UC Marco Vieira University of Coimbra

Slides:



Advertisements
Similar presentations
Verification and Validation
Advertisements

Testing and Quality Assurance
Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz
Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
July 11 th, 2005 Software Engineering with Reusable Components RiSE’s Seminars Sametinger’s book :: Chapters 16, 17 and 18 Fred Durão.
1 Software Testing and Quality Assurance Lecture 30 – Testing Systems.
(c) 2007 Mauro Pezzè & Michal Young Ch 1, slide 1 Software Test and Analysis in a Nutshell.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Testing - an Overview September 10, What is it, Why do it? Testing is a set of activities aimed at validating that an attribute or capability.
Senior Design – Acceptance Test Plan Review The goal is to: define the criteria for approving the application. Tightly coupled to the Requirements document.
Introduction to Software Testing
Verification and Validation
State coverage: an empirical analysis based on a user study Dries Vanoverberghe, Emma Eyckmans, and Frank Piessens.
Computer System Lifecycle Chapter 1. Introduction Computer System users, administrators, and designers are all interested in performance evaluation. Whether.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Software Testing Verification and validation planning Software inspections Software Inspection vs. Testing Automated static analysis Cleanroom software.
CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.
Software Faults and Fault Injection Models --Raviteja Varanasi.
1 Autonomic Computing An Introduction Guenter Kickinger.
Verification and Validation Yonsei University 2 nd Semester, 2014 Sanghyun Park.
Software Quality Assurance Lecture #8 By: Faraz Ahmed.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Verification and Validation.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.
CS 501: Software Engineering Fall 1999 Lecture 16 Verification and Validation.
CPIS 357 Software Quality & Testing
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
University of Coimbra, DEI-CISUC
Naaliel Mendes, João Durães, Henrique Madeira CISUC, Department of Informatics Engineering University of Coimbra {naaliel, jduraes,
Michael Ernst, page 1 Collaborative Learning for Security and Repair in Application Communities Performers: MIT and Determina Michael Ernst MIT Computer.
Software Metrics - Data Collection What is good data? Are they correct? Are they accurate? Are they appropriately precise? Are they consist? Are they associated.
Software Testing Course Shmuel Ur
Software Testing Testing types Testing strategy Testing principles.
Testing Workflow In the Unified Process and Agile/Scrum processes.
1 CS 501 Spring 2002 CS 501: Software Engineering Lecture 23 Reliability III.
A Framework for the Reconfiguration of Ubicomp Systems Pau Giner, Carlos Cetina, Joan Fons, Vicente Pelechano.
Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Software Verification, Validation and Testing.
Ch 22 Verification and Validation
10/03/05 Johan Muskens ( TU/e Computer Science, System Architecture and Networking.
1 Introduction to Software Testing. Reading Assignment P. Ammann and J. Offutt “Introduction to Software Testing” ◦ Chapter 1 2.
Chapter 8 Lecture 1 Software Testing. Program testing Testing is intended to show that a program does what it is intended to do and to discover program.
MDD approach for the Design of Context-Aware Applications.
Software Engineering1  Verification: The software should conform to its specification  Validation: The software should do what the user really requires.
SWE 513: Software Engineering
Slide 1 Service-centric Software Engineering. Slide 2 Objectives To explain the notion of a reusable service, based on web service standards, that provides.
® IBM Software Group © 2009 IBM Corporation Essentials of Modeling with the IBM Rational Software Architect, V7.5 Module 15: Traceability and Static Analysis.
Outsourcing, subcontracting and COTS Tor Stålhane.
1 Phase Testing. Janice Regan, For each group of units Overview of Implementation phase Create Class Skeletons Define Implementation Plan (+ determine.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
T EST T OOLS U NIT VI This unit contains the overview of the test tools. Also prerequisites for applying these tools, tools selection and implementation.
Pinpoint: Problem Determination in Large, Dynamic Internet Services Mike Chen, Emre Kıcıman, Eugene Fratkin {emrek,
Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.
Objective ICT : Internet of Services, Software & Virtualisation FLOSSEvo some preliminary ideas.
Marco Vieira University of Coimbra Naples, 20th December 2011.
AppAudit Effective Real-time Android Application Auditing Andrew Jeong
DOWeR Detecting Outliers in Web Service Requests Master’s Presentation of Christian Blass.
UC Marco Vieira University of Coimbra
Laurea Triennale in Informatica – Corso di Ingegneria del Software I – A.A. 2006/2007 Andrea Polini XVII. Verification and Validation.
Tool Support for Testing
Software Testing.
Chapter 8 – Software Testing
Verification and Testing
EIN 6133 Enterprise Engineering
Service-centric Software Engineering
Introduction to Software Testing
Analysis models and design models
Course: Module: Lesson # & Name Instructional Material 1 of 32 Lesson Delivery Mode: Lesson Duration: Document Name: 1. Professional Diploma in ERP Systems.
DAT381 Team Development with SQL Server 2005
CSE 1020:Software Development
Overview Activities from additional UP disciplines are needed to bring a system into being Implementation Testing Deployment Configuration and change management.
Presentation transcript:

UC Marco Vieira University of Coimbra

N APLES, 14 TH A PRIL 2010 R UC[1] ::.. Outline  Fault Injection for Failure Prediction Methods Validation  Robustness Testing for Web Services  Web Services Robustness Improvement  Other Research Topics  Questions & Comments

Fault Injection for Failure Prediction Methods Validation UC

N APLES, 14 TH A PRIL 2010 R UC[3] ::.. Why do computers fail?

N APLES, 14 TH A PRIL 2010 R UC[4] ::.. Hardware problems

N APLES, 14 TH A PRIL 2010 R UC[5] ::.. Environment problems

N APLES, 14 TH A PRIL 2010 R UC[6] ::.. Bad configuration

N APLES, 14 TH A PRIL 2010 R UC[7] ::.. Misuse

N APLES, 14 TH A PRIL 2010 R UC[8] ::.. Not proven design

N APLES, 14 TH A PRIL 2010 R UC[9] ::.. But most of the times it is due to…

UC

N APLES, 14 TH A PRIL 2010 R UC[11] ::.. What can we do?  Don’t use computers Sooner or later they will fail!!!  OR: Build better software Many tried… most have failed Find ways to identify failure-prone situations And react accordingly…  But… How do we know when a failure is about to happen?

N APLES, 14 TH A PRIL 2010 R UC[12] ::.. Predict!

N APLES, 14 TH A PRIL 2010 R UC[13] ::.. But prediction is hard…  Prophets do not exist!  Failure prediction methods are complex  Needs lots of data  How to improve this? That is the goal of our research…

N APLES, 14 TH A PRIL 2010 R UC[14] ::.. Our idea Injection of realistic software faults to validate and improve failure prediction methods

N APLES, 14 TH A PRIL 2010 R UC[15] ::.. Research goals  Use the injection of realistic software faults to validate and improve failure prediction mechanisms  Four scenarios: 1. Help identifying symptoms for failure prediction 2. Accelerate the learning/training phase of prediction algorithms 3. Evaluate the figures of merit of prediction algorithms 4. Integrate fault injection in the prediction algorithm, as a form of continuous training

N APLES, 14 TH A PRIL 2010 R UC[16] ::.. Identifying symptoms for prediction  Preparation phase Setup the experimental environment  Profiling phase Collect data for building a profile for each param  Fault injection phase Generate failure-related data  Symptoms identification phase Build a model of the behavior of each parameter Identify the parameters that show potential symptoms by deviating from that model

N APLES, 14 TH A PRIL 2010 R UC[17] ::.. Variables ranking  Correlate potential symptoms with the observed failures  Rank variables based on the highest rate of valid symptoms Characterized using the F-Measure Represents the harmonic mean of precision and recall

N APLES, 14 TH A PRIL 2010 R UC[18] ::.. Experimental demo  Two workloads: WKL#1 - light workload: 7-Zip application compacting 4GB file WKL#2 - heavier workload: COSBI OpenSourceMark benchmark suite

N APLES, 14 TH A PRIL 2010 R UC[19] ::.. Overall results WKL#1WKL#2

N APLES, 14 TH A PRIL 2010 R UC[20] ::.. Top-10 parameters

N APLES, 14 TH A PRIL 2010 R UC[21]

Robustness Testing for Web Services UC

N APLES, 14 TH A PRIL 2010 R UC[23] ::.. The problem Web Services must provide a robust service to the client applications  Development tools lack mechanisms to: Characterize the robustness of Web Services code Compare robustness of alternative Web Services

N APLES, 14 TH A PRIL 2010 R UC[24] ::.. Web Services robustness testing  Erroneous Web Services call parameters Generated using a set of predefined rules Based on the data types of each parameter Injected during the Web Services execution GetWeather(city, day) → GetWeather(“Coimbra”, null)  Key components needed: Workload Robustness tests Failure modes classification

N APLES, 14 TH A PRIL 2010 R UC[25] ::.. Preparing the tests  Obtain web service definitions List of operations Parameters Data types Domains  The WSDL file is processed automatically to obtain the required information  The domain for each parameter cannot be deduced from the WSDL description Must be provided by the user

N APLES, 14 TH A PRIL 2010 R UC[26] ::.. Workload  A workload is needed to exercise each operation of the web service  A generic workload that fits all Web Services is not feasible We need to generate a workload for each web service  Workload generation: User defined workload Random workload

N APLES, 14 TH A PRIL 2010 R UC[27] ::.. Parameters values mutation TypeParameter Mutation String Replace by null value Replace by empty string Replace by predefined string Replace by string with nonprintable characters Add nonprintable characters to the string Replace by alphanumeric string Add characters to overflow max size Number… List… Date… Boolean…

N APLES, 14 TH A PRIL 2010 R UC[28] ::.. The wsrbench tool…  Implements the Web Services testing approach  Available online:

N APLES, 14 TH A PRIL 2010 R UC[29] ::.. Experimental evaluation  Tested 250 Web Services (1200 operations) publicly available The majority is listed at /  Web Services owned by different parties E.g., Microsoft and Xara  Some services implement the same functionally e.g., Text Disguise and Free Captcha Service

N APLES, 14 TH A PRIL 2010 R UC[30] ::.. Failure modes observed

N APLES, 14 TH A PRIL 2010 R UC[31] ::.. Main causes of the problems

N APLES, 14 TH A PRIL 2010 R UC[32]

Web Services Robustness Improvement UC

N APLES, 14 TH A PRIL 2010 R UC[34] ::.. Goal  A practical way to improve web services robustness Domain expression language Transparent server-side domain validation process  Very important for creating highly robust services  Can also be used in legacy services No source code is available Changes applied by using bytecode instrumentation

N APLES, 14 TH A PRIL 2010 R UC[35] ::.. Approach 1)Accurately describe the service (improved) 2)Generate and execute a service workload 3)Execute robustness tests (improved for providers) 4)Correct disclosed issues and behavior verification

N APLES, 14 TH A PRIL 2010 R UC[36] ::.. Service description  Domain information is typically unavailable Lack of adequate development tools for domain expression XSD Schema inability to describe parameter dependencies

N APLES, 14 TH A PRIL 2010 R UC[37] ::.. Example: Service domain  Ex: Operation1 takes 2 integer parameters: A and B  Valid domain for A: [1, 5] U [6, 10]  Valid domain for B: [10, 20] U [30,40]  However, the service requires that: When A is in [1, 5] B must be in [30, 40] and vice-versa

N APLES, 14 TH A PRIL 2010 R UC[38] ::.. Example: Service domain

N APLES, 14 TH A PRIL 2010 R UC[39] ::.. Example: Service domain We need to announce our service as accepting: r1 and r4

N APLES, 14 TH A PRIL 2010 R UC[40] ::.. Example: Service domain We need to announce our service as accepting: r1 and r4 Problem: XSD is unable to express this! Solution: Use an XSD extension that can express domain dependencies

N APLES, 14 TH A PRIL 2010 R UC[41] ::.. Extended Domain Expression Language

N APLES, 14 TH A PRIL 2010 R UC[42] ::.. Extended Domain Expression Language  Logical OR and XPath functions can also be used for more complex domains (starts-with, contains, etc)

N APLES, 14 TH A PRIL 2010 R UC[43] ::.. Robustness tests execution  We automatically generate robustness tests using the services definitions and exercise services: Through their public interface Through external services responses (composite)  Based on a rule set, we use fault injection to mutate incoming messages  We also perform exception injection All declared exceptions and a set of Runtime exceptions  At the end we check any response domain violation

N APLES, 14 TH A PRIL 2010 R UC[44] ::.. Robustness testing tool  The service is instrumented using AOP (AspectJ)

N APLES, 14 TH A PRIL 2010 R UC[45] ::.. Robustness problems removal  Incoming requests undergo a transparent and complete validation according to the announced domain

N APLES, 14 TH A PRIL 2010 R UC[46] ::.. Experimental evaluation  3 versions of TPC-App web services (A, B, and C) 1)We analyzed the WSDL and XSD of each service 2)Manually extended each XSD to use EDEL 3)Operations domains were fully defined 4)Created a test workload, and measured its coverage 5)Cobertura indicated +80% general coverage

N APLES, 14 TH A PRIL 2010 R UC[47] ::.. Results overview Web Service Robustness Problems ABC ChangePaymentMethod14130 NewCustomer44260 NewProducts410 ProductDetail040

N APLES, 14 TH A PRIL 2010 R UC[48] ::.. Improvement verification  We deployed 3 EDEL-based protected versions of the same web services  No robustness issues were uncovered!  We re-ran the workload, and identified no out-of- domain responses  Responses were double-checked

N APLES, 14 TH A PRIL 2010 R UC[49]

Other Research Topics UC

N APLES, 14 TH A PRIL 2010 R UC[51] ::.. Security  Vulnerability & attack injection Validation of security mechanisms  Tools for developing non-vulnerable web services Penetration testing Static analysis Anomaly detection  Security benchmarking for transactional systems Comparing systems in terms of security features

N APLES, 14 TH A PRIL 2010 R UC[52] ::.. Dynamic systems  Resilience benchmarking for self-adaptive systems Accessing resilience-related metrics Compare systems with autonomic capabilities  V&V of large-scale, dynamic service systems Support traceability to evolving requirements Cope with agile software development process Explore the notion of regression in V&V Cope withsuccessive software releases Dynamic and evolving system V&V

N APLES, 14 TH A PRIL 2010 R UC[53] ::.. Questions & Comments Marco Vieira Center for Informatics and Systems University of Coimbra

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.