WSO2CON 2024 - Building the API First Enterprise ā Running an API Program, fr...
Ā
Generating Complex and Faulty Test Data Through Model-Based Mutation Analysis
1. .lusoftware veriļ¬cation & validation
VVS
Generating Complex and Faulty Test Data
Through Model-Based Mutation Analysis
University of Luxembourg
Interdisciplinary Centre for Security, Reliability and Trust
Software Veriļ¬cation and Validation Lab
Daniel Di Nardo, Fabrizio Pastore, Lionel Briand
April 9, 2015
13. Mutation & Validation
Output
Data Loading
Data Writing
Data Mutation
Execution
Validation
Violated
Constraints
Field Data
Input/Output
constraints
Mutated Field Data
SUT
Instantiated
Objects
Mutated Instantiated
Objects
Input/Output
structure
Data Model
14. 14
Not useful to test
any kind of
(trivially) invalid input
Important to generate
test inputs that ļ¬t
a Fault Model
16. Fault Model of SES DAQ
Fault
Description
Duplicate VCDU/Packet
A VCDU/Packet appears twice in a transmission.
Missing VCDU/Packet
A VCDU/Packet is omitted during transmission
Wrong Sequence
VCDUs/Packets are sent out of order.
Incorrect Identiļ¬er
Several transmission data ļ¬elds have ļ¬xed values, e.g.
ļ¬elds identifying the transmitting satellite.
Hardware/software errors may assign incorrect identiļ¬ers.
Incorrect Checksum
Hardware/software errors may result in an incorrect
checksum for a Packet or VCDU.
Incorrect Counter
Counters are used to track Packet or VCDU ordering.
Hardware/software errors may assign incorrect counter
values
Flipped Data Bits
Physical channel noise may ļ¬ip one or more bits in the data
transmission.
17. Covering The Fault Model
Generic Mutation Operators
Conļ¬gurations for the Operators
32. Keeping Dependencies
Transmission
Vcdu
Header
Packet
PacketZone
ActiveZone
IdleZone
VirtualChannel
1
1
1..*
1
1..*
1..*
1
1
1
1
1
Replacement
with Random
Ā«Identiļ¬erĀ» versionNumber : Integer
Ā«Identiļ¬erĀ» spaceCraftId : Integer
Ā«Identiļ¬erĀ» checksum : Integer
Replacement with
Boundary Condition
Bit Flipping
data : Bytesequence
Ā«Identiļ¬erĀ» versionNumber : Integer
Ā«Identiļ¬erĀ» type : Integer
Ā«MeasureĀ» dataLength : Integer
data : Bytesequence
33. Keeping Dependencies
Transmission
Vcdu
Header
Packet
PacketZone
ActiveZone
IdleZone
VirtualChannel
1
1
1..*
1
1..*
1..*
1
1
1
1
1
Replacement
with Random
Ā«Identiļ¬erĀ» versionNumber : Integer
Ā«Identiļ¬erĀ» spaceCraftId : Integer
Ā«Derived, Identiļ¬erĀ» checksum : Integer
Replacement with
Boundary Condition
data : Bytesequence
Ā«Identiļ¬erĀ» versionNumber : Integer
Ā«Identiļ¬erĀ» type : Integer
Ā«MeasureĀ» dataLength : Integer
data : Bytesequence
Bit Flipping
34. Reļ¬ning Target Selection
Transmission
Vcdu
Header
versionNumber : Integer
spaceCraftId : Integer
checksum : Integer
versionNumber : Integer
type : Integer
dataLength : Integer
data : Bytesequence
PacketZone
ActiveZone
IdleZone
data : Bytesequence
VirtualChannel
1
1
1..*
1
1..*
1..*
1
1
1
1
1
Class Instances
Swapping
Ā«InputDataĀ»
Ā«InputDataĀ»
Packet
OCL queries to conļ¬gure the targets
on which an operator may work.
E.g. swapping of packets that belong
to the same virtual channel
35. Mapping Between Fault Model and"
Mutation Operators
Fault
Mutation Operator
Conļ¬guration
Duplicate VCDU
Class Instance Duplication
Ā«InputDataĀ»
Duplicate Packet
Class Instance Duplication
Ā«InputDataĀ», Ā«DerivedĀ»
Missing VCDU
Class Instance Removal
Ā«InputDataĀ»
Missing Packet
Class Instance Removal
Ā«InputDataĀ», Ā«DerivedĀ»
Wrong VCDU Sequence
Class Instances Swapping
Ā«InputDataĀ»
Wrong Packet Sequence
Class Instances Swapping
Ā«InputDataĀ», Ā«DerivedĀ»,
Query to select packets
Incorrect Identiļ¬er
Attribute Replacement with Random
Ā«Identiļ¬erĀ», Ā«DerivedĀ»
Incorrect Checksum
Attribute Replacement with Random
Ā«Identiļ¬erĀ»
Incorrect Counter
Attribute Replacement using Boundary Condition
Ā«MeasureĀ», Ā«DerivedĀ»
Flipped Data Bits
Attribute Bit Flipping
none
37. Data Mutation Strategies
ā¢āÆRandom (RND)
ā¢āÆ Randomly select a mutation operator and randomly applies it to
one of the possible targets.
ā¢āÆ Tester speciļ¬es number of test cases to generate per test suite.
ā¢āÆAll Possible Targets (APT)
ā¢āÆ Each class or attribute of the data model is mutated at least once
by each of the mutation operators that can be applied to it.
38. Empirical Evaluation
ā¢āÆ Evaluated the effectiveness of the technique presented by
applying it on the SES-DAQ system.
ā¢āÆ Compare RND/APT to SES testing practice.
ā¢āÆ 32 system test cases using synthetic input data.
ā¢āÆ Manually written based on domain expertise.
ā¢āÆ GOAL: Determine if our technique can automatically achieve
equivalent or better coverage than manual test cases.
39. Test Suite Generation
ā¢āÆ Applied both the RND and APT
ā¢āÆ APT led to the generation of 43 test cases.
ā¢āÆ To compare the two strategies we generated 43 test cases for RND as well.
ā¢āÆ Both APT and RND carry a degree of randomness.
ā¢āÆ Averaged results from 10 automatically generated test suites.
ā¢āÆ JaCoCo used to measure code coverage.
ā¢āÆ Number of bytecode instructions covered.
40. Experimental Results
Technique
Coverage (bytecode)
minimum
maximum
average
SES Manual Test Suite
--
--
22820 (70.9%)
RND Test Suite Generation
22550 (70.1%)
23060 (71.7%)
22899 (71.2%)
APT Test Suite Generation
23226 (72.2%)
23374 (72.7%)
23283 (72.4%)
Automatically achieve
slightly better coverage than test cases
written manually by domain experts.
Identiļ¬ed one crash condition (unknown fault).
41. Future Work
ā¢āÆ Better evaluate the effectiveness of our test suite generation
strategies with faulty versions of the SES-DAQ software.
ā¢āÆ Devise a Search-Based approach to test suite generation.
ā¢āÆ Fitness based on:
ā¢āÆ Coverage of Model / OCL Constraints
ā¢āÆ Fault model
ā¢āÆ Code Coverage