Pexxxx White Box Test Generation for

Slides:



Advertisements
Similar presentations
Leonardo de Moura Microsoft Research. Z3 is a new solver developed at Microsoft Research. Development/Research driven by internal customers. Free for.
Advertisements

Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008
PLDI’2005Page 1June 2005 Example (C code) int double(int x) { return 2 * x; } void test_me(int x, int y) { int z = double(x); if (z==y) { if (y == x+10)
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
1/20 Generalized Symbolic Execution for Model Checking and Testing Charngki PSWLAB Generalized Symbolic Execution for Model Checking and Testing.
Symbolic execution © Marcelo d’Amorim 2010.
Automation of Test Case Generation
Peli de Halleux Senior Research Software Design Engineer Microsoft Research.
Exception Handling Introduction Exception handling is a mechanism to handle exceptions. Exceptions are error like situations. It is difficult to decide.
CSE503: SOFTWARE ENGINEERING SYMBOLIC TESTING, AUTOMATED TEST GENERATION … AND MORE! David Notkin Spring 2011.
DART Directed Automated Random Testing Patrice Godefroid, Nils Klarlund, and Koushik Sen Syed Nabeel.
Finding and Debugging Errors
Pex White Box Test Generation for.NET Nikolai Tillmann, Microsoft Research SMT 2008.
Program Exploration with Pex Nikolai Tillmann, Peli de Halleux Pex
Nikolaj Bjørner Leonardo de Moura Nikolai Tillmann Microsoft Research August 11’th 2008.
Analysis of Complex Data Structures with PEX Vadim Mutilin Evgeniy Gerlits Vladimir Fedotov Mentor: Patrice Godefroid.
1 Functional Testing Motivation Example Basic Methods Timing: 30 minutes.
Automating Software Testing Using Program Analysis -Patrice Godefroid, Peli de Halleux, Aditya V. Nori, Sriram K. Rajamani,Wolfram Schulte, and Nikolai.
Unit Testing & Defensive Programming. F-22 Raptor Fighter.
Deep Dive into Pex How Pex works, implications for design of Code Hunt puzzles Nikolai Tillmann Principal Software Engineering Manager Microsoft, Redmond,
Separation of Concerns Tao Xie Peking University, China North Carolina State University, USA In collaboration with Nikolai Tillmann, Peli de Halleux, Wolfram.
Tao Xie North Carolina State University Supported by CACC/NSA Related projects supported in part by ARO, NSF, SOSI.
Automated Testing of System Software (Virtual Machine Monitors) Tao Xie Department of Computer Science North Carolina State University
DART: Directed Automated Random Testing Koushik Sen University of Illinois Urbana-Champaign Joint work with Patrice Godefroid and Nils Klarlund.
Tao Xie (North Carolina State University) Nikolai Tillmann, Jonathan de Halleux, Wolfram Schulte (Microsoft Research, Redmond WA, USA)
CUTE: A Concolic Unit Testing Engine for C Technical Report Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.
DySy: Dynamic Symbolic Execution for Invariant Inference.
Designing For Testability. Incorporate design features that facilitate testing Include features to: –Support test automation at all levels (unit, integration,
1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.
Tao Xie Automated Software Engineering Group Department of Computer Science North Carolina State University
1 VeriSoft A Tool for the Automatic Analysis of Concurrent Reactive Software Represents By Miller Ofer.
Teaching and Learning Programming and Software Engineering via Interactive Gaming Tao Xie University of Illinois at Urbana-Champaign In collaboration with.
Testing and Debugging Version 1.0. All kinds of things can go wrong when you are developing a program. The compiler discovers syntax errors in your code.
Tao Xie North Carolina State University Nikolai Tillmann, Peli de Halleux, Wolfram Schulte Microsoft Research.
Code Contracts Parameterized Unit Tests Tao Xie. Example Unit Test Case = ? Outputs Expected Outputs Program + Test inputs Test Oracles 2 void addTest()
Parameterized Unit Tests By Nikolai Tillmann and Wolfram Schulte Proc. of ESEC/FSE 2005 Presented by Yunho Kim Provable Software Lab, KAIST TexPoint fonts.
16 October Reminder Types of Testing: Purpose  Functional testing  Usability testing  Conformance testing  Performance testing  Acceptance.
Unit-1 Introduction Prepared by: Prof. Harish I Rathod
Cs2220: Engineering Software Class 6: Defensive Programming Fall 2010 University of Virginia David Evans.
Mining Gigabytes of Dynamic Traces for Test Generation Suresh Thummalapenta North Carolina State University Peli de Halleux and Nikolai Tillmann Microsoft.
Code Hunt: Experience with Coding Contests at Scale Judith Bishop, R Nigel Horspool, Tao Xie, Nikolai Tillmann, Jonathan de Halleux Microsoft Research,
Nikolai Tillmann, Jonathan de Halleux Tao Xie Microsoft Research Univ. Illinois at Urbana-Champaign.
Xusheng Xiao North Carolina State University CSC 720 Project Presentation 1.
jFuzz – Java based Whitebox Fuzzing
Cooperative Developer Testing: Tao Xie North Carolina State University In collaboration with Xusheng ASE and Nikolai Tillmann, Peli de
CSV 889: Concurrent Software Verification Subodh Sharma Indian Institute of Technology Delhi Scalable Symbolic Execution: KLEE.
Tao Xie (North Carolina State University) Nikolai Tillmann, Peli de Halleux, Wolfram Schulte (Microsoft Research)
A Test Case + Mock Class Generator for Coding Against Interfaces Mainul Islam, Christoph Csallner Software Engineering Research Center (SERC) Computer.
Parameterized Unit Testing in the Open Source Wild Wing Lam (U. Illinois) In collaboration with Siwakorn Srisakaokul, Blake Bassett, Peyman Mahdian and.
Programming Techniques Lec03 Procedural Abstraction Software Engineering Fall 2005.
PROGRAMMING TESTING B MODULE 2: SOFTWARE SYSTEMS 22 NOVEMBER 2013.
CUTE: A Concolic Unit Testing Engine for C Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.
1 The Software Development Process ► Systems analysis ► Systems design ► Implementation ► Testing ► Documentation ► Evaluation ► Maintenance.
Random Test Generation of Unit Tests: Randoop Experience
Week 6 MondayTuesdayWednesdayThursdayFriday Testing III Reading due Group meetings Testing IVSection ZFR due ZFR demos Progress report due Readings out.
Symbolic Execution in Software Engineering By Xusheng Xiao Xi Ge Dayoung Lee Towards Partial fulfillment for Course 707.
Introduction to Computer Programming using Fortran 77.
CSE 331 SOFTWARE DESIGN & IMPLEMENTATION SYMBOLIC TESTING Autumn 2011.
Dynamic White-Box Testing What is code coverage? What are the different types of code coverage? How to derive test cases from control flows?
Clear Lines Consulting · clear-lines.comApril 21, 2010 · 1 The Joy of Pex
Testing It is much better to have a plan when testing your programs than it is to just randomly try values in a haphazard fashion. Testing Strategies:
CS223: Software Engineering Lecture 26: Software Testing.
Dynamic Symbolic Execution
A Test Case + Mock Class Generator for Coding Against Interfaces
Presented by Mahadevan Vasudevan + Microsoft , *UC-Berkeley
Code Contracts and Pex Peli de Halleux, Nikolai Tillmann
White-Box Testing Using Pex
New Ideas Track: Testing MapReduce-Style Programs Christoph Csallner, Leonidas Fegaras, Chengkai Li Computer.
CUTE: A Concolic Unit Testing Engine for C
Presentation transcript:

Pexxxx White Box Test Generation for Pexxxx White Box Test Generation for .NET Nikolai Tillmann, Peli de Halleux Microsoft Research

Unit Testing Today A unit test is a small program with assertions. void AddTest() { HashSet set = new HashSet(); set.Add(7); set.Add(3); Assert.IsTrue(set.Count == 2); } Many developers write such unit tests by hand.

Vision: Parameterized Unit Testing void AddSpec(int x, int y) { HashSet set = new HashSet(); set.Add(x); set.Add(y); Assert.AreEqual(x == y, set.Count == 1); Assert.AreEqual(x != y, set.Count == 2); } Parameterized Unit Tests separate two concerns: The specification of externally visible behavior. (assertions) The selection of internally relevant test inputs. (coverage)

Demo: Parameterized Unit Test Write [PexMethod] with parameters, invoke Analysis

Demo: Pex Exploration Results Table: data and results

Demo: Generated Unit Tests Generated Test Inputs are stored as C# Unit Tests

Pex: Overview Purpose: Test input generator Starting from parameterized unit tests Generated tests emitted as traditional unit tests Goal: Test suite that covers all reachable statements Technology: Dynamic symbolic execution Whole-program, white-box code analysis At the level of the .NET instructions (bytecode) Symbolic execution based on monitoring and re-execution Path conditions obtained by monitoring dataflow, branches Iterative selection of potential execution paths Constraint solver determines test inputs for paths

Dynamic Symbolic Execution By Example Choose next path Solve Execute&Monitor Code to generate inputs for: Constraints to solve a!=null a!=null && a.Length>0 a.Length>0 && a[0]==123456890 Input null {} {0} {123…} Observed constraints a==null a!=null && !(a.Length>0) a==null && a.Length>0 && a[0]!=1234567890 a[0]==1234567890 void CoverMe(int[] a) { if (a == null) return; if (a.Length > 0) if (a[0] == 1234567890) throw new Exception("bug"); } Negated condition a==null F T Done: There is no path left. a.Length>0 F T a[0]==123… F T

Going from simple example Into the real world How to test this code? (Actual code from .NET base class libraries.)

Real World (II)

Real World (III) There is no detailed specification. Most basic test oracle: Code should not crash, i.e. throwing unexpected exceptions Possible test case, written by Hand

Pex – Demo Test input, generated by Pex 12

Test Input Generation by Dynamic Symbolic Execution Initially, choose Arbitrary Run Test and Monitor Solve Test Inputs Constraint System Execution Path Known Paths Choose an Uncovered Path Record Path Condition

Test Input Generation by Dynamic Symbolic Execution … Initially, choose Arbitrary Run Test and Monitor Solve Test Inputs Constraint System Execution Path Known Paths Choose an Uncovered Path Record Path Condition

Test Input Generation by Dynamic Symbolic Execution Initially, choose Arbitrary Path Condition: … ⋀ magicNum != 0x95673948 Run Test and Monitor Solve Test Inputs Constraint System Execution Path Known Paths Choose an Uncovered Path Record Path Condition

Test Input Generation by Dynamic Symbolic Execution Initially, choose Arbitrary Run Test and Monitor … ⋀ magicNum != 0x95673948 … ⋀ magicNum == 0x95673948 Solve Test Inputs Constraint System Execution Path Known Paths Choose an Uncovered Path Record Path Condition

Test Input Generation by Dynamic Symbolic Execution Initially, choose Arbitrary Run Test and Monitor Solve Test Inputs Constraint System Execution Path Known Paths Choose an Uncovered Path Record Path Condition

Test Input Generation by Dynamic Symbolic Execution Initially, choose Arbitrary Run Test and Monitor Solve Test Inputs Constraint System Execution Path Known Paths Choose an Uncovered Path Record Path Condition

Test Input Generation by Dynamic Symbolic Execution Initially, choose Arbitrary Run Test and Monitor Solve Test Inputs Constraint System Execution Path Known Paths Choose an Uncovered Path Record Path Condition Result: small test suite, high code coverage Finds only real bugs No false warnings

Advanced Features Command-line tool Parameterized Mock Objects Explores your code on your build server Generates HTML reports Parameterized Mock Objects Stubs and mock objects can use parameters too Parameterized Object Factories Factories that take parameters help Pex

Assumptions and Assertions void PexAssume.IsTrue(bool c) { if (!c) throw new AssumptionViolationException(); } void PexAssert.IsTrue(bool c) { if (!c) throw new AssertionViolationException(); Assumptions and assertions are explored just like all other branches; Pex will try to break them! Executions which cause assumption violations are ignored, not reported as errors or test cases

Limitations Assumption: Environment is deterministic "Environment" includes all code that is not monitored, e.g. native code, uninstrumented code, code that executes on another machine on the network… Pex simply ignores non-deterministic behavior Assumption: Program is single-threaded Limitations of constraint solver Little support for floating point arithmetic approximation with rationals (linear arithmetic only) No support for System.Decimal arithmetic Bounds on time and memory consumption http://research.microsoft.com/projects/Z3/

Summary Pex automates test input generation for .NET programs Pex enables Parameterized Unit Testing Used in Microsoft to test core .NET components Pex is publicly available for academic use. Watch our website for future announcements. http://research.microsoft.com/Pex

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.