Presentation is loading. Please wait.

Presentation is loading. Please wait.

Week 6 MondayTuesdayWednesdayThursdayFriday Testing III Reading due Group meetings Testing IVSection ZFR due ZFR demos Progress report due Readings out.

Published bySteven French Modified over 8 years ago

Similar presentations

Presentation on theme: "Week 6 MondayTuesdayWednesdayThursdayFriday Testing III Reading due Group meetings Testing IVSection ZFR due ZFR demos Progress report due Readings out."— Presentation transcript:

1 Week 6 MondayTuesdayWednesdayThursdayFriday Testing III Reading due Group meetings Testing IVSection ZFR due ZFR demos Progress report due Readings out CSE403 ● Software engineering ● sp12 CSE403 Sp121 Concolic testing – combine symbolic and concrete testing Back to the basics of testing

2 Concolic Symbolic execution (or evaluation or testing) counts on a constraint solver (a kind of automated theorem prover) to solver for path conditions that will exercise specific branches in the CFG – we saw this last lecture, and we’ll see it again today The technology for constraint solvers is impressive, but there are still some constraints that cannot be automatically solved Concolic approaches combine concrete and symbolic execution to increase code coverage and, ideally, find bugs that would be otherwise hard to find KLEE, Cute, DART, etc. are examples of tools supporting concolic testing CSE403 Sp122

3 To another’s slide deck for examples From Pınar Sağlam – elided to examples Two examples, swapped in our slide deck –The (now) second example (starting at slide 12) is really only symbolic execution, but shows how it works on data structures with some complexity CSE403 Sp123

4 Back to partitioning Ideal test suite –Identify sets with same behavior –Try one input from each set Two problems 1. Notion of the same behavior is subtle Naive approach: execution equivalence Better approach: revealing subdomains 2. Discovering the sets requires perfect knowledge –Use heuristics to approximate cheaply CSE403 Sp124

5 Naive Approach: Execution Equivalence // returns: x returns –x // otherwise => returns x int abs(int x) { if (x < 0) return -x; else return x; } All x<0 are execution equivalent – that is, the program takes same sequence of steps for any x<0 All x ≥ 0 are also execution equivalent Suggests that {-3,3}, for example, is a good test suite

6 Execution Equivalence Doesn't Work So, what’s the problem? There are two execution paths, but combined with the specification there are three separate behaviors –x < -2 –x = -2  x = -1 –x  0 {-3, 3} does not reveal the error behaviors! // returns: x returns –x // otherwise => returns x int abs(int x) { if (x < -2) return -x; else return x; }

7 Heuristic: Revealing Subdomains A subdomain is a subset of possible inputs A subdomain is revealing for error E if either –Every input in that subdomain triggers error E, or –No input in that subdomain triggers error E Need test only one input from a given subdomain –If subdomains cover the entire input space, then we are guaranteed to detect the error if it is present The trick is to guess these revealing subdomains

8 Ex: buggy abs, revealing subdomains? int abs(int x) { if (x < -2) return -x; else return x; } Possible subdomains {-1} {-2} {-2,-1} {-3,-2,-1} Which of these is not a revealing subdomain for this bug? Which of these is the best revealing subdomain for this bug?

9 Heuristics for Designing Test Suites A good heuristic gives –few subdomains –  errors E in some class of errors, – high probability that some subdomain is revealing for E Different heuristics target different classes of errors –In practice, combine multiple heuristics

10 Black Box Testing Heuristic: Explore alternate specification paths –Procedure is a black box: interface visible, internals hidden Example – int max(int a, int b) // effects: a > b => returns a // a returns b // a = b => returns a Three paths, so three test cases –(4, 3) => 4 (i.e. any input in the subdomain a > b) –(3, 4) => 4 (i.e. any input in the subdomain a < b) –(3, 3) => 3 (i.e. any input in the subdomain a = b)

11 More Complex Example int find(int[] a, int value) throws Missing // returns: the smallest i such // that a[i] == value // throws: Missing if value is not in a Two obvious tests: ( [4, 5, 6], 5 )=> 1 ( [4, 5, 6], 7 )=> throw Missing Must hunt for multiple cases in the specification ( [4, 5, 5], 5 ) => 1 Write test cases based on paths through the specification –int find(int[] a, int value) throws Missing // returns: the smallest i such // that a[i] == value // throws: Missing if value is not in a Two obvious tests: ( [4, 5, 6], 5 )=> 1 ( [4, 5, 6], 7 )=> throw Missing Have I captured all the paths? Must hunt for multiple cases in effects or requires

12 Heuristic: Boundary Testing Create tests at the edges of subdomains –off-by-one bugs –forgot to handle empty container –overflow errors in arithmetic –aliasing Small subdomains at the edges of the “main” subdomains have a high probability of revealing these common errors Also, you might have misdrawn the boundaries

13 Boundary Testing To define the boundary, need a distance metric –Define adjacent points One approach –Identify basic operations on input points –Two points are adjacent if one basic operation apart Point is on a boundary if either –There exists an adjacent point in a different subdomain –Some basic operation cannot be applied to the point Example: list of integers –Basic operations: create, append, remove –Adjacent points:, –Boundary point: [] (can’t apply remove integer)

14 Boundary Cases: Aliases void appendList(List src, List dest) { // modifies: src, dest // effects: removes all elements of src and // appends them in reverse order to // the end of dest while (src.size()>0) { E elt = src.remove(src.size()-1); dest.add(elt) } What happens if src and dest refer to the same thing? This is aliasing, and it’s easy to forget! Watch out for shared references in inputs

15 Regression Testing Whenever you find a bug –Store the input that elicited that bug, plus the correct output –Add these to the test suite –Verify that the test suite fails –Fix the bug –Verify the fix Ensures that your fix solves the problem Helps to populate test suite with good tests Protects against reversions that reintroduce bug –It happened at least once, and it might happen again

16 Rules of Testing First rule of testing: Do it early and do it often – Best to catch bugs soon, before they have a chance to hide. –Automate the process if you can –Regression testing will save time Second rule of testing: Be systematic –If you randomly thrash, bugs will hide in the corner until you're gone –Writing tests is a good way to understand the spec Think about revealing domains and boundary cases If the spec is confusing  write more tests –Spec can be buggy too Incorrect, incomplete, ambiguous, and missing corner cases –When you find a bug  write a test for it first and then fix it

17 CSE403 ● Software engineering ● sp12 CSE403 Sp1217 Week 6 MondayTuesdayWednesdayThursdayFriday Testing III Reading due Group meetings Testing IVSection ZFR due ZFR demos Progress report due Readings out

Download ppt "Week 6 MondayTuesdayWednesdayThursdayFriday Testing III Reading due Group meetings Testing IVSection ZFR due ZFR demos Progress report due Readings out."

Similar presentations

Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008

Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008
Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.
Introduction to Software Engineering Lecture 11 André van der Hoek.

Introduction to Software Engineering Lecture 11 André van der Hoek.
CSE503: SOFTWARE ENGINEERING SYMBOLIC TESTING, AUTOMATED TEST GENERATION … AND MORE! David Notkin Spring 2011.

CSE503: SOFTWARE ENGINEERING SYMBOLIC TESTING, AUTOMATED TEST GENERATION … AND MORE! David Notkin Spring 2011.
CSE 331 SOFTWARE DESIGN & IMPLEMENTATION TESTING II Autumn 2011.

CSE 331 SOFTWARE DESIGN & IMPLEMENTATION TESTING II Autumn 2011.
Testing, cont. Based on material by Michael Ernst, University of Washington.

Testing, cont. Based on material by Michael Ernst, University of Washington.
Informatics 43 – May 5, 2015. Restatement of goals Want to verify software’s correctness  Need to test  Need to decide on test cases  No set of test.

Informatics 43 – May 5, Restatement of goals Want to verify software’s correctness  Need to test  Need to decide on test cases  No set of test.
Informatics 43 – April 30, 2015. What is a test case? An input to a system, and the correct output. An “input” may be complex. Example: – What is an input.

Informatics 43 – April 30, What is a test case? An input to a system, and the correct output. An “input” may be complex. Example: – What is an input.
16/27/2015 3:38 AM6/27/2015 3:38 AM6/27/2015 3:38 AMTesting and Debugging Testing The process of verifying the software performs to the specifications.

16/27/2015 3:38 AM6/27/2015 3:38 AM6/27/2015 3:38 AMTesting and Debugging Testing The process of verifying the software performs to the specifications.
Testing an individual module

Testing an individual module
1 Joe Meehean. 2 Testing is the process of executing a program with the intent of finding errors. -Glenford Myers.

1 Joe Meehean. 2 Testing is the process of executing a program with the intent of finding errors. -Glenford Myers.
1 Functional Testing Motivation Example Basic Methods Timing: 30 minutes.

1 Functional Testing Motivation Example Basic Methods Timing: 30 minutes.
Software Testing Sudipto Ghosh CS 406 Fall 99 November 9, 1999.

Software Testing Sudipto Ghosh CS 406 Fall 99 November 9, 1999.
CSE 331 Software Design & Implementation Hal Perkins Autumn 2012 Testing (Slides by Mike Ernst) 1.

CSE 331 Software Design & Implementation Hal Perkins Autumn 2012 Testing (Slides by Mike Ernst) 1.
CUTE: A Concolic Unit Testing Engine for C Technical Report Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.

CUTE: A Concolic Unit Testing Engine for C Technical Report Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.
CMSC 345 Fall 2000 Unit Testing. The testing process.

CMSC 345 Fall 2000 Unit Testing. The testing process.
CS4311 Spring 2011 Unit Testing Dr. Guoqiang Hu Department of Computer Science UTEP.

CS4311 Spring 2011 Unit Testing Dr. Guoqiang Hu Department of Computer Science UTEP.
1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.

1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.
Regression testing Whenever you find a bug – Reproduce it (before you fix it!) – Store input that elicited that bug – Store correct output – Put into test.

Regression testing Whenever you find a bug – Reproduce it (before you fix it!) – Store input that elicited that bug – Store correct output – Put into test.
Testing and Debugging Version 1.0. All kinds of things can go wrong when you are developing a program. The compiler discovers syntax errors in your code.

Testing and Debugging Version 1.0. All kinds of things can go wrong when you are developing a program. The compiler discovers syntax errors in your code.

Similar presentations

Ads by Google