Combining Deduction and Model Checking into Tableaux and ...
White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf ·...
Transcript of White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf ·...
![Page 1: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/1.jpg)
White-box Testing by Combining
Deduction-based Specification Extraction andBlack-box Testing
Bernhard Beckert, Christoph Gladisch
www.key-project.org
6th KeY Symposium 2007
Nomborn, GermanyJune 14, 2007
![Page 2: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/2.jpg)
Two Kinds of Specifications
Requirement Specificaiton
Given by the user
Role: To be tested or verified
Full Specifictaion
Must comply with the IUT (Impl. Under Test)
Reflects the structure of the program
Can be extracted automatically
![Page 3: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/3.jpg)
Two Kinds of Specifications
Requirement Specificaiton
Given by the user
Role: To be tested or verified
Full Specifictaion
Must comply with the IUT (Impl. Under Test)
Reflects the structure of the program
Can be extracted automatically
![Page 4: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/4.jpg)
Two Kinds of Specifications
Requirement Specificaiton
Given by the user
Role: To be tested or verified
Full Specifictaion
Must comply with the IUT (Impl. Under Test)
Reflects the structure of the program
Can be extracted automatically
![Page 5: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/5.jpg)
Two Kinds of Specifications
Requirement Specificaiton
Given by the user
Role: To be tested or verified
Full Specifictaion
Must comply with the IUT (Impl. Under Test)
Reflects the structure of the program
Can be extracted automatically
![Page 6: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/6.jpg)
Two Kinds of Specifications
Requirement Specificaiton
Given by the user
Role: To be tested or verified
Full Specifictaion
Must comply with the IUT (Impl. Under Test)
Reflects the structure of the program
Can be extracted automatically
![Page 7: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/7.jpg)
Two Kinds of Specifications
Requirement Specificaiton
Given by the user
Role: To be tested or verified
Full Specifictaion
Must comply with the IUT (Impl. Under Test)
Reflects the structure of the program
Can be extracted automatically
![Page 8: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/8.jpg)
Two Kinds of Specifications
Requirement Specificaiton
Given by the user
Role: To be tested or verified
Full Specifictaion
Must comply with the IUT (Impl. Under Test)
Reflects the structure of the program
Can be extracted automatically
![Page 9: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/9.jpg)
Tool Chain
![Page 10: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/10.jpg)
Tool Chain
![Page 11: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/11.jpg)
Tool Chain
![Page 12: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/12.jpg)
Benefits
Using of existing Black-box Testing Tools for White-boxtesting
Separation of concerns - Modularity
Combination of Coverage Criteria
![Page 13: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/13.jpg)
Benefits
Using of existing Black-box Testing Tools for White-boxtesting
Separation of concerns - Modularity
Combination of Coverage Criteria
![Page 14: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/14.jpg)
Benefits
Using of existing Black-box Testing Tools for White-boxtesting
Separation of concerns - Modularity
Combination of Coverage Criteria
![Page 15: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/15.jpg)
Benefits
Using of existing Black-box Testing Tools for White-boxtesting
Separation of concerns - Modularity
Combination of Coverage Criteria
![Page 16: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/16.jpg)
The KeYSystem
Program Variable = non-rigid Function Symbol
(prog .var .) a = a (logic const.)o.a = a(o)
Modal Operators
[p]φ 〈p〉φ {a := b}φ〈o.a = t;u.b = s〉φ {a(o) := t || b(u′) := s ′}φ
{for x ; fx := gx}φ {fn := gn||..||f0 := g0}φ
Sequent Calculus Rules
Γ, c = true =⇒ 〈p〉φ,∆ Γ, c = false =⇒ 〈q〉φ,∆
Γ =⇒ 〈if(c){p}else{q}..〉φ,∆
![Page 17: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/17.jpg)
The KeYSystem
Program Variable = non-rigid Function Symbol
(prog .var .) a = a (logic const.)o.a = a(o)
Modal Operators
[p]φ 〈p〉φ {a := b}φ〈o.a = t;u.b = s〉φ {a(o) := t || b(u′) := s ′}φ
{for x ; fx := gx}φ {fn := gn||..||f0 := g0}φ
Sequent Calculus Rules
Γ, c = true =⇒ 〈p〉φ,∆ Γ, c = false =⇒ 〈q〉φ,∆
Γ =⇒ 〈if(c){p}else{q}..〉φ,∆
![Page 18: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/18.jpg)
The KeYSystem
Program Variable = non-rigid Function Symbol
(prog .var .) a = a (logic const.)o.a = a(o)
Modal Operators
[p]φ 〈p〉φ {a := b}φ〈o.a = t;u.b = s〉φ {a(o) := t || b(u′) := s ′}φ
{for x ; fx := gx}φ {fn := gn||..||f0 := g0}φ
Sequent Calculus Rules
Γ, c = true =⇒ 〈p〉φ,∆ Γ, c = false =⇒ 〈q〉φ,∆
Γ =⇒ 〈if(c){p}else{q}..〉φ,∆
![Page 19: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/19.jpg)
The KeYSystem
Program Variable = non-rigid Function Symbol
(prog .var .) a = a (logic const.)o.a = a(o)
Modal Operators
[p]φ 〈p〉φ {a := b}φ〈o.a = t;u.b = s〉φ {a(o) := t || b(u′) := s ′}φ
{for x ; fx := gx}φ {fn := gn||..||f0 := g0}φ
Sequent Calculus Rules
Γ, c = true =⇒ 〈p〉φ,∆ Γ, c = false =⇒ 〈q〉φ,∆
Γ =⇒ 〈if(c){p}else{q}..〉φ,∆
![Page 20: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/20.jpg)
The KeYSystem
Program Variable = non-rigid Function Symbol
(prog .var .) a = a (logic const.)o.a = a(o)
Modal Operators
[p]φ 〈p〉φ {a := b}φ〈o.a = t;u.b = s〉φ {a(o) := t || b(u′) := s ′}φ
{for x ; fx := gx}φ {fn := gn||..||f0 := g0}φ
Sequent Calculus Rules
Γ, c = true =⇒ 〈p〉φ,∆ Γ, c = false =⇒ 〈q〉φ,∆
Γ =⇒ 〈if(c){p}else{q}..〉φ,∆
![Page 21: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/21.jpg)
The KeYSystem
Program Variable = non-rigid Function Symbol
(prog .var .) a = a (logic const.)o.a = a(o)
Modal Operators
[p]φ 〈p〉φ {a := b}φ〈o.a = t;u.b = s〉φ {a(o) := t || b(u′) := s ′}φ
{for x ; fx := gx}φ {fn := gn||..||f0 := g0}φ
Sequent Calculus Rules
Γ, c = true =⇒ 〈p〉φ,∆ Γ, c = false =⇒ 〈q〉φ,∆
Γ =⇒ 〈if(c){p}else{q}..〉φ,∆
![Page 22: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/22.jpg)
The KeYSystem
Program Variable = non-rigid Function Symbol
(prog .var .) a = a (logic const.)o.a = a(o)
Modal Operators
[p]φ 〈p〉φ {a := b}φ〈o.a = t;u.b = s〉φ {a(o) := t || b(u′) := s ′}φ
{for x ; fx := gx}φ {fn := gn||..||f0 := g0}φ
Sequent Calculus Rules
Γ, c = true =⇒ 〈p〉φ,∆ Γ, c = false =⇒ 〈q〉φ,∆
Γ =⇒ 〈if(c){p}else{q}..〉φ,∆
![Page 23: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/23.jpg)
The KeYSystem
Program Variable = non-rigid Function Symbol
(prog .var .) a = a (logic const.)o.a = a(o)
Modal Operators
[p]φ 〈p〉φ {a := b}φ〈o.a = t;u.b = s〉φ {a(o) := t || b(u′) := s ′}φ
{for x ; fx := gx}φ {fn := gn||..||f0 := g0}φ
Sequent Calculus Rules
Γ, c = true =⇒ 〈p〉φ,∆ Γ, c = false =⇒ 〈q〉φ,∆
Γ =⇒ 〈if(c){p}else{q}..〉φ,∆
![Page 24: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/24.jpg)
Example IUTpubli lass AbsDiff{publi stati int d;
/*@ public normal_behavior
@ requires true;
@ ensures d==x-y || d==y-x;
@ ensures d>=x-y && d>=y-x;
@*/publi stati void diff(int x, int y){if(x<y) d=y;else d=x;if(d<=y)d=d-x;else d=d-y;
}
}
![Page 25: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/25.jpg)
Specification Extraction (Structural properties)
x < y, x ≤ y
=⇒ {d := y-x}∆
*
x < y, x > y
=⇒ {d := y-x}∆
. . .
x < y =⇒ {d := y}[if . . .]∆
(B3) (B4)
x ≥ y =⇒{d := x}[if . . .]∆
=⇒ [if(x<y)d=y;else d=x; if(d<=y). . .]∆
B1: req x<y && y<=y ens d=\old(y-x); alsoB3: req x>=y && x<=y ens d=\old(x-y); alsoB4: req x>=y && x>y ens d=\old(x-y);
![Page 26: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/26.jpg)
Specification Extraction (Structural properties)
x < y, x ≤ y
=⇒ {d := y-x}∆
*
x < y, x > y
=⇒ {d := y-x}∆
. . .
x < y =⇒ {d := y}[if . . .]∆
(B3) (B4)
x ≥ y =⇒{d := x}[if . . .]∆
=⇒ [if(x<y)d=y;else d=x; if(d<=y). . .]∆
B1: req x<y && y<=y ens d=\old(y-x); alsoB3: req x>=y && x<=y ens d=\old(x-y); alsoB4: req x>=y && x>y ens d=\old(x-y);
![Page 27: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/27.jpg)
Specification Extraction (Structural properties)
x < y, y ≤ y
=⇒ {d := y-x}∆
*
x < y, x > y
=⇒ {d := y-x}∆
. . .
x < y =⇒ {d := y}[if . . .]∆
(B3) (B4)
x ≥ y =⇒{d := x}[if . . .]∆
=⇒ [if(x<y)d=y;else d=x; if(d<=y). . .]∆
B1: req x<y && y<=y ens d=\old(y-x); alsoB3: req x>=y && x<=y ens d=\old(x-y); alsoB4: req x>=y && x>y ens d=\old(x-y);
![Page 28: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/28.jpg)
Specification Extraction (Structural properties)
x < y, y ≤ y
=⇒ {d := y-x}∆
*
x < y, x > y
=⇒ {d := y-x}∆
. . .
x < y =⇒ {d := y}[if . . .]∆
(B3) (B4)
x ≥ y =⇒{d := x}[if . . .]∆
=⇒ [if(x<y)d=y;else d=x; if(d<=y). . .]∆
B1: req x<y && y<=y ens d=\old(y-x); alsoB3: req x>=y && x<=y ens d=\old(x-y); alsoB4: req x>=y && x>y ens d=\old(x-y);
![Page 29: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/29.jpg)
Example IUTpubli lass AbsDiff{publi stati int d;
/*@ public normal_behavior
& requires true;
@ ensures d==x-y || d==y-x;
@ ensures d>=x-y && d>=y-x;
@*/publi stati void diff(int x, int y){
...
}
}
![Page 30: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/30.jpg)
Example IUT
/*@ public normal_behavior
@ requires true;
@ ensures d==x-y || d==y-x;
@ ensures d>=x-y && d>=y-x;
@ also@ requires y < x;
@ ensures d == \old(x - y);
@ also@ requires y == x;
@ ensures d == \old(0);
@ also@ requires y > x;
@ ensures d == \old(y - x);
@*/
![Page 31: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/31.jpg)
Example IUT
/*@ public normal_behavior
@ requires y < x && true;
@ ensures d == \old(x - y)
@ && (d==x-y || d==y-x) && d>=x-y && d>=y-x;
@ also@ requires y == x && true;
@ ensures d == \old(0)
@ && (d==x-y || d==y-x) && d>=x-y && d>=y-x;
@ also@ requires y > x && true;
@ ensures d == \old(y - x)
@ && (d==x-y || d==y-x) && d>=x-y && d>=y-x;
@*/
![Page 32: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/32.jpg)
Using the extracted Post Condition
Requirement Specificationrequires true;ensures (d==x-y || d==y-x) && d>=x-y && d>=y-x
&& d!=MAX_INT;
With Full Specificationrequires true && y < x;ensures (d==x-y || d==y-x) && d>=x-y && d>=y-x
&& d!=MAX_INT && d == \old(x - y);also...
![Page 33: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/33.jpg)
Using the extracted Post Condition
Requirement Specificationrequires true;ensures (d==x-y || d==y-x) && d>=x-y && d>=y-x
&& d!=MAX_INT;
With Full Specificationrequires true && y < x;ensures (d==x-y || d==y-x) && d>=x-y && d>=y-x
&& d!=MAX_INT && d == \old(x - y);also...
![Page 34: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/34.jpg)
Using the extracted Post Condition
Requirement Specificationrequires true;ensures (d==x-y || d==y-x) && d>=x-y && d>=y-x
&& d!=MAX_INT;
With Full Specificationrequires true && y < x;ensures (d==x-y || d==y-x) && d>=x-y && d>=y-x
&& d!=MAX_INT && d == \old(x - y);also...
![Page 35: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/35.jpg)
Loops
while (k<n) {if (j=7) {
j = 0;
line = new Line(line);
}
line.buf[j]=a[k];
k++; j++;
}
![Page 36: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/36.jpg)
Loops (Unfolding)
if (k<n)
{if(j=7){..};if(j>7||k>n)..;line.buf[j]=a[k]; k++; j++;if(k<n)
{if(j=7){..}; if(j>7||k>n)..;line.buf[j]=a[k]; k++; j++;
...while(k<n){...}}
}
![Page 37: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/37.jpg)
Contracts Program Replacements
![Page 38: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/38.jpg)
Contracts Program Replacements
![Page 39: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/39.jpg)
Contracts Program Replacements
![Page 40: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/40.jpg)
Contracts Program Replacements
![Page 41: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/41.jpg)
Contracts Program Replacements
![Page 42: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/42.jpg)
Contracts Program Replacements
![Page 43: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/43.jpg)
Contracts Program Replacements
![Page 44: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/44.jpg)
Traditional Contract Rule
Pre =⇒ PreC , 〈p〉Post
PostC =⇒ Post
〈p〉PostC ,Pre =⇒ 〈p〉Post
PreC → 〈p〉PostC ,Pre =⇒ 〈p〉Post
PreC → 〈p〉PostC︸ ︷︷ ︸
Contract
=⇒ Pre → 〈p〉Post
![Page 45: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/45.jpg)
Traditional Contract Rule
Pre =⇒ PreC , 〈p〉Post
PostC =⇒ Post
〈p〉PostC ,Pre =⇒ 〈p〉Post
PreC → 〈p〉PostC ,Pre =⇒ 〈p〉Post
PreC → 〈p〉PostC︸ ︷︷ ︸
Contract
=⇒ Pre → 〈p〉Post
![Page 46: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/46.jpg)
Traditional Contract Rule
Pre =⇒ PreC , 〈p〉Post
PostC =⇒ Post
〈p〉PostC ,Pre =⇒ 〈p〉Post
PreC → 〈p〉PostC ,Pre =⇒ 〈p〉Post
PreC → 〈p〉PostC︸ ︷︷ ︸
Contract
=⇒ Pre → 〈p〉Post
![Page 47: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/47.jpg)
Traditional Contract Rule
Pre =⇒ PreC , 〈p〉Post
PostC =⇒ Post
〈p〉PostC ,Pre =⇒ 〈p〉Post
PreC → 〈p〉PostC ,Pre =⇒ 〈p〉Post
PreC → 〈p〉PostC︸ ︷︷ ︸
Contract
=⇒ Pre → 〈p〉Post
![Page 48: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/48.jpg)
Traditional Contract Rule
Pre =⇒ PreC , 〈p〉Post
PostC =⇒ Post
〈p〉PostC ,Pre =⇒ 〈p〉Post
PreC → 〈p〉PostC ,Pre =⇒ 〈p〉Post
PreC → 〈p〉PostC︸ ︷︷ ︸
Contract
=⇒ Pre → 〈p〉Post
![Page 49: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/49.jpg)
Traditional Contract Rule
. . .
PostC =⇒ Post
〈p〉PostC ,Pre =⇒ 〈p〉Post
PreC → 〈p〉PostC ,Pre =⇒ 〈p〉Post
PreC → 〈p〉PostC︸ ︷︷ ︸
Contract
=⇒ Pre → 〈p〉Post
![Page 50: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/50.jpg)
KeY’s Contract Rule
. . .
Pre, {for x ; f (x) := f sk(x)}PostC=⇒ {for x ; f (x) := f sk(x)}Post
〈p〉PostC ,Pre =⇒ 〈p〉Post
Pre,PreC → 〈p〉PostC =⇒ 〈p〉Post
PreC → 〈p〉PostC︸ ︷︷ ︸
Contract
=⇒ Pre → 〈p〉Post
where {forx .f (x) := f sk(x)} abbrev.{for x0,1. . . . x0,n0
.f0(x0,1, . . . , x0,n0) := f sk
0(x0,1, . . . , x0,n0
)}...{for xm,1. . . . xm,nm
.fm(xm,1, . . . , xm,nm) := f sk
m (xm,1, . . . , xm,nm)}
![Page 51: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/51.jpg)
KeY’s Contract Rule
. . .
Pre, {for x ; f (x) := f sk(x)}PostC=⇒ {for x ; f (x) := f sk(x)}Post
〈p〉PostC ,Pre =⇒ 〈p〉Post
Pre,PreC → 〈p〉PostC =⇒ 〈p〉Post
PreC → 〈p〉PostC︸ ︷︷ ︸
Contract
=⇒ Pre → 〈p〉Post
where {forx .f (x) := f sk(x)} abbrev.{for x0,1. . . . x0,n0
.f0(x0,1, . . . , x0,n0) := f sk
0(x0,1, . . . , x0,n0
)}...{for xm,1. . . . xm,nm
.fm(xm,1, . . . , xm,nm) := f sk
m (xm,1, . . . , xm,nm)}
![Page 52: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/52.jpg)
Explicit Structural Coverage
Pre, {for x ; f (x) := f sk(x)}PostC=⇒ {for x ; f (x) := f sk(x)}Post
![Page 53: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/53.jpg)
Explicit Structural Coverage
Pre, {for x ; f (x) := f sk(x)}PostC=⇒ {for x ; f (x) := f sk(x)}Post
![Page 54: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/54.jpg)
Explicit Structural Coverage
Pre, {for x ; f (x) := f sk(x)}PostC=⇒ {for x ; f (x) := f sk(x)}Post
![Page 55: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/55.jpg)
Loops (Invariants)
while (k<n) {if (j=7) {
j = 0;
line = new Line(line);
}
line.buf[j]=a[k];
k++; j++;
}
Invariant:0 ≤ k ≤ n ∧ 0 ≤ j ≤ n ∧ j ≤ 7
![Page 56: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/56.jpg)
Loops (Invariants)
while (k<n) {if (j=7) {
j = 0;
line = new Line(line);
}
line.buf[j]=a[k];
k++; j++;
}
Invariant:0 ≤ k ≤ n ∧ 0 ≤ j ≤ n ∧ j ≤ 7
![Page 57: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/57.jpg)
Requirement Specification from a ReferenceImplementation
![Page 58: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/58.jpg)
Requirement Specification from a ReferenceImplementation
![Page 59: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/59.jpg)
Conclusion
Enrich existing Requirement Specification with ProgramStructure
Use Black-box Testing tool for White-box testing
Tools that use Symbolic Execution can be extended
An Importer and Exporter for a Specification language has tobe implemented
![Page 60: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/60.jpg)
Conclusion
Enrich existing Requirement Specification with ProgramStructure
Use Black-box Testing tool for White-box testing
Tools that use Symbolic Execution can be extended
An Importer and Exporter for a Specification language has tobe implemented
![Page 61: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/61.jpg)
Conclusion
Enrich existing Requirement Specification with ProgramStructure
Use Black-box Testing tool for White-box testing
Tools that use Symbolic Execution can be extended
An Importer and Exporter for a Specification language has tobe implemented
![Page 62: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/62.jpg)
Conclusion
Enrich existing Requirement Specification with ProgramStructure
Use Black-box Testing tool for White-box testing
Tools that use Symbolic Execution can be extended
An Importer and Exporter for a Specification language has tobe implemented
![Page 63: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/63.jpg)
Conclusion
Enrich existing Requirement Specification with ProgramStructure
Use Black-box Testing tool for White-box testing
Tools that use Symbolic Execution can be extended
An Importer and Exporter for a Specification language has tobe implemented
![Page 64: White-box Testing by Combining Deduction-based ...key/keysymposium07/slides/gladisch-testing.pdf · White-box Testing by Combining Deduction-based Specification Extraction and Black-box](https://reader033.fdocuments.in/reader033/viewer/2022041702/5e426502bb39f23f660e0578/html5/thumbnails/64.jpg)
White-box Testing by Combining Deduction-basedSpecification Extraction and Black-box Testing