Presentation is loading. Please wait.

Presentation is loading. Please wait.

1. (50 pts) Concolic testing the sort function

Published byMaria Rasmussen Modified over 5 years ago

Similar presentations

Presentation on theme: "1. (50 pts) Concolic testing the sort function"— Presentation transcript:

1 1. (50 pts) Concolic testing the sort function
Given C program of the sort function, write down asserts and environment model for concolic testing You have to use depth-first search (DFS) to generate test inputs to cover all possible execution paths To do list: Describe your environment model in detail Describe run-time parameters of CROWN Report concolic testing results Assert violation with a violation test input if any Fix the bug and explain how you fixed it Report concolic testing results on the fixed sort function # of test inputs generated and explain why CROWN generates that number of test inputs Time spent # of branches and branch coverage measured by gcov

2 #include<stdio.h>
#include<assert.h> #define N 5 void sort(int *a, int a_size ) { int i,j, tmp; for(i=0; i<a_size-1; i++) for (j=i+1; j<a_size-1; j++) { if (a[i] > a[j]){ tmp = a[i]; a[i] = a[j]; a[j] = tmp; } void environment_setup(int *a, int a_size) { /* To fill out: Assign random *unique values* to a[], each of * which ranges from 1 to 99 */ int main(){ int data[N], i; environment_setup(data, N); printf("Input: "); for(i=0; i< N; i++) printf("%d,", data[i]); printf("\n"); sort(data, N); printf("Output: "); // Checking the sorted result for(i=0; i < N-1; i++) assert(data[i]<=data[i+1]); }

3 2. (50 pts) Concolic testing the circular queue of positive integers
Given C program of the circular queue, convert asserts and environment model for concolic testing You have to use depth-first search (DFS) to generate test inputs to cover all possible execution paths To do list: Describe your assertion check routine in detail Describe your environment model in detail Describe run-time parameters of CROWN Report concolic testing results Assert violation with a violation test input if any # of test inputs generated Time spent # of branches and branch coverage measured by gcov

4 Circular Queue of Positive Integers
#include<stdio.h> #define SIZE 12 #define EMPTY 0 // We assume that q[] is // empty if head==tail unsigned int q[SIZE],head,tail; void enqueue(unsigned int x) { q[tail]=x; tail=(++tail)%SIZE; } unsigned int dequeue() { unsigned int ret; ret = q[head]; q[head]=0; head= (++head)%SIZE; return ret;} Step 1) 1 2 3 4 5 6 7 8 9 10 11 15 6 9 8 4 head=6 tail=11 Step 2) 3 5 15 6 9 8 4 17 tail=2 head=6 Step 3) 3 5 6 9 8 4 17 tail=2 head=7

5 void enqueue_verify() {
unsigned int x, old_head, old_tail; unsigned int old_q[SIZE], i; __CPROVER_assume(x>0); for(i=0; i < SIZE; i++) old_q[i]=q[i]; old_head=head; old_tail=tail; enqueue(x); assert(q[old_tail]==x); assert(tail== ((old_tail +1) % SIZE)); assert(head==old_head); for(i=0; i < old_tail; i++) assert(old_q[i]==q[i]); for(i=old_tail+1; i < SIZE; i++) assert(old_q[i]==q[i]); } void dequeue_verify() { unsigned int ret, old_head, old_tail; unsigned int old_q[SIZE], i; for(i=0; i < SIZE; i++) old_q[i]=q[i]; old_head=head; old_tail=tail; __CPROVER_assume(head!=tail); ret=dequeue(); assert(ret==old_q[old_head]); assert(q[old_head]== EMPTY); assert(head==(old_head+1)%SIZE); assert(tail==old_tail); for(i=0; i < old_head; i++) assert(old_q[i]==q[i]); for(i=old_head+1; i < SIZE; i++) assert(old_q[i]==q[i]);} int main() {// cbmc q.c –unwind SIZE+2 environment_setup(); enqueue_verify();} int main() {// cbmc q.c –unwind SIZE+2 environment_setup(); dequeue_verify();}

6 #include<stdio.h> #define SIZE 12 #define EMPTY 0
// Initial random queue setting following the script void environment_setup() { int i; for(i=0;i<SIZE;i++) { q[i]=EMPTY;} head=non_det(); __CPROVER_assume(0<= head && head < SIZE); tail=non_det(); __CPROVER_assume(0<= tail && tail < SIZE); if( head < tail) for(i=head; i < tail; i++) { q[i]=non_det(); __CPROVER_assume(0< q[i]); } else if(head > tail) { for(i=0; i < tail; i++) { for(i=head; i < SIZE; i++) { } // We assume that q[] is empty if head==tail #include<stdio.h> #define SIZE 12 #define EMPTY 0 unsigned int q[SIZE],head,tail; void enqueue(unsigned int x) { q[tail]=x; tail=(++tail)%SIZE; } unsigned int dequeue() { unsigned int ret; ret = q[head]; q[head]=0; head= (++head)%SIZE; return ret;

Download ppt "1. (50 pts) Concolic testing the sort function"

Similar presentations

A Survey of Approaches for Automated Unit Testing

A Survey of Approaches for Automated Unit Testing
PLDI’2005Page 1June 2005 Example (C code) int double(int x) { return 2 * x; } void test_me(int x, int y) { int z = double(x); if (z==y) { if (y == x+10)

PLDI’2005Page 1June 2005 Example (C code) int double(int x) { return 2 * x; } void test_me(int x, int y) { int z = double(x); if (z==y) { if (y == x+10)
Chapter 6 Structures By C. Shing ITEC Dept Radford University.

Chapter 6 Structures By C. Shing ITEC Dept Radford University.
Analysis of Algorithms CS 302 - Data Structures Section 2.6.

Analysis of Algorithms CS Data Structures Section 2.6.
Session 3 Algorithm. Algorithm Algorithm is a set of steps that are performed to solve a problem. The example below describes an algorithm Example Check.

Session 3 Algorithm. Algorithm Algorithm is a set of steps that are performed to solve a problem. The example below describes an algorithm Example Check.
Insertion sort, Merge sort COMP171 Fall 2006. Sorting I / Slide 2 Insertion sort 1) Initially p = 1 2) Let the first p elements be sorted. 3) Insert the.

Insertion sort, Merge sort COMP171 Fall Sorting I / Slide 2 Insertion sort 1) Initially p = 1 2) Let the first p elements be sorted. 3) Insert the.
Problem: Given an array of positive integers, find a pair of integers in the array that adds up to 10 (or indicate none exist). Your code should be as.

Problem: Given an array of positive integers, find a pair of integers in the array that adds up to 10 (or indicate none exist). Your code should be as.
Instruction count for statements Methods Examples

Instruction count for statements Methods Examples
Queues.

Queues.
CS 202, Spring 2003 Fundamental Structures of Computer Science II Bilkent University1 Sorting CS 202 – Fundamental Structures of Computer Science II Bilkent.

CS 202, Spring 2003 Fundamental Structures of Computer Science II Bilkent University1 Sorting CS 202 – Fundamental Structures of Computer Science II Bilkent.
1 Software John Sum Institute of Technology Management National Chung Hsing University.

1 Software John Sum Institute of Technology Management National Chung Hsing University.
CS 1704 Introduction to Data Structures and Software Engineering.

CS 1704 Introduction to Data Structures and Software Engineering.
Main Index Contents 11 Main Index Contents Week 3 – The Vector Container.

Main Index Contents 11 Main Index Contents Week 3 – The Vector Container.
ICS 145B -- L. Bic1 Project: Main Memory Management Textbook: pages 492-495 ICS 145B L. Bic.

ICS 145B -- L. Bic1 Project: Main Memory Management Textbook: pages ICS 145B L. Bic.
HW6: Due Dec 8th 23:59 1.Describe test cases to reach full path coverage of the triangle program by completing the path condition table below. Also, draw.

HW6: Due Dec 8th 23:59 1.Describe test cases to reach full path coverage of the triangle program by completing the path condition table below. Also, draw.
Homework Assignment #4 J. H. Wang Dec. 3, 2007.

Homework Assignment #4 J. H. Wang Dec. 3, 2007.
Software Model Checking Moonzoo Kim. Operational Semantics of Software A system execution  is a sequence of states s 0 s 1 … – A state has an environment.

Software Model Checking Moonzoo Kim. Operational Semantics of Software A system execution  is a sequence of states s 0 s 1 … – A state has an environment.
Strings program. C Program to Check if a given String is Palindrome #include void main() { char string[25], reverse_string[25] = {'\0'}; int i, length.

Strings program. C Program to Check if a given String is Palindrome #include void main() { char string[25], reverse_string[25] = {'\0'}; int i, length.
Strings program. C Program to Check if a given String is Palindrome #include void main() { char string[25], reverse_string[25] = {'\0'}; int i, length.

Strings program. C Program to Check if a given String is Palindrome #include void main() { char string[25], reverse_string[25] = {'\0'}; int i, length.
C A RRAY Continue one dimensional array 1. Assume we have define this array: int hourlyTemp[ 24 ]; And we need to insert this array as parameter into.

C A RRAY Continue one dimensional array 1. Assume we have define this array: int hourlyTemp[ 24 ]; And we need to insert this array as parameter into.

Similar presentations

Ads by Google