invariants and state in testing and formal methods
play

Invariants and State in Testing and Formal Methods Dick Hamlet - PowerPoint PPT Presentation

Dec 31, 2023 •35 likes •315 views

Invariants and State in Testing and Formal Methods Dick Hamlet Portland State University Supported by NSF CCR-0112654 and SFI E.T.S. Walton Fellowship 1/10 The Simplest Context Meaning of a program with persistent state:

  1. Invariants and State in Testing and Formal Methods Dick Hamlet Portland State University Supported by NSF CCR-0112654 and SFI E.T.S. Walton Fellowship 1/10

  2. � � � The Simplest Context Meaning of a program with persistent state: input domain ( think: STDIN ) output domain ( think: STDOUT ) state space ( think: permanent R/W file) 2/10

  3. ✁ � ✂ ✁ ✆ � ✝✞ ✟ ✂ ☎ ✆ � ☎ ✠ � ✞ ✄ The Simplest Context Meaning of a program with persistent state: input domain ( think: STDIN ) output domain ( think: STDOUT ) state space ( think: permanent R/W file) 2/10

  4. State is Anomalous On the other hand... On the one hand... 3/10

  5. State is Anomalous On the other hand... On the one hand... States are ‘inputs’ that influence program be- havior 3/10

  6. State is Anomalous On the other hand... On the one hand... States are ‘inputs’ that States are ‘outputs’ influence program be- that only the program havior creates 3/10

  7. State is Anomalous On the other hand... On the one hand... States are ‘inputs’ that States are ‘outputs’ influence program be- that only the program havior creates (bottom line) A state variable is not independent – sample at your own risk! 3/10

  8. ✂ � ✞ � � ✂ � ✂ ✞ � ✁ Testing Viewpoint Stateless case: Black-box program . Specification function . Test point fails if . Operational profile: Usage P .d.f. on . 4/10

  9. ✂ ✞ � ☎ ✁ ☎ � � ✞ � ✂ ✂ � � ✂ ✁ � � � Testing Viewpoint Stateless case: Black-box program . Specification function . Test point fails if . Operational profile: Usage P .d.f. on . Persistent state: Replace by sequences . ✁✄✂ . ( Sequence profile) 4/10

  10. � ✂ � ☎ ✁ ☎ � � ✞ � ✂ ✂ ✞ � ✂ ✁ � � � Testing Viewpoint Stateless case: Black-box program . Specification function . Test point fails if . Operational profile: Usage P .d.f. on . Persistent state: Replace by sequences . ✁✄✂ . ( Sequence profile) State is only implicit — tester may sample ...(?) 4/10

  11. ☎ ☎ ✠ ☎ ✆ ☎ ✝ ✆ ☎ ✝ ✄ ✆ ✝ ✄ ☎ ✆ ✝ ✄ � ✠ ✁ ✄ ☎ ✁ ✠ ☎ ✁ ✆ ☎ ✁ ✄ ✆ ✝ Proving Viewpoint Specification is a first-order formula in values of program variables . Type, Symbol Evaluation Variables ( original) Pre-cond before Post-cond after Assertion any Invariant before/after 5/10

  12. ✝ ☎ ☎ ✠ ☎ ✆ ☎ ✆ ✆ ☎ ✝ ✄ ✝ ☎ ✄ ✆ ✠ ✄ ☎ ✆ ✄ ✁ ☎ ✆ ✁ ✠ ✝ ✁ ✆ ☎ ✄ ✁ � ✝ Proving Viewpoint Specification is a first-order formula in values of program variables . Type, Symbol Evaluation Variables ( original) Pre-cond before Post-cond after Assertion any Invariant before/after State variable is explicit – specification is state-prescriptive...(?) 5/10

  13. ✂ ☎ ✝ ✆ ☎ ✝ ✄ ✂ ✞ ✄ ☎ ✁ ✆ ✝ ✆ ✆ ☎ ✄ ☎ ✝ ✄ � ✠ ✞ ✂ ✄ ☎ ☎ Invariants in Proofs Room for confusion – First-order formulas include implicit evaluation times; Hoare logic hides quantification. For example, correctness of program : 6/10

  14. ☎ ✆ ✞ ✂ ✄ ✆ ☎ ✝ ✆ ☎ � ✄ ☎ ✁ ☎ ✁ ✂ ✄ ☎ ✆ ✞ ✁ ✂ ✄ ✞ ✂ ✠ ✆ ✝ ✝ ✂ ✞ ✂ ✠ ☎ � ✄ ✝ ☎ ✄ ☎ ✆ ☎ ☎ ✆ ✁ ✂ ✄ ✞ ✂ ✄ ✝ ☎ ✆ ✝ ✄ Invariants in Proofs Room for confusion – First-order formulas include implicit evaluation times; Hoare logic hides quantification. For example, correctness of program : Invariant role filter out -impossible states. Pre-condition role filter out inputs humans agree not to use. 6/10

  15. ☎ ✄ ✂ ✄ ✞ ✞ ✠ ✂ ✄ Testing with Invariants Stateless testing of to approximate proof: Sample , and for each such that , run and check . (TestEra) 7/10

  16. ✞ ✞ ✁ ✂ ✂ ✄ ☎ ✆ ✄ ✝ ✁ ✂ ✄ ☎ ✆ ✞ ✄ ☎ ✂ ✄ ✞ ✠ ☎ ✄ ✆ ✂ ✞ ✞ ☎ ✝ ✆ ✂ ✄ ☎ ✠ � Testing with Invariants Stateless testing of to approximate proof: Sample , and for each such that , run and check . (TestEra) With state it’s more complicated. First try: Sample . For each such that , run and check . 7/10

  17. ✞ ✆ ✂ ✄ ✝ ☎ ✆ ✝ ☎ ☎ ✞ ✠ ✞ ✆ ☎ � ✄ ✄ ✄ ✞ ☎ ✞ ✄ ✁ ✄ ✂ ✄ ☎ ✆ ✂ ✄ ✁ ✂ ✄ ☎ ✆ � � ✂ ✁ ✄ � ✄ ✆ ✁ ✁ ✆ ☎ ✁ ✂ ✁ ✞ ☎ ✆ ✁ ✞ ✂ ✂ ☎ ✂ ✆ ✄ ✟ ☎ ✂ ☎ ✂ ✂ ✂ ☎ ✄ ✄ ✄ � ✄ ☎ ✁ ✁ ☎ ✞ ✂ ☎ ✂ � � ☎ � � � � � � � � � � � � � � � � � � � � ✞ ✞ ✠ ☎ ✄ ✄ ✂ ✄ ✆ ☎ ☎ ☎ ✂ ✄ ☎ ✠ ✞ ✆ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ☎ Testing with Invariants Stateless testing of to approximate proof: Sample , and for each such that , run and check . (TestEra) With state it’s more complicated. First try: Sample . For each such that , run and check . Better: Sample , say , such ✁ ✝✆ that . Sample . If , run on the sequence, obtaining state sequence and ✆ ✡✠ check . ✄☞☛ 7/10

  18. Proof-, Testing-like Formulas Let be a logical formula (invariant, post-condition, etc.) applied to a program. 8/10

  19. Proof-, Testing-like Formulas Let be a logical formula (invariant, post-condition, etc.) applied to a program. is Proof-like : No test case can falsify . is Testing-like : There is a low probability that test-case sequences drawn according to a given operational profile will falsify . Since profiles are arbitrary human specifications, proof-like and testing-like can be very different. 8/10

  20. Proof-, Testing-like Formulas Let be a logical formula (invariant, post-condition, etc.) applied to a program. is Proof-like : No test case can falsify . is Testing-like : There is a low probability that test-case sequences drawn according to a given operational profile will falsify . Since profiles are arbitrary human specifications, proof-like and testing-like can be very different. itself can be proof- or testing-like if it is obtained using all possibilities, or only those from a profile. 8/10

  21. Daikon, TestEra, Etc. Daikon TestEra Generates bounded Generates possible exhaustive testset pre- and (BET) from given post-conditions from pre-condition; checks given testset. given post-condition. 9/10

  22. Daikon, TestEra, Etc. Daikon TestEra Generates bounded Generates possible exhaustive testset pre- and (BET) from given post-conditions from pre-condition; checks given testset. given post-condition. +invariant +profile 9/10

  23. � ✁ Daikon, TestEra, Etc. Daikon TestEra Generates bounded Generates possible exhaustive testset pre- and (BET) from given post-conditions from pre-condition; checks given testset. given post-condition. +invariant +profile From invariant and profile, generate BET; check invariant as post-condition. Use BET to generate possible post-condition. 9/10

  24. � � � Summary Testing needs to recognize state and invariants Sample state with care! Drive sampling with invariants 10/10

  25. � � � � Summary Testing needs to recognize state and invariants Sample state with care! Drive sampling with invariants Invariants are inherently prescriptive 10/10

  26. � � � � � Summary Testing needs to recognize state and invariants Sample state with care! Drive sampling with invariants Invariants are inherently prescriptive Operational profiles define ‘usage invariants’ 10/10

  27. � � � � � � Summary Testing needs to recognize state and invariants Sample state with care! Drive sampling with invariants Invariants are inherently prescriptive Operational profiles define ‘usage invariants’ Tools using first-order formulas with tests need specification-based invariants 10/10

  28. � � � � � � Summary Testing needs to recognize state and invariants Sample state with care! Drive sampling with invariants Invariants are inherently prescriptive Operational profiles define ‘usage invariants’ Tools using first-order formulas with tests need specification-based invariants 10/10

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
1 FM does not replace testing! Why Use Formal Methods Reduces burden on testing phases to

1 FM does not replace testing! Why Use Formal Methods Reduces burden on testing phases to

Topics Introduction and terminology Overview of Formal Methods FM and Software Engineering Applications of FM Propositional and Predicate Logic Program derivation Intuitive program verification Algebraic Specifications

174 views • 5 slides
Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Outline Formal specifications CISC422/853: Formal Methods Types of formal specifications: in Software Engineering: assertions invariants Computer-Aided Verification safety and liveness properties How to express safety

226 views • 22 slides
Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff, David R. White and John A. Clark. The 13th CREST Open Workshop Thursday 12 May 2011 Outline Invariants Using GP to find Invariants Identifying

417 views • 38 slides
Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in Software Engineering: Practically : BIR, PROMELA How to express properties Computer-Aided Verification Assertions, invariants

196 views • 9 slides
Testing security of CPS with Formal Methods Application (in progress) to industrial protocols IoS

Testing security of CPS with Formal Methods Application (in progress) to industrial protocols IoS

Testing security of CPS with Formal Methods Application (in progress) to industrial protocols IoS & IoT Roland Groz, Jean-Luc Richier, Maxime Puys, Laurent Mounier Univ. Grenoble Alpes LIG/Vasco + Vrimag/PACSS Kobe Universit

1.02k views • 33 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Online Data Plane Checking June 12, 2013 Summer School on Formal Methods and Networks Cornell

Online Data Plane Checking June 12, 2013 Summer School on Formal Methods and Networks Cornell

Online Data Plane Checking June 12, 2013 Summer School on Formal Methods and Networks Cornell University VeriFlow: Verifying Network-Wide Invariants in Real Time* Ahmed Khurshid , Xuan Zou, Wenxuan Zhou, Matthew Caesar, P. Brighten Godfrey

470 views • 33 slides
Rigorous Evaluation Usability Testing What is Usability Testing? Formal and rigorous testing

Rigorous Evaluation Usability Testing What is Usability Testing? Formal and rigorous testing

Rigorous Evaluation Usability Testing What is Usability Testing? Formal and rigorous testing using a structured process Validate adherence to interaction requirements Actual users who perform realistic and representative tasks

490 views • 38 slides
Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

524 views • 25 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process What are Formal Methods? Advantages and Disadvantages of Formal Methods Formal Methods in the Requirement Process Mathematical Formulas

561 views • 20 slides
THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING LOGIC Peter Olveczky University of Oslo FMfun19, December 3, 2019 OUTLINE How to introduce formal methods to undergraduates? Fun!

1.95k views • 171 slides
Lecture 7: Formal Methods for Requirements Engineering 2017-05-29 Prof. Dr. Andreas Podelski, Dr.

Lecture 7: Formal Methods for Requirements Engineering 2017-05-29 Prof. Dr. Andreas Podelski, Dr.

Softwaretechnik / Software-Engineering Lecture 7: Formal Methods for Requirements Engineering 2017-05-29 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal Albert-Ludwigs-Universitt Freiburg, Germany 7 2017-05-29 main Topic Area

870 views • 56 slides
Lecture 1: Introduction to model checking B. Srivathsan Chennai Mathematical Institute Model

Lecture 1: Introduction to model checking B. Srivathsan Chennai Mathematical Institute Model

Lecture 1: Introduction to model checking B. Srivathsan Chennai Mathematical Institute Model Checking and Systems Verification January - April 2015 1 / 25 What are we interested in? 2 / 25 What are we interested in? Software Controllers Code

1.05k views • 40 slides
Formal Methods and the Chromatic Number of the Plane Marijn J.H. Heule Formal Methods in

Formal Methods and the Chromatic Number of the Plane Marijn J.H. Heule Formal Methods in

Formal Methods and the Chromatic Number of the Plane Marijn J.H. Heule Formal Methods in Mathematics January 8, 2020 1 / 35 marijn@cmu.edu Computer-Aided Mathematics Chromatic Number of the Plane Clausal Proof Optimization

634 views • 52 slides
DevOps Meets Formal Modelling in High-Criticality Complex Systems Marta Olszewska, Marina Wald

DevOps Meets Formal Modelling in High-Criticality Complex Systems Marta Olszewska, Marina Wald

DevOps Meets Formal Modelling in High-Criticality Complex Systems Marta Olszewska, Marina Wald n 1 st International Workshop on Quality-Aware DevOps (QUDOS 2015) 1 st September 2015, Bergamo, Italy Roadmap Why? Motivation and goals

638 views • 31 slides
Automatic Synthesis of Code Using Genetic Programming Doron A. Peled Bar Ilan University,

Automatic Synthesis of Code Using Genetic Programming Doron A. Peled Bar Ilan University,

Automatic Synthesis of Code Using Genetic Programming Doron A. Peled Bar Ilan University, Israel 1 Why not synthesize the software directly from specification? Specification System Specification Model checking/ Revision testing

694 views • 51 slides
61A Lecture 5 Announcements Office Hours: You Should Go! You are not alone!

61A Lecture 5 Announcements Office Hours: You Should Go! You are not alone!

61A Lecture 5 Announcements Office Hours: You Should Go! You are not alone! http://cs61a.org/office-hours.html 3 Environments for Higher-Order Functions Environments Enable Higher-Order Functions Functions are first-class: Functions are

308 views • 16 slides
Overview/Questions Whats the point? Writing functions Calling functions

Overview/Questions Whats the point? Writing functions Calling functions

CS101 Lecture 23: The Function of Functions Aaron Stevens 23 March 2009 1 Overview/Questions Whats the point? Writing functions Calling functions Formal parameters Actual parameters Scope rules and name spaces

95 views • 8 slides
Introduction to Methods and Interfaces CS1: Java Programming Colorado State University Kris

Introduction to Methods and Interfaces CS1: Java Programming Colorado State University Kris

Introduction to Methods and Interfaces CS1: Java Programming Colorado State University Kris Brown, Wim Bohm and Ben Say Liang, Introduction to Java Programming, Tenth Edition, (c) 2015 Pearson Education, Inc. All 1 rights reserved. Methods -

520 views • 27 slides

More recommend