Presentation is loading. Please wait.

Presentation is loading. Please wait.

Simplifying failure Inducing input Vikas, Purdue.

Published byJohnathan Snow Modified over 8 years ago

Similar presentations

Presentation on theme: "Simplifying failure Inducing input Vikas, Purdue."— Presentation transcript:

1 Simplifying failure Inducing input Vikas, Purdue

2 Problem when testing a program some test case fails how to find the bug ??  problems!!!  test input is huge – 800 lines say  do a binary search manually ?  how much time ?

3 Problem - example Mozilla web browser  1999  bugzilla listed more than 370 bug reports  faced imminent doom !!  opened a program 'Bug a Thorn' who ever finds bugs will get a prize Finding bug is a SERIOUS PROBLEM

4 Problem – example one of the bug Mozilla crashed after 95 user actions It was not able to print a particular html page of 895 lines  simplified to 3 user actions  html page simplified to 1 line Now – 895 lines of input simplified to just 1 line !!

5 How to solve? “Delta Debugging algorithm“  take a failing test case  and take a passing test case  simplify tat and produce a minimal test case  the simplified test case still produces the failure

6 Example - Continued

7 Conflicting issues Decomposing a specific bug report into simple test case  A bug report should be as specific as possible  on the other hand test case should be as simple as possible Test case simplification does both!  allows for short problem descriptions  subsumes all details in bug report

8 Delta Debugging – how Define what is a successful test case Feed with a failing test case Ddmin simplifies it by successive testing Stop when a minimal test case is reached Now removing any single input entity would cause the failure to disappear

9 Analogous example-flight simulation problem – flight crashes few seconds after take off, how do we find the bug??  repeat the situation over again and again under changed circumstances  find out what is relevant and what is not relevant  eg, leave the passenger seats – still crashes  eg, leave the coffee vending machine – still crashes !  hence both of them are irrelevant

10 Example continued - DDMin

11 DDMin Not only minimises the failing input Also maximises the the passing input Not only limited to html input, character input nor to program input can be applied to all circumstances that can make a program crash or those which will affect the program execution

12 input

13 Assumptions – reasons for failure program code data from storage or input devices the programs environment the specific hardware the operating system “All the above are called circumstances”

14 Changes that cause failure We are interested only in the changeble circumstances These changeable circumstances make up the program input in most of the cases

15 Definitions

16 What is the change ?? ( delta ) - decomposition? No specific way to get the changes. html example  delta can be a single character  can be a single tag  can be a single line also HOW TO DECOMPOSE THEM??

17 Definitions – composition of changes

18 Definitions - Test cases and tests According to POSIX starndart for testing  the test can succeed  the test can fail  the test produce intermediate result We need a function 'rtest' that takes a program run and gives one of the above output.

19 Definitions – test case and test

20 Test cases

21 Minimizing test case

22 Minimizing algorithm

23

24 The Algorithm

25 Complexity of DDMin Complexity of DDMin is Cx2 + 3Cx Worst case 2 phases  1. When every test has an unresolved input then we go till the maximum granularity of Cx # of tests to be carried out is 2+4+8+.... + 2 Cx ~= 4Cx  2. When testing the last complement fails (∆n) results in Cx-1 calls Total : 2(Cx-1)+2(Cx-2)+.....+2=~Cx2-Cx Add up everything :- 4Cx + Cx2 - Cx

26 Minimizing algorithm 2 8 16

27 Case Study1 – GCC gets a fatal signal! - run in WYNOT a program bug.c crashes when compiled with gcc but the program crashes only with some optimization options given does not crash with all optimizations enabled! code is 755 characters – each character a component ( hence, may have a lot of useless C code )

28 Case study 1 size of Z = 1 Z[1] will segfault

29 Minimizing the test case 177 100 77

30 Minimizing Gcc options gcc -o -fforce-addr bug.c

31 Case study – Mozilla crashing One of the bug report in Mozilla firefox Following operations cause Mozilla to crash  Start Mozilla  Go to bugzilla.mozilla.org  Print to file setting the margins to.50  Once its done printing do the exact same thing on the same file ( /var/tmp/netscape.ps )  This causes browser to crash with a segfault

32 Mozilla crashes Mozilla input consists of two items 1. The sequence of input events  ie the succession of mouse motions  pressed keys and clicked buttons  used XLAB to capture – 711 actions 2. HTML code of the erroneous www page

33 Mozilla crashes out of 711 actions – only 95 were user actions, rest were notifications by X server out of 95 user actions only 3 are left after 82 test runs.  Invoke Print dialog  Press mouse button 1 on the print button  release mouse button 1

34 Mozilla crashes 82 runs, 3 user actions 95 user actions

35 Mozilla crashes – excerpt of input

36 Mozilla crashes – sample run

37 Mozilla crashes - run 896 lines !!! 58 runs, 1 line

38 Mozilla crashes ! - 1 line - is the culprit or its just in other words, the bug report is now just  Create an HTML page containing “ ”  Load the page and print it using Alt+P command  the browser crashes with a segmentation fault  or – printing the crashes !!

39 Minimizing fuzz bart Miller and his team examined the robustness of UNIX utilities by sending fuzz input ( a huge number of random characters )  found that 40% of the basic programs crashed or went into infinite loops ddmin algorithm was tested on fuzz input sequences  for NROFF, TROFF, GLEX, CRTPLOT, UL,UNITS

40 Minimizing fuzz

41

42 Simplifying failure inducing input The 3 case studies discussed show that  the larger the size of the simplified input, the higher is the number of tests required  because determining 1-minimality of a test case with n entities req atleast n tests  because each individual entity is removed and tested  for flex, the number of tests vary upto 10 4 for low precision to 36,000 for high precision.

43 other approaches ? Simply stop the process when a certain time limit is reached Simply stop the process when the input test case is reduced by a certain extent Better approach is 'Isolation'  Find one relevant part of the test case.removing this particular part makes the failure go away.  Simplifying meant that – the simplified test case had all the relevant parts

44 Isolating example 7 tests!!

45 Simplyfying 26 tests

46 Isolation

47 Future work Domain specific methods  knowledge about the input structure can very much enhance the performance  for ex – valid program inputs are described by grammars, would be nice to rely on such grammars  can exclude syntactically invalid inputs

Download ppt "Simplifying failure Inducing input Vikas, Purdue."

Similar presentations

Debugging ACL Scripts.

Debugging ACL Scripts.
Software Development Languages and Environments. Programming languages High level languages are problem orientated contain many English words are easier.

Software Development Languages and Environments. Programming languages High level languages are problem orientated contain many English words are easier.
Delta Debugging and Model Checkers for fault localization

Delta Debugging and Model Checkers for fault localization
Chapter 1 An Overview of Computers and Programming Languages.

Chapter 1 An Overview of Computers and Programming Languages.
Debugging What can debuggers do? Run programs Make the program stops on specified places or on specified conditions Give information about current variables’

Debugging What can debuggers do? Run programs Make the program stops on specified places or on specified conditions Give information about current variables’
CompSci 4 6.1 Applets & Video Games. CompSci 4 6.2 Applets & Video Games The Plan  Applets  Demo on making and running a simple applet from scratch.

CompSci Applets & Video Games. CompSci Applets & Video Games The Plan  Applets  Demo on making and running a simple applet from scratch.
Simplifying and Isolating Failure-Inducing Input Presented by Nir Peer University of Maryland Andreas Zeller Saarland University, Germany Ralf Hildebrandt.

Simplifying and Isolating Failure-Inducing Input Presented by Nir Peer University of Maryland Andreas Zeller Saarland University, Germany Ralf Hildebrandt.
CS590Z Delta Debugging Xiangyu Zhang (slides adapted from Tevfik Bultan’s )

CS590Z Delta Debugging Xiangyu Zhang (slides adapted from Tevfik Bultan’s )
1 Lab Session-2 CSIT 121 Spring 2005 Debugging Tips NiMo’s Varying Rates Lab-2 Exercise.

1 Lab Session-2 CSIT 121 Spring 2005 Debugging Tips NiMo’s Varying Rates Lab-2 Exercise.
8 November Forms and JavaScript. Types of Inputs Radio Buttons (select one of a list) Checkbox (select as many as wanted) Text inputs (user types text)

8 November Forms and JavaScript. Types of Inputs Radio Buttons (select one of a list) Checkbox (select as many as wanted) Text inputs (user types text)
272: Software Engineering Fall 2008 Instructor: Tevfik Bultan Lecture 17: Automated Debugging.

272: Software Engineering Fall 2008 Instructor: Tevfik Bultan Lecture 17: Automated Debugging.
PRE-PROGRAMMING PHASE

PRE-PROGRAMMING PHASE
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.

CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
50.530: Software Engineering Sun Jun SUTD. Week 3: Delta Debugging.

50.530: Software Engineering Sun Jun SUTD. Week 3: Delta Debugging.
Delta Debugging CS 6340. 2 All Windows 3.1 Windows 95 Windows 98 Windows ME Windows 2000 Windows NT Mac System 7 Mac System 7.5 Mac System 7.6.1 Mac System.

Delta Debugging CS All Windows 3.1 Windows 95 Windows 98 Windows ME Windows 2000 Windows NT Mac System 7 Mac System 7.5 Mac System Mac System.
Principles of Programming Chapter 1: Introduction  In this chapter you will learn about:  Overview of Computer Component  Overview of Programming 

Principles of Programming Chapter 1: Introduction  In this chapter you will learn about:  Overview of Computer Component  Overview of Programming 
Dr. Pedro Mejia Alvarez Software Testing Slide 1 Software Testing: Building Test Cases.

Dr. Pedro Mejia Alvarez Software Testing Slide 1 Software Testing: Building Test Cases.
Thrive Installation.

Thrive Installation.
WaveMaker Visual AJAX Studio 4.0 Training Troubleshooting.

WaveMaker Visual AJAX Studio 4.0 Training Troubleshooting.
CS 0004 –Lecture 1 Wednesday, Jan 5 th, 2011 Roxana Gheorghiu.

CS 0004 –Lecture 1 Wednesday, Jan 5 th, 2011 Roxana Gheorghiu.

Similar presentations

Ads by Google