发布求助
文献互助 智能选刊 最新文献

Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis最新文献

筛选
英文 中文
Efficient statistical debugging via hierarchical instrumentation 通过分层工具进行有效的统计调试
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis Pub Date : 2014-07-21 DOI: 10.1145/2610384.2631833
Zhiqiang Zuo
{"title":"Efficient statistical debugging via hierarchical instrumentation","authors":"Zhiqiang Zuo","doi":"10.1145/2610384.2631833","DOIUrl":"https://doi.org/10.1145/2610384.2631833","url":null,"abstract":"Debugging is known to be a notoriously painstaking and time-consuming task. As one major family of automated debugging, statistical debugging approaches have been well investigated over the past decade to assist in debugging. All these approaches instrument the entire buggy program to produce execution profiles for debugging. Consequently, they often incur hefty instrumentation and analysis cost. However, as in fact major part of the program code is error-free, full-scale program instrumentation is wasteful and unnecessary. In this doctoral research, a novel hierarchical instrumentation (HI) technique is devised to perform selective instrumentation so as to make statistical debugging more efficient while upholding the debugging effectiveness. We apply HI to two different categories of statistical debugging: in-house and cooperative debugging. The experiments validate that HI can greatly improve the efficiency of debugging.","PeriodicalId":20624,"journal":{"name":"Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis","volume":"62 1","pages":"457-460"},"PeriodicalIF":0.0,"publicationDate":"2014-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72782527","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Using test case reduction and prioritization to improve symbolic execution 使用测试用例减少和优先级来改进符号执行
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis Pub Date : 2014-07-21 DOI: 10.1145/2610384.2610392
Chaoqiang Zhang, Alex Groce, Mohammad Amin Alipour
{"title":"Using test case reduction and prioritization to improve symbolic execution","authors":"Chaoqiang Zhang, Alex Groce, Mohammad Amin Alipour","doi":"10.1145/2610384.2610392","DOIUrl":"https://doi.org/10.1145/2610384.2610392","url":null,"abstract":"Scaling symbolic execution to large programs or programs with complex inputs remains difficult due to path explosion and complex constraints, as well as external method calls. Additionally, creating an effective test structure with symbolic inputs can be difficult. A popular symbolic execution strategy in practice is to perform symbolic execution not “from scratch” but based on existing test cases. This paper proposes that the effectiveness of this approach to symbolic execution can be enhanced by (1) reducing the size of seed test cases and (2) prioritizing seed test cases to maximize exploration efficiency. The proposed test case reduction strategy is based on a recently introduced generalization of delta debugging, and our prioritization techniques include novel methods that, for this purpose, can outperform some traditional regression testing algorithms. We show that applying these methods can significantly improve the effectiveness of symbolic execution based on existing test cases.","PeriodicalId":20624,"journal":{"name":"Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis","volume":"39 1","pages":"160-170"},"PeriodicalIF":0.0,"publicationDate":"2014-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79727007","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 40
DOM-based test adequacy criteria for web applications web应用程序基于dom的测试充分性标准
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis Pub Date : 2014-07-21 DOI: 10.1145/2610384.2610406
Mehdi MirzaAghaei, A. Mesbah
{"title":"DOM-based test adequacy criteria for web applications","authors":"Mehdi MirzaAghaei, A. Mesbah","doi":"10.1145/2610384.2610406","DOIUrl":"https://doi.org/10.1145/2610384.2610406","url":null,"abstract":"To assess the quality of web application test cases, web developers currently measure code coverage. Although code coverage has traditionally been a popular test adequacy criterion, we believe it alone is not adequate for assessing the quality of web application test cases. We propose a set of novel DOM-based test adequacy criteria for web applications. These criteria aim at measuring coverage at two granularity levels, (1) the percentage of DOM states and transitions covered in the total state space of the web application under test, and (2) the percentage of elements covered in each particular DOM state. We present a technique and tool, called DomCovery, which automatically extracts and measures the proposed adequacy criteria and generates a visual DOM coverage report. Our evaluation shows that there is no correlation between code coverage and DOM coverage. A controlled experiment illustrates that participants using DomCovery completed coverage related tasks 22% more accurately and 66% faster.","PeriodicalId":20624,"journal":{"name":"Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis","volume":"99 1","pages":"71-81"},"PeriodicalIF":0.0,"publicationDate":"2014-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80905299","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Covrig: a framework for the analysis of code, test, and coverage evolution in real software 覆盖:用于分析实际软件中的代码、测试和覆盖演变的框架
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis Pub Date : 2014-07-21 DOI: 10.1145/2610384.2610419
P. Marinescu, Petr Hosek, Cristian Cadar
{"title":"Covrig: a framework for the analysis of code, test, and coverage evolution in real software","authors":"P. Marinescu, Petr Hosek, Cristian Cadar","doi":"10.1145/2610384.2610419","DOIUrl":"https://doi.org/10.1145/2610384.2610419","url":null,"abstract":"Software repositories provide rich information about the construction and evolution of software systems. While static data that can be mined directly from version control systems has been extensively studied, dynamic metrics concerning the execution of the software have received much less attention, due to the inherent difficulty of running and monitoring a large number of software versions. In this paper, we present Covrig, a flexible infrastructure that can be used to run each version of a system in isolation and collect static and dynamic software metrics, using a lightweight virtual machine environment that can be deployed on a cluster of local or cloud machines. We use Covrig to conduct an empirical study examining how code and tests co-evolve in six popular open-source systems. We report the main characteristics of software patches, analyse the evolution of program and patch coverage, assess the impact of nondeterminism on the execution of test suites, and investigate whether the coverage of code containing bugs and bug fixes is higher than average.","PeriodicalId":20624,"journal":{"name":"Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis","volume":"77 1","pages":"93-104"},"PeriodicalIF":0.0,"publicationDate":"2014-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82240053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 48
Robust test automation using contextual clues 使用上下文线索的健壮测试自动化
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis Pub Date : 2014-07-21 DOI: 10.1145/2610384.2610390
Rahulkrishna Yandrapally, Suresh Thummalapenta, S. Sinha, S. Chandra
{"title":"Robust test automation using contextual clues","authors":"Rahulkrishna Yandrapally, Suresh Thummalapenta, S. Sinha, S. Chandra","doi":"10.1145/2610384.2610390","DOIUrl":"https://doi.org/10.1145/2610384.2610390","url":null,"abstract":"Despite the seemingly obvious advantage of test automation, significant skepticism exists in the industry regarding its cost-benefit tradeoffs. Test scripts for web applications are fragile: even small changes in the page layout can break a number of tests, requiring the expense of re-automating them. Moreover, a test script created for one browser cannot be relied upon to run on a different web browser: it requires duplicate effort to create and maintain versions of tests for a variety of browsers. Because of these hidden costs, organizations often fall back to manual testing. \u0000 We present a fresh solution to the problem of test-script fragility. Often, the root cause of test-script fragility is that, to identify UI elements on a page, tools typically record some metadata that depends on the internal representation of the page in a browser. Our technique eliminates metadata almost entirely. Instead, it identifies UI elements relative to other prominent elements on the page. The core of our technique automatically identifies a series of contextual clues that unambiguously identify a UI element, without recording anything about the internal representation. \u0000 Empirical evidence shows that our technique is highly accurate in computing contextual clues, and outperforms existing techniques in its resilience to UI changes as well as browser changes.","PeriodicalId":20624,"journal":{"name":"Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis","volume":"75 1","pages":"304-314"},"PeriodicalIF":0.0,"publicationDate":"2014-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86182195","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 44
Extending a search-based test generator with adaptive dynamic symbolic execution 用自适应动态符号执行扩展基于搜索的测试生成器
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis Pub Date : 2014-07-21 DOI: 10.1145/2610384.2628049
Juan P. Galeotti, G. Fraser, Andrea Arcuri
{"title":"Extending a search-based test generator with adaptive dynamic symbolic execution","authors":"Juan P. Galeotti, G. Fraser, Andrea Arcuri","doi":"10.1145/2610384.2628049","DOIUrl":"https://doi.org/10.1145/2610384.2628049","url":null,"abstract":"Automatic unit test generation aims to support developers by alleviating the burden of test writing. Different techniques have been proposed over the years, each with distinct limitations. To overcome these limitations, we present an extension to the EvoSuite unit test generator that combines two of the most popular techniques for test case generation: Search-Based Software Testing (SBST) and Dynamic Symbolic Execution (DSE). A novel integration of DSE as a step of local improvement in a genetic algorithm results in an adaptive approach, such that the best test generation technique for the problem at hand is favoured, resulting in overall higher code coverage.","PeriodicalId":20624,"journal":{"name":"Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis","volume":"1 1","pages":"421-424"},"PeriodicalIF":0.0,"publicationDate":"2014-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77206978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Lightweight automated detection of unsafe information leakage via exceptions 通过异常对不安全信息泄漏进行轻量级自动检测
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis Pub Date : 2014-07-21 DOI: 10.1145/2610384.2610412
Benwen Zhang, J. Clause
{"title":"Lightweight automated detection of unsafe information leakage via exceptions","authors":"Benwen Zhang, J. Clause","doi":"10.1145/2610384.2610412","DOIUrl":"https://doi.org/10.1145/2610384.2610412","url":null,"abstract":"Unintended information leakage is one of the most common and severe problems facing modern applications. To help developers detect information leaks before they can be leveraged by attackers, we present a new static analysis-based technique for detecting a specific type of information leak: information leaks via exceptions. Because it focuses on a specific type of leak, the technique is able to be efficient, effective, and easy to use, qualities that are often lacking in more general techniques. We implemented our technique in a prototype tool, UDLD, and performed an extensive empirical evaluation using 19 real web applications. The results of the evaluation show that UDLD is both efficient and effective at detecting unsafe information leaks via exceptions; for the subjects that we considered, UDLD is the fastest among several alternative tools. Moreover, it reported more true leaks than existing state-of-the-art tools with no known false negatives and no false positives.","PeriodicalId":20624,"journal":{"name":"Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis","volume":"90 1","pages":"327-338"},"PeriodicalIF":0.0,"publicationDate":"2014-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78066357","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
CrashLocator: locating crashing faults based on crash stacks CrashLocator:基于崩溃堆栈定位崩溃故障
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis Pub Date : 2014-07-21 DOI: 10.1145/2610384.2610386
Rongxin Wu, Hongyu Zhang, S. Cheung, Sunghun Kim
{"title":"CrashLocator: locating crashing faults based on crash stacks","authors":"Rongxin Wu, Hongyu Zhang, S. Cheung, Sunghun Kim","doi":"10.1145/2610384.2610386","DOIUrl":"https://doi.org/10.1145/2610384.2610386","url":null,"abstract":"Software crash is common. When a crash occurs, software developers can receive a report upon user permission. A crash report typically includes a call stack at the time of crash. An important step of debugging a crash is to identify faulty functions, which is often a tedious and labor-intensive task. In this paper, we propose CrashLocator, a method to locate faulty functions using the crash stack information in crash reports. It deduces possible crash traces (the failing execution traces that lead to crash) by expanding the crash stack with functions in static call graph. It then calculates the suspiciousness of each function in the approximate crash traces. The functions are then ranked by their suspiciousness scores and are recommended to developers for further investigation. We evaluate our approach using real-world Mozilla crash data. The results show that our approach is effective: we can locate 50.6%, 63.7% and 67.5% of crashing faults by examining top 1, 5 and 10 functions recommended by CrashLocator, respectively. Our approach outperforms the conventional stack-only methods significantly.","PeriodicalId":20624,"journal":{"name":"Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis","volume":"121 1","pages":"204-214"},"PeriodicalIF":0.0,"publicationDate":"2014-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85640851","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 122
Automated testing for SQL injection vulnerabilities: an input mutation approach SQL注入漏洞的自动化测试:输入突变方法
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis Pub Date : 2014-07-21 DOI: 10.1145/2610384.2610403
Dennis Appelt, Duy Cu Nguyen, L. Briand, N. Alshahwan
{"title":"Automated testing for SQL injection vulnerabilities: an input mutation approach","authors":"Dennis Appelt, Duy Cu Nguyen, L. Briand, N. Alshahwan","doi":"10.1145/2610384.2610403","DOIUrl":"https://doi.org/10.1145/2610384.2610403","url":null,"abstract":"Web services are increasingly adopted in various domains, from finance and e-government to social media. As they are built on top of the web technologies, they suffer also an unprecedented amount of attacks and exploitations like the Web. Among the attacks, those that target SQL injection vulnerabilities have consistently been top-ranked for the last years. Testing to detect such vulnerabilities before making web services public is crucial. We present in this paper an automated testing approach, namely μ4SQLi, and its underpinning set of mutation operators. μ4SQLi can produce effective inputs that lead to executable and harmful SQL statements. Executability is key as otherwise no injection vulnerability can be exploited. Our evaluation demonstrated that the approach is effective to detect SQL injection vulnerabilities and to produce inputs that bypass application firewalls, which is a common configuration in real world.","PeriodicalId":20624,"journal":{"name":"Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis","volume":"64 1","pages":"259-269"},"PeriodicalIF":0.0,"publicationDate":"2014-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74417804","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 96
Verifying atomicity via data independence 通过数据独立性验证原子性
Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis Pub Date : 2014-07-21 DOI: 10.1145/2610384.2610402
Ohad Shacham, Eran Yahav, Guy Golan-Gueta, A. Aiken, N. Bronson, Shmuel Sagiv, Martin T. Vechev
{"title":"Verifying atomicity via data independence","authors":"Ohad Shacham, Eran Yahav, Guy Golan-Gueta, A. Aiken, N. Bronson, Shmuel Sagiv, Martin T. Vechev","doi":"10.1145/2610384.2610402","DOIUrl":"https://doi.org/10.1145/2610384.2610402","url":null,"abstract":"We present a technique for automatically verifying atomicity of composed concurrent operations. The main observation behind our approach is that many composed concurrent operations which occur in practice are data-independent. That is, the control-flow of the composed operation does not depend on specific input values. While verifying data-independence is undecidable in the general case, we provide succint sufficient conditions that can be used to establish a composed operation as data-independent. We show that for the common case of concurrent maps, data-independence reduces the hard problem of verifying linearizability to a verification problem that can be solved efficiently with a bounded number of keys and values. We implemented our approach in a tool called VINE and evaluated it on all composed operations from 57 real-world applications (112 composed operations). We show that many composed operations (49 out of 112) are data-independent, and automatically verify 30 of them as linearizable and the rest 19 as having violations of linearizability that could be repaired and then subsequently automatically verified. Moreover, we show that the remaining 63 operations are not linearizable, thus indicating that data independence does not limit the expressiveness of writing realistic linearizable composed operations.","PeriodicalId":20624,"journal":{"name":"Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis","volume":"4 1","pages":"26-36"},"PeriodicalIF":0.0,"publicationDate":"2014-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79888947","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信