nist combinatorial testing project
play

NIST Combinatorial Testing project Goals reduce testing cost, - PowerPoint PPT Presentation

Oct 30, 2023 •31 likes •491 views

Combinatorial Methods in Software Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD Federal Computer Security Managers Forum, Dec. 6, 2011 NIST Combinatorial Testing project Goals reduce testing cost,

  1. Combinatorial Methods in Software Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD Federal Computer Security Managers Forum, Dec. 6, 2011

  2. NIST Combinatorial Testing project • Goals – reduce testing cost, improve cost-benefit ratio for testing • Merge automated test generation with combinatorial methods • New algorithms to make large-scale combinatorial testing practical • Accomplishments – huge increase in performance, scalability + widespread use in real-world applications • Joint research with many organizations

  3. What is NIST and why are we doing this? • A US Government agency • The nation’s measurement and testing laboratory – 3,000 scientists, engineers, and support staff including 3 Nobel laureates Research in physics, chemistry, materials, manufacturing, computer science Analysis of engineering failures, including buildings, materials, and ...

  4. Software Failure Analysis • We studied software failures in a variety of fields including 15 years of FDA medical device recall data • What causes software failures? • logic errors? • calculation errors? • interaction faults? • inadequate input checking? Etc. • What testing and analysis would have prevented failures? • Would statement coverage, branch coverage, all-values, all-pairs etc. testing find the errors? Interaction faults : e.g., failure occurs if pressure < 10 && volume > 300 (2-way interaction <= all-pairs testing catches)

  5. Software Failure Internals How does an interaction fault manifest itself in code? Example: pressure < 10 && volume > 300 (2-way interaction) if (pressure < 10) { // do something if (volume > 300) { faulty code! BOOM! } else { good code, no problem} } else { // do something else } A test that included pressure = 5 and volume = 400 would trigger this failure

  6. How about flaws that are harder to find ? • Interactions e.g., failure occurs if • pressure < 10 (1-way interaction) • pressure < 10 & volume > 300 (2-way interaction) • pressure < 10 & volume > 300 & velocity = 5 (3-way interaction) • The most complex failure reported required 4-way interaction to trigger 100 90 80 70 % detected Interesting, but that's 60 just one kind of 50 application! 40 30 20 10 0 1 2 3 4 Interaction

  7. What about other applications? Server (green) These faults more 100 complex than medical 90 device software!! 80 70 60 % detected Why? 50 40 30 20 10 0 1 2 3 4 5 6 Interactions

  8. Others? Browser (magenta) 100 100 90 90 80 80 70 70 60 60 % detected % detected 50 50 40 40 30 30 20 20 10 10 0 0 1 1 2 2 3 3 4 4 5 5 6 6 Interactions Interactions

  9. Still more? NASA Goddard distributed database (light blue) 100 100 100 90 90 90 80 80 80 70 70 70 60 60 60 % detected % detected % detected 50 50 50 40 40 40 30 30 30 20 20 20 10 10 10 0 0 0 1 1 1 2 2 2 3 3 3 4 4 4 5 5 5 6 6 6 Interactions Interactions Interactions

  10. Even more? FAA Traffic Collision Avoidance System module (seeded errors) (purple) 100 100 100 100 90 90 90 90 80 80 80 80 70 70 70 70 60 60 60 60 % detected % detected % detected % detected 50 50 50 50 40 40 40 40 30 30 30 30 20 20 20 20 10 10 10 10 0 0 0 0 1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4 5 5 5 5 6 6 6 6 Interactions Interactions Interactions Interactions

  11. Finally Network security (Bell, 2006) (orange) 100 100 100 100 Curves appear to 90 90 90 90 be similar across 80 80 80 80 a variety of 70 70 70 70 application 60 60 60 60 % detected % detected % detected % detected domains. 50 50 50 50 40 40 40 40 30 30 30 30 20 20 20 20 10 10 10 10 0 0 0 0 1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4 5 5 5 5 6 6 6 6 Interactions Interactions Interactions Interactions

  12. Why this distribution? App / users / SLOC NASA 0 ≈ 10 6 Med. 1000s ≈ 10 3 – 10 4 Server 10s of mill. ≈ 10 5 Browser 10s of mill. ≈ 10 6 TCP/IP 100s of mill. ≈ 10 3

  13. So, how many parameters are involved in really tricky faults? • The interaction rule : most failures are triggered by one or two parameters, and progressively fewer by three, four, or more parameters, and the maximum interaction degree is small. • Maximum interactions for fault triggering was 6 • Popular “pairwise testing” not enough • More empirical work needed • Reasonable evidence that maximum interaction strength for fault triggering is relatively small How does it help me to know this?

  14. How does this knowledge help? If all faults are triggered by the interaction of t or fewer variables, then testing all t -way combinations can provide strong assurance. (taking into account: value propagation issues, equivalence partitioning, timing issues, more complex interactions, . . . ) Still no silver bullet. Rats!

  15. How do we use this knowledge in testing? A simple example

  16. How Many Tests Would It Take?  There are 10 effects, each can be on or off  All combinations is 2 10 = 1,024 tests  What if our budget is too limited for these tests?  Instead, let’s look at all 3-way interactions …

  17. Now How Many Would It Take? 10  There are = 120 3-way interactions. 3  Naively 120 x 2 3 = 960 tests.  Since we can pack 3 triples into each test, we need no more than 320 tests.  Each test exercises many triples: 0 1 1 0 0 0 0 1 1 0 OK, OK, what’s the smallest number of tests we need?

  18. A covering array 10 All triples in only 13 tests, covering 2 3 = 960 combinations 3 Each column is a parameter: Each row is a test: • Developed 1990s • Extends Design of Experiments concept NP hard problem but good algorithms now •

  19. A larger example Suppose we have a system with on-off switches. Software must produce the right response for any combination of switch settings:

  20. How do we test this? 34 switches = 2 34 = 1.7 x 10 10 possible inputs = 1.7 x 10 10 tests

  21. What if we knew no failure involves more than 3 switch settings interacting? • 34 switches = 2 34 = 1.7 x 10 10 possible inputs = 1.7 x 10 10 tests • If only 3-way interactions, need only 33 tests • For 4-way interactions, need only 85 tests

  22. Two ways of using combinatorial testing or here Use combinations here Test case OS CPU Protocol Configuration 1 Windows Intel IPv4 2 Windows AMD IPv6 3 Linux Intel IPv6 4 Linux AMD IPv4 Test Syst ystem data und under t tes est inputs

  23. Testing Configurations • Example: app must run on any configuration of OS, browser, protocol, CPU, and DBMS • Very effective for interoperability testing, being used by NIST for DoD Android phone testing

  24. Testing Smartphone Configurations Some Android configuration options: int ORIENTATION_LANDSCAPE; int HARDKEYBOARDHIDDEN_NO; int ORIENTATION_PORTRAIT; int HARDKEYBOARDHIDDEN_UNDEFINED; int ORIENTATION_SQUARE; int HARDKEYBOARDHIDDEN_YES; int ORIENTATION_UNDEFINED; int KEYBOARDHIDDEN_NO; int SCREENLAYOUT_LONG_MASK; int KEYBOARDHIDDEN_UNDEFINED; int SCREENLAYOUT_LONG_NO; int KEYBOARDHIDDEN_YES; int SCREENLAYOUT_LONG_UNDEFINED; int KEYBOARD_12KEY; int SCREENLAYOUT_LONG_YES; int KEYBOARD_NOKEYS; int SCREENLAYOUT_SIZE_LARGE; int KEYBOARD_QWERTY; int SCREENLAYOUT_SIZE_MASK; int KEYBOARD_UNDEFINED; int SCREENLAYOUT_SIZE_NORMAL; int NAVIGATIONHIDDEN_NO; int SCREENLAYOUT_SIZE_SMALL; int NAVIGATIONHIDDEN_UNDEFINED; int SCREENLAYOUT_SIZE_UNDEFINED; int NAVIGATIONHIDDEN_YES; int TOUCHSCREEN_FINGER; int NAVIGATION_DPAD; int TOUCHSCREEN_NOTOUCH; int NAVIGATION_NONAV; int TOUCHSCREEN_STYLUS; int NAVIGATION_TRACKBALL; int TOUCHSCREEN_UNDEFINED; int NAVIGATION_UNDEFINED; int NAVIGATION_WHEEL;

  25. Configuration option values Parameter Name Values # Values HARDKEYBOARDHIDDEN NO, UNDEFINED, YES 3 KEYBOARDHIDDEN NO, UNDEFINED, YES 3 KEYBOARD 12KEY , NOKEYS, QWERTY , UNDEFINED 4 NAVIGATIONHIDDEN NO, UNDEFINED, YES 3 NAVIGATION DPAD, NONAV, TRACKBALL, UNDEFINED, 5 WHEEL ORIENTATION LANDSCAPE, PORTRAIT, SQUARE, UNDEFINED 4 SCREENLAYOUT_LONG MASK, NO, UNDEFINED, YES 4 SCREENLAYOUT_SIZE LARGE, MASK, NORMAL, SMALL, UNDEFINED 5 TOUCHSCREEN FINGER, NOTOUCH, STYLUS, UNDEFINED 4 Total possible configurations: 3 x 3 x 4 x 3 x 5 x 4 x 4 x 5 x 4 = 172,800

  26. Number of configurations generated for t -way interaction testing, t = 2..6 t # Configs % of Exhaustive 2 29 0.02 3 137 0.08 4 625 0.4 5 2532 1.5 6 9168 5.3

  27. New algorithms • Smaller test sets faster, with a more advanced user interface • First parallelized covering array algorithm • More information per test IPOG ITCH (IBM) Jenny (Open Source) TConfig (U. of Ottawa) TVG (Open Source) T-Way Size Time Size Time Size Time Size Time Size Time 2 100 0.8 120 0.73 108 0.001 108 >1 hour 101 2.75 3 400 0.36 2388 1020 413 0.71 472 >12 hour 9158 3.07 4 1363 3.05 1484 5400 1536 3.54 1476 >21 hour 64696 127 >1 4226 NA 18s 4580 5 43.54 NA >1 day 313056 1549 day 6 10941 65.03 NA >1 day 11625 470 NA >1 day 1070048 12600 Traffic Collision Avoidance System (TCAS): 2 7 3 2 4 1 10 2 Times in seconds

  28. ACTS - Defining a new system

  29. Variable interaction strength

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Combinatorial Testing Rick Kuhn NIST Computer Security Division NIST Combinatorial Testing

Combinatorial Testing Rick Kuhn NIST Computer Security Division NIST Combinatorial Testing

Combinatorial Testing Rick Kuhn NIST Computer Security Division NIST Combinatorial Testing Applying empirical results to reduce the cost of testing. Example: 2.5 year study ~ 20% lower test development cost and 20% - 50% better

479 views • 13 slides
Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E.

Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E.

Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E. Simos SBA Research Applied &amp; Computational Mathematics Division Seminar Series National Institute of Standards and Technology (NIST) Gaithersburg,

675 views • 50 slides
Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD

Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD

Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD NDIA Software Test and Evaluation Summit Sept 16, 2009 What is NIST? A US Government agency The nations measurement and testing

537 views • 40 slides
Introduction to Combinatorial Testing Rick Kuhn National Institute of Standards and Technology

Introduction to Combinatorial Testing Rick Kuhn National Institute of Standards and Technology

Introduction to Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD Carnegie-Mellon University, 7 June 2011 What is NIST and why are we doing this? A US Government agency The nations

770 views • 48 slides
Combinatorial Testing Of ACTS: A Case Study Mehra N.Borazjany, Linbin Yu, Yu Lei - UTA Raghu

Combinatorial Testing Of ACTS: A Case Study Mehra N.Borazjany, Linbin Yu, Yu Lei - UTA Raghu

Combinatorial Testing Of ACTS: A Case Study Mehra N.Borazjany, Linbin Yu, Yu Lei - UTA Raghu Kacker, Rick Kuhn - NIST 4/17/12 Outline Introduction Major Features of ACTS Input Parameter Modeling Experiments Conclusion

455 views • 26 slides
Combinatorial Testing Automated testing and J.P . Galeotti - Alessandra Gorla verification

Combinatorial Testing Automated testing and J.P . Galeotti - Alessandra Gorla verification

Combinatorial Testing Automated testing and J.P . Galeotti - Alessandra Gorla verification Wednesday, November 28, 12 Combinatorial testing: Basic idea Identify distinct attributes that can be varied In the data, environment, or

1.02k views • 52 slides
Combinatorial Interaction Testing Justyna Petke C entre for R esearch in E volution, S earch and

Combinatorial Interaction Testing Justyna Petke C entre for R esearch in E volution, S earch and

Combinatorial Interaction Testing Justyna Petke C entre for R esearch in E volution, S earch and T esting University College London CREST Using materials from: http://cse.unl.edu/ citportal/ http://csrc.nist.gov/groups/SNS/acts/ftfi.html

2.09k views • 182 slides
Combinatorial Interaction Testing for Test Selection in Grammar-Based Testing Elke Salecker,

Combinatorial Interaction Testing for Test Selection in Grammar-Based Testing Elke Salecker,

Combinatorial Interaction Testing for Test Selection in Grammar-Based Testing Elke Salecker, Sabine Glesner Technical University of Berlin, Germany Workshop on Combinatorial Testing (CT) 2012 Montreal, Canada Introduction Background Approach

632 views • 45 slides
NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov

NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov

NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov ICANN Meeting Oct. 15 th , 2014 Los Angeles CA First, A Bit of History 2011 USG DNSSEC Tiger Team has a 2 nd goal: authenticated email

308 views • 4 slides
Combinatorial Testing and Covering Arrays Lucia Moura School of Electrical Engineering and

Combinatorial Testing and Covering Arrays Lucia Moura School of Electrical Engineering and

Combinatorial Software Testing Covering Arrays Combinatorial Testing and Covering Arrays Lucia Moura School of Electrical Engineering and Computer Science University of Ottawa lucia@eecs.uottawa.ca Winter 2017 Combinatorial Testing and

569 views • 19 slides
Learning objectives Understand rationale and basic approach for systematic combinatorial

Learning objectives Understand rationale and basic approach for systematic combinatorial

Learning objectives Understand rationale and basic approach for systematic combinatorial testing Learn how to apply some representative Combinatorial testing combinatorial approaches Category-partition testing Pairwise

558 views • 14 slides
NIST Gaithersburgs Approach to a Solar PV Array Project John.R.Bollinger@nist.gov 2 NIST

NIST Gaithersburgs Approach to a Solar PV Array Project John.R.Bollinger@nist.gov 2 NIST

NIST Gaithersburgs Approach to a Solar PV Array Project John.R.Bollinger@nist.gov 2 NIST had awarded larger ESPC ($45M) with 4 ECMs the previous year (June 2015) Non-selected ECM was fixed-tilt, ground-mounted solar array on federal

559 views • 17 slides
Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD

Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD

Combinatorial Testing Rick Kuhn National Institute of Standards and Technology Gaithersburg, MD Carnegie-Mellon University, 26 January 2010 Tutorial Overview 1. Why are we doing this? 2. What is combinatorial testing? 3. How is it used and

966 views • 79 slides
Personnel Demonstration Project 1 BACKGROUND Clone of the NIST Demonstration Project. DOC

Personnel Demonstration Project 1 BACKGROUND Clone of the NIST Demonstration Project. DOC

U. S. DEPARTMENT OF COMMERCE Personnel Demonstration Project 1 BACKGROUND Clone of the NIST Demonstration Project. DOC Demonstration Project tests NIST innovations in different environments Five year project began March 27, 1998

361 views • 24 slides
A .NET-based Test-Data Generator for Combinatorial Grammar- and Schema-based Testing Vadim

A .NET-based Test-Data Generator for Combinatorial Grammar- and Schema-based Testing Vadim

A .NET-based Test-Data Generator for Combinatorial Grammar- and Schema-based Testing Vadim Zaytsev with: Ralf L ammel (VU), Wolfram Schulte (MSR) 14 April 2004 Grammar ware grammars grammar-dependent software In this project:

450 views • 17 slides
NIST CRYPTOGRAPHIC CONFORMANCE TESTING UPDATE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

NIST CRYPTOGRAPHIC CONFORMANCE TESTING UPDATE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

NIST CRYPTOGRAPHIC CONFORMANCE TESTING UPDATE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY INFORMATION TECHNOLOGY LABORATORY COMPUTER SECURITY DIVISION SECURITY TESTING, VALIDATION, AND MEASUREMENT MICHAEL COOPER MANAGER STVM ISPAB June

767 views • 19 slides
Eisenhower/Johnson Memorial Tunnel Fixed Fire Suppression System Project Information Meeting August

Eisenhower/Johnson Memorial Tunnel Fixed Fire Suppression System Project Information Meeting August

Eisenhower/Johnson Memorial Tunnel Fixed Fire Suppression System Project Information Meeting August 21, 2013 1 Project Location 2 Project Partners/Stakeholders CDOT FHWA Colorado Department of Labor and Employment 3 Project

465 views • 24 slides
69 th Interdepartmental Hurricane Conference March 3, 2015 CAPT Harris B. Halverson II, NOAA

69 th Interdepartmental Hurricane Conference March 3, 2015 CAPT Harris B. Halverson II, NOAA

69 th Interdepartmental Hurricane Conference March 3, 2015 CAPT Harris B. Halverson II, NOAA Commanding Officer NOAA Aircraft Operations Center . AGENDA The Current Fleet of NOAA Aircraft 2014 Hurricane Season A Tale of Two Oceans

561 views • 32 slides
FENGYUN Satellite Data and Products Application Maldives Meteorological Service Country report

FENGYUN Satellite Data and Products Application Maldives Meteorological Service Country report

FENGYUN Satellite Data and Products Application Maldives Meteorological Service Country report By : Ahmed Rashed Email: ahmed.rasheed@met.gov.mv Outline The Maldives, Weather &amp; Climate, Weather Observation and Forecast guidance.

1.5k views • 16 slides
Toward the mitigation of water disaster in Indochina: Efforts to make radar composite maps over

Toward the mitigation of water disaster in Indochina: Efforts to make radar composite maps over

Toward the mitigation of water disaster in Indochina: Efforts to make radar composite maps over borders Takehiko Satomura Graduate School of Science, Kyoto University Radar-Raingauge Analyzed Precipitation in Japan Radar precipitation map

419 views • 23 slides
City Hall in Your Neighborhood Saco Middle School - June 28, 2016 Administration Department

City Hall in Your Neighborhood Saco Middle School - June 28, 2016 Administration Department

City Hall in Your Neighborhood Saco Middle School - June 28, 2016 Administration Department Council Goals: Advocate a successful bond approval for the replacement of Young School by November Actively participate in re-energizing the

339 views • 15 slides
Coding for Different Android Screen sizes and Density By

Coding for Different Android Screen sizes and Density By

Coding for Different Android Screen sizes and Density By Robin Srivastava Intended Audience Developers of Android apps Any technological enthusiast

603 views • 32 slides
EXECUTIVE SUMMARY Confjdential Market Planning Document All persons who receive this Document

EXECUTIVE SUMMARY Confjdential Market Planning Document All persons who receive this Document

CONCRETE SOLUTIONS EXECUTIVE SUMMARY Confjdential Market Planning Document All persons who receive this Document agree that they will hold the contacts and all the enclosures and related documents in the strictest confjdence. Recipients or

505 views • 26 slides
The total effect of installation of Double Bundle-type HeatPump System Installation place:

The total effect of installation of Double Bundle-type HeatPump System Installation place:

The total effect of installation of Double Bundle-type HeatPump System Installation place: (Indonesia AXIA South Cikarang Manufacture : (Japan) Zeneral Heatpump Corporation Todays presenter AXIA South Cikarang (TTLR)

381 views • 12 slides

More recommend