WU Yubo,GUO Junxia,LI Zheng,ZHAO Ruilian

DOI: https://doi.org/10.11772/j.issn.1001-9081.2016.11.3170

2016-01-01

Abstract:As the low ability of triggering the data racing fault of the existing mutation operators for concurrent program in mutation testing,some new mutation strategies based on data racing fault were proposed. From the viewpoint of mutation operator designing,Lock-oriented Mutation Strategy (LMS) and Shared-variable-oriented Mutation Strategy (SMS) were introduced,and two new mutation operators that named Synchronized Lock Resting Operator (SLRO) and Move Shared Variable Operator (MSVO) were designed. From the viewpoint of mutation point selection,also a new mutation point selection strategy named Synchronized relationship pair Mutation Point Selection Strategy (SMPSS) was proposed.SLRO and MSVO mutation operators were used to inject the faults which generated by SMPSS strategy on 12 Java current libraries,and then the ability of mutants to trigger the data racing fault was checked by using Java Path Finder (JPF). The results show that the SLRO and MSVO for 12 Java libs can generate 121 and 122 effective mutants respectively,and effectiveness rates are 95.28% and 99.19% respectively. In summary,the new current mutation operators and mutation strategies can effectively trigger the data racing fault.

Bo Zhou,Iulian Neamtiu,Rajiv Gupta

DOI: https://doi.org/10.1145/2745802.2745807

2015-01-01

Abstract:Concurrency bugs are difficult to find and fix. To help with finding and fixing concurrency bugs, prior research has mostly focused on static or dynamic analyses for finding specific classes of bugs. We present an approach whose focus is understanding the differences between concurrency and non-concurrency bugs, the differences among various concurrency bug classes, and predicting bug quantity, type, and location, from patches, bug reports and bug-fix metrics. First, we show that bug characteristics and bug-fixing processes vary significantly among different kinds of concurrency bugs and compared to non-concurrency bugs. Next, we build a quantitative predictor model to estimate concurrency bugs appearance in future releases. Then, we build a qualitative predictor that can predict the type of concurrency bug for a newly-filed bug report. Finally, we build a bug location predictor to indicate the likely source code location for newly-reported bugs. We validate the effectiveness of our approach on three popular projects, Mozilla, KDE, and Apache.

Shixiong Zhao,Rui Gu,Haoran Qiu,Tsz On Li,Yuexuan Wang,Heming Cui,Junfeng Yang

DOI: https://doi.org/10.1109/DSN.2018.00033

2018-01-01

Abstract:Just like bugs in single-threaded programs can lead to vulnerabilities, bugs in multithreaded programs can also lead to concurrency attacks. We studied 31 real-world concurrency attacks, including privilege escalations, hijacking code executions, and bypassing security checks. We found that compared to concurrency bugs' traditional consequences (e.g., program crashes), concurrency attacks' consequences are often implicit, extremely hard to be observed and diagnosed by program developers. Moreover, in addition to bug-inducing inputs, extra subtle inputs are often needed to trigger the attacks. These subtle features make existing tools ineffective to detect concurrency attacks. To tackle this problem, we present OWL, the first practical tool that models general concurrency attacks' implicit consequences and automatically detects them. We implemented OWL in Linux and successfully detected five new concurrency attacks, including three confirmed and fixed by developers, and two exploited from previously known and well-studied concurrency bugs. OWL has also detected seven known concurrency attacks. Our evaluation shows that OWL eliminates 94.1% of the reports generated by existing concurrency bug detectors as false positive, greatly reducing developers' efforts on diagnosis. All OWL source code, concurrency attack exploit scripts, and results are available on github.com/hku-systems/owl.

Manna Wu,Bo Zhou,Wei Shi

DOI: https://doi.org/10.1145/1643823.1643911

2009-01-01

Abstract:In this paper, we describe a new test framework for concurrent programs. Testing on concurrent programs remains difficult due to the non-deterministic nature of concurrent programs. Approaches are proposed to surmount this difficulty. However, few of them are really effective. A new self-adaptive test framework is proposed to alleviate this problem, since it is impossible to solve it completely. This framework which is based on the study of concurrent test points tests each concurrent program like a circuit, while concurrent test points like components of the circuit. The original reason of concurrent bugs stems from the resource sharing among multiple processes or threads. Therefore, a controller is introduced in the framework to increasingly intensify resource competition via test data controlling, aiming to trigger concurrent bugs' emerging sooner once they exist.

Changbing Ji,Zhenyu Chen,Baowen Xu,Ziyuan Wang

DOI: https://doi.org/10.1109/COMPSAC.2009.192

2009-01-01

Abstract:Java exception mechanism can effectively free a program from abnormal exits and help developers locate faults with the exception tracing stacks. It is necessary to verify whether the exception handling constructs are arranged appropriately. Some approaches have been developed to evaluate the test sets and improve the quality of them, so that they can raise more number of exceptions in programs. Mutation analysis is a practical method to evaluate the quality of test sets. This paper presents some new mutation operators for Java exception handling constructs. Moreover, equivalent mutants can be identified by our approach. A case study illustrates the effectiveness and characteristic features of these mutation operators.

Chang-ai Sun,Jingting Jia,Huai Liu,Xiangyu Zhang

DOI: https://doi.org/10.1109/compsac.2018.00023

2018-01-01

Abstract:Mutation analysis is a classical software testing approach which attempts to imitate faults using a set of mutants. It has been advocated to be an appropriate technique for evaluating the quality of test suites as well as the effectiveness of a testing method. However, the applicability of mutation analysis, especially in many practical situations, has been hindered due to the high computation cost and the long execution time, which are mainly caused by the large number of mutants. Numerous studies, particularly those based on parallel computing, have been conducted to reduce the overhead of mutation analysis. In this paper, we aim to improve the efficiency of mutation analysis from a different perspective. We make use of lightweight program analysis techniques to identify a group of mutants that share the common execution traces before the mutation location, and then merge them into a synthesized program with the concurrent mechanism, on which mutation analysis can be efficiently executed without the duplicate execution of common traces. Our empirical study demonstrates that our approach can significantly decrease the computation overhead as well as shorten the execution time of mutation analysis, without jeopardizing its effectiveness. The in-depth analysis further shows that the effectiveness of our approach is positively correlated with the number of branches in the program under test. Our approach makes it possible to efficiently execute mutation analysis even without the need of advanced computer architectures.

Lixin Cao,Wei Zheng,Desheng Hu,Han Bai

DOI: https://doi.org/10.1109/icinfa.2015.7279469

2015-01-01

Abstract:Due to the fact that concurrent program's semantics can't be understood by relaxed memory model correctly, some unexpected faults, which are difficult to be detected, exist during its multi-threaded cross-execution. Therefore, this paper intends to establish an abstract memory model for concurrent program, conduct formal description of the memory access process that may exist in program memory access, and then utilize model checking technique to find out the common concurrent program error scenarios on this basis. We further design the semantic mutation operator, and investigate how to optimize the mutation process and how to generate mutants and test suite automatically. This study can set up a formal specification of concurrent program memory access semantics and provide a theoretical basis for other researches in the field of testing. It also serves as a basis to propose a semantic mutation testing technique oriented towards parallel program to assist parallel code testing in industry.

Jay Nanavati,Fan Wu,Mark Harman,Yue Jia,Jens Krinke

DOI: https://doi.org/10.1109/icstw.2015.7107449

2015-01-01

Abstract:Though mutation operators have been designed for a wide range of programming languages in the last three decades, only a few operators are able to simulate memory faults. This paper introduces 9 Memory Mutation Operators targeting common memory faults. We report the results of an empirical study using 16 open source programs, which come with well designed unit test suites. We find only 44% of the new memory mutants introduced are captured by the traditional strong mutation killing criterion. We thus further introduce two new killing criteria, the Memory Fault Detection and the Control Flow Deviation killing criteria to augment the traditional strong mutation testing criterion. Our results show that the two new killing criteria are more effective at detecting memory mutants, killing between 10% and 75% of those mutants left unkilled by the traditional criterion.

Xiao-Hong SU,Zhen YU,Tian-Tian WANG,Pei-Jun MA

DOI: https://doi.org/10.11897/SP.J.1016.2015.02215

2015-01-01

Abstract:The prevalent multi-core architecture today makes real concurrency come true.In order to benefit from the concurrency power of hardware,concurrent programming is becoming more and more popular.However,out of inherent concurrency and non-determinism,concurrent programs are more likely to suffer from concurrency bugs,which are hard to detect,debug and repair.In this paper,we point out the trend that software development is turning toward concurrent model from sequential model.We reveal three characteristics respectively for concurrent programs and concurrency bugs and explore three challenges confronted by concurrency bug analysis.We then divide concurrency bugs into four categories,i.e.deadlock,data race,atomicity violation and order violation and investigate relations among them.For each category of concurrency bugs, we make analyses,comparisons and summarizations on previous researches about how to quickly expose,in time detect and efficiently avoid them.At last,we look into the research priorities in future from the following five aspects:smart and quick concurrency bugs exposure,common and accurate concurrency bug detection,deterministic replay support,collaborative design involving software and hardware and new concurrent programming model.

DongDong Deng,GuoLiang Jin,Marc de Kruijf,Ang Li,Ben Liblit,Shan Lu,ShanXiang Qi,JingLei Ren,Karthikeyan Sankaralingam,LinHai Song,YongWei Wu,MingXing Zhang,Wei Zhang,WeiMin Zheng

DOI: https://doi.org/10.1007/s11432-015-5315-9

2015-01-01

Science China Information Sciences

Abstract:Concurrency bugs are becoming widespread with the emerging ubiquity of multicore processors and multithreaded software. They manifest during production runs and lead to severe losses. Many effective concurrency-bug detection tools have been built. However, the dependability of multi-threaded software does not improve until these bugs are handled statically or dynamically. This article discusses our recent progresses on fixing, preventing, and recovering from concurrency bugs.

TianTian Wang,JiaHuan Xu,XiaoHong Su,ChenShi Li,Yang Chi

DOI: https://doi.org/10.1007/s11042-018-6603-3

IF: 2.577

2019-01-01

Multimedia Tools and Applications

Abstract:It takes a lot of time and effort to manually locate and fix software bugs. This paper proposes a method for automatically debugging operator related bugs. Testing, fault localization, and bug-fixing are closely linked based on mutation analysis. However, in the process of mutation analysis, the generation of a large number of mutants and the execution of test cases on mutants, is fairly time-consuming. To solve this problem, optimization methods for selection of mutants and test cases have been proposed. Experiment results has shown that it can improve the efficiency of mutation analysis, so that the cost of fault-localization and bug-fixing can be reduced. We also implemented the exhaustive mutation method and the random mutation method and compared these three methods. These three method have different application scenarios. As the mutation based fault localization can rank statements by suspiciousness, the method integrated with fault localization is more stable and has batter performance. Also, it is more suitable for analyzing program with multi-bugs.

WANG Di,YANG Min,ZHOU Xi

DOI: https://doi.org/10.3969/j.issn.1000-1220.2013.06.019

2013-01-01

Abstract:Due to the complexity of concurrent programming and the non-determinism in multithreaded applications,concurrency bugs are easy to create but very hard to locate and fix.Invariant-based concurrency bug detection tools are proposed to address this problem,which diagnose concurrency bugs by learning invariants in applications and detecting the violations to invariants when concurrency bugs occur.However,start-of-the-art detectors can′t capture multi-variable bugs because they record interleavings upon single variable.This paper proposes an object-level invariant-based concurrency bug detector,OBJ-D,for Java applications.By recording the interleavings upon objects,OBJ-D can analyze the data dependencies of correlated variables together.Our results show that OBJ-D can detect both single-and multi-variable concurrency bugs in Java applications,while introducing little false positives.

Zhendong Wu,Kai Lu,Xiaoping Wang,Xu Zhou

DOI: https://doi.org/10.1109/QSIC.2013.67

2013-01-01

Abstract:Many concurrency bugs are extremely difficult to be detected by random test due to huge input space and huge interleaving space. The multicore technology trend worsens this problem. We propose an innovative, collaborative approach called ColFinder to detect concurrency bugs effectively and efficiently. ColFinder uses static analysis to identify potential buggy statements. With respect to these statements, ColFinder uses program slicing to cut the original programs into smaller programs. Finally, it uses dynamic active test to verify whether the potential buggy statements will trigger real bugs. We implement a prototype of ColFinder, and evaluate it with several real-world programs. It significantly improves the probability of bug manifestation, from 0.75% to 89%. Additionally, ColFinder makes the time of bug manifestation obviously reduced by program slicing, with an average of 33%.

Dun-Wei GONG,Yong-Wei CHEN,Tian TIAN

DOI: https://doi.org/10.13328/j.cnki.jos.004844

2016-01-01

Journal of Software

Abstract:A parallel program can yield nondeterministic execution, which increases the complexity and the difficulty in program testing. The mutation testing of a message passing parallel program is investigated, and an approach to transforming the weak mutation testing for the program is presented in this study with the purpose of improving the efficiency of the mutation testing. First, the mutation condition statements are built based on the type of statements and the changes resulted from mutating these statements. Then, a new program is formed by inserting all these mutation condition statements into the original program. As a result, the problem of the weak mutation testing of the original program can be transformed into that of covering the branches of the new program, therefore providing advantages of solving the problem of mutation testing by using previous methods of branch coverage. The proposed approach is applied to test eight benchmark message passing parallel programs, and the empirical results demonstrate that this new approach is not only feasible but also necessary.

Z. Yu,Y. Zuo,W. C. Xiong

DOI: https://doi.org/10.1155/2019/9404323

2019-01-01

Scientific Programming

Abstract:Software transactional memory is an effective mechanism to avoid concurrency bugs in multithreaded programs. However, two problems hinder the adoption of such traditional systems in the wild world: high human cost for equipping programs with transaction functionality and low compatibility with I/O calls and conditional variables. This paper presents Convoider to solve these problems. By intercepting interthread operations and designating code among them as transactions in each thread, Convoider automatically transactionalizes target programs without any source code modification and recompiling. By saving/restoring stack frames and CPU registers on beginning/aborting a transaction, Convoider makes execution flow revocable. By turning threads into processes, leveraging virtual memory protection and customizing memory allocation/deallocation, Convoider makes memory manipulations revocable. By maintaining virtual file systems and redirecting I/O operations onto them, Convoider makes I/O effects revocable. By converting lock/unlock operations to no-ops, customizing signal/wait operations on condition variables, and committing memory changes transactionally, Convoider makes deadlocks, data races, and atomicity violations impossible. Experimental results show that Convoider succeeds in transparently transactionalizing twelve real-world applications with averagely incurring only 28% runtime overhead and perfectly avoid 94% of thirty-one concurrency bugs used in our experiments. This study can help efficiently transactionalize legacy multithreaded applications and effectively improve the runtime reliability of them.

Xiangying Dang,Dunwei Gong,Xiangjuan Yao,Tian,Huai Liu

DOI: https://doi.org/10.1109/tse.2021.3052987

IF: 7.4

2022-01-01

IEEE Transactions on Software Engineering

Abstract:Mutation testing, a fundamental software testing technique, which is a typical way to evaluate the adequacy of a test suite. In mutation testing, a set of mutants are generated by seeding the different classes of faults into a program under test. Test data shall be generated in the way that as many mutants can be killed as possible. Thanks to numerous tools to implement mutation testing for different languages, a huge amount of mutants are normally generated even for small-sized programs. However, a large number of mutants not only leads to a high cost of mutation testing, but also make the corresponding test data generation a non-trivial task. In this paper, we make use of intelligent technologies to improve the effectiveness and efficiency of mutation testing from two perspectives. A machine learning technique, namely fuzzy clustering, is applied to categorize mutants into different clusters. Then, a multi-population genetic algorithm via individual sharing is employed to generate test data for killing the mutants in different clusters in parallel when the problem of test data generation as an optimization one. A comprehensive framework, termed as $\mathbf {FUZGENMUT}$ , is thus developed to implement the proposed techniques. The experiments based on nine programs of various sizes show that fuzzy clustering can help to reduce the cost of mutation testing effectively, and that the multi-population genetic algorithm improves the efficiency of test data generation while delivering the high mutant-killing capability. The results clearly indicate that the huge potential of using intelligent technologies to enhance the efficacy and thus the practicality of mutation testing.

Junqiang Li,Senyi Li,Jiawei Wu,Long Luo,Yang Bai,Hongfang Yu

DOI: https://doi.org/10.1109/GLOBECOM48099.2022.10001093

2022-01-01

Abstract:The rapid development of deep learning (DL) technology has made deep learning libraries such as TensorFlow widely used in practice. However, the complexity of DL libraries inevitably leads to multiple vulnerabilities. Recently, research on DL library testing generally designs a variety of mutation operators to generate new models from the perspective of model mutation. However, we find these research efforts do not consider that different mutation operators have different vulnerability mining efficiencies, thus treating all mutation operators equally can lead to inefficiency. Based on the above observation, we design a novel mutation operator scheduling strategy to improve the efficiency of vulnerability mining in the DL library, including the multi-staged mutation operator selection strategy and mutation operator energy allocation strategy. To evaluate the efficiency of our work, we implement a prototype called MMOS. The results show that MMOS finds six more crash bugs, two more NaN bugs and one more inconsistency bug in four widely used DL libraries including TensorFlow, Theano, CNTK and MXNet compared with the random strategy. Among them, MMOS finds 5 previously unknown vulnerabilities in MXNet and 1 in CNTK. Moreover, MMOS outperforms LEMON in vulnerability mining of DL libraries. In total, MMOS finds 13 more vulnerabilities than LEMON.

Xiangjuan Yao,Mark Harman,Yue Jia

DOI: https://doi.org/10.1145/2568225.2568265

2014-01-01

Abstract:Though mutation testing has been widely studied for more than thirty years, the prevalence and properties of equivalent mutants remain largely unknown. We report on the causes and prevalence of equivalent mutants and their relationship to stubborn mutants (those that remain undetected by a high quality test suite, yet are non-equivalent). Our results, based on manual analysis of 1,230 mutants from 18 programs, reveal a highly uneven distribution of equivalence and stubbornness. For example, the ABS class and half UOI class generate many equivalent and almost no stubborn mutants, while the LCR class generates many stubborn and few equivalent mutants. We conclude that previous test effectiveness studies based on fault seeding could be skewed, while developers of mutation testing tools should prioritise those operators that we found generate disproportionately many stubborn (and few equivalent) mutants.

Mingxing Zhang,Yongwei Wu,Shan Lu,Shanxiang Qi,Jinglei Ren,Weimin Zheng

DOI: https://doi.org/10.1109/tse.2016.2531666

IF: 7.4

2016-01-01

IEEE Transactions on Software Engineering

Abstract:Concurrency bugs are notoriously difficult to eradicate during software testing because of their non-deterministic nature. Moreover, fixing concurrency bugs is time-consuming and error-prone. Thus, tolerating concurrency bugs during production runs is an attractive complementary approach to bug detection and testing. Unfortunately, existing bug-tolerating tools are usually either 1) constrained in types of bugs they can handle or 2) requiring roll-back mechanism, which can hitherto not be fully achieved efficiently without hardware supports. This paper presents a novel program invariant, called Anticipating Invariant (AI), which can help anticipate bugs before any irreversible changes are made. Benefiting from this ability of anticipating bugs beforehand, our software-only system is able to forestall the failures with a simple thread stalling technique, which does not rely on execution roll-back and hence has good performance Experiments with 35 real-world concurrency bugs demonstrate that AI is capable of detecting and tolerating most types of concurrency bugs, including both atomicity and order violations. Two new bugs have been detected and confirmed by the corresponding developers. Performance evaluation with 6 representative parallel programs shows that AI incurs negligible overhead (<1%) for many nontrivial desktop and server applications.

Huo Yan Chen,Su Hu

DOI: https://doi.org/10.1109/icsmc.2006.385183

2006-01-01

Abstract:The mutation testing focuses on the most possible mistakes of the software and so it has high ability to expose mistakes. However, at present it is still mainly used in procedure-oriented program testing. In recent years, object-oriented programming becomes more and more popular. This paper sets up the concepts for two new kinds of class level mutants for object-oriented program testing. One kind is of attribute mutants. The other is of method mutants. The formal description for the concepts is presented and the algorithms for generating attribute mutants and method mutants are proposed in this paper. A tool prototype for the algorithms is implemented and the related testing adequacy is also analyzed.