# Random Testing

When creating a random testing suite, it's helpful to include parameters in the output file. This helps make any testing failures reproducible.

Assertions become even more important in random testing. They allow us to easily spot and trace any errors that may arise during testing. Less rigorous assertions allow silent errors to propogate through our code, which is the worst case scenario in testing.

<img src='../images/Screen Shot 2019-04-09 at 7.18.16 AM.png' />


# Testing a Unix Utility

<img src='../images/Screen Shot 2019-04-09 at 7.38.31 AM.png' />

# Fault Injection

**Fault Injection:** a technique for improving the coverage of a test by introducing faults to test code paths, in particular error handling code paths, that might otherwise rarely be followed.


# Input Validity

Random testing should cover the codebase somewhat proportionally. Think about the domain you're trying to target when testing for input validity.

<img src='../images/Screen Shot 2019-04-09 at 10.51.11 AM.png' />


## Example: Browser Input Validity

Here's a visual representation of the above concept. If the inputs are completely random, we don't get to hit much of the higher-order functionality.

<img src='../images/Screen Shot 2019-04-09 at 11.03.58 AM.png' />


# Luhn's Algorithm

<img src='../images/Screen Shot 2019-04-09 at 11.22.27 AM.png' />

<img src='../images/Screen Shot 2019-04-09 at 11.23.05 AM.png' />

<img src='../images/Screen Shot 2019-04-09 at 11.23.54 AM.png' />

<img src='../images/Screen Shot 2019-04-09 at 11.24.34 AM.png' />

In [7]:
# concise definition of the Luhn checksum:
#
# "For a card with an even number of digits, double every odd numbered
# digit and subtract 9 if the product is greater than 9. Add up all
# the even digits as well as the doubled-odd digits, and the result
# must be a multiple of 10 or it's not a valid card. If the card has
# an odd number of digits, perform the same addition doubling the even
# numbered digits instead."
#
# for more details see here:
# http://www.merriampark.com/anatomycc.htm
#
# also see the Wikipedia entry, but don't do that unless you really
# want the answer, since it contains working Python code!
# 
# Implement the Luhn Checksum algorithm as described above.

# is_luhn_valid takes a credit card number as input and verifies 
# whether it is valid or not. If it is valid, it returns True, 
# otherwise it returns False.

import random

# Goal: random tester for credit card processor


def luhn_checksum(n):
    # Checks the checksum digit for a credit card number n
    # Applies Luhn's algorithm on the overall card number
    old_number = str(n)
    new_number = ""
    for i in range(len(old_number)):
        if (i + 1) % 2 == len(old_number) % 2:
            new_digit = int(old_number[i]) * 2
            while new_digit > 9:
                new_digit -= 9
        else:
            new_digit = int(old_number[i])
        new_number += str(new_digit)
    
    return sum(map(int, new_number)) % 10

def is_luhn_valid(n):
    # Checks whether the 
    return luhn_checksum(n) == 0

def generate(pref, l):
    account_number = pref
    for i in range(l - len(pref)):
        account_number += str(random.randint(0, 9))
    while not is_luhn_valid(int(account_number)):
        account_number = pref
        for i in range(l - len(pref)):
            account_number += str(random.randint(0, 9))
        
    return int(account_number)

generate("4117", 15)

411760573367906

# Mandatory Input Validity

We want to keep inputs valid because the point of random testing is usually to ensure that the software holds up to whatever our users throw at it. If we start throwing inputs that are not realistic, they end up waisting our software engineers' time because now human time is being spent looking at situations that the SUT wouldn't have to deal with anyway.

<img src='../images/Screen Shot 2019-04-10 at 6.40.44 AM.png' />


# Complaints About Random Testing

<img src='../images/Screen Shot 2019-04-10 at 6.42.34 AM.png' />

<img src='../images/Screen Shot 2019-04-10 at 6.43.28 AM.png' />

<img src='../images/Screen Shot 2019-04-10 at 6.44.02 AM.png' />


# Fuzzing

**Fuzzing:** a quality assurance technique used to discover coding errors and security loopholes in software, operating systems or networks. It involves inputting massive amounts of random data, called fuzz, to the test subject in an attempt to make it crash.

<img src='../images/Screen Shot 2019-04-10 at 6.45.52 AM.png' />


# Fuzzing for Penetration Testing

**Penetration Testing:** also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually.


# Historical Bugs

<img src='../images/Screen Shot 2019-04-10 at 7.03.36 AM.png' />


## Fdiv

One caveat in random testing is that you need a way to get to ground truth. In order to catch the Pentium fdiv bug, they'd need to check it against their existing 487 FPU algorithm. If they ran the tester constantly, their expected value was about .96 failures per day based on the hardware that was available at the time.

<img src='../images/Screen Shot 2019-04-10 at 7.09.36 AM.png' />


## 1988 Internet Worm

<img src='../images/Screen Shot 2019-04-10 at 7.16.13 AM.png' />


## APIs

<img src='../images/Screen Shot 2019-04-10 at 7.23.30 AM.png' />


# Fuzzing Filesystems

**Test-case reduction:** the process of taking some value (a test case, usually represented as a sequence of bytes, though in property-based testing land it can be an arbitrary value) that demonstrates some property of interest (usually that it triggers a bug in some program) and turning it into a smaller and simpler test case with the same property.

<img src='../images/Screen Shot 2019-04-10 at 7.35.55 AM.png' />


# Generating Random Inputs

<img src='../images/Screen Shot 2019-04-10 at 7.53.46 AM.png' />


# Mutation-Based Random Testing

<img src='../images/Screen Shot 2019-04-10 at 7.57.54 AM.png' />


# Oracles

<img src='../images/Screen Shot 2019-04-10 at 8.00.46 AM.png' />


## Weak and Medium Oracles

<img src='../images/Screen Shot 2019-04-10 at 8.04.54 AM.png' />


## Strong Oracles: Overview

<img src='../images/Screen Shot 2019-04-10 at 8.06.59 AM.png' />


## Strong Oracles: Function Inverse Pair

**Examples:**
- Assembler / disassembler
- Encryption / decryption
- Compression / decompression
- Save / load
- Transmit / receive
- Encode / decode
    - Audio
    - Video

<img src='../images/Screen Shot 2019-04-10 at 8.07.44 AM.png' />


## Strong Oracles: Null Space Transformations

**Null Space Transformation:** Transform the test case in a non-trivial way while preserving the meaning of the test case. Ex: a + b vs (a + (b)).

<img src='../images/Screen Shot 2019-04-10 at 8.15.34 AM.png' />


In [35]:
from pprint import pprint

def check_rows(grid):
    num_values = 0
    
    if len(grid) != 9 or not all([len(grid[i]) == 9 for i in range(len(grid))]):
        return num_values, None
    
    for i in range(len(grid)):
        values = set()
        for j in range(len(grid[0])):
            if grid[i][j] == 0:
                continue
            else:
                if grid[i][j] in values:
                    return num_values, False
                values.add(grid[i][j])
                num_values += 1
                
    return num_values, True

def check_columns(grid):
    for j in range(len(grid[0])):
        values = set()
        for i in range(len(grid)):
            if grid[i][j] == 0:
                continue
            else:
                if grid[i][j] in values:
                    return False
                values.add(grid[i][j])
                
    return True

def check_subgrids(grid):
    for row_start in range(0, 7, 3):
        for col_start in range(0, 7, 3):
            for i in range(row_start, row_start + 3):
                values = set()
                for j in range(col_start, col_start + 3):
                    if grid[i][j] == 0:
                        continue
                    else:
                        if grid[i][j] in values:
                            return False
                        values.add(grid[i][j])
                        
    return True

def validate_sudoku(grid):
    num_values, row_valid = check_rows(grid)
    if not row_valid:
        return num_values, row_valid
    col_valid = check_columns(grid)
    if not col_valid:
        return num_values, False
    subgrid_valid = check_subgrids(grid)
    if not subgrid_valid:
        return num_values, False
    return num_values, True

def find_next_cell(grid):
    least_restrictive_values = list(range(1, 10))
    least_restrictive_cell = None
    row_possibilities = {}
    col_restrictions = {}
    subgrid_restrictions = {}
    
    # Row possibilities
    for i in range(len(grid)):
        row_possibilities[i] = set(range(1, 10)) - set(grid[i]) - set([0])
    
    # Column restrictions
    for j in range(len(grid[0])):
        col_restrictions[j] = set([grid[i][j] for i in range(len(grid[i]))]) - set([0])
    
    # Subgrid restrictions
    for row_start in range(0, 7, 3):
        for col_start in range(0, 7, 3):
            subgrid_restrictions[(row_start, col_start)] = set()
            for i in range(row_start, row_start + 3):                
                for j in range(col_start, col_start + 3):
                    if grid[i][j] == 0:
                        continue
                    else:
                        subgrid_restrictions[(row_start, col_start)].add(grid[i][j])
    
    # Find cell with fewest possible values
    for i in range(len(grid)):
        for j in range(len(grid[0])):
            if grid[i][j] == 0:
                row_start = i // 3 * 3
                col_start = j // 3 * 3                
                possible_values = row_possibilities[i] - col_restrictions[j] - subgrid_restrictions[(row_start, col_start)]
                if len(possible_values) <= len(least_restrictive_values):
                    least_restrictive_values = possible_values
                    least_restrictive_cell = (i, j)
                    
    return least_restrictive_cell, least_restrictive_values
            
    

def check_helper(grid):
    num_values, valid = validate_sudoku(grid)
    if num_values == 81 or not valid:
        return valid, grid
    
    next_cell, possible_values = find_next_cell(grid)
    
    for possible_value in possible_values:
        grid[next_cell[0]][next_cell[1]] = possible_value
        valid, solved_grid = check_helper(grid)
        if not valid:
            grid[next_cell[0]][next_cell[1]] = 0
        else:
            return valid, solved_grid
        
    return False, grid

def check_sudoku(grid):
    # Checks whether a grid is solved or can potentially
    # be solved.
    
    num_values, valid = validate_sudoku(grid)
    
    if not valid:
        return valid, grid
    elif valid and num_values == 81:
        return True, grid
    
    valid, solved_grid = check_helper(grid)
    return valid, solved_grid

def solve_sudoku(grid):
    valid, solved_grid = check_sudoku(grid)
    if not valid:
        return valid
    return solved_grid
    

test_grid = [[5,3,4,6,7,8,9,1,2],
              [6,7,2,1,9,5,3,4,8],
              [1,9,8,3,4,2,5,6,7],
              [8,5,9,7,6,1,4,2,3],
              [4,2,6,8,5,3,7,9],  # <---
              [7,1,3,9,2,4,8,5,6],
              [9,6,1,5,3,7,2,8,4],
              [2,8,7,4,1,9,6,3,5],
              [3,4,5,2,8,6,1,7,9]]

solve_sudoku(test_grid)

None


In [14]:
def test_recursion_helper(matrix, count):
    if count == 9:
        return matrix, count
    
    for i in range(count, 5):
        value = i + 5
        print("Matrix before:", matrix)
        matrix[0][value] = value
        new_matrix, count = test_recursion_helper(matrix, value)
        if count == 9:
            print("Matrix after:", matrix)
            print("New matrix after:", new_matrix)
            return new_matrix, count
            
        else:
            matrix[0][value] = None
            print("Matrix after:", matrix)
            
    return matrix, count
    
def test_recursion():
    matrix = [[None for i in range(10)]]
    count, new_matrix = test_recursion_helper(matrix, 0)
    return new_matrix

test_recursion()

('Matrix before:', [[None, None, None, None, None, None, None, None, None, None]])
('Matrix after:', [[None, None, None, None, None, None, None, None, None, None]])
('Matrix before:', [[None, None, None, None, None, None, None, None, None, None]])
('Matrix after:', [[None, None, None, None, None, None, None, None, None, None]])
('Matrix before:', [[None, None, None, None, None, None, None, None, None, None]])
('Matrix after:', [[None, None, None, None, None, None, None, None, None, None]])
('Matrix before:', [[None, None, None, None, None, None, None, None, None, None]])
('Matrix after:', [[None, None, None, None, None, None, None, None, None, None]])
('Matrix before:', [[None, None, None, None, None, None, None, None, None, None]])
('Matrix after:', [[None, None, None, None, None, None, None, None, None, 9]])
('New matrix after:', [[None, None, None, None, None, None, None, None, None, 9]])


9