Program Analysis. Program Analysis

Similar documents
Execution Tracing and Profiling

Why testing and analysis. Software Testing. A framework for software testing. Outline. Software Qualities. Dependability Properties

Efficient Path Profiling

Verification Overview Testing Theory and Principles Testing in Practice. Verification. Miaoqing Huang University of Arkansas 1 / 80

Introduction to Dynamic Analysis

Overview. State-of-the-Art. Relative cost of error correction. CS 619 Introduction to OO Design and Development. Testing.

Facts About Testing. Cost/benefit. Reveal faults. Bottom-up. Testing takes more than 50% of the total cost of software development

MONIKA HEINER.

Testing! Prof. Leon Osterweil! CS 520/620! Spring 2013!

In this Lecture you will Learn: Testing in Software Development Process. What is Software Testing. Static Testing vs.

Class 17. Discussion. Mutation analysis and testing. Problem Set 7 discuss Readings

Chap 2. Introduction to Software Testing

(See related materials in textbook.) CSE 435: Software Engineering (slides adapted from Ghezzi et al & Stirewalt

Testing: Coverage and Structural Coverage

Software Testing. Testing: Our Experiences

Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn. 4. Testing

Subject Software Testing Structural Testing

Part I: Preliminaries 24

Verification and Validation

An Introduction to Systematic Software Testing. Robert France CSU

Quality Assurance in Software Development

Testing. CMSC 433 Programming Language Technologies and Paradigms Spring A Real Testing Example. Example (Black Box)?

Chapter 11, Testing. Using UML, Patterns, and Java. Object-Oriented Software Engineering

ECE 587 Hardware/Software Co-Design Lecture 11 Verification I

EECS 4313 Software Engineering Testing. Topic 01: Limits and objectives of software testing Zhen Ming (Jack) Jiang

Software Testing part II (white box) Lecturer: Giuseppe Santucci

Topics in Software Testing

Testing. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?

Software Engineering 2 A practical course in software engineering. Ekkart Kindler

CS 520 Theory and Practice of Software Engineering Fall 2018

Software Testing TEST CASE SELECTION AND ADEQUECY TEST EXECUTION

Chapter 9. Software Testing

INTRODUCTION TO SOFTWARE ENGINEERING

Three General Principles of QA. COMP 4004 Fall Notes Adapted from Dr. A. Williams

Structural Testing. White Box Testing & Control Flow Analysis

Lecture 10. Dynamic Analysis

Software Engineering and Scientific Computing

Testing! The material for this lecture is drawn, in part, from! The Practice of Programming (Kernighan & Pike) Chapter 6!

Verification and Validation. Assuring that a software system meets a user s needs. Verification vs Validation. The V & V Process

Testing & Debugging TB-1

Testing: Coverage and Structural Coverage

10. Software Testing Fundamental Concepts

Program Verification! Goals of this Lecture! Words from the Wise! Testing!

Testing! The material for this lecture is drawn, in part, from! The Practice of Programming (Kernighan & Pike) Chapter 6!

Programming Embedded Systems

Testing: Test design and testing process

Write perfect C code to solve the three problems below.

Software Testing. Minsoo Ryu. Hanyang University. Real-Time Computing and Communications Lab., Hanyang University

White-Box Testing Techniques

Part 5. Verification and Validation

Structural Testing. (c) 2007 Mauro Pezzè & Michal Young Ch 12, slide 1

Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)

Test Automation. 20 December 2017

Quote by Bruce Sterling, from: A Software Testing Primer, Nick Jenkins

Testing Objectives. Successful testing: discovers previously unknown errors

PROGRAM ANALYSIS & SYNTHESIS

Testing. So let s start at the beginning, shall we

MTAT : Software Testing

Chapter 9 Quality and Change Management

Reading assignment: Reviews and Inspections

Pearson Education 2007 Chapter 9 (RASD 3/e)

Lecture 15 Software Testing

Verification and Validation. Verification and validation

Page 1. Reading assignment: Reviews and Inspections. Foundations for SE Analysis. Ideally want general models. Formal models

Chapter 8 Software Testing. Chapter 8 Software testing

Written exam TDDD04 Software Testing

Using the code to measure test adequacy (and derive test cases) Structural Testing

Software Testing for Developer Development Testing. Duvan Luong, Ph.D. Operational Excellence Networks

Integration Testing. Conrad Hughes School of Informatics. Slides thanks to Stuart Anderson

1 Visible deviation from the specification or expected behavior for end-user is called: a) an error b) a fault c) a failure d) a defect e) a mistake

Examination Questions Time allowed: 1 hour 15 minutes

Second assignment came out Monday evening. Find defects in Hnefetafl rules written by your classmates. Topic: Code Inspection and Testing

Objectives. Chapter 19. Verification vs. validation. Topics covered. Static and dynamic verification. The V&V process

Outline. software testing: search bugs black-box and white-box testing static and dynamic testing

Advanced Software Engineering: Software Testing

CS 4387/5387 SOFTWARE V&V LECTURE 4 BLACK-BOX TESTING

Verification and Validation

Verification and Validation. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 22 Slide 1

Literature. CHAPTER 5 Testing. When to Test? The Unified Process. When to Test?

Darshan Institute of Engineering & Technology Unit : 9

Overview Graph Coverage Criteria

Efficiently Monitoring Data-Flow Test Coverage

Integration Testing. Unit Test vs Integration Testing 1. Unit Testing vs Integration Testing 2. Unit testing: isolation, stub/mock objects

Lecture 26: Testing. Software Engineering ITCS 3155 Fall Dr. Jamie Payton

CSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Unit Testing. Emina Torlak

Software Testing. Software Testing. in the textbook. Chapter 8. Verification and Validation. Verification and Validation: Goals

Terminology. There are many different types of errors and different ways how we can deal with them.

Testing Theory. Agenda - What will you learn today? A Software Life-cycle Model Which part will we talk about today? Theory Lecture Plan

Verification and Validation

Software Testing. Software Testing

Software Testing Interview Question and Answer

linaye/gl.html

Software Verification and Validation. Prof. Lionel Briand Ph.D., IEEE Fellow

CHAPTER 5 GENERATING TEST SCENARIOS AND TEST CASES FROM AN EVENT-FLOW MODEL

Computer Science and Software Engineering University of Wisconsin - Platteville 9-Software Testing, Verification and Validation

Laboratorio di Tecnologie dell'informazione

Software Quality Assurance. David Janzen

Integration and Testing. Uses slides from Lethbridge & Laganiere, 2001

Coding and Unit Testing! The Coding Phase! Coding vs. Code! Coding! Overall Coding Language Trends!

Darshan Institute of Engineering & Technology for Diploma Studies

Transcription:

Program Analysis Class #4 Program Analysis Dynamic Analysis 1

Static VS Dynamic Analysis Static analysis operates on a model of the SW (without executing it) If successful, produces definitive information about the product that holds for all inputs Dynamic analysis operates on dynamic information collected by running the SW Results in sampling information about the product that holds for the inputs considered Combined static and dynamic analyses leverage complementary strengths Do We Need Dynamic Analysis? Some static analyses may be too imprecise (e.g., slicing for impact analysis) Need to test for properties of executions, rather than the program (e.g., debugging) Need to test assumptions about the environment Need to determine performance in practice, for the average case Need to test for non-functional properties or qualities, such as usability 2

Examples of Dynamic Analysis Testing Profiling Coverage analysis Dynamic-invariant detection Assertions Dynamic tainting Dynamic slicing Issues in Dynamic Analysis How do we collect the dynamic data? Instrumentation (i.e., software probes) (Customized) runtime system How do we avoid too much overhead? How do we make sure that the observations don t change the behavior of the system? How do we select inputs for the analysis? (i.e., how do we know if the inputs are adequate?) 3

Execution Tracing and Profiling Gathering dynamic information about programs Execution coverage Execution profiling Execution tracing Three main alternatives Debugging interfaces Customized runtime systems Instrumentation Post-processing Online processing Preprocessing Execution Coverage Execution Coverage records, as the program executes with a test case, the fact that an event occurs. For example: whether a statement is executed whether a branch is taken whether a path is followed whether a variable is modified Applications Software testing Dynamic analysis (adequacy, information) 4

Execution Profiling Execution Profiling records, as the program executes with a test case, the number of times that an event occurs. For example: the number of times a statement is executed the number of times a branch is traversed the number of times an exception is thrown the number of times a variable is modified Applications Program optimization Performance tuning Profile-directed compilation Execution Tracing Execution Tracing records, as the program executes with a test case (an input to the program), some sequence of events that occur. For example: the sequence of statements executed the sequence of memory accesses the sequence of program states associated with statements executed Applications Program optimization Dynamic analysis (e.g., impact analysis) 5

Execution Profiling/Tracing entry S1 S2 Procedure AVG S1 count = 0 S2 fread (fptr, n) S3 while (not EOF) do S4 if (n < 0) S5 return (error) else S6 nums[count] = m S7 count ++ endif S8 fread (fptr, n) endwhile S9 avg = mean (nums, count) S10 return (avg) F T S5 S3 T S4 S8 S9 S10 F S6 S7 exit Recording Traces, Profiles Test Input Output t1 empty file 0 entry S1 S2 Procedure AVG S1 count = 0 S2 fread (fptr, n) S3 while (not EOF) do S4 if (n < 0) S5 return (error) else S6 nums[count] = m S7 count ++ endif S8 fread (fptr, n) endwhile S9 avg = mean (nums, count) S10 return (avg) F T S5 S3 T S4 S8 S9 S10 F S6 S7 exit 6

Debugging Interfaces Debugging Interfaces provide hooks into the runtime system that allow for collecting various dynamic information while the program executes. Examples: Java Platform Debugger Architecture (JPDA) JVM Debugging Interface (JVMDI) JVM Profiling Interface (JVMPI) Java Virtual Machine Tool Interface (JVMTI) [New] Valgrind DynamoRIO Emulators for embedded systems Customized Runtime Systems Customized Runtime Systems are runtime systems modified to collect some specific dynamic information. Examples: Jalapeño JVM (now Jikes) 7

Instrumentation Instrumentation is the process of adding code fragments (called probes) to a program such that when the program is executed, it records dynamic information Source-level Binary-level Dynamic The program with the probes is called an instrumented program Instrumentation Types of instrumentation Preprocessing Online processing Post-processing 8

Instrumentation Process Instrumentation - statement coverage: En 1 2 3 4 5 6 8 7 Ex Instrumentation Process Instrumentation - branch coverage: En 1 2 3 4 5 6 8 7 Ex 9

Instrumentation Process Instrumentation - path coverage: En 1 2 3 4 5 6 8 7 Ex Instrumentation Process 1. read i 2. read j 3. sum = 0 4. while (i > 0) and (i < = 10) do 5. if (j >0) 6. sum = sum + j endif 7. i= i + 1 8. read j endwhile 9. print sum 1,2,3 defs of i, j, sum uses of i 4 5 use of j 6 uses of sum, j use of sum 9 def of sum use of i defs of i, j 7,8 Def-use pairs for i: (1, (4,5)), (1, (4,9)), (1, 7), (7, (4,5)), (7, (4,9)) 10

Instrumentation Process Instrumentation all-uses coverage 1,2,3 defs of i, j, sum uses of i 4 5 use of j use of sum 9 6 use of i defs of i, j 7,8 Instrumentation Tools Source-level EDG parser (AST) Customized gcc Binary/bytecode level Vulcan BCEL SOOT Dynamic Dyninst PIN Valgrind 11

Efficient Path Profiling Profiling (recap) Program profiling counts occurrences of an event during a program s execution Basic blocks Control-flow edges Acyclic path Application Performance tuning Profile-directed compilation Test coverage 12

Goal Goal: efficiently collecting path profiles for acyclic paths State of the Art Edge profiling: 16% overhead Estimation of path profiles from edge profiles Not enough (38% in SPEC benchmarks) Acyclic Paths All paths are intra-procedural No cycles (to avoid infinite number of paths) Paths from the entry to a back-edge (paths into the first loop iteration) Paths from a loop head to the exit (paths out of the last loop iteration) Paths within a loop (number of times the loop iterates) 13

Acyclic-Path Profiling Subsumes basic block/statement profiling edge/branch profiling Better approximation of intra -procedural path frequencies Stronger coverage criterion for white -box testing Goals for Instrumentation Low time and space overhead Minimal number of probes Optimal placement of the probes Paths represented with a simple integer value Compact numbering of paths 14

Algorithm Overview (i) Each potential path is represented as a state Upon entry all paths are possible Each branch taken narrows the set of possible final states State reached at the end of the procedure represents the path taken Example: P0: 1, 2, 4, 5, 7 P1: 1, 2, 4, 6, 7 P2: 1, 3, 4, 5, 7 P3: 1, 3, 4, 6, 7 1 K: {P2, P3} 2 3 K: {P0, P1} 4 K: {P1, P3} 5 6 K: {P0, P2} 7 Algorithm Overview (i) Each potential path is represented as a state Upon entry all paths are possible Each branch taken narrows the set of possible final states State reached at the end of the procedure represents the path taken Example: P0: 1, 2, 4, 5, 7 P1: 1, 2, 4, 6, 7 P2: 1, 3, 4, 5, 7 P3: 1, 3, 4, 6, 7 K: {P2, P3} {P0, P1} {P0, P1, P2, P3} 1 2 3 4 K: {P0, P1} K: {P1, P3} 5 6 K: {P0, P2} {P1} 7 {P1} 15

Algorithm Overview (ii) Final states (i.e., paths) are represented by integers in [0, n-1] (n == number of paths) Instrumentation not at every branch Transitions computed by simple arithmetic operations (no tables) CFG transformed in acyclic CFGs (DAGs) Example: P0: 1, 2, 4, 5, 7 P1: 1, 2, 4, 6, 7 P2: 1, 3, 4, 5, 7 P3: 1, 3, 4, 6, 7 r=0 1 r=2 2 3 4 r+=1 5 6 7 count[r]++ Algorithm Steps 1. Assign integer values to edges such that no two paths compute the same path sum 2. Use a spanning tree to select edges to instrument and compute the appropriate increment for each instrumented edge 3. Select appropriate instrumentation 4. Derive the executed paths from the collected run-time profiles 16

Algorithm (Step 1 of 4) Assign to each edge e a value Val(e) such that the sum along a path is Unique A 26 2 [0,n-1] for each vertex v in rev. top. order { if v is a leaf vertex { NumPaths(v) = 1; } else { NumPaths(v) = 0; for each edge e = v->w { Val(e) = NumPaths(v); NumPaths(v) += NumPaths(w); } } } 24 1 B E D 12 0 Not necessarily the best placement 2 1 0 0 0 0 C F 2 1 ( 17

Probe placement Knuth published efficient algorithms for finding the minimum number of edge counters for edge profiling Spanning tree T of CFG is computed Edges E in CFG minus edges in T are the chords of the spanning tree Instrumentation of only the chords is sufficient to deduce execution of remaining edges Optimal Placement of Probes Several spanning trees may be possible on a CFG A maximum spanning tree is a spanning tree of maximum weight on its edges Weight is defined as the execution frequency of the edge 18

Edge Execution Frequency Program can be profiled to gather edge execution frequency -- generally impractical for purposes of profiling Edge execution frequency can be approximated statically Static approximation heuristic defined in [Ball and Larus 94] ) 19

Algorithm (Step 2 of 4) 2. Use a spanning tree to select edges to instrument and compute the appropriate increment for each instrumented edge. B A C D E F Algorithm (Step 2 of 4) 2. Use a spanning tree to select edges to instrument and compute the appropriate increment for each instrumented edge. B A C Add edge EXIT -> ENTRY D E F 20

Algorithm (Step 2 of 4) 2. Use a spanning tree to select edges to instrument and compute the appropriate increment for each instrumented edge. B A C Add edge EXIT -> ENTRY Compute a maximal spanning tree (find chords) D E F Algorithm (Step 2 of 4) 2. Use a spanning tree to select edges to instrument and compute the appropriate increment for each instrumented edge. B A C Add edge EXIT -> ENTRY Compute a maximal spanning tree (find chords) D E F 21

Algorithm (Step 2 of 4) 2. Use a spanning tree to select edges to instrument and compute the appropriate increment for each instrumented edge. B A C Add edge EXIT -> ENTRY Compute a maximal spanning tree (find chords) D E F Algorithm (Step 2 of 4) 2. Use a spanning tree to select edges to instrument and compute the appropriate increment for each instrumented edge. Add edge EXIT -> ENTRY Compute a maximal spanning tree (find chords) Assign increments: start from Val(e) and propagate [Ball and Larus 94] 2 B 2 1 E A 0 D 0 0 0 0 C F 22

Algorithm (Step 2 of 4) 2. Use a spanning tree to select edges to instrument and compute the appropriate increment for each instrumented edge. Add edge EXIT -> ENTRY Compute a maximal spanning tree (find chords) Assign increments: start from Val(e) and propagate [Ball and Larus 94] B 4 1 E A 2 D 0 C F Algorithm (Step 3 of 4) 3. Select appropriate instrumentation Initialize path register (r=0) Update r in chords (r += inc) Increment path s counter at EXIT (count[r]++) B 2 A 0 C 4 1 D E F 23

Algorithm (Step 3 of 4) 3. Select appropriate instrumentation Initialize path register (r=0) Update r in chords (r += inc) Increment path s counter at EXIT (count[r]++) B r += 4 r += 1 E r = 0 A r += 2 D r += 0 C F count[r]++ Algorithm (Step 3 of 4) 3. Select appropriate instrumentation Initialize path register (r=0) Update r in chords (r += inc) Increment path s counter at EXIT (count[r]++) Optimize Initializations (first chord on paths) Path s counter increment (last chord on paths) B r += 4 r += 1 E r = 0 A r += 2 D r += 0 C F count[r]++ 24

Algorithm (Step 3 of 4) 3. Select appropriate instrumentation Initialize path register (r=0) Update r in chords (r += inc) Increment path s counter at EXIT (count[r]++) Optimize Initializations (first chord on paths) Path s counter increment (last chord on paths) B r=4 count[r+1]++ E A r=2 D r=0 C count[r]++ F Algorithm (Step 4 of 4) 4. Regenerating a path after collecting a profile Start at ENTRY Let r be the path value Select which edge to follow by finding the edge with the largest value Val(e) <= r Traverse edge e and r = r Val(e) 2 B 2 1 E A 0 D 0 0 0 0 C F 25

Arbitrary Control Flow (loops) Loop implies the presence of a back-edge Back-edges instrumented to increment path counter and reinitialize path register (count[r]++; r=0) This is not enough; with loops 4 types of paths (v->w and x->y are back-edges) ENTRY to EXIT ENTRY to v (ending with execution of v->w) w to x (after executing v->w and ending with the execution of x->y, v->w and x->y can be the same back-edge) w to EXIT (after executing v->w) Need to distinguish them 1 2 3 4 6 8 5 7 Arbitrary Control Flow (loops) Loop implies the presence of a back-edge Back-edges instrumented to increment path counter and reinitialize path register (count[r]++; r=0) This is not enough; with loops 4 types of paths (v->w and x->y are back-edges) ENTRY to EXIT ENTRY to v (ending with execution of v->w) w to x (after executing v->w and ending with the execution of x->y, v->w and x->y can be the same back-edge) w to EXIT (after executing v->w) Need to distinguish them 1 2 3 4 6 8 5 7 26

Arbitrary Control Flow (loops) Loop implies the presence of a back-edge Back-edges instrumented to increment path counter and reinitialize path register (count[r]++; r=0) This is not enough; with loops 4 types of paths (v->w and x->y are back-edges) ENTRY to EXIT ENTRY to v (ending with execution of v->w) w to x (after executing v->w and ending with the execution of x->y, v->w and x->y can be the same back-edge) w to EXIT (after executing v->w) Need to distinguish them 1 2 3 4 6 8 5 7 Arbitrary Control Flow (loops) Loop implies the presence of a back-edge Back-edges instrumented to increment path counter and reinitialize path register (count[r]++; r=0) This is not enough; with loops 4 types of paths (v->w and x->y are back-edges) ENTRY to EXIT ENTRY to v (ending with execution of v->w) w to x (after executing v->w and ending with the execution of x->y, v->w and x->y can be the same back-edge) w to EXIT (after executing v->w) Need to distinguish them 1 2 3 4 6 8 5 7 27

Arbitrary Control Flow (loops) Loop implies the presence of a back-edge Back-edges instrumented to increment path counter and reinitialize path register (count[r]++; r=0) This is not enough; with loops 4 types of paths (v->w and x->y are back-edges) ENTRY to EXIT ENTRY to v (ending with execution of v->w) w to x (after executing v->w and ending with the execution of x->y, v->w and x->y can be the same back-edge) w to EXIT (after executing v->w) Need to distinguish them 1 2 3 4 6 8 5 7 Convert Arbitrary CFGs to DAGs Eliminate back-edges before computation of edge values and chord increments Remove a loop back-edge 1 Add two edges 2 3 (1) ENTRY -> Target of back-edge (2) Source of back-edge -> EXIT 4 The dummy edges create extra paths ENTRY-EXIT that the value assignment algorithm takes into account 6 Edge (1) represents reinitializing along the back -edge Edge (2) represents incrementing along the back -edge 8 5 7 28

Implementation Implemented in a tool called PP PP instruments SPARC binaries Built on top of EEL (binary instrumenter) Uses a register to store r Replaces array of counters with hash table if number of paths too large Plus some other optimizations Experimental Results When hashing is used performance is hurt Using no hashing, overhead is comparable with edge profiling Edge profiling correctly predicted 37.9% of the acyclic paths Paths covered by a small portion of the test suite comprised most of the paths covered by the full test suite 29

Software Testing Testing Fundamentals Failure Failure, Fault, Error Observable incorrect behavior of a program. Conceptually related to the behavior of the program, rather than its code. Fault (bug) Related to the code. Necessary (not sufficient!) condition for the occurrence of a failure. Error Cause of a fault. Usually a human error (conceptual, typo, etc.) 30

Failure, Fault, Error: Example 1. int double(int param) { 2. int result; 3. result = param * param; 4. return(result); 5. } A call to double(3) returns 9 Result 9 represents a failure Such failure is due to the fault at line 3 The error is a typo (hopefully) Dependability Qualities Correctness Absolute consistency with a specification Reliability Likelihood of correct behavior in expected use Robustness Ability of software systems to function even in abnormal conditions Safety Ability of the software to avoid dangerous behaviors 31

Verification and Validation Validation: Are we building the right product? To which degree the software fulfills its (informal) requirements? Verification: Are we building the product right? To which degree the implementation is consistent with its (formal or semi-formal) specification? Actual reqs Formal or semi-formal descriptions System Validation (usability, feedback from users, ) V e r i f i c a t i o n (testing, inspections, static analysis, ) Approaches to Verification Testing: exercising software to try and generate failures Static verification: identify (specific) problems statically, that is, considering all possible executions Inspection/review/walkthrough: systematic group review of program text to detect faults Formal proof: proving that the program text implements the program specification 32

Comparison Testing Purpose: reveal failure Limits: small subset of the domain (=> risk of inadequate test set) Static verification P: consider all program behaviors (and more) L: false positives, may not terminate Review P: systematic in detecting defects L: informal Proof P: prove correctness L: complexity/cost (requires a spec) Today, QA is Mostly Testing 50% of my company employees are testers, and the rest spends 50% of their time testing! Bill Gates, 1995 33

What is Testing? Testing == To execute a program with a sample of the input data Dynamic technique: program must be executed Optimistic approximation: The program under test is exercised with a (very small) subset of all the possible input data We assume that the behavior with any other input is consistent with the behavior shown for the selected subset of input data The opposite of conservative (pessimistic) analysis Goals of Testing Improve software quality by finding errors A Test is successful if the program fails (Goodeneogh, Gerhart, Toward a Theory of Test Data Selection, IEEE Transactions on Software Engineering, Jan. 85) Provide confidence in the dependability of the software product 34

Correctness D d S P R A program P is a function from a set of data D (domain) to a set of data R (co-domain) P(d) denotes the execution of P with input d D P is correct iff, d D, P(d) = S(d) Test Suite, Test Set, Test Case D T t S P R A test suite or test set T for P is a subset of D x R An element t of T is called a test case T is an ideal test for P iff the correctness of P for all t in T implies the correctness of P for the whole D In general, it is impossible to define an ideal test and we try to approximate it by suitably defining test selection criteria 35

Testing Techniques There are a number of techniques Different processes Different artifacts Different approaches There are no perfect techniques Testing is a best-effort activity There is no best technique Different contexts Complementary strengths and weaknesses Trade-offs Granularity Levels Unit testing: verification of the single modules Integration testing: verification of the interactions among the different modules System testing: testing of the system as a whole Acceptance testing: validation of the software against the user requirements Regression testing: testing of new versions of the software 36

Integration Testing Testing component interactions; several strategies: Top-down Integrate external interface first Requires stubs Bottom-up Integrate low-level components first Requires drivers Big-bang Integrate all components at once To simplify error localization, systems should be incrementally integrated System Testing Must include non-functional tests Performance Load Usability Security Portability Maintainability (complexity metrics) Coding standards 37

Regression Testing Rerun tests after updates identify critical regression tests Need to automate (scripts, testing tools, harness of tests and I/O data ) One of the main reasons why maintenance is costly Alpha and Beta Testing α (alpha) test: in-house, early β (beta) test: in the field, pre-release Also, Sanity check / smoke tests: quick -and-dirty, just before shipping 38

Oracle An oracle predicts the expected results of a test and is used to assess whether a test is successful or not. There are different kinds of oracles: Human (tedious, error prone) Automated (difficult, expensive) Testing and debugging Testing and debugging are distinct processes Testing is concerned with finding defects in a program Debugging is concerned with locating and repairing these errors 39

Test Selection Criteria Test Selection Criterion C: a rule for selecting the subset of D to place in T We want a C that gives test suites that guarantee correctness We settle for a C that gives test suites that improve confidence Types of criteria (complementary): Functional (black-box): based on a specification Structural (white-box): based on the code Test Adequacy Criteria Test selection criteria guide the selection of a test suite T: we select test cases that covers some percentage of coverable items (as defined by the criteria). The same criteria can also be used as test adequacy criteria: the adequacy score of T is the percentage of coverable items (as defined by the criteria) covered by T 40

Test Requirements, Test Specifications Test Requirements: those aspects of the program that must be covered according to the considered criterion Test Specification: constraints on the input that will cause a test requirement to be satisfied Functional vs. Structural Testing 41

Structural 7/31/08 Functional vs. Structural Testing Functional Based on a SW spec Cover as much specified behavior as possible Cannot reveal errors due to implementation details Based on the code Cover as much coded behavior as possible Cannot reveal errors due to missing paths Structural Testing Example Specification: function that inputs an integer and prints it Implementation: 1. void foo(int param) { 2. if (param < 1024) printf( %d, param); 3. else printf( %d KB, param/124); 4. } Function foo contains a typo From the functional perspective, ints < 1024 and ints > 1024 are equivalent, but they are treated differently in the code The fault may be missed by black-box testing The fault would be easily revealed by white-box testing (e.g., by statement coverage) 42

Functional Testing Example Specification: function that inputs an integer param and returns half its value if param is even, param otherwise Implementation: 1. int foo(int param) { 2. int result; 3. result = param/2; 4. return (result); } Function foo works correctly only for even integers The fault may be missed by structural testing (100% coverage with any value) The fault would be easily revealed by black-box testing (typically, we would use at least one odd and one even input) 43

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback