Path-Sensitive Oracle Data Selection via Static Analysis
Abstract
:1. Introduction
2. Our Approach
2.1. Critical Path Analysis
2.1.1. Numbers of Operations
2.1.2. Path Length
2.2. Quantity and Quality Analysis
2.2.1. Performing Static Analysis to Generate CPG
2.2.2. Quantity Analysis
Algorithm 1: Quantity Analysis of Oracle Data |
2.2.3. Quality Analysis
2.3. Selecting Oracle Data
3. Evaluation
3.1. Objects of Study
3.2. RQ1: Effectiveness of Critical Path Analysis
3.2.1. Experimental Setup
3.2.2. Experimental Process
3.2.3. Results and Analysis
3.3. RQ2: Effectiveness of Quantity Analysis
3.3.1. Experimental Process and Setup
3.3.2. Results and Analysis
3.4. RQ3: Effectiveness of PSODS
3.4.1. Experimental Process and Setup
3.4.2. Results and Analysis
3.5. Threats to Validity
4. Related Work
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Jaffari, A.; Yoo, C.J.; Lee, J. Automatic Test Data Generation Using the Activity Diagram and Search-Based Technique. Appl. Sci. 2020, 10, 3397. [Google Scholar] [CrossRef]
- Koo, B.; Bae, J.; Kim, S.; Park, K.; Kim, H. Test Case Generation Method for Increasing Software Reliability in Safety-Critical Embedded Systems. Electronics 2020, 9, 797. [Google Scholar] [CrossRef]
- Harman, M.; McMinn, P.; Shahbaz, M.; Yoo, S. A Comprehensive Survey of Trends in Oracles for Software Testing; Tech. Rep. CS-13-01; University of Sheffield: Sheffield, UK, 2013. [Google Scholar]
- Jahangirova, G. Oracle Problem in Software Testing. In Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis; Association for Computing Machinery (ISSTA 2017), New York, NY, USA, 10–14 July 2017; pp. 444–447. [Google Scholar]
- Staats, M.; Gay, G.; Heimdahl, M.P. Automated oracle creation support, or: How I learned to stop worrying about fault propagation and love mutation testing. In Proceedings of the 34th International Conference on Software Engineering, Zurich, Switzerland, 2–9 June 2012; pp. 870–880. [Google Scholar]
- Meng, Y.; Gay, G.; Whalen, M. Ensuring the observability of structural test obligations. IEEE Trans. Softw. Eng. 2018. [Google Scholar] [CrossRef] [Green Version]
- Fraser, G.; Staats, M.; McMinn, P.; Arcuri, A.; Padberg, F. Does automated white-box test generation really help software testers? In Proceedings of the 2013 International Symposium on Software Testing and Analysis, Lugano, Switzerland, 15–20 July 2013; pp. 291–301. [Google Scholar]
- Briand, L.C.; Di Penta, M.; Labiche, Y. Assessing and improving state-based class testing: A series of experiments. IEEE Trans. Softw. Eng. 2004, 30, 770–783. [Google Scholar] [CrossRef]
- Xie, Q.; Memon, A.M. Designing and comparing automated test oracles for GUI-based software applications. ACM Trans. Softw. Eng. Methodol. (TOSEM) 2007, 16, 4. [Google Scholar] [CrossRef]
- Chen, J.; Bai, Y.; Hao, D.; Zhang, L.; Zhang, L.; Xie, B.; Mei, H. Supporting oracle construction via static analysis. In Proceedings of the 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE), Singapore, 3–7 September 2016; pp. 178–189. [Google Scholar]
- Loyola, P.; Staats, M.; Ko, I.Y.; Rothermel, G. Dodona: Automated oracle dataset selection. In Proceedings of the 2014 International Symposium on Software Testing and Analysis, San Jose, CA, USA, 21–26 July 2014; pp. 193–203. [Google Scholar]
- Gay, G.; Staats, M.; Whalen, M.; Heimdahl, M.P. Automated oracle data selection support. IEEE Trans. Softw. Eng. 2015, 41, 1119–1137. [Google Scholar] [CrossRef]
- Staats, M.; Whalen, M.W.; Heimdahl, M.P. Better testing through oracle selection (nier track). In Proceedings of the 33rd International Conference on Software Engineering, Honolulu, HI, USA, 21–28 May 2011; pp. 892–895. [Google Scholar]
- Zhang, M.Z.; Gong, Y.Z.; Wang, Y.W.; Jin, D.H. Unit Test Data Generation for C Using Rule-Directed Symbolic Execution. J. Comput. Sci. Technol. 2019, 34, 670–689. [Google Scholar] [CrossRef]
- Xing, Y.; Gong, Y.; Wang, Y.; Zhang, X. Branch and bound framework for automatic test case generation. Sci. Sin. Inf. 2014, 44, 1345–1360. [Google Scholar]
- Wang, W.; Zeng, Q. Evaluating initial inputs for concolic testing. In Proceedings of the 2015 International Symposium on Theoretical Aspects of Software Engineering, Nanjing, China, 12–14 September 2015; pp. 47–54. [Google Scholar]
- Zhang, X.Z.; Gong, Y.Z.; Wang, Y.W.; Xing, Y.; Zhang, M.Z. Automated string constraints solving for programs containing string manipulation functions. J. Comput. Sci. Technol. 2017, 32, 1125–1135. [Google Scholar] [CrossRef]
- Herman, P. A data flow analysis approach to program testing. Aust. Comput. J. 1976, 8, 92–96. [Google Scholar]
- Baah, G.K.; Podgurski, A.; Harrold, M.J. The probabilistic program dependence graph and its application to fault diagnosis. IEEE Trans. Softw. Eng. 2010, 36, 528–545. [Google Scholar] [CrossRef] [Green Version]
- Baxter, W.; Bauer, H.R., III. The program dependence graph and vectorization. In Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Austin, TX, USA, 11–13 January 1989; pp. 1–11. [Google Scholar]
- Meng, Q.; Feng, C.; Zhang, B.; Tang, C. Assisting in auditing of buffer overflow vulnerabilities via machine learning. Math. Prob. Eng. 2017, 2017, 1–13. [Google Scholar] [CrossRef] [Green Version]
- Yamaguchi, F.; Golde, N.; Arp, D.; Rieck, K. Modeling and discovering vulnerabilities with code property graphs. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, San Jose, CA, USA, 18–21 May 2014; pp. 590–604. [Google Scholar]
- Andrews, J.H.; Briand, L.C.; Labiche, Y. Is mutation an appropriate tool for testing experiments? In Proceedings of the 27th International Conference on Software Engineering, St. Louis, MO, USA, 15–21 May 2005; pp. 402–411. [Google Scholar]
- Romano, S.; Scanniello, G.; Antoniol, G.; Marchetto, A. SPIRITuS: A SimPle Information Retrieval regressIon Test Selection approach. Inf. Softw. Technol. 2018, 99, 62–80. [Google Scholar] [CrossRef]
- Just, R.; Jalali, D.; Inozemtseva, L.; Ernst, M.D.; Holmes, R.; Fraser, G. Are mutants a valid substitute for real faults in software testing? In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, Hong Kong, China, 16–21 November 2014; pp. 654–665. [Google Scholar]
- Mutants Used in the Evaluation. Available online: https://github.com/z420/PSODS/releases (accessed on 6 January 2021).
- Astronomy and Numerical Software Source Codes. Available online: http://www.moshier.net/ (accessed on 6 January 2021).
- Park, M.H. An Approach For Oracle Data Selection Criterion. Ph.D. Thesis, University of Minnesota, Minneapolis, MN, USA, 2010. [Google Scholar]
- Mertoguno, J.S. Human decision making model for autonomic cyber systems. Int. J. Artif. Intell. Tools 2014, 23, 1460023. [Google Scholar] [CrossRef]
- Yao, F.; Li, Y.; Chen, Y.; Xue, H.; Lan, T.; Venkataramani, G. Statsym: Vulnerable path discovery through statistics-guided symbolic execution. In Proceedings of the 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, CO, USA, 26–29 June 2017; pp. 109–120. [Google Scholar]
- Godefroid, P.; Levin, M.Y.; Molnar, D.A. Automated Whitebox Fuzz Testing. NDSS Citeseer 2008, 8, 151–166. [Google Scholar]
- Liang, H.; Pei, X.; Jia, X.; Shen, W.; Zhang, J. Fuzzing: State of the art. IEEE Trans. Reliab. 2018, 67, 1199–1218. [Google Scholar] [CrossRef]
- Godefroid, P.; Levin, M.Y.; Molnar, D. SAGE: Whitebox fuzzing for security testing. Commun. ACM 2012, 55, 40–44. [Google Scholar] [CrossRef]
- Xue, H.; Chen, Y.; Yao, F.; Li, Y.; Lan, T.; Venkataramani, G. Simber: Eliminating redundant memory bound checks via statistical inference. In IFIP International Conference on ICT Systems Security and Privacy Protection; Springer: New York, NY, USA, 2017; pp. 413–426. [Google Scholar]
- Wang, W.G.; Zeng, Q.K.; Sun, H. Dynamic symbolic execution method oriented to critical operation. Ruan Jian Xue Bao/J. Softw. 2016, 27, 1230–1245. [Google Scholar]
- Baldoni, R.; Coppa, E.; D’elia, D.C.; Demetrescu, C.; Finocchi, I. A survey of symbolic execution techniques. ACM Comput. Surv. (CSUR) 2018, 51, 50. [Google Scholar] [CrossRef] [Green Version]
- Yang, S.; Zhang, X.; Gong, Y.Z. Infeasible Path Detection Based on Code Pattern and Backward Symbolic Execution. Math. Prob. Eng. 2020. [Google Scholar] [CrossRef]
High-Risk Operations | Function/Operator |
---|---|
char *strcpy(char * s1, const char * s2) | |
Function Operations | char *strncpy(char * s1, const char * s2, size_t n) |
char *strcat(char * s1, const char * s2) | |
Pointer Operation | Dereferencing Operator * |
Function Name | LOC | Number of Paths 1 | Statement Coverage | Number of Mutants |
---|---|---|---|---|
sinhf | 40 | 4 | 100% | 10 |
y0f | 38 | 4 | 100% | 13 |
j0f | 39 | 5 | 100% | 12 |
tanhf | 47 | 6 | 100% | 16 |
cbrtf | 79 | 7 | 100% | 23 |
log2f | 62 | 7 | 88% | 16 |
ivf | 51 | 19 | 73% | 11 |
atanf | 52 | 5 | 100% | 14 |
ellief | 50 | 4 | 100% | 24 |
dawsnf | 43 | 6 | 100% | 17 |
acoshf | 35 | 10 | 100% | 14 |
redupif | 22 | 2 | 100% | 9 |
sicif | 91 | 10 | 94% | 20 |
log10f | 54 | 5 | 88% | 19 |
atanhf | 46 | 5 | 93% | 20 |
Function Name | ||||
---|---|---|---|---|
sinhf | 4.02 | 6.99 | 24.11 | 24.11 |
y0f | 0.74 | 1.49 | 2.23 | 2.98 |
j0f | 4.09 | 7.09 | 17.5 | 20.48 |
tanhf | 6.14 | 10.57 | 17.97 | 38.87 |
cbrtf | 0.36 | 0.37 | 4.00 | 4.36 |
log2f | 2.69 | 5.27 | 10.79 | 13.49 |
ivf | 2.45 | 8.86 | 12.55 | 14.77 |
atanf | 4.27 | 4.30 | 9.41 | 10.41 |
ellief | 2.06 | 4.04 | 6.11 | 8.24 |
dawsnf | 2.51 | 1.88 | 11.20 | 10.55 |
acoshf | 1.66 | 3.14 | 5.20 | 6.67 |
redupif | 1.73 | 3.18 | 4.02 | 5.47 |
sicif | 1.41 | 5.04 | 4.83 | 8.52 |
log10f | 2.63 | 2.68 | 8.32 | 18.59 |
atanhf | 1.19 | 7.25 | 9.80 | 18.39 |
Function Name | Output-Only Fault-DetecTion Rates | PSODS Fault-Detection Rates |
---|---|---|
sinhf | 90% | 100% |
y0f | 92% | 100% |
j0f | 100% | 100% |
tanhf | 93% | 100% |
cbrtf | 100% | 100% |
log2f | 100% | 100% |
ivf | 100% | 100% |
atanf | 71% | 71% |
ellief | 100% | 100% |
dawsnf | 94% | 100% |
acoshf | 100% | 100% |
redupif | 88% | 88% |
sicif | 0% | 100% |
log10f | 100% | 100% |
atanhf | 100% | 100% |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Zhang, M.; Gong, Y.; Wang, Y.; Jin, D. Path-Sensitive Oracle Data Selection via Static Analysis. Electronics 2021, 10, 110. https://doi.org/10.3390/electronics10020110
Zhang M, Gong Y, Wang Y, Jin D. Path-Sensitive Oracle Data Selection via Static Analysis. Electronics. 2021; 10(2):110. https://doi.org/10.3390/electronics10020110
Chicago/Turabian StyleZhang, Mingzhe, Yunzhan Gong, Yawen Wang, and Dahai Jin. 2021. "Path-Sensitive Oracle Data Selection via Static Analysis" Electronics 10, no. 2: 110. https://doi.org/10.3390/electronics10020110
APA StyleZhang, M., Gong, Y., Wang, Y., & Jin, D. (2021). Path-Sensitive Oracle Data Selection via Static Analysis. Electronics, 10(2), 110. https://doi.org/10.3390/electronics10020110