Researchers at the National Institute of Standards and Technology (NIST) have released an updated version of a tool that can efficiently find bugs in software.
Based on studies of software crashes in applications, including medical devices and web browsers, NIST’s Rick Kuhn and other researchers determined that between 70 and 95 per cent of software failures are triggered by only two variables interacting and practically 100 per cent of software failures are triggered by no more than six.
’Testing every combination, up to six variables can be as good as exhaustive testing,’ said NIST researcher Raghu Kacker.
Working with researcher Jeff Yu Lei and his students from the University of Texas at Arlington, the NIST researchers designed a freely distributed software tool called the Advanced Combinatorial Testing System (ACTS) to generate plans for efficiently testing combinations of two to six interacting variables. The method goes beyond the commonly used ’pairwise’ approach to software testing, which tests combinations of two variables, so it can detect more obscure flaws.
The first version of ACTS was released in 2008. Since then, it has been distributed at no cost to 465 organisations and individuals in industry, academia and government. ’About half of our users are in IT, but other heavy users are in the financial, defence and telecommunications sectors,’ said Kuhn.
NIST released the latest update of ACTS in October. The new version includes an improved user interface and a better method of specifying relationships between parameters for testing. This can eliminate the problem, for example, of spending time on tests for invalid combinations, such as using Internet Explorer on a Linux system.
The NIST researchers have also developed a new tutorial – Practical Combinatorial Testing – that explains the use of the software tool for generating combinatorial tests.