Download
1 / 9
90 likes | 244 Vues
This document discusses the application of wedges in automated testing for program path coverage, utilizing weakest preconditions (WLP) to generate effective test cases. By defining wedges as finite paths of primitive statements with corresponding assertions, the paper illustrates how to re-express coverage problems within a control flow graph. The approach combines concrete and symbolic calculations for solving constraints, addressing challenges with long wedges and loops. It presents methods to ensure each path in the program is tested, improving the reliability and comprehensiveness of automated testing strategies.
E N D
WLP for Automated Testing Wishnu Prasetya wishnu@cs.uu.nl www.cs.uu.nl/docs/vakken/pv
Testing problem • Give test-cases that would cover all 4 paths in the above program. • Observation: any input satisfying the wlp of a post-condition Q, specifies a test-case leading a terminal state satisfying Q. • Idea : use Q to specify the target path. tax(rate, income | tax) { if(income 10000) tax := 0 ; if (income 20000) tax := income / rate.low ; tax := tax + income / rate.high ; }
Wedge • A wedge is a finite path of primitive (non-composite) statements in the program, from the program’s start, where we replace guard conditions with the corresponding assert. The concept is from Tomb & Flanagan, Detecting Inconsistencies via Universal Reachability Analysis, ISSTA, 2012. They use assume. For our purpose, we need to turn them to assert. • We can use wedges to re-express coverage problem (e.g. cover this spot, or cover this path). • Then we can calculate the wlp of each wedge.
Wedge & coverage cover this • a wedge covering assert income 10000 ; tax := 0 ;assertincome 20000 ; • a wedge covering without passing (unfeasible) assert income 10000 ; tax := 0 ;assertincome > 20000 ; tax(rate, income | tax) { if(income 10000) tax := 0 ; if (income 20000) tax := income / rate.low ; tax := tax + income / rate.high ; }
wlp of a wedge • Let p be a target path to cover in the CFG of Pr(x). Let w(x) be a wedge such that any execution of w is also an execution of Pr that covers p. • Calculate p = wlpw true. • Check the satisfiability of p; a witness to that is basically an instance of input x for Pr that would cover p.
Covering by solving wlp • if (x>9) { x := x+y ;if (x+y 0) { y := 0 ; if (x8) { cover-this ... } • a wedge to cover assert x>9 ; x := x+y ;assertx+y < 0 ; y := 0 ; assert x 8 • wlp : x>9 /\ x+2y0 /\ x+y8
Concolic approach • Problems: • A long wedge has more constraints; the wlp may be difficult for your theorem prover to solve. • What to do with loops? • Combined concrete and symbolic calculation to incrementally solve the wedge. • Imagine the wedge :w(x,y) = assert p1; x:=x+y; assert p2; y:=0; assert p3 • wlp: p = p1 /\ p2[x+y/x] /\ p3[0/y][x+y/x]
Concolic approach • wlp: p = p1 /\ p2[x+y/x] /\ p3[0/y][x+y/x] • Execute w, e.g. w(0,9). Suppose this manages to pass the guards p1 and p2 but fails on p3 . • Try to solve p[0/x] or p[9/y] instead. • This at least simplifies the formula to solve. • Not necessarily leads to a solution.
Wedge “passing” a loop • Consider : whilegdoS ; ifhthen { cover this } ... • A wedge to cover has to do some iterations of S. How many iteration? • Note that arbitrarily choosing k iterations may turn out to be infeasible leading to unsatisfiablewlp. • Run a concrete execution; suppose it iterates n times, but fails to pass h • we know that at least iterating n times is feasible • construct a wedge with n unfoldingand solve it
