, courts often find computational harms non-cognizable and rarely require developers to address material claims of harm. Constructed with a triadic accountability relationship, algorithmic impact assessment regimes could alter this situation by establishing procedural rights around public access to reporting and documentation. Developing a relational approach to accountability, we argue that robust accountability regimes must establish opportunities for publics to cohere around shared experiences and interests, and to contest the outcomes of algorithmic systems that affect their lives. Furthermore, algorithmic accountability policies currently under consideration in many jurisdictions must provide the public with adequate standing and opportunities to access and contest the documentation provided by the actors and the judgments passed by the forum.

Computers and Society

Alejandra Duque-Torres,Dietmar Pfahl,Claus Klammer,Stefan Fischer

DOI: https://doi.org/10.1109/SANER56733.2023.00109

2023-05-17

Abstract:Metamorphic Testing (MT) is a testing technique that can effectively alleviate the oracle problem. MT uses Metamorphic Relations (MRs) to determine if a test case passes or fails. MRs specify how the outputs should vary in response to specific input changes when executing the System Under Test (SUT). If a particular MR is violated for at least one test input (and its change), there is a high probability that the SUT has a fault. On the other hand, if a particular MR is not violated, it does not guarantee that the SUT is fault free. However, deciding if the MR is being violated due to a bug or because the MR does not hold/fit for particular conditions generated by specific inputs remains a manual task and unexplored. In this paper, we develop a method for refining MRs to offer hints as to whether a violation results from a bug or arises from the MR not being matched to certain test data under specific circumstances. In our initial proof-of-concept, we derive the relevant information from rules using the Association Rule Mining (ARM) technique. In our initial proof-of-concept, we validate our method on a toy example and discuss the lessons learned from our experiments. Our proof-of-concept demonstrates that our method is applicable and that we can provide suggestions that help strengthen the test suite for regression testing purposes.

Software Engineering

Islam Nasr,Lobna Nassar,Fakhri Karray

DOI: https://doi.org/10.1007/s41870-023-01390-9

2023-08-18

International Journal of Information Technology

Abstract:One of the major problems in testing software code and assuring its quality is deriving test oracles. This problem becomes more evident when testing machine learning models. To overcome such problems, metamorphic testing is introduced. Metamorphic testing is built to test the presence of metamorphic relations; required relations that should hold for the program to be valid. Those metamorphic requirements are usually articulated by domain experts since they are application dependent which is a costly, complex, and error prone process. Therefore, the automatic detection of such relations can be more efficient for code verification. The novelty of this work is first emphasizing the two-way relationship between metamorphic testing and machine learning; where metamorphic testing is used to assess the effectiveness of machine learning models, while machine learning is used to automatically detect the main metamorphic relations in software code. Secondly, literature metamorphic relations are categorized into the eight main categories defined in literature, and three new metamorphic relations are introduced for the first time. Finally, all literature metamorphic relations are customized to fit the time series forecasting domain. An application is proposed consisting of a deep learning model for forecasting fresh produce yields along with a generalization framework to enable the proposed models to forecast other similar fresh produce yields. The interactive role played by metamorphic testing and machine learning is investigated through the quality assurance of the forecasting application. The datasets used to train and test the deep learning forecasting models as well as the forecasting models are verified using metamorphic tests and the metamorphic relations in the generalization code are automatically detected using support vector machine (SVM) models. Testing revealed the unmatched requirements that are fixed to have a valid application with sound data, effective models, and valid generalization code.

Kartik Chandra,Katherine M. Collins,Will Crichton,Tony Chen,Tzu-Mao Li,Adrian Weller,Rachit Nigam,Joshua Tenenbaum,Jonathan Ragan-Kelley

2024-10-03

Abstract:Often, a good explanation for a program's unexpected behavior is a bug in the programmer's code. But sometimes, an even better explanation is a bug in the programmer's mental model of the language or API they are using. Instead of merely debugging our current code ("giving the programmer a fish"), what if our tools could directly debug our mental models ("teaching the programmer to fish")? In this paper, we apply recent ideas from computational cognitive science to offer a principled framework for doing exactly that. Given a "why?" question about a program, we automatically infer potential misconceptions about the language/API that might cause the user to be surprised by the program's behavior -- and then analyze those misconceptions to provide explanations of the program's behavior. Our key idea is to formally represent misconceptions as counterfactual (erroneous) semantics for the language/API, which can be inferred and debugged using program synthesis techniques. We demonstrate our framework, WatChat, by building systems for explanation in two domains: JavaScript type coercion, and the Git version control system. We evaluate WatChatJS and WatChatGit by comparing their outputs to experimentally-collected human-written explanations in these two domains: we show that WatChat's explanations exhibit key features of human-written explanation, unlike those of a state-of-the-art language model.

Programming Languages,Artificial Intelligence,Human-Computer Interaction

Jie Zhang,Junjie Chen,Dan Hao,Yingfei Xiong,Bing Xie,Lu Zhang,Hong Mei

DOI: https://doi.org/10.1145/2642937.2642994

2014-01-01

Abstract:Metamorphic testing (MT) is an effective methodology for testing those so-called ``non-testable'' programs (e.g., scientific programs), where it is sometimes very difficult for testers to know whether the outputs are correct. In metamorphic testing, metamorphic relations (MRs) (which specify how particular changes to the input of the program under test would change the output) play an essential role. However, testers may typically have to obtain MRs manually. In this paper, we propose a search-based approach to automatic inference of polynomial MRs for a program under test. In particular, we use a set of parameters to represent a particular class of MRs, which we refer to as polynomial MRs, and turn the problem of inferring MRs into a problem of searching for suitable values of the parameters. We then dynamically analyze multiple executions of the program, and use particle swarm optimization to solve the search problem. To improve the quality of inferred MRs, we further use MR filtering to remove some inferred MRs. We also conducted three empirical studies to evaluate our approach using four scientific libraries (including 189 scientific functions). From our empirical results, our approach is able to infer many high-quality MRs in acceptable time (i.e., from 9.87 seconds to 1231.16 seconds), which are effective in detecting faults with no false detection.

Michael Dorner,Oliver Treidler,Tom-Eric Kunz,Ehsan Zabardast,Daniel Mendez,Darja Šmite,Maximilian Capraro,Krzysztof Wnuk

2024-07-09

Abstract:Background: The company-internal reuse of software components owned by organizational units in different countries constitutes an implicit licensing across borders, which is taxable. This makes tax authorities a less known stakeholder in software architectures. Objective: Therefore, we investigate how software companies can describe the implicit license structure of their globally distributed software architectures to tax authorities. Method: We develop a viewpoint that frames the concerns of tax authorities, use this viewpoint to construct a view of a large-scale microservice architecture of a multinational enterprise, and evaluate the resulting software architecture description with a panel of four tax experts. Results: The panel found our proposed architectural viewpoint properly and sufficiently frames the concerns of taxation stakeholders. However, unclear jurisdictions of owners and potentially insufficient definitions of code ownership and software component introduce significant noise to the view that limits the usefulness and explanatory power of our software architecture description. Conclusion: While our software architecture description provides a solid foundation, we believe it only represents the tip of the iceberg. Future research is necessary to pave the way for advancements in tax compliance within software engineering.

Software Engineering