发布求助
文献互助 智能选刊 最新文献

2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST)最新文献

筛选
英文 中文
Determining Method-Call Sequences for Object Creation in C++ 确定c++中对象创建的方法调用序列
2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST) Pub Date : 2020-10-01 DOI: 10.1109/ICST46399.2020.00021
Thomas Bach, Ralf Pannemans, A. Andrzejak
{"title":"Determining Method-Call Sequences for Object Creation in C++","authors":"Thomas Bach, Ralf Pannemans, A. Andrzejak","doi":"10.1109/ICST46399.2020.00021","DOIUrl":"https://doi.org/10.1109/ICST46399.2020.00021","url":null,"abstract":"Unit tests in object-oriented programming languages must instantiate objects as an essential part of their set-up. Finding feasible method-call sequences for object creation and selecting a most desirable sequence can be a time-consuming challenge for developers in large C++ projects. This is caused by the intricacies of the C++ language, complexity of recursive object creation, and a large number of alternatives. We confirm the significance of the problem by analysis of 7large C++ projects and a survey with 143 practitioners. We then design an approach for recommending method-call sequences for object creation that align with criteria gathered by the survey. Our approach exploits accurate and efficient compiler-based source code analysis to build an object dependency graph that is processed by a divide-and-conquer algorithm.An evaluation on a large industrial project shows that our tool finds solutions that require in 99% of 1104 cases identical or fewer objects compared to manually crafted solutions. Developer feedback and manual analysis confirm these results. Moreover, solutions found by our tool require up to 6 times fewer objects on average compared to approaches from prior work.","PeriodicalId":235967,"journal":{"name":"2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133859416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Checking Security Properties of Cloud Service REST APIs 检查云服务REST接口安全属性
2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST) Pub Date : 2020-10-01 DOI: 10.1109/ICST46399.2020.00046
Vaggelis Atlidakis, Patrice Godefroid, Marina Polishchuk
{"title":"Checking Security Properties of Cloud Service REST APIs","authors":"Vaggelis Atlidakis, Patrice Godefroid, Marina Polishchuk","doi":"10.1109/ICST46399.2020.00046","DOIUrl":"https://doi.org/10.1109/ICST46399.2020.00046","url":null,"abstract":"Most modern cloud and web services are programmatically accessed through REST APIs. This paper discusses how an attacker might compromise a service by exploiting vulnerabilities in its REST API. We introduce four security rules that capture desirable properties of REST APIs and services. We then show how a stateful REST API fuzzer can be extended with active property checkers that automatically test and detect violations of these rules. We discuss how to implement such checkers in a modular and efficient way. Using these checkers, we found new bugs in several deployed production Azure and Office365 cloud services, and we discuss their security implications. All these bugs have been fixed.","PeriodicalId":235967,"journal":{"name":"2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114053909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 32
Can We Predict the Quality of Spectrum-based Fault Localization? 基于频谱的故障定位质量能否预测?
2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST) Pub Date : 2020-10-01 DOI: 10.1109/icst46399.2020.00012
Mojdeh Golagha, A. Pretschner, L. Briand
{"title":"Can We Predict the Quality of Spectrum-based Fault Localization?","authors":"Mojdeh Golagha, A. Pretschner, L. Briand","doi":"10.1109/icst46399.2020.00012","DOIUrl":"https://doi.org/10.1109/icst46399.2020.00012","url":null,"abstract":"Fault localization and repair are time-consuming and tedious. There is a significant and growing need for automated techniques to support such tasks. Despite significant progress in this area, existing fault localization techniques are not widely applied in practice yet and their effectiveness varies greatly from case to case. Existing work suggests new algorithms and ideas as well as adjustments to the test suites to improve the effectiveness of automated fault localization. However, important questions remain open: Why is the effectiveness of these techniques so unpredictable? What are the factors that influence the effectiveness of fault localization? Can we accurately predict fault localization effectiveness? In this paper, we try to answer these questions by collecting 70 static, dynamic, test suite, and fault-related metrics that we hypothesize are related to effectiveness. Our analysis shows that a combination of only a few static, dynamic, and test metrics enables the construction of a prediction model with excellent discrimination power between levels of effectiveness (eight metrics yielding an AUC of.86; fifteen metrics yielding an AUC of.88). The model hence yields a practically useful confidence factor that can be used to assess the potential effectiveness of fault localization. Given that the metrics are the most influential metrics explaining the effectiveness of fault localization, they can also be used as a guide for corrective actions on code and test suites leading to more effective fault localization.","PeriodicalId":235967,"journal":{"name":"2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST)","volume":"105 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121775277","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
How Can Software Testing be Improved by Analytics to Deliver Better Apps? 如何通过分析改进软件测试以提供更好的应用程序?
2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST) Pub Date : 2020-10-01 DOI: 10.1109/icst46399.2020.00052
Julian Harty
{"title":"How Can Software Testing be Improved by Analytics to Deliver Better Apps?","authors":"Julian Harty","doi":"10.1109/icst46399.2020.00052","DOIUrl":"https://doi.org/10.1109/icst46399.2020.00052","url":null,"abstract":"Many consider software testing to be necessary yet given the nature of testing and practical project constraints it cannot be comprehensive or complete. The resulting software has bugs including those that affect some users. Analytics of usage of apps may help illuminate testing that has been performed on existing releases and also inspire improvements to future testing. The Android ecosystem provides unusually rich analytics tools for developers of apps released in Google Play so my research focuses on this ecosystem to evaluate several analytics tools including Google Play Console, Android Vitals, which are integrated into the platform and the operating system, together with additional mobile analytics offerings from Google and Microsoft.","PeriodicalId":235967,"journal":{"name":"2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126601610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Smart, and also Reliable and Gas-Efficient, Contracts 智能,可靠,省油,合同
2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST) Pub Date : 2020-10-01 DOI: 10.1109/icst46399.2020.00010
E. Albert, J. Fernández, Pablo Gordillo, G. Román-Díez, A. Rubio
{"title":"Smart, and also Reliable and Gas-Efficient, Contracts","authors":"E. Albert, J. Fernández, Pablo Gordillo, G. Román-Díez, A. Rubio","doi":"10.1109/icst46399.2020.00010","DOIUrl":"https://doi.org/10.1109/icst46399.2020.00010","url":null,"abstract":"A smart contract is a software program that runs on top of a blockchain. It contains a collection of public functions that can be invoked within the transactions launched over the contract by parties interacting with it. Being computer programs, well-studied formal verification techniques can be applied to them. Indeed, smart contracts are a very interesting application domain for validation, verification and optimization techniques since (1) they are relatively small in size, hence the application of these techniques scales better than when applied to larger industrial code, (2) they are valuable (in the corresponding blockchain cryptocurrency), hence software bugs or inefficiencies can cause economical losses and there is much interest in formally proving their safety and security, and (3) they require proving new specific properties to ensure their reliability and efficiency.","PeriodicalId":235967,"journal":{"name":"2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126850655","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Implementation-induced Inconsistency and Nondeterminism in Deterministic Clustering Algorithms 确定性聚类算法中实现诱导的不一致性和不确定性
2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST) Pub Date : 2020-10-01 DOI: 10.1109/icst46399.2020.00032
Xin Yin, Iulian Neamtiu, Saketan Patil, Sean T. Andrews
{"title":"Implementation-induced Inconsistency and Nondeterminism in Deterministic Clustering Algorithms","authors":"Xin Yin, Iulian Neamtiu, Saketan Patil, Sean T. Andrews","doi":"10.1109/icst46399.2020.00032","DOIUrl":"https://doi.org/10.1109/icst46399.2020.00032","url":null,"abstract":"A deterministic clustering algorithm is designed to always produce the same clustering solution on a given input. Therefore, users of clustering implementations (toolkits) naturally assume that implementations of a deterministic clustering algorithm A have deterministic behavior, that is: (1) two different implementations I1 and I2 of A are interchangeable, producing the same clustering on a given input D, and (2) an implementation produces the same clustering solution when run repeatedly on D. We challenge these assumptions. Specifically, we analyze clustering behavior on 528 datasets, three deterministic algorithms (Affinity Propagation, DBSCAN, Hierarchical Agglomerative Clustering) and the deterministic portion of a fourth (K-means), as implemented in various toolkits; in total, we examined 13 algorithm-toolkit combinations. We found that different implementations of deterministic clustering algorithms make different choices, e.g., default parameter settings, noise insertion, input dataset characteristics. As a result, clustering solutions for a fixed algorithm-dataset combination can differ across runs (nondeterminism) and across toolkits (inconsistency). We expose several root causes of such behavior. We show that remedying these root causes improves determinism, increases consistency, and can even improve efficiency. Our approach and findings can benefit developers, testers, and users of clustering algorithms.","PeriodicalId":235967,"journal":{"name":"2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128635983","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
SunDew: Systematic Automated Security Testing SunDew:系统自动化安全测试
2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST) Pub Date : 2020-10-01 DOI: 10.1109/icst46399.2020.00011
Franjo Ivancic
{"title":"SunDew: Systematic Automated Security Testing","authors":"Franjo Ivancic","doi":"10.1109/icst46399.2020.00011","DOIUrl":"https://doi.org/10.1109/icst46399.2020.00011","url":null,"abstract":"At Google, tens of thousands of security and robustness bugs have been found by fuzzing C and C++ libraries. The various aspects of the SunDew project, one of the projects working on automated scalable techniques related to fuzzing at Google, are presented: how to fuzz, what to fuzz, and how to deal with discovered bugs. First, a distributed fuzzing infrastructure is presented. It allows to cooperatively utilize multiple test generation techniques. Then, a system for automated fuzz driver generation, named FUDGE, is described, which automatically generates fuzz driver candidates for libraries based on existing client code. Running large-scale fuzzing services also causes lots of bugs and vulnerabilities to be reported. Various techniques are presented to provide feedback to developers to reduce the time a known security bug remains open. Finally, challenges and opportunities to incorporate security testing into the general software development workflow are highlighted.","PeriodicalId":235967,"journal":{"name":"2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117245893","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Language-Agnostic Generation of Compilable Test Programs 与语言无关的可编译测试程序的生成
2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST) Pub Date : 2020-10-01 DOI: 10.1109/icst46399.2020.00015
Patrick Kreutzer, Stefan Kraus, M. Philippsen
{"title":"Language-Agnostic Generation of Compilable Test Programs","authors":"Patrick Kreutzer, Stefan Kraus, M. Philippsen","doi":"10.1109/icst46399.2020.00015","DOIUrl":"https://doi.org/10.1109/icst46399.2020.00015","url":null,"abstract":"Testing is an integral part of the development of compilers and other language processors. To automatically create large sets of test programs, random program generators, or fuzzers, have emerged. Unfortunately, existing approaches are either language-specific (and thus require a rewrite for each language) or may generate programs that violate rules of the respective programming language (which limits their usefulness). This work introduces *Smith, a language-agnostic framework for the generation of valid, compilable test programs. It takes as input an abstract attribute grammar that specifies the syntactic and semantic rules of a programming language. It then creates test programs that satisfy all these rules. By aggressively pruning the search space and keeping the construction as local as possible, *Smith can generate huge, complex test programs in short time. We present four case studies covering four real-world programming languages (C, Lua, SQL, and SMT-LIB 2) to show that *Smith is both efficient and effective, while being flexible enough to support programming languages that differ considerably. We found bugs in all four case studies. For example, *Smith detected 165 different crashes in older versions of GCC and LLVM. *Smith and the language grammars are available online.","PeriodicalId":235967,"journal":{"name":"2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST)","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116889490","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
AFLNET: A Greybox Fuzzer for Network Protocols AFLNET:网络协议的灰盒模糊器
2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST) Pub Date : 2020-10-01 DOI: 10.1109/icst46399.2020.00062
Van-Thuan Pham, Marcel Böhme, Abhik Roychoudhury
{"title":"AFLNET: A Greybox Fuzzer for Network Protocols","authors":"Van-Thuan Pham, Marcel Böhme, Abhik Roychoudhury","doi":"10.1109/icst46399.2020.00062","DOIUrl":"https://doi.org/10.1109/icst46399.2020.00062","url":null,"abstract":"Server fuzzing is difficult. Unlike simple command-line tools, servers feature a massive state space that can be traversed effectively only with well-defined sequences of input messages. Valid sequences are specified in a protocol. In this paper, we present AFLNET, the first greybox fuzzer for protocol implementations. Unlike existing protocol fuzzers, AFLNET takes a mutational approach and uses state-feedback to guide the fuzzing process. AFLNET is seeded with a corpus of recorded message exchanges between the server and an actual client. No protocol specification or message grammars are required. AFLNET acts as a client and replays variations of the original sequence of messages sent to the server and retains those variations that were effective at increasing the coverage of the code or state space. To identify the server states that are exercised by a message sequence, AFLNET uses the server’s response codes. From this feedback, AFLNET identifies progressive regions in the state space, and systematically steers towards such regions. The case studies with AFLNET on two popular protocol implementations demonstrate a substantial performance boost over the state-of the-art. AFLNET discovered two new CVEs which are classified as critical (CVSS score CRITICAL 9.8).","PeriodicalId":235967,"journal":{"name":"2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133429442","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 116
Dependency-Aware Web Test Generation 依赖感知的Web测试生成
2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST) Pub Date : 2020-10-01 DOI: 10.1109/icst46399.2020.00027
Matteo Biagiola, Andrea Stocco, F. Ricca, P. Tonella
{"title":"Dependency-Aware Web Test Generation","authors":"Matteo Biagiola, Andrea Stocco, F. Ricca, P. Tonella","doi":"10.1109/icst46399.2020.00027","DOIUrl":"https://doi.org/10.1109/icst46399.2020.00027","url":null,"abstract":"Web crawlers can perform long running in-depth explorations of a web application, achieving high coverage of the navigational structure. However, a crawling trace cannot be easily turned into a minimal test suite that achieves the same coverage. In fact, when the crawling trace is segmented into test cases, two problems arise: (1) test cases are dependent on each other, therefore they may raise errors when executed in isolation, and (2) test cases are redundant, since the same targets are covered multiple times by different test cases. In this paper, we propose DANTE, a novel web test generator that computes the test dependencies associated with the test cases obtained from a crawling session, and uses them to eliminate redundant tests and produce executable test schedules. DANTE can effectively turn a web crawler into a test case generator that produces minimal test suites, composed only of feasible tests that contribute to achieve the final coverage. Experimental results show that DANTE, on average, (1) reduces the error rate of the test cases obtained by crawling traces from 85% to zero, (2) produces minimized test suites that are 84% smaller than the initial ones, and (3) outperforms two competing crawling-based and model-based techniques in terms of coverage and breakage rate.","PeriodicalId":235967,"journal":{"name":"2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131692404","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信