Tao Xie Automated Software Engineering Group Department of Computer Science North Carolina State University https://sites.google.com/site/asergrp/

Slides:



Advertisements
Similar presentations
Leonardo de Moura Microsoft Research. Z3 is a new solver developed at Microsoft Research. Development/Research driven by internal customers. Free for.
Advertisements

Tutorial Pex4Fun: Teaching and Learning Computer Science via Social Gaming Nikolai Tillmann, Jonathan de Halleux, Judith Bishop, Michal.
Tao Xie North Carolina State University In collaboration with Nikolai Tillmann, Peli de Halleux, Wolfram Research and
Tao Xie University of Illinois at Urbana-Champaign Part of the research work described in this talk was done in collaboration with the Pex team (Nikolai.
Kai Pan, Xintao Wu University of North Carolina at Charlotte Generating Program Inputs for Database Application Testing Tao Xie North Carolina State University.
Programming Languages Language Design Issues Why study programming languages Language development Software architectures Design goals Attributes of a good.
Pexxxx White Box Test Generation for
1 Software Testing and Quality Assurance Lecture 30 - Introduction to Software Testing.
CS590 Z Software Defect Analysis Xiangyu Zhang. CS590F Software Reliability What is Software Defect Analysis  Given a software program, with or without.
Chair of Software Engineering Automatic Verification of Computer Programs.
Outline Types of errors Component Testing Testing Strategy
WARNING These slides are not optimized for printing or exam preparation. These are for lecture delivery only. These slides are made for PowerPoint 2010.
CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.
Human-Tool, Tool-Tool, and Human-Human Cooperations to Get the Job Done Tao Xie North Carolina State University Raleigh, NC, USA.
System/Software Testing
Deep Dive into Pex How Pex works, implications for design of Code Hunt puzzles Nikolai Tillmann Principal Software Engineering Manager Microsoft, Redmond,
Separation of Concerns Tao Xie Peking University, China North Carolina State University, USA In collaboration with Nikolai Tillmann, Peli de Halleux, Wolfram.
Tao Xie North Carolina State University Supported by CACC/NSA Related projects supported in part by ARO, NSF, SOSI.
Automated Testing of System Software (Virtual Machine Monitors) Tao Xie Department of Computer Science North Carolina State University
Tao Xie (North Carolina State University) Nikolai Tillmann, Jonathan de Halleux, Wolfram Schulte (Microsoft Research, Redmond WA, USA)
Automated Developer Testing: Achievements and Challenges Tao Xie North Carolina State University contact:
DySy: Dynamic Symbolic Execution for Invariant Inference.
CS 501: Software Engineering Fall 1999 Lecture 16 Verification and Validation.
Design of a Collaborative System Minjun Wang Department of Electrical Engineering and Computer Science Syracuse University, U.S.A
Tao Xie University of Illinois at Urbana-Champaign Part of the research work described in this talk was done in collaboration with the Pex team (Nikolai.
Improving Programmer Productivity via Mining Program Source Code Tao Xie Department of Computer Science North Carolina State University
1 PARSEWeb: A Programmer Assistant for Reusing Open Source Code on the Web Suresh Thummalapenta and Tao Xie Department of Computer Science North Carolina.
1 Automatic Identification of Common and Special Object-Oriented Unit Tests Dept. of Computer Science & Engineering University of Washington, Seattle Oct.
Teaching and Learning Programming and Software Engineering via Interactive Gaming Tao Xie University of Illinois at Urbana-Champaign In collaboration with.
Improving Software Reliability via Static and Dynamic Analysis Tao Xie, Automated Software Engineering Group Department of Computer Science North Carolina.
Mining Software Data: Code Tao Xie University of Illinois at Urbana-Champaign
COMP 121 Week 1: Testing and Debugging. Testing Program testing can be used to show the presence of bugs, but never to show their absence! ~ Edsger Dijkstra.
Tao Xie North Carolina State University Nikolai Tillmann, Peli de Halleux, Wolfram Schulte Microsoft Research.
Code Contracts Parameterized Unit Tests Tao Xie. Example Unit Test Case = ? Outputs Expected Outputs Program + Test inputs Test Oracles 2 void addTest()
1 Introduction to Software Engineering Lecture 1.
Today’s Agenda  HW #1  Finish Introduction  Input Space Partitioning Software Testing and Maintenance 1.
Mining Billions of AST Nodes to Study Actual and Potential Usage of Java Language Features Robert Dyer The research activities described in this talk were.
Christopher Kruegel University of California Engin Kirda Institute Eurecom Clemens Kolbitsch Thorsten Holz Secure Systems Lab Vienna University of Technology.
1 MSCS 237 Overview of web technologies (A specific type of distributed systems)
Mining Gigabytes of Dynamic Traces for Test Generation Suresh Thummalapenta North Carolina State University Peli de Halleux and Nikolai Tillmann Microsoft.
Code Hunt: Experience with Coding Contests at Scale Judith Bishop, R Nigel Horspool, Tao Xie, Nikolai Tillmann, Jonathan de Halleux Microsoft Research,
Computer Science Automated Software Engineering Research ( Mining Exception-Handling Rules as Conditional Association.
Alattin: Mining Alternative Patterns for Detecting Neglected Conditions Suresh Thummalapenta and Tao Xie Department of Computer Science North Carolina.
Nikolai Tillmann, Jonathan de Halleux Tao Xie Microsoft Research Univ. Illinois at Urbana-Champaign.
Computer Science Systematic Testing and Verification of Security Policies Tao Xie Department of Computer Science North Carolina State University
1 Introduction to Software Testing. Reading Assignment P. Ammann and J. Offutt “Introduction to Software Testing” ◦ Chapter 1 2.
Xusheng Xiao North Carolina State University CSC 720 Project Presentation 1.
Exploiting Code Search Engines to Improve Programmer Productivity and Quality Suresh Thummalapenta Advisor: Dr. Tao Xie Department of Computer Science.
Computer Science 1 Mining Likely Properties of Access Control Policies via Association Rule Mining JeeHyun Hwang 1, Tao Xie 1, Vincent Hu 2 and Mine Altunay.
Cooperative Developer Testing: Tao Xie North Carolina State University In collaboration with Xusheng ASE and Nikolai Tillmann, Peli de
Tao Xie (North Carolina State University) Nikolai Tillmann, Peli de Halleux, Wolfram Schulte (Microsoft Research)
Software Engineering1  Verification: The software should conform to its specification  Validation: The software should do what the user really requires.
A Test Case + Mock Class Generator for Coding Against Interfaces Mainul Islam, Christoph Csallner Software Engineering Research Center (SERC) Computer.
Qusay H. Mahmoud CIS* CIS* Service-Oriented Computing Qusay H. Mahmoud, Ph.D.
1 Exposing Behavioral Differences in Cross-Language API Mapping Relations Hao Zhong Suresh Thummalapenta Tao Xie Institute of Software, CAS, China IBM.
Computer Science 1 Systematic Structural Testing of Firewall Policies JeeHyun Hwang 1, Tao Xie 1, Fei Chen 2, and Alex Liu 2 North Carolina State University.
Random Test Generation of Unit Tests: Randoop Experience
Symbolic Execution in Software Engineering By Xusheng Xiao Xi Ge Dayoung Lee Towards Partial fulfillment for Course 707.
CAR-Miner: Mining Exception-Handling Rules as Sequence Association Rules Suresh Thummalapenta and Tao Xie Department of Computer Science North Carolina.
SOFTWARE TESTING AND QUALITY ASSURANCE. Software Testing.
Cs498dm Software Testing Darko Marinov January 24, 2012.
Dynamic Symbolic Execution
A Test Case + Mock Class Generator for Coding Against Interfaces
White-Box Testing Using Pex
Automated Developer Testing: Achievements and Challenges
Software Verification and Validation
Software Verification and Validation
Software Development Cycle
Software Verification and Validation
Presentation transcript:

Tao Xie Automated Software Engineering Group Department of Computer Science North Carolina State University

 Static Verification  Problem: API properties are not available ▪ E.g., fopen’s return needs to be NULL-CHECK  Solution: mining API properties from client code  Dynamic Verification (a.k.a. Software Testing)

3 Supported by NSF CSR and ARO

4 PARSEWeb [ASE 07] PARSEWeb Source object type & Destination object type Method-invocation sequence MAPO [ECOOP 09] API method  Frequent subsequences of API methods SpotWeb [ASE 08] Framework hotspots/coldspots

5 Detect deviant behavior as bugs in programs Neglected-condition bugs [ASE 09] Exception-handling bugs [ICSE 09] Error-handling bugs [FASE 09] API-sequencing bugs [ESEC/FSE 07]

6 Detect duplicate bug reports [ICSE 08] Identify security bug reports [MSR 10] Mine resource specifications from Javadoc [ASE 09, Best Paper Award, SIGSOFT Distinguished Paper] javax.resource.cci.Connection createInteraction():“Creates an interaction associated with this connection.” getMetaData():“Gets the information on the underlying EIS instance represented through an active connection.” close():“Initiates close of the connection handle at the application level.” Supported by IBM Jazz Award

= ? Outputs Expected Outputs Program + Test inputs Test Oracles  Test Generation  Generating high-quality test inputs (e.g., achieving high code coverage)  Test Oracles  Specifying high-quality test oracles (e.g., guarding against various faults)

 Human  Expensive, incomplete, …  Brute Force  Pairwise, predefined data, etc…  Random:  Cheap, Fast  “It passed a thousand tests” feeling  Dynamic Symbolic Execution: Pex, CUTE,EXE  Automated white-box  Not random – Constraint Solving

Code to generate inputs for: Constraints to solve a!=null a!=null && a.Length>0 a!=null && a.Length>0 && a[0]== void CoverMe(int[] a) { if (a == null) return; if (a.Length > 0) if (a[0] == ) throw new Exception("bug"); } void CoverMe(int[] a) { if (a == null) return; if (a.Length > 0) if (a[0] == ) throw new Exception("bug"); } Observed constraints a==null a!=null && !(a.Length>0) a!=null && a.Length>0 && a[0]!= a!=null && a.Length>0 && a[0]== Data null {} {0} {123…} a==null a.Length>0 a[0]==123… T T F T F F Execute&Monitor Solve Choose next path Done: There is no path left. Negated condition

 Loops  Fitnex [DSN 09]  Generic API functions e.g., RegEx matching IsMatch(s1,regex1)  Reggae [ASE 09-sp]  Method sequences  MSeqGen [ESEC/FSE 09]  Environments e.g., file systems, network, db, …  Parameterized Mock Objects [AST 09, ASE 10-sp] Opportunities  Regression testing [ICSE 09-nier]  Developer guidance (cooperative developer testing) Supported by NSF SoD, NSF SHF, NSF CAREER, Microsoft Research Award

 Loops  Fitnex [DSN 09]  Generic API functions e.g., RegEx matching IsMatch(s1,regex1)  Reggae [ASE 09-sp]  Method sequences  MSeqGen [ESEC/FSE 09]  Environments e.g., file systems, network, db, …  Parameterized Mock Objects [AST 09, ASE 10-sp] Applications  Test network division, Fort Hood, Texas  Test DB app of hand-held medical assistant  Test.NET base

Download counts (20 months) (Feb Oct ) Academic: 17,366 Devlabs: 13,022 Total: 30,388

 Various countries/regions  Software internationalization ▪ Locating constant strings to translate [ICSE 09, FSE 10] ▪ E.g., translating Megamek (a realtime strategy game)  Various programming languages  PL translation ▪ E.g., translating Java to C# [ICSE 10]

 Various types of software  Database applications [ASE 10-sp]  Network/file-system applications [AST 09]  Game applications [ICSE 09]  Cyber-physical systems (power grid, medical device software, …)  Could applications  Social network applications  … Supported by NSF SHF, NSF CAREER

 Various types of quality attributes  Functional correctness  Security (NIST/Fermi Lab collaboration) ▪ Testing/verification of access control policies [WWW 07, ACSAC 08, SIGMETRICS 08, IEEE TC 10] ▪ Testing/verification of firewall policies [SRDS 08/09, LISA 10 Best Student Paper ] ▪ Identification of security bug reports [MSR 10] ▪ Attack generation  Performance ▪ IBM RTP collaboration on Rational Performance Tester  … Supported by NSF CyberTrust, NIST, IBM Faculty Awards

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.