Mind the Gap

What Working With Developers on Fuzz Tests Taught Us About Coverage Gaps

Conference paper (2024)

Authors

C.E. Brandt Software Engineering -

Marco Castelluccio Mozilla Corporation

Christian Holler Mozilla Corporation

Jason Kratzer Mozilla Corporation

A.E. Zaidman Software Technology

Alberto Bacchelli University of Zürich

Research Group

Software Engineering () (TU Delft)

More Info

expand_more

To reference this document use:

http://resolver.tudelft.nl/uuid:e6aeeade-1e37-42d1-9743-3b7b89b67f94

Published Date

2024

Language

English

Faculty

Electrical Engineering, Mathematics and Computer Science

Department

Software Technology

Research Group

Software Engineering

Abstract

Can fuzzers generate partial tests that developers find useful enough to complete into functional tests (e.g., by adding assertions)? To address this question, we develop a prototype within the Mozilla ecosystem and open 13 bug reports proposing partial generated tests for currently uncovered code. We found that the majority of the reactions focus on whether the targeted coverage gap is actually worth testing. To investigate further which coverage gaps developers find relevant to close, we design an automated filter to exclude irrelevant coverage gaps before generating tests. From conversations with 13 developers about whether the remaining coverage gaps are worth closing when a partially generated test is available, we learn that the filtering indeed removes clearly non-test-worthy gaps. The developers propose a variety of additional strategies to address the coverage gaps and how to make fuzz tests and reports more useful for developers.

Files

3639477.3639721.pdf

(.pdf | 1.9 Mb)