Xiaochun Zhu,Bo Zhou,Li Hou,Junbo Chen,Lu Chen

DOI: https://doi.org/10.1109/icycs.2008.53

2008-01-01

Abstract:Software testing is becoming more and more important as it is a widely used activity to ensure software quality. Testing is now an essential phase in software development life cycle. Test execution becomes an activity in the critical path of project development. In this case, a good test execution effort estimation approach can benefit both tester managers and software projects.This paper proposes an experience-based approach for test execution effort estimation. In the approach, we characterize a test suite as a 3-dimensions vector which combines test case number, test execution complexity and its tester together. Based on the test suite execution vector model, we set up an experience database, and then a machine learning algorithm is applied to estimate efforts for given test suite vectors. We evaluate the approach through an empirical study on projects from a financial software company.

Bettina Könighofer,Roderick Bloem,Rüdiger Ehlers,Christian Pek

DOI: https://doi.org/10.48550/arXiv.2208.14426

2022-08-31

Abstract:Runtime enforcement refers to the theories, techniques, and tools for enforcing correct behavior with respect to a formal specification of systems at runtime. In this paper, we are interested in techniques for constructing runtime enforcers for the concrete application domain of enforcing safety in AI. We discuss how safety is traditionally handled in the field of AI and how more formal guarantees on the safety of a self-learning agent can be given by integrating a runtime enforcer. We survey a selection of work on such enforcers, where we distinguish between approaches for discrete and continuous action spaces. The purpose of this paper is to foster a better understanding of advantages and limitations of different enforcement techniques, focusing on the specific challenges that arise due to their application in AI. Finally, we present some open challenges and avenues for future work.

Artificial Intelligence,Logic in Computer Science

Yan Zheng,Yi Liu,Xiaofei Xie,Yepang Liu,Lei Ma,Jianye Hao,Yang Liu

DOI: https://doi.org/10.48550/arXiv.2103.06018

2021-03-10

Abstract:Web testing has long been recognized as a notoriously difficult task. Even nowadays, web testing still heavily relies on manual efforts while automated web testing is far from achieving human-level performance. Key challenges in web testing include dynamic content update and deep bugs hiding under complicated user interactions and specific input values, which can only be triggered by certain action sequences in the huge search space. In this paper, we propose WebExplor, an automatic end-to-end web testing framework, to achieve an adaptive exploration of web applications. WebExplor adopts curiosity-driven reinforcement learning to generate high-quality action sequences (test cases) satisfying temporal logical relations. Besides, WebExplor incrementally builds an automaton during the online testing process, which provides high-level guidance to further improve the testing efficiency. We have conducted comprehensive evaluations of WebExplor on six real-world projects, a commercial SaaS web application, and performed an in-the-wild study of the top 50 web applications in the world. The results demonstrate that in most cases WebExplor can achieve a significantly higher failure detection rate, code coverage, and efficiency than existing state-of-the-art web testing techniques. WebExplor also detected 12 previously unknown failures in the commercial web application, which have been confirmed and fixed by the developers. Furthermore, our in-the-wild study further uncovered 3,466 exceptions and errors.

Software Engineering

Mahshid Helali Moghadam,Mehrdad Saadatmand,Markus Borg,Markus Bohlin,Björn Lisper

DOI: https://doi.org/10.48550/arXiv.1908.06900

2020-07-31

Abstract:Test automation brings the potential to reduce costs and human effort, but several aspects of software testing remain challenging to automate. One such example is automated performance testing to find performance breaking points. Current approaches to tackle automated generation of performance test cases mainly involve using source code or system model analysis or use-case based techniques. However, source code and system models might not always be available at testing time. On the other hand, if the optimal performance testing policy for the intended objective in a testing process instead could be learned by the testing system, then test automation without advanced performance models could be possible. Furthermore, the learned policy could later be reused for similar software systems under test, thus leading to higher test efficiency. We propose SaFReL, a self-adaptive fuzzy reinforcement learning-based performance testing framework. SaFReL learns the optimal policy to generate performance test cases through an initial learning phase, then reuses it during a transfer learning phase, while keeping the learning running and updating the policy in the long term. Through multiple experiments on a simulated environment, we demonstrate that our approach generates the target performance test cases for different programs more efficiently than a typical testing process, and performs adaptively without access to source code and performance models.

Software Engineering,Artificial Intelligence,Performance

Dezhi Ran,Hao Wang,Zihe Song,Mengzhou Wu,Yuan Cao,Ying Zhang,Wei Yang,Tao Xie

DOI: https://doi.org/10.1145/3650212.3680334

2024-01-01

Abstract:Tests for feature-based UI testing have been indispensable for ensuring the quality of mobile applications (apps for short). The high manual labor costs to create such tests have led to a strong interest in automated feature-based UI testing, where an approach automatically explores the App under Test (AUT) to find correct sequences of UI events achieving the target test objective, given only a high-level test objective description. Given that the task of automated feature-based UI testing resembles conventional AI planning problems, large language models (LLMs), known for their effectiveness in AI planning, could be ideal for this task. However, our study reveals that LLMs struggle with following specific instructions for UI testing and replanning based on new information. This limitation results in reduced effectiveness of LLM-driven solutions for automated feature-based UI testing, despite the use of advanced prompting techniques. Toward addressing the preceding limitation, we propose Guardian, a runtime system framework to improve the effectiveness of automated feature-based UI testing by offloading computational tasks from LLMs with two major strategies. First, Guardian refines UI action space that the LLM can plan over, enforcing the instruction following of the LLM by construction. Second, Guardian deliberately checks whether the gradually enriched information invalidates previous planning by the LLM. Guardian removes the invalidated UI actions from the UI action space that the LLM can plan over, restores the state of the AUT to the state before the execution of the invalidated UI actions, and prompts the LLM to re-plan with the new UI action space. We instantiate Guardian with ChatGPT and construct a benchmark named FestiVal with 58 tasks from 23 highly popular apps. Evaluation results on FestiVal show that Guardian achieves 48.3

Jingyi Shi,Yang Xiao,Yuekang Li,Yeting Li,Dongsong Yu,Chendong Yu,Hui Su,Yufeng Chen,Wei Huo

DOI: https://doi.org/10.1145/3597926.3598088

2023-06-04

Abstract:Deep learning (DL) applications are prevalent nowadays as they can help with multiple tasks. DL libraries are essential for building DL applications. Furthermore, DL operators are the important building blocks of the DL libraries, that compute the multi-dimensional data (tensors). Therefore, bugs in DL operators can have great impacts. Testing is a practical approach for detecting bugs in DL operators. In order to test DL operators effectively, it is essential that the test cases pass the input validity check and are able to reach the core function logic of the operators. Hence, extracting the input validation constraints is required for generating high-quality test cases. Existing techniques rely on either human effort or documentation of DL library APIs to extract the constraints. They cannot extract complex constraints and the extracted constraints may differ from the actual code implementation. To address the challenge, we propose ACETest, a technique to automatically extract input validation constraints from the code to build valid yet diverse test cases which can effectively unveil bugs in the core function logic of DL operators. For this purpose, ACETest can automatically identify the input validation code in DL operators, extract the related constraints and generate test cases according to the constraints. The experimental results on popular DL libraries, TensorFlow and PyTorch, demonstrate that ACETest can extract constraints with higher quality than state-of-the-art (SOTA) techniques. Moreover, ACETest is capable of extracting 96.4% more constraints and detecting 1.95 to 55 times more bugs than SOTA techniques. In total, we have used ACETest to detect 108 previously unknown bugs on TensorFlow and PyTorch, with 87 of them confirmed by the developers. Lastly, five of the bugs were assigned with CVE IDs due to their security impacts.

Software Engineering,Cryptography and Security

Wei Jin,Alessandro Orso,Tao Xie

DOI: https://doi.org/10.1109/ICST.2010.64

2010-01-01

Abstract:When a program is modified during software evolution, developers typically run the new version of the program against its existing test suite to validate that the changes made on the program did not introduce unintended side effects (i.e., regression faults). This kind of regression testing can be effective in identifying some regression faults, but it is limited by the quality of the existing test suite. Due to the cost of testing, developers build test suites by finding acceptable tradeoffs between cost and thoroughness of the tests. As a result, these test suites tend to exercise only a small subset of the program's functionality and may be inadequate for testing the changes in a program. To address this issue, we propose a novel approach called Behavioral Regression Testing (BERT). Given two versions of a program, BERT identifies behavioral differences between the two versions through dynamical analysis, in three steps. First, it generates a large number of test inputs that focus on the changed parts of the code. Second, it runs the generated test inputs on the old and new versions of the code and identifies differences in the tests' behavior. Third, it analyzes the identified differences and presents them to the developers. By focusing on a subset of the code and leveraging differential behavior, BERT can provide developers with more (and more detailed) information than traditional regression testing techniques. To evaluate BERT, we implemented it as a plug-in for Eclipse, a popular Integrated Development Environment, and used the plug-in to perform a preliminary study on two programs. The results of our study are promising, in that BERT was able to identify true regression faults in the programs.

Eduard Enoiu,Mirgita Frasheri

DOI: https://doi.org/10.48550/arXiv.1802.03921

2018-02-12

Software Engineering

Abstract:Growth of software size, lack of resources to perform regression testing, and failure to detect bugs faster have seen increased reliance on continuous integration and test automation. Even with greater hardware and software resources dedicated to test automation, software testing is faced with enormous challenges, resulting in increased dependence on complex mechanisms for automated test case selection and prioritization as part of a continuous integration framework. These mechanisms are currently using simple entities called test cases that are concretely realized as executable scripts. Our key idea is to provide test cases with more reasoning, adaptive behavior and learning capabilities by using the concepts of intelligent software agents. We refer to such test cases as test agents. The model that underlie a test agent is capable of flexible and autonomous actions in order to meet overall testing objectives. Our goal is to increase the decentralization of regression testing by letting test agents to know for themselves when they should be executing, how they should update their purpose, and when they should interact with each other. In this paper, we envision software test agents that display such adaptive autonomous behavior. Emerging developments and challenges regarding the use of test agents are explored-in particular, new research that seeks to use adaptive autonomous agents in software testing.

Minxue Pan,Yifei Lu,Yu Pei,Tian Zhang,Juan Zhai,Xuandong Li

DOI: https://doi.org/10.1016/j.jss.2019.110433

IF: 3.5

2020-01-01

Journal of Systems and Software

Abstract:The last decade has seen a vast proliferation of mobile apps. To improve the reliability of such apps, various techniques have been developed to automatically generate tests for them. While such techniques have been proven to be useful in producing test suites that achieve significant levels of code coverage, there is still enormous demand for techniques that effectively generate tests to exercise more code and detect more bugs of apps. We propose in this paper the Adamant approach to automated Android app testing. Adamant utilizes models that incorporate valuable human knowledge about the behaviours of the app under consideration to guide effective test generation, and the models are encoded in an extended version of the Interaction Flow Modeling Language (IFML). In an experimental evaluation on 10 open source Android apps, Adamant generated over 130 test actions per minute, achieved around 68% code coverage, and exposed 8 real bugs, significantly outperforming other test generation tools like Monkey, AndroidRipper, and Gator in terms of code covered and bugs detected. (C) 2019 Elsevier Inc. All rights reserved.

Xiang Gao,Bo Wang,Gregory J. Duck,Ruyi Ji,Yingfei Xiong,Abhik Roychoudhury

DOI: https://doi.org/10.1145/3418461

IF: 3.685

2021-04-30

ACM Transactions on Software Engineering and Methodology

Abstract:Automated program repair is an emerging technology that seeks to automatically rectify program errors and vulnerabilities. Repair techniques are driven by a correctness criterion that is often in the form of a test suite. Such test-based repair may produce overfitting patches, where the patches produced fail on tests outside the test suite driving the repair. In this work, we present a repair method that fixes program vulnerabilities without the need for a voluminous test suite. Given a vulnerability as evidenced by an exploit, the technique extracts a constraint representing the vulnerability with the help of sanitizers. The extracted constraint serves as a proof obligation that our synthesized patch should satisfy. The proof obligation is met by propagating the extracted constraint to locations that are deemed to be “suitable” fix locations. An implementation of our approach (E xtract F ix ) on top of the KLEE symbolic execution engine shows its efficacy in fixing a wide range of vulnerabilities taken from the ManyBugs benchmark, real-world CVEs and Google’s OSS-Fuzz framework. We believe that our work presents a way forward for the overfitting problem in program repair by generalizing observable hazards/vulnerabilities (as constraint) from a single failing test or exploit.

computer science, software engineering

Antonello Calabro,Eda Marchetti,Antonello Calabrò

DOI: https://doi.org/10.1109/access.2024.3376239

IF: 3.9

2024-03-19

IEEE Access

Abstract:Intelligent monitoring systems can effectively predict or detect anomalies and issues in smart working systems and ecosystems and implement the proper countermeasures. However, for their effective and efficient use, attributes like responsiveness, performance, and quality should be properly tested and assessed before integrating the monitoring system into an ecosystem. The work aims to present a framework, called MOnitoring TEsting Framework (MOTEF), focused on the testing and evaluation of a generic monitoring system performance. In particular, the framework allows testing the monitoring system in isolation or when used in a smart environment to provide functional or non-functional property predictions. By simulating the runtime execution of a smart environment, MOTEF lets testing and assessment of a generic monitoring system establish its working boundaries. The results collected can be used to design a smart environment architecture to fulfil its global performance constraints better. This work presents the architecture of MOTEF and its preliminary implementation. It also validated and showcased the use of MOTEF in evaluating the performance of an existing monitoring system in isolation and when it is used in a smart environment. The results have been assessed by considering two research questions about the monitoring system's responsiveness and effectiveness in proving required functional or non-functional property predictions.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ruggero Lanotte,Massimo Merro,Andrei Munteanu

DOI: https://doi.org/10.1145/3546579

IF: 2.717

2022-11-09

ACM Transactions on Privacy and Security

Abstract:With the advent of Industry 4.0 , industrial facilities and critical infrastructures are transforming into an ecosystem of heterogeneous physical and cyber components, such as programmable logic controllers , increasingly interconnected and therefore exposed to cyber-physical attacks , i.e., security breaches in cyberspace that may adversely affect the physical processes underlying industrial control systems . In this article, we propose a formal approach based on runtime enforcement to ensure specification compliance in networks of controllers, possibly compromised by colluding malware that may locally tamper with actuator commands, sensor readings, and inter-controller communications. Our approach relies on an ad-hoc sub-class of Ligatti et al.’s edit automata to enforce controllers represented in Hennessy and Regan’s Timed Process Language . We define a synthesis algorithm that, given an alphabet P of observable actions and a timed correctness property e , returns a monitor that enforces the property e during the execution of any (potentially corrupted) controller with alphabet P, and complying with the property e . Our monitors do mitigation by correcting and suppressing incorrect actions of corrupted controllers and by generating actions in full autonomy when the controller under scrutiny is not able to do so in a correct manner. Besides classical requirements, such as transparency and soundness , the proposed enforcement enjoys deadlock- and diverge-freedom of monitored controllers, together with scalability when dealing with networks of controllers. Finally, we test the proposed enforcement mechanism on a non-trivial case study, taken from the context of industrial water treatment systems, in which the controllers are injected with different malware with different malicious goals.

computer science, information systems

Srinivas Pinisetty,Partha S Roop,Steven Smyth,Stavros Tripakis,Reinhard von Hanxleden

DOI: https://doi.org/10.48550/arXiv.1612.05030

2016-12-15

Abstract:Synchronous programming is a paradigm of choice for the design of safety-critical reactive systems. Runtime enforcement is a technique to ensure that the output of a black-box system satisfies some desired properties. This paper deals with the problem of runtime enforcement in the context of synchronous programs. We propose a framework where an enforcer monitors both the inputs and the outputs of a synchronous program and (minimally) edits erroneous inputs/outputs in order to guarantee that a given property holds. We define enforceability conditions, develop an online enforcement algorithm, and prove its correctness. We also report on an implementation of the algorithm on top of the KIELER framework for the SCCharts synchronous language. Experimental results show that enforcement has minimal execution time overhead, which decreases proportionally with larger benchmarks.

Formal Languages and Automata Theory,Software Engineering

Linna Xie,Lu,Shunjie Ding,Yu Pei,Minxue Pan,Tian Zhang

DOI: https://doi.org/10.1145/3457913.3457940

2021-01-01

Abstract:Developers often neglect to handle exceptions, which leads to exception handling defects that affect the robustness of applications or even cause crashes. To improve the robustness of android applications while reducing the development burden of developers, we present Fixeh and Automatic Detection Tool, as an approach that can automatically detect exception handling defects related to external resources. By implanting exception control codes into the input application, Fixeh helps applications throw exceptions at the specified call position while running the UI test. During running the UI test, Automatic Detection Tool generates a limited number of exception trigger patterns by using suspicious call filtering algorithm and traversal algorithm. After collecting and analyzing the running results under these patterns, the exception handling defects will be detected. We evaluate our approach by applying it to detect anomalies in 6 different types of applications with stable operation. We conducted 1422 rounds of experiments under different exception triggering patterns, and we observed abnormalities in 517 rounds. A comparison with other related work shows that our approach can detect defects more effectively. Through the analysis of our experiments, we confirmed 39 exception handling defects related to external resources. Finally, we summarized three common types of defects from them.

Zhongxing Yu,Matias Martinez,Benjamin Danglot,Thomas Durieux,Martin Monperrus

DOI: https://doi.org/10.1007/s10664-018-9619-4

2018-10-25

Abstract:Among the many different kinds of program repair techniques, one widely studied family of techniques is called test suite based repair. However, test suites are in essence input-output specifications and are thus typically inadequate for completely specifying the expected behavior of the program under repair. Consequently, the patches generated by test suite based repair techniques can just overfit to the used test suite, and fail to generalize to other tests. We deeply analyze the overfitting problem in program repair and give a classification of this problem. This classification will help the community to better understand and design techniques to defeat the overfitting problem. We further propose and evaluate an approach called UnsatGuided, which aims to alleviate the overfitting problem for synthesis-based repair techniques with automatic test case generation. The approach uses additional automatically generated tests to strengthen the repair constraint used by synthesis-based repair techniques. We analyze the effectiveness of UnsatGuided: 1) analytically with respect to alleviating two different kinds of overfitting issues; 2) empirically based on an experiment over the 224 bugs of the Defects4J repository. The main result is that automatic test generation is effective in alleviating one kind of overfitting issue--regression introduction, but due to oracle problem, has minimal positive impact on alleviating the other kind of overfitting issue--incomplete fixing.

Software Engineering

Ranveer Chandra,Börje F. Karlsson,Nicholas D. Lane,Mike Chieh-Jan Liang,Suman Nath,Jitendra Padhye,Lenin Ravindranath Sivalingam,Feng Zhao

2014-01-01

Abstract:The mobile app ecosystem continues to rapidly grow in importance as an increasing proportion of our daily computing needs shift away from desktop machines in favor of mobile devices. However, mobile apps must cope with extremely diverse operating conditions due to factors like device fragmentation, wireless network heterogeneity and varied user behavior. App developers and distributors (i.e., operators of app marketplaces) lack testing tools that can effectively account for such diversity and, as a result, app failures and performance bugs (e.g., excessive energy consumption) are commonly found in mobile apps today. Towards addressing this challenge to mobile app development, we have developed key techniques for scalable automated mobile app testing within two prototype app testing services – VanarSena and Caiipa. In this paper, we describe SMASH – our vision for a single unified cloud-based mobile app testing service that will combine the strengths of the VanarSena and Caiipa systems towards solving the complexities presently faced by testers of mobile apps.

LAI Lifeng,LIU Qiang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.17.043

2006-01-01

Abstract:Web application has its own characteristics compared with traditional computer application,and puts forwards new problems for software testing.This paper brings forward a framework of testing Web application towards its own characteristics,and the testing flows generated from the framework are standardized,easy operated and extendable.Based on the framework,this paper well researches an implementation technique,and develops an application of function test automation for Web applications.This application is efficient and correct in practice,it can find the fault in the Web application that is tested in time,and it makes regress testing simpler and more convenient.

Hadil Charafeddine,Khalil El-Harake,Yliès Falcone,Mohamad Jaber

DOI: https://doi.org/10.48550/arXiv.1406.5708

2014-06-22

Abstract:Runtime enforcement is an increasingly popular and effective dynamic validation technique aiming to ensure the correct runtime behavior (w.r.t. a formal specification) of systems using a so-called enforcement monitor. In this paper we introduce runtime enforcement of specifications on component-based systems (CBS) modeled in the BIP (Behavior, Interaction and Priority) framework. BIP is a powerful and expressive component-based framework for formal construction of heterogeneous systems. However, because of BIP expressiveness, it remains difficult to enforce at design-time complex behavioral properties. First we propose a theoretical runtime enforcement framework for CBS where we delineate a hierarchy of sets of enforceable properties (i.e., properties that can be enforced) according to the number of observational steps a system is allowed to deviate from the property (i.e., the notion of k-step enforceability). To ensure the observational equivalence between the correct executions of the initial system and the monitored system, we show that i) only stutter-invariant properties should be enforced on CBS with our monitors, ii) safety properties are 1-step enforceable. Given an abstract enforcement monitor (as a finite-state machine) for some 1-step enforceable specification, we formally instrument (at relevant locations) a given BIP system to integrate the monitor. At runtime, the monitor observes and automatically avoids any error in the behavior of the system w.r.t. the specification. Our approach is fully implemented in an available tool that we used to i) avoid deadlock occurrences on a dining philosophers benchmark, and ii) ensure the correct placement of robots on a map.

Software Engineering

Xiuting Ge,Shengcheng Yu,Chunrong Fang,Qi Zhu,Zhihong Zhao

DOI: https://doi.org/10.1109/tse.2022.3216879

IF: 7.4

2023-01-01

IEEE Transactions on Software Engineering

Abstract:Crowdsourced testing is an emerging trend in mobile application testing. The openness of crowdsourced testing provides a promising way to conduct large-scale and user-oriented testing scenarios on various mobile devices, while it also brings a problem, i.e., crowdworkers with different levels of testing experience severely threaten the quality of crowdsourced testing. Currently, many approaches have been proposed and studied to improve crowdsourced testing. However, these approaches do not fundamentally improve the ability of crowdworkers. In essence, the low-quality crowdsourced testing is caused by crowdworkers who are unfamiliar with the App Under Test (AUT) and do not know which part of the AUT should be tested. To address this problem, we propose a testing assistance approach, which leverages Android automated testing (i.e., dynamic and static analysis) to improve crowdsourced testing. Our approach constructs an Annotated Window Transition Graph (AWTG) model for the AUT by merging dynamic and static analysis results. Based on the AWTG model, our approach implements a testing assistance pipeline that provides the test task extraction, test task recommendation, and test task guidance to assist crowdworkers in testing the AUT. We experimentally evaluate our approach on real-world AUTs. The quantitative results demonstrate that our approach can effectively and efficiently assist crowdsourced testing. Besides, the qualitative results from a user study confirm the usefulness of our approach.

Radu Calinescu,Danny Weyns,Simos Gerasimou,Muhammad Usman Iftikhar,Ibrahim Habli,Tim Kelly

DOI: https://doi.org/10.1109/tse.2017.2738640

IF: 7.4

2018-11-01

IEEE Transactions on Software Engineering

Abstract:Building on concepts drawn from control theory, self-adaptive software handles environmental and internal uncertainties by dynamically adjusting its architecture and parameters in response to events such as workload changes and component failures. Self-adaptive software is increasingly expected to meet strict functional and non-functional requirements in applications from areas as diverse as manufacturing, healthcare and finance. To address this need, we introduce a methodology for the systematic ENgineering of TRUstworthy Self-adaptive sofTware (ENTRUST). ENTRUST uses a combination of (1)design-time and runtime modelling and verification, and (2)industry-adopted assurance processes to develop trustworthy self-adaptive software and assurance cases arguing the suitability of the software for its intended application. To evaluate the effectiveness of our methodology, we present a tool-supported instance of ENTRUST and its use to develop proof-of-concept self-adaptive software for embedded and service-based systems from the oceanic monitoring and e-finance domains, respectively. The experimental results show that ENTRUST can be used to engineer self-adaptive software systems in different application domains and to generate dynamic assurance cases for these systems.

engineering, electrical & electronic,computer science, software engineering