The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Symbolic execution and mutation testing have been demonstrated to be effective in revealing program defects. Despite their potential, their application cost, scalability and robust operation are obstacles to their practical use. Symbolic execution has the problem of path explosion, which results from the vast number of program paths, while mutation testing involves a large number of program variants...
In the recent years, a lot of research has been done in the field of software testing. But, there exist few empirical studies which analyze, if results of software testing research are actually practiced in real software projects, why they are (not) practiced, and how this influences the quality of the project. Our proposed research project tries to close this gap by analyzing open-source software...
Linear hybrid automaton is a specification language for hybrid systems. For verification of hybrid systems, it is important to check fairness assumptions. For example, an embedded system keeps running forever when it starts to move by turning on the switch. Such a system has to be checked not only system safety but also fairness and non-Zenoness. The state space explosion is a fundamental problem...
Testing and debugging is one of the most expensive and challenging phases in the software development life-cycle. One important cost factor in the debugging process is the time required to analyze failures and repair underlying faults. Two types of methods that can help testers to reduce this analysis time are Failure Clustering and Fault Localization. Although there is a plethora of these methods...
Fault localization is very important to both researchers and practitioners. Running tests is a useful approach to identify the fault location. Researchers have studied how to automatically identify faults in database applications [1], [2], [3]. However, those research considers the entire SQL statement as one line of code, indicating that the whole SQL statement contains errors. Little attention has...
Debugging multithreaded software is challenging because the basic assumption that underlies sequential software debugging, i.e. the program behavior is deterministic under fixed inputs, is no longer valid due to the nondeterminism brought by thread scheduling. To restore this basic assumption, we propose a proactive debugging method so that programmers can debug multithreaded programs as if they were...
Open source projects and the globalization of the software industry have been a driving force in reuse of system components across traditional system boundaries. As a result, vulnerabilities and security concerns are no longer only impact individual but now also global software ecosystems. Known vulnerabilities and security concerns are reported in specialized vulnerability databases, which often...
Correct behaviour of X.509 certificate validation code in SSL/TLS implementations is crucial to ensure secure communication channels. Recently, there have been major efforts in testing these implementations, namely frankencerts and mucerts, which provide new ways to generate test certificates which are likely to reveal errors in the implementations of X.509 validation logic. However, it remains a...
We propose a technique based on symbolic execution for analyzing the algorithmic complexity of programs. The technique uses an efficient guided analysis to compute bounds on the worst-case complexity (for increasing input sizes) and to generate test values that trigger the worst-case behaviors. The resulting bounds are fitted to a function to obtain a prediction of the worst-case program behavior...
Fault localization techniques have been applied to database and data-centric applications that use SQL or SQL-based languages. However, existing techniques can only identify the SQL statements that have faults, but not determine the precise location of the faults within SQL statements. Since SQL statements can be rather complex, programmers are still left with a difficult repair chore. We propose...
Developers of performance sensitive production software are in a dilemma: performance regression tests are too costly to run at each commit, but skipping the tests delays and complicates performance regression detection. Ideally, developers would have a system that predicts whether a given commit is likely to impact performance and suggests which tests to run to detect a potential performance regression...
A container is a group of processes isolated from other groups via distinct kernel namespaces and resource allocation quota. Attacks against containers often leverage kernel exploits through system call interface. In this paper, we present an approach that mines sandboxes for containers. We first explore the behaviors of a container by leveraging automatic testing, and extract the set of system calls...
Over the last decade, a globalization of the software industry took place, which facilitated the sharing and reuse of code across existing project boundaries. At the same time, such global reuse also introduces new challenges to the software engineering community, with not only components but also their problems and vulnerabilities being now shared. For example, vulnerabilities found in APIs no longer...
Emulating fault scenarios by injecting faults intentionally is commonly used to test and verify the robustness of a system. As the number of hardware devices integrated into an embedded system tends to increase consistently and the chance of hardware failure is expected to increase in an SoC, it becomes important to emulate fault scenarios caused by hardware-related errors. To this end, we present...
Several fault predictors were proposed in the context of Spectrum-based Fault Localization approaches to rank software components in order of suspiciousness of being the root-cause of observed failures. Previous work has also shown that some of the fault predictors (near-)optimally rank software components, provided that there is one fault in the system. Despite this, further work is being spent on...
In mobile application development, the frequentsoftware release limits the testing time resource. In order todetect bugs in early phases, researchers proposed various testcase prioritization (TCP) techniques in past decades. In practice, considering that some test case is described or contains text, theresearchers also employed Natural Language Processing (NLP)to assist the TCP techniques. This paper...
Automated white-box testing is a major issue in software engineering. In previous work, we introduced LTest, a generic and integrated toolkit for automated white-box testing of C programs. LTest supports a broad class of coverage criteria in a unified way (through the label specification mechanism) and covers most major parts of the testing process – including coverage measurement, test generation...
A large amount of research has been carried out to automate white-box testing. While a wide range of different and sometimes heterogeneous code-coverage criteria have been proposed, there exists no generic formalism to describe them all, and available test automation tools usually support only a small subset of them. We introduce a new specification language, called HTOL (Hyperlabel Test Objectives...
Test automation involves the automatic execution of test scripts instead of being manually run. This significantly reduces the amount of manual effort needed and thus is of great interest to the software testing industry. There are two key problems in the existing tools & methods for test automation - a) Creating an automation test script is essentially a code development task, which most testers...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.