An Ontology Based Test Case Prioritization Approach in Regression Testing

Regression testing is a widely studied research area,with the aim of meeting the quality challenges of software systems.To achieve a software system of good quality,we face high consumption of resources during testing.To overcome this challenge,test case prioritization(TCP)as a sub-type of regression testing is continuously investigated to achieve the testing objectives.This study provides an insight into proposing the ontology-based TCP(OTCP)approach,aimed at reducing the consumption of resources for the quality improvement and maintenance of software systems.The proposed approach uses software metrics to examine the behavior of classes of software systems.It uses Binary Logistic Regression(BLR)and AdaBoostM1 classifiers to verify correct predictions of the faulty and non-faulty classes of software systems.Reference ontology is used to match the code metrics and class attributes.We investigated five Java programs for the evaluation of the proposed approach,which was used to achieve code metrics.This study has resulted in an average percentage of fault detected(APFD)value of 94.80%,which is higher when compared to other TCP approaches.In future works,large sized programs in different languages can be used to evaluate the scalability of the proposed OTCP approach.

An empirical study on the complexity, security and maintainability of Ethereum-based decentralized applications (DApps)

The Ethereum blockchain’s smart contract is a programmable transaction that performs general-purpose computations and can be executed automatically on the blockchain.Leveraging this component,blockchain technology(BT)has grown beyond the scope of cryptocurrencies and can now be applicable in various industries other than finance.In this paper,we investigated the current trends in Ethereum-based decentralized applications(DApps)to be able to categorize and analyze the DApps to measure the complexity of smart contracts behind them,their level of security and their correlation to the maintainability of the DApps.We leveraged the source code analysis,security analysis,and the developmental metadata of the DApps to infer this correlation.Based on our findings,we concluded that the maintainability of Ethereum DApps is proportional to the code size,number of functions,and,most importantly,the number of outgoing invocations and statements in the smart contracts.

Vulnerable Region-Aware Greybox Fuzzing

Fuzzing is known to be one of the most effective techniques to uncover security vulnerabilities of large-scale software systems.During fuzzing,it is crucial to distribute the fuzzing resource appropriately so as to achieve the best fuzzing performance under a limited budget.Existing distribution strategies of American Fuzzy Lop(AFL)based greybox fuzzing focus on increasing coverage blindly without considering the metrics of code regions,thus lacking the insight regarding which region is more likely to be vulnerable and deserves more fuzzing resources.We tackle the above drawback by proposing a vulnerable region-aware greybox fuzzing approach.Specifically,we distribute more fuzzing resources towards regions that are more likely to be vulnerable based on four kinds of code metrics.We implemented the approach as an extension to AFL named RegionFuzz.Large-scale experimental evaluations validate the effectiveness and efficiency of RegionFuzz-11 new bugs including three new CVEs are successfully uncovered by RegionFuzz.