| 431 | Aritra Bandyopadhyay and Sudipto Ghosh
Test Input Generation Using {UML} Sequence and State Machines Models
Second International Conference on Software Testing Verification and Validation, {ICST} 2009, Denver, Colorado, USA, April 1-4, 2009, 2009. |
|
| | Abstract: Available soon... |
| | @INPROCEEDINGS{bandyopadhyay_ICST_09,
author = {Aritra Bandyopadhyay and Sudipto Ghosh},
title = {Test Input Generation Using {UML} Sequence and State Machines Models},
booktitle = {Second International Conference on Software Testing Verification and Validation, {ICST} 2009, Denver, Colorado, USA, April 1-4, 2009},
year = {2009},
address = {},
month = {},
pages = {121--130}
} |
| 432 | Yu-Seung Ma and Yong-Rae Kwon and Sang-Woon Kim
Statistical Investigation on Class Mutation Operators
ETRI Journal, 31(), 2009. |
|
| | Abstract: Available soon... |
| | @ARTICLE{MaKK09,
author = {Yu-Seung Ma and Yong-Rae Kwon and Sang-Woon Kim},
title = {Statistical Investigation on Class Mutation Operators},
journal = {ETRI Journal},
year = {2009},
month = {},
volume = {31},
number = {},
pages = {140–150}
} |
| 433 | Tao Xie and Nikolai Tillmann and Jonathan de Halleux and Wolfram Schulte
Mutation Analysis of Parameterized Unit Tests
Proceedings of the 4th International Workshop on Mutation Analysis (MUTATION'09)Denver, Colorado, 1-4 April 2009. |
|
| | Abstract: Recently parameterized unit testing has emerged as a promising and effective methodology to allow the separation of (1) specifying external, black-box behavior (e.g., assumptions and assertions) by developers and (2) generating and selecting internal, white-box test inputs (i.e., high-code-covering test inputs) by tools. A parameterized unit test (PUT) is simply a test method that takes parameters, specifies assumptions on the parameters, calls the code under test, and specifies assertions. The test effectiveness of PUTs highly depends on the way that they are written by developers. For example, if stronger assumptions are specified, only a smaller scope of test inputs than intended are generated by tools, leading to false negatives in terms of fault detection. If weaker assertions are specified, erroneous states induced by the test execution do not necessarily cause assertion violations, leading to false negatives. Detecting these false negatives is challenging since the insufficiently written PUTs would just pass. In this paper, we propose a novel mutation analysis approach for analyzing PUTs written by developers and identifying likely locations in PUTs for improvement. The proposed approach is a first step towards helping developers write better PUTs in practice. |
| | @INPROCEEDINGS{XieTHS09,
author = {Tao Xie and Nikolai Tillmann and Jonathan de Halleux and Wolfram Schulte},
title = {Mutation Analysis of Parameterized Unit Tests},
booktitle = {Proceedings of the 4th International Workshop on Mutation Analysis (MUTATION'09)},
year = {2009},
address = {Denver, Colorado},
month = {1-4 April},
pages = {177-181}
} |
| 434 | Ammar Masood and Rafae Bhatti and Arif Ghafoor and Aditya Mathur
Scalable and Effective Test Generation for Role-Based Access Control Systems
IEEE Transactions of Software Engineering, 35(5), May 2009. |
|
| | Abstract: Conformance testing procedures for generating tests from the finite state model representation of Role-Based Access Control (RBAC) policies are proposed and evaluated. A test suite generated using one of these procedures has excellent fault detection ability but is astronomically large. Two approaches to reduce the size of the generated test suite were investigated. One is based on a set of six heuristics and the other directly generates a test suite from the finite state model using random selection of paths in the policy model. Empirical studies revealed that the second approach to test suite generation, combined with one or more heuristics, is most effective in the detection of both first-order mutation and malicious faults and generates a significantly smaller test suite than the one generated directly from the finite state models. |
| | @ARTICLE{MasoodBGM09,
author = {Ammar Masood and Rafae Bhatti and Arif Ghafoor and Aditya Mathur},
title = {Scalable and Effective Test Generation for Role-Based Access Control Systems},
journal = {IEEE Transactions of Software Engineering},
year = {2009},
month = {May},
volume = {35},
number = {5},
pages = {654–668}
} |
| 435 | Tejeddine Mouelhi and Benoit Baudry and Yves Le Traon
Transforming and Selecting Functional Test Cases for Security Policy Testing
Proceedings of the 2nd International Conference on Software Testing, Verification and ValidationDenver, Colorado, 1-4 April 2009. |
|
| | Abstract: We present a model-based approach to testing access control requirements. By using combinatorial testing, we first automatically generate test cases from and without access control policies—i.e., the model—and assess the effectiveness of the test suites by means of mutation testing. We also compare them to purely random tests. For some of the investigated strategies, non-random tests kill considerably more mutants thanthe same number of random tests. Since we rely on policies only, no information on the application is required at this stage. As a consequence, our methodology applies to arbitrary implementations of the policy decision points. |
| | @INPROCEEDINGS{MouelhFBL09,
author = {Tejeddine Mouelhi and Benoit Baudry and Yves Le Traon},
title = {Transforming and Selecting Functional Test Cases for Security Policy Testing},
booktitle = {Proceedings of the 2nd International Conference on Software Testing, Verification and Validation},
year = {2009},
address = {Denver, Colorado},
month = {1-4 April},
pages = {171–180}
} |
| 436 | Shuang Wang and A. Jefferson Offutt
Comparison of Unit-Level Automated Test Generation Tools
Proceedings of the 4th International Workshop on Mutation Analysis (MUTATION'09)Denver, Colorado, 1-4 April 2009. |
|
| | Abstract: Data from projects worldwide show that many software projects fail and most are completed late or over budget. Unit testing is a simple but effective technique to improve software in terms of quality, flexibility, and time-to-market. A key idea of unit testing is that each piece of code needs its own tests and the best person to design those tests is the developer who wrote the software. However, generating tests for each unit by hand is very expensive, possibly prohibitively so. Automatic test data generation is essential to support unit testing and as unit testing is achieving more attention, developers have a greater need for automated unit test data generation tools. However, developers have very little information about which tools are effective. This experiment compared three well-known public-accessible unit test data generation tools, JCrasher, TestGen4j, and JUB. We applied them to Java classes and evaluated them based on their mutation scores. As a comparison, we created two additional sets of tests for each class. One test set contained random values and the other contained values to satisfy edge coverage. Results showed that the automatic test data generation tools generated tests with almost the same mutation scores as the random tests. |
| | @INPROCEEDINGS{WangO09,
author = {Shuang Wang and A. Jefferson Offutt},
title = {Comparison of Unit-Level Automated Test Generation Tools},
booktitle = {Proceedings of the 4th International Workshop on Mutation Analysis (MUTATION'09)},
year = {2009},
address = {Denver, Colorado},
month = {1-4 April},
pages = {210-219}
} |
| 437 | Tisi, Massimo and Jouault, Fr{\'e}d{\'e}ric and Fraternali, Piero and Ceri, Stefano and B{\'e}zivin, Jean
On the Use of Higher-Order Model Transformations
Model Driven Architecture - Foundations and Applications: 5th European Conference, ECMDA-FA 2009, Enschede, The Netherlands, June 23-26, 2009. Proceedings, 2009. |
|
| | Abstract: Available soon... |
| | @INPROCEEDINGS{tisi_HOM_09,
author = {Tisi, Massimo and Jouault, Fr{\'e}d{\'e}ric and Fraternali, Piero and Ceri, Stefano and B{\'e}zivin, Jean},
title = {On the Use of Higher-Order Model Transformations},
booktitle = {Model Driven Architecture - Foundations and Applications: 5th European Conference, ECMDA-FA 2009, Enschede, The Netherlands, June 23-26, 2009. Proceedings},
year = {2009},
address = {},
month = {},
pages = {18--33}
} |
| 438 | Hossain Shahriar and Mohammad Zulkernine
Mutation-Based Testing of Format String Bugs
Proceedings of the 11th IEEE High Assurance Systems Engineering Symposium (HASE'08)Nanjing, China, 3-5 Dec 2008. |
|
| | Abstract: Format string bugs (FSBs) make an implementation vulnerable to numerous types of malicious attacks. Testing an implementation against FSBs can avoid consequences due to exploits of FSBs such as denial of services, corruption of application states, etc. Obtaining an adequate test data set is essential for testing of FSBs. An adequate test data set contains effective test cases that can reveal FSBs. Unfortunately, traditional techniques do not address the issue of adequate testing of an application for FSB. Moreover, the application of source code mutation has not been applied for testing FSB. In this work, we apply the idea of mutation-based testing technique to generate an adequate test data set for testing FSBs. Our work addresses FSBs related to ANSI C libraries. We propose eight mutation operators to force the generation of adequate test dataset. A prototype mutation-based testing tool named MUFORMAT is developed to generate mutants automatically and perform mutation analysis. The proposed operators are validated by using four open source programs having FSBs. The results indicate that the proposed operators are effective for testing FSBs. |
| | @INPROCEEDINGS{ShahriarZ08b,
author = {Hossain Shahriar and Mohammad Zulkernine},
title = {Mutation-Based Testing of Format String Bugs},
booktitle = {Proceedings of the 11th IEEE High Assurance Systems Engineering Symposium (HASE'08)},
year = {2008},
address = {Nanjing, China},
month = {3-5 Dec},
pages = {229-238}
} |
| 439 | Hossain Shahriar and Mohammad Zulkernine
Mutation-Based Testing of Buffer Overflow Vulnerabilities
Proceedings of the 2nd Annual IEEE International Workshop on Security in Software Engineering28 July -1 August, Turku, Finland 2008. |
|
| | Abstract: Buffer overflow (BOF) is one of the major vulnerabilities that leads to non-secure software.Testing an implementation for BOF vulnerabilities is challenging as the underlying reasons of buffer overflow vary widely. Moreover, the existing vulnerability testing approaches do not address the issue of generating adequate test data sets for testing BOF vulnerabilities. In this work, we apply the idea of mutation-based testing technique to generate adequate test data set for BOF vulnerabilities. Our work addresses those BOF vulnerabilities, which are related to an implementation language and its associated libraries. We apply the concept for ANSI Clanguage and its associated libraries. We propose 12 mutation operators to force the generation of adequate test data set for BOF vulnerabilities. The proposed operators are validated by using four open source programs. The results indicate that the proposed operators are effective for testing BOF vulnerabilities. |
| | @INPROCEEDINGS{ShahriarZ08a,
author = {Hossain Shahriar and Mohammad Zulkernine},
title = {Mutation-Based Testing of Buffer Overflow Vulnerabilities},
booktitle = {Proceedings of the 2nd Annual IEEE International Workshop on Security in Software Engineering},
year = {2008},
address = {28 July -1 August},
month = {Turku, Finland},
pages = {979-984}
} |
| 440 | Nicola Bombieri and Franco Fummi and Graziano Pravadelli
A Mutation Model for the SystemC TLM2.0 Communication Interfaces
Proceedings of the Conference on Design, Automation and Test in Europe (DATE'08)Munich, Germany, 10-14 March 2008. |
|
| | Abstract: Mutation analysis is a widely-adopted strategy in software testing with two main purposes: measuring the quality of test suites, and identifying redundant code in programs. Similar approaches are applied in hardware verification and testing too, especially at RTL or gate level, where mutants are generally referred as faults, and mutation analysis is performed by means of fault modeling and fault simulation. However, in modern embedded systems there is a close integration between HW and SW parts, and verification strategies should be applied early in the design flow. This requires the definition of new mutation analysis-based strategies that work at system level, where HW and SW functionalities are not partitioned yet. In this context, the paper proposes a mutation model for perturbing transaction level modeling (TLM) SystemC descriptions. In particular, the main constructs provided by the SystemC TLM 2.0 library have been analyzed, and a set of mutants is proposed to perturb the primitives related to the TLM communication interfaces. |
| | @INPROCEEDINGS{BombieriFP08,
author = {Nicola Bombieri and Franco Fummi and Graziano Pravadelli},
title = {A Mutation Model for the SystemC TLM2.0 Communication Interfaces},
booktitle = {Proceedings of the Conference on Design, Automation and Test in Europe (DATE'08)},
year = {2008},
address = {Munich, Germany},
month = {10-14 March},
pages = {396-401}
} |
