操作配置文件覆盖能解释发布后的漏洞检测吗?

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Software Testing Verification & Reliability Pub Date : 2020-06-01 DOI:10.1002/stvr.1735

Lucas Andrade, Patricia D. L. Machado, W. Andrade

{"title":"操作配置文件覆盖能解释发布后的漏洞检测吗?","authors":"Lucas Andrade, Patricia D. L. Machado, W. Andrade","doi":"10.1002/stvr.1735","DOIUrl":null,"url":null,"abstract":"To deliver reliable software, developers may rely on the fault detection capability of test suites. To evaluate this capability, they can apply code coverage metrics before a software release. However, recent research results have shown that these metrics may not provide a solid basis for this evaluation. Moreover, the fixing of a fault has a cost, and not all faults have the same impact regarding software reliability. In this sense, operational testing aims at assessing parts of the system that are more valuable for users. The goal of this work is to investigate whether traditional code coverage and code coverage merged with operational information can be related to post‐release bug detection. We focus on the scope of proprietary software under continuous delivery. We performed an exploratory case study where code branch and statement coverage metrics were collected for each version of a proprietary software together with real usage data of the system. We then measured the ability to explain the bug‐fixing activity after version release using code coverage levels. We found that traditional statement coverage has a moderate negative correlation with bug‐fixing activities, whereas statement coverage merged with the operational profile has a large negative correlation with higher confidence. Developers can consider operational information as an important factor of influence that should be analysed, among other factors, together with code coverage to assess the fault detection capability of a test suite.","PeriodicalId":49506,"journal":{"name":"Software Testing Verification & Reliability","volume":"31 1","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Can operational profile coverage explain post‐release bug detection?\",\"authors\":\"Lucas Andrade, Patricia D. L. Machado, W. Andrade\",\"doi\":\"10.1002/stvr.1735\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To deliver reliable software, developers may rely on the fault detection capability of test suites. To evaluate this capability, they can apply code coverage metrics before a software release. However, recent research results have shown that these metrics may not provide a solid basis for this evaluation. Moreover, the fixing of a fault has a cost, and not all faults have the same impact regarding software reliability. In this sense, operational testing aims at assessing parts of the system that are more valuable for users. The goal of this work is to investigate whether traditional code coverage and code coverage merged with operational information can be related to post‐release bug detection. We focus on the scope of proprietary software under continuous delivery. We performed an exploratory case study where code branch and statement coverage metrics were collected for each version of a proprietary software together with real usage data of the system. We then measured the ability to explain the bug‐fixing activity after version release using code coverage levels. We found that traditional statement coverage has a moderate negative correlation with bug‐fixing activities, whereas statement coverage merged with the operational profile has a large negative correlation with higher confidence. Developers can consider operational information as an important factor of influence that should be analysed, among other factors, together with code coverage to assess the fault detection capability of a test suite.\",\"PeriodicalId\":49506,\"journal\":{\"name\":\"Software Testing Verification & Reliability\",\"volume\":\"31 1\",\"pages\":\"\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2020-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Software Testing Verification & Reliability\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1002/stvr.1735\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Software Testing Verification & Reliability","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1002/stvr.1735","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

摘要

为了交付可靠的软件，开发人员可能依赖于测试套件的故障检测能力。为了评估这种能力，他们可以在软件发布之前应用代码覆盖度量。然而，最近的研究结果表明，这些指标可能不能为这种评估提供坚实的基础。此外，修复一个错误是有代价的，并不是所有的错误对软件可靠性都有相同的影响。从这个意义上说，操作测试旨在评估系统中对用户更有价值的部分。这项工作的目标是调查传统的代码覆盖率和合并了操作信息的代码覆盖率是否与发布后的bug检测有关。我们专注于持续交付的专有软件范围。我们执行了一个探索性的案例研究，其中收集了专有软件的每个版本的代码分支和语句覆盖度量，以及系统的实际使用数据。然后，我们使用代码覆盖级别来衡量版本发布后解释bug修复活动的能力。我们发现，传统的语句覆盖率与错误修复活动有适度的负相关，而与操作概况合并的语句覆盖率与更高的置信度有很大的负相关。开发人员可以考虑将操作信息作为一个重要的影响因素，在其他因素中，与代码覆盖率一起分析，以评估测试套件的故障检测能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Can operational profile coverage explain post‐release bug detection?

To deliver reliable software, developers may rely on the fault detection capability of test suites. To evaluate this capability, they can apply code coverage metrics before a software release. However, recent research results have shown that these metrics may not provide a solid basis for this evaluation. Moreover, the fixing of a fault has a cost, and not all faults have the same impact regarding software reliability. In this sense, operational testing aims at assessing parts of the system that are more valuable for users. The goal of this work is to investigate whether traditional code coverage and code coverage merged with operational information can be related to post‐release bug detection. We focus on the scope of proprietary software under continuous delivery. We performed an exploratory case study where code branch and statement coverage metrics were collected for each version of a proprietary software together with real usage data of the system. We then measured the ability to explain the bug‐fixing activity after version release using code coverage levels. We found that traditional statement coverage has a moderate negative correlation with bug‐fixing activities, whereas statement coverage merged with the operational profile has a large negative correlation with higher confidence. Developers can consider operational information as an important factor of influence that should be analysed, among other factors, together with code coverage to assess the fault detection capability of a test suite.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Software Testing Verification & Reliability 工程技术-计算机：软件工程

CiteScore

3.70

自引率

0.00%

发文量

审稿时长

>12 weeks

期刊介绍： The journal is the premier outlet for research results on the subjects of testing, verification and reliability. Readers will find useful research on issues pertaining to building better software and evaluating it. The journal is unique in its emphasis on theoretical foundations and applications to real-world software development. The balance of theory, empirical work, and practical applications provide readers with better techniques for testing, verifying and improving the reliability of software. The journal targets researchers, practitioners, educators and students that have a vested interest in results generated by high-quality testing, verification and reliability modeling and evaluation of software. Topics of special interest include, but are not limited to: -New criteria for software testing and verification -Application of existing software testing and verification techniques to new types of software, including web applications, web services, embedded software, aspect-oriented software, and software architectures -Model based testing -Formal verification techniques such as model-checking -Comparison of testing and verification techniques -Measurement of and metrics for testing, verification and reliability -Industrial experience with cutting edge techniques -Descriptions and evaluations of commercial and open-source software testing tools -Reliability modeling, measurement and application -Testing and verification of software security -Automated test data generation -Process issues and methods -Non-functional testing