The Internet Archive has a preservation copy of this work in our general collections.
The file type is
A first step towards more reliable software is to execute each statement and each control-flow path in a method once. In this paper, we present a formal method to automatically compute test cases for this purpose based on the idea of a bounded infeasible code detection. The method first unwinds all loops in a program finitely often and then encodes all feasible executions of the loop-free programs in a logical formula. Helper variables are introduced such that a theorem prover can reconstructarXiv:1205.6527v1 fatcat:hnclvkwk2nh4thf7kz4kaudqqu
more »... r can reconstruct the control-flow path of a feasible execution from a satisfying valuation of this formula. Based on this formula, we present one algorithm that computes a feasible path cover and one algorithm that computes a feasible statement cover. We show that the algorithms are complete for loop-free programs and that they can be implemented efficiently. We further provide a sound algorithm to compute procedure summaries which makes the method scalable to larger programs.
JayHorn is a model checker for verifying sequential Java programs annotated with assertions expressing safety conditions.doi:10.1007/978-3-030-17502-3_16 fatcat:u3opoi5ajbeo3axf7d4gqsnbxu
Evren Ermis, Martin Schäf, and Thomas Wies Note that whenever we say interpolant we always mean Craig interpolant. ...doi:10.1007/978-3-642-32759-9_17 fatcat:pxrwonlyxncv7dybi3s73hl5dm
A piece of code in a computer program is infeasible if it cannot be part of any normally-terminating execution of the program. We develop an algorithm for the automatic detection of all infeasible code in a program. We first translate the task of determining all infeasible code into the problem of finding all statements that can be covered by a feasible path. We prove that in order to identify all coverable statements, it is sufficient to find all coverable statements within a certain minimaldoi:10.1007/978-3-642-27705-4_24 fatcat:2cxxwqqt3vfxtaosltttjzm6je
more »... a certain minimal subset. For this, our algorithm repeatedly queries an oracle, asking for the infeasibility of specific sets of control-flow paths. We present a sound implementation of the proposed algorithm on top of the Boogie program verifier utilizing a theorem prover to provide the oracle required by the algorithm. We show experimentally a drastic decrease in the number of theorem prover queries compared to existing approaches, resulting in an overall speedup of the entire computation.
Inconsistent code detection is a variant of static analysis that detects statements that never occur on feasible executions. This includes code whose execution ultimately must lead to an error, faulty error handling code, and unreachable code. Inconsistent code can be detected locally, fully automatically, and with a very low false positive rate. However, not all instances of inconsistent code are worth reporting. For example, debug code might be rendered unreachable on purpose and reporting itdoi:10.1007/978-3-319-24953-7_8 fatcat:atzakmq5b5ee5ivxoqtrzwz22q
more »... se and reporting it will be perceived as false positive. To distinguish relevant from potentially irrelevant inconsistencies, we present an algorithm to categorize inconsistent code into a) code that must lead to an error and may be reachable, b) code that is unreachable because it must be preceded by an error, and c) code that is unreachable for other reasons. We apply our algorithm to several open-source project to demonstrate that inconsistencies of the first category are highly relevant and often lead to bug fixes, while inconsistencies in the last category can largely be ignored.
GUI testing is a form of system testing where test cases are based on user interactions. A user interaction may be encoded by a sequence of events (e.g., mouse clicks) together with input data (e.g., string values for text boxes). For selecting event sequences, one can use the black-box approach based on Event Flow Graphs. For selecting input data, one can use the white-box approach based on parameterized unit tests and symbolic execution. The contribution of this paper is an approach to makedoi:10.1007/978-3-642-34691-0_18 fatcat:duc72szigjc6rhbihspptq6pgy
more »... approach to make the principle of parameterized unit testing available to black-box GUI testing. The approach is based on the new notion of parameterized GUI tests. We have implemented the approach in a new tool. In order to evaluate whether parameterized GUI tests have the potential to achieve high code coverage, we apply the tool to four open source GUI applications. The results are encouraging.
Identifying the cause of an error is often the most timeconsuming part in program debugging. Fault localization techniques can help to automate this task. Particularly promising are static proof-based techniques that rely on an encoding of error traces into trace formulas. By identifying irrelevant portions of the trace formula, the possible causes of the error can be isolated. One limitation of these approaches is that they do not take into account the control flow of the program and thereforedoi:10.1007/978-3-642-35873-9_13 fatcat:sh6qsmxxkzbyfdpho64kxw5ye4
more »... ogram and therefore miss common causes of errors, such as faulty branching conditions. This limitation is inherent to the way the error traces are encoded. In this paper, we present a new flow-sensitive encoding of error traces into trace formulas. The new encoding enables proof-based techniques to identify irrelevant conditional choices in an error trace and to include a justification for the truth value of branching conditions that are relevant for the localized cause of an error. We apply our new encoding to the fault localization technique based on error invariants and show that it produces more meaningful error explanations than previous approaches.
interpretation is a powerful tool in program verification. Several commercial or industrial scale implementations of abstract interpretation have demonstrated that this approach can verify safety properties of real-world code. However, using abstract interpretation tools is not always simple. If no user-provided hints are available, the abstract interpretation engine may lose precision during widening and produce an overwhelming number of false alarms. However, manually providing these hints isdoi:10.1007/978-3-662-48899-7_41 fatcat:vmnzu7l3vnb67ny3rehh6n7ij4
more »... ding these hints is time consuming and often frustrating when re-running the analysis takes a lot of time. We present an algorithm for program verification that combines abstract interpretation, symbolic execution and crowdsourcing. If verification fails, our procedure suggests likely invariants, or program patches, that provide helpful information to the verification engineer and makes it easier to find the correct specification. By complementing machine learning with well-designed games, we enable program analysis to incorporate human insights that help improve their scalability and usability.
Infeasible code has proved to be an interesting target for static analysis. It allows modular and scalable analysis, and at the same time, can be implemented with a close-to-zero rate of false warnings. The challenge for an infeasible code detection algorithm is to find executions that cover all statements with feasible executions as fast as possible. The remaining statements are infeasible code. In this paper we propose a new encoding of programs into first-order logic formulas that allows usdoi:10.1007/978-3-642-41202-8_28 fatcat:jpqpvdyql5bznouye23bizlue4
more »... las that allows us to query the non-existence of feasible executions of a program, and, to reconstruct a feasible path from counterexamples produced for this query. We use these paths to develop a path-cover algorithm based on blocking clauses. We evaluate our approach using several real-world applications and show that our new prover-friendly encoding yields a significant speed-up over existing approaches.
We present Joogie, a tool that detects infeasible code in Java programs. Infeasible code is code that does not occur on feasible control-flow paths and thus has no feasible execution. Infeasible code comprises many errors detected by static analysis in modern IDEs such as guaranteed null-pointer dereference or unreachable code. Unlike existing techniques, Joogie identifies infeasible code by proving that a particular statement cannot occur on a terminating execution using techniques from staticdoi:10.1007/978-3-642-31424-7_62 fatcat:snhuuvou2rb6nisit4rcs5vqcq
more »... hniques from static verification. Thus, Joogie is able to detect infeasible code which is overlooked by existing tools. Joogie works fully automatically, it does not require user-provided specifications and (almost) never produces false warnings.
Advances in Computers
This chapter gives an overview of the recent advances in GUI testing. Considering the increasing popularity and fast software development cycles (e.g., desktop and mobile applications), GUI testing gains more importance as it allows us to verify the behavior of a system from the user's perspective. Thus, it can quickly uncover relevant bugs, which a user could face. Traditional capture-replay GUI testing approaches do not meet the demands of developers anymore. Therefore, there is an increasingdoi:10.1016/b978-0-12-396535-6.00006-5 fatcat:s22kwofxrvgfpgy5z4syogttia
more »... re is an increasing research activity in modelbased GUI testing, where the user interaction behavior is simulated using a graphbased model. In the following, we outline different graphical notations to describe feasible user interactions, and methods to generate and execute test cases from these models. We discuss the benefits and limitations of the state-of-the-art in GUI testing research and give a brief outlook about new trends and possibilities to improve the GUI testing automation.
Lecture Notes in Computer Science
Static verification traditionally produces yes/no answers. It either provides a proof that a piece of code meets a property, or a counterexample showing that the property can be violated. Hence, the progress of static verification is hard to measure. Unlike in testing, where coverage metrics can be used to track progress, static verification does not provide any intermediate result until the proof of correctness can be computed. This is in particular problematic because of the inevitabledoi:10.1007/978-3-319-06200-6_27 fatcat:oqnrlf7sdbgtdekwc4retoztve
more »... e inevitable incompleteness of static verifiers. To overcome this, we propose a gradual verification approach, GraVy. For a given piece of Java code, GraVy partitions the statements into those that are unreachable, or from which exceptional termination is impossible, inevitable, or possible. Further analysis can then focus on the latter case. That is, even though some statements still may terminate exceptionally, GraVy still computes a partial result. This allows us to measure the progress of static verification. We present an implementation of GraVy and evaluate it on several open source projects. Supported by the Fonds National de la Recherche, Luxembourg (FNR/P10/03).
Graphical user interfaces (GUIs), due to their event driven nature, present a potentially unbounded space of all possible ways to interact with software. During testing it becomes necessary to effectively sample this space. In this paper we develop algorithms that sample the GUI's input space by only generating sequences that (1) are allowed by the GUI's structure, and (2) chain together only those events that have data dependencies between their event handlers. We create a new abstraction,arXiv:1205.4928v1 fatcat:byromdmf7fhsxpjk3fmofia7iu
more »... ew abstraction, called an event-dependency graph (EDG) of the GUI, that captures data dependencies between event handler code. We develop a mapping between EDGs and an existing black-box user-level model of the GUI's workflow, called an event-flow graph (EFG). We have implemented automated EDG construction in a tool that analyzes the bytecode of each event handler. We evaluate our "grey-box" approach using four open-source applications and compare it with the current state-of-the-art EFG approach. Our results show that using the EDG reduces the number of test cases while still achieving at least the same coverage. Furthermore, we were able to detect 2 new bugs in the subject applications.
Many formal method tools for increasing software reliability apply Satisfiability Modulo Theories (SMT) solvers to enumerate feasible paths in a program subject to certain coverage criteria. Examples include inconsistent code detection tools and concolic test case generators. These tools have in common that they typically treat the SMT solver as a black box, relying on its ability to efficiently search through large search spaces. However, in practice the performance of SMT solvers oftendoi:10.1007/978-3-319-17524-9_23 fatcat:p6xw2xl5vjeyxoh5ex2sfuhawe
more »... olvers often degrades significantly if the search involves reasoning about complex control-flow. In this paper, we open the black box and devise a new algorithm for this problem domain that we call conflict-directed graph coverage. Our algorithm relies on two core components of an SMT solver, namely conflict-directed learning and deduction by propagation, and applies domain-specific modifications for reasoning about controlflow graphs. We implemented conflict-directed coverage and used it for detecting code inconsistencies in several large Java open-source projects with over one million lines of code in total. The new algorithm yields significant performance gains on average compared to previous algorithms and reduces the running times on hard search instances from hours to seconds.
Detection of infeasible code has recently been identified as a scalable and automated technique to locate likely defects in software programs. Given the (acyclic) control-flow graph of a procedure, infeasible code detection depends on an exhaustive search for feasible paths through the graph. A number of encodings of control-flow graphs into logic (understood by theorem provers) have been proposed in the past for this application. In this paper, we compare the performance of these differentdoi:10.1007/978-3-319-02444-8_44 fatcat:l5ts2eikrzf4dm35bimpcrzgvi
more »... these different encodings in terms of runtime and the number of queries processed by the prover. We present a theory of acyclic control-flow as an alternative method of handling control-flow graphs. Such a theory can be built into theorem provers by means of theory plug-ins. Our experiments show that such native handling of control-flow can lead to significant performance gains, compared to previous encodings.
« Previous Showing results 1 — 15 out of 3,127 results