![New Capabilities
Can read multiple file types
o .csv test case files
o .txt test case files
o ACTS .xml configuration files
o ACTS .txt configuration files
Added support for equivalence classes and groups within
ACTS configuration files
o Ranges and boundary values defined by interval notation
• (*,5],[6,*) – creates two range classes: -∞ to 5, 6 to ∞
o Groups are specified in brackets
• {“Debian”, “Ubuntu”, “Red Hat”},{“Windows XP”, ”Windows 7”}
11](https://image.slidesharecdn.com/ca1d14b6-3158-4e83-b9a4-2daf689c9079-160809010321/85/Measuring-the-Combinatorial-Coverage-of-Software-in-Real-Time-12-320.jpg)
Measuring the Combinatorial Coverage of Software in Real Time
- 1. Measuring the Combinatorial Coverage of Software in Real Time Zachary Ratliff Computer Security Security Components & Mechanisms August 4th, 2016
- 2. What is Combinatorial Testing? Design of Experiments (D.O.E.) for software testing Can significantly reduce testing time and costs without sacrificing effectiveness Offers a partial solution for showing that a particular program will work for all given inputs 1
- 3. Intractable Nature of Software Testing The input domain space of software grows exponentially to the number of input parameters • 10 binary inputs: 210 = 1,024 configurations • 20 binary inputs: 220 = 1,048,576 configurations *Note: You can only fold paper in half about 7 times… 2 Folding a piece of 0.01cm thick paper 42 times will get you to the moon… (0.01 × 242) = 439,804km
- 4. Covering Arrays Mathematical object representing all 𝑡-way combinations of 𝑛 parameters. Every combination between 𝑡 parameters appears at least once 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 0 1 0 0 0 0 1 1 0 1 1 0 1 0 1 0 0 1 0 0 0 1 1 1 0 0 0 0 1 1 0 0 1 0 0 1 0 0 0 1 0 1 0 1 1 1 0 1 1 0 1 0 0 1 0 1 0 0 0 0 1 1 1 0 0 1 1 0 0 1 1 0 0 1 0 0 1 0 1 0 1 1 0 0 1 0 0 1 0 0 0 0 0 0 1 1 1 0 1 0 0 0 1 1 1 0 1 3
- 5. Efficiency of Covering Arrays Total variable value configurations for a given system is given by: 𝑣 𝑡 𝑛 𝑡 𝑛 = number of parameters 𝑡 = level of t-way coverage For Mixed Level variable configurations: 𝑖 𝑣𝑖1 × ⋯ × 𝑣𝑖𝑡 , ∀ i = 1 … 𝑛 𝑡 combinations In practice, covering arrays grow exponentially to 𝑡 and logarithmically to 𝑛 Number of tests ≈ 𝑣 𝑡 log 𝑛 4
- 6. The Interaction Rule Most failures are induced by one or two factors with progressively fewer faults induced by more than two factors No failure involving more than 6 factors has been reported Covering all 4 to 6-way combinations provides strong testing 5
- 7. The Problem Most organizations do not fully understand the benefits of switching to combinatorial testing methods Time, money, and other resources may not be available to alter testing practices Lack of Combinatorial testing software tools and training available 6
- 8. CCM: Combinatorial Coverage Measurement Tool Cross platform tool written in Java Measured combinatorial coverage of static .csv files Features: o Generate missing combinations o Constraint support o Display invalid combinations 7 *Created by Itzel Mendoza while working as a guest researcher at N.I.S.T.
- 9. Limitations of CCM Could only accept .csv files for test case input o No ability to hook other tools in o Had to be ran on a local machine Limited to static analysis of data o Very inefficient for when measuring multiple times as new data is added 8
- 10. Interest was generated in various industries for a new combinatorial measurement tool with capabilities to measure coverage in real time. 9
- 11. Introducing CCM Command Line Real time combinatorial coverage measurement tool 10
- 12. New Capabilities Can read multiple file types o .csv test case files o .txt test case files o ACTS .xml configuration files o ACTS .txt configuration files Added support for equivalence classes and groups within ACTS configuration files o Ranges and boundary values defined by interval notation • (*,5],[6,*) – creates two range classes: -∞ to 5, 6 to ∞ o Groups are specified in brackets • {“Debian”, “Ubuntu”, “Red Hat”},{“Windows XP”, ”Windows 7”} 11
- 13. Real time measurement functionality o Incrementally measures combinatorial coverage as new test cases are added to the data set Accepts input from various sources o Files o Standard Input o External Programs o Internet / TCP More robust constraint definitions o !employee => !grant_permission *Older version of CCM had issues processing constraints in this notation 12
- 14. Time Complexity The time complexity of initial measurement of static test case files remains the same: θ 𝑛 𝑡 𝑣 𝑡 + 𝑚 Incremental measurements while adding test cases: θ 𝑛 𝑡 𝑣 𝑡 In both static and real time measurements, the algorithm is tractable in real world situations 13
- 15. Applications of CCMCL Product Readiness o Determining if a pre-release version has been tested enough by Beta users. Monitoring IV&V Performance o Is the IV&V company providing quality tests to meet the software assurance standards? Measuring current test suite implementations o Do current test suite implementations already provide significant combinatorial coverage? Internet of Things Reliability o Measuring how reliable a system of interconnected components likely is. 14
- 16. Acknowledgements Rick Kuhn, National Institute of Standards & Technology Raghu Kacker, National Institute of Standards & Technology Dylan Yaga, National Institute of Standards & Technology Itzel Mendoza, Centro Nacional de Metrologia SURF Undergraduate Research Program, National Institute of Standards & Technology
- 17. References D.R. Kuhn, R.N. Kacker, Y. Lei, J. Hunter, Combinatorial Software Testing, IEEE Computer Society, August 2009. D.R. Kuhn, D.R. Wallace, A.M. Gallo, Jr., Software Fault Interactions and Implications for Software Testing, IEEE Transactions of Software Engineering, June 2004. Kuhn, D. Richard, Raghu N. Kacker, and Yu Lei. Introduction to combinatorial testing. CRC press, 2013.
Editor's Notes
- #3: Introduction to Design of Experiments Software testing: Save money, time, and effort by only choosing the more probable test cases that are likely to trigger the most amount of faults.
- #4: This slide is to represent the intractable nature of software testing. The example is supposed to show how fast an exponential problem can grow.
- #5: Short overview of covering arrays and how they can be applied to software testing.
- #6: Current covering array algorithms follow the bottom rule… Current algorithms follow a greedy approach
- #7: The interaction rule is the empirical justification for combinatorial testing.
- #11: Interest from software engineers in telecommunications and engineering companies was established.
- #12: This slide introduces the project I worked on. CCMCL is a command line version of the CCM tool, but with much more functionality.
- #15: n is the number of parameters, m is the number of tests, v is the average number of values for each parameter, t is the level of t-way measurement