1. (50 pts) Concolic testing the sort function

Slides:

Advertisements

Similar presentations

A Survey of Approaches for Automated Unit Testing

Advertisements

PLDI’2005Page 1June 2005 Example (C code) int double(int x) { return 2 * x; } void test_me(int x, int y) { int z = double(x); if (z==y) { if (y == x+10)

Chapter 6 Structures By C. Shing ITEC Dept Radford University.

Analysis of Algorithms CS Data Structures Section 2.6.

Session 3 Algorithm. Algorithm Algorithm is a set of steps that are performed to solve a problem. The example below describes an algorithm Example Check.

Insertion sort, Merge sort COMP171 Fall Sorting I / Slide 2 Insertion sort 1) Initially p = 1 2) Let the first p elements be sorted. 3) Insert the.

Problem: Given an array of positive integers, find a pair of integers in the array that adds up to 10 (or indicate none exist). Your code should be as.

Instruction count for statements Methods Examples

CS 202, Spring 2003 Fundamental Structures of Computer Science II Bilkent University1 Sorting CS 202 – Fundamental Structures of Computer Science II Bilkent.

1 Software John Sum Institute of Technology Management National Chung Hsing University.

CS 1704 Introduction to Data Structures and Software Engineering.

Main Index Contents 11 Main Index Contents Week 3 – The Vector Container.

ICS 145B -- L. Bic1 Project: Main Memory Management Textbook: pages ICS 145B L. Bic.

HW6: Due Dec 8th 23:59 1.Describe test cases to reach full path coverage of the triangle program by completing the path condition table below. Also, draw.

Homework Assignment #4 J. H. Wang Dec. 3, 2007.

Software Model Checking Moonzoo Kim. Operational Semantics of Software A system execution  is a sequence of states s 0 s 1 … – A state has an environment.

Strings program. C Program to Check if a given String is Palindrome #include void main() { char string[25], reverse_string[25] = {'\0'}; int i, length.

Strings program. C Program to Check if a given String is Palindrome #include void main() { char string[25], reverse_string[25] = {'\0'}; int i, length.

C A RRAY Continue one dimensional array 1. Assume we have define this array: int hourlyTemp[ 24 ]; And we need to insert this array as parameter into.

Ex2. Tower of Hanio 1/11 Write down a C program to solve the Tower of Hanoi ga me (3 poles and 4 disks) by using CBMC – Hint: you may non-deterministically.

HW7: Due Dec 5th 23:59 1.Describe test cases to reach full path coverage of the triangle program by completing the path condition table below. Also, draw.

Int fact (int n) { If (n == 0) return 1; else return n * fact (n – 1); } 5 void main () { Int Sum; : Sum = fact (5); : } Factorial Program Using Recursion.

114 3/30/98 CSE 143 Collection ADTs [Chapter 4] /30/98 Collection ADTs  Many standard ADTs are for collections  Data structures that manage groups.

More Trees Java implementation of trees Tree traversal When should we use trees.

Array Sort. Sort Pass 1 Sort Pass 2 Sort Pass 3.

Testing It is much better to have a plan when testing your programs than it is to just randomly try values in a haphazard fashion. Testing Strategies:

Shadow Shadow of a Doubt: Testing for Divergences Between Software Versions Hristina PalikarevaTomasz KuchtaCristian Cadar ICSE’16, 20 th May 2016 This.

CSE 143 Lecture 1 Arrays (review) slides created by Marty Stepp

Math/CSE 1019C: Discrete Mathematics for Computer Science Fall 2012

School of Computer Science and Engineering

Queue data structure.

Array 9/8/2018.

Stack and Queue APURBO DATTA.

Testing Approaches.

Moonzoo Kim CS Dept. KAIST

Priority Queues Linked-list Insert Æ Æ head head

Basic Data Types Queues

Software Model Checking

Preconditions, Postconditions & Assertions

Software John Sum Institute of Technology Management

Key Difference between Manual Testing and Model Checking

HW#2: Due Oct 18 NOTE. Submit both hardcopy and softcopy.

PPT1: How failures come to be

Key Difference between Manual Testing and Model Checking

HW5: Due Dec 6 23:59 Show the equivalence of the following two circuits by using a SMT solver 1.1 Specify the left circuit in QF_UF 1.2 Specify the right.

Basic Examples Function Examples Limitation Examples

HW#5 1. Verify the max_heapify(int x[],int i,int h_size) by using CBMC

Depth-First Searches Introduction to AI.

Automatic Test Generation SymCrete

HW Verify the max_heapify(int x[],int i,int h_size) by using CBMC

Example (C code) int double(int x) { return 2 * x; }

CS150 Introduction to Computer Science 1

Basic Examples Function Examples Limitation Examples

Software Model Checking

CE 221 Data Structures and Algorithms

CUTE: A Concolic Unit Testing Engine for C

Key Difference between Manual Testing and Concolic/Symbolic Testing

CSE 1020:Software Development

1. Show the correctness of the following max() (50 pts)

HW#3: Due Nov 8 23:59 NOTE. Submit both hardcopy and softcopy.

COMS 261 Computer Science I

Testing grep.c (200 pts) For grep.c, generate 10,000 test cases through the (reverse) DFS search strategy. You are requested to modify grep.c to create.

HW4: Concolic testing Busybox expr (due Nov 30 23:59)

HW7: Due Dec 5th 23:59 Describe test cases to reach full path coverage of the triangle program by completing the path condition table below. Also, draw.

HW#7 Describe test cases to reach full path coverage of the triangle program by completing the path condition table below. Also, draw the complete execution.

Bubble Sort begin; int A[10]; main(){ int i,j; Do 10 i = 0, 9, 1

컴퓨터 프로그래밍 기초 - 13th : 마지막 수업 -

Presentation transcript:

1. (50 pts) Concolic testing the sort function Given C program of the sort function, write down asserts and environment model for concolic testing You have to use depth-first search (DFS) to generate test inputs to cover all possible execution paths To do list: Describe your environment model in detail Describe run-time parameters of CROWN Report concolic testing results Assert violation with a violation test input if any Fix the bug and explain how you fixed it Report concolic testing results on the fixed sort function # of test inputs generated and explain why CROWN generates that number of test inputs Time spent # of branches and branch coverage measured by gcov

#include<stdio.h> #include<assert.h> #define N 5 void sort(int *a, int a_size ) { int i,j, tmp; for(i=0; i<a_size-1; i++) for (j=i+1; j<a_size-1; j++) { if (a[i] > a[j]){ tmp = a[i]; a[i] = a[j]; a[j] = tmp; } void environment_setup(int *a, int a_size) { /* To fill out: Assign random *unique values* to a[], each of * which ranges from 1 to 99 */ int main(){ int data[N], i; environment_setup(data, N); printf("Input: "); for(i=0; i< N; i++) printf("%d,", data[i]); printf("\n"); sort(data, N); printf("Output: "); // Checking the sorted result for(i=0; i < N-1; i++) assert(data[i]<=data[i+1]); }

2. (50 pts) Concolic testing the circular queue of positive integers Given C program of the circular queue, convert asserts and environment model for concolic testing You have to use depth-first search (DFS) to generate test inputs to cover all possible execution paths To do list: Describe your assertion check routine in detail Describe your environment model in detail Describe run-time parameters of CROWN Report concolic testing results Assert violation with a violation test input if any # of test inputs generated Time spent # of branches and branch coverage measured by gcov

Circular Queue of Positive Integers #include<stdio.h> #define SIZE 12 #define EMPTY 0 // We assume that q[] is // empty if head==tail unsigned int q[SIZE],head,tail; void enqueue(unsigned int x) { q[tail]=x; tail=(++tail)%SIZE; } unsigned int dequeue() { unsigned int ret; ret = q[head]; q[head]=0; head= (++head)%SIZE; return ret;} Step 1) 1 2 3 4 5 6 7 8 9 10 11 15 6 9 8 4 head=6 tail=11 Step 2) 3 5 15 6 9 8 4 17 tail=2 head=6 Step 3) 3 5 6 9 8 4 17 tail=2 head=7

void enqueue_verify() { unsigned int x, old_head, old_tail; unsigned int old_q[SIZE], i; __CPROVER_assume(x>0); for(i=0; i < SIZE; i++) old_q[i]=q[i]; old_head=head; old_tail=tail; enqueue(x); assert(q[old_tail]==x); assert(tail== ((old_tail +1) % SIZE)); assert(head==old_head); for(i=0; i < old_tail; i++) assert(old_q[i]==q[i]); for(i=old_tail+1; i < SIZE; i++) assert(old_q[i]==q[i]); } void dequeue_verify() { unsigned int ret, old_head, old_tail; unsigned int old_q[SIZE], i; for(i=0; i < SIZE; i++) old_q[i]=q[i]; old_head=head; old_tail=tail; __CPROVER_assume(head!=tail); ret=dequeue(); assert(ret==old_q[old_head]); assert(q[old_head]== EMPTY); assert(head==(old_head+1)%SIZE); assert(tail==old_tail); for(i=0; i < old_head; i++) assert(old_q[i]==q[i]); for(i=old_head+1; i < SIZE; i++) assert(old_q[i]==q[i]);} int main() {// cbmc q.c –unwind SIZE+2 environment_setup(); enqueue_verify();} int main() {// cbmc q.c –unwind SIZE+2 environment_setup(); dequeue_verify();}

#include<stdio.h> #define SIZE 12 #define EMPTY 0 // Initial random queue setting following the script void environment_setup() { int i; for(i=0;i<SIZE;i++) { q[i]=EMPTY;} head=non_det(); __CPROVER_assume(0<= head && head < SIZE); tail=non_det(); __CPROVER_assume(0<= tail && tail < SIZE); if( head < tail) for(i=head; i < tail; i++) { q[i]=non_det(); __CPROVER_assume(0< q[i]); } else if(head > tail) { for(i=0; i < tail; i++) { for(i=head; i < SIZE; i++) { } // We assume that q[] is empty if head==tail #include<stdio.h> #define SIZE 12 #define EMPTY 0 unsigned int q[SIZE],head,tail; void enqueue(unsigned int x) { q[tail]=x; tail=(++tail)%SIZE; } unsigned int dequeue() { unsigned int ret; ret = q[head]; q[head]=0; head= (++head)%SIZE; return ret;