1 Testing the OPN Language: Rule Coverage and Fuzz Testing Wujie Zheng.

Slides:



Advertisements
Similar presentations
Test Yaodong Bi.
Advertisements

Annoucements  Next labs 9 and 10 are paired for everyone. So don’t miss the lab.  There is a review session for the quiz on Monday, November 4, at 8:00.
Test-Driven Development and Refactoring CPSC 315 – Programming Studio.
Grey Box testing Tor Stålhane. What is Grey Box testing Grey Box testing is testing done with limited knowledge of the internal of the system. Grey Box.
(c) 2007 Mauro Pezzè & Michal Young Ch 9, slide 1 Test Case Selection and Adequacy Criteria.
Introduction to Software Testing Chapter 5.5 Input Space Grammars Paul Ammann & Jeff Offutt
Error Management with Design Contracts Karlstad University Computer Science Error Management with Design Contracts Eivind J. Nordby, Martin Blom, Anna.
Type Checking.
Software Testing and Quality Assurance
Copyright © 2006 Software Quality Research Laboratory DANSE Software Quality Assurance Tom Swain Software Quality Research Laboratory University of Tennessee.
Chapter 1 Principles of Programming and Software Engineering.
Applied Software Project Management Andrew Stellman & Jennifer Greene Applied Software Project Management Applied Software.
Programming Fundamentals (750113) Ch1. Problem Solving
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
 QUALITY ASSURANCE:  QA is defined as a procedure or set of procedures intended to ensure that a product or service under development (before work is.
Software Testing Prasad G.
1 Joe Meehean. 2 Testing is the process of executing a program with the intent of finding errors. -Glenford Myers.
Unit Testing & Defensive Programming. F-22 Raptor Fighter.
Introduction to Software Testing Chapter 5.5 Input Space Grammars Paul Ammann & Jeff Offutt
Fruitful functions. Return values The built-in functions we have used, such as abs, pow, int, max, and range, have produced results. Calling each of these.
1 Object-Oriented Testing CIS 375 Bruce R. Maxim UM-Dearborn.
© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.
Testing. Definition From the dictionary- the means by which the presence, quality, or genuineness of anything is determined; a means of trial. For software.
1 Shawlands Academy Higher Computing Software Development Unit.
UNIT 3 TEMPLATE AND EXCEPTION HANDLING. Introduction  Program errors are also referred to as program bugs.  A C program may have one or more of four.
Objectives Understand the basic concepts and definitions relating to testing, like error, fault, failure, test case, test suite, test harness. Explore.
C++ Code Analysis: an Open Architecture for the Verification of Coding Rules Paolo Tonella ITC-irst, Centro per la Ricerca Scientifica e Tecnologica
1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.
Chapter 1 Introduction Dr. Frank Lee. 1.1 Why Study Compiler? To write more efficient code in a high-level language To provide solid foundation in parsing.
Chapter 10: Compilers and Language Translation Invitation to Computer Science, Java Version, Third Edition.
Introduction to Testing 1. Testing  testing code is a vital part of the development process  the goal of testing is to find defects in your code  Program.
Testing Grammars For Top Down Parsers By Asma M Paracha, Frantisek F. Franek Dept. of Computing & Software McMaster University Hamilton, Ont.
Python – Part 1 Python Programming Language 1. What is Python? High-level language Interpreted – easy to test and use interactively Object-oriented Open-source.
CS 350, slide set 5 M. Overstreet Old Dominion University Spring 2005.
Grey Box testing Tor Stålhane. What is Grey Box testing Grey Box testing is testing done with limited knowledge of the internal of the system. Grey Box.
White-box Testing.
(1) Unit Testing and Test Planning CS2110: SW Development Methods These slides design for use in lab. They supplement more complete slides used in lecture.
1 Test Selection for Result Inspection via Mining Predicate Rules Wujie Zheng
The Software Development Process
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
1 Program Planning and Design Important stages before actual program is written.
Finding Errors in.NET with Feedback-Directed Random Testing Carlos Pacheco (MIT) Shuvendu Lahiri (Microsoft) Thomas Ball (Microsoft) July 22, 2008.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
David Streader Computer Science Victoria University of Wellington Copyright: David Streader, Victoria University of Wellington Debugging COMP T1.
Software Engineering Saeed Akhtar The University of Lahore.
Test Case Designing UNIT - 2. Topics Test Requirement Analysis (example) Test Case Designing (sample discussion) Test Data Preparation (example) Test.
Software Quality Assurance and Testing Fazal Rehman Shamil.
PROGRAMMING TESTING B MODULE 2: SOFTWARE SYSTEMS 22 NOVEMBER 2013.
1. Black Box Testing  Black box testing is also called functional testing  Black box testing ignores the internal mechanism of a system or component.
Dynamic Testing.
1 The Software Development Process ► Systems analysis ► Systems design ► Implementation ► Testing ► Documentation ► Evaluation ► Maintenance.
Whole Test Suite Generation. Abstract Not all bugs lead to program crashes, and not always is there a formal specification to check the correctness of.
Introduction to Computer Programming Concepts M. Uyguroğlu R. Uyguroğlu.
Testing Integral part of the software development process.
Principles of Programming & Software Engineering
Software Testing.
Testing Tutorial 7.
Introduction to Parsing (adapted from CS 164 at Berkeley)
Principles of Programming and Software Engineering
Design and Programming
Aspect Validation: Connecting Aspects and Formal Methods
Programming Fundamentals (750113) Ch1. Problem Solving
Software Verification and Validation
Software Verification and Validation
Dynamic Program Analysis
Programming Fundamentals (750113) Ch1. Problem Solving
Programming Fundamentals (750113) Ch1. Problem Solving
Chapter 10: Compilers and Language Translation
Software Verification and Validation
Presentation transcript:

1 Testing the OPN Language: Rule Coverage and Fuzz Testing Wujie Zheng

2 Outline The OPN Language Task 1: Rule Coverage Collection  Verifying the OPN definitions  A measurement of the test suite for the OPN compiler Task 2: Fuzz Testing  Test the type checker Conclusions and Future Work

3 The OPN Language OPN (Open Protocol Notation) is a notation for describing architecture, messages, and behavior of network protocols.

The OPN Language Components  OPN definitions  The OPN compiler Parser (and lexer) Type checker Code generator  Runtime 4

The OPN Language Components  OPN definitions  The OPN compiler Parser (and lexer) Type checker Code generator  Runtime 5

The OPN Language Examples For Statements EmbeddedStatement ::= for ( ForInitializer ; Expression ; StatementList, ? ) EmbeddedStatement ForInitializer ::= VariableDeclaration (, VariableDeclaration )* | StatementList, ? StatementList ::= StatementExpression (, StatementExpression )* Endpoint Declarations EndpointDeclaration ::= VisibilityModifier* endpoint Identifier EndpointAddress? EndpointTransports Aspects? ContractElement+ ( { EndpointMember* } AspectsAfterBlock? | Aspects? ; ) 6

7 Task 1: Rule Coverage Collection Rule Coverage  A criterion for testing grammars  A test case is said to cover a grammar rule if that rule is used at least once in deriving the test case For example, The following test module test; int x; covers the grammar rule Document ::= module QualifiedIdentifier Aspects? ; UsingDeclaration* ModuleMember*, and not cover the rule Document ::= protocol QualifiedIdentifier Aspects? ; UsingDeclaration* ProtocolMember*

Task 1: Rule Coverage Collection Rule Coverage Collection  Define a set of grammar rules (sub-classes of each rule) based on the OPN definitions  Implement an OPNRulePrinter to traverse the POM objects to get the rules covered by the test cases  Report the rule coverage result 8

9

Task 1: Rule Coverage Collection Purpose 1: verifying the OPN definitions  To collect the rule coverage, we need to identify the sub-rules of each grammar rule and visit each component of a rule, which can identify Missing definitions Wrong definitions Some bugs can be identified by experience, some may due to conflicts between the definitions and the implementations 10

Task 1: Rule Coverage Collection Purpose 1: verifying the OPN definitions  Results: find 17 bugs in OPN definitions Missing definitions Bug 6083: Definition of “ReferenceExpression” missed in the specification Bug 15386: [Doc] Range expressions are implemented but not defined … Wrong definitions Bug 14971: [Doc] the definition of Switch Statements misses DefaultCase … 11

Task 1: Rule Coverage Collection Purpose 2: provide a measurement of the test suite for the OPN compiler  To understand how well the OPN grammar has been tested  Compiler errors may occur in some cases of a grammar rule but not in other cases Define sub-classes of each rule, so as to check corner cases For example, for the definition Document ::= protocol QualifiedIdentifier Aspects? ; UsingDeclaration* ProtocolMember* 6 rules are defined: Document_Protocol_Aspects, Document_Protocol_NoAspects, Document_Protocol_NoProtocolMember, Document_Protocol_ProtocolMember, Document_Protocol_NoUsingDeclaration, and Document_Protocol_UsingDeclaration. 12

Task 1: Rule Coverage Collection Purpose 2: provide a measurement of the test suite for the OPN compiler  Results: Define 518 rules Measure the rule coverage of the Tests.OpnExportRoundtrip tests: 459/518=88.6% A detailed rule coverage report 13

Task 2: Fuzz Testing Fuzz Testing  A software testing technique that provides invalid, unexpected, or random data to the inputs of a program.  If the program fails (for example, by crashing, hanging, or failing built-in code assertions), the defects can be noted. 14

Task 2: Fuzz Testing Randomly Mutate The Inputs 15 Original Input Mutated Input

Task 2: Fuzz Testing Fuzz Testing for the type checker  Given a test input, randomly mutates some parts of it and generates more test inputs.  Two kinds of mutation Unstructured mutation  Mutate lines or words of an OPN input.  Supports three operators: change, add, and remove. Structured mutation  Mutate identifiers of a POM input (generated from an OPN input).  Supports only the change operator now. 16

Task 2: Fuzz Testing Fuzz Testing for the type checker  How to check the test result of mutated inputs? The program under test (mainly the type checker) should not crash or hang. If a mutated input passes the type checker, it is suspicious The type checker should not throw exceptions without any error messages. A mutated input that increases the code coverage may deserve an investigation. Randomly inspect some mutated inputs and the execution results. 17

Task 2: Fuzz Testing Fuzz Testing for the type checker  How to check the test result of mutated inputs? Log the mutated inputs and the execution results for investigation  The mutated inputs and the changes  Whether the mutated inputs pass/fail the type checker  Detailed error messages 18

Task 2: Fuzz Testing Fuzz Testing for the type checker  Results Find 9 bugs in the type checker  Hangs Bug 14982: [TypeChecker] "endpoint U over U" crashes the type checker  Exceptions with error messages Bug 15015: [TypeChecker] type checker throws exception without any error message for code related to Aspects  Type checker passes Bug 15616: [TypeChecker] type checker should report errors for the comparison between 'int' and 'method‘ … 19

Task 2: Fuzz Testing Fuzz Testing for the type checker  Experience Structured mutation is much more effective than unstructured mutation  Generate error-inducing inputs more quickly The mutated inputs are syntactically correct, so we can focus on testing the type checker  More easy to identify suspicious results for manual inspection Change of identifiers can result in conflict of type information more easily, so it is more suspicious for the type checker to pass the mutated inputs 20

21 Rule coverage collection is good for verifying OPN definitions  Need to check the definitions carefully, otherwise don’t know how to implement the rule coverage collecting program  Also check the consistence between the definitions and the implementations The test suites have achieved high rule coverage Future work  To define rules for the combinations of components of each rule Conclusions and Future Work

22 Fuzz testing is good for verifying the type checker  Especially helpful for ensuring the robustness  Also find semantic bugs Future work  To systematically mutate the POM objects using symbolic execution techniques Conclusions and Future Work

23 Thank you! Q&A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.