Blogs (1) >>
ASE 2019
Sun 10 - Fri 15 November 2019 San Diego, California, United States
ASE 2019 (series) / Research Papers /

Automatic Self-Validation for Code Coverage Profilers

Yibiao Yang, Yanyan Jiang, Zhiqiang Zuo, Yang Wang, Hao Sun, Hongmin Lu, Yuming Zhou, Baowen Xu
ASE 2019 Research Papers
Tue 12 Nov 2019 10:40 - 11:00 at Cortez 1 - Testing and Coverage Chair(s): Jonathan Bell

Code coverage as the primitive dynamic program behavior information, is widely adopted to facilitate a rich spectrum of software engineering tasks, such as testing, fuzzing, debugging, fault detection, reverse engineering, and program understanding. Thanks to the widespread applications, it is crucial to ensure the reliability of the code coverage profilers.

Unfortunately, due to the lack of research attention and the existence of testing oracle problem, the coverage profilers are far away from being tested sufficiently. Bugs are still regularly seen in the widely deployed profilers, like gcov and llvm-cov, along with gcc and llvm, respectively.

This paper proposes Cod, a fully automated self-validator for effectively uncovering bugs in the coverage profilers. Cod takes a single profiler and a program (either from a compiler’s test suite or generated randomly) as input and uncovers the bugs by identifying the inconsistency of coverage results from the input program and its equivalent mutated variants whose coverage statistics are expected to be identical.

We evaluated Cod over two of the most well-known code coverage profilers, namely gcov and llvm-cov. Within a fourmonth testing period, a total of 196 potential bugs (123 for gcov, 73 for llvm-cov) are found, among which 23 are confirmed by the developers.

http://ics.nju.edu.cn/spar/publication/yang_automatic_2019.pdf
Yibiao Yang
Yibiao Yang
Huazhong University of Science and Technology
China
Yanyan Jiang
Yanyan Jiang
Nanjing University
China
Zhiqiang Zuo
Zhiqiang Zuo
Nanjing University, China
China
small-avatar
Yang Wang
Nanjing University
China
small-avatar
Hao Sun
Unaffiliated
China
small-avatar
Hongmin Lu
Nanjing University
small-avatar
Yuming Zhou
Nanjing University
small-avatar
Baowen Xu
Nanjing University

Tue 12 Nov

ase-2019-paper-presentations
10:40 - 12:20: Papers - Testing and Coverage at Cortez 1
Chair(s): Jonathan BellGeorge Mason University
ase-2019-papers10:40 - 11:00
Talk		Automatic Self-Validation for Code Coverage Profilers
Yibiao YangHuazhong University of Science and Technology, Yanyan JiangNanjing University, Zhiqiang ZuoNanjing University, China, Yang WangNanjing University, Hao SunUnaffiliated, Hongmin LuNanjing University, Yuming ZhouNanjing University, Baowen XuNanjing University
Pre-print
ase-2019-papers11:00 - 11:20
Talk		Efficient Test Generation Guided by Field Coverage Criteria
Ariel GodioDept. of Software Engineering Instituto Tecnológico de Buenos Aires, Valeria BengoleaDept. of Computer Science FCEFQyN, University of Rio Cuarto, Pablo PonzioDept. of Computer Science FCEFQyN, University of Rio Cuarto, Nazareno AguirreDept. of Computer Science FCEFQyN, University of Rio Cuarto, Marcelo F. FriasDept. of Software Engineering Instituto Tecnológico de Buenos Aires
ase-2019-Journal-First-Presentations11:20 - 11:40
Talk		Exploring Output-Based Coverage for Testing PHP Web Applications
Hung Viet NguyenGoogle LLC, USA, Hung Dang PhanECpE Department, Iowa State University, Christian KästnerCarnegie Mellon University, Tien N. NguyenUniversity of Texas at Dallas
Link to publication
ase-2019-Industry-Showcase11:40 - 12:00
Talk		PHANTA: Diversified Test Code Quality Measurement for Modern Software Development
Susumu TokumotoFujitsu Laboratories Ltd., Kuniharu TakayamaFujitsu Laboratories Ltd.
Media Attached
ase-2019-Demonstrations12:00 - 12:10
Demonstration		TestCov: Robust Test-Suite Execution and Coverage Measurement
Dirk BeyerLMU Munich, Thomas LembergerLMU Munich
Pre-print Media Attached File Attached
ase-2019-Demonstrations12:10 - 12:20
Demonstration		VisFuzz: Understanding and Intervening Fuzzing with Interactive Visualization
Chijin ZhouTsinghua University, Mingzhe WangTsinghua University, Jie LiangTsinghua University, Zhe LiuNanjing University of Aeronautics and Astronautics, Chengnian SunWaterloo University, Yu JiangTsinghua University

Automatic Self-Validation for Code Coverage Profilers Research Papers

Session: Testing and Coverage Chair(s): Jonathan BellGeorge Mason University

Code coverage as the primitive dynamic program behavior information, is widely adopted to facilitate a rich spectrum of software engineering tasks, such as testing, fuzzing, debugging, fault detection, reverse engineering, and program understanding. Thanks to the widespread applications, it is crucial to ensure the reliability of the code coverage profilers.

Unfortunately, due to the lack of research attention and the existence of testing oracle problem, the coverage profilers are far away from being tested sufficiently. Bugs are still regularly seen in the widely deployed profilers, like gcov and llvm-cov, along with gcc and llvm, respectively.

This paper proposes Cod, a fully automated self-validator for effectively uncovering bugs in the coverage profilers. Cod takes a single profiler and a program (either from a compiler’s test suite or generated randomly) as input and uncovers the bugs by identifying the inconsistency of coverage results from the input program and its equivalent mutated variants whose coverage statistics are expected to be identical.

We evaluated Cod over two of the most well-known code coverage profilers, namely gcov and llvm-cov. Within a fourmonth testing period, a total of 196 potential bugs (123 for gcov, 73 for llvm-cov) are found, among which 23 are confirmed by the developers.

Yibiao Yang
Yibiao Yang
Huazhong University of Science and Technology
China
Yanyan Jiang
Yanyan Jiang
Nanjing University
China
Zhiqiang Zuo
Zhiqiang Zuo
Nanjing University, China
China
small-avatar
Yang Wang
Nanjing University
China
small-avatar
Hao Sun
Unaffiliated
China
small-avatar
Hongmin Lu
Nanjing University
small-avatar
Yuming Zhou
Nanjing University
small-avatar
Baowen Xu
Nanjing University
All Details Close

Efficient Test Generation Guided by Field Coverage Criteria Research Papers

Session: Testing and Coverage Chair(s): Jonathan BellGeorge Mason University

Field-exhaustive testing is a testing criterion suitable for object-oriented code over complex, heap-allocated, data structures. It requires test suites to contain enough test inputs to cover all feasible values for object’s fields within a certain scope (input-size bound). While previous work shows that field-exhaustive suites can be automatically generated, the generation technique required a formal specification of the inputs that can be subject to SAT-based analysis. Moreover, the restriction of producing all feasible values for inputs’ fields makes test generation costly.

In this paper, we deal with field coverage as testing criteria that measure the quality of a test suite by examining to what extent the values of inputs’ fields are covered. In particular, we consider field coverage in combination with test generation based on symbolic execution to produce underapproximations of field-exhaustive suites, using the Symbolic Pathfinder tool. To underapproximate these suites we use tranScoping, a technique that estimates characteristics of yet to be run analyses for large scopes, based on data obtained from analyses performed in small scopes. This provides us with a suitable condition to prematurely stop the symbolic execution.

As we show, tranScoping different metrics regarding field coverage allows us to produce significantly smaller suites using a fraction of the generation time. All this while retaining the effectiveness of field exhaustive suites in terms of test suite quality.

small-avatar
Ariel Godio
Dept. of Software Engineering Instituto Tecnológico de Buenos Aires
small-avatar
Valeria Bengolea
Dept. of Computer Science FCEFQyN, University of Rio Cuarto
small-avatar
Pablo Ponzio
Dept. of Computer Science FCEFQyN, University of Rio Cuarto
Nazareno Aguirre
Nazareno Aguirre
Dept. of Computer Science FCEFQyN, University of Rio Cuarto
Argentina
small-avatar
Marcelo F. Frias
Dept. of Software Engineering Instituto Tecnológico de Buenos Aires
All Details Close

Exploring Output-Based Coverage for Testing PHP Web Applications Journal First Presentations

Session: Testing and Coverage Chair(s): Jonathan BellGeorge Mason University

In software testing, different testers focus on different aspects of the software such as functionality, performance, design, and other attributes. While many tools and coverage metrics exist to support testers at the code level, not much support is targeted for testers who want to inspect the output of a program such as a dynamic web application. To support this category of testers, we propose a family of output-coverage metrics (similar to statement, branch, and path coverage metrics on code) that measure how much of the possible output has been produced by a test suite and what parts of the output are still uncovered. To do that, we first approximate the output universe using our existing symbolic execution technique. Then, given a set of test cases, we map the produced outputs onto the output universe to identify the covered and uncovered parts and compute output-coverage metrics. In our empirical evaluation on seven real-world PHP web applications, we show that selecting test cases by output coverage is more effective at identifying presentation faults such as HTML validation errors and spelling errors than selecting test cases by traditional code coverage. In addition, to help testers understand output coverage and augment test cases, we also develop a tool called WebTest that displays the output universe in one single web page and allows testers to visually explore covered and uncovered parts of the output.

Link to Publication: https://www.cs.cmu.edu/~ckaestne/pdf/jase18.pdf

small-avatar
Hung Viet Nguyen
Google LLC, USA
small-avatar
Hung Dang Phan
ECpE Department, Iowa State University
Christian Kästner
Christian Kästner
Carnegie Mellon University
United States
Tien N. Nguyen
Tien N. Nguyen
University of Texas at Dallas
United States
All Details Close

PHANTA: Diversified Test Code Quality Measurement for Modern Software Development Industry Showcase

Session: Testing and Coverage Chair(s): Jonathan BellGeorge Mason University

Test code is becoming more essential to the modern software development process. However, practitioners often pay inadequate attention to key aspects of test code quality, such as bug detectability, maintainability and speed. Existing tools also typically report a single test code quality measure, such as code coverage, rather than a diversified set of metrics. To measure and visualize quality of test code in a comprehensive fashion, we developed an integrated test code analysis tool called Phanta. In this show case, we posit that the enhancement of test code quality is key to modernizing software development, and show how Phanta’s techniques measure the quality using mutation analysis, test code clone detection, and so on. Further, we present an industrial case study where Phanta was applied to analyze test code in a real Fujitsu project, and share lessons learned from the case study.

Susumu Tokumoto
Susumu Tokumoto
Fujitsu Laboratories Ltd.
Japan
small-avatar
Kuniharu Takayama
Fujitsu Laboratories Ltd.
All Details Close

TestCov: Robust Test-Suite Execution and Coverage Measurement Demonstrations

Session: Poster Session: Tool Demonstrations 2, Testing and Coverage Chair(s): Jonathan BellGeorge Mason University

We present TestCov, a tool for robust test-suite execution and test-coverage measurement on C programs. TestCov executes program tests in isolated containers to ensure system integrity and reliable resource control. The tool provides coverage statistics per test and for the whole test suite. TestCov uses the simple, XML-based exchange format for test-suite specifications that was established as standard by Test-Comp. TestCov has been successfully used in Test-Comp ’19 to execute almost 9 million tests on 1720 different programs. The source code of TestCov is released under the open-source license Apache 2.0 and available at https://gitlab.com/sosy-lab/software/test-suite-validator. A full artifact, including a demonstration video, is available at https://doi.org/10.5281/zenodo.3418726.

Dirk Beyer
Dirk Beyer
LMU Munich
Germany
Thomas Lemberger
Thomas Lemberger
LMU Munich
Germany
All Details Close

VisFuzz: Understanding and Intervening Fuzzing with Interactive Visualization Demonstrations

Session: Poster Session: Tool Demonstrations 3, Testing and Coverage Chair(s): Jonathan BellGeorge Mason University

Fuzzing is widely used for vulnerability detection. One of the challenges for an efficient fuzzing is covering code guarded by constraints such as the magic number and nested conditions. Recently, academia has partially addressed the challenge via whitebox methods. However, high-level constraints such as array sorts, virtual function invocations, and tree set queries are yet to be handled.

To meet this end, we present VisFuzz, an interactive tool for better understanding and intervening fuzzing process via real-time visualization. It extracts call graph and control flow graph from source code, maps each function and basic block to the line of source code and tracks real-time execution statistics with detail constraint contexts. With VisFuzz, test engineers first locate blocking constraints and then learn its semantic context, which helps to craft targeted inputs or update test drivers. Preliminary evaluations are conducted on four real-world programs in Google fuzzer-test-suite. Given additional 15 minutes to understand and intervene the state of fuzzing, the intervened fuzzing outperform the original pure AFL fuzzing, and the path coverage improvements range from 10.84% to 150.58%, equally fuzzed by for 12 hours.

small-avatar
Chijin Zhou
Tsinghua University
small-avatar
Mingzhe Wang
Tsinghua University
small-avatar
Jie Liang
Tsinghua University
small-avatar
Zhe Liu
Nanjing University of Aeronautics and Astronautics
Chengnian Sun
Chengnian Sun
Waterloo University
small-avatar
Yu Jiang
Tsinghua University
All Details Close