Inputs from Hell: Generating Uncommon Inputs from Common Samples

Generating structured input files to test programs can be performed by techniques that produce them from a grammar that serves as the specification for syntactically correct input files. Two interesting scenarios then arise for effective testing. In the first scenario, software engineers would like to generate inputs that are as similar as possible to the inputs in common usage of the program, to test the reliability of the program. More interesting is the second scenario where inputs should be as dissimilar as possible from normal usage. This is useful for robustness testing and exploring yet uncovered behavior. To provide test cases for both scenarios, we leverage a context-free grammar to parse a set of sample input files that represent the program's common usage, and determine probabilities for individual grammar production as they occur during parsing the inputs. Replicating these probabilities during grammar-based test input generation, we obtain inputs that are close to the samples. Inverting these probabilities yields inputs that are strongly dissimilar to common inputs, yet still valid with respect to the grammar. Our evaluation on three common input formats (JSON, JavaScript, CSS) shows the effectiveness of these approaches in obtaining instances from both sets of inputs.

[1]  John A. Clark,et al.  The optimisation of stochastic grammars to enable cost-effective probabilistic structural testing , 2015, J. Syst. Softw..

[2]  Yang Liu,et al.  Guided, stochastic model-based GUI testing of Android apps , 2017, ESEC/SIGSOFT FSE.

[3]  R. C. Underwood,et al.  Stochastic context-free grammars for tRNA modeling. , 1994, Nucleic acids research.

[4]  Dawson R. Engler,et al.  EXE: automatically generating inputs of death , 2006, CCS '06.

[5]  Yanqin Fan Testing the Goodness of Fit of a Parametric Density Function by Kernel Method , 1994, Econometric Theory.

[6]  Ralf Lämmel,et al.  Controllable Combinatorial Coverage in Grammar-Based Testing , 2006, TestCom.

[7]  Ondrej Cekan,et al.  A Probabilistic Context-Free Grammar Based Random Test Program Generation , 2017, 2017 Euromicro Conference on Digital System Design (DSD).

[8]  Gordon Fraser,et al.  EvoSuite: automatic test suite generation for object-oriented software , 2011, ESEC/FSE '11.

[9]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[10]  Zongyan Qiu,et al.  Automatic Grammar-Based Test Generation , 2013, ICTSS.

[11]  Hong Zhu,et al.  Software unit test coverage and adequacy , 1997, ACM Comput. Surv..

[12]  Michael Pradel,et al.  Automatically reducing tree-structured test inputs , 2017, 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[13]  Mark Johnson,et al.  Probabilistic Grammars and their Applications , 2015 .

[14]  Adam Kiezun,et al.  Grammar-based whitebox fuzzing , 2008, PLDI '08.

[15]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[16]  Paolo Tonella,et al.  Automated Test Case Generation as a Many-Objective Optimisation Problem with Dynamic Selection of the Targets , 2018, IEEE Transactions on Software Engineering.

[17]  Xuejun Yang,et al.  Finding and understanding bugs in C compilers , 2011, PLDI '11.

[18]  Paolo Tonella,et al.  Combining Stochastic Grammars and Genetic Programming for Coverage Testing at the System Level , 2014, SSBSE.

[19]  Phil McMinn,et al.  Search-Based Software Testing: Past, Present and Future , 2011, 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops.

[20]  Baowen Xu,et al.  Measuring the Diversity of a Test Set With Distance Entropy , 2016, IEEE Transactions on Reliability.

[21]  Myra B. Cohen,et al.  An orchestrated survey of methodologies for automated software test case generation , 2013, J. Syst. Softw..

[22]  Michael Pradel,et al.  Saying ‘Hi!’ is not enough: Mining inputs for effective test generation , 2017, 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[23]  Andreas Zeller,et al.  Fuzzing with Code Fragments , 2012, USENIX Security Symposium.

[24]  Abhik Roychoudhury,et al.  Directed Greybox Fuzzing , 2017, CCS.

[25]  Rui Abreu,et al.  A Survey on Software Fault Localization , 2016, IEEE Transactions on Software Engineering.

[26]  Xiangyu Zhang,et al.  Deriving input syntactic structure from execution , 2008, SIGSOFT '08/FSE-16.

[27]  Xiangyu Zhang,et al.  Automatic Text Input Generation for Mobile Testing , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[28]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[29]  Andreas Zeller,et al.  Mining input grammars from dynamic taints , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[30]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools (2nd Edition) , 2006 .

[31]  Herbert Bos,et al.  VUzzer: Application-aware Evolutionary Fuzzing , 2017, NDSS.

[32]  Yang Liu,et al.  Skyfire: Data-Driven Seed Generation for Fuzzing , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[33]  Sarfraz Khurshid,et al.  Test input generation with java PathFinder , 2004, ISSTA '04.

[34]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[35]  Alessandro Orso,et al.  Reproducing Field Failures for Programs with Complex Grammar-Based Input , 2014, 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation.

[36]  Michael Pradel,et al.  Learning to Fuzz: Application-Independent Fuzz Testing with Probabilistic, Generative Models of Input Data , 2016 .

[37]  Tony Gorschek,et al.  Searching for Cognitively Diverse Tests: Towards Universal Test Diversity Metrics , 2008, 2008 IEEE International Conference on Software Testing Verification and Validation Workshop.

[38]  Antonia Bertolino,et al.  Software Testing Research: Achievements, Challenges, Dreams , 2007, Future of Software Engineering (FOSE '07).

[39]  Terence Parr,et al.  The Definitive ANTLR 4 Reference , 2013 .

[40]  Yue Jia,et al.  Sapienz: multi-objective automated testing for Android applications , 2016, ISSTA.

[41]  Paolo Tonella,et al.  Generating valid grammar-based test inputs by means of genetic programming and annotated grammars , 2017, Empirical Software Engineering.

[42]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[43]  Nikolai Tillmann,et al.  Pex-White Box Test Generation for .NET , 2008, TAP.

[44]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[45]  Robert Feldt,et al.  Finding test data with specific properties via metaheuristic search , 2013, 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE).

[46]  Niloy J. Mitra,et al.  Creating consistent scene graphs using a probabilistic grammar , 2014, ACM Trans. Graph..

[47]  Sean Luke,et al.  Two fast tree-creation algorithms for genetic programming , 2000, IEEE Trans. Evol. Comput..

[48]  Zhendong Su,et al.  Steering symbolic execution to less traveled paths , 2013, OOPSLA.

[49]  Michael D. Ernst,et al.  Feedback-Directed Random Test Generation , 2007, 29th International Conference on Software Engineering (ICSE'07).

[50]  Zongyan Qiu,et al.  A dynamic stochastic model for automatic grammar‐based test generation , 2015, Softw. Pract. Exp..

[51]  Deborah F. Swayne,et al.  Statistical inference for exploratory data analysis and model diagnostics , 2009, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[52]  K. V. Hanford,et al.  Automatic Generation of Test Cases , 1970, IBM Syst. J..

[53]  Rishabh Singh,et al.  Learn&Fuzz: Machine learning for input fuzzing , 2017, 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[54]  Peter Müller,et al.  Guiding Dynamic Symbolic Execution toward Unverified Program Executions , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[55]  Alexander Aiken,et al.  Synthesizing program input grammars , 2016, PLDI.