Korat Automated Testing Based on Java Predicates Chandrasekhar Boyapati, Sarfraz Khurshid, Darko Marinov MIT ISSTA 2002 Rome, Italy.

Slides:

Advertisements

Similar presentations

Chapter 22 Implementing lists: linked implementations.

Advertisements

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Chapter 7. Binary Search Trees

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 7.

This research is funded in part the U. S. National Science Foundation grant CCR DEET for Component-Based Software Murali Sitaraman, Durga P. Gandi.

Data Structures ADT List

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 6 Disclaimer. These notes are derived from notes originally.

CSE331: Introduction to Networks and Security Lecture 30 Fall 2002.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

JMLAutoTest and Its Double- phase Testing Way Guoqing Xu Com Sci., East China Normal Univ. Shanghai , PRC FATES 2003, Montreal, Canada, Oct.6th 2003.

Dept. of Computer Science A Runtime Assertion Checker for the Java Modeling Language (JML) Yoonsik Cheon and Gary T. Leavens SERP 2002, June 24-27, 2002.

272: Software Engineering Fall 2008 Instructor: Tevfik Bultan Lecture 10: Testing, Automated Testing.

1 Today Another approach to “coverage” Cover “everything” – within a well-defined, feasible limit Bounded Exhaustive Testing.

Efficient Software Model Checking of Soundness of Type Systems Michael Roberson, Melanie Harries, Paul T. Darga, Chandrasekhar Boyapati University of Michigan.

Efficient Software Model Checking of Data Structure Properties Paul T. Darga Chandrasekhar Boyapati The University of Michigan.

Efficient Modular Glass Box Software Model Checking Michael Roberson Chandrasekhar Boyapati The University of Michigan.

1/23/2003University of Virginia1 Korat: Automated Testing Based on Java Predicates CS751 Presentation by Radu Stoleru C.Boyapaty, S.Khurshid, D.Marinov.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 8: Semi-automated test generation via UDITA.

Korat: Automated Testing Based on Java Predicates Chandrasekhar Boyapati 1, Sarfraz Khurshid 2, and Darko Marinov 3 1 University of Michigan Ann Arbor.

Chandrasekhar Boyapati (Google) Sarfraz Khurshid (University of Texas)

Korat: Automated Testing Based on Java Predicates

CM0551 Exam Prep. What are an algorithm’s time and space complexity? (2 marks) Answer: The growth rate of the algorithm’s time requirement and the computer.

Building Java Programs Binary Search Trees; TreeSet.

CSE 143 Lecture 20 Binary Search Trees continued; Tree Sets read slides created by Marty Stepp and Hélène Martin

Java Pathfinder JPF Tutorial - Test Input Generation With Java Pathfinder.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 6: Exhaustive Bounded Testing and Feedback-Directed Random Testing.

A Novel Approach to Unit Test: The Aspect-Oriented Way Guoqing Xu and Zongyuan Yang Software Engineering Lab (SEL) East China Normal University

A Binary Search Tree Binary Search Trees.

Extended Static Checking for Java  ESC/Java finds common errors in Java programs: null dereferences, array index bounds errors, type cast errors, race.

Today’s Agenda  Quick Review  Continue on JML Formal Methods in Software Engineering1.

A Survey on Java Modeling Languages Gergely Kovásznai,Eszterházy Károly College Wolfgang Schreiner,Johannes Kepler University Gábor Kusper,Eszterházy Károly.

Detecting Group Differences: Mining Contrast Sets Author: Stephen D. Bay Advisor: Dr. Hsu Graduate: Yan-Cheng Lin.

(c) University of Washington15-1 CSC 143 Java List Implementation via Arrays Reading: 13.

18-1 Queues Data Structures and Design with Java and JUnit © Rick Mercer.

Symbolic Execution with Abstract Subsumption Checking Saswat Anand College of Computing, Georgia Institute of Technology Corina Păsăreanu QSS, NASA Ames.

“Never doubt that a small group of thoughtful, committed people can change the world. Indeed, it is the only thing that ever has.” – Margaret Meade Thought.

JAOUT: Automated Generation of Aspect Oriented Unit Test Guoqing Xu, Z. Yang, H. Huang, Q. Chen, L. Chen and F. Xu Software Engineering Lab (SEL) East.

Automated Test Generation CS Outline Previously: Random testing (Fuzzing) – Security, mobile apps, concurrency Systematic testing: Korat – Linked.

Combining Static and Dynamic Reasoning for Bug Detection Yannis Smaragdakis and Christoph Csallner Elnatan Reisner – April 17, 2008.

( = “unknown yet”) Our novel symbolic execution framework: - extends model checking to programs that have complex inputs with unbounded (very large) data.

Lecture 9 Binary Trees Trees General Definition Terminology

3-1 Java's Collection Framework Another use of polymorphism and interfaces Rick Mercer.

Symstra: A Framework for Generating Object-Oriented Unit Tests using Symbolic Execution Tao Xie, Darko Marinov, Wolfram Schulte, and David Notkin University.

Week 15 – Monday.  What did we talk about last time?  Tries.

Automated Object’s Statechart Generation and Testing from Class-Method Contracts Atul Gupta PhD Scholar, IIT Kapur, India.

CSE 143 Lecture 20 Binary Search Trees continued; Tree Sets

Recursive Definition of Tree Structures

Recursive Objects (Part 4)

Queues Rem Collier Room A1.02

Week 15 – Monday CS221.

Binary Search one reason that we care about sorting is that it is much faster to search a sorted list compared to sorting an unsorted list the classic.

A Test Case + Mock Class Generator for Coding Against Interfaces

Eclat: Automatic Generation and Classification of Test Inputs

Depict the Tree Structure in a picture

Building Java Programs

Dynamic Symbolic Data Structure Repair

Binary Search Tree AVL Tree

Programming Languages 2nd edition Tucker and Noonan

CSE 373: Data Structures and Algorithms

Binary Trees CS-2851 Dr. Mark L. Hornick.

Binary Search Trees continued; Tree Sets

CSE 373 Data Structures and Algorithms

50.530: Software Engineering

CSC 143 Java Trees.

Java Modeling Language (JML)

Symbolic Execution and Test-input Generation

Building Java Programs

Programming Languages 2nd edition Tucker and Noonan

Presentation transcript:

Korat Automated Testing Based on Java Predicates Chandrasekhar Boyapati, Sarfraz Khurshid, Darko Marinov MIT ISSTA 2002 Rome, Italy

23 July 2002Korat, ISSTA motivation test (full) conformance of Java code generate test inputs automatically evaluate correctness automatically check exhaustively (up to given input size) discover bugs generate concrete counterexamples do not generate false alarms do not require a different specification language

23 July 2002Korat, ISSTA Korat automates specification-based testing uses Java Modeling Language (JML) specifications generates test inputs using precondition builds a Java predicate uses finitization (that defines input space) systematically explores input space prunes input space using field accesses provides isomorph-free generation checks correctness using postcondition JML/JUnit toolset generates complex structures Java Collections Framework (JCF)

23 July 2002Korat, ISSTA talk outline motivation example test input generation checking correctness experiments conclusions

23 July 2002Korat, ISSTA binary tree class BinaryTree { Node root; int size; static class Node { Node left; Node right; } void remove(Node n) {... } } invariant// class invariant for BinaryTree repOk(); normal_behavior// specification for requires has(n);// ensures !has(n);//

23 July 2002Korat, ISSTA binary tree (class invariant) boolean repOk() { if (root == null) return size == 0; // empty tree has size 0 Set visited = new HashSet(); visited.add(root); List workList = new LinkedList(); workList.add(root); while (!workList.isEmpty()) { Node current = (Node)workList.removeFirst(); if (current.left != null) { if (!visited.add(current.left)) return false; // acyclicity workList.add(current.left); } if (current.right != null) { if (!visited.add(current.right)) return false; // acyclicity workList.add(current.right); } if (visited.size() != size) return false; // consistency of size return true; }

23 July 2002Korat, ISSTA binary tree (Korat’s generation) Korat generates a finitization 3 nodes 7 nodes Korat generates 429 trees in less than 1 sec 2 45 candidate structures N0 N1 N2 left N0 N1 N2 right N0 N1 N2 left right N0 N1 N2 left right N0 N1N2 leftright

23 July 2002Korat, ISSTA talk outline motivation example test input generation checking correctness experiments conclusions

23 July 2002Korat, ISSTA test input generation given predicate p and finitization f, Korat generates all inputs for which p returns “true” finitization state space search nonisomorphism instrumentation generating test inputs

23 July 2002Korat, ISSTA finitization set of bounds that limits the size of inputs specifies number of objects for each class class domain set of objects from a class eg, for class “Node”: { N0, N1, N2 } field domain set of values a field can take union of some class domains eg, for field “left”: { null, N0, N1, N2 } Korat automatically generates a skeleton programmers can specialize/generalize it

23 July 2002Korat, ISSTA finitization (binary tree) Korat generates Finitization finBinaryTree(int n, int min, int max) { Finitization f = new Finitization(BinaryTree.class); ObjSet nodes = f.createObjects(“Node”, n); // #Node = n nodes.add(null); f.set(“root”, nodes); // root in null + Node f.set(“size”, new IntSet(min, max)); // min <= size <= max f.set(“Node.left”, nodes); // Node.left in null + Node f.set(“Node.right”, nodes); // Node.right in null + Node return f; } a specialization Finitization finBinaryTree(int n) { return finBinaryTree(n, n, n); } finBinaryTree(3) generates trees with 3 nodes

23 July 2002Korat, ISSTA state space given a finitization, Korat allocates given number of objects constructs a vector of object fields fields of objects have unique indexes in the vector a valuation of the vector is a candidate input state space is all possible valuations

23 July 2002Korat, ISSTA state space (binary tree) for finBinaryTree(3) 1 BinaryTree object, 3 Node objects vector has 8 fields BinaryTreeN0N1N2 root sizeleftrightleft right left right state space has 4 * 1 * (4 * 4) 3 = 2 14 candidates for finBinaryTree(n) state space has (n + 1) 2n+1 candidates

23 July 2002Korat, ISSTA search Korat orders elements in class/field domains candidate is a vector of field domain indices for each candidate vector (initially 0), Korat creates corresponding structure invokes repOk and monitors the execution builds field ordering, ie, list of fields ordered by time of first access if repOk returns “true”, outputs structure(s) if repOk returns “false”, backtracks on the last field accessed using field ordering

23 July 2002Korat, ISSTA search (binary tree [1]) class domain for “Node”: [ N0, N1, N2 ] field domain “root”, “left”, “right”: [ null, N0, N1, N2 ] “size”: [ 3 ] candidate [ N0, 3, N1, N1, null, null, null, null ] encodes repOk returns “false”; field ordering: [ 0, 2, 3 ] or [ root, N0.left, N0.right ] N0 N1N2 left right

23 July 2002Korat, ISSTA search (binary tree [2]) backtracking on N0.right gives next candidate [ N0, 3, N1, N2, null, null, null, null ] prunes from search all 4 4 candidates of the form [ N0, _, N1, N1, _, _, _, _ ] completeness: guaranteed because repOk returned “false” without accessing the other fields N0 N1N2 left right

23 July 2002Korat, ISSTA nonisomorphism candidates C and C’ rooted at r are isomorphic  .  o, o’  O C,r.  f  fields(o).  p  P. o.f == o’ in C  (o).f ==  (o’) in C’ and o.f == p in C  (o).f == p in C’ Korat generates only the lexicographically smallest candidate from each partition increments field domain indices by more than 1, eg. resetting to 0 before hitting max optimality: Korat generates exactly one structure from each partition

23 July 2002Korat, ISSTA instrumentation to monitor repOk’s executions and build field ordering, Korat uses observer pattern performs source to source translation replaces field accesses with get and set methods to notify observer adds special constructors initializes all objects in finitization with an observer

23 July 2002Korat, ISSTA generating test inputs (1) to generate test inputs for method m, Korat builds a class that represents m’s inputs builds repOk that checks m’s precondition generates all inputs i s.t. “i.repOk()” class BinaryTree { invariant repOk();... requires has(n); void remove(Node n) {... } } recall “remove” method for “BinaryTree” class BinaryTree_remove { invariant repOk(); BinaryTree This; BinaryTree.Node n; boolean repOk() { return This.repOk() && This.has(n); }

23 July 2002Korat, ISSTA generating test inputs (2) an alternative approach [JML+JUnit] (manually) compute all possibilities for each parameter take cross product to get space of inputs filter using precondition Korat improves on this by monitoring repOk executions and breaking isomorphisms

23 July 2002Korat, ISSTA talk outline motivation example test input generation checking correctness experiments conclusions

23 July 2002Korat, ISSTA checking correctness to test method m, Korat invokes m on each test input and checks each output with a test oracle current Korat implementation uses JML toolset for generating oracles JUnit for executing test and error reporting testing framework KoratJML+JUnitJUnittesting activity running tests generating test oracles generating test inputs

23 July 2002Korat, ISSTA talk outline motivation example test input generation checking correctness experiments conclusions

23 July 2002Korat, ISSTA performance (generation) benchmarksizestructures generated time (sec) state space java.util.LinkedList java.util.TreeMap java.util.HashSet AVTree (INS) BinaryTree HeapArray

23 July 2002Korat, ISSTA performance (checking) benchmarkmethodsizetest inputs generated gen time test time BinaryTree HeapArray LinkedList TreeMap HashSet AVTree remove extractMax reverse put add lookup methods checked for all inputs up to given size complete statement coverage achieved for these inputs

23 July 2002Korat, ISSTA talk outline motivation example test input generation checking correctness experiments conclusions

23 July 2002Korat, ISSTA related work specification-based testing using Z specifications [Horcher’95] using UML statecharts [Offutt & Abdurazik’99] TestEra [Marinov & Khurshid’01] JML+JUnit [Cheon & Leavens’01] static analysis ESC [Detlefs et al’98] TVLA [Sagiv et al’98] Roles [Kuncak et al’02] software model checking VeriSoft [Godefroid’97] JPF [Visser et al’00]

23 July 2002Korat, ISSTA conclusions Korat automates specification-based testing uses method precondition to generate all nonisomorphic test inputs prunes search space using field accesses invokes the method on each input and uses method postcondition as a test oracle Korat prototype uses JML specifications Korat efficiently generates complex data structures including some from JCF