- This event has passed.
July 1 @ 10:00 am - 11:00 am MDT
Title:Deviant: A Mutation Testing Tool for Solidity Smart Contracts
Program: Master of Science in Computer Science
Advisor: Dr. Dianxiang Xu, Computer Science
Committee Members: Dr. Gaby Dagher, Computer Science, Dr. Jyh-Haw Yeh, Computer Science
Blockchain in recent years has exploded in popularity with Ethereum being one of the leading blockchain platforms. Solidity is a widely used scripting language for creating smart contracts in Ethereum applications. Quality assurance in Solidity smart contracts is of critical importance because bugs or vulnerabilities can lead to a considerable loss of financial assets. However, it is unclear what level of quality assurance is provided by many of these applications.
Mutation testing is the process of intentionally injecting faults into a target program and then running the provided test suite against the various injected faults. Mutation testing is used to evaluate the effectiveness of a test suite, measuring the test suites capability of covering certain types of faults. This thesis presents Deviant, the first implementation of a mutation testing tool for Solidity smart contracts. Deviant implements mutation operators that cover the unique features of Solidity according to our constructed fault model, in addition to traditional mutation operators that exist for other programming languages.
Deviant has been applied to five open-source Solidity projects: MetaCoin, MultiSigWallet, Alice , aragonOS, and OpenZeppelin . Experimental results show that the provided test suites result in low mutation scores. These results indicate that the provided tests cannot ensure high-level assurance of code quality. Such evaluation results offer important guidelines for Solidity developers to implement more effective tests in order to deliver trustworthy code and reduce the risk of financial loss.