Assertion-Driven Development: Assessing the Quality of Contracts Using Meta-Mutations

Agile development methods have gained momentum inthe last few years and, as a consequence, test-driven developmenthas become more prevalent in practice. However, test cases arenot sufficient for producing dependable software and we ratheradvocate approaches that emphasize the use of assertions orcontracts over that of test cases. Yet, writing self-checks in codehas been shown to be difficult and is itself prone to errors. Astandard technique to specify runtime properties is design-bycontract(DbC). But how can one test if the contracts themselvesare sensible and sufficient? We propose a measure to quantifythe goodness of contracts (or assertions in a broader sense). Weintroduce meta-mutations at the source code level to simulatecommon programmer errors that the self-checks are supposedto detect. We then use random mutation testing to determinea lower and upper bound on the detectable mutations andcompare these bounds with the number of mutants detected bythe contracts. Contracts are considered “good” if they detect acertain percentage of the detectable mutations.We have evaluatedour tools on Java classes with contracts specified using theJava Modeling Language (JML). We have additionally tested thecontract quality of 19 implementations, written independently bystudents, based on the same specification.

[1]  dizayn İç dekor Design by Contract , 2010 .

[2]  Thomas Ball,et al.  A Theory of Predicate-Complete Test Coverage and Generation , 2004, FMCO.

[3]  Jeffrey M. Voas Quality Time: How Assertions Can Increase Test Effectiveness , 1997, IEEE Softw..

[4]  Henrique Madeira,et al.  Emulation of software faults by educated mutations at machine-code level , 2002, 13th International Symposium on Software Reliability Engineering, 2002. Proceedings..

[5]  Nancy G. Leveson,et al.  The Use of Self Checks and Voting in Software Error Detection: An Empirical Study , 1990, IEEE Trans. Software Eng..

[6]  Yuanyuan Zhou,et al.  Rx: treating bugs as allergies---a safe method to survive software failures , 2005, SOSP '05.

[7]  Peter M. Chen,et al.  How fail-stop are faulty programs? , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).

[8]  Jim Gray,et al.  Why Do Computers Stop and What Can Be Done About It? , 1986, Symposium on Reliability in Distributed Software and Database Systems.

[9]  David S. Rosenblum A Practical Approach to Programming With Assertions , 1995, IEEE Trans. Software Eng..

[10]  Henrique Madeira,et al.  Definition of software fault emulation operators: a field data study , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[11]  Yu Chin Cheng,et al.  ezContract: Using Marker Library and Bytecode Instrumentation to Support Design by Contract in Java , 2007, 14th Asia-Pacific Software Engineering Conference (APSEC'07).

[12]  Leon G. Stucki,et al.  New assertion concepts for self-metric software validation , 1975, Reliable Software.

[13]  David S. Rosenblum Correction to "A Practical Approach to Programming with Assertions" , 1995, IEEE Trans. Software Eng..

[14]  Jean-Marc Jézéquel,et al.  Design by Contract to Improve Software Vigilance , 2006, IEEE Transactions on Software Engineering.

[15]  A. Jefferson Offutt,et al.  MuJava: an automated class mutation system , 2005, Softw. Test. Verification Reliab..

[16]  Barry Boehm,et al.  Balancing agility and discipline , 2004 .

[17]  A. Jefferson Offutt,et al.  Automatically detecting equivalent mutants and infeasible paths , 1997, Softw. Test. Verification Reliab..

[18]  Richard J. Lipton,et al.  Hints on Test Data Selection: Help for the Practicing Programmer , 1978, Computer.

[19]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.

[20]  Simeon C. Ntafos,et al.  An Evaluation of Random Testing , 1984, IEEE Transactions on Software Engineering.

[21]  Bertrand Meyer,et al.  On the Predictability of Random Tests for Object-Oriented Software , 2008, 2008 1st International Conference on Software Testing, Verification, and Validation.

[22]  William E. Howden,et al.  Elusive Bugs, Bounded Exhaustive Testing and Incomplete Oracles , 2008, ICSOFT.