Upload File

testing 1…2…3

50
Testing 1…2…3... Gail Kaiser, Columbia University [email protected] April 18, 2013

Upload: tahir

Post on 14-Feb-2016

43 views

Category:

Documents


0 download

Report

DESCRIPTION

Testing 1…2…3. Gail Kaiser, Columbia University [email protected] April 18, 2013. Why do we test programs?. Comair cancels all 1,100 flights, cites problems with its computer. American Airlines grounds flights after computer outage. How do we know whether a test passes or fails?. - PowerPoint PPT Presentation

TRANSCRIPT

Software Testing of Applications without Test Oracles

Testing 123...Gail Kaiser, Columbia [email protected] 18, 2013#1Why do we test programs?

#

American Airlines grounds flights after computer outagePrius hybrids dogged by software

Report: Internal computer woes reportedly cause autos to stall or shut down at highway speeds.Comair cancels all 1,100 flights, cites problems with its computer#How do we know whether a test passes or fails?2 + 2 = 4

> Add(2,2)> qwertyuiop

#That was simple, lets try something harder

#Why is testing hard?The correct answer may not be known for all inputs how do we detect an error?Even when the correct answer could be known for all inputs, it is not possible to check all of them in advance how do we detect errors after release?Users will inevitably detect errors that the developers did not how do we reproduce those errors?#Problem 1: No test oracleConventional software testing checks whether each output is correct for the set of test inputs. But for some software, it is not known what the correct output should be for some inputs. How can we construct and execute test cases that will find coding errors even when we do not know whether the output is correct? This dilemma arises frequently for machine learning, simulation and optimization applications, often "Programs which were written in order to determine the answer in the first place. There would be no need to write such programs, if the correct answer were known." [Weyuker, 1982]#Problem 2: Testing after releaseConventional software testing checks whether each output is correct for the set of test inputs. But for most software, the development-lab testing process can not cover all inputs and/or internal states that can arise after deployment. How can we construct and execute test cases that operate in the states that occur during user operation, to continue to find coding errors without impacting the user? This dilemma arises frequently for continuously executing on-line applications, where users and/or interacting external software may provide unexpected inputs. #Problem 3: Reproducing errorsConventional software testing checks whether each output is correct for the set of test inputs. But for some (most?) software, even with rigorous pre and post deployment testing, users will inevitably notice errors that were not detected by the developers test cases. How can we construct and execute new test cases that reproduce these errors? This dilemma arises frequently for software with complex multi-part external dependencies (e.g., from users or network).#OverviewProblem 1 testing non-testable programsProblem 2 testing deployed programsProblem 3 reproducing failures in deployed programs#Problem 1: No test oracleConventional software testing checks whether each output is correct for the set of test inputs. But for some software, it is not known what the correct output should be for some inputs. How can we construct and execute test cases that will find coding errors even when we do not know whether the output is correct? Test oracles may exist for only a limited subset of the input domain and/or may be impractical to apply (e.g., cyberphysical systems).Obvious errors (e.g., crashes) can be detected with various testing techniques.However, it may be difficult to detect subtle computational defects for arbitrary inputs without true test oracles.#Traditional ApproachesPseudo oraclesCreate two independent implementations of the same program, compare the resultsFormal specificationsA complete specification is essentially a test oracle (if practically executable within a reasonable time period)An algorithm may not be a complete specificationEmbedded assertion and invariant checkingLimited to checking simple conditionsxff(x)#12Metamorphic TestingIf new test case output f(t(x)) is as expected, it is not necessarily correctHowever, if f(t(x)) is not as expected, either f(x) or f(t(x)) or both! is wrongxff(x)Initial test caset(x)ff(t(x))New test casetf(x) acts as apseudo-oraclefor f(t(x))Transformation function based onmetamorphic properties of f#13Metamorphic Testing ApproachMany non-testable programs have properties such that certain changes to the input yield predictable changes to the outputThat is, when we cannot know the relationship between an input and its output, it still may be possible to know relationships amongst a set of inputs and the set of their corresponding outputs Test the programs by determining whether these metamorphic properties [TY Chen, 1998] hold as the program runsIf the properties do not hold, then a defect (or an anomaly) has been revealed

#Metamorphic Runtime CheckingMost research only considers metamorphic properties of the entire application or of individual functions in isolationWe consider the metamorphic properties of individual functions and check those properties as the entire program is runningSystem testing approach in which functions metamorphic properties are specified with code annotationsWhen an instrumented function is executed, a metamorphic test is conducted at that point, using the current state and current function input (cloned into a sandbox)

#ExampleConsider a function to determine the standard deviation of a set of numbers

abcdefInitialinputcebafdNew testcase #12a2b2c2d2e2fNew testcase #2sstd_devstd_devstd_devs?2s?#16metamorphic testModel of ExecutionFunction f is about to be executed with input xCreate a sandbox forthe testExecute f(x)to get resultSend resultto testProgram continuesTransforminput toget t(x)Executef(t(x))CompareoutputsReportviolationsThe metamorphic test is conducted atthe same point in the program executionas the original function callThe metamorphic test runs in parallel withthe rest of the application (or later)#17Effectiveness Case StudiesComparison:Metamorphic Runtime CheckingUsing metamorphic properties of individual functionsSystem-level Metamorphic TestingUsing metamorphic properties of the entire applicationEmbedded AssertionsUsing Daikon-detected program invariants [Ernst]Mutation testing used to seed defectsComparison operators were reversedMath operators were changedOff-by-one errors were introducedFor each program, we created multiple versions, each with exactly one mutationWe ignored mutants that yielded outputs that were obviously wrong, caused crashes, etc.Goal is to measure how many mutants were killed#Applications InvestigatedMachine Learning Support Vector Machines (SVM): vector-based classifier C4.5: decision tree classifierMartiRank: ranking applicationPAYL: anomaly-based intrusion detection systemDiscrete Event SimulationJSim: used in simulating hospital ER Optimizationgaffitter: genetic algorithm approach to bin-packing problemInformation RetrievalLucene: Apache frameworks text search engine#19

Effectiveness Results#20Metamorphic Runtime Checking is only outperformed in one case (MartiRank), but overall is much more effective, as shown at the bottom.

Contributions and Future WorkImproved the way that metamorphic testing is conducted in practiceClassified types of metamorphic properties [SEKE08]Automated the metamorphic testing process [ISSTA09]Demonstrated ability to detect real defects in machine learning and simulation applications[ICST09; QSIC09; SEHC11]Increased the effectiveness of metamorphic testing Developed new technique: Metamorphic Runtime Checking

Open problem: Where do the metamorphic properties come from?

#OverviewProblem 1 testing non-testable programsProblem 2 testing deployed programsProblem 3 recording deployed programs#Problem 2: Testing after releaseConventional software testing checks whether each output is correct for the set of test inputs. But for most software, the development-lab testing process can not cover all inputs and/or internal states that can arise after deployment. How can we construct and execute test cases that operate in the states that occur during user operation, to continue to find coding errors without impacting the user? Re-running the development-lab test suite in each deployment environment helps with configuration options but does not address real-world usage patterns#Traditional ApproachesSelf-checking software is an old idea [Yau, 1975] Continuous testing, perpetual testing, software tomography, cooperative bug isolationCarefully managed acceptance testing, monitoring, analysis, profiling across distributed deployment sitesEmbedded assertion and invariant checkingLimited to checking conditions with no side-effects#24In Vivo Testing ApproachContinually test applications executing in the field (in vivo) as opposed to only testing in the development environment (in vitro)Conduct unit-level tests in the context of the full running applicationDo so with side-effects but without affecting the systems users Clone to a sandbox (or run later) Minimal run-time performance overhead

#In Vivo Testingint main ( ) { ... ... ... foo(x);test_foo(x);}#26metamorphic testMetamorphic Model of ExecutionFunction f is about to be executed with input xCreate a sandbox forthe testExecute f(x)to get resultSend resultto testProgram continuesTransforminput toget t(x)Executef(t(x))CompareoutputsReportviolationsThe metamorphic test is conducted atthe same point in the program executionas the original function callThe metamorphic test runs in parallel withthe rest of the application (or later)#27in vivo testIn Vivo Model of ExecutionFunction f is about to be executed with input xCreate a sandbox forthe testExecute f(x)to get resultProgram continues

Executetest_f()

ReportviolationsThe in vivo test is conducted atthe same point in the program executionas the original function callThe in vivo test runs in parallel withthe rest of the application (or later)#28Effectiveness Case StudiesTwo open source caching systems had known defects found by users but no corresponding unit testsOpenSymphony OSCache 2.1.1Apache JCS 1.3An undergraduate student created unit tests for the methods that contained the defectsThese tests passed in development environmentStudent then converted the unit tests to in vivo tests Driver simulated usage in a deployment environment

In Vivo testing revealed the defects, even though unit testing did notSome defects only appeared in certain states, e.g., when the cache was at full capacity

#29Performance EvaluationEach instrumented method has a set probability with which its test(s) will runTo avoid bottlenecks, can also configure:Maximum allowed performance overheadMaximum number of simultaneous testsConfig also specifies what actions to take when a test failsApplications investigatedSupport Vector Machines (SVM): vector-based classifier C4.5: decision tree classifierMartiRank: ranking applicationPAYL: anomaly-based intrusion detection system

#30Performance Results

#31Contributions and Future WorkA concrete approach to self-checking softwareAutomated the in vivo testing process [ICST09]Steps towards overhead reductionDistributed management: Each of the N members of an application community perform 1/Nth the testing [ICST08]Automatically detect previously tested application states [AST10]Has found real-world defects not found during pre-deployment testing

Open problem: Where do the in vivo tests come from?

#OverviewProblem 1 testing non-testable programsProblem 2 testing deployed programsProblem 3 recording deployed programs#Problem 3: Reproducing errorsConventional software testing checks whether each output is correct for the set of test inputs. But for some (most?) software, even with rigorous pre and post deployment testing, users will inevitably notice errors that were not detected by the developers test cases. How can we construct and execute new test cases that reproduce these errors? The user may not even know what triggered the bug.#

#Traditional ApproachesMozilla Crash Reporter

#Traditional Approaches

#Traditional ApproachesLog a stack trace at the time of failureLog the complete executionThis requires logging the result of every branch conditionAssures that the execution can be replayed, but has a very high overheadLog the complete execution of selected component(s)Only reduces overhead for pinpoint localizationThere are also many systems that focus on replaying thread interleavings#The Problem with Stack Traces

*Crashes*

Writes invalid value to diskReads from disk#The Problem with Stack TracesThe stack trace will only show Method 1, 3, and 4 not 2!How does the developer discern that the bug was caused by method 2?

#Non-determinism in SoftwareBugs are hard to reproduce because they appear non-deterministicallyExamples:Random numbers, current time/dateAsking the user for inputReading data from a shared database or shared filesInteractions with external software systemsInteractions with devices (gps, etc.)Traditional approaches that record this data do so at the system call level we do so at the API level to improve performance#Chronicler ApproachChronicler runtime sits between the application and sources of non-determinism at the API level, logging the resultsMany fewer API calls than system calls

#Model of ExecutionInstrument the application to log these non-deterministic inputs and create a replay-capable copy

#Chronicler Process

#Performance EvaluationDaCapo real-world workload benchmarkComparison to RecrashJ [Ernst], which logs partial method argumentsComputation heavy SciMark 2.0 benchmarkI/O heavy benchmark 2MB to 3GB files with random binary data and no linebreaks, using readLine to read into a string#45Performance Results

#Performance Results

SciMark Benchmark Results (Best Case)I/O Benchmark Results (Worst Case)#Contributions and Future WorkA low overhead mechanism for record-and-replay for VM-based languages [ICSE 13]A concrete, working implementation of Chronicler for Java: ChroniclerJ https://github.com/Programming-Systems-Lab/chroniclerj

Open problem: How do we maintain privacy of user data?

#Collaborators in Software Reliability Research at ColumbiaSoftware Systems Lab: Roxana Geambasu, Jason Nieh, Junfeng Yang With Geambasu: Replay for sensitive data With Nieh: Mutable replay extension of Chronicler With Yang: Infrastructure for testing distributionInstitute for Data Sciences and Engineering Cybersecurity Center: Steve Bellovin, Angelos Keromytis, Tal Malkin, Sal Stolfo, et al.With Malkin: Differential privacy for recommender systemsComputer Architecture and Security Technology Lab: Simha SethumadhavanAdapting legacy code clones to leverage new microarchitecturesBionet Group: Aurel LazarMutable record and replay for Drosophila (fruit fly) brain modelsColumbia Center for Computational Learning: cast of thousandsWith Roger Anderson: Monitoring smart grid, green skyscrapers, electric cars,

#

#Chart46970953023896066100100100100205100809810082100951009191

Embedded AssertionsSystem-level Metamorphic TestingMetamorphic Runtime Checking% of mutants killed

Sheet1Niche OracleEmbedded AssertionsSystem-level Metamorphic TestingMetamorphic Runtime CheckingTOTAL65697095gaffitter21302389Lucene736066100JSim66100100100PAYL30205100SVM918098100MartiRank688210095C4.5781009191

Sheet1

Niche OracleEmbedded AssertionsSystem-level Metamorphic TestingMetamorphic Runtime Checking% of mutants killed

Sheet2

Sheet3


TITLE HUMAN RESOURCES DEPARTMENT CHAPTER 2 Testing and Examinations PART 3 Police ... · TITLE HUMAN RESOURCES DEPARTMENT CHAPTER 2 Testing and Examinations PART 3 Police Department

3g Testing Ver 3(2)._moving

Introduction to Software Testing Chapter 3, Sec# 1 & 2 ...zasharif/Web/SE430/Slides/Ch3-1-2-overviewLogicEx... · Introduction to Software Testing Chapter 3, Sec# 1 & 2 ... •The

Test Catalogue - centogene.azureedge.net · 12.08.2020  · Page 3 V74_August 2020 1 Hotspot Testing 2 Carrier Testing (point mutation) 3 Carrier Testing (del/dup) 4 Single Gene Sequencing

F2 population x 2. F2 population x 2 Progeny testing x 3

1. INTRODUCTION 2 2. COVERAGE REQUIREMENTS AND TESTING 3 3

RESTful (web services) API PERFORMANCE TESTING · 2. API Performance Testing • Load Testing • Stress Testing . 3. Challenges • Following is the list of different activities

Yelp Tech Talks: Mobile Testing 1, 2, 3

It's All About Software Testing...It's All About Software Testing. 2 Situation: Perspective of Unit Testing and Functional System Testing. 3 Goal: Joined Perspective of Testing Introduction

Testing of Dronten. Je mag er zijn Testing 1.Organisation 2.Justification testing 3.Teaching methods 4.Testing results

8120 Programming 2: Testing and Debugging 2 & 3 Dr Mike Brayshaw

1 2 3 Testing, Testing Who Has Been Left Behind?

Agile Testing Days November 2011, Potsdam...2. Collaborative automation, when your testing activities are not keeping up 3. Experiment different testing approaches for common testing

Design-testing 2 3

Testing 1…2…3

Load Testing User’s Guide Release 13.3.0iv 3.1.1 Installing Oracle Load Testing 3-1 3.1.2 Preconditions for Using Functional Testing Scripts 3-2 3.1.3 Popup Blockers

Testing , testing, 1, 2, 3 · Testing , testing, 1, 2, 3 .. Who is L̶o̶a̶n̶a̶ Ioana Chiorean? 2 I am a QA Team Lead acting as PM now Mozillian for more than 9 years now I volunteer

Testing,Testing 1, 2, 3!€¦ · Testing,Testing 1, 2, 3! How to Study and Take Tests! hat’s the best thing about school? Write your answer on this line" If you wrote "tests" on

Testing, Testing 1, 2, 3 - dribin.org · 2012-09-09 · Testing, Testing... 1, 2, 3 Dave Dribin Black Solid BitMaki Logomarks 1 Color: Deep Green Design: MakaluMedia • [email protected]

Amateur Extra Licensing Class Presented by W5YI Arlington, Texas Test Gear, Testing, Testing 1, 2, 3

Bayesian Measurement Invariance Testing€¦ · Outline Overview 1 Bayesian Measurement Invariance Testing 2 Conditional Modelling/Testing Approach Random Item Parameters 3 Marginal

IC TESTING. FUNDAMENTALS OF ELECTRICAL TESTING 1. What Is Electrical Testing? 2. Why Is Electrical Testing Necessary? 3. Anatomy of System-Level Electrical

Introduction to Software Testing Chapter 3, Sec# 1 & 2

Grade1 Testing and Evaluation Starter.unit Unit.1 2 3

Q - · PDF fileBlack-box testing B. Equivalence class partitioning 2. System testing C. Volume testing 3. White-box testing ... Backtracking 2. Greed method 3

Nondestructive Testing and Data Analysis Module 2-3

“Testing For Real, Testing For Now” Effective Test ...€¦ · Test automation scenarios time total cost / effort 1. manual testing 2. effective automated testing 3. less effective

g CopyBootle wnload1. Do 2. Printtestingtesting.org.uk/temp/vol-2/Testing-Testing-v2... · 2016. 11. 30. · Testing, Testing Testing, Testing vol. 2 Dialogue Dialoge Bernadette O

1- Improve Efficiency 2- Minimize Testing Costs 3- Improve

EMC testing: Part 2 - Conducted emissions · EMC testing: Part 2 - Conducted emissions. EMC testing ... Radiated emissions 2) Conducted emissions 3) Fast transient burst, surge, electrostatic

UNIT 2 BOUNDARY VALUE TESTING, EQUIVALENCE CLASS TESTING, DECISION TABLE- BASED TESTING · 2018. 3. 21. · UNIT 2 BOUNDARY VALUE TESTING, EQUIVALENCE CLASS TESTING, DECISION TABLE-

“Testing, Testing,…1, 2, 3”

Software Testing 101 - Vector · Software Testing 101. 2 1. Software Quality 2. Software Testing Levels 3. Questions and Answers Agenda. 3 Definition of Software Quality Software

Testing, Testing 1, 2, 3 - dribin.org … · Testing, Testing... 1, 2, 3 Dave Dribin – @ddribin Black Solid BitMaki Logomarks 1 Color: Deep Green Design: MakaluMedia • [email protected]

Automated Interoperability Testing with TTCN-3 2/session 3...Automated Interoperability Testing with TTCN-3 How to increase efficiency Theofanis Vassiliou-Gioles (Testing Technologies)