Fuzz Testing Projects in Massive Courses

Similar documents
Create a Test Manually

Project Overview and Scope

Building Polynomial Functions

SafeAssign Guide for Instructors

Introduction List/Modify Users... 2 Send Change Password... 3 Properties Enroll User... 3 Remove Users from Course...

USER S MANUAL. Attendance Tracking System. ISDS 4125 Group 5. December, Attendance Tracking i User s Manual

C++ Programming Language Lecture 2 Problem Analysis and Solution Representation

PowerSchool. GPA/Class Rank Transcripts. (Revised 05/19/14)

Outline. Program development cycle. Algorithms development and representation. Examples.

Using Scantron ParLAN 6.5 for the First Time:

Seventh Grade Spiraling Review Week 1 of First Six Weeks

STUDENT USER MANUAL/HELP SECTION-ADMIN

BCS THE CHARTERED INSTITUTE FOR IT. BCS HIGHER EDUCATION QUALIFICATIONS BCS Level 4 Certificate in IT SOFTWARE DEVELOPMENT

User Guide How to Conduct an Audit By: PCE Systems January, 2018

SPECIAL ARBITRATION ARBITRATOR CERTIFICATION USER GUIDE

Data driven student feedback for Programming Intensive MOOCs

Ryerson Polytechnic University Department of Mathematics, Physics, and Computer Science Final Examinations, April, 2003


Constructing Algorithms and Pseudocoding This document was originally developed by Professor John P. Russo

Microsoft Developing SQL Databases

The Beauty and Joy of Computing

R - T (Gauss 2004) At the Gauss Store you earn 5 reward points for each $25 you spend. Stuart spent $200 and received points. Find.

CS 540: Introduction to Artificial Intelligence

Activity 7. Modeling Exponential Decay with a Look at Asymptotes. Objectives. Introduction. Modeling the Experiment: Casting Out Sixes

COMP 250. Lecture 36 MISC. - beyond COMP final exam comments

CS1800 Discrete Structures Spring 2017 Profs. Gold & Schnyder April 28, CS1800 Discrete Structures Final

RESEARCHER/P.I. DOCUMENTATION

ANGEL Accessibility User Overview

Third Annual Oklahoma High Performance Computing Competition

Check out how to use the random number generator (introduced in section 4.11 of the text) to get a number between 1 and 6 to create the simulation.

Midterm 1 for CS 170

Instructor Feedback Location and Printing. Locating Instructor Feedback When Available within Canvas

SAND: A Fault-Tolerant Streaming Architecture for Network Traffic Analytics

CS 326: Operating Systems. Lecture 1

Automated Documentation Inference to Explain Failed Tests

Intro to Software as a Service (SaaS) and Cloud Computing

Practical 2: Using Minitab (not assessed, for practice only!)

Towards Lab Based MOOCs: Embedded Systems, Robotics, and Beyond

My Magento U User Guide Table of Contents

Automated Debugging In Data Intensive Scalable Computing Systems

Lecture 15 Software Testing

OCIMF. OVID OVMSA Module User Manual. 16 April v1.0.1

Chapter 9: Quality Control (QC)

The Beauty and Joy of Computing

Student Self Service User's Guide

Evolution of Database Systems

Student Learning Center

Just for the Kids School Reports: A data-oriented web site powered by SAS

EAS230: Programming for Engineers Lab 1 Fall 2004

Introduction to PENTAHO for Program Management and Performance Monitoring

Chapter 4 The Companion Website A Unique Online Study Resource 4.1 Locating Companion Web sites

Math Centers for Common Core. Numbers and Operations: Fractions. Created by Jennifer Findley

Introduction to: Computers & Programming: Review prior to 2 nd Midterm

Washington State University School of EECS Computer Science Course Assessment Report

Module Certification and Testing

CMPSCI 187 / Spring 2015 Sorting Kata

The Beauty and Joy of Computing Quest (first exam) in in 16 days!! Lecture #3 : Functions

CSE 473: Ar+ficial Intelligence Uncertainty and Expec+max Tree Search

The instructions here- in outline the process(es) for grading group wikis.

The tool can also be accessed by clicking the Self Service Password Manager icon on your desktop, or by visiting:

Mat 2170 Week 9. Spring Mat 2170 Week 9. Objects and Classes. Week 9. Review. Random. Overloading. Craps. Clients. Packages. Randomness.

Assignment 2. Advanced Functional Programming, 2017 (Avancerad funktionell programmering, 2017) due 4 December 2017, 23:59

CS 155 Final Exam. CS 155: Spring 2012 June 11, 2012

Assignment Manager. Change Edit Mode to On if it is not already by clicking on the option at the top right of the window.

Blackboard 9 - Creating Categories in the Grade Center

QUALITY MONITORING AND

61A LECTURE 1 FUNCTIONS, VALUES. Steven Tang and Eric Tzeng June 24, 2013

1) What of the following sets of values for A, B, C, and D would cause the string "one" to be printed?

HOW TO SUBMIT AN ASSIGNMENT

WhatsApp Group Data Analysis with R

Lecture 19. Topics: Chapter 9. Simulation and Design Moving to graphics library Unit Testing 9.5 Other Design Techniques

Introduction to Problem Solving and Programming in Python.

Chapter 12 Dealing With Data Tutorial

Student Responsibilities. Mat 2170 Week 9. Notes About Using Methods. Recall: Writing Methods. Chapter Six: Objects and Classes

STUDENT LESSON A14 Boolean Algebra and Loop Boundaries

Cambridge International Examinations Cambridge International Advanced Subsidiary and Advanced Level

ANNOTATION STUDIO User s Guide. DRAFT - Version January 2015

15-110: Principles of Computing, Spring 2018

"Charting the Course... MOC C: Developing SQL Databases. Course Summary

CS 201, Fall 2016 Dec 2nd Exam 3

How to Cancel a Section/Course

Valeria Martinovic, 330 Latimer. Concurrent enrollment in Chem 1A or a C- in Chem 1A. Tuesday April 28th - 7:00-9:00pm

CS10 The Beauty and Joy of Computing

Searching for Expertise

Microsoft. [MS20762]: Developing SQL Databases

gcc o driver std=c99 -Wall driver.c bigmesa.c

HANA Performance. Efficient Speed and Scale-out for Real-time BI

Data Analytics. Qualification Exam, May 18, am 12noon

CS 241 Data Organization using C

Hardening the C++ Standard Template Library

Tracking Trajectories of Migrating Birds Around Tall Structures

Windows Communication Foundation (WCF) Visual Studio 2008

Developing SQL Databases

ConfigSynth: A Formal Framework for Network Security Design Synthesis

The FlexTraining Total e-learning Solution Management Guide Version 5.3

PHYS 235 Final Projects Spring 2009

Repetition and Loop Statements Chapter 5

The collection of numbers 0, +1, 1, +2, 2, +3, 3,... is called integers. The integers are represented on the number line as follows :

Academic Advising Basics

Upcoming. Repairing Automated Repair. Generalizing 3/19/18

Transcription:

Learning@Scale 2016 Fuzz Testing Projects in Massive Courses Sumukh Sridhara, Brian Hou, Jeffrey Lu and John DeNero UC Berkeley April 26th 2016 Edinburgh, UK www.bestppt.com

Programming Projects in MOOCs IMPLEMENT Programming Projects 1 Primarily Instructional FEEDBACK 2 Instructor Solution Exists REVISE 3 Automated Feedback 2

Feedback Goals 1 Help students arrive at a correct answer 2 Students can help themselves 3 Every missed bug is a missed learning opportunity 3

Targeted Comprehensive 1 Isolates One Issue 100% Tests every case Guide Student Attention Hard To Engineer Many Targeted Tests Hard To Compute www.bestppt.com

Fuzz Testing

Fuzz Testing Testing the behavior of the program on many random inputs Complementary to Manual Testing Historically used for security

Fuzz Testing (Security) Generate Random Inputs User Program Verify Security Constraints 7

Fuzz Testing (Programming Projects) Generate Random Inputs Student Program Verify Correctness 8

Fuzz Testing (Programming Projects) Generate Random Inputs Student Program Instructor Program Student Output Expected Output 9

How to compare output? How many inputs are required? How to improve upon Fuzz Tests?

Creating & Distributing Tests Generate Inputs Input domain is known Generating Random Inputs is easy Student Program Instructor Program Verify Output 11

Implementation Generate Inputs q5(93, q5(93, 97, 97, 3) q5(23, 17, 3) Test #1007) Random input generation All students were provided with an identical set of tests Large number of inputs needed 12

Creating & Distributing Tests Generate Inputs Input domain is known Generating Random Inputs is easy Student Program Instructor Program Verify Output 13

Creating & Distributing Tests Generate Inputs Raw Output Check Hashing Student Program Instructor Program Program Tracing Verify Output 14

RQ1: How to Compare Outputs? Verify Output Raw comparison of output Compare against precomputed result q5(93, q5(93, 97, 97, 3) q5(23, 17, 3) Test #1007) q5(93, q5(93, 97, 97, 3) q5(23, 17, 3) Student output 7) Output Vector 15

RQ1: How to Compare Outputs? Hashing Output Hash combination of outputs Compare against precomputed result q5(93, q5(93, 97, 97, 3) q5(23, 17, 3) Test #1007) q5(93, q5(93, 97, 97, 3) q5(23, 17, 3) Student output 7) Output Vector Combine & Hash 477587826 16

Evaluation CS61A @ UC Berkeley cs61a.org In Person CS1 Course with 1400 Students Enrolled 17

Student Autograder OK Server Analytics Feedback okpy.org 18

Collected Dataset Students Completing Project 1,331 Code Snapshots 486,482 Average Snapshots per Student 349 Incorrect Attempts at Target Question 48,079 19

Output Vectors Generated Inputs Output Vector Correct Student Attempt Student Attempt Student Attempt Student Attempt 20

Output Vectors Output Vector 21

Frequency of Incorrect Outputs 1600 1200 800 400 0 22

RQ2: How many inputs are needed? 23

R2: How many inputs are needed? 1 Input 24

RQ2: How many inputs are needed? 2 Inputs 25

RQ2: How many inputs are needed? 3 Inputs 26

RQ2: How many inputs are needed? 4 Inputs 27

RQ2: How many inputs are needed? 7000 Number of False Positives 6000 5000 4000 3000 2000 1000 0 1 2 5 10 25 50 100 200 500 1000 Number of Inputs (Log Scale) 28

Fuzz Testing Effectiveness 52% 48% 656 Students (48.4%) passed all of the targeted tests but still had an error caught by the Fuzz Tests Targeted + Fuzz Tests Targeted Tests 29

RQ3: Improving Fuzz Tests Cumulative Percent Fixed Targeted Test Fuzz Test Attempts Required To Fix Error 30

How to Improve On Fuzz Tests? As a result of the Fuzz Test: 19% 7% 46% 46% of students reported spending 1 to 4 hours debugging 19% of students reported spending more than 4 hours debugging 28% Obfuscating output made it harder for instructors to help students No Time < 1 Hour >4 Hour >1 Hour 31

Improvements Program Inspection Incorrect result after playing 1 game(s): - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - score0 score1 Turn Summary - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Turn 0: 0 0 Player 0 rolls 0 dice: +1 1 0 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Turn 1: 1 0 Player 1 rolls 7 six- sided dice: +37 3, 4, 6, 3, 3, 4, 6 1 37 Dice sum: 29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -... - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Incorrect implementation of game at turn 1. Please read over the trace to find your error. (error_id: 1189294328) 32

Thank you sumukh@berkeley.edu @sumukhsridhara okpy.org cs61a.org www.bestppt.com Fuzz Testing Projects in Massive Courses Learning@Scale 2016

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback