Advanced Program Testing
Code | Completion | Credits | Range | Language |
---|---|---|---|---|
NI-APT | Z,ZK | 5 | 2P+1C | English |
- Garant předmětu:
- Pierre Donat-Bouillud
- Lecturer:
- Pierre Donat-Bouillud
- Tutor:
- Pierre Donat-Bouillud
- Supervisor:
- Department of Theoretical Computer Science
- Synopsis:
-
Testing a program is essential to ensure that a program respects its specification, that changes do not introduce regressions or security issues. The goal of the course is to present advanced program testing techniques, beyond writing unit tests, especially fuzzing and symbolic execution.
- Requirements:
-
The students are expected to be familiar with the basic notions of testing, such as unit testing (such as presented in BI-OOP).
- Syllabus of lectures:
-
1. Introduction - specification testing
2. Coverage - structural testing
3. Property-based testing and random fuzzing
4. Test-case minimization
5. Mutation-based fuzzing and mutation analysis
6. Greybox fuzzing and search-based fuzzing
7. Syntactic fuzzing: fuzzing with (possibly probabilistic) grammars
8. Syntactic fuzzing: greybox fuzzing with grammars, mining input grammars
9. Domain-specific fuzzing
10. Concolic fuzzing
11. Symbolic fuzzing
12. Practical fuzzing: when to stop, infrastructure for fuzzing at scale
13. Current research (e.g. differential fuzzing for JS engines)
- Syllabus of tutorials:
-
1. Coverage and code coverage tools
2. Test-case minimization
3. Greybox fuzzer
4. Greybox fuzzer with grammar
5. Concolic fuzzing
6. Project consultation
- Study Objective:
-
Testing a program is essential to ensure that a program respects its specification, that changes do not introduce regressions or security issues. The goal of the course is to present advanced program testing techniques, beyond writing unit tests, especially fuzzing and symbolic execution.
- Study materials:
-
Aniche, Maurício. Effective Software Testing: A developer's guide. Simon and Schuster, 2022. ; Zeller, Andreas, et al. „The fuzzing book.“ (2019).
Pezzè, Mauro, and Michal Young. Software testing and analysis: process, principles, and techniques. John Wiley & Sons, 2008.
Baldoni, Roberto, Emilio Coppa, Daniele Cono D’elia, Camil Demetrescu, and Irene Finocchi. “A Survey of Symbolic Execution Techniques.” (2018).
The Fuzzing Book<https://www.fuzzingbook.org/>.
- Note:
- Further information:
- https://courses.fit.cvut.cz/NI-APT/
- Time-table for winter semester 2024/2025:
-
06:00–08:0008:00–10:0010:00–12:0012:00–14:0014:00–16:0016:00–18:0018:00–20:0020:00–22:0022:00–24:00
Mon Tue Wed Thu Fri - Time-table for summer semester 2024/2025:
- Time-table is not available yet
- The course is a part of the following study plans:
-
- Master specialization Computer Security, in Czech, 2020 (elective course)
- Master specialization Design and Programming of Embedded Systems, in Czech, 2020 (elective course)
- Master specialization Computer Systems and Networks, in Czech, 202 (elective course)
- Master specialization Management Informatics, in Czech, 2020 (elective course)
- Master specialization Software Engineering, in Czech, 2020 (elective course)
- Master specialization System Programming, in Czech, version from 2020 (elective course)
- Master specialization Web Engineering, in Czech, 2020 (elective course)
- Master specialization Knowledge Engineering, in Czech, 2020 (elective course)
- Master specialization Computer Science, in Czech, 2020 (elective course)
- Mgr. programme, for the phase of study without specialisation, ver. for 2020 and higher (elective course)
- Study plan for Ukrainian refugees (elective course)
- Master specialization System Programming, in Czech, version from 2023 (PS, elective course)
- Master specialization Computer Science, in Czech, 2023 (elective course)