constraint based testing
play

Constraint-Based Testing Arnaud Gotlieb INRIA Rennes, France - PDF document

Jan 24, 2024 •275 likes •490 views

An overview of Constraint-Based Testing Arnaud Gotlieb INRIA Rennes, France Uppsala University, 05/19/10 Critical software systems must be thorougly verified ! Several (complementary) techniques at the unit level: program proving software

  1. An overview of Constraint-Based Testing Arnaud Gotlieb INRIA Rennes, France Uppsala University, 05/19/10 Critical software systems must be thorougly verified ! Several (complementary) techniques at the unit level: program proving software model-checking static-analysis based verification software unit testing 1

  2. Software Testing Model-based Testing Code-based Testing Specification Test case generation Correct ? Test set implementation Execution Verdict: pass / fail Constraint-Based Testing Specification Constraint generation Constraint model Correct ? Constraint solving Test set Implementation Execution Verdict: pass / fail 2

  3. Constraint-Based Testing (CBT) Constraint-Based Testing (CBT) is the process of generating test cases against a testing objective by using constraint solving techniques Introduced 20 years ago by Offut and DeMillo in (Constraint-based automatic test data generation IEEE TSE 1991) Mainly used in the context of code-based testing with code coverage objectives, for finding functional faults By now, not yet recognized as a mainstream ST technique, but lots of current research works ! CBT: main tools Microsoft Research ( SAGE / PEX P.Godefroid, P. de Halleux, N. Tillmann) CEA - List ( Osmose S. Bardin P.Herrmann) Univ. of Madrid ( PET M. Gomez-Zamalloa, E. Albert, G. Puebla) Univ. of Stanford ( EXE D. Engler, C. Cadar, P. Guo) Univ. of Nice Sophia-Antipolis ( CPBPV M. Rueher, H. Collavizza) INRIA - Celtique ( Euclide A. Gotlieb, T. Denmat, F. Charreteur) … Main CBT tools (industrial usage) : PEX (Microsoft P. de Halleux, N. Tillmann) InKa ( Dassault A. Gotlieb, B. Botella ) , GATEL ( CEA B. Marre ) , PathCrawler ( CEA N. Williams ) 3

  4. The automatic test data generation problem Given a location k in a program under test, generate a test input that reaches k Undecidable in general, but ad-hoc methods exist f (int x 1 , int x 2 , int x 3 ) { ... } � Highly combinatorial 2 32 possibilities × 2 32 possibilities × 2 32 possibilities = 2 96 possibilities � Loops and non-feasible paths � Modular integer and floating-point computations � Pointers, dynamic structures, function calls, … Context of the presentation: A single-threaded ANSI C function (infinite-state system) selected location in code (reachability problems) CBT: Pros/Cons Pros: Handling control and data structures is essential in automatic software test data generation (i.e., SAT-solving doesn’t work in that context !) Improves significantly code-coverage (as constraints capture hard-to-reach test objectives) Fully automated test data generation methods No semantics description, no formal proof � correction is not a priority ! Cons: Unsatisfiability detection has to be improved (to avoid costly labelling) Still have to confirm that techniques and tools can scale to the testing of large-sized applications 4

  5. Outline • Introduction • Path-oriented exploration • Constraint-based exploration • Further work Path-oriented test data generation • Select one or several paths � Path selection step • Generate the path conditions � Symbolic evaluation techniques • Solve the path conditions to generate test data that activate the selected paths � Constraint solving Test objectives: generating a test suite that covers a given testing criterion (all-statements, all-paths…) or a test data that raise a safety or security problem (assertion violation, buffer overflow, …) Main CBT tools: ATGen (Meudec 2001), EXE (Cadar et al. 2006) 5

  6. Path selection on an example P(short x,y) a short w= abs(y) double z= 1.0 double P(short x, short y) { w != 0 short w = abs(y) ; b double z = 1.0 ; while ( w != 0 ) z = z * x { w = w-1 c z = z * x ; w = w - 1 ; } y<0 d if ( y<0 ) z = 1.0 / z ; return (z) ; } z=1.0 / z e return(z) f Path selection on an example P(short x,y) short w= abs(y) a all-statement coverage: double z= 1.0 a-b-c-b-d-e-f All-branches coverage: w != 0 b a-b-c-b-d-e-f a-b-d-f z = z * x w = w-1 c all-2-paths (at most 2 times in loops): a-b-d-f a-b-d-e-f y<0 d … a-b-(c-b) 2 -d-e-f z=1.0 / z e all-paths: Impossible return(z) f 6

  7. Path condition generation Symbolic state: <Path, State, Path Conditions> Path = n i -..-n j is a path expression of the CFG State = <v i , ϕ i > v ∈ Var(P) where ϕ i is an algebraic expression over X Path Cond. = c 1 ,..,c n where c i is a condition over X X denotes symbolic variables associated to the program inputs and Var(P) denotes internal variables Symbolic execution Ex : a-b-(c-b) 2 -d-f with X,Y P(short x,y) short w= abs(y) a <a, <z,1.>, <w,abs(Y)>, true > double z= 1.0 <a-b, <z,1.>, <w,abs(Y)>, abs(Y) != 0 > w != 0 b X 2 <a-b-c, <z,X>, <w,abs(Y)-1>, abs(Y) != 0 > z= z * x w= w-1 c <a-b-c-b, <z,X.>, <w,abs(Y)-1>, abs(Y) != 0, abs(Y)-1 != 0 > < a-b-c-b-c, <z,X 2 >, <w,abs(Y)-2>, d y<0 abs(Y) != 0, abs(Y)-1 != 0 > <a-b-(c-b) 2 , <z,X 2 >, <w,abs(Y)-2>, abs(Y) != 0, abs(Y) != 1, abs(Y)–2 = 0 > z=1.0 / z e <a-b-(c-b) 2 -d, <z,X 2 >, <w,abs(Y)-2>, abs(Y) != 0, abs(Y) != 1, abs(Y) = 2, Y ≥ 0 > return(z) f <a-b-(c-b) 2 -d-f, <z,X 2 >, <w,0>, Y=2 > 7

  8. Computing symbolic states � <Path, State, PC> is computed by induction over each statement of Path � When the Path conditions are unsatisfiable then Path is non-feasible and reciprocally (i.e., symbolic execution captures the concrete semantics) ex : <a-b-d-e-f,{…}, abs(Y)=0 ∧ Y<0 > � Forward vs backward analysis: Forward � interesting when states are needed Backward � saves memory space, as complete states are not computed Backward analysis P(short x,y) Ex : a-b-(c-b) 2 -d-f with X,Y short w= abs(y) a double z= 1.0 f,d: Y ≥ 0 X 2 w != 0 b b: Y ≥ 0, w = 0 z= z * x c: Y ≥ 0, w-1 = 0 w= w-1 c b: Y ≥ 0, w-1 = 0, w != 0 d y<0 c: Y ≥ 0, w-2 = 0, w-1 != 0 b: Y ≥ 0, w-2 =0, w-1 != 0,w != 0 z=1.0 / z e a: Y ≥ 0, abs(Y)-2 = 0, return(z) f abs(Y)-1 != 0, abs(Y) != 0 8

  9. Problems for symbolic evaluation techniques � Combinatorial explosion of paths (heuristics are needed to explore the search space) � Pointer and array aliasing problems int P(int * p, int a) { if ( *p != a ) { … if *p and a are aliased (i.e., p==&a) then the request is unsatisfiable! � Symbolic execution constrains the shape of dynamically allocated objects int P(struct cell * t) { t if( t == t->next ) { … constrains t to: next � Number of iterations in loops must be selected prior to any symbolic execution Dynamic symbolic evaluation � Symbolic execution of a concrete execution (also called concolic execution) � By using input values, feasible paths only are (automatically) selected � Randomized algorithm, implemented by instrumenting each statement of P Main CBT tools: PathCrawler (Williams et al. 2005), DART/CUTE (Godefroid/Sen et al. 2005), PEX (Tillman et al. Microsoft 2008), SAGE (Godefroid et al.2008) 9

  10. Concolic execution 1. Draw an input at random, execute it and record path conditions 2. Flip a non-covered decision and solve the constraints to find a new input x a 3. Execute with x t a a a a Up to given bounds 4. Repeat 2 b t t t t b t h …. b b b c t t t c t i t c c c f d f f f k j d e e e d d d f t f g f f Constraint solving in symbolic evaluation • Mixed Integer Linear Programming approaches (i.e., simplex + Fourier’s elimination + branch-and-bound) CLP(R,Q) in ATGen (Meudec 2001) lpsolve in DART/CUTE (Godefroid/Sen et al. 2005) • SMT-solving (= SAT + Theories) STP in EXE (Cadar et al. 2006) , Z3 in PEX (Tillmann and de Halleux 2008) • Constraint Programming techniques (constraint propagation and labelling) Colibri in PathCrawler (Williams et al. 2005) Disolver in SAGE (Godefroid et al. 2008) 10

  11. Outline • Introduction • Path-oriented exploration • Constraint-based exploration • Further work Constraint-based program exploration - Based on a constraint model of the whole program (i.e., each statement is seen as a relation between two memory states) - Constraint reasoning over control structures - Requires to build dedicated constraint solvers : * propagation queue management with priorities * specific propagators and global constraints * structure-aware labelling heuristics Main CBT tools: InKa ( Dassault A. Gotlieb, B. Botella ) , GATEL ( CEA B.Marre ) , Euclide (INRIA A. Gotlieb) 11

  12. A reacheability problem a f( int i ) t { f a. j = 100; while( i > 1) b b. { j++ ; i-- ;} … … d. if( j > 500) value of i to reach e ? … e. d t f e Path-oriented exploration f( int i ) a { t a. j = 100; f while( i > 1) b. { j++ ; i-- ;} b … … d. if( j > 500) … e. 1. Path selection d t e.g., (a-b) 14 -…-d-e 2. Path conditions generation (via symbolic exec.) f e j 1 =100, i 1 >1, j 2 =j 1 +1, i 2 =i 1 -1, i 2 >1,…, j 15 >500 3. Path conditions solving unsatisfiable � FAIL Backtrack ! 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Constraint-based Testing Software Engineering Gordon Fraser Saarland University Based on

Constraint-based Testing Software Engineering Gordon Fraser Saarland University Based on

Constraint-based Testing Software Engineering Gordon Fraser Saarland University Based on slides by Arnaud Gotlieb &amp; Koushik Sen So many different test objectives... Path testing 0,*!#@0A.(#-.(4#$%&amp;!'(,#-.(.L!#$%&amp;!'.(#-.(.7

591 views • 31 slides
Constraint-Based Refactoring Rename Field Problem Proven Correct Solution Constraint- Based

Constraint-Based Refactoring Rename Field Problem Proven Correct Solution Constraint- Based

Constraint- Based Refactoring Hansruedi Patzen Refactoring Constraint-Based Refactoring Rename Field Problem Proven Correct Solution Constraint- Based Refactoring Hansruedi Patzen 1 Constraint Rules Generalize Type Implementation

608 views • 22 slides
Constraint Composite Graph-Based Lifted Message Passing for Distributed Constraint Optimization

Constraint Composite Graph-Based Lifted Message Passing for Distributed Constraint Optimization

Constraint Composite Graph-Based Lifted Message Passing for Distributed Constraint Optimization Problems Ferdinando Fioretto 1 Hong Xu 2 Sven Koenig 2 T. K. Satish Kumar 2 fjoretto@umich.edu, hongx@usc.edu, skoenig@usc.edu, tkskwork@gmail.com

779 views • 45 slides
From Interval Computations Constraint-Based Set . . . to Constraint-Related Set From Main Idea

From Interval Computations Constraint-Based Set . . . to Constraint-Related Set From Main Idea

Interval Part: Outline Straightforward . . . Discussion Reason for Excess Width From Interval Computations Constraint-Based Set . . . to Constraint-Related Set From Main Idea to . . . Implementing . . . Computations: Towards Limitations of

541 views • 21 slides
Tractable Constraint Languages Zion Schell Based on Chapter 11 of Rina Dechter's Constraint

Tractable Constraint Languages Zion Schell Based on Chapter 11 of Rina Dechter's Constraint

Tractable Constraint Languages Zion Schell Based on Chapter 11 of Rina Dechter's Constraint Processing by David Cohen and Peter Jeavons Zion Schell Tractable Constraint Languages - 1 4-15-13 Disclaimer This chapter is a bit weird It

1.03k views • 74 slides
The Promise of Model-Based Testing The Promise of Model-Based Testing Presented by: Mahesh

The Promise of Model-Based Testing The Promise of Model-Based Testing Presented by: Mahesh

T17 Concurrent Session Thursday 05/08/2008 3:00 PM The Promise of Model-Based Testing The Promise of Model-Based Testing Presented by: Mahesh Velliyur Maveric Testing Solutions Presented at: STAR EAST Software Testing Analysis &amp; Review

582 views • 30 slides
Black Box Testing (A&amp;O Ch. 4) (2 nd Ed. Ch. 6) Course Software Testing &amp; Verification

Black Box Testing (A&amp;O Ch. 4) (2 nd Ed. Ch. 6) Course Software Testing &amp; Verification

Black Box Testing (A&amp;O Ch. 4) (2 nd Ed. Ch. 6) Course Software Testing &amp; Verification 2019/20 Wishnu Prasetya &amp; Gabriele Keller Plan Partitioning based testing (A&amp;O Ch 4/2 nd Ed Ch. 6). Model based testing Note: black

772 views • 39 slides
Structural Testing Also known as glass/white/open box testing Structural testing is based

Structural Testing Also known as glass/white/open box testing Structural testing is based

Path Testing and Test Coverage Chapter 9 Structural Testing Also known as glass/white/open box testing Structural testing is based on using specific knowledge of the program source text to define test cases Contrast with functional

999 views • 60 slides
Constraint Programming Overview based on Examples Marco Chiarandini Department of Mathematics

Constraint Programming Overview based on Examples Marco Chiarandini Department of Mathematics

DM841 Discrete Optimization Part I Lecture 2 Constraint Programming Overview based on Examples Marco Chiarandini Department of Mathematics &amp; Computer Science University of Southern Denmark Outline 1. An Initial Example 2. Constraint

2.09k views • 185 slides
A New Constraint-based Framework for Qualitative Reasoning Krzysztof Apt CWI &amp; University of

A New Constraint-based Framework for Qualitative Reasoning Krzysztof Apt CWI &amp; University of

A New Constraint-based Framework for Qualitative Reasoning Krzysztof Apt CWI &amp; University of Amsterdam (Joint work with Sebastian Brand) Constraint-based Qualitative Reasoning p.1/26

300 views • 26 slides
Testing of a telecommunication protocol using constraint programming Olga Grinchtein Mats Carlsson

Testing of a telecommunication protocol using constraint programming Olga Grinchtein Mats Carlsson

Testing of a telecommunication protocol using constraint programming Olga Grinchtein Mats Carlsson Justin Pearson Ericsson AB SICS Uppsala University The LTE Radio Base Station (RBS) is SUT at our department at Ericsson. Our case study is

225 views • 3 slides
Robust Self Testing for Linear Constraint Games Andrea Coladangelo Jalex Stark Department of

Robust Self Testing for Linear Constraint Games Andrea Coladangelo Jalex Stark Department of

Motivation Techniques Open Questions Robust Self Testing for Linear Constraint Games Andrea Coladangelo Jalex Stark Department of Computing and Mathematical Sciences California Institute of Technology QIP 2018, 16 January 2017 Andrea

1.06k views • 69 slides
WEM Reform: Constraint Development Responsibilities PSO-WG Meeting 3 February 2019 1

WEM Reform: Constraint Development Responsibilities PSO-WG Meeting 3 February 2019 1

WEM Reform: Constraint Development Responsibilities PSO-WG Meeting 3 February 2019 1 Constraint technical framework Constraint Limit advice equations 2. Constraint formulation 1. Power system 3. Constraint model library 4. Dispatch

523 views • 12 slides
Property-Based Testing Matt Bachmann @mattbachmann Testing is Important Testing is Important

Property-Based Testing Matt Bachmann @mattbachmann Testing is Important Testing is Important

Property-Based Testing Matt Bachmann @mattbachmann Testing is Important Testing is Important Testing is Important Testing is Hard Testing is Hard Testing is Hard Capture the Important Cases Minimize The Coding Overhead Sorting a list of

1.66k views • 118 slides
Specification-Based Testing 1 Stuart Anderson Stuart Anderson Specification-Based Testing 1

Specification-Based Testing 1 Stuart Anderson Stuart Anderson Specification-Based Testing 1

Specification-Based Testing 1 Stuart Anderson Stuart Anderson Specification-Based Testing 1 2011 c 1 Overview Basic terminology A view of faults through failure Systematic versus randomised testing A systematic approach to

492 views • 32 slides
Who Learns Better Bayesian Network Structures Constraint-Based, Score-based or Hybrid Algorithms?

Who Learns Better Bayesian Network Structures Constraint-Based, Score-based or Hybrid Algorithms?

Who Learns Better Bayesian Network Structures Constraint-Based, Score-based or Hybrid Algorithms? Marco Scutari 1 Catharina Elisabeth Graafland 2 errez 2 Jos e Manuel Guti 1 Department of Statistics University of Oxford, UK

383 views • 20 slides
Chapter 10 Retrospective on Unit Testing Software Testing: A Craftsman s Approach, 4 th

Chapter 10 Retrospective on Unit Testing Software Testing: A Craftsman s Approach, 4 th

Chapter 10 Retrospective on Unit Testing Software Testing: A Craftsman s Approach, 4 th Edition Chapter 10 Retrospective The Test Method Pendulum Code-based Spec-based Testing Testing Boundary Path Equivalence Value Decision Dataflow

537 views • 32 slides
Preparing Accomplished Transfers in the Humanities (PATH) Pegah Motaleb Associate Professor of

Preparing Accomplished Transfers in the Humanities (PATH) Pegah Motaleb Associate Professor of

Preparing Accomplished Transfers in the Humanities (PATH) Pegah Motaleb Associate Professor of English Coordinator September 4, 2018 Presidents Cabinet The American Association of Colleges and Universities (AAC&amp;U)

411 views • 18 slides
Move Utah ACTIVE, HEALTHY, CONNECTED COMMUNITIES A Path to Improved Health &amp; Well-Being:

Move Utah ACTIVE, HEALTHY, CONNECTED COMMUNITIES A Path to Improved Health &amp; Well-Being:

Move Utah ACTIVE, HEALTHY, CONNECTED COMMUNITIES A Path to Improved Health &amp; Well-Being: Trailblazing Transportation Policies Dr. Suzanne Kent Millington Heather Borski Troy Walker Harrison Board of Trustee Division of Disease Control

189 views • 14 slides
School Path Minna Mar.nen Heli Pakarinen Eija Zweygberg

School Path Minna Mar.nen Heli Pakarinen Eija Zweygberg

School Path Minna Mar.nen Heli Pakarinen Eija Zweygberg Signage What kind of signs are needed? School Path label (graphical image) Colour Code(s)

535 views • 12 slides
International Labour Organization/World Bank Inventory of Policy Responses to the Financial and

International Labour Organization/World Bank Inventory of Policy Responses to the Financial and

International Labour Organization/World Bank Inventory of Policy Responses to the Financial and Economic Crisis The global financial crisis continues to have a significant impact on the world economy. The ILO has downgraded its Global Employment

286 views • 3 slides
Pattern Matching Reminder: Decomposition The task we are trying to solve is find a general and

Pattern Matching Reminder: Decomposition The task we are trying to solve is find a general and

Pattern Matching Reminder: Decomposition The task we are trying to solve is find a general and convenient way to access objects in a extensible class hierarchy. Attempts seen previously : touch all classes to add a new method. Classification

434 views • 15 slides
Elaborating dependent (co)pattern matching Andreas Abel Jesper Cockx Chalmers &amp; Gothenburg

Elaborating dependent (co)pattern matching Andreas Abel Jesper Cockx Chalmers &amp; Gothenburg

Elaborating dependent (co)pattern matching Andreas Abel Jesper Cockx Chalmers &amp; Gothenburg University 23 March 2018 Type systems &amp; proof assistants: science or faith? surface core language language 1 / 38 Type systems &amp;

1.83k views • 79 slides
Charles Snow Gillingham The Payload Team Katariina Lehtiniemi, Step 1: adding the transmitter

Charles Snow Gillingham The Payload Team Katariina Lehtiniemi, Step 1: adding the transmitter

Marco Cipriani, Helena Charles Snow Gillingham The Payload Team Katariina Lehtiniemi, Step 1: adding the transmitter (Boris) and the encoder (Ottorino) Near the back and the external connector (Sans) They must be connected to the antennas

816 views • 23 slides

More recommend