Jinfu Chen

Adapting ant colony optimization to generate test data for software structural testing

Abstract In general, software testing has been viewed as an effective way to improve software quality and reliability. However, the quality of test data has a significant impact on the fault-revealing ability of software testing activity. Recently, search-based test data generation has been treated as an operational approach to settle this difficulty. In the paper, the basic ACO algorithm is reformed into discrete version so as to generate test data for structural testing. First, the technical roadmap of combining the adapted ACO algorithm and test process together is introduced. In order to improve algorithm׳s searching ability and generate more diverse test inputs, some strategies such as local transfer, global transfer and pheromone update are defined and applied. The coverage for program elements is a special optimization objective, so the customized fitness function is constructed in our approach through comprehensively considering the nesting level and predicate type of branch. To validate the effectiveness of our ACO-based test data generation method, eight well-known programs are utilized to perform the comparative analysis. The experimental results show that our approach outperforms the existing simulated annealing and genetic algorithm in the quality of test data and stability, and is comparable to particle swarm optimization-based method. In addition, the sensitivity analysis on algorithm parameters is also employed to recommend the reasonable parameter settings for practical applications.

Generating Test Data for Structural Testing Based on Ant Colony Optimization

Software testing has been always viewed as an effective way to ensure software quality both in academic and industry. In fact, the quality of test data set plays a critical role in the success of software testing activity. According to the basic line of search-based software testing, we introduced ant colony optimization (ACO) to settle this problem and proposed a framework of ACO-based test data generation. In our algorithm TDG_ACO, the local transfer rule, global transfer rule and pheromone update rule are re-defined to handle the continuous input domain searching. Meanwhile, the most widely-used coverage criterion, i.e., branch coverage, is adopted to construct fitness function. In order to validate the feasibility and effectiveness of our method, five real-world programs are utilized to perform experimental analysis. The results show that our algorithm outperforms the existing simulated annealing and genetic algorithm in most cases.

Search-based QoS ranking prediction for web services in cloud environments

Unlike traditional quality of service (QoS) value prediction, QoS ranking prediction examines the order of services under consideration for a particular user. To address this NP-Complete problem, greedy strategy-based solutions, such as CloudRank algorithm, have been widely adopted. However, they can only produce locally approximate solutions. In this paper, we propose a search-based prediction framework to address the QoS ranking problem. The traditional particle swarm optimization (PSO) algorithm has been adapted to optimize the order of services according to their QoS records. In real situations, QoS records for a given consumer are often incomplete, so the related data from close neighbour users is often used to determine preference relations among services. In order to filter the neighbours for a specific user, we present an improved method for measuring the similarity between two users by considering the occurrence probability of service pairs. Based on the similarity computation, the top- k neighbours are selected to provide QoS information support for evaluation of the service ranking. A fitness function for an ordered service sequence is defined to guide search algorithm to find high-quality ranking results, and some additional strategies, such as initial solution selection and trap escaping, are also presented. To validate the effectiveness of our proposed solution, experimental studies have been performed on real-world QoS data, the results from which show that our PSO-based approach has a better ranking for services than that computed by the existing CloudRank algorithm, and that the improvement is statistically significant, in most cases. An improved similarity measurement for two ranked sequences is proposed.A new solution for predicting QoS ranking is proposed by adopting PSO algorithm.The PSO-based QoS ranking prediction algorithm is better than CloudRank.

Prioritizing Variable-Strength Covering Array

Combinatorial interaction testing is a well-studied testing strategy, and has been widely applied in practice. Combinatorial interaction test suite, such as fixed-strength and variable-strength interaction test suite, is widely used for combinatorial interaction testing. Due to constrained testing resources in some applications, for example in combinatorial interaction regression testing, prioritization of combinatorial interaction test suite has been proposed to improve the efficiency of testing. However, nearly all prioritization techniques may only support fixed-strength interaction test suite rather than variable-strength interaction test suite. In this paper, we propose two heuristic methods in order to prioritize variable-strength interaction test suite by taking advantage of its special characteristics. The experimental results show that our methods are more effective for variable-strength interaction test suite by comparing with the technique of prioritizing combinatorial interaction test suites according to test case generation order, the random test prioritization technique, and the fixed-strength interaction test suite prioritization technique. Besides, our methods have additional advantages compared with the prioritization techniques for fixed-strength interaction test suite.

Prioritization of combinatorial test cases by incremental interaction coverage

Combinatorial testing is a well-recognized testing method, and has been widely applied in practice. To facilitate analysis, a common approach is to assume that all test cases in a combinatorial test suite have the same fault detection capability. However, when testing resources are limited, the order of executing the test cases is critical. To improve testing cost-effectiveness, prioritization of combinatorial test cases is employed. The most popular approach is based on interaction coverage, which prioritizes combinatorial test cases by repeatedly choosing an unexecuted test case that covers the largest number on uncovered parameter value combinations of a given strength (level of interaction among parameters). However, this approach suffers from some drawbacks. Based on previous observations that the majority of faults in practical systems can usually be triggered with parameter interactions of small strengths, we propose a new strategy of prioritizing combinatorial test cases by incrementally adjusting the strength values. Experimental results show that our method performs better than the random prioritization technique and the technique of prioritizing combinatorial test suites according to test case generation order, and has better performance than the interaction-coverage-based test prioritization technique in most cases.

A Web services vulnerability testing approach based on combinatorial mutation and SOAP message mutation

The testing of Web services is an essential aspect of their quality assurance, however, because this testing often involves injecting only one mutant at one time, some vulnerability faults cannot be detected. To address this, the current paper presents a set of mutation operators that can be combined and defines the corresponding combinatorial strategies based on data perturbation and combinatorial testing. Based on this, multiple mutants can be injected at one time to help uncover interactive faults. To improve testing efficiency and effectiveness, a combinatorial testing approach focusing on Web service vulnerability is proposed: Firstly, initial test data are generated with perturbation techniques based on Web Services Description Language documents and Simple Object Access Protocol messages. Then, a combinatorial testing cases generation (CTCG) algorithm is used to generate the final combinatorial test data according to the proposed strategies. Furthermore, for some special Web services in which there is only one parameter or one method in service interface, a fuzzy mutation approach algorithm, as a complementary approach to CTCG, is also proposed. Finally, some testing experiments are conducted to verify the effectiveness of the proposed approaches in an integrated testing platform. The experiments show that proposed approaches are both feasible and effective: They can find more vulnerability faults than the traditional approaches.

Adaptive random prioritization for interaction test suites

Combinatorial interaction testing (CIT), a black-box testing method, has been well studied in recent years. It aims at constructing an effective interaction test suites, so as to identify the faults that are caused by interactions among parameters. After interaction test suites are generated by CIT, the execution order of test cases in the test suite becomes critical due to limited testing resources. To determine test case order, the prioritization of interaction test suites has been employed. As we know, random prioritization (RP) of test cases has been considered as simple but ineffective. Existing research unveils that adaptive random prioritization (ARP) of test cases is an alternative and promising candidate that may replace RP. However, previous ARP techniques may not be used to prioritize interaction test suites due to the lack of source-code-related information in interaction test suite, such as statement coverage, function coverage, or branch coverage. In this paper, we not only propose the ARP strategy in order to prioritize interaction test suites by using interaction coverage information, without the source-code-related information, but also unify the RP strategy and traditional interaction-coverage based prioritization strategy (ICBP). Additionally, simulation studies indicate that the ARP strategy performs better than the RP strategy, test-case-generation prioritization, and reverse test-case-generation prioritization, and can also be more time-saving than ICBP while greatly maintaining similar, or even better, effectiveness.

An approach of security testing for third-party component based on state mutation

It is essential to study an effective approach of security testing for third-party component. In this paper, to effectively trigger implicit vulnerabilities of third-party components, an approach of security testing for third-party component is proposed based on state mutation. To start with, executable method sequences of components are transformed into extended finite state machine. Then, according to characteristics of condition conflict and behavior conflict, two test case generation algorithms are addressed, that is, Operations Conflict Sequences Generation Algorithm and Conditions Conflict Sequences Generation Algorithm, which are designed to generate inaccessible sequences of behavior and condition conflicts. These conflict sequences are run. Furthermore, the security detecting algorithms are addressed to detect implicit vulnerabilities of third-party components, and then, testing report of component security is obtained. In the end, some experiments are conducted on the basis of the proposed approach, and the experimental results show that the proposed approach can effectively detect security exceptions of third-party components. Copyright

Worst-input mutation approach to web services vulnerability testing based on SOAP messages

The growing popularity and application of Web services have led to an increase in attention to the vulnerability of software based on these services. Vulnerability testing examines the trustworthiness, and reduces the security risks of software systems, however such testing of Web services has become increasing challenging due to the cross-platform and heterogeneous characteristics of their deployment. This paper proposes a worst-input mutation approach for testing Web service vulnerability based on SOAP (Simple Object Access Protocol) messages. Based on characteristics of the SOAP messages, the proposed approach uses the farthest neighbor concept to guide generation of the test suite. The test case generation algorithm is presented, and a prototype Web service vulnerability testing tool described. The tool was applied to the testing of Web services on the Internet, with experimental results indicating that the proposed approach, which found more vulnerability faults than other related approaches, is both practical and effective.

An effective long string searching algorithm towards component security testing

In the execution of method invocation sequences to test component security, abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log, the exceptions that the component has can be determined. To facilitate the searching process, string searching methods could be employed. However, current approaches are not effective enough to search long pattern string. In order to mine the specific information with less number of matches, we proposed an improved Sunday string searching algorithm in this paper. Unlike Sunday algorithm which does not make use of the already matched characters, the proposed approach presents two ideas - utilizing and recycling these characters. We take advantage of all matched characters in main string, if they are still in the matchable interval compared with pattern string, to increase the distance that pattern string moves backwards. Experimental analysis shows that, compared to Sunday algorithm, our method could greatly reduce the matching times, if the scale of character set constituting both main string and pattern string is small, or if the length of pattern string is long. Also, the proposed approach can improve the search effectiveness for abnormal information in component security testing.