Mutation testing: Difference between revisions
m compound modifier |
|||
(250 intermediate revisions by more than 100 users not shown) | |||
Line 1: | Line 1: | ||
{{Short description|Method of software testing}} |
|||
: ''For the biological term, see: [[Gene mutation analysis]]''. |
|||
{{redirect|Mutation analysis|the biological term|Gene mutation analysis}} |
|||
{{Portal|Software Testing}} |
|||
'''Mutation testing''' (or ''Mutation analysis'' or ''Program mutation'') is a method of [[software testing]], which involves modifying programs' [[source code]] or [[byte code]] in small ways.<ref>[http://cs.gmu.edu/~offutt/rsrch/papers/practical.pdf A Practical System for Mutation Testing: Help for the Common Programmer] by A. Jefferson Offutt.</ref> A test suite that does not detect and reject the mutated code is considered defective. These so-called ''mutations'', are based on well-defined ''mutation operators'' that either mimic typical programming errors (such as using the wrong operator or variable name) or force the creation of valuable tests (such as driving each expression to zero). The purpose is to help the tester develop effective tests or locate weaknesses in the test data used for the program or in sections of the code that are seldom or never accessed during [[Execution (computers)|execution]]. |
|||
'''Mutation testing''' (or ''mutation analysis'' or ''program mutation'') is used to design new software tests and evaluate the quality of existing software tests. Mutation testing involves modifying a program in small ways.<ref name=DLS1978 /> Each mutated version is called a ''mutant'' and tests detect and reject mutants by causing the behaviour of the original version to differ from the mutant. This is called ''killing'' the mutant. Test suites are measured by the percentage of mutants that they kill. New tests can be designed to kill additional mutants. Mutants are based on well-defined ''mutation operators'' that either mimic typical programming errors (such as using the wrong operator or variable name) or force the creation of valuable tests (such as dividing each expression by zero). The purpose is to help the tester develop effective tests or locate weaknesses in the test data used for the program or in sections of the code that are seldom or never accessed during [[Execution (computers)|execution]]. Mutation testing is a form of [[white-box testing]].<ref>{{Citation|last=Ostrand|first=Thomas|title=White-Box Testing|date=2002|url=https://onlinelibrary.wiley.com/doi/abs/10.1002/0471028959.sof378|encyclopedia=Encyclopedia of Software Engineering|publisher=American Cancer Society|language=en|doi=10.1002/0471028959.sof378|isbn=978-0-471-02895-6|access-date=2021-03-16}}</ref><ref>{{Cite book|last=Misra|first=S.|title=CCECE 2003 - Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436) |chapter=Evaluating four white-box test coverage methodologies |date=2003|chapter-url=https://ieeexplore.ieee.org/document/1226246|location=Montreal, Que., Canada|publisher=IEEE|volume=3|pages=1739–1742|doi=10.1109/CCECE.2003.1226246|isbn=978-0-7803-7781-3|s2cid=62549502 }}</ref> |
|||
== Aim == |
|||
==Introduction== |
|||
Tests can be created to verify the correctness of the implementation of a given software system. But the creation of tests still poses the question whether the tests are correct and sufficiently cover the requirements that have originated the implementation. (This technological problem is itself an instance of a deeper philosophical problem named "[[Quis custodiet ipsos custodes?]]" ["Who will guard the guards?"].) In this context, mutation testing was pioneered in the 1970s to locate and expose weaknesses in [[test suite]]s. The theory was that if a mutation was introduced without the behavior (generally [[output]]) of the program being affected, this indicated either that the code that had been mutated was never executed (redundant code) or that the testing suite was unable to locate the [[Fault injection|injected fault]]. In order for this to function at any scale, a large number of mutations had to be introduced into a large program, leading to the compilation and execution of an extremely large number of copies of the program. This problem of the expense of mutation testing had reduced its practical use as a method of software testing, but the increased use of [[object oriented programming language]]s and [[unit testing]] frameworks has led to the creation of mutation testing tools for many programming languages as a means to test individual portions of an application. |
|||
Most of this article is about "program mutation", in which the program is modified. A more general definition of ''mutation analysis'' is using well-defined rules defined on syntactic structures to make systematic changes to software artifacts.<ref name="AmmannOffutt2008">Paul Ammann and Jeff Offutt. Introduction to Software Testing. Cambridge University Press, 2008.</ref> Mutation analysis has been applied to other problems, but is usually applied to testing. So ''mutation testing'' is defined as using mutation analysis to design new software tests or to evaluate existing software tests.<ref name="AmmannOffutt2008"/> Thus, mutation analysis and testing can be applied to design models, specifications, databases, tests, XML, and other types of software artifacts, although program mutation is the most common.<ref>{{cite journal| journal = CREST Centre, King's College London, Technical Report TR-09-06 | title = An Analysis and Survey of the Development of Mutation Testing | first1=Yue | last1=Jia | first2=Mark | last2=Harman | authorlink2=Mark Harman (computer scientist) | date=September 2009 | volume = 37 | issue = 5 | pages = 649–678 | doi = 10.1109/TSE.2010.62 | s2cid = 6853229 | url = https://pdfs.semanticscholar.org/3277/8a2eb4c74cd437e922ac1eb6a1477dfcb925.pdf | archive-url = https://web.archive.org/web/20171204061252/https://pdfs.semanticscholar.org/3277/8a2eb4c74cd437e922ac1eb6a1477dfcb925.pdf | url-status = dead | archive-date = 2017-12-04 }}</ref> |
|||
==Overview== |
|||
== Historical overview == |
|||
Tests can be created to verify the correctness of the implementation of a given software system, but the creation of tests still poses the question whether the tests are correct and sufficiently cover the requirements that have originated the implementation.<ref>{{cite book | first1=Aristides | last1=Dasso | first2=Ana | last2=Funes | title=Verification, Validation and Testing in Software Engineering |publisher=Idea Group Inc | year=2007| isbn=978-1591408512}}</ref> (This technological problem is itself an instance of a deeper philosophical problem named "[[Quis custodiet ipsos custodes?]]" ["Who will guard the guards?"].) The idea behind mutation testing is that if a mutant is introduced, this normally causes a bug in the program's functionality which the tests should find. This way, the tests are tested. If a mutant is not detected by the test suite, this typically indicates that the test suite is unable to locate the faults represented by the mutant, but it can also indicate that the mutation introduces no faults, that is, the mutation is a valid change that does not affect functionality. One (common) way a mutant can be valid is that the code that has been changed is "dead code" that is never executed. |
|||
For mutation testing to function at scale, a large number of mutants are usually introduced, leading to the compilation and execution of an extremely large number of copies of the program. This problem of the expense of mutation testing had reduced its practical use as a method of software testing. However, the increased use of [[object oriented programming language]]s and [[unit testing]] frameworks has led to the creation of mutation testing tools that test individual portions of an application. |
|||
Mutation testing was originally proposed by Richard Lipton as a student in 1971,<ref>[http://cs.gmu.edu/~offutt/rsrch/papers/mut00.pdf Mutation 2000: Uniting the Orthogonal] by A. Jefferson Offutt and Roland H. Untch.</ref> and first developed and published by DeMillo, Lipton and Sayward. The first implementation of a mutation testing tool was by [[Timothy Budd]] as part of his [[PhD]] work (titled ''Mutation Analysis'') in 1980 from [[Yale University]]. |
|||
==Goals== |
|||
Recently, with the availability of massive computing power, there has been a resurgence of mutation analysis within the computer science community, and work has been done to define methods of applying mutation testing to [[object oriented programming language]]s and [[non-procedural language]]s such as [[XML]], [[Symbolic Model Verification|SMV]], and [[finite state machines]]. |
|||
The goals of mutation testing are multiple: |
|||
In 2004 a company called Certess Inc. extended many of the principles into the hardware verification domain. Whereas mutation analysis only expects to detect a difference in the output produced, Certess extends this by verifying that a checker in the testbench will actually detect the difference. This extension means that all three stages of verification, namely: activation, propagation and detection are evaluated. They have called this functional qualification. |
|||
* identify weakly tested pieces of code (those for which mutants are not killed)<ref name=DLS1978 /> |
|||
* identify weak tests (those that never kill mutants)<ref name="Smith2008"/> |
|||
* compute the mutation score,<ref name="AmmannOffutt2008"/> the mutation score is the number of mutants killed / total number of mutants. |
|||
* learn about error propagation and state infection in the program |
|||
==History== |
|||
[[Fuzzing]] is a special area of mutation testing. In fuzzing, the messages or data exchanged inside communication interfaces (both inside and between software instances) are mutated, in order to catch failures or differences in processing the data. [[Codenomicon]]<ref>[http://www.codenomicon.com/resources/publications.shtml Kaksonen, Rauli. A Functional Method for Assessing Protocol Implementation Security (Licentiate thesis). Espoo. 2001.]</ref> (2001) and [[Mu Dynamics]] (2005) evolved [[Fuzz testing|fuzzing]] concepts to a fully stateful mutation testing platform, complete with monitors for thoroughly exercising protocol implementations. |
|||
Mutation testing was originally proposed by Richard Lipton as a student in 1971,<ref name="mutation2000">[http://cs.gmu.edu/~offutt/rsrch/papers/mut00.pdf Mutation 2000: Uniting the Orthogonal] {{Webarchive|url=https://web.archive.org/web/20110928184359/http://cs.gmu.edu/~offutt/rsrch/papers/mut00.pdf |date=2011-09-28 }} by [[Jeff Offutt|A. Jefferson Offutt]] and Roland H. Untch.</ref> and first developed and published by DeMillo, Lipton and Sayward.<ref name="DLS1978">Richard A. DeMillo, Richard J. Lipton, and Fred G. Sayward. Hints on test data selection: Help for the practicing programmer. IEEE Computer, 11(4):34-41. April 1978.</ref> The first implementation of a mutation testing tool was by Timothy Budd as part of his [[PhD]] work (titled ''Mutation Analysis'') in 1980 from [[Yale University]].<ref name="Budd1980">Tim A. Budd, Mutation Analysis of Program Test Data. PhD thesis, Yale University New Haven CT, 1980.</ref> |
|||
Recently, with the availability of massive computing power, there has been a resurgence of mutation analysis within the computer science community, and work has been done to define methods of applying mutation testing to [[object oriented programming language]]s and non-procedural languages such as [[XML]], [[Symbolic Model Verification|SMV]], and [[finite-state machine]]s. |
|||
== Mutation testing overview == |
|||
Mutation testing is done by selecting a set of mutation operators and then applying them to the source program one at a time for each applicable piece of the source code. The result of applying one mutation operator to the program is called a ''mutant''. If the test suite is able to detect the change (i.e. one of the tests fails), then the mutant is said to be ''killed''. |
|||
In 2004, a company called Certess Inc. (now part of [[Synopsys]]) extended many of the principles into the hardware verification domain. Whereas mutation analysis only expects to detect a difference in the output produced, Certess extends this by verifying that a checker in the testbench will actually detect the difference. This extension means that all three stages of verification, namely: activation, propagation, and detection are evaluated. They called this functional qualification. |
|||
[[Fuzzing]] can be considered to be a special case of mutation testing. In fuzzing, the messages or data exchanged inside communication interfaces (both inside and between software instances) are mutated to catch failures or differences in processing the data. [[Codenomicon]]<ref>[http://www.codenomicon.com/resources/publications.shtml Kaksonen, Rauli. A Functional Method for Assessing Protocol Implementation Security (Licentiate thesis). Espoo. 2001.]</ref> (2001) and [[Mu Dynamics]] (2005) evolved fuzzing concepts to a fully stateful mutation testing platform, complete with monitors for thoroughly exercising protocol implementations. |
|||
==Mutation testing overview== |
|||
Mutation testing is based on two hypotheses. The first is the ''competent programmer'' hypothesis. This hypothesis states that competent programmers write programs that are close to being correct.<ref name=DLS1978 /> "Close" is intended to be based on behavior, not syntax. The second hypothesis is called the ''coupling effect''. The coupling effect asserts that simple faults can cascade or ''couple'' to form other emergent faults.<ref name="Offut1992">A. Jefferson Offutt. 1992. Investigations of the software testing coupling effect. ACM Trans. Softw. Eng. Methodol. 1, 1 (January 1992), 5-20.</ref><ref name="ABDLS1979">A. T. Acree, T. A. Budd, R. A. DeMillo, R. J. Lipton, and F. G. Sayward, "Mutation Analysis," Georgia Institute of Technology, Atlanta, Georgia, Technique Report GIT-ICS-79/08, 1979.</ref> |
|||
Subtle and important faults are also revealed by higher-order mutants, which further support the coupling effect.<ref name="JH2008">Yue Jia; Harman, M., "Constructing Subtle Faults Using Higher Order Mutation Testing," Source Code Analysis and Manipulation, 2008 Eighth IEEE International Working Conference on , vol., no., pp.249,258, 28-29 Sept. 2008</ref><ref name="Umar2008">Maryam Umar, "An Evaluation of Mutation Operators For Equivalent Mutants," MS Thesis, 2006</ref><ref name="Smith2008">Smith B., "On Guiding Augmentation of an Automated Test Suite via Mutation Analysis," 2008</ref><ref name="PP2009">Polo M. and Piattini M., "Mutation Testing: practical aspects and cost analysis," University of Castilla-La Mancha (Spain), Presentation, 2009</ref><ref name="Anderson2011">Anderson S., "Mutation Testing", the University of Edinburgh, School of Informatics, Presentation, 2011</ref> Higher-order mutants are enabled by creating mutants with more than one mutation. |
|||
Mutation testing is done by selecting a set of mutation operators and then applying them to the source program one at a time for each applicable piece of the source code. The result of applying one mutation operator to the program is called a ''mutant''. If the test suite is able to detect the change (i.e. one of the tests fails), then the mutant is said to be ''killed''. |
|||
For example, consider the following C++ code fragment: |
For example, consider the following C++ code fragment: |
||
< |
<syntaxhighlight lang="cpp"> |
||
if (a && b) { |
if (a && b) { |
||
c = 1; |
c = 1; |
||
Line 27: | Line 43: | ||
c = 0; |
c = 0; |
||
} |
} |
||
</syntaxhighlight> |
|||
</source> |
|||
The condition mutation operator would replace <code>&&</code> with <code>||</code> and produce the following mutant: |
The condition mutation operator would replace <code>&&</code> with <code>||</code> and produce the following mutant: |
||
< |
<syntaxhighlight lang="cpp"> |
||
if (a || b) { |
if (a || b) { |
||
c = 1; |
c = 1; |
||
Line 36: | Line 52: | ||
c = 0; |
c = 0; |
||
} |
} |
||
</syntaxhighlight> |
|||
</source> |
|||
Now, for the test to kill this mutant, the following |
Now, for the test to kill this mutant, the following three conditions should be met: |
||
# A test must ''reach'' the mutated statement. |
|||
* Test input data should cause different program states for the mutant and the original program. For example, a test with <code>a = 1</code> and <code>b = 0</code> would do this. |
|||
# Test input data should ''infect'' the program state by causing different program states for the mutant and the original program. For example, a test with <code>a = 1</code> and <code>b = 0</code> would do this. |
|||
* The value of 'c' should be propagated to the program's output and checked by the test. |
|||
# The incorrect program state (the value of 'c') must ''propagate'' to the program's output and be checked by the test. |
|||
These conditions are collectively called the ''RIP model''.<ref name="mutation2000" /> |
|||
''Weak mutation testing'' (or ''weak mutation coverage'') requires that only the first condition is satisfied. ''Strong mutation testing'' requires that both conditions are satisfied. Strong mutation is more powerful, since it ensures that the test suite can really catch the problems. Weak mutation is closely related to [[code coverage]] methods. It requires much less computing power to ensure that the test suite satisfies weak mutation testing than strong mutation testing. |
|||
''Weak mutation testing'' (or ''weak mutation coverage'') requires that only the first and second conditions are satisfied. ''Strong mutation testing'' requires that all three conditions are satisfied. Strong mutation is more powerful, since it ensures that the test suite can really catch the problems. Weak mutation is closely related to [[code coverage]] methods. It requires much less computing power to ensure that the test suite satisfies weak mutation testing than strong mutation testing. |
|||
== Equivalent mutants == |
|||
Many mutation operators can produce equivalent mutants. For example, consider the following code fragment: |
|||
<source lang="cpp"> |
|||
int index = 0; |
|||
However, there are cases where it is not possible to find a test case that could kill this mutant. The resulting program is behaviorally equivalent to the original one. Such mutants are called ''equivalent mutants''. |
|||
while (…) |
|||
{ |
|||
…; |
|||
index++; |
|||
Equivalent mutants detection is one of biggest obstacles for practical usage of mutation testing. The effort needed to check if mutants are equivalent or not can be very high even for small programs.<ref>P. G. Frankl, S. N. Weiss, and C. Hu. All-uses versus mutation testing: An experimental comparison of effectiveness. ''Journal of Systems and Software'', 38:235–253, 1997.</ref> A 2014 systematic literature review of a wide range of approaches to overcome the Equivalent Mutant Problem<ref>[http://madeyski.e-informatyka.pl/download/Madeyski13TSE.pdf Overcoming the Equivalent Mutant Problem: A Systematic Literature Review and a Comparative Experiment of Second Order Mutation] by L. Madeyski, W. Orzeszyna, R. Torkar, M. Józala. ''IEEE Transactions on Software Engineering''</ref> identified 17 relevant techniques (in 22 articles) and three categories of techniques: detecting (DEM); suggesting (SEM); and avoiding equivalent mutant generation (AEMG). The experiment indicated that Higher Order Mutation in general and JudyDiffOp strategy in particular provide a promising approach to the Equivalent Mutant Problem. |
|||
if (index == 10) { |
|||
break; |
|||
In addition to equivalent mutants, there are ''subsumed mutants'' which are mutants that exist in the same source code location as another mutant, and are said to be "subsumed" by the other mutant. Subsumed mutants are not visible to a mutation testing tool, and do not contribute to coverage metrics. For example, let's say you have two mutants, A and B, that both change a line of code in the same way. Mutant A is tested first, and the result is that the code is not working correctly. Mutant B is then tested, and the result is the same as with mutant A. In this case, Mutant B is considered to be subsumed by Mutant A, since the result of testing Mutant B is the same as the result of testing Mutant A. Therefore, Mutant B does not need to be tested, as the result will be the same as Mutant A. |
|||
} |
|||
==Mutation operators== |
|||
To make syntactic changes to a program, a mutation operator serves as a guideline that substitutes portions of the source code. Given that mutations depend on these operators, scholars have created a collection of mutation operators to accommodate different programming languages, like Java. The effectiveness of these mutation operators plays a pivotal role in mutation testing.<ref name=":1">{{Cite book |last1=Hamimoune |first1=Soukaina |last2=Falah |first2=Bouchaib |title=2016 International Conference on Engineering & MIS (ICEMIS) |chapter=Mutation testing techniques: A comparative study |date=24 September 2016 |url=https://ieeexplore.ieee.org/document/7745368 |url-status=bot: unknown |archive-url=https://web.archive.org/web/20180619222840/https://ieeexplore.ieee.org/document/7745368/ |archive-date=19 June 2018 |access-date=2023-10-08 |pages=1–9 |doi=10.1109/ICEMIS.2016.7745368 |isbn=978-1-5090-5579-1 |s2cid=24301702 |language=en-US }}</ref> |
|||
Many mutation operators have been explored by researchers. Here are some examples of mutation operators for imperative languages: |
|||
* Statement deletion |
|||
* Statement duplication or insertion, e.g. <code>goto fail;</code><ref>[https://www.imperialviolet.org/2014/02/22/applebug.html Apple's SSL/TLS bug] by Adam Langley.</ref> |
|||
* Replacement of Boolean subexpressions with ''true'' and ''false'' |
|||
* Replacement of some arithmetic operations with others, e.g. <code>+</code> with <code>*</code>, <code>-</code> with <code>/</code> |
|||
* Replacement of some Boolean relations with others, e.g. <code>></code> with <code>>=</code>, <code>==</code> and <code><=</code> |
|||
* Replacement of variables with others from the same scope (variable types must be compatible) |
|||
* Remove method body.<ref>{{Cite book |last1=Niedermayr |first1=Rainer |title=Proceedings of the International Workshop on Continuous Software Evolution and Delivery |last2=Juergens |first2=Elmar |last3=Wagner |first3=Stefan |date=2016-05-14 |publisher=Association for Computing Machinery |isbn=978-1-4503-4157-8 |series=CSED '16 |location=Austin, Texas |pages=23–29 |chapter=Will my tests tell me if I break this code? |doi=10.1145/2896941.2896944 |chapter-url=https://doi.org/10.1145/2896941.2896944 |arxiv=1611.07163 |s2cid=9213147}}</ref> |
|||
These mutation operators are also called traditional mutation operators. |
|||
There are also mutation operators for object-oriented languages,<ref>[http://www.cs.gmu.edu/~offutt/rsrch/papers/mujava.pdf MuJava: An Automated Class Mutation System] {{Webarchive|url=https://web.archive.org/web/20120311010113/http://www.cs.gmu.edu/~offutt/rsrch/papers/mujava.pdf |date=2012-03-11 }} by Yu-Seung Ma, [[Jeff Offutt]] and Yong Rae Kwo.</ref> for concurrent constructions,<ref>[http://www.irisa.fr/manifestations/2006/Mutation2006/papers/14_Final_version.pdf Mutation Operators for Concurrent Java (J2SE 5.0)] by Jeremy S. Bradbury, James R. Cordy, Juergen Dingel.</ref> complex objects like containers,<ref>[http://www.cs.colostate.edu/~bieman/Pubs/AlexanderBiemanGhoshJiISSRE02.pdf Mutation of Java Objects] by Roger T. Alexander, James M. Bieman, Sudipto Ghosh, Bixia Ji.</ref> etc. |
|||
=== Types of mutation operators === |
|||
Operators for containers are called ''class-level'' mutation operators. Operators at the class level alter the program's structure by adding, removing, or changing the expressions being examined. Specific operators have been established for each category of changes.<ref name=":1" /> For example, the muJava tool offers various class-level mutation operators such as Access Modifier Change, Type Cast Operator Insertion, and Type Cast Operator Deletion. Mutation operators have also been developed to perform security vulnerability testing of programs.<ref>[http://qspace.library.queensu.ca/handle/1974/1359 Mutation-based Testing of Buffer Overflows, SQL Injections, and Format String Bugs] by H. Shahriar and M. Zulkernine.</ref> |
|||
Apart from the ''class-level'' operators, MuJava also includes ''method-level'' mutation operators, referred to as traditional operators. These traditional operators are designed based on features commonly found in procedural languages. They carry out changes to statements by adding, substituting, or removing primitive operators. These operators fall into six categories: ''Arithmetic operators'', ''Relational operator''s, ''Conditional operators'', ''Shift operators'', ''Logical operators'' and ''Assignment operators''.<ref name=":1" /> |
|||
== Types of mutation testing == |
|||
There are three types of mutation testing; |
|||
=== Statement mutation === |
|||
Statement mutation is a process where a block of code is intentionally modified by either deleting or copying certain statements. Moreover, it allows for the reordering of statements within the code block to generate various sequences.<ref name=":0">{{Cite web |last=Walters |first=Amy |date=2023-06-01 |title=Understanding Mutation Testing: A Comprehensive Guide |url=https://testrigor.com/blog/understanding-mutation-testing-a-comprehensive-guide/ |access-date=2023-10-08 |website=testRigor AI-Based Automated Testing Tool |language=en-US}}</ref> This technique is crucial in software testing as it helps identify potential weaknesses or errors in the code. By deliberately making changes to the code and observing how it behaves, developers can uncover hidden bugs or flaws that might go unnoticed during regular testing.<ref>{{Cite book |last1=Deng |first1=Lin |last2=Offutt |first2=Jeff |last3=Li |first3=Nan |title=2013 IEEE Sixth International Conference on Software Testing, Verification and Validation |chapter=Empirical Evaluation of the Statement Deletion Mutation Operator |date=22 March 2013 |url=https://ieeexplore.ieee.org/document/6569720 |access-date=2023-10-08 |pages=84–93 |language=en-US |doi=10.1109/ICST.2013.20 |isbn=978-0-7695-4968-2 |s2cid=12866713 |issn=2159-4848}}</ref> Statement mutation is like a diagnostic tool that provides insights into the code's robustness and resilience, helping programmers improve the overall quality and reliability of their software. |
|||
For example, in the code snippet below, entire 'else' section is removed: |
|||
<syntaxhighlight lang="cpp"> |
|||
function checkCredentials(username, password) { |
|||
if (username === "admin" && password === "password") { |
|||
return true; |
|||
} |
|||
} |
} |
||
</syntaxhighlight> |
|||
</source> |
|||
=== Value mutation === |
|||
Boolean relation mutation operator will replace <code>==</code> with <code>>=</code> and produce the following mutant: |
|||
Value mutation occurs when modification is executed to the parameter and/or constant values within the code. This typically involves adjusting the values by adding or subtracting 1, but it can also involve making more substantial changes to the values. The specific alterations made during value mutation include two main scenarios: |
|||
<source lang="cpp"> |
|||
int index = 0; |
|||
Firstly, there's the transformation from a small value to a higher value. This entails replacing a small value in the code with a larger one. The purpose of this change is to assess how the code responds when it encounters larger inputs. It helps ensure that the code can accurately and efficiently process these larger values without encountering errors or unexpected issues.<ref name=":0" /> |
|||
while (…) |
|||
{ |
|||
…; |
|||
index++; |
|||
Conversely, the second scenario involves changing a higher value to a smaller one. In this case, we replace a higher value within the code with a smaller value. This test aims to evaluate how the code handles smaller inputs. Ensuring that the code performs correctly with smaller values is essential to prevent unforeseen problems or errors when dealing with such input data.<ref name=":0" /> |
|||
if (index >= 10) { |
|||
break; |
|||
For example: |
|||
} |
|||
<syntaxhighlight lang="cpp"> |
|||
// Original code |
|||
function multiplyByTwo(value) { |
|||
return value * 2; |
|||
} |
} |
||
</source> |
|||
// Value mutation: Small value to higher value |
|||
However, it is not possible to find a test case that could kill this mutant. The resulting program is equivalent to the original one. Such mutants are called ''equivalent mutants''. |
|||
function multiplyByTwoMutation1(value) { |
|||
return value * 10; |
|||
} |
|||
// Value mutation: Higher value to small value |
|||
Equivalent mutants detection is one of biggest obstacles for practical usage of mutation testing. The effort needed to check if mutants are equivalent or not, can be very high even for small programs.<ref>P. G. Frankl, S. N. Weiss, and C. Hu. All-uses versus mutation testing: An experimental comparison of effectiveness. ''Journal of Systems and Software'', 38:235–253, 1997.</ref> |
|||
function multiplyByTwoMutation2(value) { |
|||
return value / 10; |
|||
} |
|||
</syntaxhighlight> |
|||
=== Decision mutation === |
|||
Decision mutation testing centers on the identification of design errors within the code, with a particular emphasis on detecting flaws or weaknesses in the program's decision-making logic. This method involves deliberately altering arithmetic and logical operators to expose potential issues.<ref name=":0" /> By manipulating these operators, developers can systematically evaluate how the code responds to different decision scenarios. This process helps ensure that the program's decision-making pathways are robust and accurate, preventing costly errors that could arise from faulty logic. Decision mutation testing serves as a valuable tool in software development, enabling developers to enhance the reliability and effectiveness of their decision-making code segments. |
|||
For example: |
|||
== Mutation operators == |
|||
A variety of mutation operators were explored by researchers. Here are some examples of mutation operators for imperative languages: |
|||
* Statement deletion. |
|||
* Replace each boolean subexpression with ''true'' and ''false''. |
|||
* Replace each arithmetic operation with another one, e.g. <code>+</code> with <code>*</code>, <code>-</code> and <code>/</code>. |
|||
* Replace each boolean relation with another one, e.g. <code>></code> with <code>>=</code>, <code>==</code> and <code><=</code>. |
|||
* Replace each variable with another variable declared in the same scope (variable types should be the same). |
|||
<syntaxhighlight lang="cpp"> |
|||
These mutation operators are also called traditional mutation operators. |
|||
// Original code |
|||
Beside this, there are mutation operators for object-oriented languages<ref>[http://www.cs.gmu.edu/~offutt/rsrch/papers/mujava.pdf MuJava: An Automated Class Mutation System] by Yu-Seung Ma, Jeff Offutt and Yong Rae Kwo.</ref> |
|||
function isPositive(number) { |
|||
, for concurrent constructions<ref>[http://www.irisa.fr/manifestations/2006/Mutation2006/papers/14_Final_version.pdf Mutation Operators for Concurrent Java (J2SE 5.0)] by Jeremy S. Bradbury, James R. Cordy, Juergen Dingel.</ref>, complex objects like containers<ref>[http://www.cs.colostate.edu/~bieman/Pubs/AlexanderBiemanGhoshJiISSRE02.pdf Mutation of Java Objects] by Roger T. Alexander, James M. Bieman, Sudipto Ghosh, Bixia Ji.</ref> etc. They are called class-level mutation operators. For example the MuJava tool offers various class-level mutation operators such as: Access Modifier Change, Type Cast Operator Insertion, Type Cast Operator Deletion. Moreover, mutation operators have been developed to perform security vulnerability testing of programs <ref>[http://qspace.library.queensu.ca/handle/1974/1359 Mutation-based Testing of Buffer Overflows, SQL Injections, and Format String Bugs] by H. Shahriar and M. Zulkernine.</ref> |
|||
return number > 0; |
|||
} |
|||
// Decision mutation: Changing the comparison operator |
|||
== References == |
|||
function isPositiveMutation1(number) { |
|||
{{reflist}} |
|||
return number >= 0; |
|||
} |
|||
// Decision mutation: Negating the result |
|||
function isPositiveMutation2(number) { |
|||
return !(number > 0); |
|||
} |
|||
</syntaxhighlight> |
|||
== Frameworks implementing mutation testing == |
|||
* [https://pitest.org/ Pitest] - Java framework |
|||
== |
==See also== |
||
* {{cite book | author=Aristides Dasso, Ana Funes | title=Verification, Validation and Testing in Software Engineering |publisher=Idea Group Inc | year=2007| id=ISBN 1591408512}} See Ch. VII ''Test-Case Mutation'' for overview on mutation testing. |
|||
* {{cite book | author=Paul Ammann, Jeff Offutt | title=Introduction to Software Testing |publisher=Cambridge University Press | year=2008| id=ISBN 0-52188-038-1 }} See Ch. V ''Syntax Testing'' for an overview of mutation testing. |
|||
* {{cite web| work = CREST Centre, King's College London, Technical Report TR-09-06 | title = An Analysis and Survey of the Development of Mutation Testing | author = Yue Jia, Mark Harman | month = September| year = 2009 | url = http://www.dcs.kcl.ac.uk/pg/jiayue/repository/TR-09-06.pdf |format=PDF}} |
|||
== See also == |
|||
* [[Bebugging]] (or fault seeding) |
* [[Bebugging]] (or fault seeding) |
||
* [[Sanity testing]] |
* [[Sanity testing]] |
||
* [[Fault injection]] |
|||
==References== |
|||
== External links == |
|||
{{reflist}} |
|||
* [http://www.mutationtest.net/ Mutation testing online] [dead link] an open community that brings together the Hardware and Software research communities studying mutation testing. |
|||
* [http://cs.gmu.edu/~offutt/rsrch/mut.html Mutation testing] list of tools and publications by Jeff Offutt. |
|||
* [http://www.dcs.kcl.ac.uk/pg/jiayue/repository/ Mutation Testing Repository] A publication repository that aims to provide a full coverage of the publications in the literature on Mutation Testing. |
|||
* [http://jumble.sourceforge.net/ Jumble] Bytecode based mutation testing tool for Java |
|||
* [http://pitest.org/ PIT] Bytecode based mutation testing tool for Java |
|||
* [http://jester.sourceforge.net/ Jester] Source based mutation testing tool for Java |
|||
* [http://glu.ttono.us/articles/2006/12/19/tormenting-your-tests-with-heckle Heckle] Mutation testing tool for Ruby |
|||
* [http://nester.sourceforge.net/ Nester] Mutation testing tool for C# |
|||
{{Software testing}} |
|||
<!--Categories--> |
|||
[[Category:Software testing]] |
|||
[[Category:Software testing]] |
|||
<!--Interwikies--> |
|||
[[pl:testowanie mutacyjne]] |
Latest revision as of 15:20, 20 December 2024
Mutation testing (or mutation analysis or program mutation) is used to design new software tests and evaluate the quality of existing software tests. Mutation testing involves modifying a program in small ways.[1] Each mutated version is called a mutant and tests detect and reject mutants by causing the behaviour of the original version to differ from the mutant. This is called killing the mutant. Test suites are measured by the percentage of mutants that they kill. New tests can be designed to kill additional mutants. Mutants are based on well-defined mutation operators that either mimic typical programming errors (such as using the wrong operator or variable name) or force the creation of valuable tests (such as dividing each expression by zero). The purpose is to help the tester develop effective tests or locate weaknesses in the test data used for the program or in sections of the code that are seldom or never accessed during execution. Mutation testing is a form of white-box testing.[2][3]
Introduction
[edit]Most of this article is about "program mutation", in which the program is modified. A more general definition of mutation analysis is using well-defined rules defined on syntactic structures to make systematic changes to software artifacts.[4] Mutation analysis has been applied to other problems, but is usually applied to testing. So mutation testing is defined as using mutation analysis to design new software tests or to evaluate existing software tests.[4] Thus, mutation analysis and testing can be applied to design models, specifications, databases, tests, XML, and other types of software artifacts, although program mutation is the most common.[5]
Overview
[edit]Tests can be created to verify the correctness of the implementation of a given software system, but the creation of tests still poses the question whether the tests are correct and sufficiently cover the requirements that have originated the implementation.[6] (This technological problem is itself an instance of a deeper philosophical problem named "Quis custodiet ipsos custodes?" ["Who will guard the guards?"].) The idea behind mutation testing is that if a mutant is introduced, this normally causes a bug in the program's functionality which the tests should find. This way, the tests are tested. If a mutant is not detected by the test suite, this typically indicates that the test suite is unable to locate the faults represented by the mutant, but it can also indicate that the mutation introduces no faults, that is, the mutation is a valid change that does not affect functionality. One (common) way a mutant can be valid is that the code that has been changed is "dead code" that is never executed.
For mutation testing to function at scale, a large number of mutants are usually introduced, leading to the compilation and execution of an extremely large number of copies of the program. This problem of the expense of mutation testing had reduced its practical use as a method of software testing. However, the increased use of object oriented programming languages and unit testing frameworks has led to the creation of mutation testing tools that test individual portions of an application.
Goals
[edit]The goals of mutation testing are multiple:
- identify weakly tested pieces of code (those for which mutants are not killed)[1]
- identify weak tests (those that never kill mutants)[7]
- compute the mutation score,[4] the mutation score is the number of mutants killed / total number of mutants.
- learn about error propagation and state infection in the program
History
[edit]Mutation testing was originally proposed by Richard Lipton as a student in 1971,[8] and first developed and published by DeMillo, Lipton and Sayward.[1] The first implementation of a mutation testing tool was by Timothy Budd as part of his PhD work (titled Mutation Analysis) in 1980 from Yale University.[9]
Recently, with the availability of massive computing power, there has been a resurgence of mutation analysis within the computer science community, and work has been done to define methods of applying mutation testing to object oriented programming languages and non-procedural languages such as XML, SMV, and finite-state machines.
In 2004, a company called Certess Inc. (now part of Synopsys) extended many of the principles into the hardware verification domain. Whereas mutation analysis only expects to detect a difference in the output produced, Certess extends this by verifying that a checker in the testbench will actually detect the difference. This extension means that all three stages of verification, namely: activation, propagation, and detection are evaluated. They called this functional qualification.
Fuzzing can be considered to be a special case of mutation testing. In fuzzing, the messages or data exchanged inside communication interfaces (both inside and between software instances) are mutated to catch failures or differences in processing the data. Codenomicon[10] (2001) and Mu Dynamics (2005) evolved fuzzing concepts to a fully stateful mutation testing platform, complete with monitors for thoroughly exercising protocol implementations.
Mutation testing overview
[edit]Mutation testing is based on two hypotheses. The first is the competent programmer hypothesis. This hypothesis states that competent programmers write programs that are close to being correct.[1] "Close" is intended to be based on behavior, not syntax. The second hypothesis is called the coupling effect. The coupling effect asserts that simple faults can cascade or couple to form other emergent faults.[11][12]
Subtle and important faults are also revealed by higher-order mutants, which further support the coupling effect.[13][14][7][15][16] Higher-order mutants are enabled by creating mutants with more than one mutation.
Mutation testing is done by selecting a set of mutation operators and then applying them to the source program one at a time for each applicable piece of the source code. The result of applying one mutation operator to the program is called a mutant. If the test suite is able to detect the change (i.e. one of the tests fails), then the mutant is said to be killed.
For example, consider the following C++ code fragment:
if (a && b) {
c = 1;
} else {
c = 0;
}
The condition mutation operator would replace &&
with ||
and produce the following mutant:
if (a || b) {
c = 1;
} else {
c = 0;
}
Now, for the test to kill this mutant, the following three conditions should be met:
- A test must reach the mutated statement.
- Test input data should infect the program state by causing different program states for the mutant and the original program. For example, a test with
a = 1
andb = 0
would do this. - The incorrect program state (the value of 'c') must propagate to the program's output and be checked by the test.
These conditions are collectively called the RIP model.[8]
Weak mutation testing (or weak mutation coverage) requires that only the first and second conditions are satisfied. Strong mutation testing requires that all three conditions are satisfied. Strong mutation is more powerful, since it ensures that the test suite can really catch the problems. Weak mutation is closely related to code coverage methods. It requires much less computing power to ensure that the test suite satisfies weak mutation testing than strong mutation testing.
However, there are cases where it is not possible to find a test case that could kill this mutant. The resulting program is behaviorally equivalent to the original one. Such mutants are called equivalent mutants.
Equivalent mutants detection is one of biggest obstacles for practical usage of mutation testing. The effort needed to check if mutants are equivalent or not can be very high even for small programs.[17] A 2014 systematic literature review of a wide range of approaches to overcome the Equivalent Mutant Problem[18] identified 17 relevant techniques (in 22 articles) and three categories of techniques: detecting (DEM); suggesting (SEM); and avoiding equivalent mutant generation (AEMG). The experiment indicated that Higher Order Mutation in general and JudyDiffOp strategy in particular provide a promising approach to the Equivalent Mutant Problem.
In addition to equivalent mutants, there are subsumed mutants which are mutants that exist in the same source code location as another mutant, and are said to be "subsumed" by the other mutant. Subsumed mutants are not visible to a mutation testing tool, and do not contribute to coverage metrics. For example, let's say you have two mutants, A and B, that both change a line of code in the same way. Mutant A is tested first, and the result is that the code is not working correctly. Mutant B is then tested, and the result is the same as with mutant A. In this case, Mutant B is considered to be subsumed by Mutant A, since the result of testing Mutant B is the same as the result of testing Mutant A. Therefore, Mutant B does not need to be tested, as the result will be the same as Mutant A.
Mutation operators
[edit]To make syntactic changes to a program, a mutation operator serves as a guideline that substitutes portions of the source code. Given that mutations depend on these operators, scholars have created a collection of mutation operators to accommodate different programming languages, like Java. The effectiveness of these mutation operators plays a pivotal role in mutation testing.[19]
Many mutation operators have been explored by researchers. Here are some examples of mutation operators for imperative languages:
- Statement deletion
- Statement duplication or insertion, e.g.
goto fail;
[20] - Replacement of Boolean subexpressions with true and false
- Replacement of some arithmetic operations with others, e.g.
+
with*
,-
with/
- Replacement of some Boolean relations with others, e.g.
>
with>=
,==
and<=
- Replacement of variables with others from the same scope (variable types must be compatible)
- Remove method body.[21]
These mutation operators are also called traditional mutation operators. There are also mutation operators for object-oriented languages,[22] for concurrent constructions,[23] complex objects like containers,[24] etc.
Types of mutation operators
[edit]Operators for containers are called class-level mutation operators. Operators at the class level alter the program's structure by adding, removing, or changing the expressions being examined. Specific operators have been established for each category of changes.[19] For example, the muJava tool offers various class-level mutation operators such as Access Modifier Change, Type Cast Operator Insertion, and Type Cast Operator Deletion. Mutation operators have also been developed to perform security vulnerability testing of programs.[25]
Apart from the class-level operators, MuJava also includes method-level mutation operators, referred to as traditional operators. These traditional operators are designed based on features commonly found in procedural languages. They carry out changes to statements by adding, substituting, or removing primitive operators. These operators fall into six categories: Arithmetic operators, Relational operators, Conditional operators, Shift operators, Logical operators and Assignment operators.[19]
Types of mutation testing
[edit]There are three types of mutation testing;
Statement mutation
[edit]Statement mutation is a process where a block of code is intentionally modified by either deleting or copying certain statements. Moreover, it allows for the reordering of statements within the code block to generate various sequences.[26] This technique is crucial in software testing as it helps identify potential weaknesses or errors in the code. By deliberately making changes to the code and observing how it behaves, developers can uncover hidden bugs or flaws that might go unnoticed during regular testing.[27] Statement mutation is like a diagnostic tool that provides insights into the code's robustness and resilience, helping programmers improve the overall quality and reliability of their software.
For example, in the code snippet below, entire 'else' section is removed:
function checkCredentials(username, password) {
if (username === "admin" && password === "password") {
return true;
}
}
Value mutation
[edit]Value mutation occurs when modification is executed to the parameter and/or constant values within the code. This typically involves adjusting the values by adding or subtracting 1, but it can also involve making more substantial changes to the values. The specific alterations made during value mutation include two main scenarios:
Firstly, there's the transformation from a small value to a higher value. This entails replacing a small value in the code with a larger one. The purpose of this change is to assess how the code responds when it encounters larger inputs. It helps ensure that the code can accurately and efficiently process these larger values without encountering errors or unexpected issues.[26]
Conversely, the second scenario involves changing a higher value to a smaller one. In this case, we replace a higher value within the code with a smaller value. This test aims to evaluate how the code handles smaller inputs. Ensuring that the code performs correctly with smaller values is essential to prevent unforeseen problems or errors when dealing with such input data.[26]
For example:
// Original code
function multiplyByTwo(value) {
return value * 2;
}
// Value mutation: Small value to higher value
function multiplyByTwoMutation1(value) {
return value * 10;
}
// Value mutation: Higher value to small value
function multiplyByTwoMutation2(value) {
return value / 10;
}
Decision mutation
[edit]Decision mutation testing centers on the identification of design errors within the code, with a particular emphasis on detecting flaws or weaknesses in the program's decision-making logic. This method involves deliberately altering arithmetic and logical operators to expose potential issues.[26] By manipulating these operators, developers can systematically evaluate how the code responds to different decision scenarios. This process helps ensure that the program's decision-making pathways are robust and accurate, preventing costly errors that could arise from faulty logic. Decision mutation testing serves as a valuable tool in software development, enabling developers to enhance the reliability and effectiveness of their decision-making code segments.
For example:
// Original code
function isPositive(number) {
return number > 0;
}
// Decision mutation: Changing the comparison operator
function isPositiveMutation1(number) {
return number >= 0;
}
// Decision mutation: Negating the result
function isPositiveMutation2(number) {
return !(number > 0);
}
Frameworks implementing mutation testing
[edit]- Pitest - Java framework
See also
[edit]- Bebugging (or fault seeding)
- Sanity testing
- Fault injection
References
[edit]- ^ a b c d Richard A. DeMillo, Richard J. Lipton, and Fred G. Sayward. Hints on test data selection: Help for the practicing programmer. IEEE Computer, 11(4):34-41. April 1978.
- ^ Ostrand, Thomas (2002), "White-Box Testing", Encyclopedia of Software Engineering, American Cancer Society, doi:10.1002/0471028959.sof378, ISBN 978-0-471-02895-6, retrieved 2021-03-16
- ^ Misra, S. (2003). "Evaluating four white-box test coverage methodologies". CCECE 2003 - Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436). Vol. 3. Montreal, Que., Canada: IEEE. pp. 1739–1742. doi:10.1109/CCECE.2003.1226246. ISBN 978-0-7803-7781-3. S2CID 62549502.
- ^ a b c Paul Ammann and Jeff Offutt. Introduction to Software Testing. Cambridge University Press, 2008.
- ^ Jia, Yue; Harman, Mark (September 2009). "An Analysis and Survey of the Development of Mutation Testing" (PDF). CREST Centre, King's College London, Technical Report TR-09-06. 37 (5): 649–678. doi:10.1109/TSE.2010.62. S2CID 6853229. Archived from the original (PDF) on 2017-12-04.
- ^ Dasso, Aristides; Funes, Ana (2007). Verification, Validation and Testing in Software Engineering. Idea Group Inc. ISBN 978-1591408512.
- ^ a b Smith B., "On Guiding Augmentation of an Automated Test Suite via Mutation Analysis," 2008
- ^ a b Mutation 2000: Uniting the Orthogonal Archived 2011-09-28 at the Wayback Machine by A. Jefferson Offutt and Roland H. Untch.
- ^ Tim A. Budd, Mutation Analysis of Program Test Data. PhD thesis, Yale University New Haven CT, 1980.
- ^ Kaksonen, Rauli. A Functional Method for Assessing Protocol Implementation Security (Licentiate thesis). Espoo. 2001.
- ^ A. Jefferson Offutt. 1992. Investigations of the software testing coupling effect. ACM Trans. Softw. Eng. Methodol. 1, 1 (January 1992), 5-20.
- ^ A. T. Acree, T. A. Budd, R. A. DeMillo, R. J. Lipton, and F. G. Sayward, "Mutation Analysis," Georgia Institute of Technology, Atlanta, Georgia, Technique Report GIT-ICS-79/08, 1979.
- ^ Yue Jia; Harman, M., "Constructing Subtle Faults Using Higher Order Mutation Testing," Source Code Analysis and Manipulation, 2008 Eighth IEEE International Working Conference on , vol., no., pp.249,258, 28-29 Sept. 2008
- ^ Maryam Umar, "An Evaluation of Mutation Operators For Equivalent Mutants," MS Thesis, 2006
- ^ Polo M. and Piattini M., "Mutation Testing: practical aspects and cost analysis," University of Castilla-La Mancha (Spain), Presentation, 2009
- ^ Anderson S., "Mutation Testing", the University of Edinburgh, School of Informatics, Presentation, 2011
- ^ P. G. Frankl, S. N. Weiss, and C. Hu. All-uses versus mutation testing: An experimental comparison of effectiveness. Journal of Systems and Software, 38:235–253, 1997.
- ^ Overcoming the Equivalent Mutant Problem: A Systematic Literature Review and a Comparative Experiment of Second Order Mutation by L. Madeyski, W. Orzeszyna, R. Torkar, M. Józala. IEEE Transactions on Software Engineering
- ^ a b c Hamimoune, Soukaina; Falah, Bouchaib (24 September 2016). "Mutation testing techniques: A comparative study". 2016 International Conference on Engineering & MIS (ICEMIS). pp. 1–9. doi:10.1109/ICEMIS.2016.7745368. ISBN 978-1-5090-5579-1. S2CID 24301702. Archived from the original on 19 June 2018. Retrieved 2023-10-08.
{{cite book}}
: CS1 maint: bot: original URL status unknown (link) - ^ Apple's SSL/TLS bug by Adam Langley.
- ^ Niedermayr, Rainer; Juergens, Elmar; Wagner, Stefan (2016-05-14). "Will my tests tell me if I break this code?". Proceedings of the International Workshop on Continuous Software Evolution and Delivery. CSED '16. Austin, Texas: Association for Computing Machinery. pp. 23–29. arXiv:1611.07163. doi:10.1145/2896941.2896944. ISBN 978-1-4503-4157-8. S2CID 9213147.
- ^ MuJava: An Automated Class Mutation System Archived 2012-03-11 at the Wayback Machine by Yu-Seung Ma, Jeff Offutt and Yong Rae Kwo.
- ^ Mutation Operators for Concurrent Java (J2SE 5.0) by Jeremy S. Bradbury, James R. Cordy, Juergen Dingel.
- ^ Mutation of Java Objects by Roger T. Alexander, James M. Bieman, Sudipto Ghosh, Bixia Ji.
- ^ Mutation-based Testing of Buffer Overflows, SQL Injections, and Format String Bugs by H. Shahriar and M. Zulkernine.
- ^ a b c d Walters, Amy (2023-06-01). "Understanding Mutation Testing: A Comprehensive Guide". testRigor AI-Based Automated Testing Tool. Retrieved 2023-10-08.
- ^ Deng, Lin; Offutt, Jeff; Li, Nan (22 March 2013). "Empirical Evaluation of the Statement Deletion Mutation Operator". 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation. pp. 84–93. doi:10.1109/ICST.2013.20. ISBN 978-0-7695-4968-2. ISSN 2159-4848. S2CID 12866713. Retrieved 2023-10-08.