Presentation is loading. Please wait.

Presentation is loading. Please wait.

Course Outline Traditional Static Program Analysis –Theory –Classic analysis and applications Points-to analysis, CHA, RTA –The Soot analysis framework.

Published byArthur Craig Modified over 8 years ago

Similar presentations

Presentation on theme: "Course Outline Traditional Static Program Analysis –Theory –Classic analysis and applications Points-to analysis, CHA, RTA –The Soot analysis framework."— Presentation transcript:

1 Course Outline Traditional Static Program Analysis –Theory –Classic analysis and applications Points-to analysis, CHA, RTA –The Soot analysis framework Software Testing –Fundamentals of software testing –Testing of object-oriented software –Testing frameworks and tools: JUnit

2 Announcements Project –Phase 1 –Problems? Take-home midterm –Collaboration is not allowed –Due Monday, March 28 th

3 Outline Fundamentals of Software Testing –Testing techniques White-box testing –Control-flow-based testing –Data-flow-based testing Black-box testing –Equivalence partitioning

4 Motivation People are not perfect –We make errors in design and code Goal of testing: given some code, uncover as many errors as possible Important and expensive activity: –May spend 30-40% of total project effort on testing –For safety critical system cost of testing is several times higher than all other activities combined

5 A Way of Thinking Design and coding are creative activities Testing is destructive –The primary goal is to “ break ” the code Often same person does both coding and testing –Need “ split personality ” : when you start testing, become paranoid and malicious –This is surprisingly difficult: people don ’ t like to find out that they made mistakes.

6 Testing Objective Testing: a process of executing software with the intent of finding errors Good testing: a high probability of finding as-yet-undiscovered errors Successful testing: discovers unknown errors

7 Basic Definitions Test case: specifies –Inputs + pre-test state of the software –Expected results (outputs an state) Black-box testing: ignores the internal logic of the software, and looks at what happens at the interface (e.g., given this inputs, was the produced output correct?) White-box testing: uses knowledge of the internal structure of the software –E.g., write tests to “ cover ” internal paths

8 Testing Approaches Will look at a sample of approaches for testing White-box testing –Control-flow-based testing –Data-flow-based testing Black-box testing –Equivalence partitioning

9 Control-flow-based Testing A traditional form of white-box testing Step 1: From the source, extract a CFG Step 2: Design test cases to cover certain elements of this graph –Nodes, edges, paths Basic idea: given the CFG, define a coverage target and write test cases to achieve it

10 Statement Coverage Traditional target: statement coverage –Need to write test cases that cover all nodes in the control flow graph Intuition: code that has never been executed during testing may contain errors –Often this is the “ low-probability ” code

11 Example Suppose that we write and execute two test cases Test case #1: follows path 1- 2-exit (e.g., we never take the loop) Test case #2: 1-2-3-4-5-7-8- 2-3-4-5-7-8-2-exit (loop twice, and both times take the true branch) Problems? 1 2 3 4 5 6 7 8 TF

12 Branch Coverage Target: write test cases that cover all branches of predicate nodes –True and false branches of each IF –The two branches corresponding to the condition of a loop –All alternatives in a SWITCH statement In modern languages, branch coverage implies statement coverage

13 Branch Coverage Statement coverage does not imply branch coverage Can you think of an example? Motivation for branch coverage: experience shows that many errors occur in “ decision making ” (i.e., branching) –Plus, it subsumes statement coverage.

14 Example Same example as before Test case #1: follows path 1- 2-exit Test case #2: 1-2-3-4-5-7-8- 2-3-4-5-7-8-2-exit Problem? 1 2 3 4 5 6 7 8 TF

15 Achieving Branch Coverage For decades, branch coverage has been considered a necessary testing minimum To achieve it: pick a set of start-to-end paths in the CFG, that cover all branches –Consider the current set of chosen paths –Try to add a new path that covers at least one edge that is not covered by the current paths Then write test cases to execute these paths

16 Some Observations It may be impossible to execute some of the chosen paths from start-to-end –Why? Can you think of an example? –Thus, branches should be executed as part of other chosen paths There are many possible sets of paths that achieve branch coverage

17 Example if x ≤ y x=y T F if x == y z=1 z=0 F T Candidate start-to-end paths: (1) green path (2) red path % branch coverage? Problem?

18 Data-flow-based Testing Basic idea: test the connections between variable definitions (“write”) and variable uses (“read”) Starting point: variation of the control flow graph –Statement nodes represent one statement Set Def(n) contains variables that are defined at node n (i.e., they are written) –The definitions at node n Set Use(n): variables that are read –The uses at node n

19 Example Assume y is an input variable 1 s:= 0; 2 x:= 0; 3 while (x<y) { 4 x:=x+3; 5 y:=y+2; 6 if (x+y<10) 7 s:=s+x+y; else 8 s:=s+x-y; Def(1) := {s}, Use(1) := Def(2) := {x}, Use(2) := Def(3) :=, Use(3) := {x,y} Def(4) := {x}, Use(4) := {x} Def(5) := {y}, Use(5) := {y} Def(6) :=, Use(6) := {x,y} Def(7) := {s}, Use(7) := {s,x,y} Def(8) := {s}, Use(8) := {s,x,y} Def(9) :=, Use(9) := Def(10) :=, Use(10) := 1 2 3 4 5 6 78 9 10

20 Remember Reaching Definitions Definition A statement that may change the value of a variable (e.g., x = i+5 ) A definition of a variable x at node k reaches node n if there is a path from k to n, clear of a definition of x. k n x = … … = x x = …

21 Def-use Pairs A def-use pair (DU pair) for variable x is a pair of nodes (n1,n2) such that –x is in Def(n1) –The definition of x at n1 reaches n2 –x is in Use(n2) In other words, the value that is assigned to x at n1 is used at n2 –Since the definition reaches n2, the value is not “killed” along some path n1...n2.

22 Examples of Reaching Definitions Assume y is an input variable 1 s:= 0; 2 x:= 0; 3 while (x<y) { 4 x:=x+3; 5 y:=y+2; 6 if (x+y<10) 7 s:=s+x+y; else 8 s:=s+x-y; 1 2 3 4 5 6 78 9 10 What are the def-use pairs for s ? What are the def-use pairs for x ? So, how do we compute def-use pairs?

23 Data-flow-based Testing Data-flow-based coverage target: DU pair coverage –Compute all DU pairs, and construct test cases that cover these pairs. HOW DO WE COMPUTE DU PAIRS? Several coverage targets (criteria), with different relative strength Motivation for data-flow-based testing coverage: see the effects of using the values produced by computations –Focuses on the data, while control-flow-based testing focuses on the control

24 Finally, the targets (criteria): All-defs criterion If variable x is in Def(n1), the all-defs criterion requires the test data to exercise at least one path free of definition of x which goes from n1 to some node n2 such that (n1,n2) is a DU pair for x. –Remember, x is defined at n1, –The definition of x at n1 reaches n2, and –x is used at n2

25 All-uses criterion If variable x is in Def(n1), the all-uses criterion requires the test data to exercise at least one path free of definition of x which goes from n1 to each node n2 such that (n1,n2) is a DU pair for x.

26 All-DU-paths criterion If variable x is in Def(n1), the all-DU-paths criterion requires the test data to exercise each path free of definition of x which goes from n1 to each node n2 such that (n1,n2) is a DU pair for x. So what is the relative strength of the three criteria: All-defs, All-uses, All-DU-paths?

27 All-defs, all-uses, all-du-paths Assume y is input 1 s:= 0; 2 x:= 0; 3 while (x<y) { 4 x:=x+3; 5 y:=y+2; 6 if (x+y<10) 7 s:=s+x+y; else 8 s:=s+x-y; } 1.Design test cases that cover all-uses

28

29 Black-box Testing Unlike white-box testing, no knowledge about the internals of the code Test cases are designed based on specifications –Example: search for a value in an array Postcondition: return value is the index of some occurrence of the value, or -1 if the value does not occur in the array We design test cases based on this spec

30 Equivalence Partitioning Basic idea: consider input/output domains and partition them into equiv. classes –For different values from the same class, the software should behave equivalently Use test values from each class –Example: if the range for input x is 2..5, there are three classes: “<2”, “between 2..5”, “5<” –Testing with values from different classes is more likely to uncover errors than testing with values from the same class

31 Equivalence Classes Examples of equivalence classes –Input x in a certain range [a..b]: this defines three classes “x<a”, “a<=x<=b”, “b<x” –Input x is boolean: classes “true” and “false” –Some classes may represent invalid input Choosing test values –Choose a typical value in the middle of the class(es) that represent valid input –Also choose values at the boundaries of all classes: e.g., if the range is [a..b], use a-1,a, a+1, b-1,b,b+1

32 Example Suppose our spec says that the code accepts between 4 and 24 inputs, and each one is a 3-digit positive integer One dimension: partition the number of inputs –Classes are “x<4”, “4<=x<=24”, “24<x” –Chosen values: 3,4,5, 14, 23,24,25 Another dimension: partition the integer values –Classes are “x<100”, “100<=x<=999”, “999<x” –Chosen values: 99,100,101, 500, 998,999,1000

33 Another Example Similar approach can be used for the output: exercise boundary values Suppose that the spec says “the output is between 3 and 6 integers, each one in the range 1000-2500 Try to design input that produces –3 outputs with value 1000 –3 outputs with value 2500 –6 outputs with value 1000 –6 outputs with value 2500

34 Example: Searching Search for a value in an array –Return value is the index of some occurrence of the value, or -1 if the value does not occur in the array One partition: size of the array –Since people often make errors for arrays of size 1, we decide to create a separate equivalence class –Classes are “empty arrays”, array with one element”, “array with many elements”

35 Example: Searching Another partition: location of the value –Four classes: “first element”, “last element”, “middle element”, “not found” ArrayValueOutput Empty 5 -1 [7] 7 0 [7] 2 -1 [1,6,4,7,2] 1 0 [1,6,4,7,2] 4 2 [1,6,4,7,2] 2 4 [1,6,4,7,2] 3 -1

36 Testing Strategies We talked about testing techniques (white-box, black-box) Many unanswered questions –E.g., who does the testing? Which techniques should we use and when? And more… There are no universal strategies, just principles that have been useful in practice –E.g., the notions of unit testing and integration testing

37 Some Basic Principles Testing starts at the component level and works “outwards” –Unit testing, integration testing, system testing Different testing techniques are appropriate at different scopes Testing is conducted by developers and/or by a specialized group of testers Testing is different from debugging –Debugging follows successful testing

38 Scope and Focus Unit testing: scope = individual component –Focus: component correctness –Black-box and white-box techniques Integration testing: scope = set of interacting components –Focus: correctness of component interactions –Mostly black-box, some white-box techniques System testing: scope = entire system –Focus: overall system correctness –Only black-box techniques

39 Test-First Programming Modern practices emphasize the importance of testing during development Example: test-first programming –Basic idea: before you start writing any code, first write the tests for this code –Write a little test code, write the corresponding unit code, make sure it passes the tests, and then repeat –What programming methodology uses this approach? –What are the advantages of test-first programming?

40 Advantages of Test-First Programming Developers do not “skip” unit testing Satisfying for the programmer: feeling of accomplishment when the tests pass Helps clarify interface and behavior before programming –To write tests for something, first you need to understand it well! Software evolution –After changing existing code, rerun the tests to gain confidence (regression testing)

Download ppt "Course Outline Traditional Static Program Analysis –Theory –Classic analysis and applications Points-to analysis, CHA, RTA –The Soot analysis framework."

Similar presentations

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.
CMSC 345, Version 11/07 SD Vick from S. Mitchell Software Testing.

CMSC 345, Version 11/07 SD Vick from S. Mitchell Software Testing.
Unit Testing CSSE 376, Software Quality Assurance Rose-Hulman Institute of Technology March 27, 2007.

Unit Testing CSSE 376, Software Quality Assurance Rose-Hulman Institute of Technology March 27, 2007.
Testing, cont. Based on material by Michael Ernst, University of Washington.

Testing, cont. Based on material by Michael Ernst, University of Washington.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Software Testing and Quality Assurance

Software Testing and Quality Assurance
Testing an individual module

Testing an individual module
Software Testing. “Software and Cathedrals are much the same: First we build them, then we pray!!!” -Sam Redwine, Jr.

Software Testing. “Software and Cathedrals are much the same: First we build them, then we pray!!!” -Sam Redwine, Jr.
Chapter 18 Testing Conventional Applications

Chapter 18 Testing Conventional Applications
1 These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 5/e and are provided with permission by.

1 These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 5/e and are provided with permission by.
1 Software Testing and Quality Assurance Lecture 5 - Software Testing Techniques.

1 Software Testing and Quality Assurance Lecture 5 - Software Testing Techniques.
Handouts Software Testing and Quality Assurance Theory and Practice Chapter 5 Data Flow Testing ------------------------------------------------------------------

Handouts Software Testing and Quality Assurance Theory and Practice Chapter 5 Data Flow Testing
Software Testing and QA Theory and Practice (Chapter 4: Control Flow Testing) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory and Practice.

Software Testing and QA Theory and Practice (Chapter 4: Control Flow Testing) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory and Practice.
1 Software Testing Techniques CIS 375 Bruce R. Maxim UM-Dearborn.

1 Software Testing Techniques CIS 375 Bruce R. Maxim UM-Dearborn.
Software Testing.

Software Testing.
Product Quality?.

Product Quality?.
Software Testing Sudipto Ghosh CS 406 Fall 99 November 9, 1999.

Software Testing Sudipto Ghosh CS 406 Fall 99 November 9, 1999.
Software Systems Verification and Validation Laboratory Assignment 3

Software Systems Verification and Validation Laboratory Assignment 3
System/Software Testing

System/Software Testing

Similar presentations

Ads by Google