Francesca Lonetti

Cristian Augusto, Antonia Bertolino, Guglielmo De Angelis et al.

Large Language Models (LLMs) are starting to be profiled as one of the most significant disruptions in the Software Testing field. Specifically, they have been successfully applied in software testing tasks such as generating test code, or summarizing documentation. This potential has attracted hundreds of researchers, resulting in dozens of new contributions every month, hardening researchers to stay at the forefront of the wave. Still, to the best of our knowledge, no prior work has provided a structured vision of the progress and most relevant research trends in LLM-based testing. In this article, we aim to provide a roadmap that illustrates its current state, grouping the contributions into different categories, and also sketching the most promising and active research directions for the field. To achieve this objective, we have conducted a semi-systematic literature review, collecting articles and mapping them into the most prominent categories, reviewing the current and ongoing status, and analyzing the open challenges of LLM-based software testing. Lastly, we have outlined several expected long-term impacts of LLMs over the whole software testing field.

Antonia Bertolino, Said Daoudagh, Francesca Lonetti et al.

In the context of XACML-based access control systems, an intensive testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. Unfortunately, it requires a huge effort for manual inspection of results: thus automated verdict derivation is a key aspect for improving the cost-effectiveness of testing. To this purpose, we introduce XACMET, a novel approach for automated model-based oracle definition. XACMET defines a typed graph, called the XAC-Graph, that models the XACML policy evaluation. The expected verdict of a specific request execution can thus be automatically derived by executing the corresponding path in such graph. Our validation of the XACMET prototype implementation confirms the effectiveness of the proposed approach.

Francesca Lonetti, Eda Marchetti

Currently, eXtensible Access Control Markup Language (XACML) has becoming the standard for implementing access control policies and consequently more attention is dedicated to testing the correctness of XACML policies. In particular, coverage measures can be adopted for assessing test strategy effectiveness in exercising the policy elements. This study introduces a set of XACML coverage criteria and describes the access control infrastructure, based on a monitor engine, enabling the coverage criterion selection and the on-line tracing of the testing activity. Examples of infrastructure usage and of assessment of different test strategies are provided.