functional correctness
play

Functional Correctness Specification Formal Verification 15-214 - PowerPoint PPT Presentation

Oct 10, 2022 •144 likes •608 views

Functional Correctness Specification Formal Verification 15-214 Unit Testing Type Checking Statistic Analysis Requirements definition Inspections, Reviews 15-313 Integration/System/Acceptance/Regression/GUI/Bl

  1. Functional Correctness • Specification • Formal Verification 15-214 • Unit Testing • Type Checking • Statistic Analysis • Requirements definition • Inspections, Reviews 15-313 • Integration/System/Acceptance/Regression/GUI/Bl ackbox/ Model-Based/Random Testing • Change/Release Management toad 15-214 1

  2. Testing • Executing the program with selected inputs in a controlled environment • Goals: � Reveal bugs (main goal) � Asses quality (hard to quantify) � Clarify the specification, documentation � Verify contracts "Testing shows the presence, not the absence of bugs Edsger W. Dijkstra 1969 toad 15-214 2

  3. What to test? • Functional correctness of a method (e.g., computations, contracts) • Functional correctness of a class (e.g., class invariants) • Behavior of a class in a subsystem/multiple subsystems/the entire system • Behavior when interacting with the world � Interacting with files, networks, sensors, … � Erroneous states � Nondeterminism, Parallelism � Interaction with users • … toad 15-214 3

  4. Testing Decisions Who tests? • Developers • Other Developers • Separate Quality Assurance Team • Customers When to test? • Before development • During development • After milestones Discuss tradeoffs • Before shipping toad 15-214 4

  5. Unit Tests • Testing units of source code � Smallest testable part of a system � Test parts before assembling them � Typically small units (methods, interfaces), but later units are possible (packages, subsystems) � Intended to catch local bugs • Typically written by developers • Many small, fast-running, independent tests • Little dependencies on other system parts or environment • Insufficient but a good starting point, extra benefits: � Documentation (executable specification) � Design mechanism (design for testability) toad 15-214 5

  6. From problem to idea to correct program • “While the first binary search was published in 1946, the first published binary search without bugs did not appear until 1962.” — Donald E. Knuth, Stanford • “Given ample time, only about 10% of professional programmers were able to get this small program right” — Jon Bentley, AT&T Bell Labs toad 15-214 6

  7. Writing Test Cases: Common Strategies • Read specification • Write tests for representative case � Small instances are usually sufficient • Write tests for invalid cases • Write tests to check boundary conditions • Are there difficult cases? (error guessing) � Stress tests? Complex algorithms? • Think like a user, not like a programmer � The tester’s goal is to find bugs! • Specification covered? • Feel confident? Time/money left? toad 15-214 7

  8. Example /** * computes the sum of the first len values of the array * * @param array array of integers of at least length len * @param len number of elements to sum up * @return sum of the array values */ int total(int array[], int len); toad 15-214 8

  9. Example /** * computes the sum of the first len values of the array * * @param array array of integers of at least length len * @param len number of elements to sum up * @return sum of the array values */ int total(int array[], int len); • Test empty array • Test array of length 1 and 2 • Test negative numbers • Test invalid length (negative or longer than array.length) • Test null as array • Test with a very long array toad 15-214 9

  10. JUnit • Popular unit-testing framework for Java • Easy to use • Tool support available • Can be used as design mechanism toad 15-214 10

  11. JUnit import org.junit.Test; import static org.junit.Assert.assertEquals; public class AdjacencyListTest { @Test public void testSanityTest(){ Set up Graph g1 = new AdjacencyListGraph(10); Vertex s1 = new Vertex("A"); tests Vertex s2 = new Vertex("B"); assertEquals(true, g1.addVertex(s1)); assertEquals(true, g1.addVertex(s2)); assertEquals(true, g1.addEdge(s1, s2)); assertEquals(s2, g1.getNeighbors(s1)[0]); Check } expected @Test results public void test…. private int helperMethod… } toad 15-214 11

  12. assert, Assert • assert is a native Java statement throwing an AssertionError exception when failing � assert expression: "Error Message"; • org.junit.Assert is a library that provides many more specific methods � static void assertTrue (java.lang.String message, boolean condition) // Asserts that a condition is true. � static void assertEquals (java.lang.String message, long expected, long actual); // Asserts that two longs are equal. � static void assertEquals (double expected, double actual, double delta); // Asserts that two doubles are equal to within a positive delta � static void assertNotNull (java.lang.Object object) // Asserts that an object isn't null. � static void fail (java.lang.String message) //Fails a test with the given message. toad 15-214 12

  13. JUnit Conventions • TestCase collects multiple tests (one class) • TestSuite collects test cases (typically package) • Tests should run fast • Test should be independent • Tests are methods without parameter and return value • AssertError signals failed test (unchecked exception) • Test Runner knows how to run JUnit tests � (uses reflection to find all methods with @Test annotat.) toad 15-214 13

  14. Common Setup import org.junit.*; import org.junit.Before; import static org.junit.Assert.assertEquals; public class AdjacencyListTest { Graph g; @Before public void setUp() throws Exception { graph = createTestGraph(); @Test public void testSanityTest(){ Vertex s1 = new Vertex("A"); Vertex s2 = new Vertex("B"); assertEquals(true, g.addVertex(s1)); } toad 15-214 14

  15. Checking for presence of an exception import org.junit.*; import static org.junit.Assert.fail; public class Tests { @Test public void testSanityTest(){ try { openNonexistingFile(); fail("Expected exception"); } catch(IOException e) { } } @Test(expected = IOException.class) public void testSanityTestAlternative() { openNonexistingFile(); } } toad 15-214 15

  16. Test organization • Conventions (not requirements) • Have a test class ATest for each class A • Have a source directory and a test directory � Store ATest and A in the same package � Tests can access members with default (package) visibility • Alternatively store exceptions in the source directory but in a separate package toad 15-214 16

  17. Exercise (on paper!) • Test a priority queue for Strings public interface Queue { void add(String s); String getFirstAlphabetically(); } • Write various kinds of test cases toad 15-214 17

  18. JUnit Demo / Testing Practice • Write some tests • Write an invariant toad 15-214 18

  19. Testing advice toad 15-214 19

  20. Testable Code • Think about testing when writing code • Unit testing encourages to write testable code • Separate parts of the code to make them independently testable • Abstract functionality behind interface, make it replaceable • Test-Driven Development � A design and development method in which you write tests before you write the code! toad 15-214 20

  21. Run tests frequently • You should only commit code that is passing all tests • Run tests before every commit • Run tests before trying to understand other developers' code • If entire test suite becomes too large and slow for rapid feedback, run tests in package frequently, run all tests nightly � Medium sized projects easily have 1000s of test cases and run for minutes • Continuous integration servers help to scale testing toad 15-214 21

  22. Continuous Integration See also travis-ci.org toad 15-214 22

  23. Test Coverage toad 15-214 23

  24. Structural Analysis for Test Coverage � Organized according to program decision structure � Touching: statement, branch public static int binsrch (int[] a, int key) { int low = 0; int high = a.length - 1; • Will this statement get executed in a test? • Does it return the correct result? while (true) { if ( low > high ) return -(low+1); int mid = (low+high) / 2; if ( a[mid] < key ) low = mid + 1; else if ( a[mid] > key ) high = mid - 1; else return mid; } • Could this array index be out of bounds? } • Does this return statement ever get reached? 24 toad 15-214 24

  25. Method Coverage • Trying to execute each method as part of at least one test • Does this guarantee correctness? toad 15-214 25

  26. Statement Coverage • Trying to test all parts of the implementation • Execute every statement in at least one test • Does this guarantee correctness? toad 15-214 26

  27. Structure of Code Fragment to Test Flow chart diagram for junit.samples.money.Money.equals 27 toad 15-214 27

  28. Statement Coverage • Statement coverage � What portion of program statements (nodes) are touched by test cases • Advantages � Test suite size linear in size of code � Coverage easily assessed • Issues � Dead code is not reached � May require some sophistication to select input sets � Fault-tolerant error-handling code may be difficult to “ touch ” � Metric: Could create incentive to remove error handlers! 28 toad 15-214 28

Recommend

Separating Functional and Parallel Correctness using Nondeterministic Sequential Specifications

Separating Functional and Parallel Correctness using Nondeterministic Sequential Specifications

Separating Functional and Parallel Correctness using Nondeterministic Sequential Specifications Jacob Burnim, George Necula, Koushik Sen University of California, Berkeley 1 HotPar ' 10, Berkeley, CA June 14, 2010 Parallel Programming is

901 views • 76 slides
Certifying functional correctness of Ethereum smart contracts Dr. Petar Tsankov Co-founder and

Certifying functional correctness of Ethereum smart contracts Dr. Petar Tsankov Co-founder and

Certifying functional correctness of Ethereum smart contracts Dr. Petar Tsankov Co-founder and Chief scientist, ChainSecurity Senior researcher, ICE center, ETH Zurich @ptsankov Inter-disciplinary research center at Next-generation blockchain

566 views • 33 slides
Verifying functional correctness of message-passing programs in Coq Robbert Krebbers, TU Delft

Verifying functional correctness of message-passing programs in Coq Robbert Krebbers, TU Delft

Verifying functional correctness of message-passing programs in Coq Robbert Krebbers, TU Delft Joint work with Jonas Kastberg Hinrichsen, ITU Jesper Bengtson, ITU 4 June 2020 @ VEST Workshop, Online 1 Type checking message-passing programs

601 views • 25 slides
The Correctness of a Code Generator for a Functional Language Nathana el Courant September 8,

The Correctness of a Code Generator for a Functional Language Nathana el Courant September 8,

The Correctness of a Code Generator for a Functional Language Nathana el Courant September 8, 2017 Nathana el Courant Verified code generation September 8, 2017 1 / 21 Context PVS: interactive proof assistant Specification language

383 views • 27 slides
Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

3/10/10 Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness: partial correctness + termination Partial correctness: Program implements its specification 1 3/10/10 Proving Partial Correctness

420 views • 13 slides
Verification of Functional Program Components 1 Zoltn Horvth Tams Kozsik Mt Tejfel

Verification of Functional Program Components 1 Zoltn Horvth Tams Kozsik Mt Tejfel

Introduction and motivation Foundations Temporal properties of functional programs CPPCC: Correctness of mobile components Summary Verification of Functional Program Components 1 Zoltn Horvth Tams Kozsik Mt Tejfel

494 views • 45 slides
Full Functional Verification of Linked Data Structures Karen Zee , Viktor Kuncak , and

Full Functional Verification of Linked Data Structures Karen Zee , Viktor Kuncak , and

Full Functional Verification of Linked Data Structures Karen Zee , Viktor Kuncak , and Martin Rinard MIT CSAIL EPFL, I&amp;C Goal Verify full functional correctness of linked data structure implementations What is Full

968 views • 69 slides
08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness 08Program Verification II CS 5209: Foundation in Logic and AI Martin

778 views • 39 slides
Program Correctness Assert formal correctness statements about

Program Correctness Assert formal correctness statements about

Program Correctness Assert formal correctness statements about cri4cal parts of a program and reason effec4vely A program is intended to carry out a

1.01k views • 57 slides
+ f(x) = Python Functional Programming Python Functional Programming Functional Programming by

+ f(x) = Python Functional Programming Python Functional Programming Functional Programming by

+ f(x) = Python Functional Programming Python Functional Programming Functional Programming by Wikipidia: Functional programming is a programming paradigm that treats computation as the evaluation of mathematical functions and avoids

754 views • 27 slides
to Find Safety and Cybersecurity Defects Daniel Kstner, Laurent Mauborgne, Stephan Wilhelm,

to Find Safety and Cybersecurity Defects Daniel Kstner, Laurent Mauborgne, Stephan Wilhelm,

High-Precision Sound Analysis to Find Safety and Cybersecurity Defects Daniel Kstner, Laurent Mauborgne, Stephan Wilhelm, Christian Ferdinand AbsInt GmbH, 2020 2 Functional Safety Demonstration of functional correctness Required by

531 views • 23 slides
Reducing Total Correctness to Partial Correctness by a Transformation of the Language Semantics a

Reducing Total Correctness to Partial Correctness by a Transformation of the Language Semantics a

Reducing Total Correctness to Partial Correctness by a Transformation of the Language Semantics a 1 a 2 Sebastian Buruian S , tefan Ciob ac 1 Alexandru Ioan Cuza University Bitedefender 2 Alexandru Ioan Cuza University WPTE 2018

435 views • 21 slides
Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick

Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick

Proving Correctness of Graph Programs Relative to Recursively Nested Conditions Nils Erik Flick Universitt Oldenburg February 2017 Intro Correctness Results Rel. Work Conclusion Extras Outline Correctness and Graph Programs 1

354 views • 24 slides
Recalling Our Intro to the Course 1 The Program Correctness Problem ? Conventional models of

Recalling Our Intro to the Course 1 The Program Correctness Problem ? Conventional models of

Recalling Our Intro to the Course 1 The Program Correctness Problem ? Conventional models of using computers not easy to determine correctness! Has become a very important issue, not just in safety-critical apps. Components with

534 views • 36 slides
Functional Systems Or: Functional Functional Programming Marius Eriksen Twitter Inc. @marius

Functional Systems Or: Functional Functional Programming Marius Eriksen Twitter Inc. @marius

Functional Systems Or: Functional Functional Programming Marius Eriksen Twitter Inc. @marius QCon San Francisco 14 Caveat emptor Where am I coming from? 1k+ engineers working on a large scale Internet service I build systems

872 views • 86 slides
Functional Linear Models 1 66 / 181 Functional Linear Models Statistical Models So far we have

Functional Linear Models 1 66 / 181 Functional Linear Models Statistical Models So far we have

Functional Linear Models Functional Linear Models 1 66 / 181 Functional Linear Models Statistical Models So far we have focussed on exploratory data analysis Smoothing Functional covariance Functional PCA Now we wish to examine predictive

1.04k views • 43 slides
Correctness of Program Transformations as a Termination Problem Conrad Rau, David Sabel and

Correctness of Program Transformations as a Termination Problem Conrad Rau, David Sabel and

Correctness of Program Transformations as a Termination Problem Conrad Rau, David Sabel and Manfred Schmidt-Schau Goethe-University, Frankfurt am Main, Germany IJCAR 2012, Manchester, UK 1 Introduction &amp; Motivation Automate correctness

345 views • 34 slides
Functional Testing Review Chapter 8 Functional Testing We saw three types of functional

Functional Testing Review Chapter 8 Functional Testing We saw three types of functional

Functional Testing Review Chapter 8 Functional Testing We saw three types of functional testing Boundary Value Testing Equivalence Class Testing Decision Table-Based Testing What is the common thread among the above methods?

685 views • 33 slides
Proving Correctness of a KRK Chess Endgame Strategy by SAT-based Constraint Solving Marko

Proving Correctness of a KRK Chess Endgame Strategy by SAT-based Constraint Solving Marko

Introduction Reduction to SAT and URSA system Chess Endgame Strategies and Bratkos Strategy for KRK URSA Specification of KRK Endgame and of Strategy Correctness of Strategy Discussion and Conclusions Proving Correctness of a KRK Chess

390 views • 27 slides
Correctness of parallel programs Shaz Qadeer Research in

Correctness of parallel programs Shaz Qadeer Research in

Correctness of parallel programs Shaz Qadeer Research in So7ware Engineering CSEP 506 Spring 2011 Why is correctness important? So7ware development is

565 views • 30 slides
FFR Guided Functional FFR Guided Functional FFR Guided Functional FFR Guided Functional

FFR Guided Functional FFR Guided Functional FFR Guided Functional FFR Guided Functional

FFR Guided Functional FFR Guided Functional FFR Guided Functional FFR Guided Functional Angioplasty Angioplasty g g p p y y in Complex Anatomy in Complex Anatomy Jung-Min Ahn, MD g , Heart Institute Asan Medical Center Heart

671 views • 27 slides
Program correctness and verification Programs should be: clear; efficient; robust; reliable;

Program correctness and verification Programs should be: clear; efficient; robust; reliable;

Program correctness and verification Programs should be: clear; efficient; robust; reliable; user friendly; well documented; . . . but first of all, CORRECT dont forget though: also, executable. . . Correctness

202 views • 19 slides
Machine-checked correctness and complexity of a Union-Find implementation Arthur Charguraud

Machine-checked correctness and complexity of a Union-Find implementation Arthur Charguraud

Machine-checked correctness and complexity of a Union-Find implementation Arthur Charguraud Franois Pottier December 16, 2015 1 / 1 Message Lets begin with a demo... Proving correctness and termination is not enough! 2 / 1

782 views • 17 slides
Recursion: Introduction and Correctness Lecture B Jones MWF 9-9:50am PCNYN 109 Lecture D

Recursion: Introduction and Correctness Lecture B Jones MWF 9-9:50am PCNYN 109 Lecture D

Recursion: Introduction and Correctness Lecture B Jones MWF 9-9:50am PCNYN 109 Lecture D Russell MWF 4-4:50am Center 101 http://cseweb.ucsd.edu/classes/sp16/cse21-bd/ April 11, 2016 Today's plan 1. What's recursion? 2. Correctness of

716 views • 40 slides

More recommend