Mutations
Jumble is capable of making a number of different of mutations:
- Conditionals: Jumble replaces each condition with its negation.
Thus, for example, the condition x > y would mutate to
become !(x > y). Such mutations are not limited to simple
conditionals as in if statements. They also can occur in loop
conditions of while, for, and do loops and
in ?: ternary operations. Conditionals include arithmetic
comparisons, reference comparisons, and tests for null and
not-null. The mutation is effected by means of the negate()
method of IfInstruction class of BCEL. Note that in a complex
decision that contains several conditions, each condition will be
mutated separately.
The modification of a conditional can cause infinite looping. Jumble detects this situation by first timing the test on the unmodified code, then if the mutated code takes more than a certain multiple of this time the test is assumed to have caused infinite looping and the result is deemed to be a pass. Such results are indicated by a T in the test output.
Jumble always mutates conditionals.
- Binary Arithmetic Operations: Jumble can replace binary
arithmetic operations for either integer or floating-point arithmetic
with another operation. The replacement operation is selected according
to the table below. Fixed replacements rather than random replacements
are used because sometimes different operations will (correctly)
produce the same result. Even when using the fixed replacements of the
table such a situation can occasionally arise.
Current Mutation + - - + * / / * % * & | | & ^ & << >> >> << >>> << Jumble always mutates binary arithmetic operations.
- Increments: Increments, decrements, and the assignment
increments and decrements are mutated to their opposite sign. For
example, i++ becomes i--.
This mutation is off by default, but can be turned on using the "-i" or "--increments" command-line flags.
- Inline Constants: Jumble can change the value of literal constants
used in const instructions and various push
instructions. Because Jumble cannot tell from the class file whether
such constants are ints, shorts, characters, bytes, or booleans, some
confusion can occur when interpreting the output of these mutations. If
the mutated value happens to corresponding to a printable ASCII
character then this value appears in parenthesis after the numerical
value. A value of 0 might also be a boolean false and a value of 1 a
boolean true.
The mutation of inline constants is off by default, but can be turned on using the "-k" or "--inline-consts" command-line flags.
- Class Pool Constants: Jumble can change the value of
literal constants and strings that appear in the "class pool"
of a class. Primitive literals (ints, doubles etc.) are mutated
in a similar way to inline constants, and string literals are replaced
by the string "__jumble__" or "___jumble___".
The mutation of constant pool entries is off by default, but can be turned on using the "-w" or "--cpool" command-line flags.
- Return Values: Jumble can change return values. For primitive
booleans, shorts, characters, integers, floats, and doubles non-zero
returns can be changed to 0 and 0 returns are changed to 1. For objects
non-null returns can be changed to null; for null returns a
RuntimeException is invoked (this is because Jumble cannot reliably
instantiate a valid object or arbitrary type).
This mutation is off by default, but can be turned on using the "-r" or "--return-vals" command-line flags.
- Switch Statements: Jumble can mutate each case of a
switch statement by swapping it with the default case or another
case, or by changing the case value.
This mutation is off by default, but can be turned on using the "-j" or "--switch" command-line flags.