Presentation is loading. Please wait.

Presentation is loading. Please wait.

Korat Automated Testing Based on Java Predicates Chandrasekhar Boyapati, Sarfraz Khurshid, Darko Marinov MIT ISSTA 2002 Rome, Italy.

Published byHarry Barr Modified over 9 years ago

Similar presentations

Presentation on theme: "Korat Automated Testing Based on Java Predicates Chandrasekhar Boyapati, Sarfraz Khurshid, Darko Marinov MIT ISSTA 2002 Rome, Italy."— Presentation transcript:

1 Korat Automated Testing Based on Java Predicates Chandrasekhar Boyapati, Sarfraz Khurshid, Darko Marinov MIT ISSTA 2002 Rome, Italy

2 23 July 2002Korat, ISSTA 20022 motivation test (full) conformance of Java code generate test inputs automatically evaluate correctness automatically check exhaustively (up to given input size) discover bugs generate concrete counterexamples do not generate false alarms do not require a different specification language

3 23 July 2002Korat, ISSTA 20023 Korat automates specification-based testing uses Java Modeling Language (JML) specifications generates test inputs using precondition builds a Java predicate uses finitization (that defines input space) systematically explores input space prunes input space using field accesses provides isomorph-free generation checks correctness using postcondition JML/JUnit toolset generates complex structures Java Collections Framework (JCF)

4 23 July 2002Korat, ISSTA 20024 talk outline motivation example test input generation checking correctness experiments conclusions

5 23 July 2002Korat, ISSTA 20025 binary tree class BinaryTree { Node root; int size; static class Node { Node left; Node right; } void remove(Node n) {... } } //@ invariant// class invariant for BinaryTree //@ repOk(); /*@ normal_behavior// specification for remove @ requires has(n);// precondition @ ensures !has(n);// postcondition @*/

6 23 July 2002Korat, ISSTA 20026 binary tree (class invariant) boolean repOk() { if (root == null) return size == 0; // empty tree has size 0 Set visited = new HashSet(); visited.add(root); List workList = new LinkedList(); workList.add(root); while (!workList.isEmpty()) { Node current = (Node)workList.removeFirst(); if (current.left != null) { if (!visited.add(current.left)) return false; // acyclicity workList.add(current.left); } if (current.right != null) { if (!visited.add(current.right)) return false; // acyclicity workList.add(current.right); } if (visited.size() != size) return false; // consistency of size return true; }

7 23 July 2002Korat, ISSTA 20027 binary tree (Korat’s generation) Korat generates a finitization 3 nodes 7 nodes Korat generates 429 trees in less than 1 sec 2 45 candidate structures N0 N1 N2 left N0 N1 N2 right N0 N1 N2 left right N0 N1 N2 left right N0 N1N2 leftright

8 23 July 2002Korat, ISSTA 20028 talk outline motivation example test input generation checking correctness experiments conclusions

9 23 July 2002Korat, ISSTA 20029 test input generation given predicate p and finitization f, Korat generates all inputs for which p returns “true” finitization state space search nonisomorphism instrumentation generating test inputs

10 23 July 2002Korat, ISSTA 200210 finitization set of bounds that limits the size of inputs specifies number of objects for each class class domain set of objects from a class eg, for class “Node”: { N0, N1, N2 } field domain set of values a field can take union of some class domains eg, for field “left”: { null, N0, N1, N2 } Korat automatically generates a skeleton programmers can specialize/generalize it

11 23 July 2002Korat, ISSTA 200211 finitization (binary tree) Korat generates Finitization finBinaryTree(int n, int min, int max) { Finitization f = new Finitization(BinaryTree.class); ObjSet nodes = f.createObjects(“Node”, n); // #Node = n nodes.add(null); f.set(“root”, nodes); // root in null + Node f.set(“size”, new IntSet(min, max)); // min <= size <= max f.set(“Node.left”, nodes); // Node.left in null + Node f.set(“Node.right”, nodes); // Node.right in null + Node return f; } a specialization Finitization finBinaryTree(int n) { return finBinaryTree(n, n, n); } finBinaryTree(3) generates trees with 3 nodes

12 23 July 2002Korat, ISSTA 200212 state space given a finitization, Korat allocates given number of objects constructs a vector of object fields fields of objects have unique indexes in the vector a valuation of the vector is a candidate input state space is all possible valuations

13 23 July 2002Korat, ISSTA 200213 state space (binary tree) for finBinaryTree(3) 1 BinaryTree object, 3 Node objects vector has 8 fields BinaryTreeN0N1N2 root sizeleftrightleft right left right state space has 4 * 1 * (4 * 4) 3 = 2 14 candidates for finBinaryTree(n) state space has (n + 1) 2n+1 candidates

14 23 July 2002Korat, ISSTA 200214 search Korat orders elements in class/field domains candidate is a vector of field domain indices for each candidate vector (initially 0), Korat creates corresponding structure invokes repOk and monitors the execution builds field ordering, ie, list of fields ordered by time of first access if repOk returns “true”, outputs structure(s) if repOk returns “false”, backtracks on the last field accessed using field ordering

15 23 July 2002Korat, ISSTA 200215 search (binary tree [1]) class domain for “Node”: [ N0, N1, N2 ] field domain “root”, “left”, “right”: [ null, N0, N1, N2 ] “size”: [ 3 ] candidate [ N0, 3, N1, N1, null, null, null, null ] encodes repOk returns “false”; field ordering: [ 0, 2, 3 ] or [ root, N0.left, N0.right ] N0 N1N2 left right

16 23 July 2002Korat, ISSTA 200216 search (binary tree [2]) backtracking on N0.right gives next candidate [ N0, 3, N1, N2, null, null, null, null ] prunes from search all 4 4 candidates of the form [ N0, _, N1, N1, _, _, _, _ ] completeness: guaranteed because repOk returned “false” without accessing the other fields N0 N1N2 left right

17 23 July 2002Korat, ISSTA 200217 nonisomorphism candidates C and C’ rooted at r are isomorphic  .  o, o’  O C,r.  f  fields(o).  p  P. o.f == o’ in C  (o).f ==  (o’) in C’ and o.f == p in C  (o).f == p in C’ Korat generates only the lexicographically smallest candidate from each partition increments field domain indices by more than 1, eg. resetting to 0 before hitting max optimality: Korat generates exactly one structure from each partition

18 23 July 2002Korat, ISSTA 200218 instrumentation to monitor repOk’s executions and build field ordering, Korat uses observer pattern performs source to source translation replaces field accesses with get and set methods to notify observer adds special constructors initializes all objects in finitization with an observer

19 23 July 2002Korat, ISSTA 200219 generating test inputs (1) to generate test inputs for method m, Korat builds a class that represents m’s inputs builds repOk that checks m’s precondition generates all inputs i s.t. “i.repOk()” class BinaryTree { //@ invariant repOk();... //@ requires has(n); void remove(Node n) {... } } recall “remove” method for “BinaryTree” class BinaryTree_remove { //@ invariant repOk(); BinaryTree This; BinaryTree.Node n; boolean repOk() { return This.repOk() && This.has(n); }

20 23 July 2002Korat, ISSTA 200220 generating test inputs (2) an alternative approach [JML+JUnit] (manually) compute all possibilities for each parameter take cross product to get space of inputs filter using precondition Korat improves on this by monitoring repOk executions and breaking isomorphisms

21 23 July 2002Korat, ISSTA 200221 talk outline motivation example test input generation checking correctness experiments conclusions

22 23 July 2002Korat, ISSTA 200222 checking correctness to test method m, Korat invokes m on each test input and checks each output with a test oracle current Korat implementation uses JML toolset for generating oracles JUnit for executing test and error reporting testing framework KoratJML+JUnitJUnittesting activity running tests generating test oracles generating test inputs

23 23 July 2002Korat, ISSTA 200223 talk outline motivation example test input generation checking correctness experiments conclusions

24 23 July 2002Korat, ISSTA 200224 performance (generation) benchmarksizestructures generated time (sec) state space java.util.LinkedList8 12 4140 4213597 2 690 2 91 2 150 java.util.TreeMap7979 35 122 9 2149 2 92 2 130 java.util.HashSet7 11 2386 277387 4 927 2 119 2 215 AVTree (INS)5598358632 50 BinaryTree8 12 1430 208012 2 234 2 53 2 92 HeapArray6868 13139 1005075 2 43 2 20 2 29

25 23 July 2002Korat, ISSTA 200225 performance (checking) benchmarkmethodsizetest inputs generated gen time test time BinaryTree HeapArray LinkedList TreeMap HashSet AVTree remove extractMax reverse put add lookup 362874362874 15 13139 8 19912 13106 27734 1 137 4 5 1 2 1 3 2 15 methods checked for all inputs up to given size complete statement coverage achieved for these inputs

26 23 July 2002Korat, ISSTA 200226 talk outline motivation example test input generation checking correctness experiments conclusions

27 23 July 2002Korat, ISSTA 200227 related work specification-based testing using Z specifications [Horcher’95] using UML statecharts [Offutt & Abdurazik’99] TestEra [Marinov & Khurshid’01] JML+JUnit [Cheon & Leavens’01] static analysis ESC [Detlefs et al’98] TVLA [Sagiv et al’98] Roles [Kuncak et al’02] software model checking VeriSoft [Godefroid’97] JPF [Visser et al’00]

28 23 July 2002Korat, ISSTA 200228 conclusions Korat automates specification-based testing uses method precondition to generate all nonisomorphic test inputs prunes search space using field accesses invokes the method on each input and uses method postcondition as a test oracle Korat prototype uses JML specifications Korat efficiently generates complex data structures including some from JCF

Download ppt "Korat Automated Testing Based on Java Predicates Chandrasekhar Boyapati, Sarfraz Khurshid, Darko Marinov MIT ISSTA 2002 Rome, Italy."

Similar presentations

Chapter 22 Implementing lists: linked implementations.

Chapter 22 Implementing lists: linked implementations.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Chapter 7. Binary Search Trees

Chapter 7. Binary Search Trees
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 7.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 7.
This research is funded in part the U. S. National Science Foundation grant CCR-0113181. DEET for Component-Based Software Murali Sitaraman, Durga P. Gandi.

This research is funded in part the U. S. National Science Foundation grant CCR DEET for Component-Based Software Murali Sitaraman, Durga P. Gandi.
Data Structures ADT List

Data Structures ADT List
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 6 Disclaimer. These notes are derived from notes originally.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 6 Disclaimer. These notes are derived from notes originally.
CSE331: Introduction to Networks and Security Lecture 30 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 30 Fall 2002.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
JMLAutoTest and Its Double- phase Testing Way Guoqing Xu Com Sci., East China Normal Univ. Shanghai 200062, PRC FATES 2003, Montreal, Canada, Oct.6th 2003.

JMLAutoTest and Its Double- phase Testing Way Guoqing Xu Com Sci., East China Normal Univ. Shanghai , PRC FATES 2003, Montreal, Canada, Oct.6th 2003.
Dept. of Computer Science A Runtime Assertion Checker for the Java Modeling Language (JML) Yoonsik Cheon and Gary T. Leavens SERP 2002, June 24-27, 2002.

Dept. of Computer Science A Runtime Assertion Checker for the Java Modeling Language (JML) Yoonsik Cheon and Gary T. Leavens SERP 2002, June 24-27, 2002.
272: Software Engineering Fall 2008 Instructor: Tevfik Bultan Lecture 10: Testing, Automated Testing.

272: Software Engineering Fall 2008 Instructor: Tevfik Bultan Lecture 10: Testing, Automated Testing.
1 Today Another approach to “coverage” Cover “everything” – within a well-defined, feasible limit Bounded Exhaustive Testing.

1 Today Another approach to “coverage” Cover “everything” – within a well-defined, feasible limit Bounded Exhaustive Testing.
Efficient Software Model Checking of Soundness of Type Systems Michael Roberson, Melanie Harries, Paul T. Darga, Chandrasekhar Boyapati University of Michigan.

Efficient Software Model Checking of Soundness of Type Systems Michael Roberson, Melanie Harries, Paul T. Darga, Chandrasekhar Boyapati University of Michigan.
Efficient Software Model Checking of Data Structure Properties Paul T. Darga Chandrasekhar Boyapati The University of Michigan.

Efficient Software Model Checking of Data Structure Properties Paul T. Darga Chandrasekhar Boyapati The University of Michigan.
Efficient Modular Glass Box Software Model Checking Michael Roberson Chandrasekhar Boyapati The University of Michigan.

Efficient Modular Glass Box Software Model Checking Michael Roberson Chandrasekhar Boyapati The University of Michigan.
1/23/2003University of Virginia1 Korat: Automated Testing Based on Java Predicates CS751 Presentation by Radu Stoleru C.Boyapaty, S.Khurshid, D.Marinov.

1/23/2003University of Virginia1 Korat: Automated Testing Based on Java Predicates CS751 Presentation by Radu Stoleru C.Boyapaty, S.Khurshid, D.Marinov.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 8: Semi-automated test generation via UDITA.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 8: Semi-automated test generation via UDITA.

Similar presentations

Ads by Google