Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wishnu Prasetya WLP for Automated Testing.

Published byLenard Owen Modified over 9 years ago

Similar presentations

Presentation on theme: "Wishnu Prasetya WLP for Automated Testing."— Presentation transcript:

1 Wishnu Prasetya wishnu@cs.uu.nl www.cs.uu.nl/docs/vakken/pv WLP for Automated Testing

2 Testing problem Give test-cases that would cover all 4 paths in the above program. Observation: any input satisfying the wlp of a post- condition Q, specifies a test-case leading a terminal state satisfying Q. Idea : use Q to specify the target path. 2 tax(rate, income | tax) { if (income  10000) tax := 0 ; if (income  20000) tax := income / rate.low ; tax := tax + income / rate.high ; }

3 Wedge A wedge is a finite path of primitive (non-composite) statements in the program, from the program’s start, where we replace guard conditions with the corresponding assert. The concept is from Tomb & Flanagan, Detecting Inconsistencies via Universal Reachability Analysis, ISSTA, 2012. They use assume. For our purpose, we need to turn them to assert. We can use wedges to re-express coverage problem (e.g. cover this spot, or cover this path). Then we can calculate the wlp of each wedge. 3

4 Wedge & coverage a wedge covering assert income  10000 ; tax := 0 ; assert income  20000 ; a wedge covering without passing (unfeasible) assert income  10000 ; tax := 0 ; assert income > 20000 ; 4 tax(rate, income | tax) { if (income  10000) tax := 0 ; if (income  20000) tax := income / rate.low ; tax := tax + income / rate.high ; } cover this

5 wlp of a wedge Let p be a target path to cover in the CFG of Pr(x). Let w(x) be a wedge such that any execution of w is also an execution of Pr that covers p. Calculate p = wlp w true. Check the satisfiability of p; a witness to that is basically an instance of input x for Pr that would cover p. 5

6 Covering by solving wlp if (x>9) { x := x+y ; if (x+y  0) { y := 0 ; if (x  8) { cover-this... } a wedge to cover assert x>9 ; x := x+y ; assert x+y < 0 ; y := 0 ; assert x  8 wlp : x>9 /\ x+2y  0 /\ x+y  8 6

7 Concolic approach Problems: A long wedge has more constraints; the wlp may be difficult for your theorem prover to solve. What to do with loops? Combined concrete and symbolic calculation to incrementally solve the wedge. Imagine the wedge : w(x,y) = assert p 1 ; x:=x+y; assert p 2 ; y:=0; assert p 3 wlp : p = p 1 /\ p 2 [x+y/x] /\ p 3 [0/y][x+y/x] 7

8 Concolic approach wlp : p = p 1 /\ p 2 [x+y/x] /\ p 3 [0/y][x+y/x] Execute w, e.g. w(0,9). Suppose this manages to pass the guards p 1 and p 2 but fails on p 3. Try to solve p[0/x] or p[9/y] instead. This at least simplifies the formula to solve. Not necessarily leads to a solution. 8

9 Wedge “passing” a loop Consider : while g do S ; if h then { cover this }... A wedge to cover has to do some iterations of S. How many iterations ? Arbitrarily choosing k iterations may produce a wedge that is infeasible. Concolic: run a concrete execution; suppose it iterates n times, but fails to pass h at least we know that iterating n times is feasible construct a wedge with n unfolding and solve it if unfeasible try a different concrete run 9

Download ppt "Wishnu Prasetya WLP for Automated Testing."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows.

In this episode of The Verification Corner, Rustan Leino talks about Loop Invariants. He gives a brief summary of the theoretical foundations and shows.
Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008

Masahiro Fujita Yoshihisa Kojima University of Tokyo May 2, 2008
Marking Schema question1: 40 marks question2: 40 marks question3: 20 marks total: 100 marks.

Marking Schema question1: 40 marks question2: 40 marks question3: 20 marks total: 100 marks.
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
Parallel Symbolic Execution for Structural Test Generation Matt Staats Corina Pasareanu ISSTA 2010.

Parallel Symbolic Execution for Structural Test Generation Matt Staats Corina Pasareanu ISSTA 2010.
Model Counting >= Symbolic Execution Willem Visser Stellenbosch University Joint work with Matt Dwyer (UNL, USA) Jaco Geldenhuys (SU, RSA) Corina Pasareanu.

Model Counting >= Symbolic Execution Willem Visser Stellenbosch University Joint work with Matt Dwyer (UNL, USA) Jaco Geldenhuys (SU, RSA) Corina Pasareanu.
Lecture 23. Subset Sum is NPC

Lecture 23. Subset Sum is NPC
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.

A survey of techniques for precise program slicing Komondoor V. Raghavan Indian Institute of Science, Bangalore.
Hybrid Concolic Testing Rupak Majumdar Koushik Sen UC Los Angeles UC Berkeley.

Hybrid Concolic Testing Rupak Majumdar Koushik Sen UC Los Angeles UC Berkeley.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.

Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
Wishnu Prasetya Security Checking.

Wishnu Prasetya Security Checking.
Complexity 26-1 Complexity Andrei Bulatov Interactive Proofs.

Complexity 26-1 Complexity Andrei Bulatov Interactive Proofs.
CSE503: SOFTWARE ENGINEERING SYMBOLIC TESTING, AUTOMATED TEST GENERATION … AND MORE! David Notkin Spring 2011.

CSE503: SOFTWARE ENGINEERING SYMBOLIC TESTING, AUTOMATED TEST GENERATION … AND MORE! David Notkin Spring 2011.
1 Introduction to Computability Theory Lecture2: Non Deterministic Finite Automata Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture2: Non Deterministic Finite Automata Prof. Amos Israeli.
Fall 2003Costas Busch - RPI1 Decidability. Fall 2003Costas Busch - RPI2 Recall: A language is decidable (recursive), if there is a Turing machine (decider)

Fall 2003Costas Busch - RPI1 Decidability. Fall 2003Costas Busch - RPI2 Recall: A language is decidable (recursive), if there is a Turing machine (decider)
1 Polynomial Time Reductions Polynomial Computable function : For any computes in polynomial time.

1 Polynomial Time Reductions Polynomial Computable function : For any computes in polynomial time.
1 Today Another approach to “coverage” Cover “everything” – within a well-defined, feasible limit Bounded Exhaustive Testing.

1 Today Another approach to “coverage” Cover “everything” – within a well-defined, feasible limit Bounded Exhaustive Testing.
CS 330 Programming Languages 09 / 18 / 2007 Instructor: Michael Eckmann.

CS 330 Programming Languages 09 / 18 / 2007 Instructor: Michael Eckmann.

Similar presentations

Ads by Google