9:00～9:10

Chair

Introduction of this forum

9:10～9:40

Rui Chen

Beijing Institute of Control Engineering

An integrated dependability testing cloud   platform for aerospace embedded software

To make the testing toolchain fully   automatically, we built an integrated dependability testing cloud platform   which provides the infrastructure for continuous accumulation of domain   practice and testing data. In this talk, we will share how the Cloud platform   provides integrated and automated dependability testing for aerospace   embedded software. The Cloud platform has been applied to more than 10   million lines of aerospace embedded software code, greatly improving the   efficiency of traditional testing and regression testing.

9:40～10:10

Yang   Liu

The   cybersecurity lab in National University of Singapore

Data driven vulnerability analysis and management

Finding vulnerability is an eternal problem   in software development. The recent advance in vulnerability detection using   static analysis and dynamic analysis has shown promising results. However,   the high false positive rate for static analysis and slow execution for   dynamic analysis have still limited the wide adoption in the daily   development. In this talk, we will present some recent work on effective   combination of static analysis and dynamic analysis to find vulnerabilities.   We first propose the metrics-based and learning-based approaches to identify   the vulnerable functions. Then we develop directed fuzzing techniques to   detect vulnerabilities in these functions. To demonstrate the effectiveness,   we have applied our techniques to detect known and unknown vulnerabilities in   various open source software. This leads to a complete vulnerability database   for open source software. To further help developers to manage the security   of open source software, we have developed a commercial platform to perform   software composition analysis and manage known and unknown vulnerabilities   through the software development life cycle.

10:10～10:40

Ran Liu

Thoughtworks

Agile Threat Modelling

Agile Threat Modelling instead is to find   the highest value security work we can do, and get it into the team’s backlog   right away. We do this by applying a timebox so we are threat modelling   “little and often”. We capture a new and different partial view of the system   each time we do threat modelling rather than overthinking it. Over time, we   try lots of perspectives and zoom levels on the system- threat modelling   becomes an agile continuous process!

10:40～11:00

Coffee Break

11:00～11:30

Xiao Xiao, SourceBrella

Using static analysis to identify error code misuses in   financial systems

In this talk, we will discuss the challenges we met and   the solutions: a semi-automatic approach for specification generation and a   whole-program range analysis to infer the possible values of returned error   codes. We will also talk about the engineering effort we have made to resolve   the compiler compatibility problems and to integrate with existing software   build systems

11:30～12:00

Hui Zeng，Nuclear Power Institute of China of CNNC

The software V&V of Nuclear Advanced   Safety DCS Platform

Nuclear Advanced Safety Platform of I&C   (NASPIC), which was officially published on December 6, 2018. This platform   has completely independent intellectual property rights, and has passed the   highest functional safety certification, including some key indexes at   international advanced level. To guarantee NASPIC R&D and the subsequent   supply requirements of nuclear safety level DCS, software V&V is   conducted in a standard way. The Institute has established V&V working   procedures and program, built complete software V&V system. Through the   review of the operation of V&V system and the system software V&V   results, our IV&V system and IV&V capability have been admitted by   supervision units.

13:30～14:00

Angela Wan，Huawei

HUTAF TestBot-Practice and Tools in AI for Testing

We describe how to implement AI algorithm   and deep learning models for efficiency improvement of R&D SW testing   process within Huawei. It’s an end-to-end AI application within SW testing   activities, including black-box test model recommendation and partially   auto-generation, GUI test automation, test case execution optimization and   fault classification. We also build-up a tool chain called “HUTAF TestBot”,   to offer the AI-assisted testing services for both CT and IT product develop   units.

14:00～14:30

Renwei Zhang，Huawei

Memory safety of ICT systems : A case study   of Dynamic testing at Huawei

In this talk, we will share some experience   of dynamic testing method and tools at Huawei, as well as the process that   how we choose different solutions to different test scenarios. At last, we   will also introduced the future work directions based on current challenges   in dynamic testing at Huawei.

14:30～15:00

Lei Wang， Baidu

A new novel testing method of AI models

1 using the input of multi-dimensional data,   the effect of the model in multiple scenarios is more accurately verified, so   that the test results are closer to the performance in the actual application   environment；2 based on the concept of code coverage, the   AI model is covered with neurons, and a small amount of test data is achieved   to effectively complete testing.

15:00～15:30

Pengyu Li

Beijing Sunwise Information Technology Ltd.

Research on Software Multiple Fault Localization Method   Based on Machine Learning

Despite the research of neural network and   decision tree has made some progress in software multiple fault localization,   there is still a lack of systematic research on various algorithms of machine   learning. A software multiple fault localization research framework based on   machine learning is proposed. The process is taking the Mid function as an   example, compares and analyzes the performance of 22 machine learning models   in software multiple fault localization. Finally, the optimal machine   learning method is verified in the multiple fault localization of the Siemens   suite dataset. The experimental results show that the machine learning based   on Random Forest algorithm has more accuracy and significant positioning   efficiency.

15:30～15:50

Coffee Break

15:50～16:25

Huang Chen

Beijing Sunwise Information Technology Ltd.

Research and Application of Automatic Case Generation   Based on Full-Digital Simulation Test Platform

A method of automatic generation of test   cases based on full digital simulation test platform is proposed in this   report. A keyword-driven automated testing framework is established to form a   hierarchical keyword library, extract common requirement elements, and build   a typical use case model. Through configuring fault mode and attribute   parameters, new rules can be added online. Machine-driven generates   standardized and normalized typical use case sets with full coverage of   statement branches, which can be automatically operated directly on the full   digital simulation test platform. In addition, the simulation test platform   can automatically identify and interpret test results, store test data and   generate test reports

16:25～17:00

Chunrong Fang

Nanjing Mooctest Information Technology   Co., Ltd.

Collective intelligence based crowdsourced testing

Several critical issues exist in the   traditional competition-based crowdsourced testing platforms, such as bug   report duplication, and low-quality content in bug reports, which leads to a   waste of testing resource. In this report, we propose a collective   intelligence based crowdsourced testing framework, MT-Crowd. MT-crowd aids   the crowdsourced testing process by introducing collective collaboration and   quality control. The preliminary results show that MT-Crowd can enhance bug   report quality and reduce bug report duplication.

17:00～17:35

Mingang Chen

Shanghai Key Laboratory of Computer   Software Testing & Evaluating

Methodology and Practice of Testing AI Application

AI is empowering all walks of life，and   changing the way people live and produce. This speech will analyze challenges   of AI as a new programming paradigm, and explore the process, methods and   strategies of AI testing from a methodological perspective.

17:35～18:05

Yan Yunqiang

Computer Application Institute, China   Academy of Engineering Physics, Mianyang

Test Case Design Method Based on Path Depth   Coverage

Aiming at the problem of scientific   coverage and sampling of test design for complex embedded software system   based on different granularity and risk level of users, the paper proposes a   hierarchical system test modeling method based on SysML activity diagram, and   designs a test case generation algorithm based on path coverage depth, which   effectively solves multi-constraint conditions (constraints such as path   coverage, data coverage and conditional combination coverage). Finally, a   typical embedded software system is used to validate the effectiveness of the   design method