CS 6340 Software Analysis & Testing > 3. Random Testing > Flashcards

3. Random Testing Flashcards

(6 cards)

Study These Flashcards
1
Q

What is random testing (aka fuzzing)?

A
  • Feed program random inputs
  • Observe whether it behaves “correctly” (i.e., execution satisfies a specification or it just doesn’t crash)
  • It is a special case of mutation analysis (it randomly perturbs its input from the environment or the network).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the depth of a concurrency bug?

A

The number of ordering constraints (across threads) a schedule has to satisfy to find the bug.

NOTE: ordering constraints within a thread don’t count toward the bug depth because a thread’s control flow implicitly defines the constraints on the order in which the statements execute.

Bug depth only counts ordering constraints ACROSS threads.

A bug depth of 1-2 is generally good enough to uncover most of a program’s concurrency bugs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why does systematic randomization improve concurrency testing?

A

Fuzzing thread schedules (as Cuzz does) gives us a guaranteed probability of finding a bug of a given depth.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why is Cuzz better than traditional stress testing?

A

Whatever stress testing can do, Cuzz can do better (and faster).

  • effective in flushing out bugs with existing tests (just needs to fuzz the thread schedule running each of those tests)
  • scales easily to a large number of threads and long-running tests
  • has a low adoption barrier
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the pros and cons of random testing (fuzzing)?

A

Pros:

  • easy to implement
  • probably good coverage given enough tests
  • can work with programs in any format
  • appealing for finding security vulnerabilities

Cons:

  • inefficient test suite
  • might find bugs that are unimportant
  • despite the fact that any given input will be tested with probability approaching 1 given enough tests, in practice it can still have poor coverage

For example:
- the lexer is very heavily tested by random inputs but later stages is much less efficient b/c most bad inputs don’t get through.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is random testing good at?

Can random testing replace systemic, formal testing?

A

Effective for testing security, mobile apps, and concurrency.

No, it should be used to complement it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
CS 6340 Software Analysis & Testing
flashcards
Decks in class (11)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions