Abstract
Program crash has always been one of the serious issues, especially in modern applications. It poses severe security concern to the applications and may pose a life threatening concern. Several such instances of program crash have been observed in popular software such as Hadoop, Eclipse and others. It is very much desirable that a program should be tested for crash well before the deployment. A method has been proposed in this paper using search based algorithm and exception injection in order to test program for crash that may caused mainly due to abnormality of external resources. The proposed method facilitates tester to locate the program location, where any such crash may happen. Moreover, it can protect program from such threats well in advance.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Anwer, F., Nazir, M., Mustafa, K.: Security testing. In: Mohanty, H., Mohanty, J.R., Balakrishnan, A. (eds.) Trends in Software Testing, pp. 35–66. Springer, Singapore (2017). https://doi.org/10.1007/978-981-10-1415-4_3
Facebook crash is ‘worst in four years’. http://www.bbc.co.uk/newsbeat/article/11403897/facebook-crash-is-worst-in-four-years. Accessed 05 Jan 2017
SQL Server Management Studio 2012/2014 crashes when closing (2013). https://connect.microsoft.com/SQLServer/feedback/details/774317/sql-server-management-studio-2012-2014-crashes-when-closing. Accessed 25 Dec 2016
SAP NetWeaver Enqueue Server DoS vulnerability (2015). https://erpscan.com/advisories/erpscan-16-019-sap-netweaver-enqueue-server-dos-vulnerability. Accessed 25 Dec 2016
Anwer, F., Nazir, M., Mustafa, K.: Automatic testing of inconsistency caused by improper error handling: a safety and security perspective. In: Proceedings of the 2014 International Conference on Information and Communication Technology for Competitive Strategies, p. 43. ACM (2014)
Anwer, F., Nazir, M., Mustafa, K.: Safety and security framework for exception handling in concurrent programming. In: 2013 Third International Conference on Advances in Computing and Communications (ICACC), pp. 308–311. IEEE (2013)
Natarajan, M.: Automated source code analysis to identify and remove software security vulnerabilities: case studies on Java programs. Int. J. Softw. Eng. 06(01), 3–32 (2013). http://www.ijse.org.eg/2013.asp?txtLoginUser=&txtLoginPasswd=
Siedersleben, J.: Errors and exceptions – rights and obligations. In: Dony, C., Knudsen, J.L., Romanovsky, A., Tripathi, A. (eds.) Advanced Topics in Exception Handling Techniques. LNCS, vol. 4119, pp. 275–287. Springer, Heidelberg (2006). https://doi.org/10.1007/11818502_15
Forrester, J.E., Miller, B.P.: An empirical study of the robustness of windows NT applications using random testing. In: Proceedings of the 4th USENIX Windows System Symposium, Seattle, pp. 59–68 (2000)
Csallner, C., Smaragdakis, Y.: JCrasher: an automatic robustness tester for Java. Softw.: Pract. Experience 34(11), 1025–1050 (2004)
Claessen, K., Hughes, J.: Quickcheck: a lightweight tool for random testing of haskell programs. In: ACM Sigplan Notices, vol. 46, no. 4, pp. 53–64 (2011)
Cadar, C., Engler, D.: Execution generated test cases: how to make systems code crash itself. In: Godefroid, P. (ed.) SPIN 2005. LNCS, vol. 3639, pp. 2–23. Springer, Heidelberg (2005). https://doi.org/10.1007/11537328_2
Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R.: EXE: automatically generating inputs of death. ACM Trans. Inf. Syst. Secur. (TISSEC) 12(2), 10 (2008)
Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: ACM Sigplan Notices, vol. 40, no. 6, pp. 213–223. ACM (2005)
Godefroid, P., Levin, M.Y., Molnar, D.A., et al.: Automated whitebox fuzz testing. In: NDSS, vol. 8, pp. 151–166 (2008)
Grosso, C.D., Antoniol, G., Merlo, E., Galinier, P.: Detecting buffer overflow via automatic test input data generation. Comput. Oper. Res. 35(10), 3125–3143 (2008). http://www.sciencedirect.com/science/article/pii/S0305054807000305. Part Special Issue: Search-based Software Engineering
Antoniol, G.: Keynote paper: search based software testing for software security: breaking code to make it safer. In: International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2009, pp. 87–100. IEEE (2009)
Avancini, A., Ceccato, M.: Towards security testing with taint analysis and genetic algorithms. In: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, pp. 65–71. ACM (2010)
Avancini, A., Ceccato, M.: Comparison and integration of genetic algorithms and dynamic symbolic execution for security testing of cross-site scripting vulnerabilities. Inf. Softw. Technol. 55(12), 2209–2222 (2013)
Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI, vol. 8, pp. 209–224 (2008)
Anwer, F., Nazir, M., Mustafa, K.: Testing program for security using symbolic execution and exception injection. Indian J. Sci. Technol. 9(19) (2016)
Csalner, C., Smaragdakis, Y.: Check‘n’crash: combining static checking and testing. In: Proceedings of the 27th International Conference on Software Engineering, pp. 422–431. ACM (2005)
Pacheco, C., Ernst, M.D.: Randoop: feedback-directed random testing for Java. In: Companion to the 22nd ACM SIGPLAN Conference on Object-Oriented Programming Systems and Applications Companion, pp. 815–816. ACM (2007)
Bhattacharya, N., Sakti, A., Antoniol, G., Guéhéneuc, Y.-G., Pesant, G.: Divide-by-zero exception raising via branch coverage. In: Cohen, M.B., Ó Cinnéide, M. (eds.) SSBSE 2011. LNCS, vol. 6956, pp. 204–218. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23716-4_19
Romano, D., Di Penta, M., Antoniol, G.: An approach for search based testing of null pointer exceptions. In: 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation (ICST), pp. 160–169. IEEE (2011)
Barr, E.T., Vo, T., Le, V., Su, Z.: Automatic detection of floating-point exceptions. In: ACM SIGPLAN Notices, vol. 48, no. 1, pp. 549–560 (2013)
Fraser, G., Arcuri, A.: 1600 faults in 100 projects: automatically finding faults while achieving high coverage with evosuite. Empirical Softw. Eng. 20(3), 611–639 (2015)
Zhang, P., Elbaum, S.: Amplifying tests to validate exception handling code. In: Proceedings of the 34th International Conference on Software Engineering, pp. 595–605. IEEE Press (2012)
Tonella, P.: Evolutionary testing of classes. In: ACM SIGSOFT Software Engineering Notes, vol. 29, no. 4, pp. 119–128. ACM (2004)
Zhang, P., Elbaum, S.: Amplifying tests to validate exception handling code: an extended study in the mobile application domain. ACM Trans. Softw. Eng. Methodol. (TOSEM) 23(4), 32 (2014)
Robillard, M.P., Murphy, G.C.: Static analysis to support the evolution of exception structure in object-oriented systems. ACM Trans. Softw. Eng. Methodol. (TOSEM) 12(2), 191–221 (2003)
Fu, C., Ryder, B.G.: Navigating error recovery code in Java applications. In: Proceedings of the 2005 OOPSLA workshop on Eclipse technology eXchange, pp. 40–44. ACM (2005)
Wu, X., Xu, Z., Wei, J.: Static detection of bugs caused by incorrect exception handling in Java programs. In: 2011 11th International Conference on Quality Software, pp. 61–66. IEEE (2011)
Kiczales, G., Mezini, M.: Aspect-oriented programming and modular reasoning. In: Proceedings of the 27th International Conference on Software Engineering, pp. 49–58. ACM (2005)
Laddad, R.: AspectJ in action: enterprise AOP with spring applications. Manning Publications Co., Shelter Island (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Anwer, F., Nazir, M., Mustafa, K. (2019). Testing Program Crash Based on Search Based Testing and Exception Injection. In: Nandi, S., Jinwala, D., Singh, V., Laxmi, V., Gaur, M., Faruki, P. (eds) Security and Privacy. ISEA-ISAP 2019. Communications in Computer and Information Science, vol 939. Springer, Singapore. https://doi.org/10.1007/978-981-13-7561-3_20
Download citation
DOI: https://doi.org/10.1007/978-981-13-7561-3_20
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-7560-6
Online ISBN: 978-981-13-7561-3
eBook Packages: Computer ScienceComputer Science (R0)