using unfoldings in automated testing of multithreaded
play

Using Unfoldings in Automated Testing of Multithreaded Programs - PowerPoint PPT Presentation

Jun 23, 2023 •108 likes •522 views

Using Unfoldings in Automated Testing of Multithreaded Programs Kari Khknen, Olli Saarikivi, Keijo Heljanko (firstname.lastname@aalto.fi) Department of Computer Science and Engineering, Aalto University & Helsinki Institute for

  1. Using Unfoldings in Automated Testing of Multithreaded Programs Kari Kähkönen, Olli Saarikivi, Keijo Heljanko (firstname.lastname@aalto.fi) Department of Computer Science and Engineering, Aalto University & Helsinki Institute for Information Technology Published in ASE’12 25th Nordic Workshop on Programming Theory, NWPT '13 Tallinn, Estonia, 20th November 2013

  2. Validation Methods for Concurrent Systems There are many system validation approaches: • Model based approaches: – Model-based Testing: Automatically generating tests for an implementation from a model of a concurrent system – Model Checking: Exhaustively exploring the behavior of a model of a concurrent system – Theorem proving, Abstraction, … • Source code analysis based approaches: – Automated test generation tools – Static analysis tools – Software model checking, Theorem Proving for source code, …

  3. Model Based vs Source Code Based Approaches • Model based approaches require building the verification model – In hardware design the model is your design – Usually not so for software: • Often a significant time effort is needed for building the system model • Making the cost-benefit argument is not easy for non-safety-critical software • Source code analysis tools make model building cheap: The tools build the model from source code as they go

  4. The Automated Testing Problem • How to automatically test the local state reachability in multithreaded programs that read input values – E.g., find assertion violations, uncaught exceptions, etc. • Our tools use a subset of Java as its input language • The main challenge: path explosion and numerous interleavings of threads • One popular testing approach: dynamic symbolic execution (DSE) + partial order reduction • New approach: DSE + unfoldings

  5. Dynamic Symbolic Execution • DSE aims to systematically explore different execution paths of the program under test x = input x = x + 5 if (x > 10) { ... } ... Control flow graph

  6. Dynamic Symbolic Execution • DSE typically starts with a random execution • The program is executed concretely and symbolically x = input x = x + 5 if (x > 10) { ... } ... Control flow graph

  7. Dynamic Symbolic Execution • Symbolic execution generates constraints at branch points that define input values leading to true and false branches c 1 c 2 x = input x = x + 5 c 3 c 4 if (x > 10) { ... } ... c 1 = input 1 + 5 > 10 c 2 = input 1 + 5 ≤ 10 Control flow graph

  8. Dynamic Symbolic Execution • A conjunction of symbolic constraints along an execution path is called a path constraint – Solved using SAT modulo theories (SMT)-solvers to obtain concrete test inputs for unexplored execution paths – E.g., pc: ¡ ¡input 1 ¡+ ¡5 ¡> ¡10 ∧ ¡input 2 ¡* ¡input 1 ¡= ¡50 – Solution: input 1 ¡= ¡10 ¡and ¡input 2 ¡= ¡5 c 1 c 2 c 3 c 4

  9. What about Multithreaded Programs? • We need to be able to reconstruct scheduling scenarios • Take full control of the scheduler • Execute threads one by one until a global operation (e.g., access of shared variable or lock) is reached • Branch the execution tree for each enabled operation Scheduling decision

  10. What about Multithreaded Programs? • We need to be able to reconstruct scheduling scenarios • Take full control of the scheduler • Execute threads one by one until a global operation (e.g., access of shared variable or lock) is reached • Branch the execution tree for each enabled operation Problem: a large number of irrelevant interleavings

  11. One Solution: Partial-Order Reduction • Ignore provably irrelevant parts of the symbolic execution tree • Existing algorithms: – dynamic partial-order reduction (DPOR) [FlaGod05] – race detection and flipping [SenAgh06]

  12. Dynamic Partial-Order Reduction (DPOR) • DPOR algorithm by Flanagan and Godefroid (2005) calculates what additional interleavings need to be explored based on the history of the current execution • Once DPOR has fully explored the subtree from a state it will have explored a persistent set of operations from that state – Will find all assertion violations and deadlocks • As any persistent set approach, preserves one interleaving from each Mazurkiewicz trace

  13. Identifying Backtracking Points in DPOR • When a race is identified during execution, DPOR adds a backtracking point is added to be explored later • To do so, DPOR tracks the causal relationships of global operations in order to identify backtracking points • In typical implementations the causal relationships are tracked by using vector clocks • An optimized DPOR approach can be found from: • Saarikivi, O., Kähkönen, K., and Heljanko, K.: Improving Dynamic Partial Order Reductions for Concolic Testing. In ACSD 2012. 13

  14. Another Solution? • Can we create a symbolic representation of the executions that contain all the interleavings but in more compact form than with execution trees? • Yes , with unfoldings • When the executed tests cover the symbolic representation completely, the testing process can be stopped

  15. What Are Unfoldings? • Unwinding of a control flow graph is an execution tree • Unwinding of a Petri net (Java code) is an unfolding • Can be exponentially more compact than exec. trees Petri net Initial unfolding

  16. What Are Unfoldings? • Unwinding of a control flow graph is an execution tree • Unwinding of a Petri net is an unfolding • Can be exponentially more compact than exec. trees Petri net Unfolding

  17. What Are Unfoldings? • Unwinding of a control flow graph is an execution tree • Unwinding of a Petri net is an unfolding • Can be exponentially more compact than exec. trees Petri net Unfolding

  18. What Are Unfoldings? • Unwinding of a control flow graph is an execution tree • Unwinding of a Petri net is an unfolding • Can be exponentially more compact than exec. trees Petri net Unfolding

  19. What Are Unfoldings? • Unwinding of a control flow graph is an execution tree • Unwinding of a Petri net is an unfolding • Can be exponentially more compact than exec. trees Petri net Unfolding

  20. Using Unfoldings with DSE • When a test execution encounters a global operation, extend the unfolding with one of the following events: read write lock unlock • Potential extensions for the added event are new test targets

  21. Shared Variables have Local Copies symbolic branching write global variable read global variable ... X 1,1 X n,1 X 1,1 pc i pc i pc i true false X 1,2 ... X n,2 pc k pc j X 1,2 pc j pc j pc i pc i l y pc j pc j l x acquire lock l release lock l 21

  22. From Java Source Code to Unfoldings • The unfolding shows the control and data flows possible in all different ways to solve races in the Java code • The underlying Petri net is never explicitly built, we compute possible extensions on the Java code level • Our unfolding has no data in it – The unfolding is an over-approximation of the possible concurrent executions of the Java code • Once a potential extension has been selected to extend the unfolding, the SMT solver is used to find data values that lead to that branch being executed, if possible • Branches that are non-feasible are pruned when found

  23. Example Global variables: Thread 2: Thread 1: int x = 0; local int b = x; local int a = x; if (b == 0) if (a > 0) x = input(); error(); Initial unfolding

  24. Example Global variables: Thread 2: Thread 1: int x = 0; local int b = x; local int a = x; if (b == 0) if (a > 0) x = input(); error(); R R W First test run

  25. Example Global variables: Thread 2: Thread 1: int x = 0; local int b = x; local int a = x; if (b == 0) if (a > 0) x = input(); error(); R R W W Find possible extensions

  26. Example Global variables: Thread 2: Thread 1: int x = 0; local int b = x; local int a = x; if (b == 0) if (a > 0) x = input(); error(); R R R W W

  27. Computing Potential Extensions • Finding potential extensions is the most computationally expensive part of unfolding (NP-complete [Heljanko’99]) • It is possible to use existing potential extension algorithms with DSE – Designed for arbitrary Petri nets – Can be very expensive in practice • Key observation: It is possible to limit the search space of potential extensions due to restricted form of unfoldings generated by the algorithm – Same worst case behavior, but in practice very efficient

  28. NP-Hardness of Possible Extensions Consider the 3-SAT Formula below turned into a Petri net: (x1 ∨ x2 ∨ v3) ∧ (!x1 ∨ !x2 ∨ !x3) ∧ (!x1 ∨ x2 ∨ x3) x1 x2 x3 tpx1 tnx1 tpx2 tnx2 tpx3 tnx3 px11 px13 nx13 px12 nx11 nx12 m2 m1 m3 ts11 ts12 ts13 ts21 ts22 ts23 ts31 ts32 ts33 c2 c3 c1 t s

  29. NP-Hardness of Possible Extensions • The formula is satisfiable iff transition t is a possible extension of the following prefix of the unfolding: bx1 bx2 bx3 epx1 enx1 epx2 enx2 epx3 enx3 bpx11 bpx13 bnx13 bpx12 bnx11bnx12 bm2 bm1 bm3 es11 es12 es13 es21 es22 es23 es31 es32 es33 bc11 bc12 bc13 bc21 bc22 bc23 bc31 bc32 bc33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Testing of Multithreaded Programs Kari Khknen, Olli Saarikivi, Keijo Heljanko The Problem

Testing of Multithreaded Programs Kari Khknen, Olli Saarikivi, Keijo Heljanko The Problem

Using Unfoldings in Automated Testing of Multithreaded Programs Kari Khknen, Olli Saarikivi, Keijo Heljanko The Problem How to automatically test the local state reachability in multithreaded programs E.g., find assertion violations,

484 views • 23 slides
Automated testing for multiplayer Game AI Automated testing for multiplayer Game AI in Sea of

Automated testing for multiplayer Game AI Automated testing for multiplayer Game AI in Sea of

Automated testing for multiplayer Game AI Automated testing for multiplayer Game AI in Sea of Thieves in Sea of Thieves Robert Masella Rare - Microsoft Studios About Me About Me Senior Gameplay Engineer Worked on: Banjo Kazooie:

785 views • 55 slides
Testing Testing one two, one two! Setting up an automated testing environment for Samba on

Testing Testing one two, one two! Setting up an automated testing environment for Samba on

Testing Testing one two, one two! Setting up an automated testing environment for Samba on Gluster Sachin Prabhu Michael Adam sprabhu@redhat.com obnox@samba.org 1 Agenda Setting up of an automated testing environment for Samba on Gluster

519 views • 23 slides
Symbolic Unfoldings for Networks of Timed Automata Franck Cassez 1 Thomas Chatain 2 Claude Jard 2

Symbolic Unfoldings for Networks of Timed Automata Franck Cassez 1 Thomas Chatain 2 Claude Jard 2

Symbolic Unfoldings for Networks of Timed Automata Franck Cassez 1 Thomas Chatain 2 Claude Jard 2 1 CNRS/IRCCyN 2 IRISA Nantes, France Rennes, France Automated Technology for Verication and Analysis (ATVA'06) October 2326th, 2006

1.23k views • 83 slides
Combinatorial Testing Automated testing and J.P . Galeotti - Alessandra Gorla verification

Combinatorial Testing Automated testing and J.P . Galeotti - Alessandra Gorla verification

Combinatorial Testing Automated testing and J.P . Galeotti - Alessandra Gorla verification Wednesday, November 28, 12 Combinatorial testing: Basic idea Identify distinct attributes that can be varied In the data, environment, or

1.02k views • 52 slides
Enterprise Automated Testing System Integration North American Distributor ATaaS Technology

Enterprise Automated Testing System Integration North American Distributor ATaaS Technology

ATN-Emulator Enterprise Automated Testing System Integration North American Distributor ATaaS Technology Overview ATaaS (Automated Testing as a Service) is an end-to-end automated POS (Point of Sale) testing system with a robotic arm for

155 views • 14 slides
Eiffel Testing Framework (ETF): Automated Regression & Acceptance Testing EECS3311 A & E:

Eiffel Testing Framework (ETF): Automated Regression & Acceptance Testing EECS3311 A & E:

Eiffel Testing Framework (ETF): Automated Regression & Acceptance Testing EECS3311 A & E: Software Design Fall 2020 C HEN -W EI W ANG Learning Objectives Upon completing this lecture, you are expected to understand: 1. User Interface :

775 views • 22 slides
Towards Automated Testing of Web Service Choreographies Felipe Besson, Pedro Leal, Fabio Kon and

Towards Automated Testing of Web Service Choreographies Felipe Besson, Pedro Leal, Fabio Kon and

Towards Automated Testing of Web Service Choreographies Felipe Besson, Pedro Leal, Fabio Kon and Alfredo Goldman 6th International University of So Paulo Workshop on Automated Dejan Milojicic Software Testing Hewlett Packard Laboratories

248 views • 12 slides
Structural and dataflow testing (cont.) Automated testing and J.P . Galeotti - Alessandra Gorla

Structural and dataflow testing (cont.) Automated testing and J.P . Galeotti - Alessandra Gorla

Structural and dataflow testing (cont.) Automated testing and J.P . Galeotti - Alessandra Gorla verification Thursday, January 17, 13 Structural testing Judging test suite thoroughness based on the structure of the program itself Also

944 views • 80 slides
Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad

Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad

Cloud9 Parallel Symbolic Execution for Automated Real-World Software Testing Stefan Bucur, Vlad Ureche, Cristian Zamfir, George Candea School of Computer and Communication Sciences Automated Software Testing Automated Industrial Techniques

1.25k views • 59 slides
Web Applications Testing Automated testing and JP Galeotti, Alessandra Gorla verification

Web Applications Testing Automated testing and JP Galeotti, Alessandra Gorla verification

Web Applications Testing Automated testing and JP Galeotti, Alessandra Gorla verification Thursday, January 31, 13 Why are Web applications different Web 1.0: Static content Client and Server side execution Different components and

442 views • 33 slides
Integration, System and Regression Testing Automated testing and J.P .Galeotti Alessandra Gorla

Integration, System and Regression Testing Automated testing and J.P .Galeotti Alessandra Gorla

Integration, System and Regression Testing Automated testing and J.P .Galeotti Alessandra Gorla verification Thursday, January 31, 13 Actual Needs and Delivered User Acceptance (alpha, beta test) Constraints Package Review System

999 views • 69 slides
IMUnit: Improved Multithreaded Unit Testing Vilas Jagannath, Milos Gligoric, Dongyun Jin,

IMUnit: Improved Multithreaded Unit Testing Vilas Jagannath, Milos Gligoric, Dongyun Jin,

IMUnit: Improved Multithreaded Unit Testing Vilas Jagannath, Milos Gligoric, Dongyun Jin, Qingzhou Luo Grigore Rosu, Darko Marinov January 31, 2012 CREST Open Workshop (COW 17) London, UK Project Team Vilas Jagannath Milos Gligoric Dongyun Jin

596 views • 32 slides
Required Tutorial Eiffel Testing Framework (ETF): Automated Regression & Acceptance Testing

Required Tutorial Eiffel Testing Framework (ETF): Automated Regression & Acceptance Testing

Required Tutorial Eiffel Testing Framework (ETF): Automated Regression & Acceptance Testing All technical details of ETF are discussed in this tutorial series: https://www.youtube.com/playlist?list=PL5dxAmCmjv_ EECS3311 A & E: Software

447 views • 6 slides
Software testing Software Testing Introduction Testing levels Automated testing Principles and

Software testing Software Testing Introduction Testing levels Automated testing Principles and

Introduction Testing levels Automated testing Principles and testability Coverage Criteria Points for thought Software testing Software Testing Introduction Testing levels Automated testing Principles and testability Coverage Criteria

892 views • 55 slides
Introduction to software testing and quality process Automated testing and J.P . Galeotti -

Introduction to software testing and quality process Automated testing and J.P . Galeotti -

Introduction to software testing and quality process Automated testing and J.P . Galeotti - Alessandra Gorla verification Engineering processes Engineering disciplines pair construction activities activities that check intermediate

801 views • 58 slides
symbolic deobfuscation Sbastien Bardin (CEA LIST) Sbastien Bardin GreHack 2017 | 1 ABOUT

symbolic deobfuscation Sbastien Bardin (CEA LIST) Sbastien Bardin GreHack 2017 | 1 ABOUT

CODE PROTECTION: the promises and limits of symbolic deobfuscation Sbastien Bardin (CEA LIST) Sbastien Bardin GreHack 2017 | 1 ABOUT MY LAB @CEA [Paris-Saclay, France] Sbastien Bardin GreHack 2017 | 2 IN A NUTSHELL

664 views • 40 slides
Heap Cloning: Enabling Dynamic Symbolic Execution of Java Programs Saswat Anand Mary Jean

Heap Cloning: Enabling Dynamic Symbolic Execution of Java Programs Saswat Anand Mary Jean

11/27/2011 Heap Cloning: Enabling Dynamic Symbolic Execution of Java Programs Saswat Anand Mary Jean Harrold Supported by NSF (CCF-0725202, CCF-0541048) and IBM (Software Quality Innovation Award) Symbolic Execution 35 Databases 30

558 views • 22 slides
QSYM : A PRACTICAL CONCOLIC EXECUTION ENGINE TAILORED FOR HYBRID FUZZING Insu Yun, Sangho Lee,

QSYM : A PRACTICAL CONCOLIC EXECUTION ENGINE TAILORED FOR HYBRID FUZZING Insu Yun, Sangho Lee,

QSYM : A PRACTICAL CONCOLIC EXECUTION ENGINE TAILORED FOR HYBRID FUZZING Insu Yun, Sangho Lee, Meng Xu, Yeongjin Jang and Taesoo Kim, FINDING SECURITY BUGS Fuzzing Automated test to monitor exceptions (crashes & memory leaks)

417 views • 17 slides
Lec09: Fuzzing and Symbolic Execution Taesoo Kim 2 Administrivia Three more labs!

Lec09: Fuzzing and Symbolic Execution Taesoo Kim 2 Administrivia Three more labs!

1 Lec09: Fuzzing and Symbolic Execution Taesoo Kim 2 Administrivia Three more labs! including NSA code-breaking challenge! Please submit your working exploits for previous weeks! New recitations: Monday:

293 views • 28 slides
Loop Analysis in KeY Tobias Gedell gedell@cs.chalmers.se 4th KeY Workshop - L okeberg June

Loop Analysis in KeY Tobias Gedell gedell@cs.chalmers.se 4th KeY Workshop - L okeberg June

Loop Analysis in KeY Tobias Gedell gedell@cs.chalmers.se 4th KeY Workshop - L okeberg June 9th, 2005 p. 1/29 Introduction There are currently two ways of handling loops in KeY: Symbolic execution - repeated unwinding of loops Can be

434 views • 29 slides
Quantifiers and Functions in Intuitionistic Logic Association for Symbolic Logic Spring Meeting

Quantifiers and Functions in Intuitionistic Logic Association for Symbolic Logic Spring Meeting

Quantifiers and Functions in Intuitionistic Logic Association for Symbolic Logic Spring Meeting Seattle, April 12, 2017 Rosalie Iemhoff Utrecht University, the Netherlands 1 / 37 Quantifiers are complicated. 2 / 37 Even more so in

519 views • 37 slides
t r rt t

t r rt t

rt trt t sts t rsts t r rt t

282 views • 17 slides
The Logic of Common Ignorance Gert-Jan Lokhorst TU Delft g.j.c.lokhorst@tudelft.nl Collective

The Logic of Common Ignorance Gert-Jan Lokhorst TU Delft g.j.c.lokhorst@tudelft.nl Collective

The Logic of Common Ignorance Gert-Jan Lokhorst TU Delft g.j.c.lokhorst@tudelft.nl Collective Intentionality X The Hague, The Netherlands September 1, 2016 1 / 13 Introduction Quote Knowledge is a big subject. Ignorance is bigger. . .

326 views • 13 slides

More recommend