A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.

Slides:

Advertisements

Similar presentations

Lecture 2: testing Book: Chapter 9 What is testing? Testing is not showing that there are no errors in the program. Testing cannot show that the program.

Advertisements

Formal Methods and Testing Goal: software reliability Use software engineering methodologies to develop the code. Use formal methods during code development.

Automated Test Data Generation Maili Markvardt. Outline Introduction Test data generation problem Black-box approach White-box approach.

Verification and Validation

Semantics Static semantics Dynamic semantics attribute grammars

Mahadevan Subramaniam and Bo Guo University of Nebraska at Omaha An Approach for Selecting Tests with Provable Guarantees.

1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

ISBN Chapter 3 Describing Syntax and Semantics.

CS 355 – Programming Languages

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

1 Static Testing: defect prevention SIM objectives Able to list various type of structured group examinations (manual checking) Able to statically.

CS 330 Programming Languages 09 / 18 / 2007 Instructor: Michael Eckmann.

CS 330 Programming Languages 09 / 16 / 2008 Instructor: Michael Eckmann.

Describing Syntax and Semantics

© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.

Combining Temporal Logic Path Planning with Sampling based Path Planning Hadas Kress-Gazit.

Chapter 3 Planning Your Solution

The Program Design Phases

MCA –Software Engineering Kantipur City College. Topics include  Formal Methods Concept  Formal Specification Language Test plan creation Test-case.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 4: SMT-based Bounded Model Checking of Concurrent Software.

1CMSC 345, Version 4/04 Verification and Validation Reference: Software Engineering, Ian Sommerville, 6th edition, Chapter 19.

What Exactly are the Techniques of Software Verification and Validation A Storehouse of Vast Knowledge on Software Testing.

CS102 Introduction to Computer Programming

Software Testing Verification and validation planning Software inspections Software Inspection vs. Testing Automated static analysis Cleanroom software.

Reverse Engineering State Machines by Interactive Grammar Inference Neil Walkinshaw, Kirill Bogdanov, Mike Holcombe, Sarah Salahuddin.

Verification and Validation Yonsei University 2 nd Semester, 2014 Sanghyun Park.

Applying the Inspection Process. What Software Artifacts Are Candidates for Inspection? Software Requirements Software Designs Code Test Plans.

CMSC 345 Fall 2000 Unit Testing. The testing process.

Topics Covered: Software requirement specification(SRS) Software requirement specification(SRS) Authors of SRS Authors of SRS Need of SRS Need of SRS.

Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.

Array Dependence Analysis COMP 621 Special Topics By Nurudeen Lameed

Programming Concepts Chapter 3.

© 2011 Pearson Addison-Wesley. All rights reserved. Addison Wesley is an imprint of Stewart Venit ~ Elizabeth Drake Developing a Program.

ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.

Introduction to Software Testing. Types of Software Testing Unit Testing Strategies – Equivalence Class Testing – Boundary Value Testing – Output Testing.

CS 363 Comparative Programming Languages Semantics.

Testing Testing Techniques to Design Tests. Testing:Example Problem: Find a mode and its frequency given an ordered list (array) of with one or more integer.

Test Drivers and Stubs More Unit Testing Test Drivers and Stubs CEN 5076 Class 11 – 11/14.

Unit Testing 101 Black Box v. White Box. Definition of V&V Verification - is the product correct Validation - is it the correct product.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Software Verification, Validation and Testing.

A Review of Software Testing - P David Coward Reprinted: Information and Software Technology; Vol. 30, No. 3 April 1988 Software Engineering: The Development.

3.2 Semantics. 2 Semantics Attribute Grammars The Meanings of Programs: Semantics Sebesta Chapter 3.

ISBN Chapter 3 Describing Semantics.

Chapter 3 Part II Describing Syntax and Semantics.

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke Presented by: Xia Cheng.

Verification & Validation By: Amir Masoud Gharehbaghi

Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015Information Security, CS 5261.

SOFTWARE TESTING. Introduction Software Testing is the process of executing a program or system with the intent of finding errors. It involves any activity.

Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.

1 Contractual Consistency Between BON Static and Dynamic Diagrams Ali Taleghani July 30, 2004.

System To Generate Test Data: The Analysis Program Syed Nabeel.

Error Explanation with Distance Metrics Authors: Alex Groce, Sagar Chaki, Daniel Kroening, and Ofer Strichman International Journal on Software Tools for.

1 Phase Testing. Janice Regan, For each group of units Overview of Implementation phase Create Class Skeletons Define Implementation Plan (+ determine.

VERIFICATION AND VALIDATION TECHNIQUES. The goals of verification and validation activities are to assess and improve the quality of the work products.

Software Testing Sudipto Ghosh CS 406 Fall 99 November 23, 1999.

Week # 4 Quality Assurance Software Quality Engineering 1.

SOFTWARE TESTING LECTURE 9. OBSERVATIONS ABOUT TESTING “ Testing is the process of executing a program with the intention of finding errors. ” – Myers.

SOFTWARE TESTING AND QUALITY ASSURANCE. Software Testing.

1 Software Testing. 2 What is Software Testing ? Testing is a verification and validation activity that is performed by executing program code.

On the Relation Between Simulation-based and SAT-based Diagnosis CMPE 58Q Giray Kömürcü Boğaziçi University.

A Review of Software Testing - P. David Coward

Software Testing.

CS5123 Software Validation and Quality Assurance

Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.

Software Verification and Validation

Software Verification and Validation

Software Verification and Validation

CSE 1020:Software Development

Presentation transcript:

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976

Existing Approach Programmer manually generates test data and tests until satisfied that program is correct Proposed alternative methods: Program correctness: formal mathematical proofs used to prove a program is correct Program validation: encompasses wide range of automated tools that analyze and evaluate programs

Existing Approach - Problems Success depends on programmer's expertise and system complexity What criteria do we use to generate tests? Approach inadequate and costly Program correctness: Frequent human intervention required Complex and tedious, infeasible for large systems Program validation Aids in testing, but does not guarantee program is correct

Goals of Proposed System Generate test data that drives execution down a specific path – tester specifies which path Detect non-executable program paths Create a symbolic representation of the program's output variables Detect certain types of program errors

System Overview

System Phases

Phase 1: Preprocessor Uses DAVE (Osterweil and Fosdick), without its sophisticated features

Control Flow Graph

Control Path One way of “going” from one point to another – a path that the Control could take There could be several

Execution Path A control path that can be executed

Phase 2: Symbolic Execution

Path Selection Two methods: Static – designed to accept automatically generated paths Interactive – designed to aid a human user in selecting a path

Symbolic Execution Example Expressions, not values, are assigned. Input Fragment: READ(UNIT) B, C, D A = B + C * D C = A * WRITE C How is it done? B = I1, C = I2, D = I3 A = I1 + I2 * I3 C = ( (I1+I2)*I3 )*3+5 Symbolic Outputs

Why Symbolic Execution? Creates a human-readable symbolic representation Facilitates error-detection Aids in assertion generation Produces path constraints used in test generation

Finding Constraints with Symbolic Execution J = I1, K = I2 J becomes I1 + 1 For control to go through path 1-5, 7, 9: I1 + 1 <= I2 [J becomes I2-(I1+1)] I2-(I1+1) > -1

Finding Constraints with Symbolic Execution J = I1, K = I2 J becomes I1 + 1 For control to go through path 1-5, 7, 9: I1 + 1 <= I2 [J becomes I2-(I1+1)] I2-(I1+1) > -1 These are the Constraints

Error Checking Artificial constraints are created to aid in finding some types of errors For instance, array bounds checking When element X(i) of a 100-element array is referenced, constraints S(i) 100 are created If these constraints are consistent with the existing ones, we have a problem

End: Phase 2: Symbolic Execution Generate Symbolic Representation, Detect some types of errors

Phase 3: Inequality Solver Generate Symbolic Representation, Detect some types of errors

How the Inequality Solver works Constraints from previous phase For example, I Finds values that satisfy the constraints, using linear programming algorithm (Glover)‏ These sets of values are our test data

How the Inequality Solver works Constraints to be satisfied: I1 + 1 <= I2 I2 – (I1 + 1) > -1 Possible to find values? Yes – 0 and 1, for instance. So, constraints are consistent. So, control path 1-5, 7, 9 executable for values that satisfy constraints.

How the Inequality Solver works Constraints to be satisfied: I1 + 1 > I2 I I2 <= -1 Possible to find values? Constraints are inconsistent. So, control path 1-3, 6-9 non-executable for any values of J and K.

End: Phase 3: Inequality Solver Generate Symbolic Representation, Detect some types of errors Generate Test Data, Find Non-executable Paths

Limitations System requires each path to be completely specified Path constraints must be linear Input and output statements are ignored

Related Work DAVE (Osterweil, Fosdick) – analyzes data flow and finds data flow anomalies between subprograms PET (Stucki) – maintains relevant information (execution count, min and max values) about statements ACES (Ramamoorthy et al.) - detects unreliable program constructs EFFIGY (King) – represents a path's computations by symbolically executing a path SELECT (Stanford Research Institute) – attempts to generate test data and verify assertions for program inputs