2,495 research outputs found
JWalk: a tool for lazy, systematic testing of java classes by design introspection and user interaction
Popular software testing tools, such as JUnit, allow frequent retesting of modified code; yet the manually created test scripts are often seriously incomplete. A unit-testing tool called JWalk has therefore been developed to address the need for systematic unit testing within the context of agile methods. The tool operates directly on the compiled code for Java classes and uses a new lazy method for inducing the changing design of a class on the fly. This is achieved partly through introspection, using Java’s reflection capability, and partly through interaction with the user, constructing and saving test oracles on the fly. Predictive rules reduce the number of oracle values that must be confirmed by the tester. Without human intervention, JWalk performs bounded exhaustive exploration of the class’s method protocols and may be directed to explore the space of algebraic constructions, or the intended design state-space of the tested class. With some human interaction, JWalk performs up to the equivalent of fully automated state-based testing, from a specification that was acquired incrementally
Inferring Concise Specifications of APIs
Modern software relies on libraries and uses them via application programming
interfaces (APIs). Correct API usage as well as many software engineering tasks
are enabled when APIs have formal specifications. In this work, we analyze the
implementation of each method in an API to infer a formal postcondition.
Conventional wisdom is that, if one has preconditions, then one can use the
strongest postcondition predicate transformer (SP) to infer postconditions.
However, SP yields postconditions that are exponentially large, which makes
them difficult to use, either by humans or by tools. Our key idea is an
algorithm that converts such exponentially large specifications into a form
that is more concise and thus more usable. This is done by leveraging the
structure of the specifications that result from the use of SP. We applied our
technique to infer postconditions for over 2,300 methods in seven popular Java
libraries. Our technique was able to infer specifications for 75.7% of these
methods, each of which was verified using an Extended Static Checker. We also
found that 84.6% of resulting specifications were less than 1/4 page (20 lines)
in length. Our technique was able to reduce the length of SMT proofs needed for
verifying implementations by 76.7% and reduced prover execution time by 26.7%
Assured Android Execution Environments
Current cybersecurity best practices, techniques, tactics and procedures are insufficient to ensure the protection of Android systems. Software tools leveraging formal methods use mathematical means to assure both a design and implementation for a system and these methods can be used to provide security assurances. The goal of this research is to determine methods of assuring isolation when executing Android software in a contained environment. Specifically, this research demonstrates security properties relevant to Android software containers can be formally captured and validated, and that an implementation can be formally verified to satisfy a corresponding specification. A three-stage methodology called The Formal Verification Cycle is presented. This cycle focuses on the iteration over a set of security properties to validate each within a specification and their verification within a software implementation. A security property can be validated when its functional language prototype (e.g. a Haskell coded version of the property) is converted and processed by a formal method (e.g. a theorem proof assistant). This validation of the property enables the definition of the property in a software specification, which can be implemented separately in an imperative programming language (e.g. the Go programming language). Once the implementation is complete another formal method can be used (e.g. symbolic execution) to verify the imperative implementation satisfies the validated specification. Successful completion of this cycle shows a given implementation is equivalent to a functional language prototype, and this cycle assures a specification for the original desired security properties was properly implemented. This research shows an application of this cycle to develop Assured Android Execution Environments
Distributed Real-Time Emulation of Formally-Defined Patterns for Safe Medical Device Control
Safety of medical devices and of their interoperation is an unresolved issue
causing severe and sometimes deadly accidents for patients with shocking
frequency. Formal methods, particularly in support of highly reusable and
provably safe patterns which can be instantiated to many device instances can
help in this regard. However, this still leaves open the issue of how to pass
from their formal specifications in logical time to executable emulations that
can interoperate in physical time with other devices and with simulations of
patient and/or doctor behaviors. This work presents a specification-based
methodology in which virtual emulation environments can be easily developed
from formal specifications in Real-Time Maude, and can support interactions
with other real devices and with simulation models. This general methodology is
explained in detail and is illustrated with two concrete scenarios which are
both instances of a common safe formal pattern: one scenario involves the
interaction of a provably safe pacemaker with a simulated heart; the other
involves the interaction of a safe controller for patient-induced analgesia
with a real syringe pump.Comment: In Proceedings RTRTS 2010, arXiv:1009.398
Automatic Generation of High-Coverage Tests for RTL Designs using Software Techniques and Tools
Register Transfer Level (RTL) design validation is a crucial stage in the
hardware design process. We present a new approach to enhancing RTL design
validation using available software techniques and tools. Our approach converts
the source code of a RTL design into a C++ software program. Then a powerful
symbolic execution engine is employed to execute the converted C++ program
symbolically to generate test cases. To better generate efficient test cases,
we limit the number of cycles to guide symbolic execution. Moreover, we add
bit-level symbolic variable support into the symbolic execution engine.
Generated test cases are further evaluated by simulating the RTL design to get
accurate coverage. We have evaluated the approach on a floating point unit
(FPU) design. The preliminary results show that our approach can deliver
high-quality tests to achieve high coverage
Dynamically typed languages
Dynamically typed languages such as Python and Ruby have experienced a rapid grown in popularity in recent times. However, there is much confusion as to what makes these languages interesting relative to statically typed languages, and little knowledge of their rich history. In this chapter I explore the general topic of dynamically typed languages, how they differ from statically typed languages, their history, and their defining features
- …