QSYM: a practical concolic execution engine tailored for hybrid fuzzing

September 12, 2018 ~ Adrian Colyer ~ Leave a comment

QSYM: a practical concolic execution engine tailored for hybrid fuzzing Yun et al., USENIX Security 2018 There are two main approaches to automated test case generated for uncovering bugs and vulnerabilities: fuzzing and concolic execution. Fuzzing is good at quickly exploring the input space, but can get stuck when trying to get past more complex ... Continue Reading

ConflictJS: finding and understanding conflicts between JavaScript libraries

June 20, 2018 ~ Adrian Colyer ~ 1 Comment

ConflictJS: finding and understanding conflicts between JavaScript libraries Patra et al., ICSE'18 The JavaScript ecosystem is fertile ground for dependency hell. With so many libraries being made available and the potential for global namespace clashes, it’s easy for libraries to break each other. Sometimes in an obvious to spot way (that’s a good day!), and ... Continue Reading

DeepTest: automated testing of deep-neural-network-driven autonomous cars

June 18, 2018 ~ Adrian Colyer ~ 4 Comments

DeepTest: automated testing of deep-neural-network-driven autonomous cars Tian et al., ICSE'18 How do you test a DNN? We’ve seen plenty of examples of adversarial attacks in previous editions of The Morning Paper, but you couldn’t really say that generating adversarial images is enough to give you confidence in the overall behaviour of a model under ... Continue Reading

Fail-slow at scale: evidence of hardware performance faults in large production systems

February 26, 2018 ~ Adrian Colyer ~ 6 Comments

Fail-slow at scale: evidence of hardware performance faults in large production systems Gunawi et al., FAST’18 The first thing that strikes you about this paper is the long list of authors from multiple different establishments. That’s because it’s actually a study of 101 different fail-slow hardware incidents collected across large-scale cluster deployments in 12 different ... Continue Reading

Why is random testing effective for partition tolerance bugs?

January 23, 2018 ~ Adrian Colyer ~ 1 Comment

Why is random testing effective for partition tolerance bugs? Majumdar & Niksic, POPL 18 A little randomness is a powerful thing! It can make the impossible possible (FLP ), balance systems remarkably well (the power of two random choices), and of course underpin much of cryptography. Today’s paper choice examines the unreasonable effectiveness of random ... Continue Reading

Type test scripts for TypeScript testing

November 9, 2017 ~ Adrian Colyer ~ 2 Comments

Type test scripts for TypeScript testing Kristensen et al., OOPLSA’17 Today’s edition of The Morning Paper comes with a free tongue-twister; ‘type test scripts for TypeScript testing!’ One of the things that people really like about TypeScript is the DefinitelyTyped repository of type declarations for common (otherwise untyped) JavaScript libraries. There are over 3000 such ... Continue Reading

DeepXplore: automated whitebox testing of deep learning systems

November 1, 2017 ~ Adrian Colyer ~ 2 Comments

DeepXplore: automated whitebox testing of deep learning systems Pei et al., SOSP’17 The state space of deep learning systems is vast. As we’ve seen with adversarial examples, that creates opportunity to deliberately craft inputs that fool a trained network. Forget adversarial examples for a moment though, what about the opportunity for good old-fashioned bugs to ... Continue Reading

A dissection of the test-driven development process: does it really matter to test-first or test-last?

June 13, 2017 ~ Adrian Colyer ~ 4 Comments

A dissection of the test-driven development process: does it really matter to test-first or to test-last? Fucci et al., ICSE'17 Here we have a study with a really interesting aim - to find out which aspects of TDD are most significant when it comes to developer productivity and code quality. What we'd really love to ... Continue Reading

Node.fz: fuzzing the server-side event-driven architecture

June 9, 2017 ~ Adrian Colyer ~ 3 Comments

Node.fz: Fuzzing the server-side event-driven architecture Davis et al., EuroSys'17 This paper provides a fascinating look at common causes of concurrency bugs in server-side event driven architecture (EDA) based applications. By far the most popular framework supporting this style is Node.js of course. The Node.js package ecosystem, npm, is the largest ever, with over 400,000 ... Continue Reading

Early detection of configuration errors to reduce failure damage

November 29, 2016November 11, 2019 ~ Adrian Colyer ~ 6 Comments

Early detection of configuration errors to reduce failure damage Xu et al, OSDI '16 Here's one of those wonderful papers that you can read in the morning, and be taking advantage of the results the same afternoon! Remember the 'Simple testing can prevent most critical failures' paper from OSDI'14 that we looked at last month? ... Continue Reading

the morning paper

a random walk through Computer Science research, by Adrian Colyer
Made delightfully fast by strattic

Testing