Program-based Mutation Testing

Similar documents
Introduction to Software Testing Chapter 5.1 Syntax-based Testing

DRAFT: Prepublication draft, Fall 2014, George Mason University Redistribution is forbidden without the express permission of the authors

What is Mutation Testing? Mutation Testing. Test Case Adequacy. Mutation Testing. Mutant Programs. Example Mutation

Faults, Errors, Failures

Part I: Preliminaries 24

Introduction to Software Testing Chapter 2.4 Graph Coverage for Design Elements Paul Ammann & Jeff Offutt

Introduction to Software Testing Chapter 2, Sections: 2.1 & 2.2 Overview Graph Coverage Criteria

A Comparative Study on Mutation Analysis for Java Applications

Fault-based testing. Automated testing and verification. J.P. Galeotti - Alessandra Gorla. slides by Gordon Fraser. Thursday, January 17, 13

Introduction to Software Testing Chapter 4 Input Space Partition Testing

Introduction to Software Testing Chapter 2.1, 2.2 Overview Graph Coverage Criteria Paul Ammann & Jeff Offutt

Fault, Error, and Failure

MTAT : Software Testing

Object-oriented programming. and data-structures CS/ENGRD 2110 SUMMER 2018

Introduction to Software Testing Chapter 3, Sec# 3.3 Logic Coverage for Source Code

CS 3360 Design and Implementation of Programming Languages. Exam 1

MTAT : Software Testing

MTAT : Software Testing

Testing! Prof. Leon Osterweil! CS 520/620! Spring 2013!

Graph Coverage for Source Code. Data Flow Graph Coverage for Source Code

White Box Testing III

Overview Graph Coverage Criteria

Class-Component Testability Analysis

Types. Type checking. Why Do We Need Type Systems? Types and Operations. What is a type? Consensus

Logic Coverage for Source Code

What is Mutation Testing?

Citation for the original published paper (version of record):

COMP 3705 Advanced Software Engineering: Software Testing

Introduction to Software Testing Chapter 3, Sec# 1 & 2 Logic Coverage

What is software testing? Software testing is designing, executing and evaluating test cases in order to detect faults.

Applying Mutation Testing to XML Schemas

CMPSCI 521/621 Homework 2 Solutions

EVALUATING THE EFFECTIVENESS OF TEST COVERAGE CRITERIA USING MUTATION ANALYSIS. An evaluation of test coverage criteria in C#

Semantic Analysis. Outline. The role of semantic analysis in a compiler. Scope. Types. Where we are. The Compiler Front-End

GENERATING COST-EFFECTIVE CRITERIA-BASED TESTS FROM BEHAVIORAL MODELS

17. Assertions. Outline. Built-in tests. Built-in tests 3/29/11. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen

CS /534 Compiler Construction University of Massachusetts Lowell

Introduction to Software Testing Chapter 3.1, 3.2 Logic Coverage Paul Ammann & Jeff Offutt

Introduction to Software Testing Chapter 3.1, 3.2 Logic Coverage Paul Ammann & Jeff Offutt

17. Assertions. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

FORM 1 (Please put your name and section number (001/10am or 002/2pm) on the scantron!!!!) CS 161 Exam II: True (A)/False(B) (2 pts each):

Software Testing Prof. Meenakshi D Souza Department of Computer Science and Engineering International Institute of Information Technology, Bangalore

Introduc)on to So,ware Tes)ng (2nd edi(on) Overview Graph Coverage Criteria. Paul Ammann & Jeff OffuA. hap:// so,waretest/

Multi-Objective Higher Order Mutation Testing with Genetic Programming

CSE 413 Languages & Implementation. Hal Perkins Winter 2019 Structs, Implementing Languages (credits: Dan Grossman, CSE 341)

Program Analysis. Program Analysis

Compatible Qualification Metrics for Formal Property Checking

CS 520 Theory and Practice of Software Engineering Fall 2018

Topic 9: Type Checking

Topic 9: Type Checking

FINALTERM EXAMINATION Spring 2009 CS506- Web Design and Development Solved by Tahseen Anwar

The role of semantic analysis in a compiler

Introduction to Programming Using Java (98-388)

Test Case Specifications and Test adequacy. Research Methods - Barbara Russo SwSE - Software and Systems Engineering

Self-test Programming Fundamentals

MAJOR: An Efficient and Extensible Tool for Mutation Analysis in a Java Compiler

MIDTERM EXAM (Solutions)

CS Final Exam Review Suggestions - Spring 2018

6. Test-Adequacy. Assessment Using Control Flow and Data Flow. Andrea Polini

INSTITUTE OF AERONAUTICAL ENGINEERING (Autonomous) Dundigal, Hyderabad

CS 112 Introduction to Computing II. Wayne Snyder Computer Science Department Boston University

TESTBEDS Paris

Semantic Analysis. Outline. The role of semantic analysis in a compiler. Scope. Types. Where we are. The Compiler so far

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Software Testing - Introduction -

CS 161 Exam II Winter 2018 FORM 1

CSC Web Programming. Introduction to JavaScript

Type Inference Systems. Type Judgments. Deriving a Type Judgment. Deriving a Judgment. Hypothetical Type Judgments CS412/CS413

Basic concepts. Chapter Toplevel loop

Type Checking and Type Equality

COS 320. Compiling Techniques

Testing: Coverage and Structural Coverage

On Code Coverage of Extended FSM Based Test Suites: An Initial Assessment

Overview. State-of-the-Art. Relative cost of error correction. CS 619 Introduction to OO Design and Development. Testing.

CMPT 473 Software Quality Assurance. Graph Coverage. Nick Sumner

Syntax and Grammars 1 / 21

Functions & First Class Function Values

Semantic Analysis. Lecture 9. February 7, 2018

Foundations: Syntax, Semantics, and Graphs

Homework #3 CS2255 Fall 2012

Object Oriented Mutation Applied in Java Application programming Interface and C++ Classes

CMSC 330: Organization of Programming Languages. Formal Semantics of a Prog. Lang. Specifying Syntax, Semantics

Test Oracles and Mutation Testing. CSCE Lecture 23-11/18/2015

Generating Tests for Detecting Faults in Feature Models

Introduction to Computer Science Midterm 3 Fall, Points

CIW 1D CIW JavaScript Specialist.

data_type variable_name = value; Here value is optional because in java, you can declare the variable first and then later assign the value to it.

Front End Programming

The PCAT Programming Language Reference Manual

Computer Science Department Carlos III University of Madrid Leganés (Spain) David Griol Barres

Introduction to Software Testing Chapter 2.3 Graph Coverage for Source Code. Paul Ammann & Jeff Offutt

Finding Vulnerabilities in Web Applications

Approximate Transformations as Mutation Operators

Java Server Page (JSP)

CS558 Programming Languages

CS558 Programming Languages

PESIT Bangalore South Campus SOLUTION

Mutating database queries

G Programming Languages Spring 2010 Lecture 6. Robert Grimm, New York University

Transcription:

Program-based Mutation Testing CS 4501 / 6501 Software Testing [Ammann and Offutt, Introduction to Software Testing, Ch. 9.2] 1

Applying Syntax-Based Testing to Programs Test requirements are derived from the syntax of software artifacts Syntax-based criteria originated with programs and have been used mostly with program source code BNF criteria are most commonly used to test compilers Use BNF criteria to generate programs to test all language features that compilers must process Mutation testing criteria are most commonly used for unit testing and integration testing 2

Instantiating Grammar-Based Testing Grammar-Based Testing Program-based Integration Model-Based Input-Based Grammar Compiler testing Valid and invalid strings Program mutation Valid strings Mutants are not tests Must kill mutants String mutation String mutation Test how classes interact Valid strings Mutants are not tests Must kill mutants Includes OO String mutation FSMs Model checking Valid strings Traces are tests Input validation testing XML and others Valid strings Grammar Input validation testing XML and others Invalid strings No ground strings Mutants are tests String mutation 3

Mutation Testing Inject changes into programs Strongest testing criterion Effective criterion for designing and evaluating tests Applied to C, C++, Java, JavaScript, Java EE, PHP, Angular, SQL, Android, spreadsheet, policy, Premise: If the software has a fault, there usually are some mutants that can only be killed by a test that also detects that fault. Kill: The test makes the output of the original program different from the output of the mutant 4

Mutation Testing Effective tests Original Program Find last index of zero int lastzero (int[] x) { for (int i = x.length-1; i >= 0; i--) { } if (x[i] == 0) return i; } return -1; i > 0 Input: x = {1, 1, 2}; Output original: -1 Output mutant: -1 Input: x = {0, 1, 2}; Output original: 0 Output mutant: -1 Ineffective tests Ineffective Test x = {0, 1, 2}; Very effective at exploring the boundary case Killed! [Thanks to Professor Lin Deng, Towson University] 5

Mutation Testing Subject programs Apply mutation operators mutants Must be valid strings (compilable) Mutation operators Rules that specify how to modify the code (mutate) Well designed operators result in power tests Run tests on subject program Mutation operators do one of two tasks Mimic typical programmer mistakes Encourage common test heuristics Generate tests Run tests on mutants no Distinguishable result? Mutants are not tests, but used to find tests Killing mutant We use mutation testing to Help testers design high quality tests Evaluate the quality of existing tests Mutation scores = yes # $%&'(&) *+,,-. # (/(0-1%+2',-(& $%&'(&) Record killed mutants 6

Killing Mutants The quality of tests depends on mutation operators Different operators must be defined for different goals (and possibly for different programming languages) Testers can keep adding tests until all mutants have been killed Given a mutant m M for a ground string program P and a test t, t is said to kill m if and only if the output of t on P is different from the output of t on m. A mutant is killed if there is a test case for which the test results are different from the original program Killing mutants exposing faults 7

Categories of Mutants Dead mutant A test case has killed it The fault that a dead mutant represents will be detected by the same test that killed it Uncompilable mutant Syntactically illegal Should not be generated or should be immediately discarded Trivial mutant Almost every test can kill it (Functionally) equivalent mutant No test can kill it (same behavior or output as original, for all inputs) Infeasible test requirements 8

Example: Program Mutation Original method A fault is introduced by mutating the code Mutant 9

Example: Program Mutation i=1 is a mutation of i=0 The code obtained by changing i=0 to i=1 is called a mutant of numzero A test kills the mutant if the mutant yields different outputs from the original code Consider t1 = {1, 0, 0} Original returns 2, mutant returns 2, the mutant is not killed Consider t2 = {0, 1, 0} Original returns 2, mutant returns 1, the mutant is killed 10

Example 2 Original method mutant1 Each mutated statement represents a separate program mutant2 mutant3 11

Example 2 Consider the following tests t1 = min(0, 0) t2 = min(0, 1) t3 = min(1, 0) mutant1 Which mutants will be killed by which tests? mutant2 mutant3 12

Example 2 x y min m1 m2 m3 t1 0 0 0 0 0 0 t2 0 1 0 1 0 0 t3 1 0 0 1 0 0 mutant1 t1 kills none of the mutants t2 kills m1 t3 kills m1 mutant2 mutant3 Equivalent mutant 13

Example 3 With embedded mutants Replace operator Original method Mutant 4: force the tester to create tests that cause every variable and expression to have the value of zero 1 2 3 4 Immediate runtime failure.. If reached Replace one variable with another Immediate runtime failure if y == 0, else does nothing 14

Mutation Coverage Mutation Coverage (MC): For each m M, TR contains exactly one requirement, to kill m. The RIPR model Reachability: the test causes the faulty (mutated) statement to be reached Infection: the test causes the faulty statement to result in an incorrect state Propagation: the incorrect state propagates to incorrect output Revealability: the tester must observe part of the incorrect output The RIPR model leads to two variants of mutation coverage: Strong mutation and Weak mutation 15

1. Strong Mutation Coverage Strong Mutation Coverage (SMC): For each m M, TR contains exactly one requirement, to strongly kill m. Require reachability, infection, and propagation Output of running a test set on the original program is different from the output of running the same test set on a mutant 16

2. Weak Mutation Coverage Weak Mutation Coverage (WMC): For each m M, TR contains exactly one requirement, to weakly kill m. Require reachability and infection, not propagation Check internal state immediately after execution of the mutated statement If the state is incorrect, the mutant is killed Require less analysis A few mutants can be killed under weak mutation but not under strong mutation (no propagation) Incorrect state does not always propagate to the output Studies have found that test sets that weakly kill all mutants also strongly kill most mutants 17

Example (Mutant 1) Consider mutant 1 1 2 3 4 Reachability: true Infection: x y Propagation: (y < x) = false Full test specification: true (x y) ((y<x)=false) (x y) (y x) (y>x) Test case value: (x = 3, y = 5) strongly kill, weekly kill mutant 1 (x = 5, y = 3) weakly kill, but not strongly kill 18

Example (Mutant 3) Consider mutant 3 1 2 3 4 Reachability: true Infection: (y < x)!= (y < v) However, the previous statement was v = x Substitute the infection condition, we get (y < x)!= (y < x) Logical contradiction No input can kill this mutant Equivalent mutant 19

Strong vs. Weak Mutation Reachability: x < 0 Infection: x 0 1 Given a test (x = -6) Kills the mutant under weak mutation, but not under strong mutation Propagation: ( (float)((0-x)/2)==((float)(0-x))/2.0 )!= ( (float)(0/2)==((float)0)/2.0 ) The only value of x that will satisfy this condition is x must not be even To strongly kill, propagation requires x must be an odd and negative integer 20

Designing Mutation Operators Mutation Operators do one of two tasks: Mimic typical programmer mistakes Encourage common test heuristics Researchers design many operators, then experimentally Select the most useful operators Remove the redundant operators Effective Mutation Operators If tests that are created specifically to kill mutants created by a collection of mutation operators O = {o1, o2, } also kill mutants created by all remaining mutation operators with very high probability, then O defines an effective set of mutation operators 21

Example: Mutation Ops for Java Programs 2. AOR Arithmetic Operator Replacement: Each occurrence of one of the arithmetic operators +,,*,, and % is replaced by each of the other operators. In addition, each is replaced by the special mutation operators leftop, and rightop. Example: 1 2 3 4 [http://cs.gmu.edu/~offutt/mujava/mutopsmethod.pdf] 22

Example: Mutation Ops for Java Programs 3. ROR Relational Operator Replacement: Each occurrence of one of the relational operators (<,, >,, =, ) is replaced by each of the other operators and by falseop and trueop. Example: 1 2 3 4 5 [http://cs.gmu.edu/~offutt/mujava/mutopsmethod.pdf] 23

Example: Mutation Ops for Java Program SDL Statement Deletion SDL deletes each executable statement by commenting them out. It does not delete declarations. General statement deletion [http://cs.gmu.edu/~offutt/mujava/mutopsmethod.pdf] 24

Example: Mutation Ops for Web Apps FOB FailOnBack failonback.js { } function manipulatehistory() <html> <body> <body onload= manipulatehistory() > <script src= failonback.js ></script> </html> var currentpage = window.document.tostring(); var currenturl = window.location.href; var pagedata = window.document.tostring(); // add a dummy url right before the current url history.replacestate( pagedata, dummyurl, failonback.html ); history.pushstate( currentpage, currenturl, currenturl); URL_C URL_C URL_F URL_P URL_2 URL_1 browser history // update the page content window.addeventlistener( popstate, function(event) { window.location.reload(); }); [https://eric.ed.gov/?id=ed578113] 25

Example: Mutation Ops for Web Apps WSCR Scope replacement WSIR Session initialization replacement WSAD Session setattribute deletion <html> <jsp:usebean id = id 1 scope = page class = class 1 /> <jsp:usebean id = id 1 scope = session class = class 1 /> </html> Public class logout extends HttpServlet { public void doget(... ) { session = request.getsession(true); session = request.getsession(false);... } } Public class logout extends HttpServlet { public void doget(... ) { session.setattribute(attr 1, value 1 ); // session.setattribute(attr 1, value 1 );... } } [https://eric.ed.gov/?id=ed578113] 26

Example: Mutation Ops for Android Apps OnClick Event Replacement (ECR) Replaces event handlers with other compatible handler mprepup.setonclicklistener (new OnClickListener() { public public void void onclick onclick (View (View v) v) { { incrementpreptime decrementpreptime (); } (); } }); mprepdown.setonclicklistener (new OnClickListener() { public void onclick (View v) { }); decrementpreptime (); } OnTouch Event Replacement (ETR) Replaces OnTouch events, similar to ECR [https://cs.gmu.edu/~offutt/documents/theses/lindeng-dissertation.pdf] 27

Summary Mutation is widely considered the strongest test criterion First-order mutation due to the two assumptions Competent programmers Coupling effect Mutation creates the most test requirements # test requirements = # mutants Most expensive To improve the test process, use selective mutation operators Mutation testing is very difficult to apply by hand Mutation subsumes other criteria by including specific mutation operators Mutation can be applied to various software artifacts, languages, and frameworks with different implementation and specific definition of mutation operators 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback