1. Gera????o de casos de teste usando Bounded Model Checking
- Author
-
Menezes, Rafael S??, https://orcid.org/0000-0002-6102-4343, Cordeiro, Lucas Carvalho, Rocha, Herbert Oliveira, Barreto, Raimundo da Silva, and Lima Filho, Eddie Batista de
- Subjects
Sistema de transi????o ,Sistema de armazenamento ,SMT solving ,Fuzzing ,Bounded model checking ,Verification ,Agoritmo de slicing ,Caching ,Opera????es bit a bit ,Software ,CI??NCIAS EXATAS E DA TERRA ,Testcase generation - Abstract
Submitted by Rafael Menezes (rafael.sa@icomp.ufam.edu.br) on 2021-09-02T19:12:38Z No. of bitstreams: 3 license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) dissertacao-final.pdf: 2519519 bytes, checksum: 62c5a24015685b1b75954c32c0135995 (MD5) CartaEncaminhamentoTCC-TESE-DISSERTA????O.pdf: 112019 bytes, checksum: 1966306a36cb2747e5a887f896a370a2 (MD5) Approved for entry into archive by PPGI Inform??tica (secretariappgi@icomp.ufam.edu.br) on 2021-09-06T19:16:07Z (GMT) No. of bitstreams: 3 license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) dissertacao-final.pdf: 2519519 bytes, checksum: 62c5a24015685b1b75954c32c0135995 (MD5) CartaEncaminhamentoTCC-TESE-DISSERTA????O.pdf: 112019 bytes, checksum: 1966306a36cb2747e5a887f896a370a2 (MD5) Rejected by Divis??o de Documenta????o/BC Biblioteca Central (ddbc@ufam.edu.br), reason: O dep??sito precisa de ajuste: 1. Na disserta????o, retirar as folhas em branco que se intercalam entre as demais. 2. Na ficha catalogr??fica, as palavras-chave devem iniciar em letra mai??scula, portanto: "1. Bounded Model Checking. 2. Caching. 3. Software. 4. Verification. 5. Testcase generation." 3. A disserta????o possui 54 folhas, n??o 71 como informada na ficha. O campo deve ser corrigido. on 2021-09-06T20:51:34Z (GMT) Submitted by Rafael Menezes (rafael.sa@icomp.ufam.edu.br) on 2021-09-15T16:33:21Z No. of bitstreams: 3 license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) CartaEncaminhamentoTCC-TESE-DISSERTA????O.pdf: 112019 bytes, checksum: 1966306a36cb2747e5a887f896a370a2 (MD5) dissertacao-final.pdf: 2500824 bytes, checksum: c7dedc42fc1d8850003605631825473a (MD5) Approved for entry into archive by PPGI Inform??tica (secretariappgi@icomp.ufam.edu.br) on 2021-09-16T13:41:23Z (GMT) No. of bitstreams: 3 license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) CartaEncaminhamentoTCC-TESE-DISSERTA????O.pdf: 112019 bytes, checksum: 1966306a36cb2747e5a887f896a370a2 (MD5) dissertacao-final.pdf: 2500824 bytes, checksum: c7dedc42fc1d8850003605631825473a (MD5) Approved for entry into archive by Divis??o de Documenta????o/BC Biblioteca Central (ddbc@ufam.edu.br) on 2021-09-16T15:03:38Z (GMT) No. of bitstreams: 3 license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) CartaEncaminhamentoTCC-TESE-DISSERTA????O.pdf: 112019 bytes, checksum: 1966306a36cb2747e5a887f896a370a2 (MD5) dissertacao-final.pdf: 2500824 bytes, checksum: c7dedc42fc1d8850003605631825473a (MD5) Made available in DSpace on 2021-09-16T15:03:38Z (GMT). No. of bitstreams: 3 license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) CartaEncaminhamentoTCC-TESE-DISSERTA????O.pdf: 112019 bytes, checksum: 1966306a36cb2747e5a887f896a370a2 (MD5) dissertacao-final.pdf: 2500824 bytes, checksum: c7dedc42fc1d8850003605631825473a (MD5) Previous issue date: 2021-06-08 CNPq - Conselho Nacional de Desenvolvimento Cient??fico e Tecnol??gico Testcase generation consists in generating inputs for an algorithm that are able to explore all paths of a program, maximizing its coverage. Usually, fuzzing techniques are used because of its great performace and low cost. However, formal techniques such as Symbolic Execution are gaining notority in this domain, one of those is Bounded Model Checking (BMC). BMC is a verification technique that encodes a property in paths of transition system up to a bound k to one single logic formula such that if the system contains a flaw the formula will generate a proof. This proof contain information for the testcase generation. The difficult of using BMC for testcase is at the time/space complexity and at the optimizations trying to workaround this issue. Incremental BMC is a strategy that increases the k limit until the violation is found or the system is completely verified. The issue is that at each increment every path is verified again, which add time and memory consuption to solve the current instance. To solve those issue this work proposes two main contributions: (1) algorithm for testcase generation using proofs; and (2) a caching system that uses small instances by: (A) direct use; and (B) indirect use of other systems. Those contributions were implemented into the Efficient SMT-based Bounded Model Checker (ESBMC), being tested over Continuos Integration and over public benchmarks of C programs, obtaining the first place at TestComp???21 in the Cover-error category and reducing the time of the CI. A gera????o autom??tica de casos de teste consiste na gera????o de entradas para um algoritmo que sejam capazes de explorar todos os caminhos de um programa, maximizando a cobertura. Comumente, t??cnicas como fuzzing s??o utilizadas para isso por sua performance alta e de custo baixo. Entretanto, t??cnicas formais, como execu????o simb??lica, v??m ganhando espa??o nesse dom??nio, entre elas, a Bounded Model Checking (BMC). BMC ?? uma t??cnica de verifica????o que codifica uma propriedade em caminhos de um sistema de transi????o at?? um limite k, resultando em uma ??nica f??rmula l??gica que, caso contenha uma viola????o, ir?? gerar uma prova. Essa prova - embora reduzida - cont??m informa????es que podem ser utilizadas como base para a gera????o de um caso de teste. A dificuldade de usar BMC em casos de teste est?? na complexidade de tempo/espa??o da t??cnica e nas simplifica????es feitas para tentar contornar isso (simplifica????es, estrat??gias). Incremental BMC ?? uma estrat??gia que, de forma incremental, aumenta esse limite k at?? que uma viola????o seja encontrada ou que o sistema seja completamente verificado. Entretanto, cada caminho do sistema ?? reverificado a cada incremento, o que adiciona tempo e consumo de mem??ria para resolver a inst??ncia atual. Para resolver esses problemas, este trabalho prop??e duas contribui????es: (1) algoritmo de gera????o de casos de teste a partir de provas e (2) um sistema de cache que utiliza solu????es de inst??ncias menores atrav??s de (A) uso direto das inst??ncias anteriores; e (B) uso indireto atrav??s de f??rmulas de outros sistemas. Essas contribui????es foram implementadas no Efficient SMT-based Bounded Model Checker (ESBMC), sendo testadas em situa????es de Integra????o Cont??nua (CI) e sobre benchmarks p??blicos de programas em C, obtendo a primeira coloca????o na competi????o TestComp???21 na categoria reach-error e reduzindo o tempo do CI.
- Published
- 2021