Mutate values to improve code coverage #213

[Markoutte]

Description

This commit adds a mutation mechanism to the fuzzing for improving code coverage by applying random mutations for numbers and strings.

Fixes #213

Type of Change

• Breaking change (fix or feature that would cause existing functionality to not work as expected)

How Has This Been Tested?

Manual Scenario

Turn on only fuzzing mode. These examples can find (usually do for default utbot settings):

1. Should find the string that starts with prefix "bad!"

public static void test(String s) {
    if (s.charAt(0) == "b".charAt(0)) {
        if (s.charAt(1) == "a".charAt(0)) {
            if (s.charAt(2) == "d".charAt(0)) {
                if (s.charAt(3) == "!".charAt(0)) {
                    throw new IllegalArgumentException();
                }
            }
        }
    }
}

2. Should find a string that has "!" in the 5-th position, but can totally change the other part.

public static void testStrRem(String str) {
    if (!"world???".equals(str) && str.charAt(5) == '!' && str.length() == 6) {
        throw new RuntimeException();
    }
}

3. Should find the value that will return 2 for the method:

public int floatToInt(float x) {
    if (x < 0) {
        if ((int) x < 0) {
            return 1;
        }
        return 2; // smth small to int zero
    }
    return 3;
}

If results are failed try to increase test generation time.

Checklist:

• The change followed the style guidelines of the UTBot project
• Self-review of the code is passed
• The change contains enough commentaries, particularly in hard-to-understand areas
• New documentation is provided or existed one is altered
• No new warnings
• New tests have been added
• All tests pass locally with my changes

[CaelmBleidd]

Shouldn't it be a configurable constant?

[Markoutte]

It shouldn't because its a random seed for a Random. No difference to fuzzing if value is changed.

[CaelmBleidd]

Personally, I'd prefer to see coerceAtLeast function here since it shows the semantics better

[Markoutte]

For me it hides the value when variable name is long:

var onlyPositiveValue = theRandomValuedRetrievedFromFile.coearceAtLeast(0)

and

var onlyPositiveValue = maxOf(0, theRandomValuedRetrievedFromFile)

But I don't have any preferable way here.

[CaelmBleidd]

Please, specify what stuck means and how you detect it. Is it connected with (attempts + 1) % (factor / 100) == 0 below? It's not an obvious condition for me as well

[CaelmBleidd]

factor / 100 can be zero, can`t it?

[CaelmBleidd]

Isn't is just nextBoolean()?

[CaelmBleidd]

What 128 means here?

[CaelmBleidd]

could be just position >= value.length

[CaelmBleidd]

constants without names

[CaelmBleidd]

here and in other functions expression body might be used

[CaelmBleidd]

random.nextInt(1, 101) < probability used in many places. May you create a function for it?

[CaelmBleidd]

overall lgtm

[CaelmBleidd]

Should not be updated?

[CaelmBleidd]

that don't recover and too many

[CaelmBleidd]

How many values do we have here? Wouldn't it be too expensive to check the equality of the two lists? Maybe we can store some flag that a mutation has happened?

[CaelmBleidd]

mapIndexedNotNull

[CaelmBleidd]

Misspell in the file name

[CaelmBleidd]

Perhaps, is frequencies could be a big array, we can create a custom collection for such frequencies that knowns information about its elements, such as total sum, statistics and other

[CaelmBleidd]

value.random(random)?