19 research outputs found
Contracting the Facebook API
In recent years, there has been an explosive growth in the popularity of
online social networks such as Facebook. In a new twist, third party developers
are now able to create their own web applications which plug into Facebook and
work with Facebook's "social" data, enabling the entire Facebook user base of
more than 400 million active users to use such applications. These client
applications can contain subtle errors that can be hard to debug if they misuse
the Facebook API. In this paper we present an experience report on applying
Microsoft's new code contract system for the .NET framework to the Facebook
API.We wrote contracts for several classes in the Facebook API wrapper which
allows Microsoft .NET developers to implement Facebook applications. We
evaluated the usefulness of these contracts during implementation of a new
Facebook application. Our experience indicates that having code contracts
provides a better and quicker software development experience.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330
Stateful Testing: Finding More Errors in Code and Contracts
Automated random testing has shown to be an effective approach to finding
faults but still faces a major unsolved issue: how to generate test inputs
diverse enough to find many faults and find them quickly. Stateful testing, the
automated testing technique introduced in this article, generates new test
cases that improve an existing test suite. The generated test cases are
designed to violate the dynamically inferred contracts (invariants)
characterizing the existing test suite. As a consequence, they are in a good
position to detect new errors, and also to improve the accuracy of the inferred
contracts by discovering those that are unsound. Experiments on 13 data
structure classes totalling over 28,000 lines of code demonstrate the
effectiveness of stateful testing in improving over the results of long
sessions of random testing: stateful testing found 68.4% new errors and
improved the accuracy of automatically inferred contracts to over 99%, with
just a 7% time overhead.Comment: 11 pages, 3 figure
Specifying Reusable Components
Reusable software components need expressive specifications. This paper
outlines a rigorous foundation to model-based contracts, a method to equip
classes with strong contracts that support accurate design, implementation, and
formal verification of reusable components. Model-based contracts
conservatively extend the classic Design by Contract with a notion of model,
which underpins the precise definitions of such concepts as abstract
equivalence and specification completeness. Experiments applying model-based
contracts to libraries of data structures suggest that the method enables
accurate specification of practical software
Recommended from our members
Metamorphic Runtime Checking of Applications Without Test Oracles
For some applications, it is impossible or impractical to know what the correct output should be for an arbitrary input, making testing difficult. Many machine-learning applications for “big data”, bioinformatics and cyberphysical systems fall in this scope: they do not have a test oracle. Metamorphic Testing, a simple testing technique that does not require a test oracle, has been shown to be effective for testing such applications. We present Metamorphic Runtime Checking, a novel approach that conducts metamorphic testing of both the entire application and individual functions during a program’s execution. We have applied Metamorphic Runtime Checking to 9 machine-‐learning applications, finding it to be on average 170% more effective than traditional metamorphic testing at only the full application level
Code-based Automated Program Fixing
Many programmers, when they encounter an error, would like to have the
benefit of automatic fix suggestions---as long as they are, most of the time,
adequate. Initial research in this direction has generally limited itself to
specific areas, such as data structure classes with carefully designed
interfaces, and relied on simple approaches. To provide high-quality fix
suggestions in a broad area of applicability, the present work relies on the
presence of contracts in the code, and on the availability of dynamic analysis
to gather evidence on the values taken by expressions derived from the program
text. The ideas have been built into the AutoFix-E2 automatic fix generator.
Applications of AutoFix-E2 to general-purpose software, such as a library to
manipulate documents, show that the approach provides an improvement over
previous techniques, in particular purely model-based approaches
Feedback-Driven Dynamic Invariant Discovery
Program invariants can help software developers identify program properties that must be preserved as the software evolves, however, formulating correct invariants can be challenging. In this work, we introduce iDiscovery, a technique which leverages symbolic execution to improve the quality of dynamically discovered invariants computed by Daikon. Candidate invariants generated by Daikon are synthesized into assertions and instrumented onto the program. The instrumented code is executed symbolically to generate new test cases that are fed back to Daikon to help further re ne the set of candidate invariants. This feedback loop is executed until a x-point is reached. To mitigate the cost of symbolic execution, we present optimizations to prune the symbolic state space and to reduce the complexity of the generated path conditions. We also leverage recent advances in constraint solution reuse techniques to avoid computing results for the same constraints across iterations. Experimental results show that iDiscovery converges to a set of higher quality invariants compared to the initial set of candidate invariants in a small number of iterations
Inferring Loop Invariants using Postconditions
One of the obstacles in automatic program proving is to obtain suitable loop
invariants.
The invariant of a loop is a weakened form of its postcondition (the loop's
goal, also known as its contract); the present work takes advantage of this
observation by using the postcondition as the basis for invariant inference,
using various heuristics such as "uncoupling" which prove useful in many
important algorithms.
Thanks to these heuristics, the technique is able to infer invariants for a
large variety of loop examples.
We present the theory behind the technique, its implementation (freely
available for download and currently relying on Microsoft Research's Boogie
tool), and the results obtained.Comment: Slightly revised versio
What good are strong specifications?
Abstract—Experience with lightweight formal methods suggests that programmers are willing to write specification if it brings tangible benefits to their usual development activities. This paper considers stronger specifications and studies whether they can be deployed as an incremental practice that brings additional benefits without being unacceptably expensive. We introduce a methodology that extends Design by Contract to write strong specifications of functional properties in the form of preconditions, postconditions, and invariants. The methodology aims at being palatable to developers who are not fluent in formal techniques but are comfortable with writing simple specifications. We evaluate the cost and the benefits of using strong specifications by applying the methodology to testing data structure implementations written in Eiffel and C#. In our extensive experiments, testing against strong specifications detects twice as many bugs as standard contracts, with a reasonable overhead in terms of annotation burden and runtime performance while testing. In the wide spectrum of formal techniques for software quality, testing against strong specifications lies in a “sweet spot ” with a favorable benefit to effort ratio. I