1 T.Y. Chen Swinburne University of Technology, Australia T.H. Tse and Zhiquan Zhou The University of Hong Kong Semi-Proving: an Integrated Method Based.

Slides:

Advertisements

Similar presentations

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.

Advertisements

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Operating System Security

Problems and Their Classes

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Technology of Test Case Generation Levi Lúcio University of Geneva Marko Samer Vienna University of Technology.

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Inference and Reasoning. Basic Idea Given a set of statements, does a new statement logically follow from this. For example If an animal has wings and.

Theoretical Program Checking Greg Bronevetsky. Background The field of Program Checking is about 13 years old. Pioneered by Manuel Blum, Hal Wasserman,

What is an Algorithm? (And how do we analyze one?)

1 Application of Metamorphic Testing to Supervised Classifiers Xiaoyuan Xie, Tsong Yueh Chen Swinburne University of Technology Christian Murphy, Gail.

CS 536 Spring Global Optimizations Lecture 23.

1 Advanced Material The following slides contain advanced material and are optional.

What is an Algorithm? (And how do we analyze one?) COMP 122, Spring 04.

1 Sorting by Transpositions Based on the First Increasing Substring Concept Advisor: Professor R.C.T. Lee Speaker: Ming-Chiang Chen.

Algorithms. Introduction Before writing a program: –Have a thorough understanding of the problem –Carefully plan an approach for solving it While writing.

Chapter 4 MATLAB Programming Logical Structures Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Prof. Bodik CS 164 Lecture 16, Fall Global Optimization Lecture 16.

Dr. Pedro Mejia Alvarez Software Testing Slide 1 Software Testing: Building Test Cases.

JS Arrays, Functions, Events Week 5 INFM 603. Agenda Arrays Functions Event-Driven Programming.

Lecture 6 Software Testing and jUnit CS140 Dick Steflik.

1/20 Symbolic Execution and Program Testing Charngki PSWLAB Symbolic Execution and Program Testing James C.King IBM Thomas J.Watson Research Center.

Testing Theory cont. Introduction Categories of Metrics Review of several OO metrics Format of Presentation CEN 5076 Class 6 – 10/10.

Overview of Software Testing 07/12/2013 WISTPC 2013 Peter Clarke.

1 Program Correctness CIS 375 Bruce R. Maxim UM-Dearborn.

Chapter 3 (Part 3): Mathematical Reasoning, Induction & Recursion  Recursive Algorithms (3.5)  Program Correctness (3.6)

© Copyright 1992–2005 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. Tutorial 5 – Dental Payment Application: Introducing.

Examples using Arrays. Summing Squares Problem: To compute the sum of the squares of N numbers N is given N values are also given These should be read.

Binary Search From solving a problem to verifying an answer.

Design of Algorithms using Brute Force Approach. Primality Testing (given number is n binary digits)

Visual Basic Programming

Halting Problem Introduction to Computing Science and Programming I.

CMP-MX21: Lecture 4 Selections Steve Hordley. Overview 1. The if-else selection in JAVA 2. More useful JAVA operators 4. Other selection constructs in.

1 The Theory of NP-Completeness 2 Cook ’ s Theorem (1971) Prof. Cook Toronto U. Receiving Turing Award (1982) Discussing difficult problems: worst case.

Chapter 7 Selection Dept of Computer Engineering Khon Kaen University.

Reasoning about programs March CSE 403, Winter 2011, Brun.

Formal Methods in SE Software Verification Using Formal Methods By: Qaisar Javaid, Assistant Professor Formal Methods1.

Multiplication Facts X 3 = 2. 8 x 4 = 3. 7 x 2 =

How to Test Methods Computer Science 3 Gerb Objective: Test methods properly.

Random Interpretation Sumit Gulwani UC-Berkeley. 1 Program Analysis Applications in all aspects of software development, e.g. Program correctness Compiler.

A First Book of C++ Chapter 4 Selection. Objectives In this chapter, you will learn about: –Relational Expressions –The if-else Statement –Nested if Statements.

Loop Invariants and Binary Search Chapter 4.4, 5.1.

Fundamentals of Informatics Lecture 12 The Halting Problem Bas Luttik.

Error Explanation with Distance Metrics Authors: Alex Groce, Sagar Chaki, Daniel Kroening, and Ofer Strichman International Journal on Software Tools for.

Google C++ Testing Framework Part 2: Assertion. Concepts A test case contains one or many tests. ◦ You should group your tests into test cases that reflect.

Exercise 1: Maximum element for the following code a- what is the basic operation? b- what is C(n)? d-what is the running time?

BINARY SEARCH CS16: Introduction to Data Structures & Algorithms Thursday February 12,

A First Book of C++ Chapter 4 Selection.

Software Testing. Software Quality Assurance Overarching term Time consuming (40% to 90% of dev effort) Includes –Verification: Building the product right,

Basic concepts of C++ Presented by Prof. Satyajit De

Topic 36: Zero-Knowledge Proofs

Testing Tutorial 7.

Math/CSE 1019C: Discrete Mathematics for Computer Science Fall 2012

Coupling and Cohesion 1.

Data Structures and Algorithms

Chapter 4 MATLAB Programming

The Selection Structure

Javascript Conditionals.

Syntax-based Testing CS 4501 / 6501 Software Testing

Introduction to Software Testing Chapter 5.1 Syntax-based Testing

Microsoft Visual Basic 2005 BASICS

Programming Languages 2nd edition Tucker and Noonan

MSIS 655 Advanced Business Applications Programming

CS 1111 Introduction to Programming Fall 2018

CS 583 Fall 2006 Analysis of Algorithms

Test Process “V” Diagram

CSE 1020:Software Development

CS 583 Analysis of Algorithms

Program Correctness an introduction.

Presentation transcript:

1 T.Y. Chen Swinburne University of Technology, Australia T.H. Tse and Zhiquan Zhou The University of Hong Kong Semi-Proving: an Integrated Method Based on Global Symbolic Evaluation and Metamorphic Testing (speaker)

2 Presentation Outline  Conventional Program Testing and Proving  Metamorphic Testing  Our method: Semi-Proving  Summary.

3  Conventional Program Testing and Proving  Metamorphic Testing  Our method: Semi-Proving  Summary. Presentation Outline

4 Conventional Program Testing and Proving Given a bijective function f ; A Program: F_Sort (a 1, a 2,..., a n ), n  2 Output: (a 1 ’, a 2 ’,..., a n ’), such that 1. (a 1 ’, a 2 ’,..., a n ’) is a permutation of (a 1, a 2,..., a n ) 2. f (a 1 ’)  f (a 2 ’) ...  f (a n ’). Given a bijective function f ; A Program: F_Sort (a 1, a 2,..., a n ), n  2 Output: (a 1 ’, a 2 ’,..., a n ’), such that 1. (a 1 ’, a 2 ’,..., a n ’) is a permutation of (a 1, a 2,..., a n ) 2. f (a 1 ’)  f (a 2 ’) ...  f (a n ’).

5 Conventional Program Testing and Proving  Testing 1. Design test cases: e.g. (2, 6, 3) for n=3 2. Run: F_Sort (2, 6, 3) = (6, 3, 2) 3. Check: f (6) < f (3) < f (2) ? 1. Design test cases: e.g. (2, 6, 3) for n=3 2. Run: F_Sort (2, 6, 3) = (6, 3, 2) 3. Check: f (6) < f (3) < f (2) ?

6 Conventional Program Testing and Proving  Proving correctness 1. F_Sort terminates for any valid input; 2. The output is correct. 1. F_Sort terminates for any valid input; 2. The output is correct.

7 Conventional Program Testing and Proving  Proving properties F_Sort (a 1, a 2,..., a n ) = (a 1 ’, a 2 ’,..., a n ’) Permutation.

8 Metamorphic Testing  Metamorphic Testing Employing relationships between different executions Fact: different permutations will produce same output F_Sort (a 1, a 2, a 3 ) Fact: different permutations will produce same output F_Sort (a 1, a 2, a 3 ) F_Sort (a 3, a 1, a 2 ) = “ Metamorphic Relation ” ·

9 Metamorphic Testing Metamorphic Test Cases: {(2, 6, 3), (3, 2, 6)} Metamorphic Testing: 1. F_Sort (2, 6, 3) = (6, 3, 2) Metamorphic Testing: 1. F_Sort (2, 6, 3) = (6, 3, 2) No matter whether an oracle is available or not; Very useful when the oracle cannot be found. 2. F_Sort (3, 2, 6) = (6, 3, 2) | || | PASS

10 Metamorphic Testing Metamorphic Test Cases: {(2, 6, 3), (3, 2, 6)} Metamorphic Testing: 1. F_Sort (2, 6, 3) = (6, 3, 2) Metamorphic Testing: 1. F_Sort (2, 6, 3) = (6, 3, 2) 2. F_Sort (3, 2, 6) = (3, 6, 2) Failure. | || |

11  Conventional Program Testing and Proving  Metamorphic Testing  Semi-Proving: Verifying Metamorphic Relations  Summary. Presentation Outline

12 Semi-Proving: Verifying Metamorphic Relations  Objective: If the program does not satisfy a metamorphic relation on some inputs, locate these inputs; Otherwise prove the satisfaction of the metamorphic relation over all inputs.

13  Why called “Semi”? Proving necessary properties, which may not be sufficient for program correctness  Characteristics of Semi-Proving Multiple symbolic executions Testing and proving. Semi-Proving: Verifying Metamorphic Relations

14 double GetMid (double x1, double x2, double x3) {double mid; mid = x3; if (x2 < x3) if (x1 < x2) mid = x2; else { if (x1 < x3) mid = x1; } else if (x1 > x2) mid = x2; else if (x1 > x3) mid = x1; return mid; } double GetMid (double x1, double x2, double x3) {double mid; mid = x3; if (x2 < x3) if (x1 < x2) mid = x2; else { if (x1 < x3) mid = x1; } else if (x1 > x2) mid = x2; else if (x1 > x3) mid = x1; return mid; } Semi-Proving: Verifying Metamorphic Relations

15 SpecificationSpecification “GetMid (X, Y, Z)” returns the median of (X, Y, Z) E.g. GetMid (3, 4, 1): “3”. Semi-Proving: Verifying Metamorphic Relations

16  Verifying “GetMid” by Semi-Proving Identify a Metamorphic Relation GetMid ( X, Y, Z ) = GetMid ( permute(X, Y, Z) ) Semi-Proving: Verifying Metamorphic Relations any numbersany permutation Purpose: to verify

17  Basic concepts Transposition simple permutation that exchanges two elements (1, 2, 3) (1, 2, 3)  1 (1, 2, 3)  (1, 3, 2)  2  (2, 1, 3) Semi-Proving: Verifying Metamorphic Relations

18 A tuple (1, 2, 3) A permutation (2, 3, 1) (1, 2, 3) A tuple (1, 2, 3) A permutation (2, 3, 1) (1, 2, 3) (2, 3, 1)  11 (2, 1, 3)  22  Basic concepts Composition of Transpositions Semi-Proving: Verifying Metamorphic Relations

19  Result from Group Theory Any permutation of (X, Y, Z) can be achieved by compositions of transpositions (X, Z, Y) and (Y, X, Z). Semi-Proving: Verifying Metamorphic Relations

20 Semi-Proving: Verifying Metamorphic Relations  Purpose GetMid ( X, Y, Z ) = GetMid ( permute(X, Y, Z) ) Only need to verify: Any permutation. GetMid (X, Y, Z) = GetMid (X, Z, Y) GetMid (X, Y, Z) = GetMid (Y, X, Z)

21 Semi-Proving: Verifying Metamorphic Relations  Purpose GetMid ( X, Y, Z ) = GetMid ( permute(X, Y, Z) ) Only need to verify: GetMid (X, Y, Z) = GetMid (X, Z, Y) GetMid (X, Y, Z) = GetMid (Y, X, Z)

22  Global Symbolic Evaluation on GetMid (X, Y, Z) Execute all the possible paths. Semi-Proving: Verifying Metamorphic Relations

23 double GetMid (double x1, double x2, double x3) {double mid; mid = x3; if (x2 < x3) if (x1 < x2) mid = x2; else { if (x1 < x3) mid = x1; } else if (x1 > x2) mid = x2; else if (x1 > x3) mid = x1; return mid; } double GetMid (double x1, double x2, double x3) {double mid; mid = x3; if (x2 < x3) if (x1 < x2) mid = x2; else { if (x1 < x3) mid = x1; } else if (x1 > x2) mid = x2; else if (x1 > x3) mid = x1; return mid; } Semi-Proving: Verifying Metamorphic Relations

24 C1: (Y  X < Z) OR (Z < X  Y) Path Conditions C2: (X < Y < Z) OR (Z  Y < X) C3: (Y < Z  X) OR (X  Z  Y) Semi-Proving: Verifying Metamorphic Relations X when C1 is true GetMid (X, Y, Z) =Y when C2 is true Z when C3 is true

25 Semi-Proving: Verifying Metamorphic Relations ? GetMid (X, Z, Y) ? X when C1 is true GetMid (X, Y, Z) =Y when C2 is true Z when C3 is true

26 C4: (Z  X < Y) OR (Y < X  Z) C5: (X < Z < Y) OR (Y  Z < X) C6: (Z < Y  X) OR (X  Y  Z) PASS Semi-Proving: Verifying Metamorphic Relations ? GetMid (X, Z, Y) ? X when C4 is true = Z when C5 is true Y when C6 is true X when C1 is true GetMid (X, Y, Z) =Y when C2 is true Z when C3 is true

27 ? ? X when C1 is true GetMid (X, Y, Z) =Y when C2 is true Z when C3 is true X when C4 is true = Z when C5 is true Y when C6 is true  Contradiction PASS C1: (Y  X < Z) OR (Z < X  Y) & Semi-Proving: Verifying Metamorphic Relations GetMid (X, Z, Y) ? C4: (Z  X < Y) OR (Y < X  Z) C5: (X < Z < Y) OR (Y  Z < X) C6: (Z < Y  X) OR (X  Y  Z)

28 ? ? C4: (Z  X < Y) OR (Y < X  Z) C5: (X < Z < Y) OR (Y  Z < X) C6: (Z < Y  X) OR (X  Y  Z) X when C1 is true GetMid (X, Y, Z) =Y when C2 is true Z when C3 is true X when C4 is true = Z when C5 is true Y when C6 is true C1: (Y <= X < Z) OR (Z < X <= Y) & X=Y<Z OR Z<Y=X Semi-Proving: Verifying Metamorphic Relations ? GetMid (X, Z, Y)

29 ? ? ? C4: (Z  X < Y) OR (Y < X  Z) C5: (X < Z < Y) OR (Y  Z < X) C6: (Z < Y  X) OR (X  Y  Z) X when C1 is true GetMid (X, Y, Z) =Y when C2 is true Z when C3 is true X when C4 is true = Z when C5 is true Y when C6 is true C1: (Y <= X < Z) OR (Z < X <= Y) & Yes. X=Y PASS X=Y<Z OR Z<Y=X Semi-Proving: Verifying Metamorphic Relations GetMid (X, Z, Y)

30 ? X when C1 is true GetMid (X, Y, Z) =Y when C2 is true Z when C3 is true Semi-Proving: Verifying Metamorphic Relations GetMid (X, Z, Y) verified

31 ? X when C1 is true GetMid (X, Y, Z) =Y when C2 is true Z when C3 is true Semi-Proving: Verifying Metamorphic Relations ConclusionConclusion GetMid (X, Z, Y)

32 ? X when C1 is true GetMid (X, Y, Z) =Y when C2 is true Z when C3 is true Semi-Proving: Verifying Metamorphic Relations ConclusionConclusion GetMid (X, Z, Y)

33 X when C1 is true GetMid (X, Y, Z) =Y when C2 is true Z when C3 is true Semi-Proving: Verifying Metamorphic Relations ConclusionConclusion GetMid (X, Z, Y)

34 X when C1 is true GetMid (X, Y, Z) =Y when C2 is true Z when C3 is true Semi-Proving: Verifying Metamorphic Relations ConclusionConclusion GetMid (X, Z, Y) Composition of transpositions GetMid (X, Y, Z) = GetMid ( Permute(X, Y, Z) ) GetMid (Y, X, Z) AnyAny.

35  Detecting Program Faults · Semi-Proving: Detecting Program Faults

36 double GetMid (double x1, double x2, double x3) {double mid; mid = x3; if (x2 < x3) if (x1 < x2) mid = x2; else { if (x1 < x3) mid = x1; } else if (x1 > x2) mid = x2; else if (x1 > x3) mid = x1; return mid; } double GetMid (double x1, double x2, double x3) {double mid; mid = x3; if (x2 < x3) if (x1 < x2) mid = x2; else { if (x1 < x3) mid = x1; } else if (x1 > x2) mid = x2; else if (x1 > x3) mid = x1; return mid; }

37 Verify: GetMid (X, Y, Z) = GetMid (X, Z, Y) Semi-Proving: Detecting Program Faults | || | X when Y  X < Z ? | || | Y when (Z < Y  X ) OR (Y  Z AND X  Z) AND

38 Verify: GetMid (X, Y, Z) = GetMid (X, Z, Y) Semi-Proving: Detecting Program Faults | X when Y  X < Z ? | Y when (Z < Y  X ) OR (Y  Z AND X  Z) AND  (Y=X<Z) OR (Y<X<Z)

39 Verify: GetMid (X, Y, Z) = GetMid (X, Z, Y) Semi-Proving: Detecting Program Faults | X when Y  X < Z ? | Y when (Z < Y  X ) OR (Y  Z AND X  Z) AND  (Y=X<Z) OR (Y<X<Z) ?  failure Failure-causing input Can identify all the failure-causing inputs.

40 Summary  A proving technique: all the paths  A testing technique: failure-causing inputs selected path(s)  Characteristics Metamorphic relations Multiple symbolic executions Employing global symbolic evaluation and constraint solving.

41 Questions are welcome