Date of Final Oral Examination (Defense)
Type of Culminating Activity
Master of Science in Computer Science
Dianxiang Xu, Ph.D.
Gaby Dagher, Ph.D.
Jyh-haw Yeh, Ph.D.
Blockchain in recent years has exploded in popularity with Ethereum being one of the leading blockchain platforms. Solidity is a widely used scripting language for creating smart contracts in Ethereum applications. Quality assurance in Solidity contracts is of critical importance because bugs or vulnerabilities can lead to a considerable loss of financial assets. However, it is unclear what level of quality assurance is provided in many of these applications.
Mutation testing is the process of intentionally injecting faults into a target program and then running the provided test suite against the various injected faults. Mutation testing is used to evaluate the effectiveness of a test suite, measuring the test suite’s capability of covering certain types of faults. This thesis presents Deviant, the first implementation of a mutation testing tool for Solidity smart contracts. Deviant implements mutation operators that cover the unique features of Solidity according to our constructed fault model, in addition to traditional mutation operators that exist for other programming languages.
Deviant has been applied to five open-source Solidity projects: MetaCoin , MultiSigWallet , Alice , aragonOS , and OpenZeppelin . Experimental results show that the provided test suites result in low mutation scores. These results indicate that the provided tests cannot ensure high-level assurance of code quality. Such evaluation results offer important guidelines for Solidity developers to implement more effective tests in order to deliver trustworthy code and reduce the risk of financial loss.
Chapman, Patrick, "Deviant: A Mutation Testing Tool for Solidity Smart Contracts" (2019). Boise State University Theses and Dissertations. 1593.