Korat: automated testing based on Java predicates

Similar documents
Optimizing Generation of Object Graphs in Java PathFinder

Software Testing Modeling Tools

Towards a Framework for Differential Unit Testing of Object-Oriented Programs

Optimizing Generation of Object Graphs in Java PathFinder

A Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation

Introduction to Computers and Programming. Testing

Towards a Framework for Generating Tests to Satisfy Complex Code Coverage in Java Pathfinder

How To Write A Test Engine For A Microsoft Microsoft Web Browser (Php) For A Web Browser For A Non-Procedural Reason)

Rigorous Software Development CSCI-GA

Lecture Notes on Linear Search

Model Driven Security: Foundations, Tools, and Practice

An Approach for Generating Concrete Test Cases Utilizing Formal Specifications of Web Applications

AN AI PLANNING APPROACH FOR GENERATING BIG DATA WORKFLOWS

Data Structure Repair Using Goal-Directed Reasoning. Brian C. Demsky

HECTOR a software model checker with cooperating analysis plugins. Nathaniel Charlton and Michael Huth Imperial College London

Tickling Java with a Feather

Testing LTL Formula Translation into Büchi Automata

Relational Databases

Efficient Data Structures for Decision Diagrams

Introduction to Programming (in C++) Loops. Jordi Cortadella, Ricard Gavaldà, Fernando Orejas Dept. of Computer Science, UPC

Example. Introduction to Programming (in C++) Loops. The while statement. Write the numbers 1 N. Assume the following specification:

Rigorous Software Engineering Hoare Logic and Design by Contracts

Rule-based Test Generation with Mind Maps

Case studies: Outline. Requirement Engineering. Case Study: Automated Banking System. UML and Case Studies ITNP090 - Object Oriented Software Design

StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java

Iterators. Provides a way to access elements of an aggregate object sequentially without exposing its underlying representation.

Data Model Bugs. Ivan Bocić and Tevfik Bultan

Web Caching With Dynamic Content Abstract When caching is a good idea

The Entity-Relationship Model

Regression Verification: Status Report

Programming by Contract. Programming by Contract: Motivation. Programming by Contract: Preconditions and Postconditions

Motion. Complete Table 1. Record all data to three decimal places (e.g., or or 0.000). Do not include units in your answer.

CS423 Spring 2015 MP4: Dynamic Load Balancer Due April 27 th at 9:00 am 2015

5.1 Radical Notation and Rational Exponents

Structure Definitions. Inconsistent Data Structure. Repaired Data Structure. attributelist

EFFICIENT KNOWLEDGE BASE MANAGEMENT IN DCSP

InvGen: An Efficient Invariant Generator

Requirements by Contracts allow Automated System Testing

Thomas Jefferson High School for Science and Technology Program of Studies Foundations of Computer Science. Unit of Study / Textbook Correlation

Lecture Notes on Binary Search Trees

Software Development Phases

Software Engineering Techniques

Software Verification: Infinite-State Model Checking and Static Program

Standard for Software Component Testing

Tool-Assisted Unit-Test Generation and Selection Based on Operational Abstractions

Static Program Transformations for Efficient Software Model Checking

Software testing. Objectives

Open Problems in Quantum Information Processing. John Watrous Department of Computer Science University of Calgary

Introduction to Static Analysis for Assurance

What is a Loop? Pretest Loops in C++ Types of Loop Testing. Count-controlled loops. Loops can be...

Formal Verification by Model Checking

Introduction to Software Testing Chapter 8.1 Building Testing Tools Instrumentation. Chapter 8 Outline

VeriTech - A Framework for Translating among Model Description Notations

Computer-Assisted Theorem Proving for Assuring the Correct Operation of Software

Using the Theory of Reals in. Analyzing Continuous and Hybrid Systems

Know or Go Practical Quest for Reliable Software

Optimal Binary Search Trees Meet Object Oriented Programming

Software Engineering

6.080/6.089 GITCS Feb 12, Lecture 3

Stacks. Linear data structures

Data Types. Abstract Data Types. ADTs as Design Tool. Abstract Data Types. Integer ADT. Principle of Abstraction

Runtime Checking for Program Verification

Laboratory Module 8 Mining Frequent Itemsets Apriori Algorithm

Testing Software Product Lines Using Incremental Test Generation

Rigorous Software Development CSCI-GA

GOAL-BASED INTELLIGENT AGENTS

Final Exam. Route Computation: One reason why link state routing is preferable to distance vector style routing.

ALGEBRA 2/TRIGONOMETRY

Math. Rounding Decimals. Answers. 1) Round to the nearest tenth ) Round to the nearest whole number

Chapter 9. Systems of Linear Equations

Lecture Notes on Binary Search Trees

A Short Summary on What You Can Do to Improve Your Home Business

Specification and Analysis of Contracts Lecture 1 Introduction

A case study of C source code verification: the Schorr-Waite algorithm

Examples on Monopoly and Third Degree Price Discrimination

Introduction to Automated Testing

Recursion vs. Iteration Eliminating Recursion

An Open Framework for Reverse Engineering Graph Data Visualization. Alexandru C. Telea Eindhoven University of Technology The Netherlands.

Software Testing. Quality & Testing. Software Testing

Answer Key for California State Standards: Algebra I

Testing Software Product Lines Using Incremental Test Generation

Software Modeling and Verification

Tennessee Department of Education

Lecture 11 Doubly Linked Lists & Array of Linked Lists. Doubly Linked Lists

Proceedings of the International MultiConference of Engineers and Computer Scientists 2013 Vol I, IMECS 2013, March 13-15, 2013, Hong Kong

Random vs. Structure-Based Testing of Answer-Set Programs: An Experimental Comparison

Lecture 12: Abstract data types

WESTMORELAND COUNTY PUBLIC SCHOOLS Integrated Instructional Pacing Guide and Checklist Computer Math

Data Structures Fibonacci Heaps, Amortized Analysis

NOTES ON LINEAR TRANSFORMATIONS

Introduction to SPIN. Acknowledgments. Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck. Features PROMELA/SPIN

1) The postfix expression for the infix expression A+B*(C+D)/F+D*E is ABCD+*F/DE*++

Statistical Machine Translation: IBM Models 1 and 2

Software Testing & Verification 2013/2014 Universiteit Utrecht

Abstraction-guided Runtime Checking of Assertions on Lists

Unified Static and Runtime Verification of Object-Oriented Software

Method To Solve Linear, Polynomial, or Absolute Value Inequalities:

Address Taken FIAlias, which is equivalent to Steensgaard. CS553 Lecture Alias Analysis II 2

Effectively Using JML

Midterm Practice Problems

Transcription:

Korat: automated testing based on Java predicates Chandrasekhar Boyapati Sarfraz Khurshid Darko Marinov 2002 MIT Laboratory for Computer Science presented by Nicola Vermes

Outline Motivation Korat Finitization State space Search Example How it works Test Efficiency Results Alloy Analyzer The tool Demo Conclusion 2

Motivation Testing can be tedious Test data generation (objects under test) Test cases (method's input) Test oracles (check correctness) Tools can help JUnit: automate test execution JML: exploitable to create test oracle Korat: combine Junit+JML and generate test cases+inputs 3

Motivation: example Linked list of 1..N elements Method to test: remove an element N possible lists: for each list, list.size possible inputs for the remove method (N 2 +N)/2 possible pairs (list, node_to_remove) and this is just a simple linked list 4

Korat: overview Korat can automatically create: objects from class invariants Inputs, for method to test, from its pre-conditions test oracles from method's post-conditions Key idea: efficiently search objects/inputs from the set of all possible cases User must just specify how large can be this set 5

Finitization: the idea Bounds of the cases/input size Defining # objects to create (for each class) Define the range for primitive types Example: linked list (nodes, size) the user specify how many nodes to create and the range for the size field (int) Korat then generates all possible (and valid) lists of sizes within the range using the created objects 6

Finitization: some concepts Class domain: set of objects of one class A field can point to a set of classes Field domain: set of values a field can take Field domain: an union of some class domains 7

State space: the idea Fields of each object have an ID Candidate vector: at position ID value of field Each field can have a (finite) set of values State space: combination of all possible values With class invariant [bool repok()]: check if a candidate vector is a valid structure 8

State space: the problem Even with the Finitization, it can be very large Korat must use an efficient algorithm to search all valid structures Linked list of size two, with nodes A/B Fields: List { Node root; int size; } Node { Node next; } State space size: 18 (2 ptrs that can point to A/B/null; root can point A or B: 3*3*2=18) Valid lists: 2 (r A B null and r B A null) 9

Search Backtracking algorithm prunes portions of the state space with invalid struct Korat does not generate isomorphous struct In class domain, objects are ordered Also in field domain (consistent) Candidate vector stores the index (of the field domain order) of the values taken by fields 10

Linked list: example Object List A B Invalid candidate CV = [0,0,1,0] {A,2,A,null} Valid candidate CV = [0,0,2,0] {A,2,B,null} index in candidate vector 0 1 2 3 Field root size next next Field domain {A,B} {2} {null,a,b} Field domain index [0,1] [0] [0,1,2] Class invariant determines if valid or not Good practice: data structures provided with predicates bool repok() (check inv.) 11

Backtracking Init CV with 0s Keeps trace of accessed fields during repok() (first access ordered) If false: Next CV: incr. index of last accessed field If exceeds domain size, set to 0 and incr. index of the previous accessed field This avoids to explore many structures in state space If true: skip all the isomorphic structures 12

Linked list: backtracking Object List A B CV = [0,0,1,0] field accessed= [root,size,a.next] index in candidate vector 0 1 2 3 Field root size next next Field domain {A,B} {2} {null,a,b} Field domain index [0,1] [0] [0,1,2] CV = [0,0,1,*] always invalid [0,0,1,1] and [0,0,1,2] pruned CV = [0,0,2,0] field accessed= [root,size,a.next, B.next] Incr. last accessed (A.next): [0,0,1+1,0] 13

Nonisomorphism Further optimization Candidates isomorphic if graphs of reachable objects are isomorphic When a valid structure is found all the isomorphic structures are skipped 14

Instrumentation Monitor repok's executions To know field accesses ordering Source-to-Source translation Add special setter/getter for each field Replace field access with set/get Approach similar to the observer pattern Javassist 15

Testing methods Input generated from pre-conditions Check correctness from post-conditions Annotations in JML Generates all pairs (structure, input) that satisfy class invariant and method preconditions Check correctness: class invariant and method post-conditions must hold If not: method incorrect, Korat provides a counter-example 16

Efficiency The backtracking algorithm performance is strictly related to the repok() implementation The repok() should return false as soon as possible In this way large portions of the state space are pruned If repok() always accesses to all fields (also for invalid structures) nothing will be pruned 17

Experimental results All finitization parameters set to size State space rounded to nearest smaller exp. of two # fields =1+8*2 (root + 8 nodes with left/right) = 17 # elements = 1+8 (null + nodes) = 9 2 53 < 9 17 < 2 54 # of nonisomorphic BinaryTree is known: Korat generates exactly the same # of structures The pruning is effective: candidates vs. state space 18

Alloy Analyzer Tool for analyzing Alloy models Alloy: first-order logic, declarative language based on relations Relations, sets, quantifier, to model a structure and its constraint Translate the model into a boolean formula SAT-solver, back to to an instance of the model 19

Korat vs. Alloy Analyzer Korat more efficient Korat learns from repok() Alloy generates some isomorphic structures 20

The tool Generates only structures/inputs for method It does NOT: Generate automatically finitization skeleton use JML It does NOT run the method under test thus it is not so concretely usable Demo 21

Korat: conclusion The basic idea is good Efficient, but still not applicable to large structures What about the correctness of repok() method? The tool should definitely be improved to be more usable 22

Questions / Discussion 23

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information