Fanping Zeng

Test Case Generation Based on Invariant Extraction

Software testing is an effective way to find software errors. Generating a good test suite is the key. A program invariant is a property that is true at a particular program point or points. The property could reflect the programs execution over a test suite. Based on this point, we integrate the random test case generation technique and the invariant extraction technique, achieving automatic test case generation and selection. With the same invariants, compared with the traditional random test case generation technique, the experimental results show that the approach this paper describes can generate a smaller test suite.

Test Case Reduction Based on Program Invariant and Genetic Algorithm

Test case reduction is the focus of the field of software testing. In this paper, we integrate random testing methods, invariant technology and genetic algorithms for test case reduction. Program invariant here refers to the properties at some points of program, it can reveal the extent of program data coverage and other valuable information. We evaluate the parent program invariants to filter corresponding set of test cases, and keep the better ones on the offspring. Generation by generation, we can get the final reduced set of test cases. This method is easy to automate. Experimental results and analysis show that compared to similar methods, at the same coverage conditions, the method proposed in this paper have higher efficiency and can get better set of test cases.

Research on Method of Object-Oriented Test Cases Generation Based on UML and LTS

We present a novel method of Object-Oriented test case generation based on UML state diagrams and Label Transition System (LTS). The procedure is based on model-based testing techniques with test cases generated from UML state diagrams translated into LTS. UML state diagram can be a model of modeling software system. LTS model is an internal model to precisely represent the state transition. The examples and analysis show that our method is effective.

Research on Test Suite Reduction Using Attribute Relevance Analysis

Essence of software testing is to choose a representative value (known as test case) from the input to perform the programs under test. The actual results of the programs will be checked to verify the consistency with the expected ones. If the results are different, it should take some correction and adjustment correspondingly. The existing method for test suite generation is mainly based on the test requirements which are related to the given testing objectives. It generates the test suites directly. Inevitably, some data in those suites may be redundant and need to be reduced. In fact, test case selection is to make effective partition within the input, and then generate the cases of high-performance. Based on the conception of partition, this paper presents a method of test suite reduction by using data classification techniques which are introduced in data mining. This method tries to use attribute relevance analysis to find the interrelations of all attributes in test requirements, and then reduce the test suite with the most appropriate attributes and values.

Assertion-Directed Test Case Generation

How to effectively generate test cases is the key to software testing. In our previous research, we applied the program dynamic invariant as feedback to guide test case generation, and that can reduce the redundancy and improve the coverage effectively. However, the repeated extraction of program dynamic invariants significantly increased the burden of test case generation. To address this issue, we present a novel technique that automatically converts program dynamic invariant into assertion and then make use of the assertion to direct the process of test case generation. If the new test case does not violate the assertion (that means the new test case will change the program invariant), then the new case is a valid test case, otherwise it is a redundant invalid test case. This method can avoid the repetition of extracting the same program invariant. Our experimental results indicate that, while not reducing the quality of the generated test cases, the assertion-directed method can greatly reduce the time cost of test case generation.

Mutation-Based Testing of Integer Overflow Vulnerabilities

Integer overflow vulnerability is a kind of common software vulnerabilities, there has been no effective way to detect integer overflow vulnerabilities. Because of the lack of dynamic execution, static analysis can not determine the run-time distribution of memory, and may miss the detection of possible security issues; source code auditing is an expensive and time consuming process. Although there has been applying mutation analysis for testing ANSI C programs, and lots of mutation operators have been designed with respect to specific questions, there are not any of operators specifically designed for integer overflow. In this paper, we propose some new mutation operators to force the generation of adequate test data set for integer overflow vulnerabilities. The results indicate that the proposed operators are effective for detecting integer overflow vulnerabilities.

Vulnerability Testing of Software Using Extended EAI Model

Software testing, throughout the development life cycle of software, is one of the important ways to ensure the quality of software. Model-based software testing technology and tools have higher degree of automation, as well as efficiency of testing. They also can detect vulnerabilities that other technologies are difficult to do. So they are widely used. This paper presents an extended EAI model (Extended Environment-Application Interaction Model), and does further research for vulnerability testing based on the model. Extended EAI model inherits the methodology of anomalies simulation of the original one. In order to monitor and control the process under test, we give an idea of introducing artificial intelligence technology and status feedback into the model, and also try to use virtual execution technology for testing. We use this technique based on the Extended EAI model to experiment on Internet work Operation System (IOS) software, and detect that some services of certain protocols running in IOS software have vulnerabilities. So the experimental results indicate that our method is feasible.

Fault Injection Technology for Software Vulnerability Testing Based on Xen

Fault injection technology devotes an efficient way for verifying fault tolerance of computer and detecting the vulnerability of software system. In this paper, we present a Xen-based fault injection technology for software vulnerability test (XFISV) in order to build an efficient and general-purpose software test model, which injects faults into interactive layer between software applications and their environments. This technology has two main contributions: First, detecting the software vulnerability according to this model needs less number of fault test cases. Second, this model enhances the flexibility and the robustness of the fault injection tools with economical resource cost.

Privilege Escalation Detecting in Android Applications

As the most popular mobile operating system, there are large amount of applications developed for Android. Considering security issues, developers are forced to declare relative permissions in manifest file when they need to use sensitive APIs. With the ability of inter-component communication (ICC) provided by Android, malicious applications can indirectly call sensitive APIs through components exposed by other applications, leading to privilege escalation. To address this problem, we propose a method to detect this kind of privilege escalation between two applications. First, we compare the permission sets of both applications. Then, if necessary we identify call links between two applications and perform inter-application control flow analysis. Finally, according to the result of control flow analysis, we can judge whether the privilege escalation exists. As the experiment result shows, our method can accurately detect privilege escalation between two applications.

A Search Strategy Guided by Uncovered Branches for Concolic Testing

Test generation plays an important role in software testing. Concolic testing runs concrete executions on programs simultaneously with symbolic executions. It faces the same problem as symbolic execution when generating test inputs, namely the combinatorial explosion of the path space. Most of the existing approaches can search only a fraction of the path space. Therefore, how to cover as many branches as possible with a few test inputs becomes an important research issue. Upon this issue, the paper proposes a heuristic search strategy based on inter-procedural control flow graph. The proposed strategy calculates the approximate mathematic expectation of uncovered branches. Then this expectation guides the search process to select the optimal branch to form a path condition. According to the path condition, the test input that may cover a large number of uncovered branches is generated. Experiments on three classes of test benchmarks show that, compared to the other strategies, the proposed strategy can significantly reduce the number of test inputs for covering reachable branches, and achieve high branch coverage quickly.