SlideShare a Scribd company logo

White-box Unit Test Generation with Microsoft IntelliTest

Download as PPTX, PDF
Dávid Honfi
Dávid Honfi

This document discusses white-box unit test generation using Microsoft IntelliTest. It begins with an overview of symbolic execution and how IntelliTest uses dynamic symbolic execution to generate test cases by exploring paths in the code. It then demonstrates IntelliTest's capabilities with examples. The document also discusses challenges with symbolic execution-based test generation and proposes solutions like visualizing the symbolic execution process and automatically isolating environment dependencies through source code transformations.

Software
1 of 26
Budapest University of Technology and Economics Department of Measurement and Information Systems Budapest University of Technology and Economics Fault Tolerant Systems Research Group White-box Unit Test Generation with Microsoft IntelliTest Dávid Honfi 1
Focus 2 module B module C service Unit testing module A Code-based (White-box)
White-box test design public int M1(int a, int b) { if(a == 0) { Console.WriteLine(ERROR_MSG); return -1; } if(b > a) return b*a+5; else return (a+b)/2; } Let’s cover all the statements! a==0 a!=0 && b>a a!=0 && b<=a a==0 a!=0 && b<=a a!=0 & b>a a 0 1 2 b 0 0 3
What’s missing?  Usually encoding observed outputs  Where can it be employed? oBasic, common bugs (e.g., uncaught exceptions) oViolation of assertions or contracts oDeviations from existing outputs (regression)  Automation with code exploration test case = input + expected output
Symbolic execution: the idea  Static program analysis technique from the ’70s  Application for test generation o Symbolic variables instead of normal ones o Constraints forming for each path with symb. variables o Constraint solving (e.g., SMT solver) o A solution yields an input to execute a given path  New century, new progress: o Enough computing power (e.g., for SMT solvers) o New ideas, extensions, algorithms and tools 5
Existing tools using symbolic execution  .NET: Microsoft IntelliTest (a.k.a. Pex)  x86 binary: Microsoft SAGE  Java oNASA Symbolic PathFinder oCATG o…  JavaScript: Jalangi  C: KLEE
IntelliTest Microsoft
DEMO 1. The basic use of IntelliTest
public int M1(int a, int b) { if(a == 0) { Console.WriteLine(ERROR_MSG); return -1; } if(b > a) return b*a+5; else return (a+b)/2; } Details of IntelliTest (Dynamic SE) Source code Concrete input values Symbolic variables Constraint solver Constraints Concrete execution Symbolic execution a==0 a:=0 b:=0 a,b Transformationa!=0 a:=1 b:=0
public int M1(int a, int b) { if(a == 0) { Console.WriteLine(ERROR_MSG); return -1; } if(b > a) return b*a+5; else return (a+b)/2; } Details of IntelliTest (Dynamic SE) Source code Concrete input values Symbolic variables Constraint solver Constraints Concrete execution Symbolic execution a!=0 && b<=a a!=0 && b>a a:=1 b:=0 a:=2 b:=3
Parameterized Unit Testing  Idea: Using test methods as specifications o Easy to understand, easy to check, etc. o But: too specific (used for a code unit), verbose, etc.  Parameterized Unit Test (PUT) o Wrapper method for method/unit under test o Main elements • Inputs of the unit • Assumptions for input space restriction • Call to the unit • Assertions for expected results o Serves as a specification  Test generators can use it 11
Example: Parameterized Unit Testing 12 void ReduceQuantityPUT(Product prod, int soldCount) { // Assumptions Assume.IsTrue(prod != null && prod.Quantity > 0); Assume.IsTrue(soldCount > 0); int oldQuantity = prod.Quantity; // Calling the UUT int newQuantity = StorageManager.ReduceQuantity(prod,soldCount); // Assertions Assert.IsTrue(newQuantity >= 0); Assert.IsTrue(newQuantity < oldQuantity); } /// The method reduces the quantity of the specified /// product. The product is known to be NOT null with /// quantity larger than 0, also the sold amount is /// always more than zero. The method has effects on /// the database, and returns the new quantity of the /// product. If the quantity would be negative, the /// method reduces the quantity to zero. int ReduceQuantity(Product prod, int soldCount) { … }
Example: Parameterized Unit Testing 13 void ReduceQuantityPUT(Product prod, int soldCount) { // Assumptions Assume.IsTrue(prod != null && prod.Quantity > 0); Assume.IsTrue(soldCount > 0); int oldQuantity = prod.Quantity; // Calling the UUT int newQuantity = StorageManager.ReduceQuantity(prod,soldCount); // Assertions Assert.IsTrue(newQuantity >= 0); Assert.IsTrue(newQuantity < oldQuantity); } /// The method reduces the quantity of the specified /// product. The product is known to be NOT null with /// quantity larger than 0, also the sold amount is /// always more than zero. The method has effects on /// the database, and returns the new quantity of the /// product. If the quantity would be negative, the /// method reduces the quantity to zero. int ReduceQuantity(Product prod, int soldCount) { … }
DEMO 2. Parameterized Unit Testing with IntelliTest
Challenges of SE-based techniques 1. Exponential growth of execution paths 2. Complex arithmetic expressions 3. Floating point operations 4. Compound structures and objects 5. Pointer operations 6. Interaction with the environment 7. Multithreading 8. … 15 T. Chen et al. „State of the art: Dynamic symbolic execution for automated test generation”. Future Generation Computer Systems, 29(7), 2013
Challenges of SE-based techniques 1. Exponential growth of execution paths 2. Complex arithmetic expressions 3. Floating point operations 4. Compound structures and objects 5. Pointer operations 6. Interaction with the environment 7. Multithreading 8. … 16 T. Chen et al. „State of the art: Dynamic symbolic execution for automated test generation”. Future Generation Computer Systems, 29(7), 2013 SEViz
Visualizing symbolic execution  SEViz: Symbolic Execution VIsualiZer  Goal: Help identifying test generation problems o Long execution paths o Unsolvable constraints o …  Solution: Symbolic execution tree with metadata 17 Mapping to source code Calls to constraint solver 1 No Yes End of execution paths No test Failed test Passed test 1 11 1 1 1 SHAPE BORDER COLOR
Visualizing symbolic execution  Additional metadata o Sequence number o Path condition o Incremental path condition (based on parent) o Status: can have siblings or not o Source code mapping (if available) 18
DEMO 3. Visualizing test generation with SEViz
Challenges of SE-based techniques 1. Exponential growth of execution paths 2. Complex arithmetic expressions 3. Floating point operations 4. Compound structures and objects 5. Pointer operations 6. Interaction with the environment 7. Multithreading 8. … 20 T. Chen et al. „State of the art: Dynamic symbolic execution for automated test generation”. Future Generation Computer Systems, 29(7), 2013 SEViz Automated isolation
Existing solutions  Stubbing and mocking (faking) o Fixed values and checks for all DSE executions o Not suitable for test generation  Parameterized mocking o Interaction with DSE is possible • More relevant test cases • Custom behavior in mocks: e.g., state change of objects o Introduces complexity for users of DSE • Requires large amount of time and effort • Not trivial task in case of complex structures o Fakes cannot be generated under certain conditions 21
Approach for automated isolation  Automated isolation on source code level 1. Abstract syntax tree transformations in the SUT 2. Parameterized sandbox synthesization 22 SUT C1 C2 Environment i(C1,C2) i(C2,E) i(C2,C1) i(C1,E) SUT C1’ C2’ Environment SB i'(C2,E)i'(C1,E) i(C2,C1) i(C1,C2) Replaced external objects Replaced external calls Sandbox
Example of AST transformation 23 public class WeekendNotifier { public bool IsWeekendNear() { DateTime date = DateTime.GetNow(); date.AddDays(2); if(date.GetDay() == "Saturday") return true; return false; } } public class WeekendNotifier { public bool IsWeekendNear() { DynamicFake date = Fake.DateTimeGetNow(); Fake.DateTimeAddDays(2,date); if(Fake.DateTimeGetDay(date) == "Saturday") return true; return false; } }
Example of parameterized sandbox 24 public static class Fake { public DynamicFake DateTimeGetNow() { // Return a state container object instead of the original return new DynamicFake(); } public void DateTimeAddDays(int days, DynamicFake date) { // TODO: State change of date using DSE } public int DateTimeGetDay(DynamicFake date) { // Obtaining return value from DSE return DSEEngine.ChooseValue<int>(); } }
Summary  White-box test generation: symbolic execution  IntelliTest, a state-of-the-art test generator o Dynamic Symbolic Execution (DSE) o Parameterized Unit Tests  DSE has several challenges, e.g.: o Test generation problem indentification o Environment dependencies  My research o SEViz: A tool for visualizing symbolic execution o Automated isolation with source code transformation 25
Resources  IntelliTest https://www.visualstudio.com/en- us/docs/test/developer-testing/intellitest-manual https://www.codehunt.com/  SEViz [ICST’15 Tool Paper] https://ftsrg.github.io/seviz  Automated isolation https://pp.bme.hu/eecs/article/view/9768 26

Recommended

Rechecking SharpDevelop: Any New Bugs?
Rechecking SharpDevelop: Any New Bugs?Rechecking SharpDevelop: Any New Bugs?
Rechecking SharpDevelop: Any New Bugs?
PVS-Studio
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
Andrey Karpov
 
How Data Flow analysis works in a static code analyzer
How Data Flow analysis works in a static code analyzerHow Data Flow analysis works in a static code analyzer
How Data Flow analysis works in a static code analyzer
Andrey Karpov
 
EdSketch: Execution-Driven Sketching for Java
EdSketch: Execution-Driven Sketching for JavaEdSketch: Execution-Driven Sketching for Java
EdSketch: Execution-Driven Sketching for Java
Lisa Hua
 
Pointcuts and Analysis
Pointcuts and AnalysisPointcuts and Analysis
Pointcuts and Analysis
Wiwat Ruengmee
 
Fnt software solutions placement paper
Fnt software solutions placement paperFnt software solutions placement paper
Fnt software solutions placement paper
fntsofttech
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?
Andrey Karpov
 
Algoritmos sujei
Algoritmos sujeiAlgoritmos sujei
Algoritmos sujei
gersonjack
 

Recommended

Rechecking SharpDevelop: Any New Bugs?
Rechecking SharpDevelop: Any New Bugs?Rechecking SharpDevelop: Any New Bugs?
Rechecking SharpDevelop: Any New Bugs?
PVS-Studio
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
Andrey Karpov
 
How Data Flow analysis works in a static code analyzer
How Data Flow analysis works in a static code analyzerHow Data Flow analysis works in a static code analyzer
How Data Flow analysis works in a static code analyzer
Andrey Karpov
 
EdSketch: Execution-Driven Sketching for Java
EdSketch: Execution-Driven Sketching for JavaEdSketch: Execution-Driven Sketching for Java
EdSketch: Execution-Driven Sketching for Java
Lisa Hua
 
Pointcuts and Analysis
Pointcuts and AnalysisPointcuts and Analysis
Pointcuts and Analysis
Wiwat Ruengmee
 
Fnt software solutions placement paper
Fnt software solutions placement paperFnt software solutions placement paper
Fnt software solutions placement paper
fntsofttech
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?
Andrey Karpov
 
Algoritmos sujei
Algoritmos sujeiAlgoritmos sujei
Algoritmos sujei
gersonjack
 
Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory Sanitizer
Platonov Sergey
 
Конверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемыеКонверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемые
Platonov Sergey
 
Accelerating Habanero-Java Program with OpenCL Generation
Accelerating Habanero-Java Program with OpenCL GenerationAccelerating Habanero-Java Program with OpenCL Generation
Accelerating Habanero-Java Program with OpenCL Generation
Akihiro Hayashi
 
Tools and Techniques for Understanding Threading Behavior in Android*
Tools and Techniques for Understanding Threading Behavior in Android*Tools and Techniques for Understanding Threading Behavior in Android*
Tools and Techniques for Understanding Threading Behavior in Android*
Intel® Software
 
Lo Mejor Del Pdc2008 El Futrode C#
Lo Mejor Del Pdc2008 El Futrode C#Lo Mejor Del Pdc2008 El Futrode C#
Lo Mejor Del Pdc2008 El Futrode C#
Juan Pablo
 
12. Java Exceptions and error handling
12. Java Exceptions and error handling12. Java Exceptions and error handling
12. Java Exceptions and error handling
Intro C# Book
 
김재석, C++ 프로그래머를 위한 C#, NDC2011
김재석, C++ 프로그래머를 위한 C#, NDC2011김재석, C++ 프로그래머를 위한 C#, NDC2011
김재석, C++ 프로그래머를 위한 C#, NDC2011
devCAT Studio, NEXON
 
Checking Intel IPP Samples for Windows - Continuation
Checking Intel IPP Samples for Windows - ContinuationChecking Intel IPP Samples for Windows - Continuation
Checking Intel IPP Samples for Windows - Continuation
PVS-Studio
 
NSC #2 - D2 06 - Richard Johnson - SAGEly Advice
NSC #2 - D2 06 - Richard Johnson - SAGEly AdviceNSC #2 - D2 06 - Richard Johnson - SAGEly Advice
NSC #2 - D2 06 - Richard Johnson - SAGEly Advice
NoSuchCon
 
Mutation @ Spotify
Mutation @ Spotify Mutation @ Spotify
Mutation @ Spotify
STAMP Project
 
Java language fundamentals
Java language fundamentalsJava language fundamentals
Java language fundamentals
Kapish Joshi
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
Cysinfo Cyber Security Community
 
Junit, mockito, etc
Junit, mockito, etcJunit, mockito, etc
Junit, mockito, etc
Yaron Karni
 
The art of reverse engineering flash exploits
The art of reverse engineering flash exploitsThe art of reverse engineering flash exploits
The art of reverse engineering flash exploits
Priyanka Aash
 
Grasping dataset
Grasping datasetGrasping dataset
Grasping dataset
gabrielesisinna
 
Java Inheritance
Java InheritanceJava Inheritance
Java Inheritance
Kapish Joshi
 
20171127 當julia遇上資料科學
20171127 當julia遇上資料科學20171127 當julia遇上資料科學
20171127 當julia遇上資料科學
岳華 杜
 
MuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for CMuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for C
Susumu Tokumoto
 
xUnit Style Database Testing
xUnit Style Database TestingxUnit Style Database Testing
xUnit Style Database Testing
Chris Oldwood
 
Java Basics - Part2
Java Basics - Part2Java Basics - Part2
Java Basics - Part2
Vani Kandhasamy
 
Testing Ext JS and Sencha Touch
Testing Ext JS and Sencha TouchTesting Ext JS and Sencha Touch
Testing Ext JS and Sencha Touch
Mats Bryntse
 
test generation
test generationtest generation
test generation
dennis gookyi
 

More Related Content

What's hot

Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory Sanitizer
Platonov Sergey
 
Конверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемыеКонверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемые
Platonov Sergey
 
Accelerating Habanero-Java Program with OpenCL Generation
Accelerating Habanero-Java Program with OpenCL GenerationAccelerating Habanero-Java Program with OpenCL Generation
Accelerating Habanero-Java Program with OpenCL Generation
Akihiro Hayashi
 
Tools and Techniques for Understanding Threading Behavior in Android*
Tools and Techniques for Understanding Threading Behavior in Android*Tools and Techniques for Understanding Threading Behavior in Android*
Tools and Techniques for Understanding Threading Behavior in Android*
Intel® Software
 
Lo Mejor Del Pdc2008 El Futrode C#
Lo Mejor Del Pdc2008 El Futrode C#Lo Mejor Del Pdc2008 El Futrode C#
Lo Mejor Del Pdc2008 El Futrode C#
Juan Pablo
 
12. Java Exceptions and error handling
12. Java Exceptions and error handling12. Java Exceptions and error handling
12. Java Exceptions and error handling
Intro C# Book
 
김재석, C++ 프로그래머를 위한 C#, NDC2011
김재석, C++ 프로그래머를 위한 C#, NDC2011김재석, C++ 프로그래머를 위한 C#, NDC2011
김재석, C++ 프로그래머를 위한 C#, NDC2011
devCAT Studio, NEXON
 
Checking Intel IPP Samples for Windows - Continuation
Checking Intel IPP Samples for Windows - ContinuationChecking Intel IPP Samples for Windows - Continuation
Checking Intel IPP Samples for Windows - Continuation
PVS-Studio
 
NSC #2 - D2 06 - Richard Johnson - SAGEly Advice
NSC #2 - D2 06 - Richard Johnson - SAGEly AdviceNSC #2 - D2 06 - Richard Johnson - SAGEly Advice
NSC #2 - D2 06 - Richard Johnson - SAGEly Advice
NoSuchCon
 
Mutation @ Spotify
Mutation @ Spotify Mutation @ Spotify
Mutation @ Spotify
STAMP Project
 
Java language fundamentals
Java language fundamentalsJava language fundamentals
Java language fundamentals
Kapish Joshi
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
Cysinfo Cyber Security Community
 
Junit, mockito, etc
Junit, mockito, etcJunit, mockito, etc
Junit, mockito, etc
Yaron Karni
 
The art of reverse engineering flash exploits
The art of reverse engineering flash exploitsThe art of reverse engineering flash exploits
The art of reverse engineering flash exploits
Priyanka Aash
 
Grasping dataset
Grasping datasetGrasping dataset
Grasping dataset
gabrielesisinna
 
Java Inheritance
Java InheritanceJava Inheritance
Java Inheritance
Kapish Joshi
 
20171127 當julia遇上資料科學
20171127 當julia遇上資料科學20171127 當julia遇上資料科學
20171127 當julia遇上資料科學
岳華 杜
 
MuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for CMuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for C
Susumu Tokumoto
 
xUnit Style Database Testing
xUnit Style Database TestingxUnit Style Database Testing
xUnit Style Database Testing
Chris Oldwood
 
Java Basics - Part2
Java Basics - Part2Java Basics - Part2
Java Basics - Part2
Vani Kandhasamy
 

What's hot (20)

Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory Sanitizer
 
Конверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемыеКонверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемые
 
Accelerating Habanero-Java Program with OpenCL Generation
Accelerating Habanero-Java Program with OpenCL GenerationAccelerating Habanero-Java Program with OpenCL Generation
Accelerating Habanero-Java Program with OpenCL Generation
 
Tools and Techniques for Understanding Threading Behavior in Android*
Tools and Techniques for Understanding Threading Behavior in Android*Tools and Techniques for Understanding Threading Behavior in Android*
Tools and Techniques for Understanding Threading Behavior in Android*
 
Lo Mejor Del Pdc2008 El Futrode C#
Lo Mejor Del Pdc2008 El Futrode C#Lo Mejor Del Pdc2008 El Futrode C#
Lo Mejor Del Pdc2008 El Futrode C#
 
12. Java Exceptions and error handling
12. Java Exceptions and error handling12. Java Exceptions and error handling
12. Java Exceptions and error handling
 
김재석, C++ 프로그래머를 위한 C#, NDC2011
김재석, C++ 프로그래머를 위한 C#, NDC2011김재석, C++ 프로그래머를 위한 C#, NDC2011
김재석, C++ 프로그래머를 위한 C#, NDC2011
 
Checking Intel IPP Samples for Windows - Continuation
Checking Intel IPP Samples for Windows - ContinuationChecking Intel IPP Samples for Windows - Continuation
Checking Intel IPP Samples for Windows - Continuation
 
NSC #2 - D2 06 - Richard Johnson - SAGEly Advice
NSC #2 - D2 06 - Richard Johnson - SAGEly AdviceNSC #2 - D2 06 - Richard Johnson - SAGEly Advice
NSC #2 - D2 06 - Richard Johnson - SAGEly Advice
 
Mutation @ Spotify
Mutation @ Spotify Mutation @ Spotify
Mutation @ Spotify
 
Java language fundamentals
Java language fundamentalsJava language fundamentals
Java language fundamentals
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
 
Junit, mockito, etc
Junit, mockito, etcJunit, mockito, etc
Junit, mockito, etc
 
The art of reverse engineering flash exploits
The art of reverse engineering flash exploitsThe art of reverse engineering flash exploits
The art of reverse engineering flash exploits
 
Grasping dataset
Grasping datasetGrasping dataset
Grasping dataset
 
Java Inheritance
Java InheritanceJava Inheritance
Java Inheritance
 
20171127 當julia遇上資料科學
20171127 當julia遇上資料科學20171127 當julia遇上資料科學
20171127 當julia遇上資料科學
 
MuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for CMuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for C
 
xUnit Style Database Testing
xUnit Style Database TestingxUnit Style Database Testing
xUnit Style Database Testing
 
Java Basics - Part2
Java Basics - Part2Java Basics - Part2
Java Basics - Part2
 

Viewers also liked

Testing Ext JS and Sencha Touch
Testing Ext JS and Sencha TouchTesting Ext JS and Sencha Touch
Testing Ext JS and Sencha Touch
Mats Bryntse
 
test generation
test generationtest generation
test generation
dennis gookyi
 
SenchaCon 2016: How Sencha Test Helps Automate Functional Testing of Ext JS M...
SenchaCon 2016: How Sencha Test Helps Automate Functional Testing of Ext JS M...SenchaCon 2016: How Sencha Test Helps Automate Functional Testing of Ext JS M...
SenchaCon 2016: How Sencha Test Helps Automate Functional Testing of Ext JS M...
Sencha
 
SenchaCon 2016: The Changing Landscape of JavaScript Testing - Joel Watson an...
SenchaCon 2016: The Changing Landscape of JavaScript Testing - Joel Watson an...SenchaCon 2016: The Changing Landscape of JavaScript Testing - Joel Watson an...
SenchaCon 2016: The Changing Landscape of JavaScript Testing - Joel Watson an...
Sencha
 
Basic Selenium Training
Basic Selenium TrainingBasic Selenium Training
Basic Selenium Training
Dipesh Bhatewara
 
Brazil Startup Report
Brazil Startup ReportBrazil Startup Report
Brazil Startup Report
World Startup Report
 

Viewers also liked (6)

Testing Ext JS and Sencha Touch
Testing Ext JS and Sencha TouchTesting Ext JS and Sencha Touch
Testing Ext JS and Sencha Touch
 
test generation
test generationtest generation
test generation
 
SenchaCon 2016: How Sencha Test Helps Automate Functional Testing of Ext JS M...
SenchaCon 2016: How Sencha Test Helps Automate Functional Testing of Ext JS M...SenchaCon 2016: How Sencha Test Helps Automate Functional Testing of Ext JS M...
SenchaCon 2016: How Sencha Test Helps Automate Functional Testing of Ext JS M...
 
SenchaCon 2016: The Changing Landscape of JavaScript Testing - Joel Watson an...
SenchaCon 2016: The Changing Landscape of JavaScript Testing - Joel Watson an...SenchaCon 2016: The Changing Landscape of JavaScript Testing - Joel Watson an...
SenchaCon 2016: The Changing Landscape of JavaScript Testing - Joel Watson an...
 
Basic Selenium Training
Basic Selenium TrainingBasic Selenium Training
Basic Selenium Training
 
Brazil Startup Report
Brazil Startup ReportBrazil Startup Report
Brazil Startup Report
 

Similar to White-box Unit Test Generation with Microsoft IntelliTest

Mutation testing for a safer Future
Mutation testing for a safer FutureMutation testing for a safer Future
Mutation testing for a safer Future
CocoaHeads France
 
Behaviour Driven Development and Thinking About Testing
Behaviour Driven Development and Thinking About TestingBehaviour Driven Development and Thinking About Testing
Behaviour Driven Development and Thinking About Testing
dn
 
Bdd and-testing
Bdd and-testingBdd and-testing
Bdd and-testing
malcolmt
 
The relationship between test and production code quality (@ SIG)
The relationship between test and production code quality (@ SIG)The relationship between test and production code quality (@ SIG)
The relationship between test and production code quality (@ SIG)
Maurício Aniche
 
Software Engineering - RS3
Software Engineering - RS3Software Engineering - RS3
Software Engineering - RS3
AtakanAral
 
DSR Testing (Part 1)
DSR Testing (Part 1)DSR Testing (Part 1)
DSR Testing (Part 1)
Steve Upton
 
Techorama 2017 - Testing the unit, and beyond.
Techorama 2017 - Testing the unit, and beyond.Techorama 2017 - Testing the unit, and beyond.
Techorama 2017 - Testing the unit, and beyond.
Bert Brouns
 
Symbolic Execution And KLEE
Symbolic Execution And KLEESymbolic Execution And KLEE
Symbolic Execution And KLEE
Shauvik Roy Choudhary, Ph.D.
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzer
Andrey Karpov
 
Unit testing - A&BP CC
Unit testing - A&BP CCUnit testing - A&BP CC
Unit testing - A&BP CC
JWORKS powered by Ordina
 
Scaffolding with JMock
Scaffolding with JMockScaffolding with JMock
Scaffolding with JMock
Valerio Maggio
 
A la découverte des google/mock (aka gmock)
A la découverte des google/mock (aka gmock)A la découverte des google/mock (aka gmock)
A la découverte des google/mock (aka gmock)
Thierry Gayet
 
Google test training
Google test trainingGoogle test training
Google test training
Thierry Gayet
 
Google mock training
Google mock trainingGoogle mock training
Google mock training
Thierry Gayet
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
Andrey Karpov
 
31b - JUnit and Mockito.pdf
31b - JUnit and Mockito.pdf31b - JUnit and Mockito.pdf
31b - JUnit and Mockito.pdf
gauravavam
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mind
Andreas Czakaj
 
Unit test
Unit testUnit test
Unit test
Tran Duc
 
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMEREVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
Andrey Karpov
 
Static analysis: Around Java in 60 minutes
Static analysis: Around Java in 60 minutesStatic analysis: Around Java in 60 minutes
Static analysis: Around Java in 60 minutes
Andrey Karpov
 

Similar to White-box Unit Test Generation with Microsoft IntelliTest (20)

Mutation testing for a safer Future
Mutation testing for a safer FutureMutation testing for a safer Future
Mutation testing for a safer Future
 
Behaviour Driven Development and Thinking About Testing
Behaviour Driven Development and Thinking About TestingBehaviour Driven Development and Thinking About Testing
Behaviour Driven Development and Thinking About Testing
 
Bdd and-testing
Bdd and-testingBdd and-testing
Bdd and-testing
 
The relationship between test and production code quality (@ SIG)
The relationship between test and production code quality (@ SIG)The relationship between test and production code quality (@ SIG)
The relationship between test and production code quality (@ SIG)
 
Software Engineering - RS3
Software Engineering - RS3Software Engineering - RS3
Software Engineering - RS3
 
DSR Testing (Part 1)
DSR Testing (Part 1)DSR Testing (Part 1)
DSR Testing (Part 1)
 
Techorama 2017 - Testing the unit, and beyond.
Techorama 2017 - Testing the unit, and beyond.Techorama 2017 - Testing the unit, and beyond.
Techorama 2017 - Testing the unit, and beyond.
 
Symbolic Execution And KLEE
Symbolic Execution And KLEESymbolic Execution And KLEE
Symbolic Execution And KLEE
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzer
 
Unit testing - A&BP CC
Unit testing - A&BP CCUnit testing - A&BP CC
Unit testing - A&BP CC
 
Scaffolding with JMock
Scaffolding with JMockScaffolding with JMock
Scaffolding with JMock
 
A la découverte des google/mock (aka gmock)
A la découverte des google/mock (aka gmock)A la découverte des google/mock (aka gmock)
A la découverte des google/mock (aka gmock)
 
Google test training
Google test trainingGoogle test training
Google test training
 
Google mock training
Google mock trainingGoogle mock training
Google mock training
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
 
31b - JUnit and Mockito.pdf
31b - JUnit and Mockito.pdf31b - JUnit and Mockito.pdf
31b - JUnit and Mockito.pdf
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mind
 
Unit test
Unit testUnit test
Unit test
 
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMEREVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
 
Static analysis: Around Java in 60 minutes
Static analysis: Around Java in 60 minutesStatic analysis: Around Java in 60 minutes
Static analysis: Around Java in 60 minutes
 

Recently uploaded

E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Quickdice ERP
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
Yara Milbes
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
brainerhub1
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
Philip Schwarz
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
Hornet Dynamics
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise EditionWhy Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Envertis Software Solutions
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
Green Software Development
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
pavan998932
 
DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
Gerardo Pardo-Castellote
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
Octavian Nadolu
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 

Recently uploaded (20)

E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise EditionWhy Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
GreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-JurisicGreenCode-A-VSCode-Plugin--Dario-Jurisic
GreenCode-A-VSCode-Plugin--Dario-Jurisic
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
What is Augmented Reality Image Tracking
What is Augmented Reality Image TrackingWhat is Augmented Reality Image Tracking
What is Augmented Reality Image Tracking
 
DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
Artificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension FunctionsArtificia Intellicence and XPath Extension Functions
Artificia Intellicence and XPath Extension Functions
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 

White-box Unit Test Generation with Microsoft IntelliTest

  • 1. Budapest University of Technology and Economics Department of Measurement and Information Systems Budapest University of Technology and Economics Fault Tolerant Systems Research Group White-box Unit Test Generation with Microsoft IntelliTest Dávid Honfi 1
  • 2. Focus 2 module B module C service Unit testing module A Code-based (White-box)
  • 3. White-box test design public int M1(int a, int b) { if(a == 0) { Console.WriteLine(ERROR_MSG); return -1; } if(b > a) return b*a+5; else return (a+b)/2; } Let’s cover all the statements! a==0 a!=0 && b>a a!=0 && b<=a a==0 a!=0 && b<=a a!=0 & b>a a 0 1 2 b 0 0 3
  • 4. What’s missing?  Usually encoding observed outputs  Where can it be employed? oBasic, common bugs (e.g., uncaught exceptions) oViolation of assertions or contracts oDeviations from existing outputs (regression)  Automation with code exploration test case = input + expected output
  • 5. Symbolic execution: the idea  Static program analysis technique from the ’70s  Application for test generation o Symbolic variables instead of normal ones o Constraints forming for each path with symb. variables o Constraint solving (e.g., SMT solver) o A solution yields an input to execute a given path  New century, new progress: o Enough computing power (e.g., for SMT solvers) o New ideas, extensions, algorithms and tools 5
  • 6. Existing tools using symbolic execution  .NET: Microsoft IntelliTest (a.k.a. Pex)  x86 binary: Microsoft SAGE  Java oNASA Symbolic PathFinder oCATG o…  JavaScript: Jalangi  C: KLEE
  • 8. DEMO 1. The basic use of IntelliTest
  • 9. public int M1(int a, int b) { if(a == 0) { Console.WriteLine(ERROR_MSG); return -1; } if(b > a) return b*a+5; else return (a+b)/2; } Details of IntelliTest (Dynamic SE) Source code Concrete input values Symbolic variables Constraint solver Constraints Concrete execution Symbolic execution a==0 a:=0 b:=0 a,b Transformationa!=0 a:=1 b:=0
  • 10. public int M1(int a, int b) { if(a == 0) { Console.WriteLine(ERROR_MSG); return -1; } if(b > a) return b*a+5; else return (a+b)/2; } Details of IntelliTest (Dynamic SE) Source code Concrete input values Symbolic variables Constraint solver Constraints Concrete execution Symbolic execution a!=0 && b<=a a!=0 && b>a a:=1 b:=0 a:=2 b:=3
  • 11. Parameterized Unit Testing  Idea: Using test methods as specifications o Easy to understand, easy to check, etc. o But: too specific (used for a code unit), verbose, etc.  Parameterized Unit Test (PUT) o Wrapper method for method/unit under test o Main elements • Inputs of the unit • Assumptions for input space restriction • Call to the unit • Assertions for expected results o Serves as a specification  Test generators can use it 11
  • 12. Example: Parameterized Unit Testing 12 void ReduceQuantityPUT(Product prod, int soldCount) { // Assumptions Assume.IsTrue(prod != null && prod.Quantity > 0); Assume.IsTrue(soldCount > 0); int oldQuantity = prod.Quantity; // Calling the UUT int newQuantity = StorageManager.ReduceQuantity(prod,soldCount); // Assertions Assert.IsTrue(newQuantity >= 0); Assert.IsTrue(newQuantity < oldQuantity); } /// The method reduces the quantity of the specified /// product. The product is known to be NOT null with /// quantity larger than 0, also the sold amount is /// always more than zero. The method has effects on /// the database, and returns the new quantity of the /// product. If the quantity would be negative, the /// method reduces the quantity to zero. int ReduceQuantity(Product prod, int soldCount) { … }
  • 13. Example: Parameterized Unit Testing 13 void ReduceQuantityPUT(Product prod, int soldCount) { // Assumptions Assume.IsTrue(prod != null && prod.Quantity > 0); Assume.IsTrue(soldCount > 0); int oldQuantity = prod.Quantity; // Calling the UUT int newQuantity = StorageManager.ReduceQuantity(prod,soldCount); // Assertions Assert.IsTrue(newQuantity >= 0); Assert.IsTrue(newQuantity < oldQuantity); } /// The method reduces the quantity of the specified /// product. The product is known to be NOT null with /// quantity larger than 0, also the sold amount is /// always more than zero. The method has effects on /// the database, and returns the new quantity of the /// product. If the quantity would be negative, the /// method reduces the quantity to zero. int ReduceQuantity(Product prod, int soldCount) { … }
  • 14. DEMO 2. Parameterized Unit Testing with IntelliTest
  • 15. Challenges of SE-based techniques 1. Exponential growth of execution paths 2. Complex arithmetic expressions 3. Floating point operations 4. Compound structures and objects 5. Pointer operations 6. Interaction with the environment 7. Multithreading 8. … 15 T. Chen et al. „State of the art: Dynamic symbolic execution for automated test generation”. Future Generation Computer Systems, 29(7), 2013
  • 16. Challenges of SE-based techniques 1. Exponential growth of execution paths 2. Complex arithmetic expressions 3. Floating point operations 4. Compound structures and objects 5. Pointer operations 6. Interaction with the environment 7. Multithreading 8. … 16 T. Chen et al. „State of the art: Dynamic symbolic execution for automated test generation”. Future Generation Computer Systems, 29(7), 2013 SEViz
  • 17. Visualizing symbolic execution  SEViz: Symbolic Execution VIsualiZer  Goal: Help identifying test generation problems o Long execution paths o Unsolvable constraints o …  Solution: Symbolic execution tree with metadata 17 Mapping to source code Calls to constraint solver 1 No Yes End of execution paths No test Failed test Passed test 1 11 1 1 1 SHAPE BORDER COLOR
  • 18. Visualizing symbolic execution  Additional metadata o Sequence number o Path condition o Incremental path condition (based on parent) o Status: can have siblings or not o Source code mapping (if available) 18
  • 19. DEMO 3. Visualizing test generation with SEViz
  • 20. Challenges of SE-based techniques 1. Exponential growth of execution paths 2. Complex arithmetic expressions 3. Floating point operations 4. Compound structures and objects 5. Pointer operations 6. Interaction with the environment 7. Multithreading 8. … 20 T. Chen et al. „State of the art: Dynamic symbolic execution for automated test generation”. Future Generation Computer Systems, 29(7), 2013 SEViz Automated isolation
  • 21. Existing solutions  Stubbing and mocking (faking) o Fixed values and checks for all DSE executions o Not suitable for test generation  Parameterized mocking o Interaction with DSE is possible • More relevant test cases • Custom behavior in mocks: e.g., state change of objects o Introduces complexity for users of DSE • Requires large amount of time and effort • Not trivial task in case of complex structures o Fakes cannot be generated under certain conditions 21
  • 22. Approach for automated isolation  Automated isolation on source code level 1. Abstract syntax tree transformations in the SUT 2. Parameterized sandbox synthesization 22 SUT C1 C2 Environment i(C1,C2) i(C2,E) i(C2,C1) i(C1,E) SUT C1’ C2’ Environment SB i'(C2,E)i'(C1,E) i(C2,C1) i(C1,C2) Replaced external objects Replaced external calls Sandbox
  • 23. Example of AST transformation 23 public class WeekendNotifier { public bool IsWeekendNear() { DateTime date = DateTime.GetNow(); date.AddDays(2); if(date.GetDay() == "Saturday") return true; return false; } } public class WeekendNotifier { public bool IsWeekendNear() { DynamicFake date = Fake.DateTimeGetNow(); Fake.DateTimeAddDays(2,date); if(Fake.DateTimeGetDay(date) == "Saturday") return true; return false; } }
  • 24. Example of parameterized sandbox 24 public static class Fake { public DynamicFake DateTimeGetNow() { // Return a state container object instead of the original return new DynamicFake(); } public void DateTimeAddDays(int days, DynamicFake date) { // TODO: State change of date using DSE } public int DateTimeGetDay(DynamicFake date) { // Obtaining return value from DSE return DSEEngine.ChooseValue<int>(); } }
  • 25. Summary  White-box test generation: symbolic execution  IntelliTest, a state-of-the-art test generator o Dynamic Symbolic Execution (DSE) o Parameterized Unit Tests  DSE has several challenges, e.g.: o Test generation problem indentification o Environment dependencies  My research o SEViz: A tool for visualizing symbolic execution o Automated isolation with source code transformation 25
  • 26. Resources  IntelliTest https://www.visualstudio.com/en- us/docs/test/developer-testing/intellitest-manual https://www.codehunt.com/  SEViz [ICST’15 Tool Paper] https://ftsrg.github.io/seviz  Automated isolation https://pp.bme.hu/eecs/article/view/9768 26

Editor's Notes

  1. De hogyan is néz ki a forráskód alapú teszttervezés A cél természetesen specifikáció hiányában például az lehet, hogy fedjük az összes lehetséges utasítást. Hát csináljuk is ezt meg kézzel. Van egy writelineunk és utána egy returnünk. A bemeneti paramétereket figyelembe véve milyen feltétellel juthatunk el ezekre az utasításokra? Nyilvánvalóan ha a==0, de nézzük a következő return utasítást. Ide milyen feltételt szabhatunk a bemeneti változóinkra? Azt tudjuk már, hogy az a!=0, és most hozzá ÉS-eljük a b>a-t. Hasonlóképp a harmadik return utasításhoz is szabhatunk feltételt, ha az a!=0-t összeÉS-eljük a b<=a-val. Oké, de ebből hogyan kapunk teszteket? Hát nagyon egyszerű módon: fogjuk a formulákat és kielégítő behelyettesítéseket adunk a változóiknak, ahogy például a táblázatban szerepel. Ezekkel a bemenetekkel már pont meghajthatjuk a formulákhoz tartozó egyes utasításokat, így tesztelhetjük őket.
  2. Na jó, de azért egy kicsit valami sántít. Mi maradt ki? Hát az, hogy egy teszteset az nem csak bemenetekből, hanem elvárt kimenetekből és még egyéb tesztadatokból is állhat. De mégis mi az, amit elvárt kimenet nélkül észre tudunk venni? Egyszerű, általános hibákat úgy mint nem várt kivételek Észrevehetjük a kódban lévő assertionök megsértését Esetleg regressziós tesztkészletként használhatjuk és az újabb forráskódverziók kimeneteit összevethetjük a korábbiakkéval. Esetleg több különböző implementáció ekvivalenciájának ellenőrzését is megoldhatjuk vele.
  3. De lássuk, hogy milyen eszközök léteznek a kód alapú tesztgenerálásra .NET-hez van két Microsoft Research fejlesztés Az egyik, amiről ma is beszélek majd: az IntelliTest (korábbi nevén Pex) Míg a másik a SAGE, ami egy belső toolja a Microsoftnak security testingre. Elmondásaik alapján mindennap használják a Windows és az Office fejlesztéséhez A Win7 security bugjainak nagy részét ezzel találták meg. Természetesen Java-hoz is léteznek eszközök, az egyiket ráadásul a NASA fejleszti Symbolic PathFinder néven. Említhetjük még a JavaScript-es Jalangit és a C-s KLEE eszközt is. A KLEE érdekessége, hogy belső engine-ként felhasználja a Cloud9 tesztgeneráló eszköz, amit ha jól tudom a svájci részecskekutató-intézetben a CERN-ben is használnak. Az azért látható a fejlesztőkből, hogy olyan szervezetek is használják őket, ahol biztonságkritikus fejlesztések folynak.
  4. Az említett eszközök közül én ma az IntelliTest-ről fogok nektek bővebben mesélni. Az IntelliTest a Visual Studio 2015 Enterprise verziójában jelent meg először ezen a néven Néhányotok számára viszont ismerős lehet a Pex vagy a Code Digger elnevezés is. A Pex az IntelliTest korábbi neve volt, most pedig az eszköz mögött lévő engine-t nevezik így. A Code Digger pedig a VS2013-hoz volt elérhető kiegészőként, ez a Pex egy jelentősen lebutított változata volt.
  5. - Menjünk bele egy kicsit a részletekbe is, és lássuk mi is az a szimbolikus végrehajtás. - A Pex engine a háttérben hasonlóképp működik ahogyan azt a dián kézzel is végigvittük. A kód bejárását alacsony szintű .NET-es mágiával és saját parancsértelmezővel viszi véghez. - A bejáráshoz konkrét végrehajtást alkalmaz, amely során összegyűjti azokat a feltételeket avagy formulákat, amik az egyes, még felderítetlen kódrészek bejárásához szükségesek (ahogyan ezt mi is kézzel megtettük). - Ezeket átadja egy speciális eszköznek (úgynevezett Z3 kényszermegoldónak - szintén MS Research fejlesztés), amitől visszakapja ezeknek a formuláknak egy konkrét behelyettesítését. Ez a behelyettesítés fogja adni egy adott végrehajtási útvonalhoz szükséges bemeneteket. És itt jutottunk egy visszacsatoláshoz, a Pex addig fogja ezt az iterációt csinálni, amíg létezik olyan lefutási útvonal, aminek a kényszerét még nem oldotta meg. - Mind mondottam, az IntelliTestnek ez csak a legegyszerűbb használati esete volt. - Lássuk, hogy egy kicsivel bonyolultabb problémát hogyan old meg az eszköz.
  6. Of course, there are existing solutions to alleviate the environment dependency problem: such as Stubbing and Mocking However, this uses fixed values and checks for all DSE execution paths, and thus not suitable for test generation That is the reason why a technique called parameterized mocking was introduced recently, that enables the interaction of DSE and mocks By using this technique DSE can generate more relevant cases, and also it enables the definition of custom behavior like changing states of objects in the mocks by using values obtained from the DSE On the other, this introduces, complexity… AUTOMATION Also, the fake objects are usually provided by isolatino frameworks that cannot be used under certain conditions and have several limitations AVOID USING ISOLATION FWs
  7. Thus our approach is to automatically isolate the dependencies on the source code level in order to alleviate DSE-based test generation * First, our technique transforms the AST of the unit under test, then an algorithm synthesizes a parameterized sandbox that can be utilized by the DSE itself * In order to show it visually, consider the previous example, our approach transforms the unit under test by replacing external type usages and external invocations * Also, the tecnhnique generates a paramterized sandbox, where the replace invocations are pointing to * And in the end, you can see that there is no access to the environment External objects ->DynamicFake state containers
  8. On this slide, I would like to present the AST transformation by an example class called WeekendNotifier … So, we have just transformed the unit under test, however our invocations are pointing to nowhere. At this point, the generation of the sandbox comes in.
  9. The external invocations are synthesized in a form of method stubs into a Fake class that contains all of these synthesized methods.. F