Modified Condition/Decision Coverage (MC/DC) became widely used in software testing, especially in safety-critical domain. However, existing testing tools often aim at achieving statement or branch coverage and do not support test generation for MC/DC. In this paper, we propose a novel test generation method to find appropriate test data for MC/DC. Specifically, we first extract paths from the target program and then find appropriate test data to trigger these paths. In the path extraction process, we propose a greedy strategy to determine the next selected branch. The evaluation results show that our method can actually generate test data quickly and the coverage increases a lot (up to 37.5%) compared with existing approaches.
{"title":"Automatic Test Data Generation for Unit Testing to Achieve MC/DC Criterion","authors":"Tianyong Wu, Jun Yan, Jian Zhang","doi":"10.1109/SERE.2014.25","DOIUrl":"https://doi.org/10.1109/SERE.2014.25","url":null,"abstract":"Modified Condition/Decision Coverage (MC/DC) became widely used in software testing, especially in safety-critical domain. However, existing testing tools often aim at achieving statement or branch coverage and do not support test generation for MC/DC. In this paper, we propose a novel test generation method to find appropriate test data for MC/DC. Specifically, we first extract paths from the target program and then find appropriate test data to trigger these paths. In the path extraction process, we propose a greedy strategy to determine the next selected branch. The evaluation results show that our method can actually generate test data quickly and the coverage increases a lot (up to 37.5%) compared with existing approaches.","PeriodicalId":248957,"journal":{"name":"2014 Eighth International Conference on Software Security and Reliability","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131301925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Shuai Wei, Enyi Tang, Tianyu Liu, N. Müller, Zhenyu Chen
Numerical analysis is an important process for creating reliable numerical software. However, traditional analysis methods rely on manual estimation by numerical analysts, which is restricted by the problem size. Although some state-of-art software packages can check whether a program is numerical unstable, they cannot tell whether it is caused by ill-posed problem itself or by some improper implementation practices, while these packages work on the floating point values in the program. In this paper, we introduce an automatic framework that utilizes infinite-precision arithmetic to analyze large-scale numerical problems by computer. To eliminate rounding errors, the computing process iterates itself to increase intermediate precision until the calculation reaches the desired final precision. Then the framework perturbs the inputs and intermediate values of a certain numerical problem. By checking the gaps among different program outputs, the framework helps us understand whether the problem is well-conditioned or ill-conditioned. The framework also compares the infinite-precision arithmetic with fixed-precision arithmetic. The evaluation of a bunch of classical problems shows that our framework is able to detect the ill-conditioning in large-scale problems effectively.
{"title":"Automatic Numerical Analysis Based on Infinite-Precision Arithmetic","authors":"Shuai Wei, Enyi Tang, Tianyu Liu, N. Müller, Zhenyu Chen","doi":"10.1109/SERE.2014.35","DOIUrl":"https://doi.org/10.1109/SERE.2014.35","url":null,"abstract":"Numerical analysis is an important process for creating reliable numerical software. However, traditional analysis methods rely on manual estimation by numerical analysts, which is restricted by the problem size. Although some state-of-art software packages can check whether a program is numerical unstable, they cannot tell whether it is caused by ill-posed problem itself or by some improper implementation practices, while these packages work on the floating point values in the program. In this paper, we introduce an automatic framework that utilizes infinite-precision arithmetic to analyze large-scale numerical problems by computer. To eliminate rounding errors, the computing process iterates itself to increase intermediate precision until the calculation reaches the desired final precision. Then the framework perturbs the inputs and intermediate values of a certain numerical problem. By checking the gaps among different program outputs, the framework helps us understand whether the problem is well-conditioned or ill-conditioned. The framework also compares the infinite-precision arithmetic with fixed-precision arithmetic. The evaluation of a bunch of classical problems shows that our framework is able to detect the ill-conditioning in large-scale problems effectively.","PeriodicalId":248957,"journal":{"name":"2014 Eighth International Conference on Software Security and Reliability","volume":"135 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131955597","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The reliability and security of software are affected by its constant changes. For that reason, developers use change-impact analysis early to identify the potential consequences of changing a program location. Dynamic impact analysis, in particular, identifies potential impacts on concrete, typical executions. However, the accuracy (precision and recall) of dynamic impact analyses for predicting the actual impacts of changes has not been studied. In this paper, we present a novel approach based on sensitivity analysis and execution differencing to estimate, for the first time, the accuracy of dynamic impact analyses. Unlike approaches that only use software repositories, which might not be available or might contain insufficient changes, our approach makes changes to every part of the software to identify actually impacted code and compare it with the predictions of dynamic impact analysis. Using this approach in addition to changes made by other researchers on multiple Java subjects, we estimated the accuracy of the best method-level dynamic impact analysis in the literature. Our results suggest that dynamic impact analysis can be surprisingly inaccurate with an average precision of 47-52% and recall of 56-87%. This study offers insights to developers into the effectiveness of existing dynamic impact analyses and motivates the future development of more accurate analyses.
{"title":"Estimating the Accuracy of Dynamic Change-Impact Analysis Using Sensitivity Analysis","authors":"Haipeng Cai, Raúl A. Santelices, Tianyu Xu","doi":"10.1109/SERE.2014.18","DOIUrl":"https://doi.org/10.1109/SERE.2014.18","url":null,"abstract":"The reliability and security of software are affected by its constant changes. For that reason, developers use change-impact analysis early to identify the potential consequences of changing a program location. Dynamic impact analysis, in particular, identifies potential impacts on concrete, typical executions. However, the accuracy (precision and recall) of dynamic impact analyses for predicting the actual impacts of changes has not been studied. In this paper, we present a novel approach based on sensitivity analysis and execution differencing to estimate, for the first time, the accuracy of dynamic impact analyses. Unlike approaches that only use software repositories, which might not be available or might contain insufficient changes, our approach makes changes to every part of the software to identify actually impacted code and compare it with the predictions of dynamic impact analysis. Using this approach in addition to changes made by other researchers on multiple Java subjects, we estimated the accuracy of the best method-level dynamic impact analysis in the literature. Our results suggest that dynamic impact analysis can be surprisingly inaccurate with an average precision of 47-52% and recall of 56-87%. This study offers insights to developers into the effectiveness of existing dynamic impact analyses and motivates the future development of more accurate analyses.","PeriodicalId":248957,"journal":{"name":"2014 Eighth International Conference on Software Security and Reliability","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128386564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Testing-as-a-Service (TaaS) in a cloud environment can leverage the computation power provided by the cloud. Specifically, testing can be scaled to large and dynamic workloads, executed in a distributed environment with hundreds of thousands of processors, and these processors may support concurrent and distributed test execution and analysis. TaaS may be implemented as SaaS and used to test SaaS applications. This paper proposes a TaaS design for SaaS combinatorial testing. Test Algebra (TA) and Adaptive Reasoning (AR) algorithm are used in the TaaS design.
{"title":"TaaS (Testing-as-a-Service) Design for Combinatorial Testing","authors":"W. Tsai, Guanqiu Qi, Lian Yu, J. Gao","doi":"10.1109/SERE.2014.26","DOIUrl":"https://doi.org/10.1109/SERE.2014.26","url":null,"abstract":"Testing-as-a-Service (TaaS) in a cloud environment can leverage the computation power provided by the cloud. Specifically, testing can be scaled to large and dynamic workloads, executed in a distributed environment with hundreds of thousands of processors, and these processors may support concurrent and distributed test execution and analysis. TaaS may be implemented as SaaS and used to test SaaS applications. This paper proposes a TaaS design for SaaS combinatorial testing. Test Algebra (TA) and Adaptive Reasoning (AR) algorithm are used in the TaaS design.","PeriodicalId":248957,"journal":{"name":"2014 Eighth International Conference on Software Security and Reliability","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131849644","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This research describes a novel security metric, network taint, which is related to software taint analysis. We use it here to bound the possible malicious influence of a known compromised node through monitoring and evaluating network flows. The result is a dynamically changing defense-in-depth map that shows threat level indicators gleaned from monotonically decreasing threat chains. We augment this analysis with concepts from the complex networks research area in forming dynamically changing security perimeters and measuring the cardinality of the set of threatened nodes within them. In providing this, we hope to advance network incident response activities by providing a rapid automated initial triage service that can guide and prioritize investigative activities.
{"title":"Using Network Tainting to Bound the Scope of Network Ingress Attacks","authors":"P. Mell, Richard E. Harang","doi":"10.1109/SERE.2014.34","DOIUrl":"https://doi.org/10.1109/SERE.2014.34","url":null,"abstract":"This research describes a novel security metric, network taint, which is related to software taint analysis. We use it here to bound the possible malicious influence of a known compromised node through monitoring and evaluating network flows. The result is a dynamically changing defense-in-depth map that shows threat level indicators gleaned from monotonically decreasing threat chains. We augment this analysis with concepts from the complex networks research area in forming dynamically changing security perimeters and measuring the cardinality of the set of threatened nodes within them. In providing this, we hope to advance network incident response activities by providing a rapid automated initial triage service that can guide and prioritize investigative activities.","PeriodicalId":248957,"journal":{"name":"2014 Eighth International Conference on Software Security and Reliability","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134242759","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: