Enhancing Reliability and Security through Metamorphic Testing: A Comprehensive Insight
Metamorphic Testing (MT) is a unique testing approach aimed at validating software, especially when obtaining an exact expected output is challenging.
It has gained prominence for its application in non-testable programs, including machine learning models, simulations, numerical computations, and more
recently, blockchain-based smart contracts. This article delves into the intricacies of MT, its comparative analysis with other testing methods, and
its instrumental role in bolstering the security of smart contracts.
Understanding Metamorphic Testing
Metamorphic Testing centers around identifying and utilizing Metamorphic Relations (MRs) – properties expected to hold between various inputs and outputs
of a program. The methodology involves executing an initial test case, generating follow-up test cases based on MRs, and comparing the resultant outputs
to unveil discrepancies. MT addresses the notorious "oracle problem" by offering a solution to compare relationships between different inputs and outputs
when a traditional oracle is absent.
Figure 1: Metamorphic testing high-level block diagram
Figure 1 shows a basic illustration of metamorphic testing.
- A Source Test Case is executed, and the Source Output is obtained.
- Based on Metamorphic Relations (MT Relation), a Follow-up Test Case is generated.
- The Follow-up Test Case is executed, producing the Follow-up Output.
- The Source Output and Follow-up Output are then compared based on the Metamorphic Relations to check if the software under test behaves as expected.
The principle behind metamorphic testing is to use metamorphic relations, to generate additional test cases. Here is a step-by-step process of how it works:
- Identify Metamorphic Relations (MRs):
- First, developers or testers identify metamorphic relations for the software under test. A metamorphic relation is a property of the software that
should hold true for multiple inputs and their corresponding outputs.
- For example, in a sorting program, a metamorphic relation could be that if you add a duplicate element to a list, the sorted output list should also
contain that duplicate element.
- Create Source Test Cases:
- Developers or testers create an initial set of test cases, called source test cases.
- Execute Source Test Cases:
- The source test cases are executed, and the outputs are recorded.
- Apply Metamorphic Relations
- Metamorphic relations are applied to the inputs and outputs of the source test cases to generate new test cases, called follow-up test cases.
- Execute Follow-Up Test Cases:
- The follow-up test cases are executed, and the outputs are compared with the expected results, based on the metamorphic relations.
- Check Results:
- If the outputs from the follow-up test cases do not conform to the metamorphic relations, a defect may be present in the software.
Metamorphic Testing is particularly effective for testing non-testable programs and can significantly increase the ability to uncover defects in software systems.
Example – Square Root
Let’s take the example of testing a software component responsible for calculating the square root of a number, sqrt(x)
. This is a situation where metamorphic
testing could be useful because for many values of x, it might be difficult to know the exact square root value.
Identify Metamorphic Relations (MRs)
In this scenario, a potential Metamorphic Relation (MR) could be:
If sqrt (x) = y, then sqrt (x * a2
) = y * a
This MR states that if you multiply the input x
by a perfect square a^2
, the output should be the original square root y
multiplied by a
Create Source Test Cases
Let's create a source test case with a known square root:
- Input: x=9
- Expected Output: y=3 (since sqrt(9)=3)
Execute Source Test Cases
Execute the test case with the input 9
, and the program correctly returns 3
Apply Metamorphic Relations
Using the identified MR, generate a follow-up test case. Let's choose a=2, then:
- New Input: x * a2= 9 * 4=36
- Expected Output: y * a = 3 * 2 = 6
Execute Follow-Up Test Cases
Execute the new test case with the input 36.
Check whether the output of the program for the new input 36
. If it is, then the program has passed this metamorphic test. If not, there might be a
defect in the implementation.
This example illustrates how metamorphic testing can help in generating additional test cases and uncovering defects, especially when it’s hard to
define the exact expected output for arbitrary input. This methodology is particularly useful in domains like numerical computing, machine learning,
and other fields where defining an oracle is challenging.
Comparative Analysis: MT and Other Testing/Verification Methods
Metamorphic Testing and Smart Contract Security
- Directed Testing: Directed Testing is a form of software testing where specific scenarios or execution paths are intentionally chosen for testing, based
on their perceived risk or importance. This approach contrasts with MT in that it targets predetermined paths or states, often leaving out others, while MT
focuses on relationships between different inputs and outputs and is less biased towards certain paths. MT is especially useful for uncovering unexpected defects
across a broader range of scenarios, whereas Directed Testing is more concentrated on validating known risky or important paths.
- Assertion-Based Verification (ABV): ABV embeds assertions into the codebase, with these boolean expressions specifying conditions that should always hold
true. This method contrasts with MT by being applicable at various levels of abstraction and having a broader spectrum of use cases, ranging from software to
hardware development. The static nature of ABV, where assertions are checked during simulation, stands in contrast to the dynamic nature of MT.
- Formal Verification: Formal Verification employs mathematical methods to prove or disprove the correctness of a system against a formal specification. It
provides exhaustive coverage and guarantees of correctness, given accurate formal specification. The computational intensity and specialized knowledge required
for Formal Verification distinguish it from MT, which is less complex and easier to implement.
Smart contracts, self-executing contracts with the terms directly written into code, are cornerstone elements in blockchain ecosystems. Ensuring their security
is paramount, and MT steps into this domain by systematically uncovering vulnerabilities and verifying the contract's correctness.
Truscova and Metamorphic Testing
- Detecting Inconsistencies: MT identifies inconsistencies in smart contract behavior by testing various input combinations and observing whether MRs hold,
aiding in the detection of vulnerabilities like reentrancy and integer overflow.
- Addressing Oracle Problems: MT is instrumental where traditional oracles are hard to define, utilizing MRs to check relationships between different inputs
and outputs, essential for contracts exhibiting non-testable behaviors.
- Exhaustive Testing and State Consistency: The generation of a variety of input scenarios and follow-up test cases helps uncover hidden vulnerabilities and
ensure the contract maintains a consistent and secure state across transactions.
- Parameter Manipulation: MT’s ability to manipulate parameters and observe the resultant behavior of the smart contract is crucial in identifying vulnerabilities
related to input manipulation and ensuring the robustness of the contract.
Truscova’s integration of MT into its security auditing services showcases its commitment to employing cutting-edge technologies to enhance smart contract security.
The methodology’s ability to detect inconsistencies, manipulate parameters, and ensure state consistency aligns with Truscova’s mission to provide comprehensive
Metamorphic Testing emerges as a pivotal methodology in the landscape of software testing and verification. Its unique approach in handling non-testable programs
and addressing the oracle problem sets it apart from other methods like Directed Testing, ABV, and Formal Verification. The application of MT in securing smart
contracts highlights its versatility and significance in contemporary software development. By uncovering hidden vulnerabilities and ensuring the correctness of
software, Metamorphic Testing continues to be an invaluable asset in enhancing software reliability and security.
Truscova comes with 30+ years of academic research and hundreds of academic publications which pioneered the area of Formal Verification.
The team combines academic leadership, industrial strength and Blockchain expertise. Truscova currently analyzes Solidity code combining Formal
Verification techniques: abstract interpretation, constraint solving, theorem proving, and equivalence checking.