Using Logic Criterion Feasibility to Reduce Test Set Size While Guaranteeing Double Fault Detection Gary Kaminski and Paul Ammann Software Engineering.

Slides:



Advertisements
Similar presentations
Coverage Criteria Drawn mostly from Ammann&Offutt and Pezze&Yooung.
Advertisements

Computer Science and Software Engineering University of Wisconsin - Platteville Note 5. Testing Yan Shi Lecture Notes for SE 3730 / CS 5730.
1 Applications of Optimization to Logic Testing Gary Kaminski and Paul Ammann ICST 2010 CSTVA Workshop.
Course Software Testing & Verification 2013/14 Wishnu Prasetya
Introduction to Software Testing Chapter 6-4 Input Space Partition Testing Paul Ammann & Jeff Offutt
Software Testing Logic Coverage. Introduction to Software Testing (Ch 3) © Ammann & Offutt 2 Logic Coverage Four Structures for Modeling Software Graphs.
Introduction to Software Testing Chapter 3.1, 3.2 Logic Coverage Paul Ammann & Jeff Offutt
Logic ChAPTER 3 1. Truth Tables and Validity of Arguments
EE1J2 – Discrete Maths Lecture 5
© 2006 Fraunhofer CESE1 MC/DC in a nutshell Christopher Ackermann.
Introduction to Software Testing Chapter 3.1 Logic Coverage Paul Ammann & Jeff Offutt.
Introduction to Software Testing Chapter 8.2
Software Testing and QA Theory and Practice (Chapter 4: Control Flow Testing) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory and Practice.
Logic Gates Circuits to manipulate 0’s and 1’s. 0’s and 1’s used for numbers Also to make decisions within the computer. In that context, 1 corresponds.
Homework 3.
Software Testing Sudipto Ghosh CS 406 Fall 99 November 9, 1999.
Introduction to Software Testing Chapter 5.2 Program-based Grammars Paul Ammann & Jeff Offutt
Of 33 Improving Logic-Based Testing Jeff Offutt Professor, Software Engineering George Mason University Fairfax, VA USA
CSE 20 DISCRETE MATH Prof. Shachar Lovett Clicker frequency: CA.
Chapter 1 The Logic of Compound Statements. Section 1.1 Logical Form and Logical Equivalence.
Today’s Agenda  Quick Review  Finish Graph-Based Testing  Predicate Testing Software Testing and Maintenance 1.
Software Logic Mutation Testing Presented by Gary Kaminski.
Black-Box Testing Techniques II Prepared by Stephen M. Thebaut, Ph.D. University of Florida Software Testing and Verification Lecture 5.
Introduction to Software Testing Chapter 8.1 Logic Coverage Paul Ammann & Jeff Offutt
Logical Form and Logical Equivalence Lecture 2 Section 1.1 Fri, Jan 19, 2007.
Test Coverage CS-300 Fall 2005 Supreeth Venkataraman.
Introduction to Software Testing Chapter 3.6 Disjunctive Normal Form Criteria Paul Ammann & Jeff Offutt
3.3: Truth Tables. Types of Statements Negation: ~p Conjunction: p ˄ q (p and q) Disjunction: p V q (p or q, or both) Conditional: p → q (if p, then q)
CMPUT Computer Organization and Architecture II1 CMPUT329 - Fall 2003 Topic 5: Quine-McCluskey Method José Nelson Amaral.
1 Quine-McCluskey Method. 2 Motivation Karnaugh maps are very effective for the minimization of expressions with up to 5 or 6 inputs. However they are.
Boolean Algebra. Logical Statements A proposition that may or may not be true:  Today is Monday  Today is Sunday  It is raining.
Introduction to Software Testing Chapter 3.1, 3.2 Logic Coverage Paul Ammann & Jeff Offutt
Chapter 7 Logic, Sets, and Counting
Warmup Answer the following True/False questions in your head: I have brown hair AND I am wearing glasses I am male OR I am wearing sneakers I am NOT male.
Chapter 7 Logic, Sets, and Counting Section 1 Logic.
Logical Form and Logical Equivalence Lecture 1 Section 1.1 Wed, Jan 12, 2005.
Boolean Algebra Monday/Wednesday 7th Week. Logical Statements Today is Friday AND it is sunny. Today is Friday AND it is rainy. Today is Monday OR it.
Introduction to Software Testing Chapter 8.1 Logic Coverage Paul Ammann & Jeff Offutt
CS520: Steinberg 1 Lecture 16 CS 520: Introduction to Artificial Intelligence Prof. Louis Steinberg Lecture 16: Uncertainty.
Boolean Logic.
Notes - Truth Tables fun, fun, and more fun!!!!. A compound statement is created by combining two or more statements, p and q.
Introduction to Software Testing Chapter 3.6 Disjunctive Normal Form Criteria Paul Ammann & Jeff Offutt
CEC 220 Digital Circuit Design Boolean Algebra I Wed, Sept 2 CEC 220 Digital Circuit Design Slide 1 of 13.
Introduction to Software Testing Chapter 9.2 Program-based Grammars Paul Ammann & Jeff Offutt
Introduction to Software Testing Chapter 3.6 Disjunctive Normal Form Criteria Paul Ammann & Jeff Offutt
Introduction to Software Testing Chapter 3.1 Logic Coverage Paul Ammann & Jeff Offutt.
Establishing Theoretical Minimal Sets of Mutants ICST 2014 Paul Ammann Joint work with Marcio Eduardo Delamaro Jeff Offutt April 1, 2014.
MATH 110 Sec 12-1 Lecture: Intro to Counting Introduction to Counting: Just how many are there?
1 Using a Fault Hierarchy to Improve the Efficiency of DNF Logic Mutation Testing Gary Kaminski and Paul Ammann ICST 2009.
Introduction to Software Testing Chapter 3.2 Logic Coverage
Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View Basic Concepts and Background.
Using Logic Criterion Feasibility to Reduce Test Set Size While Guaranteeing Fault Detection Gary Kaminski and Paul Ammann ICST 2009 March 24 Version.
Dr. Rob Hasker Dr. Brad Dennis. Coverage  Exercise: Each participant: write down 4 instructions Input to procedure: value given by someone, which person.
Introduction to Software Testing (2nd edition) Chapter 5 Criteria-Based Test Design Paul Ammann & Jeff Offutt
Introduction to Software Testing Chapter 8.2
Introduction to Software Testing Chapter 8.1 Logic Coverage
DeMorgan’s Theorem DeMorgan’s 2nd Theorem
Control Flow Testing Handouts
Handouts Software Testing and Quality Assurance Theory and Practice Chapter 4 Control Flow Testing
Introduction to Software Testing Syntactic Logic Coverage Criteria
Outline of the Chapter Basic Idea Outline of Control Flow Testing
Introduction to Software Testing Chapter 3.1, 3.2 Logic Coverage
Logic Coverage CS 4501 / 6501 Software Testing
In-Class Extended Example Ch. 6.4
Moonzoo Kim School of Computing KAIST
Introduction to Software Testing Chapter 3.2 Logic Coverage
Logic Coverage CS 4501 / 6501 Software Testing
Introduction to Software Testing Chapter 8.1 Logic Coverage
Introduction to Software Testing Chapter 3.2 Logic Coverage
Introduction to Software Testing Chapter 3.1, 3.2 Logic Coverage
Presentation transcript:

Using Logic Criterion Feasibility to Reduce Test Set Size While Guaranteeing Double Fault Detection Gary Kaminski and Paul Ammann Software Engineering Group George Mason University Presented at Mutation 2009 April 4, 2009 Denver, Colorado

2 Return of the HOMs n Higher Order Mutants (HOMs) –Applying multiple mutant operators: if (x < y) { a = b + c;} if (x < b) { a = b * c;} –Banished as unnecessary (Offutt) –Single Order Mutants (SOMs) are enough n They’re Baaaaaaack! –Tests that kill HOMS can be really powerful! A HOM may be better than relevant SOMs –Jia/Harmon, Polo et al This paper looks at test sets adequate to detect a certain class of logic HOMs

3 Motivation n Consider coverage as a way to –Generate mutation adequate tests – Statically! n In this paper, we consider double HOMS – Generate “small” test sets Smaller than “MUMCUT++” – But still guarantee double HOM detection n Restrictions in this paper: –Only worry about mutating predicates –Assume minimal Disjunctive Normal Form (DNF) –Assume predicates are tested in isolation

4 Minimal DNF Terms separated by OR, literals by AND ab + a!c vs. a(b + !c) n Make each term true and other terms false ab + ac vs. ab + abc n Can’t remove a literal without changing predicate’s truth value ab vs. abc + ab!c Green – in minimal DNF Red – not in minimal DNF

5 Minimal DNF: SOMs and HOMs Original Predicate: ab + bc n Literal Insertion Fault (LIF): abc + bc n Literal Reference Fault (LRF): ac + bc n Literal Omission Fault (LOF): a + bc Detecting LIF, LRF, LOF actually detects all 9 SOM types The LIF and LRF can result in an equivalent fault n HOM: Double Fault: abc + ba n 81 double faults HOMs n What can we say about detecting double fault HOMs?

6 Lau and Yu’s DNF Fault Hierarchy n Arrow means test for source fault also detects destination fault n Ignores criterion feasibility n MUMCUT criterion guarantees detecting all faults LOF ORF. LRF LNF TNF ENF LIF TOF ORF+ MUMCUT = MUTP + CUTPNFP + MNFP

n For each implicant find unique true points (UTPs) so that –Literals not in implicant take on values T and F n Consider the DNF predicate: – f = ab + cd n For implicant ab –Choose TTFT, TTTF n For implicant cd –Choose FTTT, TFTT n MUTP test set –{TTFT, TTTF, FTTT, TFTT} MUTP: Multiple Unique True Points ab cd t t tt t t t

CUTPNFP: Corresponding Unique True Point Near False Point Pairs n Consider the DNF predicate: f = ab + cd n For implicant ab –For a, choose UTP, NFP pair TTFF, FTFF –For b, choose UTP, NFP pair TTFT, TFFT n For implicant cd –For c, choose UTP, NFP pair FFTT, FFFT –For d, choose UTP, NFP pair FFTT, FFTF n Possible CUTPNFP test set –{TTFF, TTFT, FFTT //UTPs FTFF, TFFT, FFFT, FFTF} //NFPs ab cd t t tt t t t

n Find NFP tests for each literal such that all literals not in the term attain F and T n Consider the DNF predicate: – f = ab + cd n For implicant ab –Choose FTFT, FTTF for a –Choose TFFT, TFTF for b n For implicant cd –Choose FTFT, TFFT for c –Choose FTTF, TFTF for d n MNFP test set –{TFTF, TFFT, FTTF, TFTF} n Example is small, but generally MNFP is large MNFP: Multiple Near False Points ab cd t t tt t t t

Minimal-MUMCUT Criterion Kaminski/Ammann (ICST 2009) n Minimal-MUMCUT uses low level criterion feasibility analysis –Adds CUTPNFP and MNFP only when necessary n Minimal-MUMCUT guarantees detecting LIF, LRF, LOF –And thus all 9 faults in the hierarchy CUTPNF P feasible? MNFP Test Set = MUTP + MNFP For Each Literal In Term Test Set = MUTP + CUTPNFP MUTP feasible? Test Set = MUTP + NFP For Each Term

11 First Result: What About the Double Faults? n MUMCUT vs. Minimal-MUMCUT –Exactly the same detection for double faults –Detect 75 of 81 possible double fault types n Both MUMCUT and Minimal-MUMCUT – May miss 6 of 81 possible double fault types

12 A Closer Look: Role of Infeasibility 3 cases for Minimal-MUMCUT (and MUMCUT) n If MUTP feasible: All double faults detected n If MUTP infeasible, but CUTPNFP feasible: – Only potentially undetected double fault is a LIF-LIF where – Each LIF occurs in a MUTP infeasible term Means each individual LIF is an equivalent fault n Otherwise, 6 double fault types may go undetected CUTPNF P feasible? MNFP 6 double fault types undetected For Each Literal In Term Only LIF-LIF undetected MUTP feasible? All double faults detected For Each Term

13 Question: How to Handle 6 Undetected Double Faults? n Coverage criteria approach: – Develop suitable criteria and apply in all cases (Lau et al) –Example: SMOTP: Supplementary Multiple Overlapping True Points Detects LIF-LIF double fault, but is very expensive –Similar strategy for other 5 undetected double faults n Alternate approach: –Look at actual artifacts under test See if there is a problem If so, handle it; Otherwise, forget about it n Reviewer comment: What does this have to do with Mutation? –I think this alternate approach is the key

14 A Look at Some Artifacts n Analyzed 19 TCAS predicates with 5 to 13 unique literals (Weyuker, Chen, Lau, Yu) n Built a tool in Java to: - Determine MUTP feasibility for each term and CUTPNFP feasibility for each literal - Generate a Minimal-MUMCUT test set n Analysis: –Which double fault types go undetected? –What percentage of double faults go undetected?

15 Case Study Results n 99.9% of non-equivalent double faults are detected because: 1) 23% of terms were MUTP feasible (all double faults detected) 2) 100% of the literals were CUTPNFP feasible - Only 1 of the 6 double fault types (LIF-LIF) went undetected 3) 98.5% of double faults formed by two equivalent LIFs are equivalent n Equivalent n a!bd + a!cd + e  a!bd!e + a!cd!e + e n Not Equivalent (TFFTF) n a!bd + a!cd + e  a!bdc + a!cdb + e

16 Detecting the LIF-LIF n Supplement Minimal-MUMCUT with Overlapping True Points (OTPs) for terms only when MUTP is infeasible for both terms n OTPs make two terms true Original: a!bd + a!cd + e MUTP not feasible for a!bd or a!cd OTP for a!bd and a!cd is TFFTF TFFTF detects the following LIF-LIF: a!bdc + a!cdb + e Result: Test set augmented with select OTPs detects 76 of 81 faults (modulo certain feasibility assumptions) ab cd t t t

17 Internal Variable Problem n What input values satisfy a criterion? –Predicates are deep in the code –Must reach predicate and have variables in predicate attain certain truth values –Partial solutions using constraints exist n What if you can’t solve internal variable problem? –Potentially need to redo the analysis –If a Minimal-MUMCUT test is infeasible Need to replace it with tests farther down the hierarchy This work is in progress

18 Minimal DNF in Practice 1) 95% of 20,256 Boolean predicates in avionics software were in minimal DNF* 2) MUMCUT has been shown to detect > 99% of corresponding faults in non-minimal DNF Boolean predicates* *Source: Y.T Yu and M.F. Lau. Comparing Several Coverage Criteria for Detecting Faults in Logical Decisions. In Proceedings QSIC 2004: 4th International Conference on Quality Software, Pages

19 How Many Literals? n Minimal-MUMCUT for software with predicates having at least 4 unique literals n Exhaustive coverage for < 4 unique literals - ab + !ac - 6 Minimal-MUMCUT tests vs. 8 exhaustive tests n Avionics software often has predicates with many unique literals* *Source: J.J Chilenski and S.P. Miller. Applicability of modified condition/decision coverage to software testing. IEE/BCS Software Engineering Journal, 9(5): , September 1994.

20 Conclusion n Introduction of Minimal-MUMCUT which guarantees the same double fault detection as MUMCUT with smaller test set size n Analysis of relationship between criterion feasibility and double fault detection n Examination of what double faults are likely undetected in practice by Minimal-MUMCUT and how to extend Minimal-MUMCUT accordingly n Applications for software testing of programs with large predicates

21 Logic Criteria How should inputs be chosen to test software? One answer: to achieve logic coverage Logic criteria impose requirements on inputs if (a || b) - Make expression evaluate to T and F (TF,FF) - Make each literal evaluate to T and F (FT,TF) Provide a stopping rule for testing Guarantee logic faults are detected

22 Unique True Points and Near False Points n UTP: An assignment of values such that only one term evaluates to true. ab + !ac: 110 and 111 are UTPs for ab n NFP: An assignment of values such that the predicate evaluates to false but when a literal is omitted, it evaluates to true. ab + !ac: 100 and 101 are NFPs for b

23 MUTP Criterion (Chen, Lau, Yu) n Find UTP tests for each term such that all literals not in the term attain F and T. n Detects LIF and if feasible, detects LRF n Inexpensive to satisfy n Feasible for term ab in ab + !ac ab – TTF, TTT n Infeasible for term ab in ab + ac ab – TTF

24 CUTPNFP Criterion (Chen, Lau, Yu) n Find a UTP - NFP pair such that only the literal of interest changes value. n Detects LOF and if feasible, detects LRF n More expensive to satisfy n Feasible for b in first term of ab + ac UTP for ab is TTF NFP for b in ab is TFF n Infeasible for b in first term of ab + b!c + !bc UTP for ab is TTT NFP for b in ab is TFF (TFT makes tern !bc true)

25 MNFP Criterion (Chen, Lau, Yu) n Find NFP tests for each literal such that all literals not in the term attain F and T. n Detects LOF and if feasible, detects LRF n Most expensive to satisfy n Feasible for a in first term of ab + ac FTF, FTT n Infeasible for a in first term of ab + !ac FTF (FTT makes term !ac true)

26 MUMCUT Criterion (Chen, Lau, Yu) n Combines MUTP, CUTPNFP, and MNFP –Guarantees detection of all faults in the hierarchy –Fairly expensive criterion

27 Second Result: Dealing with 6 Undetected Double Faults n One approach: – Develop criteria to detect these faults, and apply in all cases (Lau et al) –Example SMOTP: Supplementary Multiple Overlapping True Points Detects LIF-LIF double fault But is very expensive –Similar strategy for other 5 undetected double faults n Alternate approach: –Analyze predicates to see which double faults might evade detection –Only add additional tests if needed –Illustrate this approach via a case study