Can search-based testing with pareto optimization effectively cover failure-revealing test inputs?

554 Accesses
Explore all metrics

Abstract

Search-based software testing (SBST) is a widely-adopted technique for testing complex systems with large input spaces, such as Deep Learning-enabled (DL-enabled) systems. Many SBST techniques focus on Pareto-based optimization where multiple objectives are optimized in parallel to reveal failures. However, it is important to ensure that identified failures are spread throughout the entire failure-inducing area of a search domain, and not clustered in a sub-region. This ensures that identified failures are semantically diverse and reveal a wide range of underlying causes. In this paper, we present a theoretical argument explaining why testing based on Pareto optimization is inadequate for covering failure-inducing areas within a search domain. We support our argument with empirical results obtained by applying two widely used types of Pareto-based optimization techniques, namely NSGA-II (an evolutionary algorithm) and OMOPSO (a swarm-based algorithm), to two DL-enabled systems: an industrial Automated Valet Parking (AVP) system and a system for classifying handwritten digits. We measure the coverage of failure-revealing test inputs in the input space using a metric, that we refer to as the Coverage Inverted Distance (CID) quality indicator. Our results show that NSGA-II and OMOPSO are not more effective than a naïve random search baseline in covering test inputs that reveal failures. We show that this comparison remains valid for failure-inducing regions of various sizes of these two case studies. Further, we show that incorporating a diversity-focused fitness function as well as a repopulation operator in NSGA-II improves, on average, the coverage difference between NSGA-II and random search by 52.1%. However, even after diversification, NSGA-II still does not outperform random testing in covering test inputs that reveal failures. The replication package for this study is available in a GitHub repository (Replication package. https://github.com/ast-fortiss-tum/coverage-emse-24 2024.

An extensive evaluation of search-based software testing: a review

Article 10 November 2017

Higher Fault Detection Through Novel Density Estimators in Unit Test Generation

Optimal Test Cases Generation Using Evolutionary Soft Computing Techniques

Use our pre-submission checklist

Avoid common mistakes on your manuscript.

1 Introduction

Search-based software testing (SBST) is an effective method for testing complex systems with large input spaces (Zeller 2017). SBST employs metaheuristics, such as evolutionary algorithms (Ben Abdessalem et al. 2018; Borg et al. 2021; Humeniuk et al. 2022; Klück et al. 2019; Moghadam et al. 2021, 2023; Riccio and Tonella 2020; Sorokin and Kerscher 2024), to reveal failure-revealing test cases. It formulates testing as an optimization problem, capturing system safety requirements through multiple objectives that are often optimized using Pareto-based algorithms.

Pareto-based SBST techniques are generally assessed by their effectiveness in identifying failures, focusing on the quantity and diversity of the failures detected. However, we still do not know if Pareto-based SBST is capable of achieving adequate coverage across the space of failure-revealing test inputs. Ideally, we are interested in a testing method that can achieve high coverage over the space of failure-revealing test inputs. That is, it can identify failure-revealing test inputs distributed across the entire failure-inducing area of a search domain, rather than clustered in one specific sub-area.

The identification of such diverse failing test inputs can support the detection of underlying failure causes and conditions leading to failures (Ben Abdessalem et al. 2018; Jodat et al. 2024). Existing research on software testing views the identification of diverse failures as an important testing objective (Aghababaeyan et al. 2023; Feldt et al. 2016). For example, Aghababaeyan et al. (2023) argue that we are more likely to identify diverse failures of a system if we identify diverse test inputs.

Several Pareto-based SBST algorithms use heuristics to make the search more explorative with the original goal of escaping local optima. This approach is consistent with the broader focus within the evolutionary search community on balancing the trade-off between exploration and exploitation in search algorithms. By investigating various heuristics and hyperparameter tunings, researchers aim to adjust the behavior of algorithms across the spectrum of exploration and exploitation, which is crucial for enabling algorithms to avoid local optima (Črepinšek et al. 2013). Exploring the trade-off between exploration and exploitation has an important practical use case in software testing as well, since increasing exploration within often exploitative Pareto-based algorithms has been shown to lead to the discovery of more diverse failures. For example, Clune et al. (2005, 2008) propose making genetic operators in evolutionary algorithms more explorative by increasing mutation rates when the performance of the search shows marginal improvement. Multiple approaches combine Pareto-based optimization with novelty search (Mouret 2011; Riccio and Tonella 2020; Zohdinasab et al. 2023, 2021) and maximize the distance of candidate solutions to previously found test inputs to escape local optima in the fitness landscape. However, it has never been studied how well Pareto-based algorithms cover the failure-inducing regions within a search domain.

In this paper, we aim to study Pareto-based SBST techniques in terms of their capability to cover the failure-inducing test inputs within a search domain by addressing the following question:

We first present a theoretical argument explaining why Pareto-based SBST algorithms cannot achieve high coverage of failure-revealing tests within the search space. Our argument builds on a definition of an SBST problem characterized by the following two assumptions:

(A1):: The problem involves optimizing multiple quantitative fitness functions simultaneously using the principle of Pareto optimality.
(A2):: The test oracle function of the SBST problem specifies subsets of the objective space as the failure regions such that at least one such subset has the same dimensionality as the objective space, i.e., the dimensionality is equal to the number of fitness functions.

For example, consider a SBST problem with two real-valued fitness functions $f_1$ and $f_2$, and a test oracle function O. Suppose O indicates a test input v as a failure if the following constraint holds: $ (f_1(v) > 5) \vee (f_2(v) < 10)$. The test oracle O satisfies assumption A2 since it specifies a two-dimensional space as a failure region. Briefly, our argument indicates that any Pareto-based optimization algorithm for $f_1$ and $f_2$ ultimately identifies a Pareto front intersecting the two-dimensional failure region in only one dimension, which likely cannot ensure good coverage of the failure region defined by O. Other than the assumptions A1 and A2, our argument is not dependent on the number and definition of fitness functions, or the heuristics used to approximate the optimal solution. We note that assumption A2 is not constraining, as test oracles for many SBST formulations applied to cyber-physical systems and Deep Learning (DL) systems conform to this assumption (Ben Abdessalem et al. 2016, 2018; Borg et al. 2021; Ebadi et al. 2021; Jahangirova et al. 2021), making our argument valid for these existing SBST formulations.

In addition to the theoretical argument, we investigate our research question empirically. We consider three Pareto-based algorithms that have been previously used for software testing: 1) NSGA-II (Deb et al. 2002), which is a genetic algorithm and has been widely applied for testing complex systems (Ben Abdessalem et al. 2016; Klück et al. 2019); 2) an extension of NSGA-II that implements the concepts of novelty search combined with a diversification operator (Riccio and Tonella 2020); and 3) the swarm-based Pareto-optimization algorithm OMOPSO (Sierra and Coello Coello 2005), which is an extension of the well-known Particle Swarm Optimization algorithm for multi-objective problems. We apply these three algorithms to two case studies representing two SBST problems: an industrial ADS case study Automated Valet Parking (AVP) system (Bosch 2023) that is integrated in the Prescan simulator (Siemens 2023), and a hand-written digit-recognition Deep-Learning (DL) system (Lecun et al. 1998) that uses the MNIST dataset (LeCun and Cortes 2005) as input. We compare these three algorithms with a naïve random testing baseline, which is considered a standard baseline in the search-based software engineering community. In particular, we investigate whether the three algorithms can outperform naïve random testing in terms of covering the failure-inducing test inputs within a search domain. These algorithms or their close variants have already been compared with a random testing baseline regarding the quantity and diversity of failures, where failure diversity is measured, e.g., by calculating the average Euclidean distance between inputs (Ebadi et al. 2021) or by applying the Jaccard similarity metric (Humeniuk et al. 2023). However, there is no prior comparison with respect to the coverage of failure-inducing test inputs.

Although there are metrics for measuring diversity, none has been used to evaluate search algorithms by measuring how well they cover failure-inducing regions in the test input space. This is because measuring such coverage requires an approximation of the failure-inducing regions, which is a more difficult problem than finding individual failures. To measure the coverage of the failure-inducing areas of the input space, we propose to use a metric that we refer to as Coverage Inverted Distance (CID). We use this metric only to understand how different Pareto-based algorithms compare in terms of coverage. Otherwise, as we detail below, computing this metric may not be feasible in general. To compute CID, we create a reference set that approximates failure-inducing regions within a search domain. Given such a reference set and given a solution set computed by a testing method, CID measures how well the solution set covers the reference set by computing the average distance from each point in the reference set to the closest point in the solution set. The smaller the CID value, the better the solution set in covering the space of all failure-revealing test inputs. To build the reference set, we generate many inputs evenly across the search space (Nabhan et al. 2019) such that these input points approximate the search space as a uniform grid. Among all the generated inputs, those that fail represent the reference set approximating the failure-inducing areas of a search domain. While computing a reference set is feasible for our two case studies, it is likely infeasible for larger and more complex systems, as it requires running the system under test across numerous points in the search space. Hence, the CID metric is not a metric that we propose to be used, in general, for evaluating test generation algorithms for arbitrarily case studies.

The accuracy of the CID metric depends on how well the reference set approximates the actual failure-inducing regions. To mitigate potential threats related to the accuracy of CID in our study, we mathematically explain the relationship between CID’s accuracy and the resolution of reference sets and specify conditions under which CID’s error approaches zero. In addition, we present the useful properties of CID, highlighting its robustness to the reference set, regardless of the method used to generate points in the input space for computing the reference set. Moreover, CID is independent of the size of the test set generated by a testing approach, enabling the comparability of CID values across test sets of different sizes.

Results

For each of our two case studies, we define three alternative test oracle functions, each specifying a different failure region. These functions are defined to represent increasingly stricter failure criteria, allowing us to obtain experimental results that reflect varying difficulty levels in covering these regions in our case studies. Our results show that the three different Pareto-based testing techniques fare no better than naïve random testing in covering the input space regions that include failure-revealing test inputs:

The results show that naïve random testing covers failure-inducing regions more effectively than NSGA-II as defined by all the alternative test oracles in the MNIST case study. For the AVP case study, naïve random testing surpasses NSGA-II for one test oracle, and for the other two test oracles specifying smaller and more restricted failure regions, both methods perform equally. These results indicate that NSGA-II cannot outperform random search in terms of coverage of failure regions even when we vary the size of failure-inducing regions.
Incorporating a diversity-focused fitness function and a re-population operator in NSGA-II improves, on average, the coverage difference between NSGA-II and random search by 52.1%. However, NSGA-II, even after being extended by these diversification mechanisms, still cannot outperform random search in covering the failure-inducing regions of our two case studies and for the three different test oracle functions of these case studies.
The swarm-based search method, OMOPSO, improves the coverage of failing test inputs compared to NSGA-II but, similar to NSGA-II, OMOPSO still does not perform better than random search.

The outline of the paper is as follows: In Section 2, we present the preliminaries. In Section 3, we present related work, followed by our argument in Section 4 regarding why Pareto-based algorithms cannot achieve high coverage of failure-revealing tests. In Section 5, we introduce a coverage metric to assess the coverage of failures in the input space. In Section 6, we compare, using our novel metric, Pareto-based driven testing with random testing in terms of the coverage of failure-inducing test inputs. In Section 7, we discuss the most important threats concerning the validity of our results. In Section 8, we reflect on the lessons learned and conclude in Section 9. In the appendix we provide proofs related to our introduced metric.

2 SBST Problem Definition and Assumptions

In this section, we introduce the terminologies and formal notations used for our argumentation in Section 5. We start with the definition of a SBST problem.

Definition 1

We define a search-based software testing (SBST) problem as a tuple $P = (S, D, F, O, SO)$, where

S is the system under test.
$D \subseteq \mathbb {R}^n$ is the search domain, where n is the dimension of the search space. An element $x = (x_1, \ldots , x_n) \in D$ is called a test input.
F is the vector-valued fitness function defined as $F: D \mapsto \mathbb {R}^m$, $F(x) = (f_1(x),\ldots , f_m(x))$, where $f_i$ is a scalar fitness function (or fitness function for short) which assigns to each test input a quantitative value, and $\mathbb {R}^m$ is the objective space. A fitness function evaluates how fit a test input is. This captures the assumption A1 described in Section 1.
O is the test oracle function, $O : \mathbb {R}^m \mapsto \lbrace 0,1 \rbrace $, which evaluates whether a test passes or fails. A test that fails is called failure-revealing. We assume that 1 indicates fail and 0 indicates pass.
The set of all failure-revealing test inputs is called the domain of interest (DOI). Note that DOI is a subset of the search space (i.e., $DOI \subseteq D$). The image of the domain of interest F(DOI) is called codomain of interest (COI). Note that $COI \subseteq \mathbb {R}^m$, and for every $y \in COI$, we have O(y) = 1.
The test oracle O is defined such that COI has the same dimensionality as $\mathbb {R}^m$. This captures the assumption A2 described in Section 1.
SO is the search objective. A search objective refers to a specific goal or criterion that guides the search process in finding test inputs that satisfy certain properties of the SUT (e.g., failure of a system).

As defined above, our definition of SBST problems involves multiple fitness functions. Solving such SBST problems requires a Pareto-based optimization algorithm.

Definition 2

(Pareto-based Optimization) A Pareto-based optimization problem is defined as

$$\begin{aligned} \min _{x \in X} F(x) = (f_1(x), \ldots , f_k(x)) \end{aligned}$$

(1)

where $f_i$ is an objective function and $X \subseteq \mathbb {R}^n$ is called the feasible solution set, where n is the dimensionality of a search domain. A solution x with $F(x) = (v_1,\ldots , v_m)$ is said to dominate another solution $x'$ with $F(x') =(v_1',\ldots , v_m')$, if and only if x is in at least one fitness value better than $x'$ and not worse in the remaining fitness values, i.e., $\exists v_i. (v_i < v_i') \wedge \forall v_j.(v_j \le v_j')$. A solution x is called Pareto optimal if no solution exists that dominates x. The set of all Pareto optimal solutions is called Pareto set (PS), while the image of the Pareto set F(PS) constitutes the Pareto front (PF).

As discussed in Section 1, our argument in Section 5 builds on two assumptions, A1 and A2. Assumption A1 states that the problem involves optimizing multiple quantitative fitness functions simultaneously using the principle of Pareto optimality, and assumption A2 states that the test oracle O is defined such that COI has the same dimensionality as $\mathbb {R}^m$. Both assumptions are included in Definition 1. Both of our case studies, AVP and MNIST, satisfy assumptions A1 and A2. Below, we illustrate how our AVP case study can be captured using our definition of an SBST problem, i.e., Definition 1. Our second case study, which concerns testing a digit classification system, is described in Section 6.1.

Example

Our first case study system is an AVP system (Bosch 2023). An AVP system is a feature added to a car (ego vehicle), which parks the ego vehicle without human intervention in a predefined parking spot by following a precalculated trajectory. Our objective is to evaluate AVP system to verify if it meets the following safety requirement:

R =“When the ego vehicle’s velocity exceeds threshold $th_1$, AVP must ensure a minimum distance of $th_2$ from both static and dynamic objects, including other vehicles and pedestrians.”

The values for parameters $th_1$ and $th_2$ are determined by the system’s specific context and set by a domain expert. We execute AVP in a simulation environment, exposing the system to various situations known as scenarios (Ulbrich et al. 2015). In particular, we test AVP using a scenario where a pedestrian crosses the ego vehicle’s trajectory from the right of the ego vehicle’s lane. We parameterize this scenario so that we can generate different instances of this scenario to stress the AVP system. We define the SBST elements from Definition 1 for AVP as follows:

The search domain D of AVP is defined by three search variables: $x_1$, the velocity of the ego vehicle; $x_2$, the velocity of the pedestrian; and $x_3$, the time when the pedestrian starts moving. Each search variable $x_i$ has a designated range $D_i$. Thus, the search space is defined as follows: $D = D_1 \times D_2 \times D_3$, where $D_1 = [0.3 m/s, 3 m/s]$, $D_2 = [0.5 m/s,2 m/s]$ and $D_3 = [0s,5s]$.
We define two fitness functions: $f_1$ is the adapted distance between the ego vehicle and the pedestrian, and $f_2$ is the velocity of the ego vehicle at the time of the minimal distance between the ego vehicle and the pedestrian. An adapted distance function combines the longitudinal and latitudinal distances between the ego vehicle and a pedestrian into a single number, assigning more optimal values to test cases where the pedestrian is located in front of the car. To compute a fitness value for a test input, AVP must be run in a simulation environment. The simulator provides outputs, including the position and velocity traces of both the ego vehicle and the pedestrian, from which the fitness values are calculated.
The test oracle function is defined as $O(x) = f_1(x)< th_1 \wedge f_2(x) < th_2$ where x is a test input, and the parameters $th_1$ and $th_2$ are determined based on threshold values in the AVP safety requirement R described earlier. The test oracle function evaluates whether, or not, a test input violates the requirement R.
DOI is the set of all test inputs that lead to the violation of the safety requirement. That is, DOI is the set of all failure-revealing test inputs. COI, on the other hand, is the set of the fitness values of the test inputs in DOI. We note that, in general, we cannot compute DOI for a given search-based testing problem. As we discuss in Section 5.1, we propose a way to approximate DOI for our case studies. We refer to the approximation of DOI as a reference set.
The search objective SO is to identify as good as possible the DOI, i.e., to identify diverse test inputs leading to the violation of the safety requirement. When we use a Pareto-based optimization algorithm in Definition 2, for testing, we often define the search objective as finding optimal fitness values. However, as motivated in Section 1, our objective in this paper and for our case studies is to effectively cover DOI, i.e., the set of failure-revealing test inputs.

3 Related Work

In this section, we outline two streams of related work. In the first part, we discuss SBST approaches for generating diverse test data, highlighting both Pareto-based and non-Pareto-based methods. In the second part, we discuss metrics used to assess the diversity and coverage of SBST testing techniques.

Table 1 Classification of the related SBST approaches based on their underlying algorithm, the metric they use to measure the diversity of the generated tests, and whether or not they rely on Pareto-based optimization

Full size table

3.1 Diversified SBST Approaches

Table 1 provides an overview of SBST techniques aimed at generating diverse tests and failures. Below, we briefly discuss these approaches and contrast them with our work.

DeepJanus (Riccio and Tonella 2020) is an NSGA-II-based search approach designed to identify the boundaries of the failure-revealing regions in DL-based systems. In particular, it extends a Pareto-based genetic algorithm with concepts from novelty search (Lehman and Stanley 2011b; Mouret 2011). While Pareto-driven testing promises identifying interesting tests by optimizing a single or multiple fitness functions, novelty search requires no definition of a fitness function. In novelty search the identification of promising solutions is guided solely by the novelty a solution has. Novelty is quantified by using a distance measure applied between the candidate and solutions which have been identified in previous iterations of the algorithm (called archive). In addition, DeepJanus implements a repopulation operator, which replaces at every popoulation a portion of dominated individuals by newly generated candidates. The repopulation operator should diversify the search and support to escape local optima. In our study, in order to diversify NSGA-II, we have incorporated novelty search into the genetic algorithm of NSGA-II by using the diversity-aware fitness function of DeepJanus, which measures the Euclidean distance between a test input and the archive of previously found tests. In addition, we have used the repopulation operator from DeepJanus to increase the diversity of the solution set in our diversified NSGA-II.

Our results show that although incorporating a diversity-aware fitness function and the repopulation operator improves the average coverage difference between NSGA-II and random search, NSGA-II – even when augmented with these diversification measures – still cannot outperform random search in covering failure-revealing test inputs.

The approaches by Birchler et al. (2023); Lu et al. (2021) also apply a diversified fitness function to identify more diverse failures; however, these studies are concerned with test case prioritization and not test case generation, which is our objective.

DeepHyperion (Zohdinasab et al. 2021) is a search-based testing approach adapting illumination search (Mouret and Clune 2015) for testing deep-learning systems. Illumination search is an optimization approach that utilizes human-interpretable feature maps to identify failure-revealing test inputs. The feature space represents important and human-interpretable characteristics of test inputs. While test inputs are not directly generated in the feature space, they can be mapped to the feature space and positioned in the feature map. Based on already evaluated test inputs in the feature map, new test inputs are selected for subsequent search iterations. Since our paper focuses on studying the coverage of Pareto-based optimization algorithms and DeepHyperion is not a Pareto-based algorithm, we do not include its underlying algorithm in our study. Further, the proposed metrics by Zohdinasab et al. (2021) do not assess the coverage of failure-inducing regions. They propose two metrics: one for assessing the diversity of failures within the feature map and the other evaluates the diversity of the covered cells of the feature map. Their metrics are different from ours for two main reasons: i) First, they are defined over the feature space rather than the input space. Therefore, metrics over the feature space can not directly indicate how much of the input space is explored/covered. ii) Second, the second metric by Zhodinasab et al. does not approximate the set of actual failures as we do through our reference set. Hence, their metric cannot assess how well the identified failures represent the actual failures.

DeepAtash (Zohdinasab et al. 2023) is a Pareto-based testing approach for deep learning systems. Like DeepHyperion, DeepAtash utilizes feature maps, enabling targeted searches in specific cells within the feature map to identify diverse solutions. We do not include DeepAtash in our study because it is not designed to increase the diversity of identified failures; instead, it aims to target the identification of specific failures.

Moghadam et al. (2021) have presented multiple bio-inspired techniques for testing a DNN-based lanekeeping system. Their approaches are based on genetic algorithms GA and NSGA-II, evolution strategy and particle swarm optimization (PSO) and have been compared with the Frenetic, GABExploit and GABExplore, Swat techniques. They particularly assess the diversity of identified failures by computing the average of the maximum Levenshtein distance between road segments that trigger failures. Their results indicate that their presented approaches have comparable performance in terms of producing diverse test inputs. The study does not evaluate the coverage of the failures in the DNN’s input space, but only the diversity of the identified failures. Instead, in our work, we focus on the coverage of identified failures. Among the algorithms studied by Moghadam et al., we evaluate the performance of OMOPSO, which is an extension of the particle swarm algorithm to multi-objective optimization problems and therefore a Pareto-based algorithm.

The closest work to our work is the study from Nabhan et al. (2019). Similar to our work, they evaluate the coverage of the failure-inducing regions of the input space by approximating the failure-inducing test input space - the DOI - using grid sampling. To assess how well a solution set of an algorithm covers the failures of a systems, they calculate the portion of failure-revealing grid points that have a witness in the solution set. A grid point is said to have a witness in the solution set if the distance to the closest test input within the set does not exceed a fixed threshold. However, Nabhan et al.’s paper does not study Pareto-based testing techniques in terms of the coverage of the test input space, which is the primary focus of our work.

3.2 Diversity and Coverage Metrics for SBST

Several metrics are proposed to assess Pareto-based testing algorithms with respect to the objective space, which is the space of fitness/objective values (Li et al. 2022; Li and Yao 2019). In contrast, since in our paper we focus on the input space, we have included in Table 2 an overview of the approaches proposed to assess the capabilities of SBST techniques in terms of diversity and coverage when the focus is either on the input space or the feature space, i.e., a representation of the input data.

Below, we discuss these techniques and contrast the metric they use to measure diversity or coverage with our Coverage Inverted Distance (CID) metric.

Table 2 Classification of existing studies assessing test case diversity and coverage of SBST algorithms based on the following criteria: their underlying search algorithms, the metrics they use to measure diversity or coverage, whether the metric measures diversity, and whether the metric measures coverage

Full size table

Feldt et al. (2016) have proposed a metric to evaluate the diversity of a test suite. The metric is based on the Normalized Compression Distance (NCD), which is a distance metric based on information theory and can be applied to any type of test data. However, this metric is not meant for assessing the test input space coverage (DOI), but rather the diversity of test data. While diversity correlates with coverage, in our approach, we focus on assessing the coverage of failure-inducing regions with the goal of understanding the capabilities of Pareto-based algorithms in covering these regions.

Humeniuk et al. (2023, 2024) have evaluated the diversity of generated tests on a lane-keeping system case study using Pareto-optimization-based search (NSGA-II) compared to random search (RS). Using their metric based on Jaccard similarity, they have shown that, contrary to several prior studies, RS indeed generates more diverse tests than NSGA-II. While in our work, we study coverage instead of diversity, the findings of Humeniuk et al. are in line with our argument and our empirical results, demonstrating the weakness of Pareto-based optimization in covering failure-inducing regions of the search space.

Aghababaeyan et al. (2023) have argued that diverse test inputs most likely point to diverse faults and evaluated three different metrics in assessing the diversity of image data used for testing deep learning models. They identify the geometric diversity relation as the most expressive metric. Unlike our metric, the metrics proposed by Aghababaeyan et al. do not evaluate the coverage of failures (Aghababaeyan et al. 2023).

Biagiola et al. (2019) devised an SBST algorithm to maximize diversity in test inputs for generating test cases for testing web applications. However, the approach targets code coverage (branch/statement coverage) rather than the coverage of failures, which is why the proposed coverage evaluation technique is not applicable to our study.

Hungar (2020) have noted the importance of covering failure-revealing test input spaces for ADS. They propose a binary coverage criterion for the search space. The criterion provides an assessment as either covered or not covered, and therefore, cannot be used as a quantitative measure of DOI coverage.

Ramakrishna et al. (2022) define a diversity metric that is based on clustering of ADS testing results. This metric is defined by the number of clusters and includes a $risk\ score$ for each test input or scenario. The approach requires the number of clusters to be provided as input to the clustering technique. However, the process for determining the number of clusters is unclear, as is the potential impact of this predetermined number of clusters on the diversity assessment results. Marculescu et al. (2016) focus on the exploration of the objective space and compare exploration-based evolutionary search algorithms such as novelty search and Illumination Search (IS) with Differential Evolution (DE), an optimization algorithm. Their results show that IS and DE explore larger and different regions of the objective space (COI in our context) compared to solely optimization-based algorithms. Nevertheless, this study does not evaluate the coverage of the DOI in particular when using Pareto-based search approaches, which is the focus of our work.

Feldt and Poulding (2017) have studied the feature space (Mouret and Clune 2015) coverage when using randomized, optimization-based, and hybrid testing approaches such as Nested Monte Carlo Tree Search (Browne et al. 2012). Their findings show that randomized testing exhibits similar coverage results compared to pure optimization-driven testing. However, their notion of coverage differs from ours. Their metric is similar to that of Zohdinasab et al. (2021), which is focused on the feature space rather than the input space and does not approximate the set of actual failures as we do through our reference set.

Ebadi et al. (2021) have investigated the diversity of generated test data when testing an ADS with a genetic algorithm compared to random search. By evaluating the average Euclidean distance of identified failing tests, their findings show that genetic search outperforms randomized search in producing diverse test inputs. However, they do not assess the coverage abilities of the testing techniques compared to our study. In particular, their results deviate from the study by Humeniuk et al. (2023), which has shown that RS outperforms NSGA-II in terms of the diversity of test inputs.

Neelofar and Aleti (2024b, 2024a) have proposed a set of adequacy metrics to assess the diversity and coverage of test suites for testing DL-enabled system. The metrics project test data from a multidimensional feature space into a two-dimensional space called instance space and evaluate coverage and diversity using information-theoretic metrics. However, similar to the coverage metrics proposed by Feldt and Poulding (2017) and Zohdinasab et al. (2021), in these papers, the coverage is not assessed by contrasting the identified failures with the actual failures since these approaches do not approximate the set of actual failures as we do through our reference set. Without knowing the space of actual failures, we cannot provide any information about the coverage of the failure-inducing space. These existing coverage metrics only compare the space of identified failures with the entire feature or instant spaces. This information, while useful, does not indicate what portion of the actual failures are found by a testing algorithm. Our study, for the first time, attempts to address this question for Pareto-based optimization techniques.

4 Theoretical Argumentation

We claim that Pareto-optimal solutions computed by Pareto-based approaches do not necessarily lead to an adequate coverage of the DOI defined in Definition 1, i.e., the set of failure-revealing test inputs. Our argumentation builds on the definitions of the SBST problem (Definition 1) and Pareto-based optimization (Definition 2).

We use Figs. 1a and 1b to illustrate our argument. These figures, respectively, show the objective and search spaces for a Pareto-based optimization problem with two fitness functions, i.e., $m=2$, and two input variables, i.e., $n=2$. The grey area in Fig. 1a represents the test oracle function O which identifies the subset of the objective space encompassing failures. The portion of the grey area dominated by the true Pareto-Front (PF) and delineated with dashed lines in Fig. 1a represents the set of reachable failures which is called the codomain of interest (COI) in Definition 1. Due to assumption A2 in Definition 1, we assume that COI has the same dimensionality as the objective space. That is, the number of dimensions of both COI and the objective space is m which is two in our example. The PS line and the DOI area in Fig. 1b, respectively, show the mappings of PF and COI in the search space, i.e., input space. Assuming that there is no redundancy in search variables and fitness functions, which is achievable through global sensitivity analysis (Matinnejad et al. 2014), the DOI has the same number of dimensions as the search space. That is, the number of dimensions of both DOI and the input space is n which is two in our example. However, PF, computed within $\mathbb {R}^m$, has at most $m-1$ dimensions. Consequently, PF with at most $m-1$ dimensions cannot effectively cover a COI with m dimensions. Similarly, PS, which maps PF to DOI, has at most $n-1$ dimensions. Therefore, PS with at most $n-1$ dimensions cannot effectively cover a DOI with n dimensions.

In summary, using a Pareto-based optimization algorithm results in computing PS in the search space and PF in the objective space. However, PS cannot achieve good coverage of DOI, just as PF falls short in covering COI, as evidenced by our argument above and the illustrations in Figs. 1a and 1b. Therefore, a Pareto-based optimization algorithm is not suitable for achieving adequate DOI coverage.

5 Metric for DOI Coverage Assessment

To empirically assess the coverage of the actual failing test inputs of an SUT, we introduce the CID metric in this section. CID allows us to quantitatively evaluate the coverage of the DOI by failure-revealing test inputs. In Section 5.1, we introduce CID. In Section 5.2, we explore methods for approximating the set of failures, which serves as the reference set for CID, and discuss the accuracy and robustness of reference sets.

5.1 Metric Definition

In this section, we present Coverage Inverted Distance (CID), a metric specifically designed to assess how well the failures identified by a testing technique cover the actual set of failure-revealing test inputs for a system. That is, CID evaluates how well a given set of failures identified by a testing technique covers the DOI. Let Z be a finite set approximating the DOI for a given SBST problem, and let A be a finite set of solutions generated by a testing method for that SBST problem. In the remainder, we call Z a reference set and A a test set. Our metric CID, defined below, assesses how well the test set A approximates, i.e. covers, the reference set Z:

$$\begin{aligned} CID(A,Z) = \frac{1}{\left|Z \right|} \left( {\sum _{z \in Z} {d_z}^q} \right) ^{\nicefrac {1}{q}} \end{aligned}$$

(2)

, where $d_z = \left( \sum _{j=1}^{n} {|z_j - x_j|}^p \right) ^{\nicefrac {1}{p}}$ represents the distance imposed by the p-norm from a reference point $z = (z_1, \ldots , z_n) \in Z$, to the nearest point $x = (x_1, \ldots , x_n)$ from the test set A in the search space, while q represents the norm for computing the mean of the distance (i.e., $q=1$ for the generalized mean, or $q=2$ for the power mean). If $q=1$ is chosen, the metric results in the average distance from a reference point to the closest point in A. If at the same time $p=2$ is chosen, then the defined distance between the points is the Euclidean distance. If no specific characteristics of the system under test are known, the Euclidean distance is the most practical option (Fuangkhon 2022). The lower the CID value, the better the test set represents the reference set. The CID value reaches zero if the test set achieves a complete representation of the reference set.

In our evaluation in Section 6, we use the Euclidean distance to compute the distance between the points in the reference set (Z) and the test points in the solution set (A), i.e., $p=2$. Further, we use the general mean to compute CID values, i.e, $q=1$.

While A is computed by a given testing method, the reference set Z should be computed independently from the testing method, and should represent the DOI as accurately as possible. In our study, we approximate the reference set Z using a grid sampling approach. Specifically, we discretize the search domain by segmenting each search variable into a predetermined number of equal intervals. We test the system under test, e.g., ADS, for each point in the discretized search domain to determine whether it is passing or failing. The reference set Z is then defined as the set of failing test cases within the search space.

We discuss CID and its adequacy using illustrative examples. Figure 2 illustrates three examples, in which the DOI is represented as two separate regions, highlighted in pink, and the test set A and reference set Z are illustrated as solid red, and empty pink circles respectively. In Fig. 2(a), A includes a handful of points in each of the regions and provides low coverage of both. In Fig. 2(b), A contains several points exclusively within one region, providing a good coverage in one region, while not witnessing the other region. In Fig. 2(c), A includes multiple points well-distributed in both regions, leading to a good coverage of the entire DOI. The reference set is the same for all three examples, and is generated by performing grid sampling with a step size of 0.1 for each axis interval. For the first and second examples, CID values are equal to 0.163 and 0.237 respectively, which indicates poor coverage of DOI by the corresponding test sets. For the third example, CID is equal to 0.084, reflecting a good DOI coverage.

5.2 Reference Set Generation and Properties of CID

To apply CID, we need to generate a reference set to approximate the actual set of failures exhibited by the SUT. We can use various sampling techniques to create test inputs that are uniformly scattered across the search space in order to generate this reference set. Note that when we sample points to generate the reference set, we generate values within the search space. Sampling in this context means generating a set of points in the search space according to a sampling strategy. One such strategy is grid sampling, discussed in Section 5.1 where the selected test inputs are the nodes of a regular grid within the search space. Other alternative sampling strategies are furthest point sampling (Eldar et al. 1997) and Poisson disc sampling (Bridson 2007). FPS is a sampling strategy that iteratively generates samples in such a way that the minimal distance from already sampled points to a new sample is maximized. Poisson disc sampling allows generating points in a given space while maintaining a user-defined minimal distance between sampled points.

We call a reference set generated by a uniform sampling strategy, such as the three strategies above, a uniform reference set. Consider a DOI containing several disconnected regions. We say a uniform reference set is optimal for a DOI if all the separate regions of the DOI are covered by the reference set. We can show, that for an optimal reference set, the error of CID reduces linearly as the maximal distance between adjacent points in the reference set decreases. As we increase the number of points sampled with a uniform sampling approach, the CID’s error tends to zero. The sketched proofs of the above statements are available in the appendix. Further, the CID metric has the following two important properties:

1.
CID is not impacted by the size of the test set. This is because in the definition of CID in (2), $d_z$ is computed as the distance from each reference point to the closest test point, and averaged over the reference set. This property enables us to compare test sets with different sizes;
2.
CID values are robust when we use different reference sets as long as the reference sets are optimal and have equal sizes.

Note that generating a reference set for an SBST problem requires executing the system under test for each sampled point, which can be computationally expensive, particularly for complex systems where each execution may take some minutes. In this paper, we use CID to show the limitation of Pareto-based search-based testing for our DL-enabled case study systems with manageable search domain size and execution time.The applications of CID are further discussed in Section 8.

6 Empirical Study

While Section 4 presents an argument addressing our research question introduced in Section 1, this section aims to answer our research question through empirical evidence. We assess the effectiveness of Pareto-based testing algorithms by comparing their ability to achieve high coverage of failure-revealing tests with that of baseline random testing. To ensure the validity and diversity of our empirical results, our experiments include alternative Pareto-based testing algorithms, case study systems, and varying definitions of test oracles for these systems.

In particular, we selected three optimization testing algorithms or their variants, which are Pareto-based and have been previously applied to case studies similar to ours, as identified in our literature survey in Table 1. Specifically, we selected the genetic algorithm NSGA-II, DeepJanus, a hybrid genetic algorithm that uses concepts from Novelty Search (Mouret 2011) and evolutionary search, and OMOPSO (Sierra and Coello Coello 2005), a swarm optimization algorithm. Other algorithms have been not considered in our study as they are non Pareto-based and hence outside of our scope. We present our empirical results using the following two sub-RQs:

RQ$_1$:: : How does Pareto-driven search-based testing compare to baseline random testing in terms of covering failure-revealing tests? To answer this research question, we use our proposed CID metric to compare the test results obtained by the well-known Pareto-based algorithms NSGA-II, OMOPSO and a naïve testing algorithm random search (RS) in terms of DOI coverage. NSGA-II has been extensively used in test automation for ADS and DL-enabled systems (Ben Abdessalem et al. 2016, 2018; Klück et al. 2019; Riccio and Tonella 2020). Similarly, OMOPSO is a Pareto-based swarm optimization technique that extends the well-known Particle Swarm Optimization (PSO) algorithm to solve multi-objective optimization problems. PSO is a swarm intelligence algorithm that leverages concepts from collective social behavior to identify solutions with optimal fitness values. PSO has been widely applied in various domains, ranging from image segmentation in image processing to solving wireless communication optimization problems (Shami et al. 2022), and it has also been used for testing ADS (Moghadam et al. 2021). We apply NSGA-II, OMOPSO and random testing to two case studies: an industrial Automated Valet Parking system introduced in Section 2, and an open-source, DL-based, handwritten digits classification system that is widely-used for evaluating testing approaches in the literature (Riccio and Tonella 2020; Zohdinasab et al. 2023, 2021). We refer to the first case study as AVP, and to the second case study as MNIST since it uses digits from the MNIST dataset as test inputs. Both case studies have predefined test oracle functions for identifying failures. We extend the existing oracle functions by developing alternative definitions of test oracle functions, with some being stricter than others. Stricter functions result in smaller DOI regions. We evaluate the DOI coverage performance of NSGA-II, OMOPSO and RS for the alternative test oracle functions to determine if and how the size of failure regions affects the coverage of failure tests by NSGA-II and RS.
RQ$_2$:: :How does state-of-the-art, diversity-focused, Pareto-driven search-based testing compare with random testing in terms of covering failure-revealing tests? Several Pareto-based SBST algorithms aim to achieve diversity and coverage of different failures by incorporating a diversity fitness function. In our study, we consider a diversified search algorithm similar to the proposed technique (Riccio and Tonella 2020), which combines a genetic algorithm with concepts from novelty search. Specifically, we extend NSGA-II using a repopulation operator as well as a diversity-focused fitness function derived from DeepJanus, which aims to maximize the Euclidean distance of a test input to previously found solutions. Similar to RQ1, we use the CID metric to compare the diversity-focused NSGA-II against RS with respect to DOI coverage.

6.1 Experimental Setup

In this section, we describe our experimental setup including the details of our case study systems, the implementation of NSGA-II, diversified NSGA-II, denoted by NSGA-II-D, OMOPSO, and RS, and the metrics used in our empirical analysis. An overview of the configuration of the search algorithms is given in Table 3. We note that we selected the parameters in this table after conducting preliminary experiments aimed at identifying optimal parameters for our three studied algorithms, NSGA-II, NSGA-II-D, OMOPSO.

Table 3 Hyperparameter configuration for the search algorithms NSGA-II, NSGA-II-D and OMOPSO for the case studies AVP and MNIST

Full size table

SUT MNIST

Our first case study focuses on a classification task involving the utilization of DL models. Specifically, we evaluate a DL model designed to classify handwritten digits and trained using the widely-used MNIST dataset (LeCun and Cortes 2005). The SUT must accurately classify a digit within a 28x28 greyscale image, where the digit is depicted with white strokes on a black background. Our objective is to create new instances of MNIST digits that lead to a misclassification by the classifier (Fig. 4).

SUT AVP

The SUT of the second case study is the AVP system described in Section 2. AVP consists of a Lidar-based object detector, a static path planner for the generation of a driving path to a free parking lot, and a path follower. Further, it contains basic (longitudinal/latitudinal) vehicle dynamics.

NSGA-II and RS for MNIST

For the first case study, similar to existing work (Riccio and Tonella 2020), we represent the input images as Bézier curves in the SVG format where the curve is characterized by several start points, end points, and control points. The mutation of digits throughout the search is performed by choosing a start point, an end point or a control point of the Bézier curve and applying a small tweak. The value of the tweak is chosen randomly from a predefined range. To select the range, we performed some preliminary experiments to identify a range size such that tweaking a digit less likely leads to the generation of an invalid digit. An invalid digit is one that cannot be recognized as a digit by human (Riccio and Tonella 2023).

After mutating the Bezier curve, it is converted back to an image of size 28 $\times $ 28 and passed to the SUT for classification. For further technical details of how the transformations are enabled, we refer the reader to the paper by Riccio and Tonella (2020). To generate the initial population, we select one seed image from MNIST dataset and apply the same mutation discussed above. In addition, we ensure that the distance of the mutated digits and the original seed image is less than a threshold proposed in existing work (Riccio and Tonella 2020; Zohdinasab et al. 2021). This increases the likelihood of preserving the label of the initial seed for images in the initial population. As system under test, we consider the deep convolutional neural network provided by Keras^{Footnote 1} and used in existing studies (Riccio and Tonella, 2020; Zohdinasab et al., 2021).

We use two fitness functions to increase chances of generating images that are challenging for the digit classifier: $f_1$, adopted from previous studies (Zohdinasab et al. 2021; Riccio and Tonella 2020), represents the difference between the confidence in the expected label and the highest confidence among other labels. We want to minimize $f_1$ since a lower $f_1$ value indicates a stronger tendency to missclassify a digit. Using $f_2$, we minimize the average brightness of generated digits so that they are more difficult for the digit classifier. For example, Fig. 4 shows seed images, representing the digit 5, from the MNIST dataset on the left. On the right side, the figure displays corresponding mutations of these images with reduced average brightness, hence posing a challenge for digit classifiers. The goal of fitness $f_2$ is to increase the chances of generating images like those on the right side of Fig. 4. We calculate $f_2$ by dividing the sum of the brightness values of pixels, which have brightness values above zero, by the number of these pixels. For instance, the $f_2$ values for the digits in the first row in Fig. 4 are 0.82 and 0.77, respectively, and in the second row 0.79 and 0.66.

OMOPSO for MNIST and AVP

For the configuration of the OMOPSO algorithm, we considered guidelines from existing works that have applied OMOPSO to different case studies (Shami et al. 2022; Shi and Eberhart 1999; Coello et al. 2004; Sierra and Coello Coello 2005). In particular, for MNIST and AVP, we set the crowding distance archive size as the swarm size and used the same population size value as for the search with NSGA-II and NSGA-II-D. Another component of the OMOPSO algorithm is the inertia weight parameter, which controls how explorative or exploitative the particles are. A high inertia weight value results in a greater change in the position/test inputs of particles, potentially skipping interesting/failure-revealing regions, while a low value might hinder exploration and the detection of new failing tests. We compared the performance of the OMOPSO search using a static inertia weight with a time-dependent (dynamic) inertia weight (Shi and Eberhart 1999), where the inertia weight is reduced with increasing iteration numbers. A dynamic inertia weight yielded better coverage results in preliminary experiments, which is why we chose to proceed with this configuration. In addition, we investigated the impact on the search results when using different boundary handling techniques, i.e., absorbing and reflecting particles at the boundaries. In the first technique, particles are absorbed at the boundary, where their positions are set to the boundary value with velocity 0 whenever they reach a position outside the search space. In contrast, a reflecting boundary handling strategy reflects the particle back into the search space by inverting its velocity component whenever it reaches a position outside the search space. For our study, we selected the reflecting technique, as with the former approach, we observed that particles were stuck at the boundaries, exhibiting lower coverage scores.

Test Oracles for MNIST

We define three different test oracle functions for the MNIST case study, listed from least to most strict. These correspond to a decreasing size of the DOI region for this case study. Let x be a test input. We define three test oracle functions for the MNIST case study as follows:

$$\begin{aligned} O_{Large} (x): f_1(x)< -0.5 \\ O_{Medium} (x): f_1(x)< -0.7 \\ O_{Snall} (x): f_1(x) < -0.95 \end{aligned}$$

Specifically, according to $O_{Large}$, a test input fails when the difference between the expected label and the highest prediction certainty generated by the classifier, i.e., the value of the fitness function $f_1$, is just less than $-0.5$. Functions $O_{Medium}$ and $O_{Small}$, on the other hand, require this difference to be less than $-0.7$ and $-0.95$, respectively. Hence, $O_{Medium}$ is stricter than $O_{Large}$, and $O_{Small}$ is the strictest.

We set the search budget for both NSGA-II and RS to 1,000 evaluations, as preliminary experiments have shown that for NSGA-II, CID values stabilize already before. We use the population size of 20 and set the number of generations to 50.

NSGA-II and RS for AVP

In the second case study, we test the AVP system on a driving scenario where an occluded pedestrian is crossing the planned trajectory of the ego vehicle (Fig. 3). An occluded pedestrian refers to a pedestrian who is hidden from the ego vehicles’s view because the pedestrian is either totally or partially behind another static object. The search space and fitness functions for AVP are defined in Section 2 and has been provided by our industrial partner. To adjust the velocity of the ego vehicle we just use a scalar value ranging from 0.1 to 1 which is internally used in the SUT to calculate the vehicle’s maximal velocity for each point in time.

To generate the initial population for NSGA-II, we use Latin Hypercube Sampling (McKay et al. 1979), a quasi-random sampling strategy, to initiate the search with a diverse population. We set the mutation rate to 1/3, and the crossover rate to 0.6, following existing guidelines (Arcuri and Fraser 2011). We set the search budget for both NSGA-II and RS to 2,000 evaluations. For NSGA-II, we use the population size of 40 and set the number of generations to 50, as preliminary runs have shown, more generations do not significantly improve the coverage score evaluated with CID.

Test oracles for AVP

Similar to the MNIST case study, we define alternative test oracle functions for the AVP case study. Specifically, we use the following test oracles with increasing level of restriction:

$$\begin{aligned} O_{Large} (x): f_1(x)< -0.7 \wedge f_2(x)< -1.\\ O_{Medium} (x): f_1(x)< -0.8 \wedge f_2(x)< -2.\\ O_{Small} (x): f_1(x)< -0.9 \wedge f_2(x) < -2. \end{aligned}$$

The oracle function $O_{Medium}$ considers a test case as failing when the ego vehicle is closer to the pedestrian and has a higher speed compared to the oracle function $O_{Large}$. The test oracle $O_{Small}$ constrains the conditions for failure even more, by requiring, compared to the two other functions, the highest maximal speed of the ego vehicle at the time of the minimal distance to the pedestrian.

Diversified NSGA-II (NSGA-II-D)

To answer RQ2, first we extend NSGA-II with an additional fitness function that evaluates the Euclidean distance of a test input to individuals found in previous generations (short, called Archive). Second, we apply a repopulation operator, which replaces in each generation the most dominated individuals by randomly sampled candidates. By maximizing the value of the additional fitness function and by employing the repopulation operator, we want to make the search identify more diverse test cases and therefore achieving a better coverage of failure-revealing tests. A similar approach has been used in DeepJanus by Riccio and Tonella (2020). We do not directly apply the DeepJanus algorithm in our experiments since its main goal is to identify the borders of failure-revealing regions. However, we note that the diversity fitness function and the repopulation operator we use in our study are similar to those used by DeepJanus. To configure the hyperparameters and processing technique for individuals to be included in the archive, we performed preliminary experiments. The archive uses a threshold to determine when a test input should be included. Before a solution can be added to the archive, the distance of the candidate to the closest individual in the archive is computed. A solution is only included in the archive if the distance value is higher than the threshold, promoting the storage of diverse inputs in the archive. As suggested by Riccio and Tonella (2020), we selected the archive threshold use case specifically and compared the coverage performance when using the average versus the minimal Euclidean distance between failures, averaged over the results from all oracle definitions. Based on the results, we selected the minimal Euclidean distance between failing test inputs for both case studies, which was 0.29 for the AVP case study and 1.77 for MNIST. Regarding the processing of individuals to be included into the archive, we compared a sequential processing, where each individually is independently added into the archive, and population-based processing. In the sequential approach, adding an individual from the population to the archive can affect the distance computation for another individual in the population. In contrast, in a population-based processing first the distance is calculated for all individuals from a population to archived individuals. Based on whether the distance exceeds the threshold all allowed individuals are added together to the archive. In our preliminary experiments, sequential processing could outperform population based processing, why we selected to process sequentially individuals in our study.

Experiments

We repeat the execution of NSGA-II, OMOPSO and RS 10 times to account for their randomness. The AVP system is executed using the Prescan simulator (Siemens 2023) and configured with the default sampling rate of 100Hz. For the MNIST case study we execute NSGA-II, OMOPSO and RS with 20 different digits from the MNIST dataset depicting a 5 to ensure the generalization of our results. Before using a digit from the MNIST dataset for the study, we verify that it is correctly classified (Fig. 4).

Metrics

To compute CID, we need to develop a reference set, which approximates the actual set of failure-revealing test inputs, i.e., the DOI, for each case study. The reference set is computed independently from the solution set of a search approach (test set).

For the AVP case study, we use two methods to generate the reference set: grid sampling (GS) and furthest point sampling (FPS), as explained in Section 5.2. For GS, we consider three different resolutions, 10, 20 and 25 samples for each axis, generating in total 1,000, 8,000 and 15,625 samples. Executing 15,625 samples took about 43 hours. We did not consider resolutions higher then 25 samples per axis, since the CID value stabilizes when 25 samples are reached. For the FPS, we consider 1,000 and 8,000 samples, and did not consider 15,625 samples given the constrained time budget, because computing new samples in FPS is time intensive as the implementation of FPS is based on the generation of Voronoi cells. However, the relative comparison of different algorithms for both resolutions 1000 and 8000 remains the same. Note, that we cannot verify that our reference sets are optimal as defined in Section 5 since the sizes of some regions of the DOI may be less than the maximum distance between the adjacent points in our reference sets. However, we can show the robustness and consistency of our results by considering different sampling methods, i.e., GS and FPS, and different sampling sizes, i.e., 1,000, 8,000, and 15,625.

For the MNIST case study, we use GS with a resolution of 10 samples per search dimension. Preliminary experiments demonstrate that using higher resolutions for GS or varying sampling methods does not significantly affect CID results for MNIST.

6.2 Experimental Results

Figures 5 and 6 show the CID results obtained by applying RS, NSGA-II, and NSGA-II-D and OMOPSO to the MNIST and AVP case studies. For each system, the CID results are computed with respect to their respective test oracle definitions that correspond to different DOI sizes. The diagrams in Figs. 5 and 6 illustrate the average and standard deviations of the CID values derived from 10 runs of each algorithm after every 100 and 250 evaluations, respectively.

The CID values in the diagrams in Figs. 5 and 6 are calculated using reference sets generated by grid sampling for each case study and each test oracle definition. We use the same reference set for each combination of algorithm, case study, and test oracle definition. However, the number of failures in the reference set depends on the oracle definition.

We note that due to our interest in coverage, we choose the set A, i.e., the solution set, used to compute CID as the set of all failures found by each testing algorithm over all its iterations. Specifically, for each of the NSGA-II, NSGA-II-D, and OMOPSO algorithms, the set A is the set of all failures found over all generations and not just the failures in the last generation. Similarly, for random search, set A is the set of all failures found by the random search.

The AVP’s reference sets contain 15,625 samples, while the MNIST’s reference sets comprise 1,000 samples. In the remainder of this section, we discuss the results for RQ1 and RQ2 using the results in Figs. 5 and 6.

6.2.1 RQ1 Results

Comparing CID Results

The MNIST Case Study results in Fig. 5 show that RS consistently yields lower, i.e., better, average and lower standard deviations for CID values than NSGA-II and OMOPSO over time across all test oracles. Moreover, although CID values for NSGA-II, OMOPSO and RS decrease over time, the rate of reduction is more significant for RS compared to NSGA-II and OMOPSO.

Further, the results in Fig. 5 show that while the CID values for RS, NSGA-II and OMOPSO are similar for the $O_{Medium}$ and $O_{Large}$ test oracles, they are higher for the $O_{Small}$ test oracle. This indicates that covering the DOI regions for $O_{Small}$, the strictest test oracle definition, poses a greater challenge for both algorithms compared to $O_{Medium}$ and $O_{Large}$. Finally, for all three cases, the CID values of random research, NSGA-II and OMOPSO stabilize in less than 1000 evaluations.

Similarly, the results presented in Fig. 6 demonstrate that for AVP, the CID values achieved by RS consistently outperform those obtained by NSGA-II across all test oracles and after at least 300 evaluations. Further, the average of CID values and the variations of CID values obtained by RS decrease at a higher rate compared to those obtained by NSGA-II and OMOPSO. However, OMOPSO can outperform NSGA-II for the less constrained oracle definition $O_{Large}$ in CID values. For the $O_{Medium}$ and $O_{Small}$ oracles, there is no significant difference in CID values between OMOPSO and NSGA-II.

In each of the three diagrams, the CID values for RS, NSGA-II and OMOPSO stabilize within 2000 evaluations, suggesting that executing the algorithms longer is unlikely to change the comparison of the CID values.

In addition, two observations can be drawn from Fig. 6: (1) For both NSGA-II and random research, stricter oracle definitions, corresponding to smaller DOIs and fewer failures in a large search space, result in higher metric values, indicating that covering failures is more challenging when there are fewer failures. (2) The difference in CID values between NSGA-II and random research decreases with a stricter oracle function. This is expected; as DOIs become smaller and failures harder to detect, random research may become less effective in covering and exploring failures, behaving more similarly to NSGA-II and OMOPSO. Nevertheless, even for our strictest notion of a test oracle, NSGA-II and OMOPSO cannot outperform random research in covering DOI for both case studies.

Table 4 (Reference Set Variation) The average and standard deviations of CID values obtained from 10 runs of RS, NSGA-II, NSGA-II-D, OMOPSO for the AVP system with the $O_{Large}$, $O_{Medium}$ and $O_{Small}$ test oracles for different reference sets and sizes

Full size table

Sampling Methods and Sampling Resolutions

As mentioned in Section 6.1, the CID results shown in Figs. 5 and 6 are derived from specific reference sets generated using grid sampling and with a specific sampling resolution. One might wonder how altering the sampling method or resolution would affect the comparison of CID values between RS, NSGA-II and OMOPSO. Table 4 shows the average and standard deviation of CID values for the AVP system with the $O_{Large}$ test oracle, calculated using the three sampling methods discussed in Section 5.2, grid sampling (GS) and furthest point sampling (FPS) reference sets with 1,000 and 8,000 samples. As the table shows, even if we use reference sets obtained from different sampling methods and with different sample sizes, RS still fares considerably better than NSGA-II, NSGA-II-D and OMOPSO. This indicates the robustness of our results when we use different sampling techniques and different number of samples to generate the reference sets to compute CID values. Note that the results in Table 4 for 1,000 and 8,000 samples for both GS and FPS for $O_{Large}$ are close, indicating that the reference set of size 1,000 already provides a good approximation of the DOI.

For AVP the underlying number of failures in the reference sets for Grid Sampling with the highest resolution of in total 15,625 samples across all oracle definitions is presented in Section 8 in Table 7.

Statistical Tests

We use the non-parametric pairwise Wilcoxon rank sum test and the Vargha-Delaney’s $\hat{A}_{12}$ effect size to compare the CID results in Figs. 5 and 6 between random search and the Pareto-based approaches. The level of significance has been set to 0.05. The results are presented in the first two rows of Table 5. We adopt the following standard classification for effect size values: an effect size e is small, when $0.56 \le e < 0.64$ or $0.36 < e \le 0.44$, is medium when $0.64 \le e < 0.71$ or $0.29 < e \le 0.36$ and large when $ e >=0.71$ or $e <=0.29$. Otherwise the effect size is negligible.

The statistical test results show that for MNIST and AVP with $O_{Large}$ and $O_{Medium}$ test oracles, RS yields CID values that are significantly better than those generated by NSGA-II and OMOPSO with large effect sizes. However, for the $O_{Small}$ test oracle of AVP, the difference between RS and NSGA-II is not statistically significant. This is consistent with the results in Fig. 6 for the AVP with the $O_{Small}$ and the $O_{Medium}$ test oracles.

Table 5 Statistical-test results for comparison between RS and Pareto-based approaches (Wilcoxon and Vargha-Delaney)

Full size table

Table 6 Statistical-test results for Pareto-based approaches (Wilcoxon and Vargha-Delaney)

Full size table

For the less constrained test oracles, $O_{Large}$ and $O_{Medium}$, RS significantly outperforms NSGA-II and OMOPSO in covering the failure-revealing tests, while for the more constrained $O_{Small}$ test oracle the difference between the algorithms NSGA-II, OMOPSO and RS diminishes and neither covers the DOI better than the other.

For completeness, we have provided in Table 6 also the statistical-test results for the comparison of CID results between NSGA-II and OMOPSO in the second row. We can see that for the AVP case study only for oracle $O_{Large}$ the difference between NSGA-II and OMOPSO is statistically significant with a large effect size what is consistent with the result in Fig. 6. For MNIST however, there is not statistical significance what is in line with the results in Fig. 5.

6.2.2 RQ2 Results

The results in Figs. 5 and 6 show that the CID values obtained by NSGA-II-D are always better than those obtained by NSGA-II over time for both case studies and all test oracle definitions. However, compared to RS, NSGA-II-D achieves consistently worse CID values for all test oracle definitions of the MNIST case study and the $O_{Large}$ test oracle of the AVP case study. For the $O_{Medium}$ and $O_{Small}$ test oracles of the AVP case study, RS outperforms NSGA-II-D after 500 and 1500 evaluations respectively.

Statistical Tests

The statistical-test results in Table 5 show that RS yields CID values that are significantly better than those generated by NSGA-II-D with large effect sizes for all test oracle definitions of MNIST and the $O_{Large}$ test oracle of AVP. Similar to the comparison between RS and NSGA-II, the difference between RS and NSGA-II-D for the $O_{Small}$ test oracle of AVP is not statistically significant. For $O_{Small}$ , RS does not outperform NSGA-II-D, nor does NSGA-II-D outperform RS. This indicates that even when NSGA-II is enhanced with a diversity-focused fitness function, it still does not outperform RS in terms of failure coverage.

The statistical test results comparing NSGA-II-D with the Pareto algorithms NSGA-II and OMOPSO indicate a statistically significant difference between OMOPSO and NSGA-II-D for the MNIST case study across all oracles. For the AVP case study, this difference is significant only for the $O_{Large}$ oracle. The difference between NSGA-II-D and NSGA-II is statistically significant for the AVP case study only for the $O_{Large}$ oracle, and for the MNIST case study for all oracles. These findings are consistent with the results presented in Figs. 6 and 5.

7 Threats to Validity

The most important threats concerning the validity of our experiments are related to the internal, external and construct validity.

To mitigate internal validity risks, which refer to confounding factors, we used identical search spaces and search configurations for all the algorithms – RS, NSGA-II, NSGA-II-D and OMOPSO – in each of our case studies: AVP and MNIST. For MNIST, the objective is to create test inputs that challenge classifiers while remaining valid and preserving the digit’s original label. “Valid" implies that the digits are still recognizable by humans, and “label preserving" ensures that the image’s label remains unchanged after mutation; for instance, a mutated “5" should not transform into a “6". To address this, we have taken the following actions: (1) We ensure the validity and label-preservation of individuals in the initial population for our search algorithms by enforcing a distance threshold, as suggested by the previous studies (Riccio and Tonella 2020), on the distances between the individuals and initial seed. (2) We select images from the MNIST dataset as seeds only if they can be correctly classified by the classifier under test. (3) We use a small displacement interval in the mutation operator to reduce the chances of altering the label or shape of digit images through perturbations. (4) Finally, we identify out-of-bound displacements in images during mutation and adjust the mutated images by reversing the displacement, bringing it back within the image boundary.

To mitigate the bias associated with choosing suboptimal hyperparameters for experiments using OMOPSO and NSGA-II-D, we conducted preliminary experiments to identify optimal parameter configuration, as outlined in Section 6.1.

Construct validity threats relate to the inappropriate use of metrics. To compare the coverage of the failure-revealing domain of test inputs for the studied search approaches, we have applied the CID metric introduced in Section 5.1. To the best of our knowledge, there have been no other metrics in the literature that serve our purpose. We have outlined in Section 3 related metrics and have positioned our metric.

External validity is related to the generalizability of our results. We used two case studies from different domains: the AVP case study is an industrial ADAS, and the MNIST case study is a widely-used open-source system for classifying handwritten digits. The specification of AVP and the definition of its search space are provided by our industrial partner. Furthermore, we have used a widely-used, stable and high-fidelity simulator Prescan to simulate the ADAS. We apply search-based testing to the MNIST case study in a manner consistent with prior studies using the same case study (Zohdinasab et al. 2021; Riccio and Tonella 2020). Regarding the choice of the Pareto-based algorithms, in our experiments, we considered two widely-used and different types of Pareto-based techniques, NSGA-II and OMOPSO. The diversity fitness function and the repopulation operator, both employed to improve NSGA-II, are adopted from recent research aimed at introducing diversity into NSGA-II (Riccio and Tonella 2020).

Further, we provide an argument in Section 4 based on the definition of Pareto-based optimization and which is independent of the system under test, regarding why Pareto-based search techniques are not suitable for the coverage of failure-revealing test inputs. The argument holds under the assumptions defined in Section 2.

Replicability To foster replicability, the implementation of the CID metric, as well as results of the evaluation and conducted experimental runs with RS, OMOPSO, NSGA-II and diversified search with NSGA-II are available online (rep 2024). The implementation of the AVP case study could not have been disclosed as it was developed by our industrial partner. The search approach and the analysis of the results have been implemented using the modular and open-source search-based testing framework OpenSBT (Sorokin et al. 2024).

8 Discussion

In this section, we offer further observations and discuss the applications and limitations of our proposed metric, CID. In addition, we compare NSGA-II, NSGA-II-D, OMOPSO and RS in terms of their effectiveness and efficiency in finding failure instances. This comparison aims to better position our study within the context of prior research and complements the study presented in Section 6, which is primarily focused on comparing these algorithms with respect to the coverage of failure-inducing regions, as opposed to their ability to identify individual failures.

Observation

Why do the Pareto-based approaches NSGA-II, NSGA-II-D and OMOPSO yield worse CID values with considerably larger variations compared to RS? To understand why NSGA-II, NSGA-II-D and OMOPSO yield worse CID values with considerably larger variations compared to RS, we plot the failure-revealing solutions obtained by NSGA-II, NSGA-II-D, OMOPSO and RS, along with the reference sets computed for RQ1 to calculate CID values. Recall that reference sets approximate the complete set of failure-revealing test inputs within the search space. Specifically, Fig. 7a shows the reference set for AVP with the test oracle $O_{Large}$ computed based on grid sampling with 15,625 samples as part of our RQ1 experiments, and Figs. 7b to 7e, respectively, show the failing test inputs computed by one run of NSGA-II, RS, OMOPSO and NSGA-II-D for AVP with the $O_{Large}$ test oracle. The Figures contain all failures that have been identified over all evaluations of the run of their respective algorithm.

By comparing the failure-revealing test inputs in Figs. 7b and 7c with those from the reference set shown in Fig. 7a, which locates 558 failures, one can see that although RS finds far fewer failure-revealing solutions than NSGA-II, 89 versus 429, RS covers the DOI in Plot (a) more effectively.

The failure-revealing tests identified by RS are more spread out and diverse, while those found by NSGA-II are grouped close together. Similarly, when comparing the failures found by NSGA-II and NSGA-II-D in Fig. 7e, one can see that while the failures found by NSGA-II-D are more scattered compared to NSGA-II, they are still clustered together and are not as spread as the solutions found by random research.

OMOPSO identifies only 57 failing tests, but the failures as shown in Fig. 7d are more spread out compared to NSGA-II and NSGA-II-D. However, we can see that larger regions of the test input space are left uncovered compared to random research. Similarly, we plot in Fig. 8a the reference set for the AVP case study with the $O_{Small}$ test oracle computed using the same sampling method and resolution as the one in Fig. 7a. As shown in this figure, only 62 failing tests are identified in the reference set for $O_{Small}$, which is significantly less then the number of failures in the reference set for the $O_{Large}$ oracle. Further, the failure-revealing solutions obtained by one run of NSGA-II and RS are shown in Figs. 8b and 8c, respectively.

RS identifies 10 failures, NSGA-II identifies 111 failures, NSGA-II-D identifies 69 failing tests, while OMOPSO finds 5 failures. The failing test inputs found in one run of OMOPSO and NSGA-II-D are shown in Figs. 8d and 8e. The figures illustrate that NSGA-II and NSGA-II-D solutions are clustered closely, in contrast to the solutions obtained by random research, which are more dispersed and offer better coverage of the DOI approximation in Plot (a).

Table 7 Number of failures identified in the reference sets for the MNIST and AVP case studies across different test oracle definitions

Full size table

We have also provided in Table 7 the number of failing tests in the reference set for $O_{Medium}$ for AVP, as well as the reference set sizes for MNIST. It can be observed that the number of failures identified for the most constrained oracle definition is relatively small compared to the total number of samples (below 1% for AVP and below 20% for MNIST), indicating that the testing problems are not trivial.

Clarification Regarding the Applicability of CID

The CID metric is not intended as a universal test coverage adequacy criterion applicable to various systems in practice. Instead, our metric acts as a quality indicator, assisting in the empirical assessment of testing approaches when an approximated reference set for the system under test is computable. Our proposed metric, CID, is explicitly designed to evaluate testing approaches during the development of an algorithm and is not meant for evaluating solutions in the application phase of the algorithm.

Further, the validity of CID values is tied to the accuracy of the reference set approximating the DOI. Demonstrating the robustness of reference sets may become challenging for large, multi-dimensional search spaces (e.g., more than three dimensions), where one system execution may take minutes to hours. To mitigate this, we can use surrogate models (Ben Abdessalem et al. 2016; Matinnejad et al. 2014; Nejati et al. 2023; Matinnejad et al. 2013) as approximations of the SUT, avoiding costly executions. Alternatively, we can evaluate a candidate search algorithm using CID, calculated for mathematical test problems in SBST benchmarks (Surjanovic and Bingham 2023). Although these mathematical problems may not represent real-world ADS, they allow us to assess and potentially refute an ineffective candidate search algorithm. By augmenting these mathematical problems with a failure concept, i.e., a test oracle function, we can test the capabilities of a candidate search algorithm with respect to DOI coverage.

Lesson Learned

Pareto-based approaches perform better than naïve random testing in efficiently identifying single failures, yet they do not surpass random search in covering the areas of the search space that reveal failures. The results from RQ1 and RQ2 show that NSGA-II and OMOPSO cannot outperform randomized testing in terms of the DOI coverage. However, based on the results we obtained, we can confirm that NSGA-II and OMOPSO are on average better than random research if the purpose is to find individual failures fast.

In particular, Table 8 shows the results of NSGA-II and random research compared with respect to the first iteration where they can find a failing test input for the AVP case study. As shown in the table, on average, NSGA-II is able to find the first failure in less than 5 iterations for all test oracles, while random research needs on average five or more iterations to find the first failure. The first iteration in which a search algorithm identifies a failure has been commonly used in literature to evaluate the efficiency of testing algorithms (Klück et al. 2019). Our results confirm the superiority of NSGA-II over random research when we consider the efficiency of finding failures. We note that this result does not contradict our results regarding the weakness of NSGA-II in covering failures, as covering the space of failure-inducing regions is a different objective from identifying several failure instances.

In addition, the results in Table 8 show that the AVP case study is a sufficiently difficult case study for meta-heuristic search algorithms, as NSGA-II already finds more failures than RS and does so faster. Demonstrating that NSGA-II outperforms RS in its optimization goal, which is finding failures in this case, is considered a sanity check comparison, indicating that the underlying case study system presents a sufficiently difficult problem warranting the use of a meta-heuristic algorithm.

Table 8 AVP Case study

Full size table

Root Cause Analysis

The motivation for our study is that the identification of diverse failing test inputs can support the localization of the root cause behind the identified failures. However, it is out of the scope of our study to analyze the underlying root causes of these failures. As demonstrated by the works from Jodat et al. (2024) and Ben Abdessalem et al. (2018) decision trees or decision rules can be used to derive failure explanations from a set of failure-revealing test inputs. For example, the work by Abdessalam et al. shows that failure-inducing test inputs can indicate that the reason for failure is due to environmental factors, such as high road curvature or hardware limitations, meaning an additional camera or one with a greater field of view might be required to capture vulnerable road users in sharp curves. Regardless, identifying failures is a prerequisite for fault localization and repair. Therefore, before proceeding with the fault localization and repair steps, we need testing techniques that can effectively identify as many diverse test inputs as possible, located in different areas of the search space that lead to failures.

Feasibility and Accuracy of Reference Sets

Regarding the computation of reference sets, we note that the higher the sampling rate, the higher the accuracy of the reference sets, but the more expensive it is to create those sets. We use three considerations to achieve a balance between the accuracy and feasibility of the reference sets’ computations: (i) converging CID values, (ii) total time budget for reference set computation, and (iii) the sensitivity of the SUT’s behavior to the sampling resolutions.

i)
We consider different sampling rates to see whether CID values stabilize and converge. Once we observe that the CID values stabilize at a specific sampling rate, we do not need to consider higher sampling rates since they are unlikely to significantly change the CID values. For instance, as shown in Table 4, the CID values stabilize for all oracle definitions at a sampling rate of 25.
ii)
We ensure that we have sufficient time to generate the reference sets. For instance, a sampling rate of 25 leads to the generation of 15,625 samples in the reference set of AVP with a three-dimensional test input space, which takes 86.8 hours. The number of samples increases exponentially with the number of input space dimensions. Hence, we consider capping the sampling rate based on our available time budget.
iii)
We consider the sensitivity of the system’s behavior to the selected sampling resolution. For instance, for the pedestrian velocity, which is one of AVP’s input variables, a change of less than 0.075 m/s is unlikely to impact the system’s behavior. Our sampling rate of 25 already samples this variable at a finer-grained resolution than 0.075 m/s. Therefore, we consider this sampling rate sufficient for computing stable CID values, making a higher resolution unnecessary.

9 Conclusion and Future Work

In this paper, we studied the ability of Pareto-based Search-Based Software Testing (SBST) to cover failure-revealing test inputs. Based on a theoretical argumentation and an empirical evaluation we have shown that Pareto-driven testing cannot achieve a high coverage of failures.

We introduced a new metric, CID, to quantitatively evaluate the coverage of failure-inducing areas in a search domain and discussed its properties. In our empirical analysis using two case studies – an industrial automated valet parking system and a handwritten digit classification system – we demonstrate that the Pareto-based testing techniques NSGA-II and OMOPSO are less effective than random search in covering failure-revealing tests in 11 out of 12 alternative failure definitions across both studies, and in one case, all methods exhibited similar performance.

In addition, we demonstrated that augmenting NSGA-II with a diversified fitness function and a repopulation operator, adapted from a state-of-the-art testing approach does improve its performance in covering failure-revealing tests in four out of six alternative failure oracle definitions. However, in all comparisons, it does not perform better than random testing in terms of failure coverage.

Our investigation highlights the limitations of Pareto-driven testing in covering failure-revealing tests, emphasizing the need for practitioners using SBST with Pareto-based testing approaches to be aware of these constraints. Our observation could further confirm that Pareto-based testing is good in identifying failures fast, while for the coverage of failures, other innovative search strategies are necessary. Our future work is to combine randomized testing with machine learning models to improve the failure space coverage. The application of the CID metric also confirms the importance of surrogate models and benchmarking systems to evaluate SBST algorithms, thereby avoiding expensive system executions.

Data availability

Our online material (rep 2024) includes the implementation of our case studies, scripts and description for performing a coverage analysis on the MNIST case study, and experimental results, diagrams and statistical test results for the experiments on both case studies. Material for replicating the results for the AVP case study could not have been disclosed, as the system under test of this study is a proprietary system of the industrial partner.

Notes

https://keras.io/

References

(2024) Replication package. https://github.com/ast-fortiss-tum/coverage-emse-24
Aghababaeyan Z, Abdellatif M, Briand L, S R, Bagherzadeh M (2023) Black-box testing of deep neural networks through test case diversity. IEEE Trans Softw pp 3182–3204, https://doi.org/10.1109/TSE.2023.3243522
Arcuri A, Fraser G (2011) On parameter tuning in search based software engineering. SSBSE, p 33–47
Ben Abdessalem R, Nejati S, Briand LC, Stifter T (2016) Testing advanced driver assistance systems using multi-objective search and neural networks. ASE, p 63–74, https://doi.org/10.1145/2970276.2970311
Ben Abdessalem R, Nejati S, C Briand L, Stifter T (2018) Testing vision-based control systems using learnable evolutionary algorithms. In: ICSE, pp 1016–1026, https://doi.org/10.1145/3180155.3180160
Biagiola M, Stocco A, Ricca F, Tonella P (2019) Diversity-based web test generation. ESEC/FSE, p 142–153
Birchler C, Khatiri S, Derakhshanfar P, Panichella S, Panichella A (2023) Single and multi-objective test cases prioritization for self-driving cars in virtual environments. ACM Trans Softw Eng Methodol 32(2):1–30. https://doi.org/10.1145/3533818
Article Google Scholar
Borg M, Abdessalem RB, Nejati S, Jegeden F, Shin D (2021) Digital twins are not monozygotic - cross-replicating ADAS testing in two industry-grade automotive simulators. In: 14th IEEE Conference on Software Testing, Verification and Validation (ICST), pp 383–393
Bosch (2023) Automated valet parking. https://www.bosch-mobility.com/en/solutions/parking/automated-valet-parking/
Bridson R (2007) Fast poisson disk sampling in arbitrary dimensions. SIGGRAPH ’07, p 22–es, https://doi.org/10.1145/1278780.1278807
Browne C, Powley EJ, Whitehouse D, Lucas SMM, Cowling PI, Rohlfshagen P, Tavener S, Liebana DP, Samothrakis S, Colton S (2012) A survey of monte carlo tree search methods. IEEE Transactions on Computational Intelligence and AI in Games 4:1–43, https://api.semanticscholar.org/CorpusID:9316331
Clune J, Misevic D, Ofria C, Lenski RE, Elena SF, Sanjuán R (2008) Natural selection fails to optimize mutation rates for long-term adaptation on rugged fitness landscapes. PLoS Comput Biol 9:1–8. https://doi.org/10.1371/journal.pcbi.1000187
Article MathSciNet Google Scholar
Clune J, Goings S, Punch B, Goodman E (2005) Investigations in meta-gas: panaceas or pipe dreams? In: Proceedings of the 7th annual workshop on genetic and evolutionary computation, Association for Computing Machinery, New York, NY, USA, GECCO ’05, p 235–241, https://doi.org/10.1145/1102256.1102311
Coello CAC, Pulido GT, Lechuga MS (2004) Handling multiple objectives with particle swarm optimization. IEEE Transactions on Evolutionary Computation 8:256–279. https://api.semanticscholar.org/CorpusID:10783227
Črepinšek M, Liu SH, Mernik M (2013) Exploration and exploitation in evolutionary algorithms: a survey. ACM Comput Surv 45(3):1–33. https://doi.org/10.1145/2480741.2480752
Article MATH Google Scholar
Deb K, Pratap A, Agarwal S, Meyarivan T (2002) A fast and elitist multiobjective genetic algorithm: Nsga-ii. IEEE Trans Evol Comput 6(2):182–197. https://doi.org/10.1109/4235.996017
Article MATH Google Scholar
Devroye L, Györfi L, Lugosi G, Walk H (2015) On the measure of voronoi cells. J Appl Probab 54:394–408. https://doi.org/10.1017/jpr.2017.7
Article MathSciNet MATH Google Scholar
Ebadi H, Moghadam M, Borg M, Gay G, Fontes A, Socha K (2021) Efficient and effective generation of test cases for pedestrian detection - search-based software testing of baidu apollo in svl. In: 2021 IEEE International conference on artificial intelligence testing (AITest), IEEE Computer Society, Los Alamitos, CA, USA, pp 103–110, https://doi.org/10.1109/AITEST52744.2021.00030
Eldar Y, Lindenbaum M, Porat M, Zeevi Y (1997) The farthest point strategy for progressive image sampling. IEEE Trans Image Process 6:1305–15. https://doi.org/10.1109/83.623193
Article MATH Google Scholar
Feldt R, Poulding S (2017) Searching for test data with feature diversity. arXiv:1709.06017
Feldt R, Poulding S, Clark D, Yoo S (2016) Test set diameter: quantifying the diversity of sets of test cases. In: ICST, pp 223–233, https://doi.org/10.1109/ICST.2016.33
Fuangkhon P (2022) Effect of the distance functions on the distance-based instance selection for the feed-forward neural network. Evol Intel 15(3):1991–2015. https://doi.org/10.1007/s12065-021-00607-9
Article MATH Google Scholar
Gilbert EN (1962) Random subdivisions of space into crystals. Ann Math Stat 33(3):958–972. https://doi.org/10.1214/aoms/1177704464
Article MathSciNet MATH Google Scholar
Humeniuk D, Khomh F, Antoniol G (2022) A search-based framework for automatic generation of testing environments for cyber–physical systems. Inf Softw Technol 149:106936. https://doi.org/10.1016/j.infsof.2022.106936, https://www.sciencedirect.com/science/article/pii/S0950584922000866
Humeniuk D, Khomh F, Antoniol G (2023) Ambiegen: a search-based framework for autonomous systems testingimage 1. Sci Comput Program 230:102990. https://doi.org/10.1016/j.scico.2023.102990, https://www.sciencedirect.com/science/article/pii/S0167642323000722
Humeniuk D, Khomh F, Antoniol G (2024) Reinforcement learning informed evolutionary search for autonomous systems testing. ACM Trans Softw Eng Methodol. https://doi.org/10.1145/3680468
Article MATH Google Scholar
Hungar H (2020) A concept of scenario space exploration with criticality coverage guarantees - extended abstract. ISOLA, pp 293–306, https://elib.dlr.de/137353/
Jahangirova G, Stocco A, Tonella P (2021) Quality metrics and oracles for autonomous vehicles testing. In: 2021 14th IEEE Conference on Software Testing, verification and validation (ICST), pp 194–204, https://doi.org/10.1109/ICST49551.2021.00030
Jodat BA, Chandar A, Nejati S, Sabetzadeh M (2024) Test generation strategies for building failure models and explaining spurious failures. ACM Trans Softw Eng Methodol 33(4), https://doi.org/10.1145/3638246
Klück F, Zimmermann M, Wotawa F, Nica M (2019) Genetic algorithm-based test parameter optimization for adas system testing. In: 2019 IEEE 19th International conference on software Quality, Reliability and Security (QRS), pp 418–425, https://doi.org/10.1109/QRS.2019.00058
Lecun Y, Bottou L, Bengio Y, Haffner P (1998) Gradient-based learning applied to document recognition. Proc IEEE 86(11):2278–2324. https://doi.org/10.1109/5.726791
LeCun Y, Cortes C (2005) The mnist database of handwritten digits. https://api.semanticscholar.org/CorpusID:60282629
Lehman J, Stanley KO (2011a) Abandoning objectives: evolution through the search for novelty alone. Evol Comput 19(2):189–223, https://doi.org/10.1162/EVCO_a_00025
Lehman J, Stanley KO (2011b) Evolving a diversity of virtual creatures through novelty search and local competition. In: Proceedings of the 13th annual conference on genetic and evolutionary computation, Association for Computing Machinery, New York, NY, USA, GECCO ’11, p 211–218. https://doi.org/10.1145/2001576.2001606
Li M, Yao X (2019) Quality evaluation of solution sets in multiobjective optimisation: A survey. ACM Comput Surv 52(2):1–38. https://doi.org/10.1145/3300148
Article MATH Google Scholar
Li M, Chen T, Yao X (2022) How to evaluate solutions in pareto-based search-based software engineering: a critical review and methodological guidance. IEEE Trans Software Eng 48(5):1771–1799. https://doi.org/10.1109/TSE.2020.3036108
Article MATH Google Scholar
Lu C, Zhang H, Yue T, Ali S (2021) Search-based selection and prioritization of test scenarios for autonomous driving systems. In: O’Reilly UM, Devroey X (eds) Search-based software engineering. Springer International Publishing, Cham, pp 41–55
Chapter MATH Google Scholar
Marculescu B, Feldt R, Torkar R (2016) Using exploration focused techniques to augment search-based software testing: an experimental evaluation. ICST, pp 69–79, https://doi.org/10.1109/ICST.2016.26
Matinnejad R, Nejati S, Briand LC, Bruckmann T (2014) MiL testing of highly configurable continuous controllers: scalable search using surrogate models. In: ASE 2014, ACM, pp 163–174
Matinnejad R, Nejati S, Briand LC, Bruckmann T, Poull C (2013) Automated model-in-the-loop testing of continuous controllers using search. In: Ruhe G, Zhang Y (eds) Search Based Software Engineering - 5th International Symposium, SSBSE 2013, St. Petersburg, Russia, August 24-26, 2013. Proceedings, Springer, Lecture Notes in Computer Science, vol 8084, pp 141–157
McKay MD, Beckman RJ, Conover WJ (1979) A comparison of three methods for selecting values of input variables in the analysis of output from a computer code. Technometrics 21(2):239–245, http://www.jstor.org/stable/1268522
Moghadam MH, Borg M, Mousavirad SJ (2021) Deeper at the sbst 2021 tool competition: Adas testing using multi-objective search. In: SBST, pp 40–41, https://doi.org/10.1109/SBST52555.2021.00018
Moghadam MH, Borg M, Saadatmand M, Mousavirad SJ, Bohlin M, Lisper B (2023) Machine learning testing in an adas case study using simulation-integrated bio-inspired sbt. J Softw: Evol Process p e2591
Mouret JB (2011) Novelty-based multiobjectivization. In: Doncieux S, Bredèche N, Mouret JB (eds) New horizons in evolutionary robotics. Springer, Berlin Heidelberg, Berlin, Heidelberg, pp 139–154
Chapter MATH Google Scholar
Mouret J, Clune J (2015) Illuminating search spaces by mapping elites. CoRR abs/1504.04909,
Nabhan M, Schoenauer M, Tourbier Y, Hage H (2019) Optimizing coverage of simulated driving scenarios for the autonomous vehicle. ICCVE, pp 1–5, https://doi.org/10.1109/ICCVE45908.2019.8965211
Neelofar N, Aleti A (2024a) Identifying and explaining safety-critical scenarios for autonomous vehicles via key features. ACM Trans Softw Eng Methodol 33(4):1–32, https://doi.org/10.1145/3640335
Neelofar N, Aleti A (2024b) Towards reliable ai: adequacy metrics for ensuring the quality of system-level testing of autonomous vehicles. In: Proceedings of the IEEE/ACM 46th international conference on software engineering, Association for Computing Machinery, New York, NY, USA, ICSE ’24, pp 1–12, https://doi.org/10.1145/3597503.3623314
Nejati S, Sorokin L, Safin D, Formica F, Mahboob MM, Menghi C (2023) Reflections on surrogate-assisted search-based testing: a taxonomy and two replication studies based on industrial adas and simulink models. Inf Softw Technol 163:107286
Ramakrishna S, Luo B, Barve Y, Karsai G, Dubey A (2022) Risk-aware scene sampling for dynamic assurance of autonomous systems. ICAA pp 107–116, https://doi.org/10.1109/ICAA52185.2022.00022
Riccio V, Tonella P (2020) Model-based exploration of the frontier of behaviours for deep learning system testing. In: Proceedings of the 28th ACM Joint meeting on European software engineering conference and symposium on the foundations of software engineering, Association for Computing Machinery, New York, NY, USA, ESEC/FSE 2020, p 876–888, https://doi.org/10.1145/3368089.3409730
Riccio V, Tonella P (2023) When and why test generators for deep learning produce invalid inputs: an empirical study. In: Proceedings of the 45th International Conference on Software Engineering, IEEE Press, ICSE ’23, p 1161–1173, https://doi.org/10.1109/ICSE48619.2023.00104
Shami TM, El-Saleh AA, Alswaitti M, Al-Tashi Q, Summakieh MA, Mirjalili S (2022) Particle swarm optimization: a comprehensive survey. IEEE Access 10:10031–10061. https://doi.org/10.1109/ACCESS.2022.3142859
Article Google Scholar
Shi Y, Eberhart R (1999) Empirical study of particle swarm optimization. In: Proceedings of the 1999 congress on evolutionary computation-CEC99 (Cat. No. 99TH8406), vol 3, pp 1945–1950 vol. 3, https://doi.org/10.1109/CEC.1999.785511
Siemens (2023) Simcenter prescan. https://plm.sw.siemens.com/de-DE/simcenter/autonomous-vehicle-solutions/prescan/
Sierra MR, Coello Coello CA (2005) Improving pso-based multi-objective optimization using crowding, mutation and e-dominance. In: Coello Coello CA, Hernández Aguirre A, Zitzler E (eds) Evolutionary multi-criterion optimization. Springer, Berlin Heidelberg, Berlin, Heidelberg, pp 505–519
Chapter MATH Google Scholar
Sorokin L, Kerscher N (2024) Guiding the search towards failure-inducing test inputs using support vector machines. In: Proceedings of the 5th IEEE/ACM international workshop on deep learning for testing and testing for deep learning, Association for Computing Machinery, New York, NY, USA, DeepTest ’24, p 9–12, https://doi.org/10.1145/3643786.3648023
Sorokin L, Munaro T, Safin D, Liao BHC, Molin A (2024) OpenSBT: a modular framework for search-based testing of automated driving systems. In: Proceedings of the 2024 IEEE/ACM 46th international conference on software engineering: companion proceedings, Association for Computing Machinery, New York, NY, USA, ICSE-Companion ’24, p 94–98, https://doi.org/10.1145/3639478.3640027
Surjanovic S, Bingham D (2023) Virtual library of simulation experiments: test functions and datasets. Retrieved August 4, 2023, from http://www.sfu.ca/~ssurjano
Ulbrich S, Menzel T, Reschka A, Schuldt F, Maurer M (2015) Defining and substantiating the terms scene, situation, and scenario for automated driving. In: 2015 IEEE 18th International conference on intelligent transportation systems, pp 982–988, https://doi.org/10.1109/ITSC.2015.164
Zeller A (2017) Search-based testing and system testing: a marriage in heaven. In: 2017 IEEE/ACM 10th International workshop on Search-Based Software Testing (SBST), SBST, pp 49–50, https://doi.org/10.1109/SBST.2017.3
Zohdinasab T, Riccio V, Gambi A, Tonella P (2021) Deephyperion: exploring the feature space of deep learning-based systems through illumination search. In: Proceedings of the 30th ACM SIGSOFT international symposium on software testing and analysis, Association for Computing Machinery, New York, NY, USA, ISSTA 2021, p 79–90, https://doi.org/10.1145/3460319.3464811
Zohdinasab T, Riccio V, Tonella P (2023) Deepatash: focused test generation for deep learning systems. In: Proceedings of the 32nd ACM SIGSOFT international symposium on software testing and analysis, Association for Computing Machinery, New York, NY, USA, ISSTA 2023, p 954–966

Download references

Acknowledgements

This research was funded by the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement No. 956123 and the NSERC of Canada under the Discovery Grant. The research was conducted with support from the AST Lab at fortiss GmbH, led by Prof. Dr. Andrea Stocco. We are grateful for the valuable feedback from reviewers and colleagues, which contributed to this work. We also thank Brian Hsuan-Cheng Liao for his assistance in conducting the experiments.

Funding

Open Access funding enabled and organized by Projekt DEAL.

Author information

Authors and Affiliations

fortiss GmbH, Technical University of Munich, Munich, Germany
Lev Sorokin & Damir Safin
University of Ottawa, Ottawa, Canada
Shiva Nejati

Authors

Lev Sorokin
View author publications
You can also search for this author in PubMed Google Scholar
Damir Safin
View author publications
You can also search for this author in PubMed Google Scholar
Shiva Nejati
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lev Sorokin.

Ethics declarations

Competing of Interests

The authors have no competing interests to declare that are relevant to the content of this article.

Additional information

Communicated by: Andrea Stocco, Matteo Biagiola, Vincenzo Riccio, Foutse Khomh, Nicolás Cardozo and Dongwan Shin.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

A Proofs

We provide the proofs for the following reformulated statements from Section 5.1:

1.
Given an optimal reference set, the error of CID reduces linearly with the maximal distance of adjacent points in the reference set decreasing.
2.
For an optimal reference set obtained with a uniform sampling approach, the CID’s error tends to zero with the increasing number of points sampled.

1.1 A.1 Proof Statement 1

The proofs are provided for $q = 1$ from the Definition of CID. The proof for $q > 1$ can be obtained with similar derivations. We start with defining two reference sets G and F, obtained by performing sampling within the domain $D\subseteq \mathbb {R}^n$ on a coarse and fine grids respectively, which are not necessarily structured. Let be S the number of all separated regions of the DOI, then, since the reference sets are optimal, both reference sets witness every separated continuous region $r_s,\ s = 1, \ldots , S$. From the Definition of CID, the following holds:

$$\begin{aligned} CID(A,Z) = \frac{1}{|Z|} \sum _{z \in Z} d_z = \frac{1}{|Z|} \sum _{s=1}^{S} \sum _{z \in ( Z \cap r_s )} d_z \end{aligned}$$

(3)

, i.e.,

$$\begin{aligned} CID(A,Z) = \sum _{s=1}^{S} CID(A, Z \cap r_s) \end{aligned}$$

(4)

Computing CID for the test set A, using the reference sets G and F, we obtain:

$$\begin{aligned} CID_G = \frac{1}{|G|} \sum _{i = 1}^{|G|} d_i^G \end{aligned}$$

(5)

$$\begin{aligned} CID_F = \frac{1}{|F|} \sum _{j = 1}^{|F|} d_i^F \end{aligned}$$

(6)

From (4), w.l.o.g., let’s assume that $S = 1$, and let us denote $r_1$ as r. The difference between the CID values for the corresponding reference sets is then:

$$\begin{aligned} CID_F - CID_G = \frac{1}{|G|} \sum _{i = 1}^{|G|} d_i^G - \frac{1}{|F|} \sum _{j = 1}^{|F|} d_i^F \end{aligned}$$

(7)

We partition the connected region r using a Voronoi diagram built on G into |G| Voronoi cells $c_i$, $i = 1, \ldots , |G|$. Then, we assign to each reference point $f_j \in F$ a Voronoi cell $c_i$ if the reference point lies within the cell, and denote the reference point as $f_k^i$. If $f_j$ lies on a boundary of a cell, we assign it to any of the neighbouring cells. Let be $R^*$ the maximal distance of adjacent points in G. Each of the cells lies within a ball $B(g_i; R_i)$, and the radius of each of the balls is bounded by $R^*$, i.e. $ R_i \le R^*$. As $f_k^i$ belongs to the cell $c_i$ with the center $g_i$, the distance between them is bounded: $\Vert \vec {\varvec{\xi }_{\varvec{ik}}} \Vert \le R^*$, where $\vec {\varvec{\xi }_{\varvec{ik}}}$ is the relative position between $f_k^i$, and $g_i$.

By applying the triangle equality of vector addition for the relative positions from the reference points $f_j \equiv f_i^k$ and $g_i$ to the test point yields:

$$\begin{aligned} \vec {\varvec{d}_{\varvec{j}}^{\varvec{F}}} = \vec {\varvec{d}_{\varvec{i}}^{\varvec{G}}} + \vec {\varvec{\xi }_{\varvec{ik}}} \end{aligned}$$

(8)

Using (7), $CID_F$ from (6) can be rewritten as:

$$\begin{aligned} CID_F = \frac{1}{|F|} \sum _{i = 1}^{|G|} \sum _{k = 1}^{K_i} \Vert \vec {\varvec{d}_{\varvec{i}}^{\varvec{G}}} + \vec {\varvec{\xi }_{\varvec{ik}}}\Vert , \end{aligned}$$

(9)

where $K_i$ is the number of points $f_k^i$ belonging to $c_i$.

With (9) and (7), the following holds:

$$\begin{aligned} CID_F - CID_G = \frac{1}{|F|} \sum _{i = 1}^{|G|} \sum _{k = 1}^{K_i} \Vert \vec {\varvec{d}_{\varvec{i}}^{\varvec{G}}} + \vec {\varvec{\xi }_{\varvec{ik}}}\Vert - \frac{1}{|G|} \sum _{i = 1}^{|G|} \Vert \vec {\varvec{d}_{\varvec{i}}^{\varvec{G}}}\Vert \end{aligned}$$

(10)

The norm $\Vert \cdot \Vert $ satisfies the following inequalities:

Triangle inequality: $\Vert x + y \Vert \le \Vert x \Vert + \Vert y \Vert $
Reverse triangle inequality: $\Vert x + y \Vert \ge |\Vert x\Vert - \Vert y \Vert |$

Applying the triangle inequality to (10) yields:

$$\begin{aligned} CID_F - CID_G \le \frac{1}{|F|} \sum _{i = 1}^{|G|} \sum _{k = 1}^{K_i}\Vert \vec {\varvec{d}_{\varvec{i}}^{\varvec{G}}} \Vert - \frac{1}{|G|} \sum _{i = 1}^{|G|} \Vert \vec {\varvec{d}_{\varvec{i}}^{\varvec{G}}}\Vert + \frac{1}{|F|} \sum _{i = 1}^{|G|}\sum _{k = 1}^{K_i} \Vert \vec {\varvec{\xi }_{\varvec{ik}}}\Vert \underset{*}{=}\ \nonumber \\ \frac{1}{|F|} \sum _{i = 1}^{|G|} (K_i - K^*) \Vert \vec {\varvec{d}_{\varvec{i}}^{\varvec{G}}}\Vert + \frac{1}{|F|} \sum _{i = 1}^{|G|}\sum _{k = 1}^{K_i} \Vert \vec {\varvec{\xi }_{\varvec{ik}}}\Vert \underset{**}{\overset{|F| \rightarrow \infty }{\le }} C(|G|) + R^*. \end{aligned}$$

(11)

Note:

*:: : For the equality, $K^*$ is the average number of points $f_k^i$ within a cell $c_i$, for $i = 1, \ldots |G|$, i.e. $K^* = {|F|}/{|G|}$.
**:: : For the inequality, presuming we have a uniform reference set F of an infinite size, the first sum represents the deviation from the average of the volume of each Voronoi cell. As shown in Gilbert (1962), the deviation reduces with the increasing number of points. Furthermore, the reduction is even higher for higher dimensions (Devroye et al. 2015). Note, that for a reference set obtained using a structured grid, the variance of the volume is equal to zero, as the volumes are equal for each cell, which means that the first sum is equal to zero. In other words, the first sum represents the uniform properties of the reference sets, and the more uniform the reference set, the smaller the variance is. We presume that the set of sampled points, and therefore the reference set G are uniform enough to neglect the first sum. The second sum is bounded, as the size of each cell is bounded by the respective radius of a ball.

Applying the reverse triangle inequality on (10), the following holds:

$$\begin{aligned} CID_F - CID_G \ge \frac{1}{|F|} \sum _{i = 1}^{|G|} \sum _{k = 1}^{K_i} | d_i^G - \Vert \vec {\varvec{\xi }_{\varvec{ik}}} \Vert | - \frac{1}{|G|}\sum _{i = 1}^{|G|} d_i^G \underset{*}{=}\ \nonumber \\ \frac{1}{|F|} \sum _{i = 1}^{|G|} \sum _{k = 1}^{K_i^+} (d_i^G - \Vert \vec {\varvec{\xi }_{\varvec{ik}}} \Vert ) + \frac{1}{|F|} \sum _{i = 1}^{|G|} \sum _{k = 1}^{K_i^-} (\Vert \vec {\varvec{\xi }_{\varvec{ik}}} \Vert - d_i^G) - \frac{1}{|F|} \sum _{i = 1}^{|G|} K^* d_i^G = \nonumber \\ \frac{1}{|F|} \sum _{i = 1}^{|G|} (K_i^+ - K^*) d_i^G - \frac{1}{|F|} \sum _{i = 1}^{|G|} \sum _{k}^{K_i^+} \Vert \vec {\varvec{\xi }_{\varvec{ik}}} \Vert + \frac{1}{|F|} \sum _{i = 1}^{|G|} \sum _{k}^{K_i^-} (\Vert \vec {\varvec{\xi }_{\varvec{ik}}} \Vert - d_i^G) \end{aligned}$$

(12)

Note:

*:: : For the equality, we separate the sum of the moduli over the reference points within the cell into two sums: where the expression under the modulus is positive ($K_i^+$ terms), and negative ($K_i^-$ terms).

Now, we consider each of the sums from (12) separately. For the second sum holds:

$$\begin{aligned} \frac{1}{|F|} \sum _{i = 1}^{|G|} \sum _{k}^{K_i^+} \Vert \vec {\varvec{\xi }_{\varvec{ik}}} \Vert \le \frac{1}{|F|} \sum _{i = 1}^{|G|} \sum _{k}^{K_i} \Vert \vec {\varvec{\xi }_{\varvec{ik}}} \Vert \le R^*, \end{aligned}$$

(13)

as the size of each cell is bounded by the respective radius of a ball.

To assess the rest of the sums, let us study the dependence of $K_i^-$ and $K_i^+$ on $R^*$. For a fixed test set, the following holds:

$$\begin{aligned} \exists G_0 : \forall G : |G| > |G_0| \implies K_i^- \le R^*\cdot K^*. \end{aligned}$$

(14)

As ${\varvec{K}}_{\varvec{i}}^+ + {\varvec{K}}_{\varvec{i}}^- = K_i$, and for a uniform structured grid, ${\varvec{K}}_{\varvec{i}} = {\varvec{K}}^*$, the following holds:

$$\begin{aligned} {\varvec{K}}_{\varvec{i}}^+ = {\varvec{K}}^* - {\varvec{K}}_{\varvec{i}}^- \ge {\varvec{K}}^* - {\varvec{R}}^* \cdot {\varvec{K}}^* = (1 - {\varvec{R}}^*) \cdot {\varvec{K}}^* \end{aligned}$$

(15)

If a grid is not structured, the additional terms involving the variances of the cell volume can be neglected similarly to (11). Then, from (14), for the third sum holds:

$$\begin{aligned} \frac{1}{\varvec{|F|}} \sum _{i = 1}^{\varvec{|G|}} \sum _{k}^{K_i^-} (\Vert \vec {\varvec{\xi }_{\varvec{ik}}} \Vert - d_i^G) \le C' \cdot \frac{1}{\varvec{K}^*} \cdot {\varvec{R}}^* \cdot {\varvec{K}}^* = {\varvec{C}}^{'} \cdot {\varvec{R}}^* ;\ {\varvec{C}}'> 0. \end{aligned}$$

(16)

Similarly, for the first sum in the (15) holds:

$$\begin{aligned} \left| \frac{1}{{\varvec{|F|}}} \sum _{i = 1}^{{\varvec{|G|}}} ({\varvec{K}}_i^+ - {\varvec{K}}^*) \cdot {\varvec{d}}_{\varvec{i}}^{\varvec{G}} \right| \le C'' \cdot \frac{1}{{\varvec{K}}^*} \cdot {\varvec{R}}^* \cdot {\varvec{K}}^* = {\varvec{C}}'' \cdot {\varvec{R}}^* ;\ {\varvec{C}}''> 0. \end{aligned}$$

(17)

Then for the (12) holds:

$$\begin{aligned} {\varvec{CID}}_{\varvec{F}} - {\varvec{CID}}_{\varvec{G}} \ge - ({\varvec{C}}' + {\varvec{C}}'' + 1) \cdot {\varvec{R}}^* \ge - {\varvec{C}}''' \cdot {\varvec{R}}^*;\ {\varvec{C}}'''> 0. \end{aligned}$$

(18)

Finally, from (18) and (11) follows:

$$\begin{aligned} | {\varvec{CID}}_{\varvec{F}} - {\varvec{CID}}_{\varvec{G}} | \le {\varvec{C}}^* \cdot {\varvec{R}}^*, \ {\varvec{C}}^* = \max ({\varvec{C}}''', {\varvec{C}}). \end{aligned}$$

(19)

Equation (19) implies that the error reduces linearly with the maximal distance between adjacent points in the reference set decreasing, which proofs the Statement 1.

1.2 A.2 Proof Statement 2

Because the sampling strategy is uniform, the maximum distance between adjacent points in the reference set $R^*$ decreases with the increasing number of sampled points. Statement 2 follows from (19).

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

Reprints and permissions

About this article

Cite this article

Sorokin, L., Safin, D. & Nejati, S. Can search-based testing with pareto optimization effectively cover failure-revealing test inputs?. Empir Software Eng 30, 26 (2025). https://doi.org/10.1007/s10664-024-10564-3

Download citation

Accepted: 01 October 2024
Published: 16 November 2024
DOI: https://doi.org/10.1007/s10664-024-10564-3

Can search-based testing with pareto optimization effectively cover failure-revealing test inputs?

Abstract

Similar content being viewed by others

An extensive evaluation of search-based software testing: a review

Higher Fault Detection Through Novel Density Estimators in Unit Test Generation

Optimal Test Cases Generation Using Evolutionary Soft Computing Techniques

1 Introduction

Results

2 SBST Problem Definition and Assumptions

Definition 1

Definition 2

Example

3 Related Work

3.1 Diversified SBST Approaches

3.2 Diversity and Coverage Metrics for SBST

4 Theoretical Argumentation

5 Metric for DOI Coverage Assessment

5.1 Metric Definition

5.2 Reference Set Generation and Properties of CID

6 Empirical Study

6.1 Experimental Setup

SUT MNIST

SUT AVP

NSGA-II and RS for MNIST

OMOPSO for MNIST and AVP

Test Oracles for MNIST

NSGA-II and RS for AVP

Test oracles for AVP

Diversified NSGA-II (NSGA-II-D)

Experiments

Metrics

6.2 Experimental Results

6.2.1 RQ1 Results

Comparing CID Results

Sampling Methods and Sampling Resolutions

Statistical Tests

6.2.2 RQ2 Results

Statistical Tests

7 Threats to Validity

8 Discussion

Observation

Clarification Regarding the Applicability of CID

Lesson Learned

Root Cause Analysis

Feasibility and Accuracy of Reference Sets

9 Conclusion and Future Work

Data availability

Notes

References

Acknowledgements

Funding

Author information

Authors and Affiliations

Corresponding author

Ethics declarations

Competing of Interests

Additional information

Publisher's Note

A Proofs

A Proofs

1.1 A.1 Proof Statement 1

1.2 A.2 Proof Statement 2

Rights and permissions

About this article

Cite this article

Share this article

Keywords

Search

Navigation