This course introduces students to advanced topics on managing the quality of products delivered as part of a software development project and managing the development process itself through static and dynamic software analysis techniques. 

Several causal aspects of poor software quality will be introduced and discussed so that students can understand the context for undertaking risk management and avoiding bad quality. There will be a focus on practical techniques for identifying and removing defects, as well as implementing procedures to track the success or failure of risk and defect resolutions. 

Several automatic software quality analysis techniques, including static program analysis and fuzzing techniques, will also be covered. These techniques are useful for improving the reliability, security, and performance of software and are becoming increasingly impactful in industries today. The course will introduce various well-known static program analysis frameworks such as Soot and dynamic testing techniques like symbolic execution. Practical implementations will also be covered, including live variable analysis, constant propagation, dead code detection, call graph construction, pointer analysis, taint analysis, and symbolic execution. 

Learning Outcomes

Upon successful completion, students will have the knowledge and skills to:

1. Explore and understand the notion of software quality measurement techniques, and analyzing product and process quality.
2. Analyze and identify software quality attributes for a small to medium-sized software system.
3. Analyze and report code quality issues using modern code review practices with tools and measures.
4. Evaluate test strategies and plans for real-world software projects, using ISTQB (International Software Testing Qualifications Board) knowledge to justify decisions on resource allocation, risk management, and selection of testing techniques.
5. Explore how to use fuzzing techniques to detect vulnerabilities through automated test case generation.
6. Assess and apply practical static and dynamic techniques for fundamental program analyses.

Required Resources

Here are some public textbooks for anyone interested in automatic methodologies for software quality assurance utilized in both academia and industry:

Static Program Analysis

The fuzzing book

Principles of program analysis

Recommended Resources

Whether you are on campus or studying online, there are a variety of online platforms you will use to participate in your study program. These could include videos for lectures and other instruction, two-way video conferencing for interactive learning, email and other messaging tools for communication, interactive web apps for formative and collaborative activities, print and/or photo/scan for handwritten work and drawings, and home-based assessment.

ANU outlines recommended student system requirements to ensure you are able to participate fully in your learning. Other information is also available about the various Learning Platforms you may use.

Staff Feedback

Students will be given feedback in the following forms in this course:

• written comments
• verbal comments
• feedback to whole class, groups, individuals, focus group etc

Student Feedback

ANU is committed to the demonstration of educational excellence and regularly seeks feedback from students. Students are encouraged to offer feedback directly to their Course Convener or through their College and Course representatives (if applicable). Feedback can also be provided to Course Conveners and teachers via the Student Experience of Learning & Teaching (SELT) feedback program. SELT surveys are confidential and also provide the Colleges and ANU Executive with opportunities to recognise excellent teaching, and opportunities for improvement.

Other Information

Workload

130 hours of student learning time across the semester includes:

• 3 hours scheduled time each week (2 lectures and one 1-hour lab) for 12 weeks.
• Students are expected to spend an average of 7-8 hours per week outside of scheduled labs practicing programming which includes:
• work on assignments, practice exercises, online activities, independent research, reading and writing, group meetings and activities for group projects.

ChatGPT

This course introduces fundamental concepts that can be enhanced using Generative AI tools, such as ChatGPT. Therefore, the use of Generative AI is not only permitted but also encouraged, especially for tasks like prompt engineering to guide test case generation, which is one of the major assignments in the course.

Class Schedule

Week/Session	Summary of Activities	Assessment
1	Introduction to Software Quality Assurance and Testing	Students are expected to participate in the tutorials and labs in which they enrolled.Drop-Ins are open to all students in the cohort.
2	Test Suite Quality Metrics
3	Software Inspection and Reviews
4	Test Inputs, Oracles and Generation
5	Dynamic Analysis Tools
6	Static Analysis – Data Flow Analysis (I)
7	Static Analysis – Data Flow Analysis (II)
8	Fault Localization and Profiling
9	Artificial Intelligence for Software Engineering (AI4SE)
10	Software Engineering for Artificial Intelligence (SE for AI)
11	Software Security and Reliability
12	Wrap Up/Guest Speaker/Individual or Group Presentation

Tutorial Registration

ANU utilises MyTimetable to enable students to view the timetable for their enrolled courses, browse, then self-allocate to small teaching activities / tutorials so they can better plan their time. Find out more on the Timetable webpage.

Assessment Summary

Assessment task	Value	Learning Outcomes
Individual Assignment - 30%	30 %	1,2,3
Individual Assignment - 30%	30 %	4
Individual Assignment - 40% - Hurdle	40 %	5, 6

* If the Due Date and Return of Assessment date are blank, see the Assessment Tab for specific Assessment Task details

Policies

ANU has educational policies, procedures and guidelines , which are designed to ensure that staff and students are aware of the University’s academic standards, and implement them. Students are expected to have read the Academic Integrity Rule before the commencement of their course. Other key policies and guidelines include:

• Academic Integrity Policy and Procedure
• Student Assessment (Coursework) Policy and Procedure
• Extenuating Circumstances Application
• Student Surveys and Evaluations
• Deferred Examinations
• Student Complaint Resolution Policy and Procedure
• Code of practice for teaching and learning

Assessment Requirements

The ANU is using Turnitin to enhance student citation and referencing techniques, and to assess assignment submissions as a component of the University's approach to managing Academic Integrity. For additional information regarding Turnitin please visit the Academic Skills website. In rare cases where online submission using Turnitin software is not technically possible; or where not using Turnitin software has been justified by the Course Convener and approved by the Associate Dean (Education) on the basis of the teaching model being employed; students shall submit assessment online via ‘Wattle’ outside of Turnitin, or failing that in hard copy, or through a combination of submission methods as approved by the Associate Dean (Education). The submission method is detailed below.

Moderation of Assessment

Marks that are allocated during Semester are to be considered provisional until formalised by the College examiners meeting at the end of each Semester. If appropriate, some moderation of marks might be applied prior to final results being released.

Examination(s)

This course does NOT include a final examination.

All assignments are strictly individual tasks. No collaboration of any sort is permitted.

The hurdles and assignments are indicated in this page.

The use of Generative API tools is strictly prohibited.

Assessment Task 1

Individual Assignment - 30%

In this assignment you will use tools to automatically create high-coverage test suites for different programs.

The associated test input (and oracle!) generation tool is EvoSuite, version 1.0.5. Mirror copies of evosuite-1.0.5.jar and evosuite-standalone-runtime-1.0.5.jar are available, but you should visit the project webpage for documentation. EvoSuite generates unit tests (cf. JUnit) for Java programs.

The subject program is defects4j,  a collection of reproducible bugs and a supporting infrastructure with the goal of advancing software engineering research.

You must create a written PDF report reflecting on your experiences with automatic test generation. In particular:

1. In a few sentences, your report should describe test cases that Evosuite created. You should also indicate how many tests your run of EvoSuite created, your total runtime, and the final coverage of the EvoSuite-created test suite (use the software metrics described in lecturer to compute coverage).
2. Look at evosuite-report/statistics.csv and compare it to target/site/cobertura/index.html. In a few sentences, compare and contrast the branch coverage of the manually-created test suite to the EvoSuite-created test suite.
3. Choose one class for which EvoSuite produced higher coverage than the human tests (if no such class exists, choose EvoSuite's "best" class). Look at the corresponding tests. (You will have to look carefully at the automatically- and manually-generated tests to answer this question.) In one paragraph, indicate the class and explain the discrepancy. For example, in your own words, what is EvoSuite testing that the humans did not? Why is EvoSuite more likely to generate such a test? What do you think of the quality of the tests? The readability? Suppose a test failed. Would the test's failure help you find the bug?
4. Choose one class for which EvoSuite produced lower coverage than the human tests (if no such class exists, choose EvoSuite's "worst" class). Elaborate and reflect as above, but also offer a hypothesis for why EvoSuite was unable to produce such a test: bring in your knowledge of how EvoSuite works.

Assessment Task 2

Individual Assignment - 30%

In this assignment you will use two different static analysis tools to automatically detect potential defects.

The first static analysis tool is GrammaTech's CodeSonar, which focuses on security issues, as well as memory, resource and concurrency defects. CodeSonar is a commercial tool used in activities such as DO-178B avionics certification; we have obtained an academic license for its use in this class.

The second static analysis tool is Facebook's Infer, which focuses on memory errors, leaks, race conditions, and API issues. Infer is open source.

Written Report

You must write a detailed PDF report reflecting on your experiences with these static analysis defect detection tools.  In particular, all of the following are required:

1.[Setup] In a few sentences, describe your setup experiences with each applicable tool. (Yes, we know you did not directly set up CodeSonar.) This might include dependencies, installing it, runtime, etc.

2.[Usability] In a few sentences, compare and contrast your usability experiences with each tool. This might include locating the reports, navigating the report or documentation website, etc.

3.[Overall] Compare and contrast the quality and details of the reports generated by Infer and CodeSonar. At a high level, what did each tool do well? How might each tool be improved? Comment on defect report categorizations (e.g., Reliability, NULL_DEREFERENCE, Security, etc.). Did you observe any "duplicate" defect reports (i.e., the same underlying issue was reported in terms of multiple different symptoms) within the same tool? How much overlap did you observe between the issues reported by the two tools? What are the costs (in general, including developer time, monetary cost, risks, training, etc., and anything else mentioned at any point in class) associated with each tool?

4.[CVE] Choose two of the CVEs associated with defects4j. For each tool, describe whether or not that tool reported the issue associated with the CVE (or would otherwise have pointed you to it). You should choose one CVE such that at least one tool points out the CVE in some manner (if you find one); then, separately, you should choose one CVE such that at least one tool misses the CVE in some manner (if you find one). Overall, how effective are these tools at finding security defects?

5.[Conclusion] Conclude your report with an overall recommendation for your supervisor. Identify three important metrics or evaluation criteria and make your recommendation based on them.

Assessment Task 3

Individual Assignment - 40% - Hurdle

In this assignment you will develop an LLM-Driven Test Case Generation Tool.

Inspired by the limitations identified in state-of-the-art (SOTA) tools from Assignments 1 and 2, design and implement a more effective test case generation tool powered by a Large Language Model (LLM). Your goal is to address these shortcomings by designing a novel algorithm and implementing it to generate high-quality test cases.

Requirements:

1.Algorithm Design:

• Propose a new algorithm that improves upon the deficiencies identified in the SOTA tools analyzed in previous assignments.
• Clearly articulate how your algorithm leverages LLMs and overcomes the limitations observed.

2.Implementation:

• Implement the proposed algorithm to build a working test case generation tool.
• Use proper software engineering practices, including modularity, documentation, and testing.

3.Evaluation:

• Evaluate the performance of your tool using the Defects4J benchmark dataset.
• Metrics for evaluation should include precision, recall, and other relevant metrics for generated test cases, as well as defect detection effectiveness.

4.Deliverables:

• A detailed report including key recommendations from previous assessment, information explaining your algorithm, implementation, and evaluation results.
• A summary of key insights from the evaluation conducted in this assessment, part 3, and how the insights reflect the improvements over the SOTA tools and your recommendations.
• Source code for your test case generation tool, with clear instructions for replication.

HURDLE: To pass this assignment and the course, you will need to obtain at least 50% of the assignment marks.

Academic Integrity

Academic integrity is a core part of the ANU culture as a community of scholars. The University’s students are an integral part of that community. The academic integrity principle commits all students to engage in academic work in ways that are consistent with, and actively support, academic integrity, and to uphold this commitment by behaving honestly, responsibly and ethically, and with respect and fairness, in scholarly practice.

The University expects all staff and students to be familiar with the academic integrity principle, the Academic Integrity Rule 2021, the Policy: Student Academic Integrity and Procedure: Student Academic Integrity, and to uphold high standards of academic integrity to ensure the quality and value of our qualifications.

The Academic Integrity Rule 2021 is a legal document that the University uses to promote academic integrity, and manage breaches of the academic integrity principle. The Policy and Procedure support the Rule by outlining overarching principles, responsibilities and processes. The Academic Integrity Rule 2021 commences on 1 December 2021 and applies to courses commencing on or after that date, as well as to research conduct occurring on or after that date. Prior to this, the Academic Misconduct Rule 2015 applies.

 

The University commits to assisting all students to understand how to engage in academic work in ways that are consistent with, and actively support academic integrity. All coursework students must complete the online Academic Integrity Module (Epigeum), and Higher Degree Research (HDR) students are required to complete research integrity training. The Academic Integrity website provides information about services available to assist students with their assignments, examinations and other learning activities, as well as understanding and upholding academic integrity.

Online Submission

• You will be required to electronically sign a declaration as part of the submission of your assignment. Please keep a copy of the assignment for your records. Unless an exemption has been approved by the Associate Dean (Education) submission must be through Turnitin.
• You may use online resources, including the free version of ChatGPT, for every assignment as long as you cite your sources. You may NOT use repositories from previous students (some students incorrectly publicly put their answers on GitHub or the like).
• Email submissions will NOT be accepted.

Hardcopy Submission

Hardcopy submissions will NOT be accepted.

Late Submission

Late submission not permitted. If submission of assessment tasks without an extension after the due date is not permitted, a mark of 0 will be awarded.

Referencing Requirements

The Academic Skills website has information to assist you with your writing and assessments. The website includes information about Academic Integrity including referencing requirements for different disciplines. There is also information on Plagiarism and different ways to use source material. Any use of artificial intelligence must be properly referenced. Failure to properly cite use of Generative AI will be considered a breach of academic integrity.

Extensions and Penalties

Extensions and late submission of assessment pieces are covered by the Student Assessment (Coursework) Policy and Procedure. Extensions may be granted for assessment pieces that are not examinations or take-home examinations. If you need an extension, you must request an extension in writing on or before the due date. If you have documented and appropriate medical evidence that demonstrates you were not able to request an extension on or before the due date, you may be able to request it after the due date.

Privacy Notice

The ANU has made a number of third party, online, databases available for students to use. Use of each online database is conditional on student end users first agreeing to the database licensor’s terms of service and/or privacy policy. Students should read these carefully. In some cases student end users will be required to register an account with the database licensor and submit personal information, including their: first name; last name; ANU email address; and other information.
In cases where student end users are asked to submit ‘content’ to a database, such as an assignment or short answers, the database licensor may only use the student’s ‘content’ in accordance with the terms of service – including any (copyright) licence the student grants to the database licensor. Any personal information or content a student submits may be stored by the licensor, potentially offshore, and will be used to process the database service in accordance with the licensors terms of service and/or privacy policy.
If any student chooses not to agree to the database licensor’s terms of service or privacy policy, the student will not be able to access and use the database. In these circumstances students should contact their lecturer to enquire about alternative arrangements that are available.

Distribution of grades policy

Academic Quality Assurance Committee monitors the performance of students, including attrition, further study and employment rates and grade distribution, and College reports on quality assurance processes for assessment activities, including alignment with national and international disciplinary and interdisciplinary standards, as well as qualification type learning outcomes.

Since first semester 1994, ANU uses a grading scale for all courses. This grading scale is used by all academic areas of the University.

Support for students

The University offers students support through several different services. You may contact the services listed below directly or seek advice from your Course Convener, Student Administrators, or your College and Course representatives (if applicable).

• ANU Health, safety & wellbeing for medical services, counselling, mental health and spiritual support
• ANU Accessibility for students with a disability or ongoing or chronic illness
• ANU Dean of Students for confidential, impartial advice and help to resolve problems between students and the academic or administrative areas of the University
• ANU Academic Skills supports you make your own decisions about how you learn and manage your workload.
• ANU Counselling promotes, supports and enhances mental health and wellbeing within the University student community.
• ANUSA supports and represents all ANU students