SlideShare a Scribd company logo

EXTENT-2017: Gap Testing: Combining Diverse Testing Strategies for Fun and Profit

Download as PPTX, PDF
Iosif Itkin
Iosif Itkin

EXTENT-2017: Software Testing & Trading Technology Trends Conference 29 June, 2017, 10 Paternoster Square, London Gap Testing: Combining Diverse Testing Strategies for Fun and Profit Ben Livshits, Professor, Imperial College London Would like to know more? Visit our website: extentconf.com Follow us: https://www.linkedin.com/company/exactpro-systems-llc?trk=biz-companies-cym https://twitter.com/exactpro #extentconf #exactpro

Technology
1 of 17
DR. BEN LIVSHITS IMPERIAL COLLEGE LONDON GAP TESTING: COMBINING DIVERSE TESTING STRATEGIES FOR FUN AND PROFIT
MY BACKGROUND  Professor at Imperial College London  Industrial researcher  Stanford Ph.D.  Here to talk about some of the technologies underlying testing  Learn about industrial practice  Work on a range of topics including  Software reliability  Program analysis  Security and privacy  Crowd-sourcing  etc.
FOR FUNCTIONAL TESTING: MANY STRATEGIES Human effort  Test suites written by developers and/or testers  Field testing  Crowd-based testing  Penetration testing Automation  (Black box) Fuzzing  White box fuzzing or symbolic execution  We might even throw in other automated strategies into this category such as static analysis
MANUAL VS. AUTOMATED  My focus is on automation, generally  However, ultimately, these two approaches should be complimentary to each other  Case in point: consider the numerous companies that do mobile app testing, i.e. Applause  The general approach is to upload an app binary, have a crowd of people on call, they jump on the app, encounter bugs, report bugs, etc.  Generally, not many guarantees from this kind of approach  But it’s quite useful as the first level of testing https://www.slideshare.net/IosifItkin/extent2016-the-future-of-software-testing
MANUAL VS. AUTOMATED: HOW DO THEY COMPARE?  Fundamentally, a difficult question to answer  What is our goal  Operational goals  Make sure the application doesn’t crash at the start  Make sure the application isn’t easy to hack into  Development/design goals  Make sure the coverage is high or 100%, for some definition of what coverage is  Make sure the application doesn’t crash, ever, or violate assertions, ever? Do we have to choose?
MULTIPLE, COMPETING, UNCOORDINATED TECHNIQUES ARE NORMAL  We would love to have a situation of when one solution delivers all the value  Case in point: symbolic execution was advertised as a the best thing since sliced bread:  Precision of runtime execution  Coverage of static analysis  How can this go wrong?  The practice of symbolic execution is unfortunately different  Coverage numbers from KLEE and SAGE
SO, MAYBE ONE TECHNIQUE ALONE IS NOT GOOD ENOUGH  What can we do?  Well, let’s assume we have the compute cycles (which we often do) and the money to hire testers (which we often don’t)  How do combine these efforts?  Fundamental challenges  Overlap is significant, bling fuzzing is not so helpful  Differences are hard to hit – for example, how do we hit a specific code execution path to get closer to 100% path coverage? Symbolic execution is a heavy-weight, less-than-scalable answer
DEVELOPER-WRITTEN TESTS VS. IN-THE-FIELD EXECUTION  Study four large open-source Java projects  We find that developer-written test suites fail to accurately represent field executions: the tests, on average, miss 6.2% of the statements and 7.7% of the methods exercised in the field;  The behavior exercised only in the field kills an extra 8.6% of the mutants; finally, the tests miss 52.6% of the behavioral invariants that occur in the field.
LET’S FOCUS ON EXECUTION PATHS  Need to coordinate our testing efforts  Gap testing principles  Avoid repeated, wasteful work  Find ways to hit methods/statements/basic blocks/paths that are not covered by other methods Common paths: Covered multiple times Extra work is not warranted However, extra testers are likely to hit exactly this Occasionally encountered: How do we effectively cover this? Rarely seen: How do we hit this without wasting effort?
TWO EXAMPLES OF MORE TARGETED TESTING Crowd-based UI testing aiming for 100% coverage Targeted symbolic execution aiming to hit interesting parts of the code
GAP TESTING FOR UI  Testing Android apps  Goal: to have 100% UI coverage  How to define that is sometimes a little murky  But let’s assume we have a notion of screen coverage  Move away from covered screens  By shutting off parts of the app  Aim is to to get as close as 100% coverage by guiding crowd-sourced testers
CROWD OF TESTERS WITH THE SYSTEM GUIDING THEM TOWARD UNEXPLORED PATHS
GUIDING SYMBOLIC EXECUTION  Continue exploring the program until we find something “interesting’  That may be a crash or an alarm from a tool such as AddressSanitizer, ThreadSanitizer, Valgrind, etc.  Suffers from exponential blow-up issues and solver overhead  If we instead know what we are looking for, for example, a method in the code we want to see called, we can direct our analysis better  Prioritize branch outcomes so as to him the target
ULTIMATE VISION  A portfolio of testing strategies that can be invoked on demand  Deployed together to improve the ultimate outcome  Sometimes, manual testing in the right thing, sometimes it’s not  We’ve seen some examples of complimentary testing strategies  The list is nowhere close to exhaustive…
OPTIMIZING TESTING EFFORTS  How to get the most out of your portfolio of testing approaches, minimizing the time and money spent  It would be nice to be able to estimate the efficacy of a particular method and the cost in terms of time, human involvement, and machine cycles  That’s actually possible with machine learning-based predictive models, i.e. mean time to the next bug found is something we can
THE END.
GAP TESTING: COMBINING DIVERSE TESTING STRATEGIES FOR FUN AND PROFIT We have seen a number of testing techniques such as fuzzing, symbolic execution, and crowd-sourced testing emerge as viable alternatives to the more traditional strategies of developer-driven testing in the last decade. While there is a lot of excitement around many of these ideas, how to property combine diverse testing techniques in order to achieve a specific goal, i.e. maximize statement-level coverage remains unclear. The goal of this talks is to illustrate how to combine different testing techniques by having them naturally complement each other, i.e. if there is a set of methods that are not covered via automated testing, how do we use a crowd of users and direct their efforts toward those methods, while minimizing effort duplication? Can multiple testing strategies peacefully co-exist? When combined, can they add up to a comprehensive strategy that gives us something that was impossible before, i.e. 100% test coverage?

Recommended

Towards the Third Wave of Software Testing
Towards the Third Wave of Software TestingTowards the Third Wave of Software Testing
Towards the Third Wave of Software TestingDr.Bestoun S. Ahmed
 
EXTENT-2017: Putting AI to Test
EXTENT-2017: Putting AI to TestEXTENT-2017: Putting AI to Test
EXTENT-2017: Putting AI to TestIosif Itkin
 
High Accuracy Model at what costs - Data Curry
High Accuracy Model at what costs - Data Curry High Accuracy Model at what costs - Data Curry
High Accuracy Model at what costs - Data Curry Data Curry
 
Bailing Out Your Business with Open Source
Bailing Out Your Business with Open SourceBailing Out Your Business with Open Source
Bailing Out Your Business with Open SourceMatt Asay
 
Set Your Content Free: Why You Need an Open-source Strategy
Set Your Content Free: Why You Need an Open-source StrategySet Your Content Free: Why You Need an Open-source Strategy
Set Your Content Free: Why You Need an Open-source StrategyMatt Asay
 
JobTech at PyCon 2018
JobTech at PyCon 2018JobTech at PyCon 2018
JobTech at PyCon 2018Lee Wei Xuan
 
Pick Any Three: Good, Fast, or Safe - Devops from Scratch
Pick Any Three: Good, Fast, or Safe - Devops from ScratchPick Any Three: Good, Fast, or Safe - Devops from Scratch
Pick Any Three: Good, Fast, or Safe - Devops from ScratchPete Cheslock
 
1440 track 2 boire_using our laptop
1440 track 2 boire_using our laptop1440 track 2 boire_using our laptop
1440 track 2 boire_using our laptopRising Media, Inc.
 

Recommended

Towards the Third Wave of Software Testing
Towards the Third Wave of Software TestingTowards the Third Wave of Software Testing
Towards the Third Wave of Software TestingDr.Bestoun S. Ahmed
 
EXTENT-2017: Putting AI to Test
EXTENT-2017: Putting AI to TestEXTENT-2017: Putting AI to Test
EXTENT-2017: Putting AI to TestIosif Itkin
 
High Accuracy Model at what costs - Data Curry
High Accuracy Model at what costs - Data Curry High Accuracy Model at what costs - Data Curry
High Accuracy Model at what costs - Data Curry Data Curry
 
Bailing Out Your Business with Open Source
Bailing Out Your Business with Open SourceBailing Out Your Business with Open Source
Bailing Out Your Business with Open SourceMatt Asay
 
Set Your Content Free: Why You Need an Open-source Strategy
Set Your Content Free: Why You Need an Open-source StrategySet Your Content Free: Why You Need an Open-source Strategy
Set Your Content Free: Why You Need an Open-source StrategyMatt Asay
 
JobTech at PyCon 2018
JobTech at PyCon 2018JobTech at PyCon 2018
JobTech at PyCon 2018Lee Wei Xuan
 
Pick Any Three: Good, Fast, or Safe - Devops from Scratch
Pick Any Three: Good, Fast, or Safe - Devops from ScratchPick Any Three: Good, Fast, or Safe - Devops from Scratch
Pick Any Three: Good, Fast, or Safe - Devops from ScratchPete Cheslock
 
1440 track 2 boire_using our laptop
1440 track 2 boire_using our laptop1440 track 2 boire_using our laptop
1440 track 2 boire_using our laptopRising Media, Inc.
 
Nii shonan-meeting-gsrm-20141021 - コピー
Nii shonan-meeting-gsrm-20141021 - コピーNii shonan-meeting-gsrm-20141021 - コピー
Nii shonan-meeting-gsrm-20141021 - コピーHironori Washizaki
 
DevOpsDays - Pick any Three - Devops from scratch
DevOpsDays - Pick any Three - Devops from scratchDevOpsDays - Pick any Three - Devops from scratch
DevOpsDays - Pick any Three - Devops from scratchPete Cheslock
 
Startups & the Product Management Perspective
Startups & the Product Management PerspectiveStartups & the Product Management Perspective
Startups & the Product Management PerspectiveAmarpreet Kalkat
 
Smartphone Security Assessment.LGiles2015
Smartphone Security Assessment.LGiles2015Smartphone Security Assessment.LGiles2015
Smartphone Security Assessment.LGiles2015Lance Giles
 
Future Of Software Testing
Future Of Software TestingFuture Of Software Testing
Future Of Software Testing99tests
 
Outpost24 webinar - The economics of penetration testing in the new threat la...
Outpost24 webinar - The economics of penetration testing in the new threat la...Outpost24 webinar - The economics of penetration testing in the new threat la...
Outpost24 webinar - The economics of penetration testing in the new threat la...Outpost24
 
Moving Fast and Managing Complexity - Serhiy Kostyshyn
Moving Fast and Managing Complexity - Serhiy KostyshynMoving Fast and Managing Complexity - Serhiy Kostyshyn
Moving Fast and Managing Complexity - Serhiy KostyshynSerhiy Kostyshyn
 
Watson DevCon 2016 - The Future of Discovery: Deep Insights with Cognitive APIs
Watson DevCon 2016 - The Future of Discovery: Deep Insights with Cognitive APIsWatson DevCon 2016 - The Future of Discovery: Deep Insights with Cognitive APIs
Watson DevCon 2016 - The Future of Discovery: Deep Insights with Cognitive APIsIBM Watson
 
Measurement and Metrics for Test Managers
Measurement and Metrics for Test ManagersMeasurement and Metrics for Test Managers
Measurement and Metrics for Test ManagersTechWell
 
Root cause analysis webinar social
Root cause analysis webinar socialRoot cause analysis webinar social
Root cause analysis webinar socialMedgate Inc.
 
Software Testing
Software TestingSoftware Testing
Software TestingFaisal Hussain
 
FUNDAMENTALS OF TESTING (Fundamental of testing what)
FUNDAMENTALS OF TESTING (Fundamental of testing what) FUNDAMENTALS OF TESTING (Fundamental of testing what)
FUNDAMENTALS OF TESTING (Fundamental of testing what) CindyYuristie
 
Fundamentals of testing 2
Fundamentals of testing 2Fundamentals of testing 2
Fundamentals of testing 2seli purnianda
 
Fundamentals of testing what is testing (reference graham et.al (2006))
Fundamentals of testing what is testing (reference graham et.al (2006))Fundamentals of testing what is testing (reference graham et.al (2006))
Fundamentals of testing what is testing (reference graham et.al (2006))Alfarizi ,S.Kom
 
Fundamental of testing (what is testing)
Fundamental of testing (what is testing)Fundamental of testing (what is testing)
Fundamental of testing (what is testing)helfa safitri
 
Rapid Software Testing: Strategy
Rapid Software Testing: StrategyRapid Software Testing: Strategy
Rapid Software Testing: StrategyTechWell
 
FADHILLA ELITA Ppt Chapter 1
FADHILLA ELITA Ppt Chapter 1FADHILLA ELITA Ppt Chapter 1
FADHILLA ELITA Ppt Chapter 1fadhilla elita
 
Fundamentals of testing (what is testing)
Fundamentals of testing (what is testing)Fundamentals of testing (what is testing)
Fundamentals of testing (what is testing)Dhy Ardiansyah
 
Effective Testing fo Startups
Effective Testing fo StartupsEffective Testing fo Startups
Effective Testing fo StartupsTestnetic
 
fundamentals of testing (Fundamental of testing what)
fundamentals of testing (Fundamental of testing what)fundamentals of testing (Fundamental of testing what)
fundamentals of testing (Fundamental of testing what)diana fitri, S.Kom
 
The Leaders Guide to Getting Started with Automated Testing
The Leaders Guide to Getting Started with Automated TestingThe Leaders Guide to Getting Started with Automated Testing
The Leaders Guide to Getting Started with Automated TestingJames Briers
 
The productivity of testing in software development life cycle
The productivity of testing in software development life cycleThe productivity of testing in software development life cycle
The productivity of testing in software development life cycleNora Alriyes
 

More Related Content

What's hot

Nii shonan-meeting-gsrm-20141021 - コピー
Nii shonan-meeting-gsrm-20141021 - コピーNii shonan-meeting-gsrm-20141021 - コピー
Nii shonan-meeting-gsrm-20141021 - コピーHironori Washizaki
 
DevOpsDays - Pick any Three - Devops from scratch
DevOpsDays - Pick any Three - Devops from scratchDevOpsDays - Pick any Three - Devops from scratch
DevOpsDays - Pick any Three - Devops from scratchPete Cheslock
 
Startups & the Product Management Perspective
Startups & the Product Management PerspectiveStartups & the Product Management Perspective
Startups & the Product Management PerspectiveAmarpreet Kalkat
 
Smartphone Security Assessment.LGiles2015
Smartphone Security Assessment.LGiles2015Smartphone Security Assessment.LGiles2015
Smartphone Security Assessment.LGiles2015Lance Giles
 
Future Of Software Testing
Future Of Software TestingFuture Of Software Testing
Future Of Software Testing99tests
 
Outpost24 webinar - The economics of penetration testing in the new threat la...
Outpost24 webinar - The economics of penetration testing in the new threat la...Outpost24 webinar - The economics of penetration testing in the new threat la...
Outpost24 webinar - The economics of penetration testing in the new threat la...Outpost24
 
Moving Fast and Managing Complexity - Serhiy Kostyshyn
Moving Fast and Managing Complexity - Serhiy KostyshynMoving Fast and Managing Complexity - Serhiy Kostyshyn
Moving Fast and Managing Complexity - Serhiy KostyshynSerhiy Kostyshyn
 
Watson DevCon 2016 - The Future of Discovery: Deep Insights with Cognitive APIs
Watson DevCon 2016 - The Future of Discovery: Deep Insights with Cognitive APIsWatson DevCon 2016 - The Future of Discovery: Deep Insights with Cognitive APIs
Watson DevCon 2016 - The Future of Discovery: Deep Insights with Cognitive APIsIBM Watson
 
Measurement and Metrics for Test Managers
Measurement and Metrics for Test ManagersMeasurement and Metrics for Test Managers
Measurement and Metrics for Test ManagersTechWell
 
Root cause analysis webinar social
Root cause analysis webinar socialRoot cause analysis webinar social
Root cause analysis webinar socialMedgate Inc.
 

What's hot (10)

Nii shonan-meeting-gsrm-20141021 - コピー
Nii shonan-meeting-gsrm-20141021 - コピーNii shonan-meeting-gsrm-20141021 - コピー
Nii shonan-meeting-gsrm-20141021 - コピー
 
DevOpsDays - Pick any Three - Devops from scratch
DevOpsDays - Pick any Three - Devops from scratchDevOpsDays - Pick any Three - Devops from scratch
DevOpsDays - Pick any Three - Devops from scratch
 
Startups & the Product Management Perspective
Startups & the Product Management PerspectiveStartups & the Product Management Perspective
Startups & the Product Management Perspective
 
Smartphone Security Assessment.LGiles2015
Smartphone Security Assessment.LGiles2015Smartphone Security Assessment.LGiles2015
Smartphone Security Assessment.LGiles2015
 
Future Of Software Testing
Future Of Software TestingFuture Of Software Testing
Future Of Software Testing
 
Outpost24 webinar - The economics of penetration testing in the new threat la...
Outpost24 webinar - The economics of penetration testing in the new threat la...Outpost24 webinar - The economics of penetration testing in the new threat la...
Outpost24 webinar - The economics of penetration testing in the new threat la...
 
Moving Fast and Managing Complexity - Serhiy Kostyshyn
Moving Fast and Managing Complexity - Serhiy KostyshynMoving Fast and Managing Complexity - Serhiy Kostyshyn
Moving Fast and Managing Complexity - Serhiy Kostyshyn
 
Watson DevCon 2016 - The Future of Discovery: Deep Insights with Cognitive APIs
Watson DevCon 2016 - The Future of Discovery: Deep Insights with Cognitive APIsWatson DevCon 2016 - The Future of Discovery: Deep Insights with Cognitive APIs
Watson DevCon 2016 - The Future of Discovery: Deep Insights with Cognitive APIs
 
Measurement and Metrics for Test Managers
Measurement and Metrics for Test ManagersMeasurement and Metrics for Test Managers
Measurement and Metrics for Test Managers
 
Root cause analysis webinar social
Root cause analysis webinar socialRoot cause analysis webinar social
Root cause analysis webinar social
 

Similar to EXTENT-2017: Gap Testing: Combining Diverse Testing Strategies for Fun and Profit

FUNDAMENTALS OF TESTING (Fundamental of testing what)
FUNDAMENTALS OF TESTING (Fundamental of testing what) FUNDAMENTALS OF TESTING (Fundamental of testing what)
FUNDAMENTALS OF TESTING (Fundamental of testing what) CindyYuristie
 
Fundamentals of testing 2
Fundamentals of testing 2Fundamentals of testing 2
Fundamentals of testing 2seli purnianda
 
Fundamentals of testing what is testing (reference graham et.al (2006))
Fundamentals of testing what is testing (reference graham et.al (2006))Fundamentals of testing what is testing (reference graham et.al (2006))
Fundamentals of testing what is testing (reference graham et.al (2006))Alfarizi ,S.Kom
 
Fundamental of testing (what is testing)
Fundamental of testing (what is testing)Fundamental of testing (what is testing)
Fundamental of testing (what is testing)helfa safitri
 
Rapid Software Testing: Strategy
Rapid Software Testing: StrategyRapid Software Testing: Strategy
Rapid Software Testing: StrategyTechWell
 
FADHILLA ELITA Ppt Chapter 1
FADHILLA ELITA Ppt Chapter 1FADHILLA ELITA Ppt Chapter 1
FADHILLA ELITA Ppt Chapter 1fadhilla elita
 
Fundamentals of testing (what is testing)
Fundamentals of testing (what is testing)Fundamentals of testing (what is testing)
Fundamentals of testing (what is testing)Dhy Ardiansyah
 
Effective Testing fo Startups
Effective Testing fo StartupsEffective Testing fo Startups
Effective Testing fo StartupsTestnetic
 
fundamentals of testing (Fundamental of testing what)
fundamentals of testing (Fundamental of testing what)fundamentals of testing (Fundamental of testing what)
fundamentals of testing (Fundamental of testing what)diana fitri, S.Kom
 
The Leaders Guide to Getting Started with Automated Testing
The Leaders Guide to Getting Started with Automated TestingThe Leaders Guide to Getting Started with Automated Testing
The Leaders Guide to Getting Started with Automated TestingJames Briers
 
The productivity of testing in software development life cycle
The productivity of testing in software development life cycleThe productivity of testing in software development life cycle
The productivity of testing in software development life cycleNora Alriyes
 
Overcoming The Challenges Faced in Exploratory Testing
Overcoming The Challenges Faced in Exploratory TestingOvercoming The Challenges Faced in Exploratory Testing
Overcoming The Challenges Faced in Exploratory TestingSarah Elson
 
Peter Zimmerer - Passion For Testing, By Examples - EuroSTAR 2010
Peter Zimmerer - Passion For Testing, By Examples - EuroSTAR 2010Peter Zimmerer - Passion For Testing, By Examples - EuroSTAR 2010
Peter Zimmerer - Passion For Testing, By Examples - EuroSTAR 2010TEST Huddle
 
'BIG Testing' with Hans Buwalda
'BIG Testing' with Hans Buwalda 'BIG Testing' with Hans Buwalda
'BIG Testing' with Hans Buwalda TEST Huddle
 
Annotated Bibliography .Guidelines Annotated Bibliograph.docx
Annotated Bibliography .Guidelines Annotated Bibliograph.docxAnnotated Bibliography .Guidelines Annotated Bibliograph.docx
Annotated Bibliography .Guidelines Annotated Bibliograph.docxjustine1simpson78276
 
Get the Balance Right: Acceptance Test Driven Development, GUI Automation and...
Get the Balance Right: Acceptance Test Driven Development, GUI Automation and...Get the Balance Right: Acceptance Test Driven Development, GUI Automation and...
Get the Balance Right: Acceptance Test Driven Development, GUI Automation and...Michael Larsen
 

Similar to EXTENT-2017: Gap Testing: Combining Diverse Testing Strategies for Fun and Profit (20)

Software Testing
Software TestingSoftware Testing
Software Testing
 
FUNDAMENTALS OF TESTING (Fundamental of testing what)
FUNDAMENTALS OF TESTING (Fundamental of testing what) FUNDAMENTALS OF TESTING (Fundamental of testing what)
FUNDAMENTALS OF TESTING (Fundamental of testing what)
 
Fundamentals of testing 2
Fundamentals of testing 2Fundamentals of testing 2
Fundamentals of testing 2
 
Fundamentals of testing what is testing (reference graham et.al (2006))
Fundamentals of testing what is testing (reference graham et.al (2006))Fundamentals of testing what is testing (reference graham et.al (2006))
Fundamentals of testing what is testing (reference graham et.al (2006))
 
Fundamental of testing (what is testing)
Fundamental of testing (what is testing)Fundamental of testing (what is testing)
Fundamental of testing (what is testing)
 
Rapid Software Testing: Strategy
Rapid Software Testing: StrategyRapid Software Testing: Strategy
Rapid Software Testing: Strategy
 
FADHILLA ELITA Ppt Chapter 1
FADHILLA ELITA Ppt Chapter 1FADHILLA ELITA Ppt Chapter 1
FADHILLA ELITA Ppt Chapter 1
 
Fundamentals of testing (what is testing)
Fundamentals of testing (what is testing)Fundamentals of testing (what is testing)
Fundamentals of testing (what is testing)
 
Effective Testing fo Startups
Effective Testing fo StartupsEffective Testing fo Startups
Effective Testing fo Startups
 
fundamentals of testing (Fundamental of testing what)
fundamentals of testing (Fundamental of testing what)fundamentals of testing (Fundamental of testing what)
fundamentals of testing (Fundamental of testing what)
 
The Leaders Guide to Getting Started with Automated Testing
The Leaders Guide to Getting Started with Automated TestingThe Leaders Guide to Getting Started with Automated Testing
The Leaders Guide to Getting Started with Automated Testing
 
The productivity of testing in software development life cycle
The productivity of testing in software development life cycleThe productivity of testing in software development life cycle
The productivity of testing in software development life cycle
 
Overcoming The Challenges Faced in Exploratory Testing
Overcoming The Challenges Faced in Exploratory TestingOvercoming The Challenges Faced in Exploratory Testing
Overcoming The Challenges Faced in Exploratory Testing
 
Bab 1
Bab 1Bab 1
Bab 1
 
Peter Zimmerer - Passion For Testing, By Examples - EuroSTAR 2010
Peter Zimmerer - Passion For Testing, By Examples - EuroSTAR 2010Peter Zimmerer - Passion For Testing, By Examples - EuroSTAR 2010
Peter Zimmerer - Passion For Testing, By Examples - EuroSTAR 2010
 
'BIG Testing' with Hans Buwalda
'BIG Testing' with Hans Buwalda 'BIG Testing' with Hans Buwalda
'BIG Testing' with Hans Buwalda
 
Annotated Bibliography .Guidelines Annotated Bibliograph.docx
Annotated Bibliography .Guidelines Annotated Bibliograph.docxAnnotated Bibliography .Guidelines Annotated Bibliograph.docx
Annotated Bibliography .Guidelines Annotated Bibliograph.docx
 
Get the Balance Right: Acceptance Test Driven Development, GUI Automation and...
Get the Balance Right: Acceptance Test Driven Development, GUI Automation and...Get the Balance Right: Acceptance Test Driven Development, GUI Automation and...
Get the Balance Right: Acceptance Test Driven Development, GUI Automation and...
 
Fundamentals of testing
Fundamentals of testingFundamentals of testing
Fundamentals of testing
 
[Paul Holland] Trends in Software Testing
[Paul Holland] Trends in Software Testing[Paul Holland] Trends in Software Testing
[Paul Holland] Trends in Software Testing
 

More from Iosif Itkin

Foundations of Software Testing Lecture 4
Foundations of Software Testing Lecture 4Foundations of Software Testing Lecture 4
Foundations of Software Testing Lecture 4Iosif Itkin
 
QA Financial Forum London 2021 - Automation in Software Testing. Humans and C...
QA Financial Forum London 2021 - Automation in Software Testing. Humans and C...QA Financial Forum London 2021 - Automation in Software Testing. Humans and C...
QA Financial Forum London 2021 - Automation in Software Testing. Humans and C...Iosif Itkin
 
Exactpro FinTech Webinar - Global Exchanges Test Oracles
Exactpro FinTech Webinar - Global Exchanges Test OraclesExactpro FinTech Webinar - Global Exchanges Test Oracles
Exactpro FinTech Webinar - Global Exchanges Test OraclesIosif Itkin
 
Exactpro FinTech Webinar - Global Exchanges FIX Protocol
Exactpro FinTech Webinar - Global Exchanges FIX ProtocolExactpro FinTech Webinar - Global Exchanges FIX Protocol
Exactpro FinTech Webinar - Global Exchanges FIX ProtocolIosif Itkin
 
Operational Resilience in Financial Market Infrastructures
Operational Resilience in Financial Market InfrastructuresOperational Resilience in Financial Market Infrastructures
Operational Resilience in Financial Market InfrastructuresIosif Itkin
 
20 Simple Questions from Exactpro for Your Enjoyment This Holiday Season
20 Simple Questions from Exactpro for Your Enjoyment This Holiday Season20 Simple Questions from Exactpro for Your Enjoyment This Holiday Season
20 Simple Questions from Exactpro for Your Enjoyment This Holiday SeasonIosif Itkin
 
Testing the Intelligence of your AI
Testing the Intelligence of your AITesting the Intelligence of your AI
Testing the Intelligence of your AIIosif Itkin
 
EXTENT 2019: Exactpro Quality Assurance for Financial Market Infrastructures
EXTENT 2019: Exactpro Quality Assurance for Financial Market InfrastructuresEXTENT 2019: Exactpro Quality Assurance for Financial Market Infrastructures
EXTENT 2019: Exactpro Quality Assurance for Financial Market InfrastructuresIosif Itkin
 
ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...
ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...
ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...Iosif Itkin
 
EXTENT Talks 2019 Tbilisi: Failover and Recovery Test Automation - Ivan Shamrai
EXTENT Talks 2019 Tbilisi: Failover and Recovery Test Automation - Ivan ShamraiEXTENT Talks 2019 Tbilisi: Failover and Recovery Test Automation - Ivan Shamrai
EXTENT Talks 2019 Tbilisi: Failover and Recovery Test Automation - Ivan ShamraiIosif Itkin
 
EXTENT Talks QA Community Tbilisi 20 April 2019 - Conference Open
EXTENT Talks QA Community Tbilisi 20 April 2019 - Conference OpenEXTENT Talks QA Community Tbilisi 20 April 2019 - Conference Open
EXTENT Talks QA Community Tbilisi 20 April 2019 - Conference OpenIosif Itkin
 
User-Assisted Log Analysis for Quality Control of Distributed Fintech Applica...
User-Assisted Log Analysis for Quality Control of Distributed Fintech Applica...User-Assisted Log Analysis for Quality Control of Distributed Fintech Applica...
User-Assisted Log Analysis for Quality Control of Distributed Fintech Applica...Iosif Itkin
 
QAFF Chicago 2019 - Complex Post-Trade Systems, Requirements Traceability and...
QAFF Chicago 2019 - Complex Post-Trade Systems, Requirements Traceability and...QAFF Chicago 2019 - Complex Post-Trade Systems, Requirements Traceability and...
QAFF Chicago 2019 - Complex Post-Trade Systems, Requirements Traceability and...Iosif Itkin
 
QA Community Saratov: Past, Present, Future (2019-02-08)
QA Community Saratov: Past, Present, Future (2019-02-08)QA Community Saratov: Past, Present, Future (2019-02-08)
QA Community Saratov: Past, Present, Future (2019-02-08)Iosif Itkin
 
Machine Learning and RoboCop Testing
Machine Learning and RoboCop TestingMachine Learning and RoboCop Testing
Machine Learning and RoboCop TestingIosif Itkin
 
Behaviour Driven Development: Oltre i limiti del possibile
Behaviour Driven Development: Oltre i limiti del possibileBehaviour Driven Development: Oltre i limiti del possibile
Behaviour Driven Development: Oltre i limiti del possibileIosif Itkin
 
2018 - Exactpro Year in Review
2018 - Exactpro Year in Review2018 - Exactpro Year in Review
2018 - Exactpro Year in ReviewIosif Itkin
 
Exactpro Discussion about Joy and Strategy
Exactpro Discussion about Joy and StrategyExactpro Discussion about Joy and Strategy
Exactpro Discussion about Joy and StrategyIosif Itkin
 
FIX EMEA Conference 2018 - Post Trade Software Testing Challenges
FIX EMEA Conference 2018 - Post Trade Software Testing ChallengesFIX EMEA Conference 2018 - Post Trade Software Testing Challenges
FIX EMEA Conference 2018 - Post Trade Software Testing ChallengesIosif Itkin
 
BDD. The Outer Limits. Iosif Itkin at Youcon (in Russian)
BDD. The Outer Limits. Iosif Itkin at Youcon (in Russian)BDD. The Outer Limits. Iosif Itkin at Youcon (in Russian)
BDD. The Outer Limits. Iosif Itkin at Youcon (in Russian)Iosif Itkin
 

More from Iosif Itkin (20)

Foundations of Software Testing Lecture 4
Foundations of Software Testing Lecture 4Foundations of Software Testing Lecture 4
Foundations of Software Testing Lecture 4
 
QA Financial Forum London 2021 - Automation in Software Testing. Humans and C...
QA Financial Forum London 2021 - Automation in Software Testing. Humans and C...QA Financial Forum London 2021 - Automation in Software Testing. Humans and C...
QA Financial Forum London 2021 - Automation in Software Testing. Humans and C...
 
Exactpro FinTech Webinar - Global Exchanges Test Oracles
Exactpro FinTech Webinar - Global Exchanges Test OraclesExactpro FinTech Webinar - Global Exchanges Test Oracles
Exactpro FinTech Webinar - Global Exchanges Test Oracles
 
Exactpro FinTech Webinar - Global Exchanges FIX Protocol
Exactpro FinTech Webinar - Global Exchanges FIX ProtocolExactpro FinTech Webinar - Global Exchanges FIX Protocol
Exactpro FinTech Webinar - Global Exchanges FIX Protocol
 
Operational Resilience in Financial Market Infrastructures
Operational Resilience in Financial Market InfrastructuresOperational Resilience in Financial Market Infrastructures
Operational Resilience in Financial Market Infrastructures
 
20 Simple Questions from Exactpro for Your Enjoyment This Holiday Season
20 Simple Questions from Exactpro for Your Enjoyment This Holiday Season20 Simple Questions from Exactpro for Your Enjoyment This Holiday Season
20 Simple Questions from Exactpro for Your Enjoyment This Holiday Season
 
Testing the Intelligence of your AI
Testing the Intelligence of your AITesting the Intelligence of your AI
Testing the Intelligence of your AI
 
EXTENT 2019: Exactpro Quality Assurance for Financial Market Infrastructures
EXTENT 2019: Exactpro Quality Assurance for Financial Market InfrastructuresEXTENT 2019: Exactpro Quality Assurance for Financial Market Infrastructures
EXTENT 2019: Exactpro Quality Assurance for Financial Market Infrastructures
 
ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...
ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...
ClearTH Test Automation Framework: Case Study in IRS & CDS Swaps Lifecycle Mo...
 
EXTENT Talks 2019 Tbilisi: Failover and Recovery Test Automation - Ivan Shamrai
EXTENT Talks 2019 Tbilisi: Failover and Recovery Test Automation - Ivan ShamraiEXTENT Talks 2019 Tbilisi: Failover and Recovery Test Automation - Ivan Shamrai
EXTENT Talks 2019 Tbilisi: Failover and Recovery Test Automation - Ivan Shamrai
 
EXTENT Talks QA Community Tbilisi 20 April 2019 - Conference Open
EXTENT Talks QA Community Tbilisi 20 April 2019 - Conference OpenEXTENT Talks QA Community Tbilisi 20 April 2019 - Conference Open
EXTENT Talks QA Community Tbilisi 20 April 2019 - Conference Open
 
User-Assisted Log Analysis for Quality Control of Distributed Fintech Applica...
User-Assisted Log Analysis for Quality Control of Distributed Fintech Applica...User-Assisted Log Analysis for Quality Control of Distributed Fintech Applica...
User-Assisted Log Analysis for Quality Control of Distributed Fintech Applica...
 
QAFF Chicago 2019 - Complex Post-Trade Systems, Requirements Traceability and...
QAFF Chicago 2019 - Complex Post-Trade Systems, Requirements Traceability and...QAFF Chicago 2019 - Complex Post-Trade Systems, Requirements Traceability and...
QAFF Chicago 2019 - Complex Post-Trade Systems, Requirements Traceability and...
 
QA Community Saratov: Past, Present, Future (2019-02-08)
QA Community Saratov: Past, Present, Future (2019-02-08)QA Community Saratov: Past, Present, Future (2019-02-08)
QA Community Saratov: Past, Present, Future (2019-02-08)
 
Machine Learning and RoboCop Testing
Machine Learning and RoboCop TestingMachine Learning and RoboCop Testing
Machine Learning and RoboCop Testing
 
Behaviour Driven Development: Oltre i limiti del possibile
Behaviour Driven Development: Oltre i limiti del possibileBehaviour Driven Development: Oltre i limiti del possibile
Behaviour Driven Development: Oltre i limiti del possibile
 
2018 - Exactpro Year in Review
2018 - Exactpro Year in Review2018 - Exactpro Year in Review
2018 - Exactpro Year in Review
 
Exactpro Discussion about Joy and Strategy
Exactpro Discussion about Joy and StrategyExactpro Discussion about Joy and Strategy
Exactpro Discussion about Joy and Strategy
 
FIX EMEA Conference 2018 - Post Trade Software Testing Challenges
FIX EMEA Conference 2018 - Post Trade Software Testing ChallengesFIX EMEA Conference 2018 - Post Trade Software Testing Challenges
FIX EMEA Conference 2018 - Post Trade Software Testing Challenges
 
BDD. The Outer Limits. Iosif Itkin at Youcon (in Russian)
BDD. The Outer Limits. Iosif Itkin at Youcon (in Russian)BDD. The Outer Limits. Iosif Itkin at Youcon (in Russian)
BDD. The Outer Limits. Iosif Itkin at Youcon (in Russian)
 

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

EXTENT-2017: Gap Testing: Combining Diverse Testing Strategies for Fun and Profit

  • 1. DR. BEN LIVSHITS IMPERIAL COLLEGE LONDON GAP TESTING: COMBINING DIVERSE TESTING STRATEGIES FOR FUN AND PROFIT
  • 2. MY BACKGROUND  Professor at Imperial College London  Industrial researcher  Stanford Ph.D.  Here to talk about some of the technologies underlying testing  Learn about industrial practice  Work on a range of topics including  Software reliability  Program analysis  Security and privacy  Crowd-sourcing  etc.
  • 3. FOR FUNCTIONAL TESTING: MANY STRATEGIES Human effort  Test suites written by developers and/or testers  Field testing  Crowd-based testing  Penetration testing Automation  (Black box) Fuzzing  White box fuzzing or symbolic execution  We might even throw in other automated strategies into this category such as static analysis
  • 4. MANUAL VS. AUTOMATED  My focus is on automation, generally  However, ultimately, these two approaches should be complimentary to each other  Case in point: consider the numerous companies that do mobile app testing, i.e. Applause  The general approach is to upload an app binary, have a crowd of people on call, they jump on the app, encounter bugs, report bugs, etc.  Generally, not many guarantees from this kind of approach  But it’s quite useful as the first level of testing https://www.slideshare.net/IosifItkin/extent2016-the-future-of-software-testing
  • 5. MANUAL VS. AUTOMATED: HOW DO THEY COMPARE?  Fundamentally, a difficult question to answer  What is our goal  Operational goals  Make sure the application doesn’t crash at the start  Make sure the application isn’t easy to hack into  Development/design goals  Make sure the coverage is high or 100%, for some definition of what coverage is  Make sure the application doesn’t crash, ever, or violate assertions, ever? Do we have to choose?
  • 6. MULTIPLE, COMPETING, UNCOORDINATED TECHNIQUES ARE NORMAL  We would love to have a situation of when one solution delivers all the value  Case in point: symbolic execution was advertised as a the best thing since sliced bread:  Precision of runtime execution  Coverage of static analysis  How can this go wrong?  The practice of symbolic execution is unfortunately different  Coverage numbers from KLEE and SAGE
  • 7. SO, MAYBE ONE TECHNIQUE ALONE IS NOT GOOD ENOUGH  What can we do?  Well, let’s assume we have the compute cycles (which we often do) and the money to hire testers (which we often don’t)  How do combine these efforts?  Fundamental challenges  Overlap is significant, bling fuzzing is not so helpful  Differences are hard to hit – for example, how do we hit a specific code execution path to get closer to 100% path coverage? Symbolic execution is a heavy-weight, less-than-scalable answer
  • 8. DEVELOPER-WRITTEN TESTS VS. IN-THE-FIELD EXECUTION  Study four large open-source Java projects  We find that developer-written test suites fail to accurately represent field executions: the tests, on average, miss 6.2% of the statements and 7.7% of the methods exercised in the field;  The behavior exercised only in the field kills an extra 8.6% of the mutants; finally, the tests miss 52.6% of the behavioral invariants that occur in the field.
  • 9. LET’S FOCUS ON EXECUTION PATHS  Need to coordinate our testing efforts  Gap testing principles  Avoid repeated, wasteful work  Find ways to hit methods/statements/basic blocks/paths that are not covered by other methods Common paths: Covered multiple times Extra work is not warranted However, extra testers are likely to hit exactly this Occasionally encountered: How do we effectively cover this? Rarely seen: How do we hit this without wasting effort?
  • 10. TWO EXAMPLES OF MORE TARGETED TESTING Crowd-based UI testing aiming for 100% coverage Targeted symbolic execution aiming to hit interesting parts of the code
  • 11. GAP TESTING FOR UI  Testing Android apps  Goal: to have 100% UI coverage  How to define that is sometimes a little murky  But let’s assume we have a notion of screen coverage  Move away from covered screens  By shutting off parts of the app  Aim is to to get as close as 100% coverage by guiding crowd-sourced testers
  • 12. CROWD OF TESTERS WITH THE SYSTEM GUIDING THEM TOWARD UNEXPLORED PATHS
  • 13. GUIDING SYMBOLIC EXECUTION  Continue exploring the program until we find something “interesting’  That may be a crash or an alarm from a tool such as AddressSanitizer, ThreadSanitizer, Valgrind, etc.  Suffers from exponential blow-up issues and solver overhead  If we instead know what we are looking for, for example, a method in the code we want to see called, we can direct our analysis better  Prioritize branch outcomes so as to him the target
  • 14. ULTIMATE VISION  A portfolio of testing strategies that can be invoked on demand  Deployed together to improve the ultimate outcome  Sometimes, manual testing in the right thing, sometimes it’s not  We’ve seen some examples of complimentary testing strategies  The list is nowhere close to exhaustive…
  • 15. OPTIMIZING TESTING EFFORTS  How to get the most out of your portfolio of testing approaches, minimizing the time and money spent  It would be nice to be able to estimate the efficacy of a particular method and the cost in terms of time, human involvement, and machine cycles  That’s actually possible with machine learning-based predictive models, i.e. mean time to the next bug found is something we can
  • 17. GAP TESTING: COMBINING DIVERSE TESTING STRATEGIES FOR FUN AND PROFIT We have seen a number of testing techniques such as fuzzing, symbolic execution, and crowd-sourced testing emerge as viable alternatives to the more traditional strategies of developer-driven testing in the last decade. While there is a lot of excitement around many of these ideas, how to property combine diverse testing techniques in order to achieve a specific goal, i.e. maximize statement-level coverage remains unclear. The goal of this talks is to illustrate how to combine different testing techniques by having them naturally complement each other, i.e. if there is a set of methods that are not covered via automated testing, how do we use a crowd of users and direct their efforts toward those methods, while minimizing effort duplication? Can multiple testing strategies peacefully co-exist? When combined, can they add up to a comprehensive strategy that gives us something that was impossible before, i.e. 100% test coverage?