P1252428568HcMrO - PowerPoint PPT Presentation

1 / 106
About This Presentation
Title:

P1252428568HcMrO

Description:

May not exist (PSPACE complete to check if preset exists, polynomial for adaptive) ... Check conformance of B and C. ... Check that after the combination we ... – PowerPoint PPT presentation

Number of Views:28
Avg rating:3.0/5.0
Slides: 107
Provided by: dor124
Category:

less

Transcript and Presenter's Notes

Title: P1252428568HcMrO


1
  • Algorithmic Testing

Doron Peled, University of Warwick
2
Why testing?
  • Reduce design/programming errors.
  • Can be done during development,
    beforeproduction/marketing.
  • Practical, simple to do.
  • Check the real thing, not a model.
  • Scales up reasonably.
  • Being state of the practice for decades.

3
Part 1 Testing of black box finite state machine
  • Wants to know
  • In what state we started?
  • In what state we are?
  • Transition relation
  • Conformance
  • Satisfaction of a temporal property
  • Know
  • Transition relation
  • Size or bound on size

4
Finite automata (Mealy machines)
  • S - finite set of states. (size n)
  • S set of inputs. (size d)
  • O set of outputs, for each transition.
  • (s0 ? S - initial state).
  • ? S ? S ? S - transition relation.
  • ? ? S ? S ?O output on edge.

5
Why deterministic machines?
  • Otherwise no amount of experiments would
    guarantee anything.
  • If dependent on some parameter (e.g.,
    temperature), we can determinize, by taking
    parameter as additional input.
  • We still can model concurrent system. It means
    just that the transitions are deterministic.
  • All kinds of equivalences are unified into
    language equivalence.
  • Also connected machine (otherwise we may never
    get to the completely separate parts).

6
Determinism
  • When the black box is nondeterministic, we might
    never test some choices.

7
Preliminaries separating sequences
b/1
s1
s2
a/0
b/1
b/0
a/0
s3
a/0
Start with one block containing all states s1,
s2, s3.
8
A separate to blocks of states with different
output.
b/1
s1
s2
a/0
b/1
b/0
a/0
s3
a/0
Two sets, separated using the string b s1, s3,
s2.
9
Repeat B Separate blocks based on moving to
different blocks.
b/1
s1
s2
a/0
b/1
b/0
a/0
s3
a/0
Separate first block using b to three singleton
blocks.Separating sequences b, bb.Max rounds
n-1, sequences n-1, length n-1.For each pair
of states there is a separating sequence.
10
Want to know the state of the machine (at end).
Homing sequence.
  • Depending on output, would know in what state we
    are.
  • Algorithm Put all the states in one block
    (initially we do not know what is the state).
  • Then repeatedly partitions blocks of states, as
    long as they are not singletons, as follows
  • Take a non singleton block, append a
    distinguishing sequence ? that separates at least
    two states.
  • Update all blocks to the states after executing
    ?.
  • Max length (n-1)2 (Lower bound
    n(n-1)/2.)

11
Example (homing sequence)
s1, s2, s3
b
0
1
1
s1, s2 s3
b
1
1
0
s1 s2 s3
On input b and output 1, still dont know if was
in s1 or s3, i.e., if currently in s2 or s1.So
separate these cases with another b.
12
Synchronizing sequence
  • One sequence takes the machine to the same final
    state, regardless of the initial state or the
    outputs.
  • Not every machine has a synchronizing sequence.
  • Can be checked whether exists and can be found in
    polynomial time.

13
State identification
  • Want to know in which state the system has
    started (was reset).
  • Can be a preset distinguishing sequence (fixed),
    or a tree (adaptive).
  • May not exist (PSPACE complete to check if preset
    exists, polynomial for adaptive).
  • Best known algorithm exponential length for
    preset,polynomial for adaptive LY.

14
Sometimes cannot identify initial state
Start with ain case of being in s1 or s3 well
move to s1 and cannot distinguish.Start with
bIn case of being in s1 or s2 well move to s2
and cannot distinguish.
The kind of experiment we do affects what we can
distinguish. Much like the Heisenberg principle
in Physics.
15
Conformance testing
  • Unknown deterministic finite state system B.
  • Known n states and alphabet ?.
  • An abstract model C of B. C satisfies all the
    properties we want from B. C has m states.
  • Check conformance of B and C.
  • Another version only a bound n on the number of
    states l is known.

?
16
Check conformance with a given state machine
  • Black box machine has no more states than
    specification machine (errors are mistakes in
    outputs, mistargeted edges).
  • Specification machine is reduced, connected,
    deterministic.
  • Machine resets reliably to a single initial state
    (or use homing sequence).

17
Conformance testing Ch,V
a/1
?
b/1
a/1
b/1
?
b/1
a/1
Cannot distinguish if reduced or not.
18
Conformance testing (cont.)
?
b
b
a
a
a
?
a
b
b
a
a
b
Need bound on number of states of B.
19
PreparationConstruct a spanning tree
20
How the algorithm works?
Reset or homing
  • According to the spanning tree, force a sequence
    of inputs to go to each state.
  • From each state, perform the distinguishing
    sequences.
  • From each state, make a single transition, check
    output, and use distinguishing sequences to check
    that in correct target state.

Reset or homing
s1
b/1
a/1
s2
s3
Distinguishing sequences
21
Comments
  1. Checking the different distinguishing sequences
    (m-1 of them) means each time resetting and
    returning to the state under experiment.
  2. A reset can be performed to a distinguished state
    through a homing sequence. Then we can perform a
    sequence that brings us to the distinguished
    initial state.
  3. Since there are no more than m states, and
    according to the experiment, no less than m
    states, there are m states exactly.
  4. Isomorphism between the transition relation is
    found, hence from minimality the two automata
    recognize the same languages.

22
Combination lock automaton
  • Assume accepting states.
  • Accepts only words with a specific suffix (cdab
    in the example).

b
d
c
a
s1
s2
s3
s4
s5
Any other input
23
When only a bound on size of black box is known
  • Black box can pretend to behave as a
    specification automaton for a long time, then
    upon using the right combination, make a mistake.

Pretends to be S1
a/1
b/1
a/1
b/1
s1
s2
b/1
a/1
a/1
s3
Pretends to be S3
b/0
24
Conformance testing algorithm VC
  • The worst that can happen is a combination lock
    automaton that behaves differently only in the
    last state. The length of it is the difference
    between the size n of the black box and the
    specification m.
  • Reach every state on the spanning tree and check
    every word of length n-m1 or less. Check that
    after the combination we are at the state we are
    supposed to be, using the distinguishing
    sequences.
  • No need to check transitions already included in
    above check.
  • Complexity m2 n dn-m1 Probabilistic complexity
    Polynomial.

Reset or homing
Reset or homing
s1
b/1
a/1
s2
s3
Words of length ?n-m1
Distinguishing sequences
25
Model Checking
  • Finite state description of a system B.
  • LTL formula ?. Translate ?? into an automaton P.
  • Check whether L(B) ? L(P)?.
  • If so, S satisfies ?. Otherwise, the intersection
    includes a counterexample.
  • Repeat for different properties.

?
?
26
Buchi automata (w-automata)
  • S - finite set of states. (B has l ? n states)
  • S0 ? S - initial states. (P has m states)
  • S - finite alphabet. (contains p letters)
  • d ? S ? S ? S - transition relation.
  • F ? S - accepting states.
  • Accepting run passes a state in F infinitely
    often.

System automata FS, deterministic, one initial
state. Property automaton not necessarily
deterministic.
27
Example check ?a
a
ltgt?a
?a
?a, a
28
Example check ltgt?a
?ltgt?a
29
Example check ? ltgta
?a, a
ltgt??a
?a
?a
Use automatic translation algorithms, e.g.,
Gerth,Peled,Vardi,Wolper 95
30
System
31
Every element in the product is a counter example
for the checked property.
a
a
?ltgt?a
s1
s2
q1
?a
c
b
a
?a
s3
q2
a
s1,q1
s2,q1
Acceptance isdetermined byautomaton P.
b
a
s1,q2
s3,q2
c
32
Model Checking / Testing
  • Given Finite state system B.
  • Transition relation of B known.
  • Property represent by automaton P.
  • Check if L(B) ? L(P)?.
  • Graph theory or BDD techniques.
  • Complexity polynomial.
  • Unknown Finite state system B.
  • Alphabet and number of states of B or upper bound
    known.
  • Specification given as an abstract system C.
  • Check if B ?C.
  • Complexity polynomial if number states known.
    Exponential otherwise.

33
Black box checking PVY
  • Property represent by automaton P.
  • Check if L(B) ? L(P)?.
  • Graph theory techniques.
  • Unknown Finite state system B.
  • Alphabet and Upper bound on Number of states of B
    known.
  • Complexity exponential.

??
?
34
Experiments
35
Simpler problem deadlock?
  • Nondeterministic algorithmguess a path of
    length ? n from the initial state to a deadlock
    state.Linear time, logarithmic space.
  • Deterministic algorithmsystematically try paths
    of length ?n, one after the other (and use
    reset), until deadlock is reached.Exponential
    time, linear space.

36
Deadlock complexity
  • Nondeterministic algorithmLinear time,
    logarithmic space.
  • Deterministic algorithmExponential (p n-1)
    time, linear space.
  • Lower bound Exponential time (usecombination
    lock automata).
  • How does this conform with what we know about
    complexity theory?

37
Modeling black box checking
  • Cannot model using Turing machines not all the
    information about B is given. Only certain
    experiments are allowed.
  • We learn the model as we make the experiments.
  • Can use the model of games of incomplete
    information.

38
Games of incomplete information
  • Two players -player, ?-player (here,
    deterministic).
  • Finitely many configurations C.
    IncludingInitial Ci , Winning W and W- .
  • An equivalence relation _at_ on C (the -player
    cannot distinguish between equivalent states).
  • Labels L on moves (try a, reset, success, fail).
  • The -player has the moves labeled the same from
    configurations that are equivalent.
  • Deterministic strategy for the -player will
    lead to a configuration in W ? W-. Cannot
    distinguish between equivalent configurations.
  • Nondeterministic strategy Can distinguish
    between equivalent configurations..

39
Modeling BBC as games
  • Each configuration contains an automaton and its
    current state (and more).
  • Moves of the -player are labeled withtry a,
    reset... Moves of the ?-player withsuccess,
    fail.
  • c1 _at_ c2 when the automata in c1 and c2 would
    respond in the same way to the experiments so far.

40
A naive strategy for BBC
  • Learn first the structure of the black box.
  • Then apply the intersection.
  • Enumerate automata with ?n states (without
    repeating isomorphic automata).
  • For a current automata and new automata,
    construct a distinguishing sequence. Only one of
    them survives.
  • Complexity O((n1)p (n1)/n!)

41
On-the-fly strategy
  • Systematically (as in the deadlock case), find
    two sequences v1 and v2 of length ltm n.
  • Applying v1 to P brings us to a state t that is
    accepting.
  • Applying v2 to P brings us back to t.
  • Apply v1 v2 n to B. If this succeeds,there is a
    cycle in the intersection labeled with v2, with t
    as the P (accepting) component.
  • Complexity O(n2p2mnm).

v1
v2
42
Learning an automaton
  • Use Angluins algorithm for learning an
    automaton.
  • The learning algorithm queries whether some
    strings are in the automaton B.
  • It can also conjecture an automaton Mi and asks
    for a counterexample.
  • It then generates an automaton with more states
    Mi1 and so forth.

43
A strategy based on learning
  • Start the learning algorithm.
  • Queries are just experiments to B.
  • For a conjectured automaton Mi , check if Mi ? P
    ?
  • If so, we check conformance of Mi with B (VC
    algorithm).
  • If nonempty, it contains some v1 v2w . We test B
    with v1 v2n. If this succeeds error, otherwise,
    this is a counterexample for Mi .

44
Complexity
  • l - actual size of B.
  • n - an upper bound of size of B.
  • d - size of alphabet.
  • Lower bound reachability is similar to deadlock.
  • O(l 3 d l l 2mn) if there is an error.
  • O(l 3 d l l 2 n dn-l1 l 2mn) if there is no
    error.
  • If n is not known, check while time allows.
  • Probabilistic complexity polynomial.

45
Some experiments
  • Basic system written in SML (by Alex Groce, CMU).
  • Experiment with black box using Unix I/O.
  • Allows model-free model checking of C code with
    inter-process communication.
  • Compiling tested code in SML with BBC program as
    one process.

46
Part 2 Software testing
  • Testing is not about showing that there are no
    errors in the program.
  • Testing cannot show that the program performs its
    intended goal correctly.
  • So, what is software testing?
  • Testing is the process of executing the program
    in order to find errors.
  • A successful test is one that finds an error.

47
Some software testing stages
  • Unit testing the lowest level, testing some
    procedures.
  • Integration testing different pieces of code.
  • System testing testing a system as a whole.
  • Acceptance testing performed by the customer.
  • Regression testing performed after updates.
  • Stress testing checking the code under extreme
    conditions.
  • Mutation testing testing the quality of the
    test suite.

48
Some drawbacks of testing
  • There are never sufficiently many test cases.
  • Testing does not find all the errors.
  • Testing is not trivial and requires considerable
    time and effort.
  • Testing is still a largely informal task.

49
Black-Box (data-driven, input-output) testing
  • The testing is not based on the structure of the
    program (which is unknown).
  • In order to ensure correctness, every possible
    input needs to be tested - this is impossible!
  • The goal to maximize the number of errors found.

50
testing
  • White Box
  • Is based on the internal structure of the
    program.
  • There are several alternative criterions for
    checking enough paths in the program.
  • Even checking all paths (highly impractical) does
    not guarantee finding all errors (e.g., missing
    paths!)

51
Some testing principles
  • A programmer should not test his/her own program.
  • One should test not only that the program does
    what it is supposed to do, but that it does not
    do what it is not supposed to.
  • The goal of testing is to find errors, not to
    show that the program is errorless.
  • No amount of testing can guarantee error-free
    program.
  • Parts of programs where a lot of errors have
    already been found are a good place to look for
    more errors.
  • The goal is not to humiliate the programmer!

52
Inspections and Walkthroughs
  • Manual testing methods.
  • Done by a team of people.
  • Performed at a meeting (brainstorming).
  • Takes 90-120 minutes.
  • Can find 30-70 of errors.

53
Code Inspection
  • Team of 3-5 people.
  • One is the moderator. He distributes materials
    and records the errors.
  • The programmer explains the program line by line.
  • Questions are raised.
  • The program is analyzed w.r.t. a checklist of
    errors.

54
Checklist for inspections
  • Data declaration
  • All variables declared?
  • Default values understood?
  • Arrays and strings initialized?
  • Variables with similar names?
  • Correct initialization?
  • Control flow
  • Each loop terminates?
  • DO/END statements match?
  • Input/output
  • OPEN statements correct?
  • Format specification correct?
  • End-of-file case handled?

55
Walkthrough
  • Team of 3-5 people.
  • Moderator, as before.
  • Secretary, records errors.
  • Tester, play the role of a computer on some test
    suits on paper and board.

56
Selection of test cases (for white-box testing)
  • The main problem is to select a good coverage
  • criterion. Some options are
  • Cover all paths of the program.
  • Execute every statement at least once.
  • Each decision has a true or false value at least
    once.
  • Each condition is taking each truth value at
    least once.
  • Check all possible combinations of conditions in
    each decision.

57
Cover all the paths of the program
Infeasible. Consider the flow diagram on the
left. It corresponds to a loop. The loop body has
5 paths. If the loops executes 20 times there are
520 different paths! May also be unbounded!
58
How to cover the executions?
  • IF (Agt1)(B0) THEN XX/A
    END
  • IF (A2)(Xgt1) THEN XX1
    END
  • Choose values for A,B,X.
  • Value of X may change, depending on A,B.
  • What do we want to cover? Paths? Statements?
    Conditions?

59
Statement coverageExecute every statement at
least once
  • By choosing
  • A2,B0,X3
  • each statement will be chosen.
  • The case where the tests fail is not checked!
  • IF (Agt1)(B0) THEN XX/A
    END
  • IF (A2)(Xgt1) THEN XX1
    END

Now x1.5
60
Decision coverageEach decision has a true and
false outcome at least once.
  • Can be achieved using
  • A3,B0,X3
  • A2,B1,X1
  • Problem Does not test individual conditions.
    E.g., when Xgt1 is erroneous in second decision.
  • IF (Agt1)(B0) THEN XX/A
    END
  • IF (A2)(Xgt1) THEN XX1
    END

61
Decision coverage
  • A3,B0,X3?
  • IF (Agt1)(B0) THEN XX/A
    END
  • IF (A2)(Xgt1) THEN XX1
    END

Now x1
62
Decision coverage
  • A2,B1,X1 ?
  • The case where A?1 and the case where xgt1 where
    not checked!
  • IF (Agt1)(B0) THEN XX/A
    END
  • IF (A2)(Xgt1) THEN XX1
    END

63
Condition coverageEach condition has a true and
false value at least once.
  • IF (Agt1)(B0) THEN XX/A
    END
  • IF (A2)(Xgt1) THEN XX1
    END
  • For example
  • A1,B0,X3
  • A2,B1,X0
  • lets each condition be true and false once.
  • Problemcovers only the path where the first test
    fails and the second succeeds.

64
Condition coverage
  • IF (Agt1) (B0) THEN XX/A
    END
  • IF (A2) (Xgt1) THEN XX1
    END
  • A1,B0,X3 ?

65
Condition coverage
  • IF (Agt1)(B0) THEN XX/A
    END
  • IF (A2)(Xgt1) THEN XX1
    END
  • A2,B1,X0 ?
  • Did not check the first THEN part at all!!!
  • Can use conditiondecision coverage.

66
Multiple Condition CoverageTest all combinations
of all conditions in each test.
  • Agt1,B0
  • Agt1,B?0
  • A?1,B0
  • A?1,B?0
  • A2,Xgt1
  • A2,X?1
  • A?2,Xgt1
  • A?2,X?1
  • IF (Agt1)(B0) THEN XX/A
    END
  • IF (A2)(Xgt1) THEN XX1
    END

67
A smaller number of cases
  • A2,B0,X4
  • A2,B1,X1
  • A1,B0,X2
  • A1,B1,X1
  • Note the X4 in the first
  • case it is due to the fact
  • that X changes before
  • being used!
  • IF (Agt1)(B0) THEN XX/A
    END
  • IF (A2)(Xgt1) THEN XX1
    END

Further optimization not all combinations.For C
/\ D, check (C, D), (?C, D), (C, ?D).For C \/ D,
check (?C, ?D), (?C, D), (C, ?D).
68
PreliminaryRelativizing assertions
  • ?(B) x1 y1 x2 y2 /\ y2 gt 0
  • Relativize ??B) w.r.t. the assignment becomes
    ??B) Y\g(X,Y)
  • (I.e., ?( B) expressed w.r.t. variables at A.)
  • ? ?(B)A ?x10 x2 x1 /\ x1gt0
  • Think about two sets of variables,beforex, y,
    z, afterx,y,z.
  • Rewrite ?(B) using after, and the assignment as a
    relation between the set of variables. Then
    eliminate after.
  • Here x1y1 x2 y2 /\ y2gt0 /\x1x1 /\
    x2x2 /\ y10 /\ y2x1now eliminate x1, x2,
    y1, y2.

A
Yg(X,Y)
(y1,y2)(0,x1)
B
A
(y1,y2)(0,x1)
B
69
Verification conditions tests
B
T
F
  • ??C) ? ??B) t(X,Y) /\ ??C)
  • ??D) ? ??B)?t(X,Y) /\ ??D)
  • ??B) ??D) /\ ?y2?x2

t(X,Y)
C
D
B
F
T
y2gtx2
D
C
70
How to find values for coverage?
  • Put true at end of path.
  • Propagate path backwards.
  • On assignment, relativize expression.
  • On yes edge of decision, add decision as
    conjunction.
  • On no edge, add negation of decision as
    conjunction.
  • Can be more specific when calculating condition
    with multiple condition coverage.

Agt1 B0
no
yes
XX/A
A2 Xgt1
true
no
yes
XX1
true
71
How to find values for coverage?
(A?2 /\ X/Agt1) /\ (Agt1 B0)
Agt1 B0
A?2 /\ X/Agt1
no
yes
Need to find a satisfying assignment A3, X6,
B0 Can also calculate path condition forwards.
XX/A
A?2 /\ Xgt1
A2 Xgt1
true
no
yes
XX1
true
72
How to cover a flow chart?
  • Cover all nodes, e.g., using search strategies
    DFS, BFS.
  • Cover all paths (usually impractical).
  • Cover each adjacent sequence of N nodes.
  • Probabilistic testing. Using random number
    generator simulation. Based on typical use.
  • Chinese Postman minimize edge traversalFind
    minimal number of times time to travel each edge
    using linear programming or dataflow
    algorithms.Duplicate edges and find an Euler
    path.

73
Test cases based on data-flow analysis
  • Partition the program into pieces of code with a
    single entry/exit point.
  • For each piece find which variables are
    set/used/tested.
  • Various covering criteria
  • from each set to each use/test
  • From each set to some use/test.

X3
tgty
xgty
zzx
74
Test case design for black box testing
  • Equivalence partition
  • Boundary value analysis
  • Cause-effect graphs

75
Equivalence partition
  • Goals
  • Find a small number of test cases.
  • Cover as much possibilities as you can.
  • Try to group together inputs for which the
    program is likely to behave the same.

76
Example A legal variable
  • Begins with A-Z
  • Contains A-Z0-9
  • Has 1-6 characters.

Valid equivalence class
Specification condition
Invalid equivalence class
Starting char
Starts A-Z
Starts other
1
2
Chars
A-Z0-9
Has others
3
4
1-6 chars
0 chars, gt6 chars
Length
5
6
7
77
Equivalence partition (cont.)
  • Add a new test case until all valid equivalence
    classes have been covered. A test case can cover
    multiple such classes.
  • Add a new test case until all invalid equivalence
    class have been covered. Each test case can cover
    only one such class.

Valid equivalence class
Invalid equivalence class
Specification condition
78
Example
  • AB36P (1,3,5)
  • 1XY12 (2)
  • A17X (4)
  • (6)
  • VERYLONG (7)

Valid equivalence class
Specification condition
Invalid equivalence class
Starting char
Starts A-Z
Starts other
1
2
Chars
A-Z0-9
Has others
3
4
1-6 chars
0 chars, gt6 chars
Length
5
6
7
79
Boundary value analysis
  • In every element class, select values that are
    closed to the boundary.
  • If input is within range -1.0 to 1.0, select
    values -1.001, -1.0, -0.999, 0.999, 1.0, 1.001.
  • If needs to read N data elements, check with
    N-1, N, N1. Also, check with N0.

80
Test case generation based on LTL specification
81
Goals
  • Verification of software.
  • Compositional verification. Only a unit of code.
  • Parametrized verification.
  • Generating test cases.
  • A path found with some truth assignment
    satisfying the path condition. In deterministic
    code, this assignment guarantees to derive the
    execution of the path.
  • In nondeterministic code, this is one of the
    possibilities.Can transform the code to force
    replying the path.

82
Divide and Conquer
  • Intersect property automaton with theflow chart,
    regardless of the statements and program
    variables expressions.
  • Add assertions from the property automaton to
    further restrict the path condition.
  • Calculate path conditions for sequences found in
    the intersection.
  • Calculate path conditions on-the-fly. Backtrack
    when condition is false.Thus, advantage to
    forward calculation of path conditions
    (incrementally).

83
Specat l2U (at l2/\? at l2/\(at l2U at l2))
l2xxz
at l2
X

at l2
l3xltt
at l2
l2xxz
at l2
84
Spec at l2U (at l2/\ x?y /\ ?(at l2/\(at
l2U at l2 /\ x?2?y )))
x?y
l2xxz
at l2
X

at l2/\ x?y
l3xltt
x?2?y
at l2
l2xxz
at l2/\ x?2?y
85
Example GCD
l0
l1xa
l2yb
l3zx rem y
l4xy
l5yz
l6z0?
yes
no
l7
86
Example GCD
l0
l1xa
l2yb
Oopswith an error (l4 and l5 were switched).
l3zx rem y
l4yz
l5xy
l6z0?
yes
no
l7
87
Why use Temporal specification
  • Temporal specification for sequential software?
  • Deadlock? Liveness? No!
  • Captures the testers intuition about the
    location of an errorI think a problem may
    occur when the program runs through the main
    while loop twice, then the if condition holds,
    while tgt17.

88
Example GCD
l0
l1xa
l2yb
agt0/\bgt0/\at l0 /\?at l7
l3zx rem y
at l0/\agt0/\bgt0
l4yz
l5xy
l6z0?
yes
no
at l7
l7
89
Example GCD
l0
l1xa
l2yb
agt0/\bgt0/\at l0/\?at l7
l3zx rem y
Path 1 l0l1l2l3l4l5l6l7agt0/\bgt0/\a rem
b0 Path 2 l0l1l2l3l4l5l6l3l4l5l6l7
agt0/\bgt0/\a rem b?0
l4yz
l5xy
l6z0?
yes
no
l7
90
Potential explosion
Bad point potential explosion Good point may be
chopped on-the-fly
91
(No Transcript)
92
(No Transcript)
93
(No Transcript)
94
(No Transcript)
95
(No Transcript)
96
(No Transcript)
97
(No Transcript)
98
(No Transcript)
99
(No Transcript)
100
(No Transcript)
101
(No Transcript)
102
(No Transcript)
103
(No Transcript)
104
(No Transcript)
105
Drivers and Stubs
l0
l1xa
  • Driver represents the program or procedure that
    called our checked unit.
  • Stub represents a procedure called by our
    checked unit.
  • In our approach replace both of them with a
    formula representing the effect the missing code
    has on the program variables.
  • Integrate the driver and stub specification into
    the calculation of the path condition.

l2yb
l3zx rem y /\xx/\yx
l4yz
l5xy
l6z0?
yes
no
l7
106
Conclusions
  • Black box testing Know transition relation,or
    bound on number of states, want to find
    initialstate, structure, conformance, temporal
    property.
  • Software testingUnit testing, code inspection,
    coverage, test case generation.
  • Model checking and testing have a lot in
    commonCAV 2004ISSTA 2004 together, in Boston,
    MA.
Write a Comment
User Comments (0)
About PowerShow.com