Timing Analysis of Event-Driven Programs with Directed Testing
|
|
- Darcy Manning
- 6 years ago
- Views:
Transcription
1 iming Analysis of Event-Driven Programs with Directed esting Mahdi Eslamimehr Hesam Samimi {eslamimehr, Communications Design Group, SAP Labs
2 alk Outline Introduction oyota UA Case Problem Definition and Previous Work Review of Classic Directed esting Motivating Experiments Our Approach Example VICE: Algorithms and tools Experiment Results Conclusion Event-Based Directed esting improves the -ofart
3
4
5
6
7
8
9 WCE Controllers in safety time-critical embedded systems are expected to finish their tasks within reliable time bounds. Underestimation causes missing deadlines and leads to bugs Overestimation wastes process availability. Question: what is the exact WCE across all inputs? 1. Program P, K is the WCE of all executions of P, if P s WCE never grows beyond K. 2. here is a possible schedule of events and an execution of the program P such that the WCE becomes K.
10 WCE in Literature Dynamic Analysis Random Algorithms: [Bernat et. Al., RSS 02] Genetic Algorithm: [Atanassov et. Al., EWDC 01] Classic Directed esting: [N. Williams and M.Roger, AS 09] Static Analysis [Holsti et. Al., ESA 2000] [C.erdinand, BIS 04] [Gustafsson and Ermedahl, RSS 06]
11 Classic Directed esting Generate concrete inputs one by one each input leads program along a different path On each input execute program both concretely and symbolically concrete execution guides the symbolic execution concrete execution enables symbolic execution to overcome incompleteness of theorem prover End Yes Input = Random While all paths covered? No Concolically execute and collect path constraints symbolic execution helps to generate concrete input for next execution increases coverage Solving constraints and generate inputs
12 Example int double (int v) { return 2*v; void testme (int x, int y) { z = double (y); if (z == x) { if (x > y+10) { ERROR;
13 Example int double (int v) { return 2*v; void testme (int x, int y) { N 2*y == x Y z = double (y); if (z == x) { N x > y+10 Y if (x > y+10) { ERROR; ERROR
14 Directed esting Approach int double (int v) { Concrete Symbolic return 2*v; concrete symbolic path condition void testme (int x, int y) { z = double (y); x = 22, y = 7 x = x 0, y = y 0 if (z == x) { if (x > y+10) { ERROR;
15 Directed esting Approach int double (int v) { Concrete Symbolic return 2*v; concrete symbolic path condition void testme (int x, int y) { z = double (y); if (z == x) { x = 22, y = 7, z = 14 x = x 0, y = y 0, z = 2*y 0 if (x > y+10) { ERROR;
16 Directed esting Approach int double (int v) { Concrete Symbolic return 2*v; concrete symbolic path condition void testme (int x, int y) { z = double (y); if (z == x) { 2*y 0!= x 0 if (x > y+10) { ERROR; x = 22, y = 7, z = 14 x = x 0, y = y 0, z = 2*y 0
17 Directed esting Approach int double (int v) { Concrete Symbolic return 2*v; concrete symbolic path condition void testme (int x, int y) { z = double (y); Solve: 2*y 0 == x 0 Solution: x 0 = 2, y 0 = 1 if (z == x) { 2*y 0!= x 0 if (x > y+10) { ERROR; x = 22, y = 7, z = 14 x = x 0, y = y 0, z = 2*y 0
18 Directed esting Approach int double (int v) { Concrete Symbolic return 2*v; concrete symbolic path condition void testme (int x, int y) { z = double (y); x = 2, y = 1 x = x 0, y = y 0 if (z == x) { if (x > y+10) { ERROR;
19 Directed esting Approach int double (int v) { Concrete Symbolic return 2*v; concrete symbolic path condition void testme (int x, int y) { z = double (y); if (z == x) { x = 2, y = 1, z = 2 x = x 0, y = y 0, z = 2*y 0 if (x > y+10) { ERROR;
20 Directed esting Approach int double (int v) { Concrete Symbolic return 2*v; concrete symbolic path condition void testme (int x, int y) { z = double (y); if (z == x) { if (x > y+10) { x = 2, y = 1, z = 2 x = x 0, y = y 0, z = 2*y 0 2*y 0 == x 0 ERROR;
21 Directed esting Approach int double (int v) { Concrete Symbolic return 2*v; concrete symbolic path condition void testme (int x, int y) { z = double (y); if (z == x) { if (x > y+10) { 2*y 0 == x 0 x 0 < y ERROR; x = 2, y = 1, z = 2 x = x 0, y = y 0, z = 2*y 0
22 Directed esting Approach int double (int v) { Concrete Symbolic return 2*v; concrete symbolic path condition void testme (int x, int y) { z = double (y); Solve: (2*y 0 == x 0 ) Æ (x 0 > y ) Solution: x 0 = 30, y 0 = 15 if (z == x) { if (x > y+10) { 2*y 0 == x 0 x 0 < y ERROR; x = 2, y = 1, z = 2 x = x 0, y = y 0, z = 2*y 0
23 Directed esting Approach int double (int v) { Concrete Symbolic return 2*v; concrete symbolic path condition void testme (int x, int y) { z = double (y); x = 30, y = 15 x = x 0, y = y 0 if (z == x) { if (x > y+10) { ERROR;
24 Directed esting Approach int double (int v) { Concrete Symbolic return 2*v; concrete symbolic path condition void testme (int x, int y) { Program Error z = double (y); if (z == x) { if (x > y+10) { 2*y 0 == x 0 x 0 > y ERROR; x = 30, y = 15 x = x 0, y = y 0
25 Explicit Path Model Checking raverse all execution paths one by one to detect errors assertion violations program crash uncaught exceptions
26 Explicit Path Model Checking raverse all execution paths one by one to detect errors assertion violations program crash uncaught exceptions
27 Explicit Path Model Checking raverse all execution paths one by one to detect errors assertion violations program crash uncaught exceptions
28 Explicit Path Model Checking raverse all execution paths one by one to detect errors assertion violations program crash uncaught exceptions
29 Explicit Path Model Checking raverse all execution paths one by one to detect errors assertion violations program crash uncaught exceptions
30 Explicit Path Model Checking raverse all execution paths one by one to detect errors assertion violations program crash uncaught exceptions
31 Motivating Experiments branch coverage across testing techniques 100% 75% 50% 25% 0% Binaryree LinkedList BubbleSort Decoder Oscilloscpoe annkuch MsgKernel estradio estusar estspi estadc Random esting GA Classical Directed esting
32 Motivating Experiments esting VS Static Analysis of WCE 1000 WCE Logarithmic Scale Binaryree LinkedList BubbleSort Decoder Oscilloscpoe annkuch MsgKernel estradio estusar estspi estadc Random esting GA Classical Directed esting Static Analysis
33 esting Event Driven Software Classical software: tester only devices a suite of single inputs. Event-Driven software (with real-time behavior): tester must device a suite of event sequences. In each sequence: # of events, types of events, values associated with the events e.g. registers value, and timing of events. Challenge: Quickly generate a small number of challenging event sequences to improve branch coverage.
34 VICE Example Round 1 [<main,(723452)>,<alt1,( 10038)>,<main,_>,<alt1, _>] Constraints: data_1 = msg data2 = msg 2048 < msg msg < 1024 Branch Coverage: 50% (3/6)
35 VICE Example Round 2 [<main,(-338)>,<alt1,(1001)>,<alt2,(6)>,<main, _>] Constraints: msg = s tmp = t s = 512 Branch Coverage: 83% (5/6)
36 VICE Example Round 3 [<main,(-338)>,<alt1,(1001)>,<alt2,(6)>,<main, _>] Constraints: data1 = data2 = msg = s = 512 Branch Coverage: 83% (5/6)
37 VICE Example Round 4 [<main,(512)>,<alt1,(512)>,<main,_>,<alt1, _>] Constraints: - Branch Coverage: 100% (6/6)
38 Event Based Directed esting (EBD) compiler: VirgilProgram! machinecode avrora : machinecode eventsequence! wcet random: ()! eventsequence timeoutcombos: eventsequence! (eventsequence list) concolic: (Virgil program eventseequence! (wcet branchcoverage constraints) solver: constraints! solution generator: solution! eventsequence
39 Algorithm
40 Experiment Results 100% Branch Coverage 75% 50% 25% 0% Binaryree LinkedList BubbleSort Decoder Oscilloscpoe annkuch MsgKernel estradio estusar estspi estadc Random esting GA Classical Directed esting VICE
41 Experiment Results 1000 WCE Logarithmic Scale Binaryree LinkedList BubbleSort Decoder Oscilloscpoe annkuch MsgKernel estradio estusar estspi estadc Random esting GA Classical Directed esting VICE Static Analysis
42 uture Works ormulating timeouts symbolically Using some static information Locate places where wcet happens, and direct execution towards candidates Replace random event generation with a IMR-certified model checker.
Timing Analysis of Event-Driven Programs with Directed Testing
Timing Analysis of Event-Driven Programs with Directed Testing Mahdi Eslamimehr and Hesam Samimi Communications Design Group, SAP Labs, Los Angeles, USA {eslamimehr,hesam@ucla}@ucla.edu Abstract Accurately
More informationDART: Directed Automated Random Testing. CUTE: Concolic Unit Testing Engine. Slide Source: Koushik Sen from Berkeley
DAR: Directed Automated Random esting CUE: Concolic Unit esting Engine Slide Source: Koushik Sen from Berkeley Verification and esting We would like to prove programs correct Verification and esting We
More informationCUTE: A Concolic Unit Testing Engine for C
CUTE: A Concolic Unit Testing Engine for C Koushik Sen Darko Marinov Gul Agha University of Illinois Urbana-Champaign Goal Automated Scalable Unit Testing of real-world C Programs Generate test inputs
More informationDART: Directed Automated Random Testing
DART: Directed Automated Random Testing Patrice Godefroid Nils Klarlund Koushik Sen Bell Labs Bell Labs UIUC Presented by Wei Fang January 22, 2015 PLDI 2005 Page 1 June 2005 Motivation Software testing:
More informationTesting versus Static Analysis of Maximum Stack Size
Testing versus Static Analysis of Maximum Stack Size Mahdi Eslamimehr mahdi@cs.ucla.edu UCLA, University of California, Los Angeles Jens Palsberg palsberg@ucla.edu UCLA, University of California, Los Angeles
More informationSeminar in Software Engineering Presented by Dima Pavlov, November 2010
Seminar in Software Engineering-236800 Presented by Dima Pavlov, November 2010 1. Introduction 2. Overview CBMC and SAT 3. CBMC Loop Unwinding 4. Running CBMC 5. Lets Compare 6. How does it work? 7. Conclusions
More informationAutomatic Software Verification
Automatic Software Verification Instructor: Mooly Sagiv TA: Oded Padon Slides from Eran Yahav and the Noun Project, Wikipedia Course Requirements Summarize one lecture 10% one lecture notes 45% homework
More informationThree Important Testing Questions
Testing Part 2 1 Three Important Testing Questions How shall we generate/select test cases? Did this test execution succeed or fail? How do we know when we ve tested enough? 65 1. How do we know when we
More informationAutomatic Generation of Program Specifications
Automatic Generation of Program Specifications Jeremy Nimmer MIT Lab for Computer Science http://pag.lcs.mit.edu/ Joint work with Michael Ernst Jeremy Nimmer, page 1 Synopsis Specifications are useful
More informationAnalysis/Bug-finding/Verification for Security
Analysis/Bug-finding/Verification for Security VIJAY GANESH University of Waterloo Winter 2013 Analysis/Test/Verify for Security Instrument code for testing Heap memory: Purify Perl tainting (information
More informationStatic program checking and verification
Chair of Software Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Slides: Based on KSE06 With kind permission of Peter Müller Static program checking and verification Correctness
More informationINF672 Protocol Safety and Verification. Karthik Bhargavan Xavier Rival Thomas Clausen
INF672 Protocol Safety and Verication Karthik Bhargavan Xavier Rival Thomas Clausen 1 Course Outline Lecture 1 [Today, Sep 15] Introduction, Motivating Examples Lectures 2-4 [Sep 22,29, Oct 6] Network
More informationAutomated Software Analysis Techniques For High Reliability: A Concolic Testing Approach. Moonzoo Kim
Automated Software Analysis Techniques For High Reliability: A Concolic Testing Approach Moonzoo Kim Contents Automated Software Analysis Techniques Background Concolic testing process Example of concolic
More informationSoftware Testing CS 408. Lecture 11: Review 2/20/18
Software Testing CS 408 Lecture 11: Review 2/20/18 Lecture 1: Basics 2 Two Views Verification: Prove the absence, and conjecture the presence, of bugs Ex: types: Not all ill-typed programs are wrong But,
More informationn HW7 due in about ten days n HW8 will be optional n No CLASS or office hours on Tuesday n I will catch up on grading next week!
Announcements SMT Solvers, Symbolic Execution n HW7 due in about ten days n HW8 will be optional n No CLASS or office hours on Tuesday n I will catch up on grading next week! n Presentations n Some of
More informationTesting & Symbolic Execution
Testing & Symbolic Execution Software Testing The most common way of measuring & ensuring correctness Input 2 Software Testing The most common way of measuring & ensuring correctness Input Observed Behavior
More informationCSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Static Analysis. Emina Torlak
CSE 403: Software Engineering, Fall 2016 courses.cs.washington.edu/courses/cse403/16au/ Static Analysis Emina Torlak emina@cs.washington.edu Outline What is static analysis? How does it work? Free and
More informationApplications of Logic in Software Engineering. CS402, Spring 2016 Shin Yoo
Applications of Logic in Software Engineering CS402, Spring 2016 Shin Yoo Acknowledgements I borrow slides from: Moonzoo Kim Theo C. Ruys (http://spinroot.com/spin/doc/ SpinTutorial.pdf) CBMC & Daniel
More informationA Survey of Approaches for Automated Unit Testing. Outline
A Survey of Approaches for Automated Unit Testing Peter Carr Ron Kneusel Outline Introduction/Motivation Concolic Testing Random Testing Evolutionary Testing Random/Evolutionary Experiment and Results
More informationTiming Analysis of Parallel Software Using Abstract Execution
Timing Analysis of Parallel Software Using Abstract Execution Björn Lisper School of Innovation, Design, and Engineering Mälardalen University bjorn.lisper@mdh.se 2014-09-10 EACO Workshop 2014 Motivation
More informationSymbolic Execu.on. Suman Jana
Symbolic Execu.on Suman Jana Acknowledgement: Baishakhi Ray (Uva), Omar Chowdhury (Purdue), Saswat Anand (GA Tech), Rupak Majumdar (UCLA), Koushik Sen (UCB) What is the goal? Tes.ng Tes%ng approaches are
More informationRandom Testing of Interrupt-Driven Software. John Regehr University of Utah
Random Testing of Interrupt-Driven Software John Regehr University of Utah Integrated stress testing and debugging Random interrupt testing Source-source transformation Static stack analysis Semantics
More informationTest Automation. 20 December 2017
Test Automation 20 December 2017 The problem of test automation Testing has repetitive components, so automation is justified The problem is cost-benefit evaluation of automation [Kaner] Time for: test
More informationSymbolic and Concolic Execution of Programs
Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015 Information Security, CS 526 1 Reading for this lecture Symbolic execution and program testing - James
More informationStackAnalyzer Proving the Absence of Stack Overflows
StackAnalyzer Proving the Absence of Stack Overflows AbsInt GmbH 2012 2 Functional Safety Demonstration of functional correctness Well-defined criteria Automated and/or model-based testing Formal techniques:
More informationVerification and Test with Model-Based Design
Verification and Test with Model-Based Design Flight Software Workshop 2015 Jay Abraham 2015 The MathWorks, Inc. 1 The software development process Develop, iterate and specify requirements Create high
More informationAutomated Whitebox Fuzz Testing. by - Patrice Godefroid, - Michael Y. Levin and - David Molnar
Automated Whitebox Fuzz Testing by - Patrice Godefroid, - Michael Y. Levin and - David Molnar OUTLINE Introduction Methods Experiments Results Conclusion Introduction Fuzz testing is an effective Software
More informationAn Eclipse Plug-in for Model Checking
An Eclipse Plug-in for Model Checking Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala Electrical Engineering and Computer Sciences University of California, Berkeley, USA Rupak Majumdar Computer Science
More informationModel Checking with Abstract State Matching
Model Checking with Abstract State Matching Corina Păsăreanu QSS, NASA Ames Research Center Joint work with Saswat Anand (Georgia Institute of Technology) Radek Pelánek (Masaryk University) Willem Visser
More informationAbstractions and small languages in synthesis CS294: Program Synthesis for Everyone
Abstractions and small languages in synthesis CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California, Berkeley Today Today: we describe why high-level
More informationOverview AEG Conclusion CS 6V Automatic Exploit Generation (AEG) Matthew Stephen. Department of Computer Science University of Texas at Dallas
CS 6V81.005 Automatic Exploit Generation (AEG) Matthew Stephen Department of Computer Science University of Texas at Dallas February 20 th, 2012 Outline 1 Overview Introduction Considerations 2 AEG Challenges
More informationTopics. Software Testing Test Driven Development Black Box Testing Unit Testing White Box Testing Coverage Testing Software Debugging
Supplemental Materials: Software esting CS2: Data Structures and Algorithms Colorado State University Chris Wilcox, Russ Wakefield, Wim Bohm, Dave Matthews opics Software esting est Driven Development
More informationSoftware Testing CS 408. Lecture 6: Dynamic Symbolic Execution and Concolic Testing 1/30/18
Software Testing CS 408 Lecture 6: Dynamic Symbolic Execution and Concolic Testing 1/30/18 Relevant Papers CUTE: A Concolic Unit Testing Engine for C Koushik Sen, Darko Marinov, Gul Agha Department of
More informationBounded Model Checking Of C Programs: CBMC Tool Overview
Workshop on Formal Verification and Analysis Tools, CFDVS, IIT-Bombay - Feb 21,2017 Bounded Model Checking Of C Programs: CBMC Tool Overview Prateek Saxena CBMC Developed and Maintained by Dr Daniel Kröning
More informationManifest Safety and Security. Robert Harper Carnegie Mellon University
Manifest Safety and Security Robert Harper Carnegie Mellon University Collaborators This work is, in part, joint with Lujo Bauer, Karl Crary, Peter Lee, Mike Reiter, and Frank Pfenning at Carnegie Mellon.
More informationCombining Static and Dynamic Contract Checking for Curry
Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 1 Combining Static and Dynamic Contract Checking for Curry Michael Hanus University of Kiel Programming Languages
More informationAdvanced Java Concepts Unit 2: Linked Lists.
Advanced Java Concepts Unit 2: Linked Lists. The List interface defines the structure of a linear collection. Here are some of its methods. boolean add( E element ) Appends the element to the end of the
More informationAutomatic Qualification of Abstract Interpretation-based Static Analysis Tools. Christian Ferdinand, Daniel Kästner AbsInt GmbH 2013
Automatic Qualification of Abstract Interpretation-based Static Analysis Tools Christian Ferdinand, Daniel Kästner AbsInt GmbH 2013 2 Functional Safety Demonstration of functional correctness Well-defined
More informationOutline. Introduction SDV Motivation Model vs Real Implementation SLIC SDVRP SLAM-2 Comparisons Conclusions
Outline Introduction SDV Motivation Model vs Real Implementation SIC SDVRP SAM-2 Comparisons Conclusions SDV Research Platform Academic release of SDV (Static Driver Verifier), based on the code that ships
More informationTesting. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?
Testing ECE/CS 5780/6780: Embedded System Design Scott R. Little Lecture 24: Introduction to Software Testing and Verification What is software testing? Running a program in order to find bugs (faults,
More informationA and Branch-and-Bound Search
A and Branch-and-Bound Search CPSC 322 Lecture 7 January 17, 2006 Textbook 2.5 A and Branch-and-Bound Search CPSC 322 Lecture 7, Slide 1 Lecture Overview Recap A Search Optimality of A Optimal Efficiency
More informationSoftware security, secure programming
Software security, secure programming Fuzzing and Dynamic Analysis Master on Cybersecurity Master MoSiG Academic Year 2017-2018 Outline Fuzzing (or how to cheaply produce useful program inputs) A concrete
More informationStatic Analysis and Bugfinding
Static Analysis and Bugfinding Alex Kantchelian 09/12/2011 Last week we talked about runtime checking methods: tools for detecting vulnerabilities being exploited in deployment. So far, these tools have
More informationAutomated Unit Testing of Large Industrial Embedded Software using Concolic Testing
Automated Unit Testing of Large Industrial Embedded Software using Concolic Testing, Moonzoo Kim SW Testing & Verification Group KAIST, South Korea Youil Kim, Taeksu Kim, Gunwoo Lee, Yoonkyu Jang Samsung
More informationEliminating Annotations by Automatic Flow Analysis of Real-Time Programs
Eliminating Annotations by Automatic Flow Analysis of Real-Time Programs Jan Gustafsson Department of Computer Engineering, Mälardalen University Box 883, S-721 23 Västerås, Sweden jangustafsson@mdhse
More informationSimulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1
Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 2012 The MathWorks, Inc. 1 Agenda Formal Verification Key concept Applications Verification of designs against (functional) requirements Design error detection Test
More informationSatisfiability Modulo Theories: ABsolver
Satisfiability Modulo Theories: ABsolver Michael Tautschnig Joint work with: Andreas Bauer Martin Leucker Christian Schallhart Michael Tautschnig 1 Outline 1. Introduction Michael Tautschnig 2 Outline
More informationTesting, Fuzzing, & Symbolic Execution
Testing, Fuzzing, & Symbolic Execution Software Testing The most common way of measuring & ensuring correctness Input 2 Software Testing The most common way of measuring & ensuring correctness Input Observed
More informationAutomated Test-Input Generation
Automated Test-Input Generation Tao Xie North Carolina State University Department of Computer Science Nov 2005 http://www.csc.ncsu.edu/faculty/xie/ Why Automate Testing? Software testing is important
More information6.1 Motivation. Fixed Priorities. 6.2 Context Switch. Real-time is about predictability, i.e. guarantees. Real-Time Systems
Real-Time Systems Summer term 2017 6.1 Motivation 6.1 Motivation Real-Time Systems 6 th Chapter Practical Considerations Jafar Akhundov, M.Sc. Professur Betriebssysteme Real-time is about predictability,
More informationProgram Analysis and Code Verification
Program Analysis and Code Verification http://d3s.mff.cuni.cz Pavel Parízek CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Language Lectures: English Labs: English Homework: Czech/English
More informationTesting Error Handling Code in Device Drivers Using Characteristic Fault Injection
1 Testing Error Handling Code in Device Drivers Using Characteristic Fault Injection Jia-Ju Bai, Yu-Ping Wang, Jie Yin, Shi-Min Hu Department of Computer Science and Technology Tsinghua University Beijing,
More informationAn Empirical Comparison of Automated Generation and Classification Techniques for Object-Oriented Unit Testing
An Empirical Comparison of Automated Generation and Classification Techniques for Object-Oriented Unit Testing Marcelo d Amorim (UIUC) Carlos Pacheco (MIT) Tao Xie (NCSU) Darko Marinov (UIUC) Michael D.
More informationApplication of Propositional Logic II - How to Test/Verify my C program? Moonzoo Kim
Application of Propositional Logic II - How to Test/Verify my C program? Moonzoo Kim 2 Solving Various Problems using SAT Solver Sudoku Puzzle Encoding 1 Encoding 2 Verify/Testing C Programs Encoding 3
More informationMemory Safety for Embedded Devices with nescheck
Memory Safety for Embedded Devices with nescheck Daniele MIDI, Mathias PAYER, Elisa BERTINO Purdue University AsiaCCS 2017 Ubiquitous Computing and Security Sensors and WSNs are pervasive Small + cheap
More informationOn the Generation of Test Cases for Embedded Software in Avionics or Overview of CESAR
1 / 16 On the Generation of Test Cases for Embedded Software in Avionics or Overview of CESAR Philipp Rümmer Oxford University, Computing Laboratory philr@comlab.ox.ac.uk 8th KeY Symposium May 19th 2009
More informationPrinciples of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)
Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems) More Analysis for Functional Correctness Jonathan Aldrich Charlie Garrod School of Computer Science
More informationOperational Semantics. One-Slide Summary. Lecture Outline
Operational Semantics #1 One-Slide Summary Operational semantics are a precise way of specifying how to evaluate a program. A formal semantics tells you what each expression means. Meaning depends on context:
More informationAssertions & Design-by-Contract using JML Erik Poll University of Nijmegen
Assertions & Design-by-Contract using JML Erik Poll University of Nijmegen Erik Poll - JML p.1/39 Overview Assertions Design-by-Contract for Java using JML Contracts and Inheritance Tools for JML Demo
More informationAchievements and Challenges
Improving Automation in Developer Testing: Achievements and Challenges Tao Xie Department of Computer Science North Carolina State University http://ase.csc.ncsu.edu/ An up-to-date version of the slides
More informationLecture Outline. COOL operational semantics. Operational Semantics of Cool. Motivation. Notation. The rules. Evaluation Rules So Far.
Lecture Outline Operational Semantics of Cool COOL operational semantics Motivation Adapted from Lectures by Profs. Alex Aiken and George Necula (UCB) Notation The rules CS781(Prasad) L24CG 1 CS781(Prasad)
More informationProgram Analysis and Constraint Programming
Program Analysis and Constraint Programming Joxan Jaffar National University of Singapore CPAIOR MasterClass, 18-19 May 2015 1 / 41 Program Testing, Verification, Analysis (TVA)... VS... Satifiability/Optimization
More informationProgram Testing via Symbolic Execution
Program Testing via Symbolic Execution Daniel Dunbar Program Testing via Symbolic Execution p. 1/26 Introduction Motivation Manual testing is difficult Program Testing via Symbolic Execution p. 2/26 Introduction
More informationPredicate Refinement Heuristics in Program Verification with CEGAR
Predicate Refinement Heuristics in Program Verification with CEGAR Tachio Terauchi (JAIST) Part of this is joint work with Hiroshi Unno (U. Tsukuba) 1 Predicate Abstraction with CEGAR Iteratively generate
More informationHandling Cyclic Execution Paths in Timing Analysis of Component-based Software
Handling Cyclic Execution Paths in Timing Analysis of Component-based Software Luka Lednicki, Jan Carlson Mälardalen Real-time Research Centre Mälardalen University Västerås, Sweden Email: {luka.lednicki,
More informationMicrosoft SAGE and LLVM KLEE. Julian Cohen Manual and Automatic Program Analysis
Microsoft SAGE and LLVM KLEE Julian Cohen HockeyInJune@isis.poly.edu Manual and Automatic Program Analysis KLEE KLEE [OSDI 2008, Best Paper Award] Based on symbolic execution and constraint solving techniques
More informationProfile-Guided Program Simplification for Effective Testing and Analysis
Profile-Guided Program Simplification for Effective Testing and Analysis Lingxiao Jiang Zhendong Su Program Execution Profiles A profile is a set of information about an execution, either succeeded or
More informationSimGrid MC 101. Getting Started with the SimGrid Model-Checker. Da SimGrid Team. April 11, 2017
SimGrid MC 101 Getting Started with the SimGrid Model-Checker Da SimGrid Team April 11, 2017 About this Presentation Goals and Contents Understanding the basics of Model checking Running SimGrid as a Model
More informationCover Page. The handle holds various files of this Leiden University dissertation
Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue
More informationDynamic Test Generation to Find Bugs in Web Application
Dynamic Test Generation to Find Bugs in Web Application C.SathyaPriya 1 and S.Thiruvenkatasamy 2 1 Department of IT, Shree Venkateshwara Hi-Tech Engineering College, Gobi, Tamilnadu, India. 2 Department
More informationOutline. Introduction Concepts and terminology The case for static typing. Implementing a static type system Basic typing relations Adding context
Types 1 / 15 Outline Introduction Concepts and terminology The case for static typing Implementing a static type system Basic typing relations Adding context 2 / 15 Types and type errors Type: a set of
More informationManuel Oriol, CHCRC-C, Software Testing ABB
Manuel Oriol, CHCRC-C, 08.11.2017 Software Testing Slide 1 About me 1998 2004 2005 2008 2011 Slide 2 Introduction Why do we test? Did you have to deal with testing in the past? Slide 3 Ariane 5 http://www.youtube.com/watch?v=kyurqduyepi
More informationBallista Design and Methodology
Ballista Design and Methodology October 1997 Philip Koopman Institute for Complex Engineered Systems Carnegie Mellon University Hamershlag Hall D-202 Pittsburgh, PA 15213 koopman@cmu.edu (412) 268-5225
More informationDirected Random Testing*
Directed Random Testing* Wolfram Schulte Microsoft Research Soqua 11/2006 Wasformerlyanouncedas: ChalengeProblemsinTesting 1 What my team does Static program verification & language design Verifying multi-threaded
More informationAutomated Software Testing in the Absence of Specifications
Automated Software Testing in the Absence of Specifications Tao Xie North Carolina State University Department of Computer Science Nov 2005 http://www.csc.ncsu.edu/faculty/xie/ Why Automate Testing? Software
More informationLarge-Scale API Protocol Mining for Automated Bug Detection
Large-Scale API Protocol Mining for Automated Bug Detection Michael Pradel Department of Computer Science ETH Zurich 1 Motivation LinkedList pinconnections =...; Iterator i = pinconnections.iterator();
More informationCOL106: Data Structures and Algorithms. Ragesh Jaiswal, IIT Delhi
Stack and Queue How do we implement a Queue using Array? : A collection of nodes with linear ordering defined on them. Each node holds an element and points to the next node in the order. The first node
More informationOn the Reliability of Correct Programs
On the Reliability of Correct Programs Marie-Claude Gaudel LRI, Université de Paris-Sud & CNRS April 2010 LAAS 1 Programs? Everybody knows what it is Let us try: A program is a piece of text in a (hopefully)
More informationAutomatic Test Generation. Galeotti/Gorla/Rau Saarland University
Automatic Test Generation Galeotti/Gorla/Rau Saarland University Testing : Find inputs that make the program fail Debugging : The process of finding the cause of a failure. Test Case Values/Test Input/Test
More informationType Checking in COOL (II) Lecture 10
Type Checking in COOL (II) Lecture 10 1 Lecture Outline Type systems and their expressiveness Type checking with SELF_TYPE in COOL Error recovery in semantic analysis 2 Expressiveness of Static Type Systems
More informationSoftware System Design and Implementation
Software System Design and Implementation Motivation & Introduction Gabriele Keller (Manuel M. T. Chakravarty) The University of New South Wales School of Computer Science and Engineering Sydney, Australia
More informationClassification of Code Annotations and Discussion of Compiler-Support for Worst-Case Execution Time Analysis
Proceedings of the 5th Intl Workshop on Worst-Case Execution Time (WCET) Analysis Page 41 of 49 Classification of Code Annotations and Discussion of Compiler-Support for Worst-Case Execution Time Analysis
More informationCSE507. Practical Applications of SAT. Computer-Aided Reasoning for Software. Emina Torlak
Computer-Aided Reasoning for Software CSE507 Practical Applications of SAT courses.cs.washington.edu/courses/cse507/18sp/ Emina Torlak emina@cs.washington.edu Today Past 2 lectures The theory and mechanics
More informationStatic and dynamic analysis: synergy and duality
Static and dynamic analysis: synergy and duality Michael Ernst MIT Computer Science & Artificial Intelligence Lab http://pag.csail.mit.edu/~mernst/ PASTE June 7, 2004 Michael Ernst, page 1 Goals Theme:
More informationECE 587 Hardware/Software Co-Design Lecture 11 Verification I
ECE 587 Hardware/Software Co-Design Spring 2018 1/23 ECE 587 Hardware/Software Co-Design Lecture 11 Verification I Professor Jia Wang Department of Electrical and Computer Engineering Illinois Institute
More informationVerifying Temporal Properties via Dynamic Program Execution. Zhenhua Duan Xidian University, China
Verifying Temporal Properties via Dynamic Program Execution Zhenhua Duan Xidian University, China Main Points Background & Motivation MSVL and Compiler PPTL Unified Program Verification Tool Demo Conclusion
More informationUsing Model Checking with Symbolic Execution to Verify Parallel Numerical Programs
Using Model Checking with Symbolic Execution to Verify Parallel Numerical Programs Stephen F. Siegel 1 Anastasia Mironova 2 George S. Avrunin 1 Lori A. Clarke 1 1 University of Massachusetts Amherst 2
More informationToday Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues
Finding Bugs Last time Run-time reordering transformations Today Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues CS553 Lecture Finding
More informationKLEE: Effective Testing of Systems Programs Cristian Cadar
KLEE: Effective Testing of Systems Programs Cristian Cadar Joint work with Daniel Dunbar and Dawson Engler April 16th, 2009 Writing Systems Code Is Hard Code complexity Tricky control flow Complex dependencies
More informationIs Coincidental Correctness Less Prevalent in Unit Testing? Wes Masri American University of Beirut Electrical and Computer Engineering Department
Is Coincidental Correctness Less Prevalent in Unit Testing? Wes Masri American University of Beirut Electrical and Computer Engineering Department Outline Definitions Weak CC vs. Strong CC Causes of Coincidental
More informationGraph Coverage for Source Code. Data Flow Graph Coverage for Source Code
Graph Coverage for Source Code Data Flow Graph Coverage for Source Code 1 Graph Coverage for Design Elements Use of data abstraction and object oriented software has increased importance on modularity
More informationFrom Symbolic Execution to Concolic Testing. Daniel Paqué
From Symbolic Execution to Concolic Testing Daniel Paqué Structure Symbolic Execution Concolic Testing Execution Generated Testing Concurrency in Concolic Testing 2 Motivation Software Testing usually
More informationVerifying control systems using CSP, FDR, and Handel-C.
erifying control systems using CSP, FDR, and Handel-C. 01 Verifying control systems using CSP, FDR, and Handel-C. Alistair A. McEwan University of Surrey erifying control systems using CSP, FDR, and Handel-C.
More informationAdvanced Programming Methods. Introduction in program analysis
Advanced Programming Methods Introduction in program analysis What is Program Analysis? Very broad topic, but generally speaking, automated analysis of program behavior Program analysis is about developing
More informationApplications of Program analysis in Model-Based Design
Applications of Program analysis in Model-Based Design Prahlad Sampath (Prahlad.Sampath@mathworks.com) 2018 by The MathWorks, Inc., MATLAB, Simulink, Stateflow, are registered trademarks of The MathWorks,
More informationSecurity Testing. Ulf Kargén Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT)
Security Testing TDDC90 Software Security Ulf Kargén Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Security testing vs regular testing Regular
More informationFitness-Guided Path Exploration in Automated Test Generation
Fitness-Guided Path Exploration in Automated Test Generation Tao Xie Department of North Carolina State University http://ase.csc.ncsu.edu/ Joint work with Nikolai Tillmann, Peli de Halleux, Wolfram Schulte
More informationSystem Programming CISC 360. Floating Point September 16, 2008
System Programming CISC 360 Floating Point September 16, 2008 Topics IEEE Floating Point Standard Rounding Floating Point Operations Mathematical properties Powerpoint Lecture Notes for Computer Systems:
More informationTiming Analysis Enhancement for Synchronous Program
Timing Analysis Enhancement for Synchronous Program Extended Abstract Pascal Raymond, Claire Maiza, Catherine Parent-Vigouroux, Fabienne Carrier, and Mihail Asavoae Grenoble-Alpes University Verimag, Centre
More informationLeveraging Test Generation and Specification Mining for Automated Bug Detection without False Positives
Leveraging Test Generation and Specification Mining for Automated Bug Detection without False Positives Michael Pradel and Thomas R. Gross Department of Computer Science ETH Zurich 1 Motivation API usage
More information