(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 1 Finite Models.

Slides:



Advertisements
Similar presentations
The Line Class Suppose you are involved in the development of a large mathematical application, and this application needs an object to represent a Line.
Advertisements

Coverage Criteria Drawn mostly from Ammann&Offutt and Pezze&Yooung.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Control Flow Analysis. Construct representations for the structure of flow-of-control of programs Control flow graphs represent the structure of flow-of-control.
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
(c) 2007 Mauro Pezzè & Michal Young Ch 6, slide 1 Dependence and Data Flow Models.
(c) 2007 Mauro Pezzè & Michal Young Ch 13, slide 1 Data flow testing.
(c) 2007 Mauro Pezzè & Michal Young Ch 7, slide 1 Symbolic Execution and Proof of Properties.
Interprocedural analysis © Marcelo d’Amorim 2010.
1 Static Testing: defect prevention SIM objectives Able to list various type of structured group examinations (manual checking) Able to statically.
Program Representations Xiangyu Zhang. CS590F Software Reliability Why Program Representations  Initial representations Source code (across languages).
Background on Testing and Maintenance CISC 879 Fall 2008.
Program analysis Mooly Sagiv html://
1 CS 201 Compiler Construction Lecture 1 Introduction.
Code Generation for Basic Blocks Introduction Mooly Sagiv html:// Chapter
(c) 2007 Mauro Pezzè & Michal Young Ch 12, slide 1 Structural Testing.
(c) 2007 Mauro Pezzè & Michal Young Ch 24, slide 1 Documenting Analysis and Test.
Overview of program analysis Mooly Sagiv html://
UML Sequence Diagrams Eileen Kraemer CSE 335 Michigan State University.
(c) 2007 Mauro Pezzè & Michal Young Ch 3, slide 1 Basic Principles.
Overview of program analysis Mooly Sagiv html://
SE-565 Software System Requirements More UML Diagrams.
Chapter 3 : Software Process and Other Models Juthawut Chantharamalee Curriculum of Computer Science Faculty of Science and Technology, Suan Dusit University.
UML Sequence Diagrams Michael L. Collard, Ph.D. Department of Computer Science Kent State University.
Topics in Software Dynamic White-box Testing: Data-flow Testing
Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.
“is a”  Define a new class DerivedClass which extends BaseClass class BaseClass { // class contents } class DerivedClass : BaseClass { // class.
Introduction to Software Testing Chapter 2.3 Graph Coverage for Source Code Paul Ammann & Jeff Offutt
程建群 博士(Dr. Jason Cheng) 年03月
Software (Program) Analysis. Automated Static Analysis Static analyzers are software tools for source text processing They parse the program text and.
CS4311 Spring 2011 Unit Testing Dr. Guoqiang Hu Department of Computer Science UTEP.
COP 4620 / 5625 Programming Language Translation / Compiler Writing Fall 2003 Lecture 10, 10/30/2003 Prof. Roy Levow.
Foundations of Software Testing Chapter 5: Test Selection, Minimization, and Prioritization for Regression Testing Last update: September 3, 2007 These.
Foundations of Software Testing Chapter 1: Preliminaries Last update: September 3, 2007 These slides are copyrighted. They are for use with the Foundations.
1 Compiler Construction (CS-636) Muhammad Bilal Bashir UIIT, Rawalpindi.
Sommerville 2004,Mejia-Alvarez 2009Software Engineering, 7th edition. Chapter 8 Slide 1 System models.
1 CS 201 Compiler Construction Introduction. 2 Instructor Information Rajiv Gupta Office: WCH Room Tel: (951) Office.
Introduction to Java Java Translation Program Structure
What is Object-Oriented?  Organization of software as a collection of discreet objects that incorporate both data structure and behavior.
Software Verification Graph Model 2. 2 Graph Coverage Four Structures for Modeling Software Graphs Logic Input Space Syntax Use cases Specs Design Source.
Object-Oriented Modeling: Static Models. Object-Oriented Modeling Model the system as interacting objects Model the system as interacting objects Match.
1 Control Flow Analysis Topic today Representation and Analysis Paper (Sections 1, 2) For next class: Read Representation and Analysis Paper (Section 3)
Control Flow Graphs : The if Statement 1 if (x < y) { y = 0; x = x + 1; } else { x = y; } x >= yx < y x = y y = 0 x = x + 1 if (x < y) { y = 0;
1 Test Coverage Coverage can be based on: –source code –object code –model –control flow graph –(extended) finite state machines –data flow graph –requirements.
Cyclomatic Complexity Philippe CHARMAN Last update:
Cs205: engineering software university of virginia fall 2006 Programming Exceptionally David Evans
CS223: Software Engineering Lecture 26: Software Testing.
Polymorphic Variables CMPS2143. The Polymorphic Variable A polymorphic variable is a variable that can reference more than one type of object (that is,
STATIC CODE ANALYSIS. OUTLINE  INTRODUCTION  BACKGROUND o REGULAR EXPRESSIONS o SYNTAX TREES o CONTROL FLOW GRAPHS  TOOLS AND THEIR WORKING  ERROR.
Simone Campanoni CFA Simone Campanoni
Data Flow Analysis Suman Jana
CS223: Software Engineering
Paul Ammann & Jeff Offutt
Software Testing and Maintenance 1
Graph Coverage Criteria CS 4501 / 6501 Software Testing
Paul Ammann & Jeff Offutt
Input Space Partition Testing CS 4501 / 6501 Software Testing
Chapter 11 Object-Oriented Design
Unified Modeling Language
CS 326 Programming Languages, Concepts and Implementation
Graph Coverage for Specifications CS 4501 / 6501 Software Testing
State Machine Diagrams
University Of Virginia
CS 201 Compiler Construction
Paul Ammann & Jeff Offutt
Graph Coverage for Specifications CS 4501 / 6501 Software Testing
Graph Coverage Criteria CS 4501 / 6501 Software Testing
Pointer analysis.
Paul Ammann & Jeff Offutt
CS 201 Compiler Construction
Presentation transcript:

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 1 Finite Models

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 2 Learning objectives Understand goals and implications of finite state abstraction Learn how to model program control flow with graphs Learn how to model the software system structure with call graphs Learn how to model finite state behavior with finite state machines

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 3 Properties of Models Compact: representable and manipulable in a reasonably compact form –What is reasonably compact depends largely on how the model will be used Predictive: must represent some salient characteristics of the modeled artifact well enough to distinguish between good and bad outcomes of analysis –no single model represents all characteristics well enough to be useful for all kinds of analysis Semantically meaningful: it is usually necessary to interpret analysis results in a way that permits diagnosis of the causes of failure Sufficiently general: models intended for analysis of some important characteristic must be general enough for practical use in the intended domain of application

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 4 Graph Representations: directed graphs Directed graph: –N (set of nodes) –E (relation on the set of nodes ) edges Nodes: {a, b, c} Edges: {(a,b), (a, c), (c, a)} a bc bac

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 5 Graph Representations: labels and code We can label nodes with the names or descriptions of the entities they represent. –If nodes a and b represent program regions containing assignment statements, we might draw the two nodes and an edge (a,b) connecting them in this way: x = y + z; a = f(x);

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 6 Multidimensional Graph Representations Sometimes we draw a single diagram to represent more than one directed graph, drawing the shared nodes only once –class B extends (is a subclass of) class A –class B has a field that is an object of type C extends relation NODES = {A, B, C} EDGES = {(A,B)} includes relation NODES = {A, B, C} EDGES = {(B,C)} a bc

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 7 Finite Abstraction of Behavior an abstraction function suppresses some details of program execution  it lumps together execution states that differ with respect to the suppressed details but are otherwise identical

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 8 (Intraprocedural) Control Flow Graph nodes = regions of source code (basic blocks) –Basic block = maximal program region with a single entry and single exit point –Often statements are grouped in single regions to get a compact model –Sometime single statements are broken into more than one node to model control flow within the statement directed edges = possibility that program execution proceeds from the end of one region directly to the beginning of another

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 9 Example of Control Flow Graph public static String collapseNewlines(String argStr) { char last = argStr.charAt(0); StringBuffer argBuf = new StringBuffer(); for (int cIdx = 0 ; cIdx < argStr.length(); cIdx++) { char ch = argStr.charAt(cIdx); if (ch != '\n' || last != '\n') { argBuf.append(ch); last = ch; } return argBuf.toString(); }

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 10 Linear Code Sequence and Jump (LCSJ) FromSequence of basic blocsTo Entryb1 b2 b3jX Entryb1 b2 b3 b4jT Entryb1 b2 b3 b4 b5jE Entryb1 b2 b3 b4 b5 b6 b7jL jXb8ret jLb3 b4jT jLb3 b4 b5jE jLb3 b4 b5 b6 b7jL Essentially subpaths of the control flow graph from one branch to another

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 11 Interprocedural control flow graph Call graphs –Nodes represent procedures Methods C functions... –Edges represent calls relation

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 12 Overestimating the calls relation public class C { public static C cFactory(String kind) { if (kind == "C") return new C(); if (kind == "S") return new S(); return null; } void foo() { System.out.println("You called the parent's method"); } public static void main(String args[]) { (new A()).check(); } class S extends C { void foo() { System.out.println("You called the child's method"); } class A { void check() { C myC = C.cFactory("S"); myC.foo(); } The static call graph includes calls through dynamic bindings that never occur in execution. A.check() C.foo()S.foo()CcFactory(string)

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 13 Contex Insensitive Call graphs public class Context { public static void main(String args[]) { Context c = new Context(); c.foo(3); c.bar(17); } void foo(int n) { int[] myArray = new int[ n ]; depends( myArray, 2) ; } void bar(int n) { int[] myArray = new int[ n ]; depends( myArray, 16) ; } void depends( int[] a, int n ) { a[n] = 42; } main C.fooC.bar C.depends

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 14 Contex Sensitive Call graphs public class Context { public static void main(String args[]) { Context c = new Context(); c.foo(3); c.bar(17); } void foo(int n) { int[] myArray = new int[ n ]; depends( myArray, 2) ; } void bar(int n) { int[] myArray = new int[ n ]; depends( myArray, 16) ; } void depends( int[] a, int n ) { a[n] = 42; } main C.foo(3) C.bar(17) C.depends(int ( 3),a,2)

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 15 Context Sensitive CFG exponential growth A B D F H C E G I J 1 context A 2 contexts AB AC 4 contexts ABD ABE ACD ACE 8 contexts … 16 calling contexts …

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 16 Finite state machines LFCREOFother ee/emit d/-w/append we/emit d/emitw/append le/-d/-w/append finite set of states (nodes) set of transitions among states (edges) Graph representation (Mealy machine)Tabular representation

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 17 Using Models to Reason about System Properties

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 18 Abstraction Function

(c) 2007 Mauro Pezzè & Michal Young Ch 5, slide 19 Summary Models must be much simpler than the artifact they describe to be understandable and analyzable Must also be sufficiently detailed to be useful CFG are built from software FSM can be built before software to documentintended behavior

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.