Huadong Feng

ORCID Identifier(s)

0000-0002-3613-1577

Graduation Semester and Year

2021

Language

English

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Computer Science

Department

Computer Science and Engineering

First Advisor

Yu Lei

Abstract

Big Data and Smart Contract are among the top emerging technologies tipped to revolutionize the way businesses and organizations are run. Testing and debugging are the most important tasks during the development of any software application. Big data and smart contract applications possess unique characteristics. There is an urgent need to develop efficient techniques for testing and debugging these applications. The first part of the dissertation addresses the problem of how to debug big data applications. When a failure occurs in big data applications, debugging at the system-level can be expensive due to the large amount of data being processed. We introduce a test generation framework for effectively generating method-level tests to facilitate debugging of big data applications. This is achieved by running a big data application with the real dataset and by automatically recording input to a small number of method executions, which we refer to as method-level tests, while preserving certain code coverage, e.g., line coverage. When debugging, a developer could inspect the execution of these method-level tests, instead of the entire program execution with the real dataset, which could be time-consuming. We implemented the framework and applied the framework to seven data mining algorithms. The results show that only a very small number of method-level tests need to be recorded to preserve code coverage. Furthermore, these tests could kill between 53.08% to 96.89% of the mutants generated using a third-party tool. This suggests that the framework could significantly reduce the effort required for debugging big data applications. The second part of the dissertation addresses the problem of how to test smart contracts A smart contract is a program deployed on blockchain and is often used to handle financial transactions. Unlike traditional programs, contract code cannot be changed after it is deployed. Any security breach would be permanent and could be difficult to be remedied. In this dissertation, we present a fuzzing approach to testing smart contracts. While significant progress has been made, achieving high code coverage remains an important concern for fuzzing. Our fuzzing approach utilizes constraint solving, selective state exploration, and combinatorial testing to improve code coverage. Constraint solving is used to generate test inputs that meet preconditions in a smart contract. Selective state exploration allows different state-dependent behaviors to be exercised while alleviating the state explosion problem. Combinatorial testing is used together with fuzzing to make the testing process more efficient. We implemented our approach in a tool called MagicMirror and evaluated our approach using more than 2,000 contracts. The experimental results show that MagicMirror is effective for achieving high code coverage and detecting vulnerabilities. MagicMirror has been publicly released by National Institute of Science and Technology (NIST).

Keywords

Testing, Unit testing, Big data application testing, Test generation, Test reduction, Debugging, Mutation testing, Blockchain, Ethereum, Smart contracts, Fuzzing, Constraint solving, Combinatorial testing, Security analysis, Vulnerability detection

Disciplines

Computer Sciences | Physical Sciences and Mathematics

Comments

Degree granted by The University of Texas at Arlington

Download

Share

COinS