The 7 Things I Know About Cyber Security After 25 Years | April 2024
Boundary Value Testing for Traditional and ML Software
1. felix.dobslaw@miun.se
Boundary Value Testing for Traditional
and ML Software
At Chalmers - WASP, Software Engineering, PhD course - 8/6/2023
Felix Dobslaw
Östersund, Mid Sweden University
Research lead, Software Engineering and Education Group
SEE
2. felix.dobslaw@miun.se
Felix
● 2007 Bsc in “Informatik” University of Hamburg
● 2009 Msc in Distributed Systems MIUN (Sundsvall)
● 2005 – 2009 Prolifics/IBM software dev (Hamburg/Remote)
● 2012 Lic. in Computational Intelligence, MIUN
● 2015 Dr. in Wireless Sensor Networks, MIUN
● 2016 → Tenure in Computer Sciences, MIUN (Östersund)
● 2016 → Entrepeneurship, ride-sharing, online ratings, ...
● 2019-2021 PostDoc in Software Engineering, Chalmers (Gothenburg)
● 2022-now research-lead in Software Engineering at MIUN (Östersund)
3. felix.dobslaw@miun.se
Felix
● 2007 Bsc in “Informatik” University of Hamburg
● 2009 Msc in Distributed Systems MIUN (Sundsvall)
● 2005 – 2009 Prolifics/IBM software dev (Hamburg/Remote)
● 2012 Lic. in Computational Intelligence, MIUN
● 2015 Dr. in Wireless Sensor Networks, MIUN
● 2016 → Tenure in Computer Sciences, MIUN (Östersund)
● 2016 → Entrepeneurship, ride-sharing, online ratings, ...
● 2019-2021 PostDoc in Software Engineering, Chalmers (Gothenburg)
● 2022-now research-lead in Software Engineering at MIUN (Östersund)
4. felix.dobslaw@miun.se
Felix
● 2007 Bsc in “Informatik” University of Hamburg
● 2009 Msc in Distributed Systems MIUN (Sundsvall)
● 2005 – 2009 Prolifics/IBM software dev (Hamburg/Remote)
● 2012 Lic. in Computational Intelligence, MIUN
● 2015 Dr. in Wireless Sensor Networks, MIUN
● 2016 → Tenure in Computer Sciences, MIUN (Östersund)
● 2016 → Entrepeneurship, ride-sharing, online ratings, ...
● 2019-2021 PostDoc in Software Engineering, Chalmers (Gothenburg)
● 2022-now research-lead in Software Engineering at MIUN (Östersund)
19. felix.dobslaw@miun.se
F. Dobslaw, F. G. de Oliveira Neto and R.
Feldt, "Boundary Value Exploration for
Software Analysis," 2020 IEEE International
Conference on Software Testing, Verification
and Validation Workshops (ICSTW), 2020.
20. felix.dobslaw@miun.se
Boundary Value
Testing
F. Dobslaw, F. G. de Oliveira Neto and R.
Feldt, "Boundary Value Exploration for
Software Analysis," 2020 IEEE International
Conference on Software Testing, Verification
and Validation Workshops (ICSTW), 2020.
21. felix.dobslaw@miun.se
Boundary Value
Testing
BVT: “Execution of specific input pairs in
order to ensure that an actual boundary
is also expected.”
F. Dobslaw, F. G. de Oliveira Neto and R.
Feldt, "Boundary Value Exploration for
Software Analysis," 2020 IEEE International
Conference on Software Testing, Verification
and Validation Workshops (ICSTW), 2020.
22. felix.dobslaw@miun.se
Boundary Value
Analysis
Boundary Value
Testing
BVT: “Execution of specific input pairs in
order to ensure that an actual boundary
is also expected.”
F. Dobslaw, F. G. de Oliveira Neto and R.
Feldt, "Boundary Value Exploration for
Software Analysis," 2020 IEEE International
Conference on Software Testing, Verification
and Validation Workshops (ICSTW), 2020.
23. felix.dobslaw@miun.se
BVA: “Analysis of artifacts of the software
development process to clarify the expected
and actual boundaries of a software.”
Boundary Value
Analysis
Boundary Value
Testing
BVT: “Execution of specific input pairs in
order to ensure that an actual boundary
is also expected.”
F. Dobslaw, F. G. de Oliveira Neto and R.
Feldt, "Boundary Value Exploration for
Software Analysis," 2020 IEEE International
Conference on Software Testing, Verification
and Validation Workshops (ICSTW), 2020.
24. felix.dobslaw@miun.se
Boundary Value
Analysis
Boundary Value
Testing
Boundary Value
Exploration
Candidates
F. Dobslaw, F. G. de Oliveira Neto and R.
Feldt, "Boundary Value Exploration for
Software Analysis," 2020 IEEE International
Conference on Software Testing, Verification
and Validation Workshops (ICSTW), 2020.
25. felix.dobslaw@miun.se
Boundary Value
Analysis
Boundary Value
Testing
Boundary Value
Exploration
Candidates
F. Dobslaw, F. G. de Oliveira Neto and R.
Feldt, "Boundary Value Exploration for
Software Analysis," 2020 IEEE International
Conference on Software Testing, Verification
and Validation Workshops (ICSTW), 2020.
26. felix.dobslaw@miun.se
Boundary Value
Analysis
Boundary Value
Testing
Boundary Value
Exploration
Candidates
BVE: “A collection of techniques that select
or help select inputs to detect and identify
boundary candidates.”
F. Dobslaw, F. G. de Oliveira Neto and R.
Feldt, "Boundary Value Exploration for
Software Analysis," 2020 IEEE International
Conference on Software Testing, Verification
and Validation Workshops (ICSTW), 2020.
27. felix.dobslaw@miun.se
Boundary Value
Analysis
Boundary Value
Testing
Boundary Value
Exploration
Candidates
BVE: “A collection of techniques that select
or help select inputs to detect and identify
boundary candidates.”
F. Dobslaw, F. G. de Oliveira Neto and R.
Feldt, "Boundary Value Exploration for
Software Analysis," 2020 IEEE International
Conference on Software Testing, Verification
and Validation Workshops (ICSTW), 2020.
33. felix.dobslaw@miun.se
What are the boundaries?
What are the boundary candidates?
height, weight →
Body Mass Index
Category
height in cm
weight in kg
method:
bmi(h::int, w::int)
34. felix.dobslaw@miun.se
What are the boundaries?
What are the boundary candidates?
height, weight →
Body Mass Index
Category
height in cm
weight in kg
method:
bmi(h::int, w::int)
Examples
Expected Boundary:
Healthy/Overweight
Boundary Candidate:
[ (142.2, 81), (142.2, 82) ]
35. felix.dobslaw@miun.se
What are the boundaries?
What are the boundary candidates?
height, weight →
Body Mass Index
Category
height in cm
weight in kg
method:
bmi(h::int, w::int)
Examples
Expected Boundary:
Healthy/Overweight
Boundary Candidate:
[ (142.2, 81), (142.2, 82) ]
53. felix.dobslaw@miun.se
SUT
x y
x1 x2
y1 y2
?
SUT SUT
Assert y == yexp
How to automatically mine
boundaries?
Distance Metric Examples: Jaccard, Hamming, Euclidean…
Very basic one: Strlendist
54. felix.dobslaw@miun.se
SUT
x y
x1 x2
y1 y2
?
SUT SUT
Assert y == yexp
How to automatically mine
boundaries?
Distance Metric Examples: Jaccard, Hamming, Euclidean…
Very basic one: Strlendist
Example:
30 and 31 are neighbors in the input space for field month:
Date(2021, 30, 4) → “30/4/2021”
StringLength is 9
Date(2021, 31, 4) → “ERROR, month field out of bounds.”
StringLength is 33
Strlendist = |33-9| = 24
Big difference, this seems to be a boundary candidate!
But is it an interesting one?...
62. felix.dobslaw@miun.se
Foundation: Diversity
Challenge: Describe relation between inputs and outputs for
arbitrary data types.
Proposal based on Kolmogorov Complexity
Applicable for all data types
Normalized Information Distance (NID)
“Compression trick” makes it practical
CC ~ KC
Normalized Compression Distance (NCD)
x1 x2
SUT
y1 y2
?
63. felix.dobslaw@miun.se
Foundation: Diversity
Challenge: Describe relation between inputs and outputs for
arbitrary data types.
Proposal based on Kolmogorov Complexity
Applicable for all data types
Normalized Information Distance (NID)
“Compression trick” makes it practical
CC ~ KC
Normalized Compression Distance (NCD)
x1 x2
SUT
y1 y2
?
64. felix.dobslaw@miun.se
Foundation: Diversity
Challenge: Describe relation between inputs and outputs for
arbitrary data types.
Proposal based on Kolmogorov Complexity
Applicable for all data types
Normalized Information Distance (NID)
“Compression trick” makes it practical
CC ~ KC
Normalized Compression Distance (NCD)
x1 x2
SUT
y1 y2
?
65. felix.dobslaw@miun.se
Foundation: Diversity
Challenge: Describe relation between inputs and outputs for
arbitrary data types.
Proposal based on Kolmogorov Complexity
Applicable for all data types
Normalized Information Distance (NID)
“Compression trick” makes it practical
CC ~ KC
Normalized Compression Distance (NCD)
x1 x2
SUT
y1 y2
?
74. felix.dobslaw@miun.se
Program Derivatives
R. Feldt and F. Dobslaw.
"Towards automated boundary value testing with program derivatives and search.
International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
75. felix.dobslaw@miun.se
Program Derivatives
R. Feldt and F. Dobslaw.
"Towards automated boundary value testing with program derivatives and search.
International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
76. felix.dobslaw@miun.se
Program Derivatives
R. Feldt and F. Dobslaw.
"Towards automated boundary value testing with program derivatives and search.
International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
77. felix.dobslaw@miun.se
Program Derivatives
R. Feldt and F. Dobslaw.
"Towards automated boundary value testing with program derivatives and search.
International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
78. felix.dobslaw@miun.se
Program Derivatives
R. Feldt and F. Dobslaw.
"Towards automated boundary value testing with program derivatives and search.
International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
79. felix.dobslaw@miun.se
Program Derivatives
R. Feldt and F. Dobslaw.
"Towards automated boundary value testing with program derivatives and search.
International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
80. felix.dobslaw@miun.se
Program Derivatives
P(x) is program output for input x
R. Feldt and F. Dobslaw.
"Towards automated boundary value testing with program derivatives and search.
International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
81. felix.dobslaw@miun.se
Program Derivatives
R. Feldt and F. Dobslaw.
"Towards automated boundary value testing with program derivatives and search.
International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
82. felix.dobslaw@miun.se
Program Derivatives
R. Feldt and F. Dobslaw.
"Towards automated boundary value testing with program derivatives and search.
International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
83. felix.dobslaw@miun.se
Program Derivatives
Hm… But …
R. Feldt and F. Dobslaw.
"Towards automated boundary value testing with program derivatives and search.
International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
84. felix.dobslaw@miun.se
Program Derivatives
Hm… But …
… How do I select di and do?
R. Feldt and F. Dobslaw.
"Towards automated boundary value testing with program derivatives and search.
International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
85. felix.dobslaw@miun.se
Program Derivatives
Hm… But …
… How do I select di and do?
… How do I get bmin then?
R. Feldt and F. Dobslaw.
"Towards automated boundary value testing with program derivatives and search.
International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
86. felix.dobslaw@miun.se
Program Derivatives
Hm… But …
… How do I select di and do?
… How do I get bmin then?
...
R. Feldt and F. Dobslaw.
"Towards automated boundary value testing with program derivatives and search.
International Symposium on Search Based Software Engineering. Springer, Cham, 2019.
87. felix.dobslaw@miun.se
C is the compressor (e.g. bzip2)
CDQ = Compression Difference Quotient
PDQ = Program Difference Quotient
NCD = Normalized Compression Distance
Program Derivatives
9/13
How do I select di and do?
88. felix.dobslaw@miun.se
C is the compressor (e.g. bzip2)
CDQ = Compression Difference Quotient
PDQ = Program Difference Quotient
NCD = Normalized Compression Distance
Program Derivatives
9/13
How do I select di and do?
89. felix.dobslaw@miun.se
C is the compressor (e.g. bzip2)
CDQ = Compression Difference Quotient
PDQ = Program Difference Quotient
NCD = Normalized Compression Distance
Program Derivatives
9/13
How do I select di and do?
90. felix.dobslaw@miun.se
Input Mutation
How do I get bmin then?
May require exploring the SUT’s behavior on a number of “close
values”
e.g. via Search-based Software Engineering with Mutators
121. felix.dobslaw@miun.se
● 2 proposed detection algorithms
● Program Derivative with crude metric (Strlendist)
● 4 SUTs quant + qual analysis (+200 quant only SUTs in revision)
– Limited to unit tests with integer based inputs
123. felix.dobslaw@miun.se
Preliminary Results/Conclusions
● AutoBVA detected and selected interesting
boundary candidates (potential bugs) for all 4
SUTs.
● First automated BVA in literature
– Black-box, non-formal
● Identified demand for a more scalable solution
with aggressive online selection (ongoing).
124. felix.dobslaw@miun.se
Where else can this be useful?
When does the system hit the switch?
- is that at the right time, i.e. according to specification?
- shall be a problem of the product owner, not the developer/data scientist.
Research Council
Project AQUAS
2022-2025
125. felix.dobslaw@miun.se
Where else can this be useful?
When does the system hit the switch?
- is that at the right time, i.e. according to specification?
- shall be a problem of the product owner, not the developer/data scientist.
Research Council
Project AQUAS
2022-2025
126. felix.dobslaw@miun.se
Where else can this be useful?
When does the system hit the switch?
- is that at the right time, i.e. according to specification?
- shall be a problem of the product owner, not the developer/data scientist.
Research Council
Project AQUAS
2022-2025
128. felix.dobslaw@miun.se
Learnt
Component
Programmed
Component
Software
Artifact
inputs → → outputs
Data
Science
Traditional
Software
Engineering
SE/CS vs DS/ML
Dobslaw, Felix, and Robert Feldt. "Similarities of Testing Programmed and Learnt Software." 2023 IEEE International
Conference on Software Testing, Verification and Validation Workshops (ICSTW). IEEE, 2023.
129. felix.dobslaw@miun.se
Learnt
Component
Programmed
Component
Software
Artifact
inputs → → outputs
Data
Science
Traditional
Software
Engineering
Approach
SE/CS vs DS/ML
Dobslaw, Felix, and Robert Feldt. "Similarities of Testing Programmed and Learnt Software." 2023 IEEE International
Conference on Software Testing, Verification and Validation Workshops (ICSTW). IEEE, 2023.
130. felix.dobslaw@miun.se
Learnt
Component
Programmed
Component
Software
Artifact
inputs → → outputs
Data
Science
Traditional
Software
Engineering
Approach
SE/CS vs DS/ML
Dobslaw, Felix, and Robert Feldt. "Similarities of Testing Programmed and Learnt Software." 2023 IEEE International
Conference on Software Testing, Verification and Validation Workshops (ICSTW). IEEE, 2023.
131. felix.dobslaw@miun.se
Learnt
Component
Programmed
Component
Software
Artifact
inputs → → outputs
Data
Science
Traditional
Software
Engineering
Approach
SE/CS vs DS/ML
(+ )
Dobslaw, Felix, and Robert Feldt. "Similarities of Testing Programmed and Learnt Software." 2023 IEEE International
Conference on Software Testing, Verification and Validation Workshops (ICSTW). IEEE, 2023.
132. felix.dobslaw@miun.se
Learnt
Component
Programmed
Component
Software
Artifact
inputs → → outputs
Configuration
Code
Training
Data
Training
Data
Training
Data
Data
Science
Traditional
Software
Engineering
Approach
SE/CS vs DS/ML
(+ )
Dobslaw, Felix, and Robert Feldt. "Similarities of Testing Programmed and Learnt Software." 2023 IEEE International
Conference on Software Testing, Verification and Validation Workshops (ICSTW). IEEE, 2023.
133. felix.dobslaw@miun.se
Learnt
Component
Programmed
Component
Software
Artifact
inputs → → outputs
Configuration
Code
Training
Data
Training
Data
Training
Data
Data
Science
Traditional
Software
Engineering
Approach
SE/CS vs DS/ML
(+ )
Dobslaw, Felix, and Robert Feldt. "Similarities of Testing Programmed and Learnt Software." 2023 IEEE International
Conference on Software Testing, Verification and Validation Workshops (ICSTW). IEEE, 2023.
134. felix.dobslaw@miun.se
Learnt
Component
Programmed
Component
Software
Artifact
inputs → → outputs
Configuration
Code
Training
Data
Training
Data
Training
Data
Data
Science
Traditional
Software
Engineering
Approach
SE/CS vs DS/ML
(+ )
Dobslaw, Felix, and Robert Feldt. "Similarities of Testing Programmed and Learnt Software." 2023 IEEE International
Conference on Software Testing, Verification and Validation Workshops (ICSTW). IEEE, 2023.
135. felix.dobslaw@miun.se
“...the notion of correctness is not only a binary notion...”
"...the notion of correctness is not clear..."
Yves Le Traon (ICST Keynote 2023)
157. felix.dobslaw@miun.se
Ongoing/Future Work
Program
Derivative
(PD) Summarization:
- Scalable, generalizable ways of
selecting interesting candidates.
- in support of production data
Generalization of PD:
may extend to
- execution properties
- memory use
- exec time…
- multiple/varying distance metrics
- generic (ncd, jaccard...)
- type specific (euclidean,
geographic)
158. felix.dobslaw@miun.se
Ongoing/Future Work
GUI handling:
- traces and uncommon/unexpected transitions
Program
Derivative
(PD) Summarization:
- Scalable, generalizable ways of
selecting interesting candidates.
- in support of production data
Generalization of PD:
may extend to
- execution properties
- memory use
- exec time…
- multiple/varying distance metrics
- generic (ncd, jaccard...)
- type specific (euclidean,
geographic)
159. felix.dobslaw@miun.se
Ongoing/Future Work
GUI handling:
- traces and uncommon/unexpected transitions
Program
Derivative
(PD)
How to support the tester:
- process
what steps, roles?
- tools & method
algorithms for detection/summarization
features for automated test case extraction
Summarization:
- Scalable, generalizable ways of
selecting interesting candidates.
- in support of production data
Generalization of PD:
may extend to
- execution properties
- memory use
- exec time…
- multiple/varying distance metrics
- generic (ncd, jaccard...)
- type specific (euclidean,
geographic)