invariants and state in testing and formal methods
play

Invariants and State in Testing and Formal Methods Dick Hamlet - PowerPoint PPT Presentation

Dec 31, 2023 •35 likes •315 views

Invariants and State in Testing and Formal Methods Dick Hamlet Portland State University Supported by NSF CCR-0112654 and SFI E.T.S. Walton Fellowship 1/10 The Simplest Context Meaning of a program with persistent state:

  1. Invariants and State in Testing and Formal Methods Dick Hamlet Portland State University Supported by NSF CCR-0112654 and SFI E.T.S. Walton Fellowship 1/10

  2. � � � The Simplest Context Meaning of a program with persistent state: input domain ( think: STDIN ) output domain ( think: STDOUT ) state space ( think: permanent R/W file) 2/10

  3. ✁ � ✂ ✁ ✆ � ✝✞ ✟ ✂ ☎ ✆ � ☎ ✠ � ✞ ✄ The Simplest Context Meaning of a program with persistent state: input domain ( think: STDIN ) output domain ( think: STDOUT ) state space ( think: permanent R/W file) 2/10

  4. State is Anomalous On the other hand... On the one hand... 3/10

  5. State is Anomalous On the other hand... On the one hand... States are ‘inputs’ that influence program be- havior 3/10

  6. State is Anomalous On the other hand... On the one hand... States are ‘inputs’ that States are ‘outputs’ influence program be- that only the program havior creates 3/10

  7. State is Anomalous On the other hand... On the one hand... States are ‘inputs’ that States are ‘outputs’ influence program be- that only the program havior creates (bottom line) A state variable is not independent – sample at your own risk! 3/10

  8. ✂ � ✞ � � ✂ � ✂ ✞ � ✁ Testing Viewpoint Stateless case: Black-box program . Specification function . Test point fails if . Operational profile: Usage P .d.f. on . 4/10

  9. ✂ ✞ � ☎ ✁ ☎ � � ✞ � ✂ ✂ � � ✂ ✁ � � � Testing Viewpoint Stateless case: Black-box program . Specification function . Test point fails if . Operational profile: Usage P .d.f. on . Persistent state: Replace by sequences . ✁✄✂ . ( Sequence profile) 4/10

  10. � ✂ � ☎ ✁ ☎ � � ✞ � ✂ ✂ ✞ � ✂ ✁ � � � Testing Viewpoint Stateless case: Black-box program . Specification function . Test point fails if . Operational profile: Usage P .d.f. on . Persistent state: Replace by sequences . ✁✄✂ . ( Sequence profile) State is only implicit — tester may sample ...(?) 4/10

  11. ☎ ☎ ✠ ☎ ✆ ☎ ✝ ✆ ☎ ✝ ✄ ✆ ✝ ✄ ☎ ✆ ✝ ✄ � ✠ ✁ ✄ ☎ ✁ ✠ ☎ ✁ ✆ ☎ ✁ ✄ ✆ ✝ Proving Viewpoint Specification is a first-order formula in values of program variables . Type, Symbol Evaluation Variables ( original) Pre-cond before Post-cond after Assertion any Invariant before/after 5/10

  12. ✝ ☎ ☎ ✠ ☎ ✆ ☎ ✆ ✆ ☎ ✝ ✄ ✝ ☎ ✄ ✆ ✠ ✄ ☎ ✆ ✄ ✁ ☎ ✆ ✁ ✠ ✝ ✁ ✆ ☎ ✄ ✁ � ✝ Proving Viewpoint Specification is a first-order formula in values of program variables . Type, Symbol Evaluation Variables ( original) Pre-cond before Post-cond after Assertion any Invariant before/after State variable is explicit – specification is state-prescriptive...(?) 5/10

  13. ✂ ☎ ✝ ✆ ☎ ✝ ✄ ✂ ✞ ✄ ☎ ✁ ✆ ✝ ✆ ✆ ☎ ✄ ☎ ✝ ✄ � ✠ ✞ ✂ ✄ ☎ ☎ Invariants in Proofs Room for confusion – First-order formulas include implicit evaluation times; Hoare logic hides quantification. For example, correctness of program : 6/10

  14. ☎ ✆ ✞ ✂ ✄ ✆ ☎ ✝ ✆ ☎ � ✄ ☎ ✁ ☎ ✁ ✂ ✄ ☎ ✆ ✞ ✁ ✂ ✄ ✞ ✂ ✠ ✆ ✝ ✝ ✂ ✞ ✂ ✠ ☎ � ✄ ✝ ☎ ✄ ☎ ✆ ☎ ☎ ✆ ✁ ✂ ✄ ✞ ✂ ✄ ✝ ☎ ✆ ✝ ✄ Invariants in Proofs Room for confusion – First-order formulas include implicit evaluation times; Hoare logic hides quantification. For example, correctness of program : Invariant role filter out -impossible states. Pre-condition role filter out inputs humans agree not to use. 6/10

  15. ☎ ✄ ✂ ✄ ✞ ✞ ✠ ✂ ✄ Testing with Invariants Stateless testing of to approximate proof: Sample , and for each such that , run and check . (TestEra) 7/10

  16. ✞ ✞ ✁ ✂ ✂ ✄ ☎ ✆ ✄ ✝ ✁ ✂ ✄ ☎ ✆ ✞ ✄ ☎ ✂ ✄ ✞ ✠ ☎ ✄ ✆ ✂ ✞ ✞ ☎ ✝ ✆ ✂ ✄ ☎ ✠ � Testing with Invariants Stateless testing of to approximate proof: Sample , and for each such that , run and check . (TestEra) With state it’s more complicated. First try: Sample . For each such that , run and check . 7/10

  17. ✞ ✆ ✂ ✄ ✝ ☎ ✆ ✝ ☎ ☎ ✞ ✠ ✞ ✆ ☎ � ✄ ✄ ✄ ✞ ☎ ✞ ✄ ✁ ✄ ✂ ✄ ☎ ✆ ✂ ✄ ✁ ✂ ✄ ☎ ✆ � � ✂ ✁ ✄ � ✄ ✆ ✁ ✁ ✆ ☎ ✁ ✂ ✁ ✞ ☎ ✆ ✁ ✞ ✂ ✂ ☎ ✂ ✆ ✄ ✟ ☎ ✂ ☎ ✂ ✂ ✂ ☎ ✄ ✄ ✄ � ✄ ☎ ✁ ✁ ☎ ✞ ✂ ☎ ✂ � � ☎ � � � � � � � � � � � � � � � � � � � � ✞ ✞ ✠ ☎ ✄ ✄ ✂ ✄ ✆ ☎ ☎ ☎ ✂ ✄ ☎ ✠ ✞ ✆ � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � ☎ Testing with Invariants Stateless testing of to approximate proof: Sample , and for each such that , run and check . (TestEra) With state it’s more complicated. First try: Sample . For each such that , run and check . Better: Sample , say , such ✁ ✝✆ that . Sample . If , run on the sequence, obtaining state sequence and ✆ ✡✠ check . ✄☞☛ 7/10

  18. Proof-, Testing-like Formulas Let be a logical formula (invariant, post-condition, etc.) applied to a program. 8/10

  19. Proof-, Testing-like Formulas Let be a logical formula (invariant, post-condition, etc.) applied to a program. is Proof-like : No test case can falsify . is Testing-like : There is a low probability that test-case sequences drawn according to a given operational profile will falsify . Since profiles are arbitrary human specifications, proof-like and testing-like can be very different. 8/10

  20. Proof-, Testing-like Formulas Let be a logical formula (invariant, post-condition, etc.) applied to a program. is Proof-like : No test case can falsify . is Testing-like : There is a low probability that test-case sequences drawn according to a given operational profile will falsify . Since profiles are arbitrary human specifications, proof-like and testing-like can be very different. itself can be proof- or testing-like if it is obtained using all possibilities, or only those from a profile. 8/10

  21. Daikon, TestEra, Etc. Daikon TestEra Generates bounded Generates possible exhaustive testset pre- and (BET) from given post-conditions from pre-condition; checks given testset. given post-condition. 9/10

  22. Daikon, TestEra, Etc. Daikon TestEra Generates bounded Generates possible exhaustive testset pre- and (BET) from given post-conditions from pre-condition; checks given testset. given post-condition. +invariant +profile 9/10

  23. � ✁ Daikon, TestEra, Etc. Daikon TestEra Generates bounded Generates possible exhaustive testset pre- and (BET) from given post-conditions from pre-condition; checks given testset. given post-condition. +invariant +profile From invariant and profile, generate BET; check invariant as post-condition. Use BET to generate possible post-condition. 9/10

  24. � � � Summary Testing needs to recognize state and invariants Sample state with care! Drive sampling with invariants 10/10

  25. � � � � Summary Testing needs to recognize state and invariants Sample state with care! Drive sampling with invariants Invariants are inherently prescriptive 10/10

  26. � � � � � Summary Testing needs to recognize state and invariants Sample state with care! Drive sampling with invariants Invariants are inherently prescriptive Operational profiles define ‘usage invariants’ 10/10

  27. � � � � � � Summary Testing needs to recognize state and invariants Sample state with care! Drive sampling with invariants Invariants are inherently prescriptive Operational profiles define ‘usage invariants’ Tools using first-order formulas with tests need specification-based invariants 10/10

  28. � � � � � � Summary Testing needs to recognize state and invariants Sample state with care! Drive sampling with invariants Invariants are inherently prescriptive Operational profiles define ‘usage invariants’ Tools using first-order formulas with tests need specification-based invariants 10/10

Recommend

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
1 FM does not replace testing! Why Use Formal Methods Reduces burden on testing phases to

1 FM does not replace testing! Why Use Formal Methods Reduces burden on testing phases to

Topics Introduction and terminology Overview of Formal Methods FM and Software Engineering Applications of FM Propositional and Predicate Logic Program derivation Intuitive program verification Algebraic Specifications

174 views • 5 slides
Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Outline Formal specifications CISC422/853: Formal Methods Types of formal specifications: in Software Engineering: assertions invariants Computer-Aided Verification safety and liveness properties How to express safety

226 views • 22 slides
Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff,

Searching for Program Invariants using Genetic Programming and Mutation Testing Sam Ratcliff, David R. White and John A. Clark. The 13th CREST Open Workshop Thursday 12 May 2011 Outline Invariants Using GP to find Invariants Identifying

417 views • 38 slides
Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in Software Engineering: Practically : BIR, PROMELA How to express properties Computer-Aided Verification Assertions, invariants

196 views • 9 slides
Testing security of CPS with Formal Methods Application (in progress) to industrial protocols IoS

Testing security of CPS with Formal Methods Application (in progress) to industrial protocols IoS

Testing security of CPS with Formal Methods Application (in progress) to industrial protocols IoS & IoT Roland Groz, Jean-Luc Richier, Maxime Puys, Laurent Mounier Univ. Grenoble Alpes LIG/Vasco + Vrimag/PACSS Kobe Universit

1.02k views • 33 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Online Data Plane Checking June 12, 2013 Summer School on Formal Methods and Networks Cornell

Online Data Plane Checking June 12, 2013 Summer School on Formal Methods and Networks Cornell

Online Data Plane Checking June 12, 2013 Summer School on Formal Methods and Networks Cornell University VeriFlow: Verifying Network-Wide Invariants in Real Time* Ahmed Khurshid , Xuan Zou, Wenxuan Zhou, Matthew Caesar, P. Brighten Godfrey

470 views • 33 slides
Rigorous Evaluation Usability Testing What is Usability Testing? Formal and rigorous testing

Rigorous Evaluation Usability Testing What is Usability Testing? Formal and rigorous testing

Rigorous Evaluation Usability Testing What is Usability Testing? Formal and rigorous testing using a structured process Validate adherence to interaction requirements Actual users who perform realistic and representative tasks

490 views • 38 slides
Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

524 views • 25 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process What are Formal Methods? Advantages and Disadvantages of Formal Methods Formal Methods in the Requirement Process Mathematical Formulas

561 views • 20 slides
THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING

THEY DIDNT KNOW THEY WERE DOING MATHEMATICS INTRODUCING FORMAL METHODS USING REWRITING LOGIC Peter Olveczky University of Oslo FMfun19, December 3, 2019 OUTLINE How to introduce formal methods to undergraduates? Fun!

1.95k views • 171 slides
Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal Methods Symposium NASA HQ, Washington DC 14th April 2010 (09:0010:00) 0 Table of contents Intels diverse verification problems Verifying

834 views • 45 slides
A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004

A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004

A Formal (proved) Approach to Discrete System Development Modeling J-R. Abrial September 2004 Purpose of the Course - Giving some insights about Formal Methods - Showing that Formal Methods can be made practical - Illustrating Formal Methods

1.25k views • 112 slides
Principles of Software Construction: Class invariants, immutability, and testing Josh Bloch

Principles of Software Construction: Class invariants, immutability, and testing Josh Bloch

Principles of Software Construction: Class invariants, immutability, and testing Josh Bloch Charlie Garrod School of Computer Science 15-214 1 Administrivia Homework 4a due today , 11:59 p.m. Design review meeting is mandatory

952 views • 69 slides
600.405 Finite-State Methods in NLP Assignment 3: HMMs and Formal Power Series Prof. J.

600.405 Finite-State Methods in NLP Assignment 3: HMMs and Formal Power Series Prof. J.

600.405 Finite-State Methods in NLP Assignment 3: HMMs and Formal Power Series Prof. J. Eisner Fall 2000 Handed out: Sat., Dec. 2, 2000 Due date: Try to do problem 1 by the Dec. 5 lecture, so that youll understand the lecture.

155 views • 13 slides
Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

F F F Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T M&&T June 27, 03 Formal Methods && Tools Group - ISTI CNR CAF - 1 F F F Outline Overview of the Formal Methods

276 views • 23 slides
Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

Formal Verification and Testing for Formal Verification and Testing for Reactive Systems

ARTIST2 - ARTIST2 - MOTIVES MOTIVES Trento - - Italy, February 19 Italy, February 19- -23, 2007 23, 2007 Trento Session: Testing and Runtime Verification Formal Verification and Testing for Formal Verification and Testing for Reactive

881 views • 31 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

1.75k views • 151 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

631 views • 33 slides

More recommend