This document discusses white-box unit test generation using Microsoft IntelliTest. It begins with an overview of symbolic execution and how IntelliTest uses dynamic symbolic execution to generate test cases by exploring paths in the code. It then demonstrates IntelliTest's capabilities with examples. The document also discusses challenges with symbolic execution-based test generation and proposes solutions like visualizing the symbolic execution process and automatically isolating environment dependencies through source code transformations.
PVS-Studio analyzer is continuously improving, and the C#-code analysis module is developing most actively: ninety new diagnostic rules were added in 2016. However, the best way to estimate the analyzer's efficiency is to look at the bugs it can catch. It's always interesting, as well as useful, to do recurring checks of large open-source projects at certain intervals and compare their results. Today I will talk about the results of the second analysis of SharpDevelop project.
PVS-Studio analyzes source code and finds various errors and code quality issues across multiple languages and frameworks. The document highlights 20 examples of issues found, including uninitialized variables, unreachable code, incorrect operations, security flaws, and typos. PVS-Studio is able to find these issues using techniques such as data-flow analysis, method annotation analysis, symbolic execution, type inference, and pattern-based analysis to precisely evaluate the code and pinpoint potential bugs or code smells.
How Data Flow analysis works in a static code analyzerAndrey Karpov
Data flow analysis is a technology for source code analysis, widely used in various development tools: compilers, linters, IDE. We'll talk about it exemplifying with design of a static analyzer. The talk covers classification and various kinds of data flow analysis, neighbouring technologies supporting each other, obstacles arising during development, surprises from C++ language when one tries to analyze the code. In this talk, some errors, detected in real projects using this technology, are shown in detail.
EdSketch: Execution-Driven Sketching for JavaLisa Hua
Sketching is a relatively recent approach to program synthesis, which has shown much promise. The key idea in sketching is to allow users to write partial programs that have “holes” and provide test harnesses or reference implementations, and let synthesis tools create program fragments that the holes such that the resulting complete program has the desired functionality. Traditional solutions to the sketching problem perform a translation to SAT and employ CEGIS. While e ective for a range of programs, when applied to real applications, such translation-based approaches have a key limitation: they require either translating all relevant libraries that are invoked directly or indirectly by the given sketch – which can lead to impractical SAT problems – or creating models of those libraries – which can require much manual effort.
is paper introduces execution-driven sketching, a novel approach for synthesis of Java programs using a backtracking search that is commonly employed in so ware model checkers. e key novelty of our work is to introduce effective pruning strategies to effciently explore the actual program behaviors in presence of libraries and to provide a practical solution to sketching small parts of real-world applications, which may use complex constructs of modern languages, such as reflection or native calls. Our tool EdSketch embodies our approach in two forms: a stateful search based on the Java PathFinder model checker; and a stateless search based on re-execution inspired by the VeriSoft model checker. Experimental results show that EdSketch’s performance compares well with the well-known SAT-based Sketch system for a range of small but complex programs, and moreover, that EdSketch can complete some sketches that require handling complex constructs.
This document discusses pointcuts and static analysis in aspect-oriented programming. It provides an example of using aspects to ensure thread safety in Swing by wrapping method calls in invokeLater. It proposes representing pointcuts as relational queries over a program representation, and rewriting pointcuts as Datalog queries for static analysis. Representing programs and pointcuts relationally in this way enables precise static analysis of crosscutting concerns.
The document contains a list of 40 Java interview questions related to core Java, servlets, and JSP. The questions cover topics such as default array values, declaring and initializing arrays, Java keywords, if/else conditions, switch statements, loops, strings, wrappers, methods, threads, JDBC, servlet scopes, servlet lifecycle methods, differences between servlets and JSPs, implicit objects in JSP, and JSP directives.
The document contains 14 code examples that demonstrate how to solve various math and logic problems in Java. The examples cover topics like:
- Calculating the area and perimeter of a rectangle by taking user input for length and width.
- Adding two numbers taken as user input.
- Finding the quotient and remainder of dividing one number by another from user input.
- Calculating IGST and sale price based on a value of sale.
- Finding the power of a number using user input for the number and exponent.
- Converting seconds to hours, minutes and seconds.
- Taking two numbers as input and outputting their sum and difference.
- Determining if a character entered is a vowel or
PVS-Studio analyzer is continuously improving, and the C#-code analysis module is developing most actively: ninety new diagnostic rules were added in 2016. However, the best way to estimate the analyzer's efficiency is to look at the bugs it can catch. It's always interesting, as well as useful, to do recurring checks of large open-source projects at certain intervals and compare their results. Today I will talk about the results of the second analysis of SharpDevelop project.
PVS-Studio analyzes source code and finds various errors and code quality issues across multiple languages and frameworks. The document highlights 20 examples of issues found, including uninitialized variables, unreachable code, incorrect operations, security flaws, and typos. PVS-Studio is able to find these issues using techniques such as data-flow analysis, method annotation analysis, symbolic execution, type inference, and pattern-based analysis to precisely evaluate the code and pinpoint potential bugs or code smells.
How Data Flow analysis works in a static code analyzerAndrey Karpov
Data flow analysis is a technology for source code analysis, widely used in various development tools: compilers, linters, IDE. We'll talk about it exemplifying with design of a static analyzer. The talk covers classification and various kinds of data flow analysis, neighbouring technologies supporting each other, obstacles arising during development, surprises from C++ language when one tries to analyze the code. In this talk, some errors, detected in real projects using this technology, are shown in detail.
EdSketch: Execution-Driven Sketching for JavaLisa Hua
Sketching is a relatively recent approach to program synthesis, which has shown much promise. The key idea in sketching is to allow users to write partial programs that have “holes” and provide test harnesses or reference implementations, and let synthesis tools create program fragments that the holes such that the resulting complete program has the desired functionality. Traditional solutions to the sketching problem perform a translation to SAT and employ CEGIS. While e ective for a range of programs, when applied to real applications, such translation-based approaches have a key limitation: they require either translating all relevant libraries that are invoked directly or indirectly by the given sketch – which can lead to impractical SAT problems – or creating models of those libraries – which can require much manual effort.
is paper introduces execution-driven sketching, a novel approach for synthesis of Java programs using a backtracking search that is commonly employed in so ware model checkers. e key novelty of our work is to introduce effective pruning strategies to effciently explore the actual program behaviors in presence of libraries and to provide a practical solution to sketching small parts of real-world applications, which may use complex constructs of modern languages, such as reflection or native calls. Our tool EdSketch embodies our approach in two forms: a stateful search based on the Java PathFinder model checker; and a stateless search based on re-execution inspired by the VeriSoft model checker. Experimental results show that EdSketch’s performance compares well with the well-known SAT-based Sketch system for a range of small but complex programs, and moreover, that EdSketch can complete some sketches that require handling complex constructs.
This document discusses pointcuts and static analysis in aspect-oriented programming. It provides an example of using aspects to ensure thread safety in Swing by wrapping method calls in invokeLater. It proposes representing pointcuts as relational queries over a program representation, and rewriting pointcuts as Datalog queries for static analysis. Representing programs and pointcuts relationally in this way enables precise static analysis of crosscutting concerns.
The document contains a list of 40 Java interview questions related to core Java, servlets, and JSP. The questions cover topics such as default array values, declaring and initializing arrays, Java keywords, if/else conditions, switch statements, loops, strings, wrappers, methods, threads, JDBC, servlet scopes, servlet lifecycle methods, differences between servlets and JSPs, implicit objects in JSP, and JSP directives.
The document contains 14 code examples that demonstrate how to solve various math and logic problems in Java. The examples cover topics like:
- Calculating the area and perimeter of a rectangle by taking user input for length and width.
- Adding two numbers taken as user input.
- Finding the quotient and remainder of dividing one number by another from user input.
- Calculating IGST and sale price based on a value of sale.
- Finding the power of a number using user input for the number and exponent.
- Converting seconds to hours, minutes and seconds.
- Taking two numbers as input and outputting their sum and difference.
- Determining if a character entered is a vowel or
The document discusses three sanitizers - AddressSanitizer, ThreadSanitizer, and MemorySanitizer - that detect bugs in C/C++ programs. AddressSanitizer detects memory errors like buffer overflows and use-after-frees. ThreadSanitizer finds data races between threads. MemorySanitizer identifies uses of uninitialized memory. The sanitizers work by instrumenting code at compile-time and providing a run-time library for error detection and reporting. They have found thousands of bugs in major software projects with reasonable overhead. Future work includes supporting more platforms and detecting additional classes of bugs.
Есть много причин заниматься конверсией управляемых языков в нативные: это прежде всего производительность, но также защита от реверс-инжиниринга, поддержка аппаратных технологий или каких-то специфичных платформ. В этом докладе мы посмотрим на пример построения конвертера из C# в C++ и те нюансы, которые встречаются при решении этой задачи
Accelerating Habanero-Java Program with OpenCL GenerationAkihiro Hayashi
Accelerating Habanero-Java Program with OpenCL Generation. Akihiro Hayashi, Max Grossman, Jisheng Zhao, Jun Shirako, Vivek Sarkar. 10th International Conference on the Principles and Practice of Programming in Java (PPPJ), September 2013.
1. The document discusses the evolution of the C# programming language from versions 1.0 through 4.0, highlighting new features introduced in each version such as generics, LINQ, dynamic programming, and covariance/contravariance.
2. It provides code examples to illustrate key concepts like generics, LINQ queries, dynamic binding, and how covariance/contravariance enables safer usage of generics.
3. The last section summarizes some of the main features introduced in each C# version from managed code to generics to dynamic programming.
In this chapter we will discuss exceptions in the object-oriented programming and in Java in particular. We will learn how to handle exceptions using the try-catch construct, how to pass them to the calling methods and how to throw standard or our own exceptions using the throw construct.
This document summarizes new features introduced in different versions of C# and Visual Studio .NET. It covers C# 1.0 introduced in Visual Studio .NET Rainer, C# 1.2 in Visual Studio .NET 2003, C# 2.0 in Visual Studio 2005, and C# 3.0 in Visual Studio 2008. The summaries include features such as generics, iterators, nullable types, lambda expressions, LINQ, and more.
Checking Intel IPP Samples for Windows - ContinuationPVS-Studio
The progress keeps on going. My favorite static code analyzer PVS-Studio is developing too. It has occurred to me recently that those projects we already checked, we can well check again. It would be strange if we wrote articles on this topic, and they would hardly be interesting. But I think we can write one: it will become one more argument for the idea that you can get real benefit from static analysis only using it regularly and not from time to time. So, let's see what new interesting things we have managed to find in the Intel IPP Samples project.
NSC #2 - D2 06 - Richard Johnson - SAGEly AdviceNoSuchCon
The document discusses automated testing techniques for software, including fuzzing and concolic testing. Fuzzing involves generating random inputs to exercise a program, while concolic testing uses symbolic execution to track data flows and observe how program logic is influenced by inputs. Concolic testing can generate inputs that cover more program states but requires instrumenting the code to analyze execution.
The document discusses mutating and testing tests. It introduces the concept of mutation analysis, where tests are evaluated by seeding real bugs into the code and checking if the tests detect these bugs. The document provides an example of applying mutation analysis to a factorial function code and test cases. It finds bugs in the test cases like weak oracles and missing test inputs. The document also compares the Pit mutation testing tool with the Descartes tool, finding Descartes generates fewer but coarser-grained mutants, making it more scalable for large projects.
The document contains a quiz on Java fundamentals with 29 multiple choice questions covering topics like classes, objects, variables, data types, and methods. It tests understanding of concepts like inheritance, abstraction, polymorphism, and exceptions. The questions have a single correct answer option to select from to test comprehension of Java language rules and behavior.
The document provides an overview of sanitizers, which are dynamic testing tools that detect bugs like buffer overflows and uninitialized memory reads. It focuses on Address Sanitizer (ASan), which detects invalid address usage bugs, and Undefined Behavior Sanitizer (UBSan), which finds unspecified code semantic bugs. ASan works by dividing memory into main and shadow spaces and instruments code to check shadow values for poisoning. UBSan detects issues like integer overflow and out-of-bounds memory access. Both tools are compiler-instrumented to add checks and generate detailed reports of encountered bugs.
This document provides an overview and agenda for learning about Junit, Mockito, PowerMock, and Hamcrest for testing purposes. It discusses the goal of becoming familiar with these frameworks and libraries. The agenda covers test structure, using Junit with Spring, Mockito stubs and behavior, PowerMock for private/static methods, and key aspects of unit testing like structure, style, and scope. It also provides examples of using Mockito and PowerMock to mock objects, methods, and interactions for testing.
The art of reverse engineering flash exploitsPriyanka Aash
"Adobe Flash is one of the battlegrounds of exploit and mitigation methods. As most of the Flash exploits demonstrate native memory layer exploit technique, it is valuable to understand the memory layout and behavior of Adobe Flash Player. We developed fine-grained debugging tactics to observe memory exploit technique and the way to interpret them effectively. This eventually helps defenders to understand new exploit techniques that are used for current targets quickly. This information is also valuable in deciding which area should defenders focus on for mitigation and code fixes. Adobe Flash Player was one of the major attack targets in 2015. We observed at least 17 effective zero-days or 1-day attacks in the wild. Flash is not just used by exploit kits like Angler, it has also been commonly used for advanced persistent threat (APT) attacks. The bug class ranges from simple heap overflows, uninitialized memory to type confusion and use-after-free. At Microsoft, understanding exploits in-the-wild is a continuous process. Flash exploit is one of the hardest to reverse-engineer. It often involves multi-layer obfuscation, and by default, is highly obfuscated and has non-decompilable codes. The challenge with Flash exploit comes from the lack of tools for static and dynamic analysis. Exploits are written with ActionScript programming language and obfuscated in bytecode level using commercial-grade obfuscation tools. Understanding highly obfuscated logic and non-decompilable AVM bytecode is a big challenge. Especially, the lack of usable debuggers for Flash file itself is a huge hurdle for exploit reverse engineers. It is just like debugging PE binaries without using Windbg or Olly debugger. The ability of the researcher is highly limited.
With this presentation, I want to deliver two things: 1. The tactics and debugging technique that can be used to reverse engineer exploits. This includes using existing toolsets and combining them in an effective way. 2. The detailed exploit code reverse engineering examples that can help you understand what's the current and past status of attack and mitigation war. You might have heard of Vector corruption, ByteArray corruption and other JIT manipulation technique. Technical details will be discussed on how the exploits are using these and how the vendor defended against these."
(Source: Black Hat USA 2016, Las Vegas)
1) The document discusses using machine learning classifiers to predict whether a robotic grasp of an object will be robust based on joint state data from simulations. 2) Several classifiers were tested on a dataset from 992,641 grasps, with Random Forest and J48 achieving the best accuracy of around 80-83%. 3) Features related to joint velocities and efforts were most important for prediction. Further validation on physical robots is needed to test the models.
The document contains 15 multiple choice questions about inheritance in Java. Some key points covered include:
- Overriding vs overloading methods
- Access modifiers for methods in subclasses
- Calling superclass constructors and methods from subclasses
- Runtime polymorphism through inheritance
- Abstract methods and overriding rules
- Accessing subclass fields from superclass references
The document introduces Julia, a programming language for scientific computing and data science. It begins with an introduction of the speaker and why they chose Julia. Some key advantages of Julia are its readability like Python but performance of C. Julia avoids the two language problem of Python for development and C for performance. Examples are given of who uses Julia, including economists and cancer researchers. The document then demonstrates basic Julia code and concepts like variables, data types, operators, control flow and functions. It also provides a rock-paper-scissors game example to illustrate Julia concepts.
MuVM: Higher Order Mutation Analysis Virtual Machine for CSusumu Tokumoto
Mutation analysis is a method for evaluating the effectiveness of a test suite by seeding faults artificially and measuring the fraction of seeded faults detected by the test suite. The major limitation of mutation analysis is its lengthy execution time because it involves generating, compiling and running large numbers of mutated programs, called mutants. Our tool MuVM achieves a significant runtime improvement by performing higher order mutation analysis using four techniques, metamutation, mutation on virtual machine, higher order split-stream execution, and online adaptation technique. In order to obtain the same behavior as mutating the source code directly, metamutation preserves the mutation location information which may potentially be lost during bitcode compilation and optimization. Mutation on a virtual machine reduces the compilation and testing cost by compiling a program once and invoking a process once. Higher order split-stream execution also reduces the testing cost by executing common parts of the mutants together and splitting the execution at a seeded fault. Online adaptation technique reduces the number of generated mutants by omitting infeasible mutants. Our comparative experiments indicate that our tool is significantly superior to an existing tool, an existing technique (mutation schema generation), and no-split-stream execution in higher order mutation.
The document discusses object-oriented programming concepts in Java including classes, objects, methods, constructors, inheritance, and more. It includes examples of defining a Box class with attributes like width, height, and length, as well as methods to set dimensions and calculate volume. Constructors are demonstrated for initializing object attributes. Later sections cover topics like static members, method overloading, argument passing by value vs reference, and returning objects from methods.
- Testing JavaScript code helps ensure quality and allows for refactoring and code handovers. Unit, integration, and functional testing methodologies were discussed.
- Siesta was introduced as a JavaScript testing tool that supports unit and functional testing for Ext JS and Sencha Touch. It allows simulating user interactions and verifying results.
- Writing testable code through separation of concerns, avoiding direct DOM manipulation, and supporting dependency injection were recommended to facilitate automated testing. Continuous integration was also recommended for running tests regularly.
This document discusses test generation for digital circuits. It covers fault detection and location in digital systems, as well as various test generation methods for combinational and sequential logic circuits. For combinational circuits, it describes path sensitization and Boolean difference methods. For sequential circuits, it discusses converting the circuit to combinational form and verifying the state table. The document also discusses design for testability, including testability measures and techniques like LSSD. Reed-Muller expansion is presented as a method to derive and implement logic functions.
The document discusses three sanitizers - AddressSanitizer, ThreadSanitizer, and MemorySanitizer - that detect bugs in C/C++ programs. AddressSanitizer detects memory errors like buffer overflows and use-after-frees. ThreadSanitizer finds data races between threads. MemorySanitizer identifies uses of uninitialized memory. The sanitizers work by instrumenting code at compile-time and providing a run-time library for error detection and reporting. They have found thousands of bugs in major software projects with reasonable overhead. Future work includes supporting more platforms and detecting additional classes of bugs.
Есть много причин заниматься конверсией управляемых языков в нативные: это прежде всего производительность, но также защита от реверс-инжиниринга, поддержка аппаратных технологий или каких-то специфичных платформ. В этом докладе мы посмотрим на пример построения конвертера из C# в C++ и те нюансы, которые встречаются при решении этой задачи
Accelerating Habanero-Java Program with OpenCL GenerationAkihiro Hayashi
Accelerating Habanero-Java Program with OpenCL Generation. Akihiro Hayashi, Max Grossman, Jisheng Zhao, Jun Shirako, Vivek Sarkar. 10th International Conference on the Principles and Practice of Programming in Java (PPPJ), September 2013.
1. The document discusses the evolution of the C# programming language from versions 1.0 through 4.0, highlighting new features introduced in each version such as generics, LINQ, dynamic programming, and covariance/contravariance.
2. It provides code examples to illustrate key concepts like generics, LINQ queries, dynamic binding, and how covariance/contravariance enables safer usage of generics.
3. The last section summarizes some of the main features introduced in each C# version from managed code to generics to dynamic programming.
In this chapter we will discuss exceptions in the object-oriented programming and in Java in particular. We will learn how to handle exceptions using the try-catch construct, how to pass them to the calling methods and how to throw standard or our own exceptions using the throw construct.
This document summarizes new features introduced in different versions of C# and Visual Studio .NET. It covers C# 1.0 introduced in Visual Studio .NET Rainer, C# 1.2 in Visual Studio .NET 2003, C# 2.0 in Visual Studio 2005, and C# 3.0 in Visual Studio 2008. The summaries include features such as generics, iterators, nullable types, lambda expressions, LINQ, and more.
Checking Intel IPP Samples for Windows - ContinuationPVS-Studio
The progress keeps on going. My favorite static code analyzer PVS-Studio is developing too. It has occurred to me recently that those projects we already checked, we can well check again. It would be strange if we wrote articles on this topic, and they would hardly be interesting. But I think we can write one: it will become one more argument for the idea that you can get real benefit from static analysis only using it regularly and not from time to time. So, let's see what new interesting things we have managed to find in the Intel IPP Samples project.
NSC #2 - D2 06 - Richard Johnson - SAGEly AdviceNoSuchCon
The document discusses automated testing techniques for software, including fuzzing and concolic testing. Fuzzing involves generating random inputs to exercise a program, while concolic testing uses symbolic execution to track data flows and observe how program logic is influenced by inputs. Concolic testing can generate inputs that cover more program states but requires instrumenting the code to analyze execution.
The document discusses mutating and testing tests. It introduces the concept of mutation analysis, where tests are evaluated by seeding real bugs into the code and checking if the tests detect these bugs. The document provides an example of applying mutation analysis to a factorial function code and test cases. It finds bugs in the test cases like weak oracles and missing test inputs. The document also compares the Pit mutation testing tool with the Descartes tool, finding Descartes generates fewer but coarser-grained mutants, making it more scalable for large projects.
The document contains a quiz on Java fundamentals with 29 multiple choice questions covering topics like classes, objects, variables, data types, and methods. It tests understanding of concepts like inheritance, abstraction, polymorphism, and exceptions. The questions have a single correct answer option to select from to test comprehension of Java language rules and behavior.
The document provides an overview of sanitizers, which are dynamic testing tools that detect bugs like buffer overflows and uninitialized memory reads. It focuses on Address Sanitizer (ASan), which detects invalid address usage bugs, and Undefined Behavior Sanitizer (UBSan), which finds unspecified code semantic bugs. ASan works by dividing memory into main and shadow spaces and instruments code to check shadow values for poisoning. UBSan detects issues like integer overflow and out-of-bounds memory access. Both tools are compiler-instrumented to add checks and generate detailed reports of encountered bugs.
This document provides an overview and agenda for learning about Junit, Mockito, PowerMock, and Hamcrest for testing purposes. It discusses the goal of becoming familiar with these frameworks and libraries. The agenda covers test structure, using Junit with Spring, Mockito stubs and behavior, PowerMock for private/static methods, and key aspects of unit testing like structure, style, and scope. It also provides examples of using Mockito and PowerMock to mock objects, methods, and interactions for testing.
The art of reverse engineering flash exploitsPriyanka Aash
"Adobe Flash is one of the battlegrounds of exploit and mitigation methods. As most of the Flash exploits demonstrate native memory layer exploit technique, it is valuable to understand the memory layout and behavior of Adobe Flash Player. We developed fine-grained debugging tactics to observe memory exploit technique and the way to interpret them effectively. This eventually helps defenders to understand new exploit techniques that are used for current targets quickly. This information is also valuable in deciding which area should defenders focus on for mitigation and code fixes. Adobe Flash Player was one of the major attack targets in 2015. We observed at least 17 effective zero-days or 1-day attacks in the wild. Flash is not just used by exploit kits like Angler, it has also been commonly used for advanced persistent threat (APT) attacks. The bug class ranges from simple heap overflows, uninitialized memory to type confusion and use-after-free. At Microsoft, understanding exploits in-the-wild is a continuous process. Flash exploit is one of the hardest to reverse-engineer. It often involves multi-layer obfuscation, and by default, is highly obfuscated and has non-decompilable codes. The challenge with Flash exploit comes from the lack of tools for static and dynamic analysis. Exploits are written with ActionScript programming language and obfuscated in bytecode level using commercial-grade obfuscation tools. Understanding highly obfuscated logic and non-decompilable AVM bytecode is a big challenge. Especially, the lack of usable debuggers for Flash file itself is a huge hurdle for exploit reverse engineers. It is just like debugging PE binaries without using Windbg or Olly debugger. The ability of the researcher is highly limited.
With this presentation, I want to deliver two things: 1. The tactics and debugging technique that can be used to reverse engineer exploits. This includes using existing toolsets and combining them in an effective way. 2. The detailed exploit code reverse engineering examples that can help you understand what's the current and past status of attack and mitigation war. You might have heard of Vector corruption, ByteArray corruption and other JIT manipulation technique. Technical details will be discussed on how the exploits are using these and how the vendor defended against these."
(Source: Black Hat USA 2016, Las Vegas)
1) The document discusses using machine learning classifiers to predict whether a robotic grasp of an object will be robust based on joint state data from simulations. 2) Several classifiers were tested on a dataset from 992,641 grasps, with Random Forest and J48 achieving the best accuracy of around 80-83%. 3) Features related to joint velocities and efforts were most important for prediction. Further validation on physical robots is needed to test the models.
The document contains 15 multiple choice questions about inheritance in Java. Some key points covered include:
- Overriding vs overloading methods
- Access modifiers for methods in subclasses
- Calling superclass constructors and methods from subclasses
- Runtime polymorphism through inheritance
- Abstract methods and overriding rules
- Accessing subclass fields from superclass references
The document introduces Julia, a programming language for scientific computing and data science. It begins with an introduction of the speaker and why they chose Julia. Some key advantages of Julia are its readability like Python but performance of C. Julia avoids the two language problem of Python for development and C for performance. Examples are given of who uses Julia, including economists and cancer researchers. The document then demonstrates basic Julia code and concepts like variables, data types, operators, control flow and functions. It also provides a rock-paper-scissors game example to illustrate Julia concepts.
MuVM: Higher Order Mutation Analysis Virtual Machine for CSusumu Tokumoto
Mutation analysis is a method for evaluating the effectiveness of a test suite by seeding faults artificially and measuring the fraction of seeded faults detected by the test suite. The major limitation of mutation analysis is its lengthy execution time because it involves generating, compiling and running large numbers of mutated programs, called mutants. Our tool MuVM achieves a significant runtime improvement by performing higher order mutation analysis using four techniques, metamutation, mutation on virtual machine, higher order split-stream execution, and online adaptation technique. In order to obtain the same behavior as mutating the source code directly, metamutation preserves the mutation location information which may potentially be lost during bitcode compilation and optimization. Mutation on a virtual machine reduces the compilation and testing cost by compiling a program once and invoking a process once. Higher order split-stream execution also reduces the testing cost by executing common parts of the mutants together and splitting the execution at a seeded fault. Online adaptation technique reduces the number of generated mutants by omitting infeasible mutants. Our comparative experiments indicate that our tool is significantly superior to an existing tool, an existing technique (mutation schema generation), and no-split-stream execution in higher order mutation.
The document discusses object-oriented programming concepts in Java including classes, objects, methods, constructors, inheritance, and more. It includes examples of defining a Box class with attributes like width, height, and length, as well as methods to set dimensions and calculate volume. Constructors are demonstrated for initializing object attributes. Later sections cover topics like static members, method overloading, argument passing by value vs reference, and returning objects from methods.
- Testing JavaScript code helps ensure quality and allows for refactoring and code handovers. Unit, integration, and functional testing methodologies were discussed.
- Siesta was introduced as a JavaScript testing tool that supports unit and functional testing for Ext JS and Sencha Touch. It allows simulating user interactions and verifying results.
- Writing testable code through separation of concerns, avoiding direct DOM manipulation, and supporting dependency injection were recommended to facilitate automated testing. Continuous integration was also recommended for running tests regularly.
This document discusses test generation for digital circuits. It covers fault detection and location in digital systems, as well as various test generation methods for combinational and sequential logic circuits. For combinational circuits, it describes path sensitization and Boolean difference methods. For sequential circuits, it discusses converting the circuit to combinational form and verifying the state table. The document also discusses design for testability, including testability measures and techniques like LSSD. Reed-Muller expansion is presented as a method to derive and implement logic functions.
SenchaCon 2016: How Sencha Test Helps Automate Functional Testing of Ext JS M...Sencha
Learn how Sencha Test helped profiq, a software engineering service provider, to automate and track verification of modern Ext JS applications and their various components on multiple web browsers and devices. You will also learn tips and tricks that can speed up the development cycle of your JavaScript applications, including how you can leverage Sencha Test and its APIs.
SenchaCon 2016: The Changing Landscape of JavaScript Testing - Joel Watson an...Sencha
Testing JavaScript applications can be difficult. In addition to testing application functionality, testers need to worry about browser compatibility, how to define tests, the environment under which tests will be run, integration into automation platforms, and the workflow of developers and testers. This presentation will discuss how Sencha Test provides development teams with a testing platform that addresses these challenges while minimizing the effort required to deploy and use testing tools--meaning that your team can focus on delivering awesome user experiences rather than fighting with their testing infrastructure.
The document provides information about a weekend workshop on test automation of web applications using Selenium. The workshop will be conducted on June 23rd 2012 by Dipesh Bhatewara and covers topics like why test automation is needed, advantages of test automation, when to automate, approaches to web testing, an introduction to Selenium including its components, installation of Selenium IDE, commonly used Selenium commands, object identification using locators, handling different element types, and an overview of Selenium RC.
Interested in starting a company in Brazil? Here is a quick 15-min guide for everything you need to know to get started.
This guide is provides an overview of the Brazil market size, key players, opportunity then dives into topics such as costs of operation, rules/regulations and even local culture.
Brazil Startup Report is a guide written by local volunteer entrepreneurs and investors. If you are interested in creating such a report for your own country, please contact hello@worldstartupreport.com. Please also consider making a donation to help create more of these free reports for other countries in need.
Thanks for reading!
This document discusses mutation testing as a way to test code and test quality. Mutation testing involves intentionally breaking code in small ways (e.g. changing + to *) and ensuring tests catch these "mutant" versions. While code coverage measures how much code is executed, mutation testing checks that tests are thorough by breaking the code in multiple ways. The document provides examples of mutation testing and operators as well as a brief history of the technique. It notes that while time consuming, mutation testing can help identify faults that may cascade and ensure tests are comprehensive.
The relationship between test and production code quality (@ SIG)Maurício Aniche
The document discusses the relationship between test code and production code. It describes a study that analyzed code produced with and without test-driven development (TDD) and found no significant difference in class design quality. Interviews revealed that developer experience is more important than TDD alone. The document also discusses a tool called Metric Miner that facilitates mining software repositories to study patterns in test code and their implications for production code quality.
This document provides an overview of test-driven development (TDD) techniques including unit testing with JUnit, behavior-driven development (BDD) with Cucumber, test automation, and using mock objects with Mockito. It defines TDD and its processes, describes tools like JUnit, Cucumber and Mockito, and provides references for further reading on testing practices.
This document provides an overview of software testing concepts. It discusses different types of testing like unit testing, functional testing, error path testing, boundary value testing, and equivalence partitioning. It also covers test strategies like golden path testing, black box testing, and white box testing. The purpose of a tester is explained as quantifying risk to make decisions that improve confidence and quality.
Techorama 2017 - Testing the unit, and beyond.Bert Brouns
Cegeka Partner Session @ Techorama 2017
Everybody is writing unit tests, right? And do you write them the classic way or not? Did you ever question that?
During this talk we’ll be asking ourselves what the scope of a unit test can or should be. And we’ll show techniques to help you write more meaningful unit tests, which help us to involve the customer and to speed up an agile team.
We’ll also touch on the impact of new technologies which could blur the lines between unit testing and integration testing.
These slides contain an introduction to Symbolic execution and an introduction to KLEE.
I made this for a small demo/intro for my research group's meeting.
This workshop is about testing the right way. Get a clear view on how to test your code in an efficient and useful way!
This first testing-related workshop is about all aspects of unit testing. Integration testing and TDD will have their own dedicated workshops.
This document discusses scaffolding tests using the JMock library. It provides an overview of JMock features for creating mock objects and defining expectations in tests. Specific patterns are demonstrated, such as expecting a sequence of method invocations and using anonymous expectations blocks. The document also discusses test doubles and how to design code for mockability. Examples include testing a scheduler class in isolation using stubs and mocks.
A la découverte des google/mock (aka gmock)Thierry Gayet
The document provides an introduction and overview of using Google Mock for unit testing in C++. It discusses defining a mock class that implements the same interface as the system under test's dependencies. The mock class can then be configured to return expected values and verify method calls during tests. Writing mock classes with Google Mock involves using macros to declare mocked methods, which then generate the method definitions. The document provides an example of defining a MockTurtle class that implements the Turtle interface.
The document discusses Google Test, an open source unit testing framework for C++ that can also be used for testing C code, providing an overview of its features and how to implement unit tests using common patterns like test fixtures, assertions, and death tests to validate expected failures. It also covers best practices for writing effective unit tests, including keeping tests independent, focused, and fast-running.
The document provides an introduction and overview of using Google Mock (gmock) for testing in C++. It discusses key concepts like the system under test (SUT), test doubles, mocks, stubs, and fragile tests. It then provides a tutorial example of defining a mock class for a Turtle interface to allow testing code that depends on drawing functions without executing the real drawing implementation.
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareAndrey Karpov
The document discusses using static code analysis when teaching or developing open-source software. It outlines how static analysis can help instructors check student homework and projects more efficiently, and help students learn about error patterns. When using static analysis for open-source projects, it recommends integrating it into developers' workflows locally and via continuous integration systems. Regular use is key to maximizing its benefits for finding and fixing bugs.
The document provides an introduction to JUnit and Mockito frameworks for testing in Java. It covers key topics such as:
- What JUnit and Mockito are and how they are used for testing Java code
- Common JUnit annotations like @Test and how to structure test classes
- How to make assertions in JUnit tests to validate expected outcomes
- How to use Mockito to mock dependencies and define stubbed behavior
- Hands-on examples are provided to demonstrate writing tests with JUnit and Mockito
How to write clean & testable code without losing your mindAndreas Czakaj
If you create software that is to be developed continuously over several years you'll need a sustainable approach to code quality.
In our early days of AEM development, however, we used to struggle with code that is rigid, hard to test and full of LOG.debug calls.
In this talk I will share some development best practices we have found that really work in actual AEM based software, e.g. to achieve 100% code coverage and provide high confidence in the code base.
Spoiler alert: no new libraries, frameworks or tools are required - once you know the ideas, plain old TDD and the S.O.L.I.D. principles of Clean Code will do the trick.
by Andreas Czakaj, mensemedia Gesellschaft für Neue Medien mbH
Presented at the adaptTo() 2017 conference in Berlin (https://adapt.to/2017/en/schedule/how-to-write-clean---testable-code-without-losing-your-mind.html).
Presentation video can be found on YouTube (https://www.youtube.com/watch?v=JbJw5oN_zL4)
This document discusses unit testing, including why testing is important, how to begin unit testing, asynchronous testing, and performance testing. It provides an overview of using XCTest to write unit tests in Xcode, including test targets, running and viewing test results. It covers writing asynchronous tests using expectations and measuring performance using the measureBlock method. The document recommends setting baselines and standard deviations for performance tests and provides references for learning more about unit and UI testing.
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMERAndrey Karpov
Static code analysis tools can analyze Java programs to find defects without executing the code. They use techniques like pattern matching, type inference, data flow analysis and symbolic execution. PVS-Studio is a static analysis tool for Java that was created using lessons from a C++ analyzer. It finds bugs like integer divisions by zero, dead code, copy-paste errors and other defects. Integrating static analysis into development processes helps improve code quality over time by detecting and fixing issues early.
Static analysis: Around Java in 60 minutesAndrey Karpov
Theory
Code quality (bugs, vulnerabilities)
Methodologies of code protection against defects
Code Review
Static analysis and everything related to it
Tools
Existing tools of static analysis
SonarQube
PVS-Studio for Java what is it?
Several detected examples of code with defects
More about static analysis
Conclusions
Similar to White-box Unit Test Generation with Microsoft IntelliTest (20)
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
SMS API Integration in Saudi Arabia| Best SMS API ServiceYara Milbes
Discover the benefits and implementation of SMS API integration in the UAE and Middle East. This comprehensive guide covers the importance of SMS messaging APIs, the advantages of bulk SMS APIs, and real-world case studies. Learn how CEQUENS, a leader in communication solutions, can help your business enhance customer engagement and streamline operations with innovative CPaaS, reliable SMS APIs, and omnichannel solutions, including WhatsApp Business. Perfect for businesses seeking to optimize their communication strategies in the digital age.
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Unveiling the Advantages of Agile Software Development.pdfbrainerhub1
Learn about Agile Software Development's advantages. Simplify your workflow to spur quicker innovation. Jump right in! We have also discussed the advantages.
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
E-commerce Application Development Company.pdfHornet Dynamics
Your business can reach new heights with our assistance as we design solutions that are specifically appropriate for your goals and vision. Our eCommerce application solutions can digitally coordinate all retail operations processes to meet the demands of the marketplace while maintaining business continuity.
SOCRadar's Aviation Industry Q1 Incident Report is out now!
The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers.
SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.
Odoo ERP software
Odoo ERP software, a leading open-source software for Enterprise Resource Planning (ERP) and business management, has recently launched its latest version, Odoo 17 Community Edition. This update introduces a range of new features and enhancements designed to streamline business operations and support growth.
The Odoo Community serves as a cost-free edition within the Odoo suite of ERP systems. Tailored to accommodate the standard needs of business operations, it provides a robust platform suitable for organisations of different sizes and business sectors. Within the Odoo Community Edition, users can access a variety of essential features and services essential for managing day-to-day tasks efficiently.
This blog presents a detailed overview of the features available within the Odoo 17 Community edition, and the differences between Odoo 17 community and enterprise editions, aiming to equip you with the necessary information to make an informed decision about its suitability for your business.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
What is Augmented Reality Image Trackingpavan998932
Augmented Reality (AR) Image Tracking is a technology that enables AR applications to recognize and track images in the real world, overlaying digital content onto them. This enhances the user's interaction with their environment by providing additional information and interactive elements directly tied to physical images.
DDS Security Version 1.2 was adopted in 2024. This revision strengthens support for long runnings systems adding new cryptographic algorithms, certificate revocation, and hardness against DoS attacks.
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
White-box Unit Test Generation with Microsoft IntelliTest
1. Budapest University of Technology and Economics
Department of Measurement and Information Systems
Budapest University of Technology and Economics
Fault Tolerant Systems Research Group
White-box Unit Test Generation
with Microsoft IntelliTest
Dávid Honfi
1
3. White-box test design
public int M1(int a, int b)
{
if(a == 0)
{
Console.WriteLine(ERROR_MSG);
return -1;
}
if(b > a) return b*a+5;
else return (a+b)/2;
}
Let’s cover all
the statements!
a==0
a!=0 && b>a
a!=0 && b<=a
a==0 a!=0 && b<=a a!=0 & b>a
a 0 1 2
b 0 0 3
4. What’s missing?
Usually encoding observed outputs
Where can it be employed?
oBasic, common bugs (e.g., uncaught exceptions)
oViolation of assertions or contracts
oDeviations from existing outputs (regression)
Automation with code exploration
test case = input + expected output
5. Symbolic execution: the idea
Static program analysis technique from the ’70s
Application for test generation
o Symbolic variables instead of normal ones
o Constraints forming for each path with symb. variables
o Constraint solving (e.g., SMT solver)
o A solution yields an input to execute a given path
New century, new progress:
o Enough computing power (e.g., for SMT solvers)
o New ideas, extensions, algorithms and tools
5
6. Existing tools using symbolic execution
.NET: Microsoft IntelliTest (a.k.a. Pex)
x86 binary: Microsoft SAGE
Java
oNASA Symbolic PathFinder
oCATG
o…
JavaScript: Jalangi
C: KLEE
9. public int M1(int a, int b)
{
if(a == 0)
{
Console.WriteLine(ERROR_MSG);
return -1;
}
if(b > a) return b*a+5;
else return (a+b)/2;
}
Details of IntelliTest (Dynamic SE)
Source code
Concrete
input values
Symbolic
variables
Constraint
solver
Constraints
Concrete
execution
Symbolic
execution
a==0
a:=0
b:=0 a,b
Transformationa!=0
a:=1
b:=0
10. public int M1(int a, int b)
{
if(a == 0)
{
Console.WriteLine(ERROR_MSG);
return -1;
}
if(b > a) return b*a+5;
else return (a+b)/2;
}
Details of IntelliTest (Dynamic SE)
Source code
Concrete
input values
Symbolic
variables
Constraint
solver
Constraints
Concrete
execution
Symbolic
execution
a!=0 &&
b<=a
a!=0 && b>a
a:=1
b:=0
a:=2
b:=3
11. Parameterized Unit Testing
Idea: Using test methods as specifications
o Easy to understand, easy to check, etc.
o But: too specific (used for a code unit), verbose, etc.
Parameterized Unit Test (PUT)
o Wrapper method for method/unit under test
o Main elements
• Inputs of the unit
• Assumptions for input space restriction
• Call to the unit
• Assertions for expected results
o Serves as a specification Test generators can use it
11
12. Example: Parameterized Unit Testing
12
void ReduceQuantityPUT(Product prod, int soldCount) {
// Assumptions
Assume.IsTrue(prod != null && prod.Quantity > 0);
Assume.IsTrue(soldCount > 0);
int oldQuantity = prod.Quantity;
// Calling the UUT
int newQuantity = StorageManager.ReduceQuantity(prod,soldCount);
// Assertions
Assert.IsTrue(newQuantity >= 0);
Assert.IsTrue(newQuantity < oldQuantity);
}
/// The method reduces the quantity of the specified
/// product. The product is known to be NOT null with
/// quantity larger than 0, also the sold amount is
/// always more than zero. The method has effects on
/// the database, and returns the new quantity of the
/// product. If the quantity would be negative, the
/// method reduces the quantity to zero.
int ReduceQuantity(Product prod, int soldCount) { … }
13. Example: Parameterized Unit Testing
13
void ReduceQuantityPUT(Product prod, int soldCount) {
// Assumptions
Assume.IsTrue(prod != null && prod.Quantity > 0);
Assume.IsTrue(soldCount > 0);
int oldQuantity = prod.Quantity;
// Calling the UUT
int newQuantity = StorageManager.ReduceQuantity(prod,soldCount);
// Assertions
Assert.IsTrue(newQuantity >= 0);
Assert.IsTrue(newQuantity < oldQuantity);
}
/// The method reduces the quantity of the specified
/// product. The product is known to be NOT null with
/// quantity larger than 0, also the sold amount is
/// always more than zero. The method has effects on
/// the database, and returns the new quantity of the
/// product. If the quantity would be negative, the
/// method reduces the quantity to zero.
int ReduceQuantity(Product prod, int soldCount) { … }
15. Challenges of SE-based techniques
1. Exponential growth of execution paths
2. Complex arithmetic expressions
3. Floating point operations
4. Compound structures and objects
5. Pointer operations
6. Interaction with the environment
7. Multithreading
8. …
15
T. Chen et al. „State of the art: Dynamic symbolic execution for automated test generation”.
Future Generation Computer Systems, 29(7), 2013
16. Challenges of SE-based techniques
1. Exponential growth of execution paths
2. Complex arithmetic expressions
3. Floating point operations
4. Compound structures and objects
5. Pointer operations
6. Interaction with the environment
7. Multithreading
8. …
16
T. Chen et al. „State of the art: Dynamic symbolic execution for automated test generation”.
Future Generation Computer Systems, 29(7), 2013
SEViz
17. Visualizing symbolic execution
SEViz: Symbolic Execution VIsualiZer
Goal: Help identifying test generation problems
o Long execution paths
o Unsolvable constraints
o …
Solution: Symbolic execution tree with metadata
17
Mapping to
source code
Calls to constraint solver
1
No Yes
End of execution paths
No test Failed test Passed test
1 11 1 1 1
SHAPE BORDER COLOR
18. Visualizing symbolic execution
Additional metadata
o Sequence number
o Path condition
o Incremental path condition (based on parent)
o Status: can have siblings or not
o Source code mapping (if available)
18
20. Challenges of SE-based techniques
1. Exponential growth of execution paths
2. Complex arithmetic expressions
3. Floating point operations
4. Compound structures and objects
5. Pointer operations
6. Interaction with the environment
7. Multithreading
8. …
20
T. Chen et al. „State of the art: Dynamic symbolic execution for automated test generation”.
Future Generation Computer Systems, 29(7), 2013
SEViz
Automated
isolation
21. Existing solutions
Stubbing and mocking (faking)
o Fixed values and checks for all DSE executions
o Not suitable for test generation
Parameterized mocking
o Interaction with DSE is possible
• More relevant test cases
• Custom behavior in mocks: e.g., state change of objects
o Introduces complexity for users of DSE
• Requires large amount of time and effort
• Not trivial task in case of complex structures
o Fakes cannot be generated under certain conditions
21
22. Approach for automated isolation
Automated isolation on source code level
1. Abstract syntax tree transformations in the SUT
2. Parameterized sandbox synthesization
22
SUT
C1
C2
Environment
i(C1,C2)
i(C2,E)
i(C2,C1)
i(C1,E)
SUT
C1’ C2’
Environment
SB i'(C2,E)i'(C1,E)
i(C2,C1)
i(C1,C2)
Replaced
external
objects
Replaced
external
calls
Sandbox
23. Example of AST transformation
23
public class WeekendNotifier {
public bool IsWeekendNear() {
DateTime date = DateTime.GetNow();
date.AddDays(2);
if(date.GetDay() == "Saturday") return true;
return false;
}
}
public class WeekendNotifier {
public bool IsWeekendNear() {
DynamicFake date = Fake.DateTimeGetNow();
Fake.DateTimeAddDays(2,date);
if(Fake.DateTimeGetDay(date) == "Saturday") return true;
return false;
}
}
24. Example of parameterized sandbox
24
public static class Fake {
public DynamicFake DateTimeGetNow() {
// Return a state container object instead of the original
return new DynamicFake();
}
public void DateTimeAddDays(int days, DynamicFake date) {
// TODO: State change of date using DSE
}
public int DateTimeGetDay(DynamicFake date) {
// Obtaining return value from DSE
return DSEEngine.ChooseValue<int>();
}
}
25. Summary
White-box test generation: symbolic execution
IntelliTest, a state-of-the-art test generator
o Dynamic Symbolic Execution (DSE)
o Parameterized Unit Tests
DSE has several challenges, e.g.:
o Test generation problem indentification
o Environment dependencies
My research
o SEViz: A tool for visualizing symbolic execution
o Automated isolation with source code transformation
25
De hogyan is néz ki a forráskód alapú teszttervezés
A cél természetesen specifikáció hiányában például az lehet, hogy fedjük az összes lehetséges utasítást.
Hát csináljuk is ezt meg kézzel. Van egy writelineunk és utána egy returnünk. A bemeneti paramétereket figyelembe véve milyen feltétellel juthatunk el ezekre az utasításokra?
Nyilvánvalóan ha a==0, de nézzük a következő return utasítást. Ide milyen feltételt szabhatunk a bemeneti változóinkra? Azt tudjuk már, hogy az a!=0, és most hozzá ÉS-eljük a b>a-t.
Hasonlóképp a harmadik return utasításhoz is szabhatunk feltételt, ha az a!=0-t összeÉS-eljük a b<=a-val.
Oké, de ebből hogyan kapunk teszteket? Hát nagyon egyszerű módon: fogjuk a formulákat és kielégítő behelyettesítéseket adunk a változóiknak, ahogy például a táblázatban szerepel.
Ezekkel a bemenetekkel már pont meghajthatjuk a formulákhoz tartozó egyes utasításokat, így tesztelhetjük őket.
Na jó, de azért egy kicsit valami sántít. Mi maradt ki?
Hát az, hogy egy teszteset az nem csak bemenetekből, hanem elvárt kimenetekből és még egyéb tesztadatokból is állhat.
De mégis mi az, amit elvárt kimenet nélkül észre tudunk venni?
Egyszerű, általános hibákat úgy mint nem várt kivételek
Észrevehetjük a kódban lévő assertionök megsértését
Esetleg regressziós tesztkészletként használhatjuk és az újabb forráskódverziók kimeneteit összevethetjük a korábbiakkéval.
Esetleg több különböző implementáció ekvivalenciájának ellenőrzését is megoldhatjuk vele.
De lássuk, hogy milyen eszközök léteznek a kód alapú tesztgenerálásra
.NET-hez van két Microsoft Research fejlesztés
Az egyik, amiről ma is beszélek majd: az IntelliTest (korábbi nevén Pex)
Míg a másik a SAGE, ami egy belső toolja a Microsoftnak security testingre. Elmondásaik alapján mindennap használják a Windows és az Office fejlesztéséhez A Win7 security bugjainak nagy részét ezzel találták meg.
Természetesen Java-hoz is léteznek eszközök, az egyiket ráadásul a NASA fejleszti Symbolic PathFinder néven.
Említhetjük még a JavaScript-es Jalangit és a C-s KLEE eszközt is. A KLEE érdekessége, hogy belső engine-ként felhasználja a Cloud9 tesztgeneráló eszköz, amit ha jól tudom a svájci részecskekutató-intézetben a CERN-ben is használnak.
Az azért látható a fejlesztőkből, hogy olyan szervezetek is használják őket, ahol biztonságkritikus fejlesztések folynak.
Az említett eszközök közül én ma az IntelliTest-ről fogok nektek bővebben mesélni.
Az IntelliTest a Visual Studio 2015 Enterprise verziójában jelent meg először ezen a néven
Néhányotok számára viszont ismerős lehet a Pex vagy a Code Digger elnevezés is.
A Pex az IntelliTest korábbi neve volt, most pedig az eszköz mögött lévő engine-t nevezik így.
A Code Digger pedig a VS2013-hoz volt elérhető kiegészőként, ez a Pex egy jelentősen lebutított változata volt.
- Menjünk bele egy kicsit a részletekbe is, és lássuk mi is az a szimbolikus végrehajtás.
- A Pex engine a háttérben hasonlóképp működik ahogyan azt a dián kézzel is végigvittük. A kód bejárását alacsony szintű .NET-es mágiával és saját parancsértelmezővel viszi véghez.
- A bejáráshoz konkrét végrehajtást alkalmaz, amely során összegyűjti azokat a feltételeket avagy formulákat, amik az egyes, még felderítetlen kódrészek bejárásához szükségesek (ahogyan ezt mi is kézzel megtettük).
- Ezeket átadja egy speciális eszköznek (úgynevezett Z3 kényszermegoldónak - szintén MS Research fejlesztés), amitől visszakapja ezeknek a formuláknak egy konkrét behelyettesítését.
Ez a behelyettesítés fogja adni egy adott végrehajtási útvonalhoz szükséges bemeneteket.
És itt jutottunk egy visszacsatoláshoz, a Pex addig fogja ezt az iterációt csinálni, amíg létezik olyan lefutási útvonal, aminek a kényszerét még nem oldotta meg.
- Mind mondottam, az IntelliTestnek ez csak a legegyszerűbb használati esete volt.
- Lássuk, hogy egy kicsivel bonyolultabb problémát hogyan old meg az eszköz.
Of course, there are existing solutions to alleviate the environment dependency problem: such as Stubbing and Mocking
However, this uses fixed values and checks for all DSE execution paths, and thus not suitable for test generation
That is the reason why a technique called parameterized mocking was introduced recently, that enables the interaction of DSE and mocks
By using this technique DSE can generate more relevant cases, and also it enables the definition of custom behavior like changing states of objects in the mocks by using values obtained from the DSE
On the other, this introduces, complexity… AUTOMATION
Also, the fake objects are usually provided by isolatino frameworks that cannot be used under certain conditions and have several limitations AVOID USING ISOLATION FWs
Thus our approach is to automatically isolate the dependencies on the source code level in order to alleviate DSE-based test generation
* First, our technique transforms the AST of the unit under test, then an algorithm synthesizes a parameterized sandbox that can be utilized by the DSE itself
* In order to show it visually, consider the previous example, our approach transforms the unit under test by replacing external type usages and external invocations
* Also, the tecnhnique generates a paramterized sandbox, where the replace invocations are pointing to
* And in the end, you can see that there is no access to the environment
External objects ->DynamicFake state containers
On this slide, I would like to present the AST transformation by an example class called WeekendNotifier
…
So, we have just transformed the unit under test, however our invocations are pointing to nowhere. At this point, the generation of the sandbox comes in.
The external invocations are synthesized in a form of method stubs into a Fake class that contains all of these synthesized methods..
F