SlideShare uma empresa Scribd logo

Testing, fixing, and proving with contracts

Carlo A. Furia
Carlo A. Furia

Invited tutorial at the 9th International Conference on Tests & Proofs (TAP 2015) part of STAF 2015 in L'Aquila, Italy.

Software
1 de 73
Testing, Fixing, and Proving with Contracts Carlo A. Furia Chair of Software Engineering, ETH Zurich bugcounting.net @bugcounting
The (AlpTransit) Gotthard tunnel The tunnel • 57 km long • construction at both ends • underneath the Gotthard massif 2 Erstfeld • canton Uri • German-speaking • weather probably cloudy Bodio • canton Ticino • Italian-speaking • weather probably sunny
Users with different requirements Joe the programmer • little or no background in formal techniques • weak and simple (incomplete) specifications • design not optimal for verification • bugs: full verification is unattainable • looks for low hanging fruits of verification Verification expert • fluent in formal logic techniques • strong, often complete, specifications • design for full verification • could use automation of simpler steps • aims at the holy grail of verified software 3
The Eiffel Verification Environment 4 Inspector AutoTest AutoFix AutoProof GUI Verification Assistant
The Eiffel Verification Environment 5 GUI Verification Assistant CLI ComCom (web)Inspector AutoTest AutoFix AutoProof
A key ingredient: contracts Contracts are a form of lightweight specification: • Assertions (pre- and postconditions, invariants) • Contract language = Boolean expressions • Executable: bring immediate benefits for testing, debugging, and so on Verification tools in EVE take advantage of (simple) functional specifications in the form of contracts.
Auto-active user/tool interaction 1. Code + Annotations 2. Push button 3. Verification outcome 4. Correct/Revise 7
Roadmap AutoTest: find faults automatically 8 AutoFix: patch faults automatically Verification assistant: combine tests & proofs Two-step verification: help debug failed proofs AutoProof: prove realistic programs 1. 2. 3. 4. 5.
Next stop: AutoTest AutoTest: find faults automatically 9 AutoFix: patch faults automatically Verification assistant: combine tests & proofs Two-step verification: help debug failed proofs AutoProof: prove realistic programs 1. 2. 3. 4. 5.
AutoTest in a nutshell AutoTest is a push-button generator of unit tests • Test = sequence of method calls on objects • Contracts as oracles: target call o.m – Invalid test: o does not satisfy m’s precondition – Passing test: all contracts evaluate to True – Failing test: some contract evaluates to False 10 Similar tools: • Korat (Java + assertions) • QuickCheck (Haskell)
How AutoTest works 11 Random object o Random method m call o.m Invalid test Failing test: bug found • Existing object from object pool • Fresh object of primitive type (e.g. random integer) • New object of class type (call constructor) Passing test Add any new objects to object pool Classification based on runtime contract checking
Test generation strategies AutoTest is a push-button generator of unit tests • Basic generation strategy: random • Other strategies as extensions: – Random+ – Adaptive-random (object distance) – Precondition satisfaction – Stateful testing 12
Demo example: Bank Account class ACCOUNT balance: INTEGER deposit (amount: INTEGER) require 0 <= amount ensure balance = old balance + amount withdraw (amount: INTEGER) require 0 <= amount ensure balance_set: amount <= old balance implies balance = old balance - amount balance_not_set: amount > old balance implies balance = old balance invariant balance_nonnegative: balance >= 0 13
Demo 1: bug finding AutoTest finds a bug in the implementation of withdraw that violates postcondition balance_not_set. withdraw (amount: INTEGER) require 0 <= amount do balance := balance + amount ensure balance_set: amount <= old balance implies balance = old balance - amount balance_not_set: amount > old balance implies balance = old balance 14
Demo 1: bug finding AutoTest finds a bug in the implementation of withdraw that violates postcondition balance_not_set. 15
Next stop: AutoFix AutoTest: find faults automatically 16 Verification assistant: combine tests & proofs Two-step verification: help debug failed proofs AutoProof: prove realistic programs 1. 3. 4. 5. AutoFix: patch faults automatically 2.
AutoFix in a nutshell AutoFix is a push-button generator of fixes 17 AutoFix Coding code + contracts bugs + patches Similar tools: • GenProg, Kali (C) • PAR (Java)
How AutoFix works Program + Contracts Test suite Suspicious states AutoTest Candidate fixes Valid fixes Validation & rankingAnalysis Synthesis  count = 1  count = 2  count = 0 count = 0 @ L4 if count = 0 then ...
AutoFix: Components Program state abstraction: • snapshots: location, predicate, value Fault localization: • static information: proximity to failing location/expression • dynamic information: number of failing/passing tests 19
AutoFix: Components Program state abstraction: • snapshots : location, predicate, value Synthesis: • enumeration of common replacement expressions and instructions • conditional execution: @ location: if predicate = value then some fix action 20
AutoFix: Components Validation: • regression testing with all available tests for method being fixed • valid fix: passes all available tests Ranking: • based on suspiciousness score of snapshots 21
Demo 1b: bug fixing AutoFix builds fixes for the bug in the implementation of withdraw. A “high-quality” (proper, correct) fix: 22
Demo 1b: bug fixing AutoFix builds fixes for the bug in the implementation of withdraw. A fix that just happens to pass all tests: 23
Experiments with AutoFix Source programs: standard data-structure libraries, text library, card game. LOC of source + contracts # Unique errors % Fixed errors % High-quality fixes Time: test + fix [minutes] Fix implementation: 73’000 204 42% 25% 17 + 3 Fix contracts: 24’500 44 95% 25% 31 + 3
Experiments with AutoFix Source programs: standard data-structure libraries, text library, card game. GenProg, according to the analysis by [Qui+, ISSTA’15]: < 2% LOC of source + contracts # Unique errors % Fixed errors % High-quality fixes Time: test + fix [minutes] Fix implementation: 73’000 204 42% 25% 17 + 3
Next stop: Verification assistant AutoTest: find faults automatically 26 Two-step verification: help debug failed proofs AutoProof: prove realistic programs 1. 4. 5. AutoFix: patch faults automatically 2. Verification assistant: combine tests & proofs 3.
Integrating different tools A verification assistant manages individual tools – Select tools and program parts to be verified – Collect results and aggregate them Classes Data pool Tools Verification Assistant . . . AutoTest AutoProof C1 C2 Cn AutoFix AT n AT 2 AT 1 … AP n AT 2 AP 1 … AInAT 2 AI1 … AF n AT 2 AF 1 … 27 Inspector
Scores: aggregated verification results Each method & class receives a correctness score • A value in the interval [-1, 1] • Estimate of evidence for correctness -1 0 1 Evidence of incorrectness Evidence of correctness Lack of evidence Conclusive evidence Conclusive evidence 28
Score for testing • Failing test case: conclusive evidence of incorrectness • Passing test case: increases evidence of correctness • Absolute value may vary according to other metrics – used heuristics, coverage, testing time, … -1 0 1 29
Score for testing • Failing test case: conclusive evidence of incorrectness • Passing test case: increases evidence of correctness • Absolute value may vary according to other metrics – used heuristics, coverage, testing time, … -1 0 1 Failing test case 30
Score for testing • Failing test case: conclusive evidence of incorrectness • Passing test case: increases evidence of correctness • Absolute value may vary according to other metrics – used heuristics, coverage, testing time, … -1 0 1 Failing test case Passing test case 31
Score for testing • Failing test case: conclusive evidence of incorrectness • Passing test case: increases evidence of correctness • Absolute value may vary according to other metrics – used heuristics, coverage, testing time, … -1 0 1 Failing test case Passing test case Passing test case 32
Score for testing • Failing test case: conclusive evidence of incorrectness • Passing test case: increases evidence of correctness • Absolute value may vary according to other metrics – used heuristics, coverage, testing time, … -1 0 1 Failing test case Passing test case Passing test case Passing test case 33
Score for correctness proofs AutoProof is sound but incomplete: – Timeout: score 0 – Failed proof: score -0.2 -1 0 1 Failed proof for a complete tool Successful proof for a sound tool 34
Combining scores of different tools • Running each tool determines a score for each method • Overall score for a class: weighted average • Weights depend on the relative confidence in reliability of tools – may be application and configuration dependent • Overall score of modules (packages) may also weigh components differently according to their criticality 35
Demo 2: combined testing and proving The verification assistant runs on the version of ACCOUNT patched by AutoFix: deposit does not verify, but passes all tests  reasonable confidence in its correctness. 36
Next stop: Two-step verification AutoTest: find faults automatically 37 AutoProof: prove realistic programs 1. 5. AutoFix: patch faults automatically 2. Verification assistant: combine tests & proofs 3. Two-step verification: help debug failed proofs 4.
Modular proofs Verifiers such as AutoProof perform modular reasoning • Effects of a call to method m within the caller = m’s specification (pre, post, frame) 38 deposit (amount: INTEGER) require 0 <= amount do update_balance (amount) How we wrote it: How AutoProof sees it: deposit (amount: INTEGER) require 0 <= amount do assert update_balance.pre havoc update_balance.frame assume update_balance.post
Modular proofs in practice Verifiers such as AutoProof perform modular reasoning • Necessary for scalability • Consistent with design-by-contract and information hiding • But providing the detailed specifications necessary for verification may be tedious or overly complex 39
Specification writing fatigue Providing the specification necessary for verification may be tedious, especially in the most straightforward cases. deposit (amount: INTEGER) require 0 <= amount do update_balance (amount) ensure balance = old balance + amount How we wrote it: How we thought about it: 40 deposit (amount: INTEGER) require 0 <= amount do balance := balance + amount ensure balance = old balance + amount
Debugging failed verification When verification fails with verifiers such as AutoProof (modular, sound, incomplete): • There is a bug? • The program is correct, but the specification is insufficient? To help debug failed verification attempts AutoProof features two-step verification. 41
Two-step verification Two-step verification improves user feedback, especially in the presence of little specification. 1. First verification step – Standard modular verification 2. Second verification step – Ignore specification of called routines and loops – Uses inlining and unrolling Feedback: combination of outcomes of 1 & 2 42
Step 1: modular verification update_balance (a: INTEGER) do balance := balance + a end deposit (amount: INTEGER) require 0 <= amount do update_balance (amount) ensure balance = old balance + amount Postcondition violated Modular verification fails. 43 No postcondition of callee: effect on balance undefined
Step 2: verification with inlining Verification with inlining succeeds. Attribute balance is incremented by amount. Feedback: change (strengthen) the specification of update_balance. 44 update_balance (a: INTEGER) do balance := balance + a end deposit (amount: INTEGER) require 0 <= amount do balance := balance + amount ensure balance = old balance + amount
Demo 2b: two-step verification AutoProof with two-step verification runs on the version of ACCOUNT patched by AutoFix: deposit verifies after inlining update_balance • Provide postcondition to update_balance or • Direct AutoProof to use update_balance inlined 45 Follow this demo at http://bit.do/tap-tutorial (Switch to tab account2.e)
Two-step verification: feedback r require Pr do s ensure Qr s require Ps do : ensure Qs Step 1: modular Step 2: inlined Suggestion Verify r Verify s Verify r Ps fails Succeeds Succeeds Weaken Ps or use inlined Qr fails Succeeds Succeeds Strengthen Qs or use inlined Succeeds Qs fails Succeeds Strengthen Ps / Weaken Qs
Two-step verification: feedback r require Pr do s ensure Qr s require Ps do : ensure Qs Step 1: modular Step 2: inlined Suggestion Verify r Verify s Verify r Ps fails Succeeds Succeeds Weaken Ps or use inlined Qr fails Succeeds Succeeds Strengthen Qs or use inlined Succeeds Qs fails Succeeds Strengthen Ps / Weaken Qs 1
Two-step verification: feedback r require Pr do s ensure Qr s require Ps do : ensure Qs Step 1: modular Step 2: inlined Suggestion Verify r Verify s Verify r Ps fails Succeeds Succeeds Weaken Ps or use inlined Qr fails Succeeds Succeeds Strengthen Qs or use inlined Succeeds Qs fails Succeeds Strengthen Ps / Weaken Qs 2
Two-step verification: feedback r require Pr do s ensure Qr s require Ps do : ensure Qs Step 1: modular Step 2: inlined Suggestion Verify r Verify s Verify r Ps fails Succeeds Succeeds Weaken Ps or use inlined Qr fails Succeeds Succeeds Strengthen Qs or use inlined Succeeds Qs fails Succeeds Strengthen Ps / Weaken Qs 3
Next stop: AutoProof AutoTest: find faults automatically 50 1. AutoFix: patch faults automatically 2. Verification assistant: combine tests & proofs 3. AutoProof: prove realistic programs 5. Two-step verification: help debug failed proofs 4.
AutoProof in a nutshell AutoProof is an auto-active verifier for Eiffel • Prover for functional properties • All-out support of object-oriented idiomatic structures (e.g. patterns) – Based on class invariants • Flexible: incrementality – Proving simple properties requires little annotations – Proving complex properties is possible with more effort 51
Demo 3: a taste of AutoProof AutoProof verifies method transfer with suitable specification transfer (amount: INTEGER; other: ACCOUNT) -- Transfer `amount' from this account to `other'. require amount_non_negative: 0 <= amount amount_available: amount <= balance do withdraw (amount) other.deposit (amount) ensure deposit_done: other.balance = old other.balance + amount withdrawal_done: balance = old balance - amount 52 Follow this demo at http://bit.do/tap-tutorial (Switch to tab account3.e)
Sound program verifiers compared 53 more complex properties more automation static analysis interactive (KIV) ESC/Java2 OpenJML Spec# VCC Chalice Dafny KeY VeriFast
Reasoning with class invariants Class invariants are a natural way to reason about object-oriented programs: invariant = consistency of objects 54 ACCOUNT invariant balance >= 0
LIST ACCOUNT Multi-object structures Object-oriented programs involve multiple objects (duh!), whose consistency is often mutually dependent 55 invariant balance >= 0 balance = sum (transactions) transactions
AUDITOR LIST ACCOUNT Consistency of multi-object structures Mutually dependent object structures require extra care to enforce, and reason about, consistency (cmp. encapsulation) 56 invariant balance >= 0 balance = sum (transactions) transactions
AUDITOR LIST ACCOUNT Consistency of multi-object structures Mutually dependent object structures require extra care to enforce, and reason about, consistency (cmp. encapsulation) 57 invariant balance >= 0 balance = sum (transactions) transactions
Open and closed objects When (at which program points) must class invariants hold? To provide flexibility, objects in AutoProof can be open or closed 58 CLOSED OPEN Object: Consistent Inconsistent State: Stable Transient Invariant: Holds May not hold
LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 59 invariant balance >= 0 owns = [ transactions ] balance = sum (transactions) transactions owns
LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 60 invariant balance >= 0 owns = [ transactions ] balance = sum (transactions) transactions AUDITOR owns
add_node LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 61 transactions AUDITOR owns invariant balance >= 0 owns = [ transactions ] balance = sum (transactions)
add_node LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 62 transactions AUDITOR owns invariant balance >= 0 owns = [ transactions ] balance = sum (transactions)
add_node LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 63 transactions AUDITOR owns invariant balance >= 0 owns = [ transactions ] balance = sum (transactions)
add_node LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 64 transactions AUDITOR owns update_balance invariant balance >= 0 owns = [ transactions ] balance = sum (transactions)
LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 65 invariant balance >= 0 owns = [ transactions ] balance = sum (transactions) transactions AUDITOR owns
Demo 4: ownership in AutoProof AutoProof verifies the ACCOUNT with an owned list of transactions transactions: SIMPLE_LIST [INTEGER] -- History of transactions: -- positive integer = deposited amount -- negative integer = withdrawn amount -- latest transactions in back of list 66 Follow this demo at http://bit.do/tap-tutorial (Switch to tab account4.e)
ACCOUNT Semantic collaboration For collaborative object structures, AutoProof offers a novel protocol: semantic collaboration 67 invariant interest_rate = bank.rate BANK bank
bank bank ACCOUNT Semantic collaboration For collaborative object structures, AutoProof offers a novel protocol: semantic collaboration 68 invariant interest_rate = bank.rate BANK bank
subjects observers Semantic collaboration • Subjects = objects my consistency depends on • Observers = objects whose consistency depends on me 69 invariant subjects = [ bank ] Current in bank.observers -- Implicit in AutoProof interest_rate = bank.rate bank bank ACCOUNTBANK bank
Demo 5: collaboration in AutoProof AutoProof verifies the ACCOUNT with a BANK that sets a master interest rate bank: BANK -- Provider of this account invariant non_negative_rate: 0 <= interest_rate bank_exists: bank /= Void consistent_rate: interest_rate = bank.master_rate 70 Follow this demo at http://bit.do/tap-tutorial (Switch to tabs account5.e sand bank5.e)
AutoProof on realistic software Verification benchmarks: EiffelBase2 – a realistic container library: # programs LOC SPEC/CODE Verification time 25 4400 Lines: 1.0 Tokens: 1.9 Total: 3.4 min Longest method: 12 sec Average method: < 1 sec # classes LOC SPEC/CODE Verification time 46 8400 Lines: 1.4 Tokens: 2.7 Total: 7.2 min Longest method: 12 sec Average method: < 1 sec
Testing, fixing, and proving with contracts: acknowledgements 72 Julian Tschannen Nadia Polikarpova Yu (Max) Pei Yi (Jason) Wei Andreas Zeller Bertrand MeyerIlinca Ciupa-MoserAndreas Leitner
Testing, fixing, and proving with contracts (in Eiffel) 1. AutoTest 73 2. AutoFix 3. Verif. assist. 4. Two-step 5. AutoProof http://se.inf.ethz.ch/research/ eve/ http://cloudstudio.ethz.ch/ comcom/ See TAP 2015’s proceedings for references to technical papers

Recomendados

AdaCore Paris Tech Day 2016: Elie Richa - Integrated Unit Testing for a Trust...
AdaCore Paris Tech Day 2016: Elie Richa - Integrated Unit Testing for a Trust...AdaCore Paris Tech Day 2016: Elie Richa - Integrated Unit Testing for a Trust...
AdaCore Paris Tech Day 2016: Elie Richa - Integrated Unit Testing for a Trust...jamieayre
 
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Sung Kim
 
Software testing: an introduction - 2017
Software testing: an introduction - 2017Software testing: an introduction - 2017
Software testing: an introduction - 2017XavierDevroey
 
White Box Testing V0.2
White Box Testing V0.2White Box Testing V0.2
White Box Testing V0.2Nivetha Padmanaban
 
White Box testing by Pankaj Thakur, NITTTR Chandigarh
White Box testing by Pankaj Thakur, NITTTR ChandigarhWhite Box testing by Pankaj Thakur, NITTTR Chandigarh
White Box testing by Pankaj Thakur, NITTTR ChandigarhPankaj Thakur
 
Testes? Mas isso não aumenta o tempo de projecto? Não quero...
Testes? Mas isso não aumenta o tempo de projecto? Não quero...Testes? Mas isso não aumenta o tempo de projecto? Não quero...
Testes? Mas isso não aumenta o tempo de projecto? Não quero...Comunidade NetPonto
 
Whitebox
WhiteboxWhitebox
WhiteboxOana Feidi
 
Control Flow Testing
Control Flow TestingControl Flow Testing
Control Flow TestingHirra Sultan
 

Recomendados

AdaCore Paris Tech Day 2016: Elie Richa - Integrated Unit Testing for a Trust...
AdaCore Paris Tech Day 2016: Elie Richa - Integrated Unit Testing for a Trust...AdaCore Paris Tech Day 2016: Elie Richa - Integrated Unit Testing for a Trust...
AdaCore Paris Tech Day 2016: Elie Richa - Integrated Unit Testing for a Trust...jamieayre
 
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Sung Kim
 
Software testing: an introduction - 2017
Software testing: an introduction - 2017Software testing: an introduction - 2017
Software testing: an introduction - 2017XavierDevroey
 
White Box Testing V0.2
White Box Testing V0.2White Box Testing V0.2
White Box Testing V0.2Nivetha Padmanaban
 
White Box testing by Pankaj Thakur, NITTTR Chandigarh
White Box testing by Pankaj Thakur, NITTTR ChandigarhWhite Box testing by Pankaj Thakur, NITTTR Chandigarh
White Box testing by Pankaj Thakur, NITTTR ChandigarhPankaj Thakur
 
Testes? Mas isso não aumenta o tempo de projecto? Não quero...
Testes? Mas isso não aumenta o tempo de projecto? Não quero...Testes? Mas isso não aumenta o tempo de projecto? Não quero...
Testes? Mas isso não aumenta o tempo de projecto? Não quero...Comunidade NetPonto
 
Whitebox
WhiteboxWhitebox
WhiteboxOana Feidi
 
Control Flow Testing
Control Flow TestingControl Flow Testing
Control Flow TestingHirra Sultan
 
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...Sung Kim
 
White box testing
White box testingWhite box testing
White box testingNeethu Tressa
 
Python: Object-Oriented Testing (Unit Testing)
Python: Object-Oriented Testing (Unit Testing)Python: Object-Oriented Testing (Unit Testing)
Python: Object-Oriented Testing (Unit Testing)Damian T. Gordon
 
Qtp Basics
Qtp BasicsQtp Basics
Qtp Basicsmehramit
 
White Box Testing
White Box TestingWhite Box Testing
White Box TestingAlisha Roy
 
ISTQB Foundation level Sample Paper - Part 3
ISTQB Foundation level Sample Paper - Part 3 ISTQB Foundation level Sample Paper - Part 3
ISTQB Foundation level Sample Paper - Part 3 Parul Chotalia
 
Software Testing & Debugging
Software Testing & DebuggingSoftware Testing & Debugging
Software Testing & DebuggingComputing Cage
 
Istqb question-paper-dump-12
Istqb question-paper-dump-12Istqb question-paper-dump-12
Istqb question-paper-dump-12TestingGeeks
 
Istqb sample paper 2011- www.ajoysingha.info
Istqb sample paper 2011- www.ajoysingha.infoIstqb sample paper 2011- www.ajoysingha.info
Istqb sample paper 2011- www.ajoysingha.infoTestingGeeks
 
Istqb exam sample_paper_2
Istqb exam sample_paper_2Istqb exam sample_paper_2
Istqb exam sample_paper_2TestingGeeks
 
Why Unit Testingl
Why Unit TestinglWhy Unit Testingl
Why Unit Testinglpriya_trivedi
 
Debug me
Debug meDebug me
Debug meNoha Elprince
 
Rv11
Rv11Rv11
Rv11Wolfgang Grieskamp
 
system verilog
system verilogsystem verilog
system verilogVinchipsytm Vlsitraining
 
Some important definitions in softaware testing
Some important definitions in softaware testingSome important definitions in softaware testing
Some important definitions in softaware testingShwetketu Rastogi
 
Test driven development and unit testing with examples in C++
Test driven development and unit testing with examples in C++Test driven development and unit testing with examples in C++
Test driven development and unit testing with examples in C++Hong Le Van
 
Unit Tesing in iOS
Unit Tesing in iOSUnit Tesing in iOS
Unit Tesing in iOSCiklum Ukraine
 
Automock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code GenerationAutomock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code GenerationSabrina Souto
 
Qtp ans
Qtp ansQtp ans
Qtp ansTestingGeeks
 
1. dan odprte kode - Splošno o Mozilli
1. dan odprte kode - Splošno o Mozilli1. dan odprte kode - Splošno o Mozilli
1. dan odprte kode - Splošno o MozilliNino Vranešič
 
Los cúmulos estelares
Los cúmulos estelaresLos cúmulos estelares
Los cúmulos estelaresAntonio González Atienza
 
PERSPECTIVAS TEÓRICAS EN EL CAMPO DE LA HISTORIA DEL SIGLO XIX
PERSPECTIVAS TEÓRICAS EN EL CAMPO DE LA HISTORIA DEL SIGLO XIXPERSPECTIVAS TEÓRICAS EN EL CAMPO DE LA HISTORIA DEL SIGLO XIX
PERSPECTIVAS TEÓRICAS EN EL CAMPO DE LA HISTORIA DEL SIGLO XIXFátima De Sá
 

Mais conteúdo relacionado

Mais procurados

REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...Sung Kim
 
Python: Object-Oriented Testing (Unit Testing)
Python: Object-Oriented Testing (Unit Testing)Python: Object-Oriented Testing (Unit Testing)
Python: Object-Oriented Testing (Unit Testing)Damian T. Gordon
 
Qtp Basics
Qtp BasicsQtp Basics
Qtp Basicsmehramit
 
White Box Testing
White Box TestingWhite Box Testing
White Box TestingAlisha Roy
 
ISTQB Foundation level Sample Paper - Part 3
ISTQB Foundation level Sample Paper - Part 3 ISTQB Foundation level Sample Paper - Part 3
ISTQB Foundation level Sample Paper - Part 3 Parul Chotalia
 
Software Testing & Debugging
Software Testing & DebuggingSoftware Testing & Debugging
Software Testing & DebuggingComputing Cage
 
Istqb question-paper-dump-12
Istqb question-paper-dump-12Istqb question-paper-dump-12
Istqb question-paper-dump-12TestingGeeks
 
Istqb sample paper 2011- www.ajoysingha.info
Istqb sample paper 2011- www.ajoysingha.infoIstqb sample paper 2011- www.ajoysingha.info
Istqb sample paper 2011- www.ajoysingha.infoTestingGeeks
 
Istqb exam sample_paper_2
Istqb exam sample_paper_2Istqb exam sample_paper_2
Istqb exam sample_paper_2TestingGeeks
 
Some important definitions in softaware testing
Some important definitions in softaware testingSome important definitions in softaware testing
Some important definitions in softaware testingShwetketu Rastogi
 
Test driven development and unit testing with examples in C++
Test driven development and unit testing with examples in C++Test driven development and unit testing with examples in C++
Test driven development and unit testing with examples in C++Hong Le Van
 
Automock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code GenerationAutomock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code GenerationSabrina Souto
 

Mais procurados (19)

REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
REMI: Defect Prediction for Efficient API Testing (

ESEC/FSE 2015, Industria...
 
White box testing
White box testingWhite box testing
White box testing
 
Python: Object-Oriented Testing (Unit Testing)
Python: Object-Oriented Testing (Unit Testing)Python: Object-Oriented Testing (Unit Testing)
Python: Object-Oriented Testing (Unit Testing)
 
Qtp Basics
Qtp BasicsQtp Basics
Qtp Basics
 
White Box Testing
White Box TestingWhite Box Testing
White Box Testing
 
ISTQB Foundation level Sample Paper - Part 3
ISTQB Foundation level Sample Paper - Part 3 ISTQB Foundation level Sample Paper - Part 3
ISTQB Foundation level Sample Paper - Part 3
 
Software Testing & Debugging
Software Testing & DebuggingSoftware Testing & Debugging
Software Testing & Debugging
 
Istqb question-paper-dump-12
Istqb question-paper-dump-12Istqb question-paper-dump-12
Istqb question-paper-dump-12
 
Istqb sample paper 2011- www.ajoysingha.info
Istqb sample paper 2011- www.ajoysingha.infoIstqb sample paper 2011- www.ajoysingha.info
Istqb sample paper 2011- www.ajoysingha.info
 
Istqb exam sample_paper_2
Istqb exam sample_paper_2Istqb exam sample_paper_2
Istqb exam sample_paper_2
 
Why Unit Testingl
Why Unit TestinglWhy Unit Testingl
Why Unit Testingl
 
Debug me
Debug meDebug me
Debug me
 
Rv11
Rv11Rv11
Rv11
 
system verilog
system verilogsystem verilog
system verilog
 
Some important definitions in softaware testing
Some important definitions in softaware testingSome important definitions in softaware testing
Some important definitions in softaware testing
 
Test driven development and unit testing with examples in C++
Test driven development and unit testing with examples in C++Test driven development and unit testing with examples in C++
Test driven development and unit testing with examples in C++
 
Unit Tesing in iOS
Unit Tesing in iOSUnit Tesing in iOS
Unit Tesing in iOS
 
Automock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code GenerationAutomock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code Generation
 
Qtp ans
Qtp ansQtp ans
Qtp ans
 

Destaque

1. dan odprte kode - Splošno o Mozilli
1. dan odprte kode - Splošno o Mozilli1. dan odprte kode - Splošno o Mozilli
1. dan odprte kode - Splošno o MozilliNino Vranešič
 
PERSPECTIVAS TEÓRICAS EN EL CAMPO DE LA HISTORIA DEL SIGLO XIX
PERSPECTIVAS TEÓRICAS EN EL CAMPO DE LA HISTORIA DEL SIGLO XIXPERSPECTIVAS TEÓRICAS EN EL CAMPO DE LA HISTORIA DEL SIGLO XIX
PERSPECTIVAS TEÓRICAS EN EL CAMPO DE LA HISTORIA DEL SIGLO XIXFátima De Sá
 
라이브바카라『OPT』.『ASIA』생방송카지노 싸이트
라이브바카라『OPT』.『ASIA』생방송카지노 싸이트라이브바카라『OPT』.『ASIA』생방송카지노 싸이트
라이브바카라『OPT』.『ASIA』생방송카지노 싸이트ghsiduh
 
Layman's Report - LIFE Habitat Lince Abutre
Layman's Report - LIFE Habitat Lince AbutreLayman's Report - LIFE Habitat Lince Abutre
Layman's Report - LIFE Habitat Lince AbutreNuno Curado
 
The future of art & social media
The future of art & social mediaThe future of art & social media
The future of art & social mediaKendrick Ng
 
플레이텍카지노 『OX600』。『COM』바둑동영상
플레이텍카지노 『OX600』。『COM』바둑동영상 플레이텍카지노 『OX600』。『COM』바둑동영상
플레이텍카지노 『OX600』。『COM』바둑동영상 ghsiduh
 
Strategic Human Resource Management
Strategic Human Resource ManagementStrategic Human Resource Management
Strategic Human Resource ManagementAlexander Salcedo
 
온라인배팅 ''SX797.COM'' 바카라테이블
온라인배팅 ''SX797.COM'' 바카라테이블온라인배팅 ''SX797.COM'' 바카라테이블
온라인배팅 ''SX797.COM'' 바카라테이블hkspodf
 
How Restaurants & Pubs Should Use Social Media
How Restaurants & Pubs Should Use Social MediaHow Restaurants & Pubs Should Use Social Media
How Restaurants & Pubs Should Use Social MediadotConverse
 
대박『SX797』『СOM』온라인카지노
대박『SX797』『СOM』온라인카지노대박『SX797』『СOM』온라인카지노
대박『SX797』『СOM』온라인카지노gjsokdfjl
 
인터넷카지노『SX797。COM 』바카라사이트 싸이트
인터넷카지노『SX797。COM 』바카라사이트 싸이트인터넷카지노『SX797。COM 』바카라사이트 싸이트
인터넷카지노『SX797。COM 』바카라사이트 싸이트gjsokdfjl
 
보독카지노 싸이트 『OX600』。『COM』바카라설명 싸이트
보독카지노 싸이트 『OX600』。『COM』바카라설명 싸이트보독카지노 싸이트 『OX600』。『COM』바카라설명 싸이트
보독카지노 싸이트 『OX600』。『COM』바카라설명 싸이트gjsokdfjl
 
Presentació dels resultats de l’exercici d’intercomparació per al mesurament ...
Presentació dels resultats de l’exercici d’intercomparació per al mesurament ...Presentació dels resultats de l’exercici d’intercomparació per al mesurament ...
Presentació dels resultats de l’exercici d’intercomparació per al mesurament ...Medi Ambient. Generalitat de Catalunya
 
Tetrad analysis, positive and negative interference, mapping through somatic ...
Tetrad analysis, positive and negative interference, mapping through somatic ...Tetrad analysis, positive and negative interference, mapping through somatic ...
Tetrad analysis, positive and negative interference, mapping through somatic ...Promila Sheoran
 
Como fazer um powerpoint (1)
Como fazer um powerpoint (1)Como fazer um powerpoint (1)
Como fazer um powerpoint (1)ildamaria
 
Programming Logic for Any Programming Language - Session2
Programming Logic for Any Programming Language - Session2Programming Logic for Any Programming Language - Session2
Programming Logic for Any Programming Language - Session2Mizanur Rahaman Mizan
 

Destaque (20)

1. dan odprte kode - Splošno o Mozilli
1. dan odprte kode - Splošno o Mozilli1. dan odprte kode - Splošno o Mozilli
1. dan odprte kode - Splošno o Mozilli
 
Los cúmulos estelares
Los cúmulos estelaresLos cúmulos estelares
Los cúmulos estelares
 
PERSPECTIVAS TEÓRICAS EN EL CAMPO DE LA HISTORIA DEL SIGLO XIX
PERSPECTIVAS TEÓRICAS EN EL CAMPO DE LA HISTORIA DEL SIGLO XIXPERSPECTIVAS TEÓRICAS EN EL CAMPO DE LA HISTORIA DEL SIGLO XIX
PERSPECTIVAS TEÓRICAS EN EL CAMPO DE LA HISTORIA DEL SIGLO XIX
 
라이브바카라『OPT』.『ASIA』생방송카지노 싸이트
라이브바카라『OPT』.『ASIA』생방송카지노 싸이트라이브바카라『OPT』.『ASIA』생방송카지노 싸이트
라이브바카라『OPT』.『ASIA』생방송카지노 싸이트
 
Layman's Report - LIFE Habitat Lince Abutre
Layman's Report - LIFE Habitat Lince AbutreLayman's Report - LIFE Habitat Lince Abutre
Layman's Report - LIFE Habitat Lince Abutre
 
The future of art & social media
The future of art & social mediaThe future of art & social media
The future of art & social media
 
플레이텍카지노 『OX600』。『COM』바둑동영상
플레이텍카지노 『OX600』。『COM』바둑동영상 플레이텍카지노 『OX600』。『COM』바둑동영상
플레이텍카지노 『OX600』。『COM』바둑동영상
 
Strategic Human Resource Management
Strategic Human Resource ManagementStrategic Human Resource Management
Strategic Human Resource Management
 
온라인배팅 ''SX797.COM'' 바카라테이블
온라인배팅 ''SX797.COM'' 바카라테이블온라인배팅 ''SX797.COM'' 바카라테이블
온라인배팅 ''SX797.COM'' 바카라테이블
 
How Restaurants & Pubs Should Use Social Media
How Restaurants & Pubs Should Use Social MediaHow Restaurants & Pubs Should Use Social Media
How Restaurants & Pubs Should Use Social Media
 
대박『SX797』『СOM』온라인카지노
대박『SX797』『СOM』온라인카지노대박『SX797』『СOM』온라인카지노
대박『SX797』『СOM』온라인카지노
 
인터넷카지노『SX797。COM 』바카라사이트 싸이트
인터넷카지노『SX797。COM 』바카라사이트 싸이트인터넷카지노『SX797。COM 』바카라사이트 싸이트
인터넷카지노『SX797。COM 』바카라사이트 싸이트
 
보독카지노 싸이트 『OX600』。『COM』바카라설명 싸이트
보독카지노 싸이트 『OX600』。『COM』바카라설명 싸이트보독카지노 싸이트 『OX600』。『COM』바카라설명 싸이트
보독카지노 싸이트 『OX600』。『COM』바카라설명 싸이트
 
Presentació dels resultats de l’exercici d’intercomparació per al mesurament ...
Presentació dels resultats de l’exercici d’intercomparació per al mesurament ...Presentació dels resultats de l’exercici d’intercomparació per al mesurament ...
Presentació dels resultats de l’exercici d’intercomparació per al mesurament ...
 
el tercer ojo
el tercer ojoel tercer ojo
el tercer ojo
 
Mehiläisten punkit ja muita loisia
Mehiläisten punkit ja muita loisiaMehiläisten punkit ja muita loisia
Mehiläisten punkit ja muita loisia
 
Tetrad analysis, positive and negative interference, mapping through somatic ...
Tetrad analysis, positive and negative interference, mapping through somatic ...Tetrad analysis, positive and negative interference, mapping through somatic ...
Tetrad analysis, positive and negative interference, mapping through somatic ...
 
Como fazer um powerpoint (1)
Como fazer um powerpoint (1)Como fazer um powerpoint (1)
Como fazer um powerpoint (1)
 
Punkit ja muita loisia. Lassi Kauko
Punkit ja muita loisia. Lassi KaukoPunkit ja muita loisia. Lassi Kauko
Punkit ja muita loisia. Lassi Kauko
 
Programming Logic for Any Programming Language - Session2
Programming Logic for Any Programming Language - Session2Programming Logic for Any Programming Language - Session2
Programming Logic for Any Programming Language - Session2
 

Semelhante a Testing, fixing, and proving with contracts

software testing types jxnvlbnLCBNFVjnl/fknblb
software testing types jxnvlbnLCBNFVjnl/fknblbsoftware testing types jxnvlbnLCBNFVjnl/fknblb
software testing types jxnvlbnLCBNFVjnl/fknblbjeyasrig
 
Software Engineering (Testing Overview)
Software Engineering (Testing Overview)Software Engineering (Testing Overview)
Software Engineering (Testing Overview)ShudipPal
 
Lecture (Software Testing).pptx
Lecture (Software Testing).pptxLecture (Software Testing).pptx
Lecture (Software Testing).pptxskknowledge
 
A Software Testing Intro
A Software Testing IntroA Software Testing Intro
A Software Testing IntroEvozon Test Lab
 
Lecture #6. automation testing (andrey oleynik)
Lecture #6. automation testing (andrey oleynik)Lecture #6. automation testing (andrey oleynik)
Lecture #6. automation testing (andrey oleynik)Andrey Oleynik
 
Software testing software engineering.pdf
Software testing software engineering.pdfSoftware testing software engineering.pdf
Software testing software engineering.pdfvaibhavshukla3003
 
1779905011SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS.pptx
1779905011SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS.pptx1779905011SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS.pptx
1779905011SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS.pptxabhivastrad007
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality AssuranceSaqib Raza
 
Software testing methods, levels and types
Software testing methods, levels and typesSoftware testing methods, levels and types
Software testing methods, levels and typesConfiz
 
Software Engineering (Software Quality Assurance & Testing: Supplementary Mat...
Software Engineering (Software Quality Assurance & Testing: Supplementary Mat...Software Engineering (Software Quality Assurance & Testing: Supplementary Mat...
Software Engineering (Software Quality Assurance & Testing: Supplementary Mat...ShudipPal
 
Testing strategies,techniques & test case SE
Testing strategies,techniques & test case SETesting strategies,techniques & test case SE
Testing strategies,techniques & test case SEMeet1020
 
How to Guarantee Continuous Value from your Test Automation
How to Guarantee Continuous Value from your Test AutomationHow to Guarantee Continuous Value from your Test Automation
How to Guarantee Continuous Value from your Test AutomationPerfecto by Perforce
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design Jayant Dalvi
 
Object Oriented Testing(OOT) presentation slides
Object Oriented Testing(OOT) presentation slidesObject Oriented Testing(OOT) presentation slides
Object Oriented Testing(OOT) presentation slidesPunjab University
 

Semelhante a Testing, fixing, and proving with contracts (20)

software testing types jxnvlbnLCBNFVjnl/fknblb
software testing types jxnvlbnLCBNFVjnl/fknblbsoftware testing types jxnvlbnLCBNFVjnl/fknblb
software testing types jxnvlbnLCBNFVjnl/fknblb
 
Introduction to White box testing
Introduction to White box testingIntroduction to White box testing
Introduction to White box testing
 
Software Engineering (Testing Overview)
Software Engineering (Testing Overview)Software Engineering (Testing Overview)
Software Engineering (Testing Overview)
 
Lecture (Software Testing).pptx
Lecture (Software Testing).pptxLecture (Software Testing).pptx
Lecture (Software Testing).pptx
 
A Software Testing Intro
A Software Testing IntroA Software Testing Intro
A Software Testing Intro
 
Testing
TestingTesting
Testing
 
Lecture #6. automation testing (andrey oleynik)
Lecture #6. automation testing (andrey oleynik)Lecture #6. automation testing (andrey oleynik)
Lecture #6. automation testing (andrey oleynik)
 
Software testing software engineering.pdf
Software testing software engineering.pdfSoftware testing software engineering.pdf
Software testing software engineering.pdf
 
Testing fundamentals
Testing fundamentalsTesting fundamentals
Testing fundamentals
 
Unit 4 testing
Unit 4 testingUnit 4 testing
Unit 4 testing
 
1779905011SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS.pptx
1779905011SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS.pptx1779905011SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS.pptx
1779905011SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS.pptx
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality Assurance
 
Software testing methods, levels and types
Software testing methods, levels and typesSoftware testing methods, levels and types
Software testing methods, levels and types
 
Ch11lect1 ud
Ch11lect1 udCh11lect1 ud
Ch11lect1 ud
 
Software Engineering (Software Quality Assurance & Testing: Supplementary Mat...
Software Engineering (Software Quality Assurance & Testing: Supplementary Mat...Software Engineering (Software Quality Assurance & Testing: Supplementary Mat...
Software Engineering (Software Quality Assurance & Testing: Supplementary Mat...
 
Testing strategies,techniques & test case SE
Testing strategies,techniques & test case SETesting strategies,techniques & test case SE
Testing strategies,techniques & test case SE
 
How to Guarantee Continuous Value from your Test Automation
How to Guarantee Continuous Value from your Test AutomationHow to Guarantee Continuous Value from your Test Automation
How to Guarantee Continuous Value from your Test Automation
 
Testing
TestingTesting
Testing
 
Structured system analysis and design
Structured system analysis and design Structured system analysis and design
Structured system analysis and design
 
Object Oriented Testing(OOT) presentation slides
Object Oriented Testing(OOT) presentation slidesObject Oriented Testing(OOT) presentation slides
Object Oriented Testing(OOT) presentation slides
 

Último

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 

Último (20)

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 

Testing, fixing, and proving with contracts

  • 1. Testing, Fixing, and Proving with Contracts Carlo A. Furia Chair of Software Engineering, ETH Zurich bugcounting.net @bugcounting
  • 2. The (AlpTransit) Gotthard tunnel The tunnel • 57 km long • construction at both ends • underneath the Gotthard massif 2 Erstfeld • canton Uri • German-speaking • weather probably cloudy Bodio • canton Ticino • Italian-speaking • weather probably sunny
  • 3. Users with different requirements Joe the programmer • little or no background in formal techniques • weak and simple (incomplete) specifications • design not optimal for verification • bugs: full verification is unattainable • looks for low hanging fruits of verification Verification expert • fluent in formal logic techniques • strong, often complete, specifications • design for full verification • could use automation of simpler steps • aims at the holy grail of verified software 3
  • 4. The Eiffel Verification Environment 4 Inspector AutoTest AutoFix AutoProof GUI Verification Assistant
  • 5. The Eiffel Verification Environment 5 GUI Verification Assistant CLI ComCom (web)Inspector AutoTest AutoFix AutoProof
  • 6. A key ingredient: contracts Contracts are a form of lightweight specification: • Assertions (pre- and postconditions, invariants) • Contract language = Boolean expressions • Executable: bring immediate benefits for testing, debugging, and so on Verification tools in EVE take advantage of (simple) functional specifications in the form of contracts.
  • 7. Auto-active user/tool interaction 1. Code + Annotations 2. Push button 3. Verification outcome 4. Correct/Revise 7
  • 8. Roadmap AutoTest: find faults automatically 8 AutoFix: patch faults automatically Verification assistant: combine tests & proofs Two-step verification: help debug failed proofs AutoProof: prove realistic programs 1. 2. 3. 4. 5.
  • 9. Next stop: AutoTest AutoTest: find faults automatically 9 AutoFix: patch faults automatically Verification assistant: combine tests & proofs Two-step verification: help debug failed proofs AutoProof: prove realistic programs 1. 2. 3. 4. 5.
  • 10. AutoTest in a nutshell AutoTest is a push-button generator of unit tests • Test = sequence of method calls on objects • Contracts as oracles: target call o.m – Invalid test: o does not satisfy m’s precondition – Passing test: all contracts evaluate to True – Failing test: some contract evaluates to False 10 Similar tools: • Korat (Java + assertions) • QuickCheck (Haskell)
  • 11. How AutoTest works 11 Random object o Random method m call o.m Invalid test Failing test: bug found • Existing object from object pool • Fresh object of primitive type (e.g. random integer) • New object of class type (call constructor) Passing test Add any new objects to object pool Classification based on runtime contract checking
  • 12. Test generation strategies AutoTest is a push-button generator of unit tests • Basic generation strategy: random • Other strategies as extensions: – Random+ – Adaptive-random (object distance) – Precondition satisfaction – Stateful testing 12
  • 13. Demo example: Bank Account class ACCOUNT balance: INTEGER deposit (amount: INTEGER) require 0 <= amount ensure balance = old balance + amount withdraw (amount: INTEGER) require 0 <= amount ensure balance_set: amount <= old balance implies balance = old balance - amount balance_not_set: amount > old balance implies balance = old balance invariant balance_nonnegative: balance >= 0 13
  • 14. Demo 1: bug finding AutoTest finds a bug in the implementation of withdraw that violates postcondition balance_not_set. withdraw (amount: INTEGER) require 0 <= amount do balance := balance + amount ensure balance_set: amount <= old balance implies balance = old balance - amount balance_not_set: amount > old balance implies balance = old balance 14
  • 15. Demo 1: bug finding AutoTest finds a bug in the implementation of withdraw that violates postcondition balance_not_set. 15
  • 16. Next stop: AutoFix AutoTest: find faults automatically 16 Verification assistant: combine tests & proofs Two-step verification: help debug failed proofs AutoProof: prove realistic programs 1. 3. 4. 5. AutoFix: patch faults automatically 2.
  • 17. AutoFix in a nutshell AutoFix is a push-button generator of fixes 17 AutoFix Coding code + contracts bugs + patches Similar tools: • GenProg, Kali (C) • PAR (Java)
  • 18. How AutoFix works Program + Contracts Test suite Suspicious states AutoTest Candidate fixes Valid fixes Validation & rankingAnalysis Synthesis  count = 1  count = 2  count = 0 count = 0 @ L4 if count = 0 then ...
  • 19. AutoFix: Components Program state abstraction: • snapshots: location, predicate, value Fault localization: • static information: proximity to failing location/expression • dynamic information: number of failing/passing tests 19
  • 20. AutoFix: Components Program state abstraction: • snapshots : location, predicate, value Synthesis: • enumeration of common replacement expressions and instructions • conditional execution: @ location: if predicate = value then some fix action 20
  • 21. AutoFix: Components Validation: • regression testing with all available tests for method being fixed • valid fix: passes all available tests Ranking: • based on suspiciousness score of snapshots 21
  • 22. Demo 1b: bug fixing AutoFix builds fixes for the bug in the implementation of withdraw. A “high-quality” (proper, correct) fix: 22
  • 23. Demo 1b: bug fixing AutoFix builds fixes for the bug in the implementation of withdraw. A fix that just happens to pass all tests: 23
  • 24. Experiments with AutoFix Source programs: standard data-structure libraries, text library, card game. LOC of source + contracts # Unique errors % Fixed errors % High-quality fixes Time: test + fix [minutes] Fix implementation: 73’000 204 42% 25% 17 + 3 Fix contracts: 24’500 44 95% 25% 31 + 3
  • 25. Experiments with AutoFix Source programs: standard data-structure libraries, text library, card game. GenProg, according to the analysis by [Qui+, ISSTA’15]: < 2% LOC of source + contracts # Unique errors % Fixed errors % High-quality fixes Time: test + fix [minutes] Fix implementation: 73’000 204 42% 25% 17 + 3
  • 26. Next stop: Verification assistant AutoTest: find faults automatically 26 Two-step verification: help debug failed proofs AutoProof: prove realistic programs 1. 4. 5. AutoFix: patch faults automatically 2. Verification assistant: combine tests & proofs 3.
  • 27. Integrating different tools A verification assistant manages individual tools – Select tools and program parts to be verified – Collect results and aggregate them Classes Data pool Tools Verification Assistant . . . AutoTest AutoProof C1 C2 Cn AutoFix AT n AT 2 AT 1 … AP n AT 2 AP 1 … AInAT 2 AI1 … AF n AT 2 AF 1 … 27 Inspector
  • 28. Scores: aggregated verification results Each method & class receives a correctness score • A value in the interval [-1, 1] • Estimate of evidence for correctness -1 0 1 Evidence of incorrectness Evidence of correctness Lack of evidence Conclusive evidence Conclusive evidence 28
  • 29. Score for testing • Failing test case: conclusive evidence of incorrectness • Passing test case: increases evidence of correctness • Absolute value may vary according to other metrics – used heuristics, coverage, testing time, … -1 0 1 29
  • 30. Score for testing • Failing test case: conclusive evidence of incorrectness • Passing test case: increases evidence of correctness • Absolute value may vary according to other metrics – used heuristics, coverage, testing time, … -1 0 1 Failing test case 30
  • 31. Score for testing • Failing test case: conclusive evidence of incorrectness • Passing test case: increases evidence of correctness • Absolute value may vary according to other metrics – used heuristics, coverage, testing time, … -1 0 1 Failing test case Passing test case 31
  • 32. Score for testing • Failing test case: conclusive evidence of incorrectness • Passing test case: increases evidence of correctness • Absolute value may vary according to other metrics – used heuristics, coverage, testing time, … -1 0 1 Failing test case Passing test case Passing test case 32
  • 33. Score for testing • Failing test case: conclusive evidence of incorrectness • Passing test case: increases evidence of correctness • Absolute value may vary according to other metrics – used heuristics, coverage, testing time, … -1 0 1 Failing test case Passing test case Passing test case Passing test case 33
  • 34. Score for correctness proofs AutoProof is sound but incomplete: – Timeout: score 0 – Failed proof: score -0.2 -1 0 1 Failed proof for a complete tool Successful proof for a sound tool 34
  • 35. Combining scores of different tools • Running each tool determines a score for each method • Overall score for a class: weighted average • Weights depend on the relative confidence in reliability of tools – may be application and configuration dependent • Overall score of modules (packages) may also weigh components differently according to their criticality 35
  • 36. Demo 2: combined testing and proving The verification assistant runs on the version of ACCOUNT patched by AutoFix: deposit does not verify, but passes all tests  reasonable confidence in its correctness. 36
  • 37. Next stop: Two-step verification AutoTest: find faults automatically 37 AutoProof: prove realistic programs 1. 5. AutoFix: patch faults automatically 2. Verification assistant: combine tests & proofs 3. Two-step verification: help debug failed proofs 4.
  • 38. Modular proofs Verifiers such as AutoProof perform modular reasoning • Effects of a call to method m within the caller = m’s specification (pre, post, frame) 38 deposit (amount: INTEGER) require 0 <= amount do update_balance (amount) How we wrote it: How AutoProof sees it: deposit (amount: INTEGER) require 0 <= amount do assert update_balance.pre havoc update_balance.frame assume update_balance.post
  • 39. Modular proofs in practice Verifiers such as AutoProof perform modular reasoning • Necessary for scalability • Consistent with design-by-contract and information hiding • But providing the detailed specifications necessary for verification may be tedious or overly complex 39
  • 40. Specification writing fatigue Providing the specification necessary for verification may be tedious, especially in the most straightforward cases. deposit (amount: INTEGER) require 0 <= amount do update_balance (amount) ensure balance = old balance + amount How we wrote it: How we thought about it: 40 deposit (amount: INTEGER) require 0 <= amount do balance := balance + amount ensure balance = old balance + amount
  • 41. Debugging failed verification When verification fails with verifiers such as AutoProof (modular, sound, incomplete): • There is a bug? • The program is correct, but the specification is insufficient? To help debug failed verification attempts AutoProof features two-step verification. 41
  • 42. Two-step verification Two-step verification improves user feedback, especially in the presence of little specification. 1. First verification step – Standard modular verification 2. Second verification step – Ignore specification of called routines and loops – Uses inlining and unrolling Feedback: combination of outcomes of 1 & 2 42
  • 43. Step 1: modular verification update_balance (a: INTEGER) do balance := balance + a end deposit (amount: INTEGER) require 0 <= amount do update_balance (amount) ensure balance = old balance + amount Postcondition violated Modular verification fails. 43 No postcondition of callee: effect on balance undefined
  • 44. Step 2: verification with inlining Verification with inlining succeeds. Attribute balance is incremented by amount. Feedback: change (strengthen) the specification of update_balance. 44 update_balance (a: INTEGER) do balance := balance + a end deposit (amount: INTEGER) require 0 <= amount do balance := balance + amount ensure balance = old balance + amount
  • 45. Demo 2b: two-step verification AutoProof with two-step verification runs on the version of ACCOUNT patched by AutoFix: deposit verifies after inlining update_balance • Provide postcondition to update_balance or • Direct AutoProof to use update_balance inlined 45 Follow this demo at http://bit.do/tap-tutorial (Switch to tab account2.e)
  • 46. Two-step verification: feedback r require Pr do s ensure Qr s require Ps do : ensure Qs Step 1: modular Step 2: inlined Suggestion Verify r Verify s Verify r Ps fails Succeeds Succeeds Weaken Ps or use inlined Qr fails Succeeds Succeeds Strengthen Qs or use inlined Succeeds Qs fails Succeeds Strengthen Ps / Weaken Qs
  • 47. Two-step verification: feedback r require Pr do s ensure Qr s require Ps do : ensure Qs Step 1: modular Step 2: inlined Suggestion Verify r Verify s Verify r Ps fails Succeeds Succeeds Weaken Ps or use inlined Qr fails Succeeds Succeeds Strengthen Qs or use inlined Succeeds Qs fails Succeeds Strengthen Ps / Weaken Qs 1
  • 48. Two-step verification: feedback r require Pr do s ensure Qr s require Ps do : ensure Qs Step 1: modular Step 2: inlined Suggestion Verify r Verify s Verify r Ps fails Succeeds Succeeds Weaken Ps or use inlined Qr fails Succeeds Succeeds Strengthen Qs or use inlined Succeeds Qs fails Succeeds Strengthen Ps / Weaken Qs 2
  • 49. Two-step verification: feedback r require Pr do s ensure Qr s require Ps do : ensure Qs Step 1: modular Step 2: inlined Suggestion Verify r Verify s Verify r Ps fails Succeeds Succeeds Weaken Ps or use inlined Qr fails Succeeds Succeeds Strengthen Qs or use inlined Succeeds Qs fails Succeeds Strengthen Ps / Weaken Qs 3
  • 50. Next stop: AutoProof AutoTest: find faults automatically 50 1. AutoFix: patch faults automatically 2. Verification assistant: combine tests & proofs 3. AutoProof: prove realistic programs 5. Two-step verification: help debug failed proofs 4.
  • 51. AutoProof in a nutshell AutoProof is an auto-active verifier for Eiffel • Prover for functional properties • All-out support of object-oriented idiomatic structures (e.g. patterns) – Based on class invariants • Flexible: incrementality – Proving simple properties requires little annotations – Proving complex properties is possible with more effort 51
  • 52. Demo 3: a taste of AutoProof AutoProof verifies method transfer with suitable specification transfer (amount: INTEGER; other: ACCOUNT) -- Transfer `amount' from this account to `other'. require amount_non_negative: 0 <= amount amount_available: amount <= balance do withdraw (amount) other.deposit (amount) ensure deposit_done: other.balance = old other.balance + amount withdrawal_done: balance = old balance - amount 52 Follow this demo at http://bit.do/tap-tutorial (Switch to tab account3.e)
  • 53. Sound program verifiers compared 53 more complex properties more automation static analysis interactive (KIV) ESC/Java2 OpenJML Spec# VCC Chalice Dafny KeY VeriFast
  • 54. Reasoning with class invariants Class invariants are a natural way to reason about object-oriented programs: invariant = consistency of objects 54 ACCOUNT invariant balance >= 0
  • 55. LIST ACCOUNT Multi-object structures Object-oriented programs involve multiple objects (duh!), whose consistency is often mutually dependent 55 invariant balance >= 0 balance = sum (transactions) transactions
  • 56. AUDITOR LIST ACCOUNT Consistency of multi-object structures Mutually dependent object structures require extra care to enforce, and reason about, consistency (cmp. encapsulation) 56 invariant balance >= 0 balance = sum (transactions) transactions
  • 57. AUDITOR LIST ACCOUNT Consistency of multi-object structures Mutually dependent object structures require extra care to enforce, and reason about, consistency (cmp. encapsulation) 57 invariant balance >= 0 balance = sum (transactions) transactions
  • 58. Open and closed objects When (at which program points) must class invariants hold? To provide flexibility, objects in AutoProof can be open or closed 58 CLOSED OPEN Object: Consistent Inconsistent State: Stable Transient Invariant: Holds May not hold
  • 59. LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 59 invariant balance >= 0 owns = [ transactions ] balance = sum (transactions) transactions owns
  • 60. LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 60 invariant balance >= 0 owns = [ transactions ] balance = sum (transactions) transactions AUDITOR owns
  • 61. add_node LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 61 transactions AUDITOR owns invariant balance >= 0 owns = [ transactions ] balance = sum (transactions)
  • 62. add_node LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 62 transactions AUDITOR owns invariant balance >= 0 owns = [ transactions ] balance = sum (transactions)
  • 63. add_node LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 63 transactions AUDITOR owns invariant balance >= 0 owns = [ transactions ] balance = sum (transactions)
  • 64. add_node LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 64 transactions AUDITOR owns update_balance invariant balance >= 0 owns = [ transactions ] balance = sum (transactions)
  • 65. LIST ACCOUNT Ownership For hierarchical object structures, AutoProof offers an ownership protocol 65 invariant balance >= 0 owns = [ transactions ] balance = sum (transactions) transactions AUDITOR owns
  • 66. Demo 4: ownership in AutoProof AutoProof verifies the ACCOUNT with an owned list of transactions transactions: SIMPLE_LIST [INTEGER] -- History of transactions: -- positive integer = deposited amount -- negative integer = withdrawn amount -- latest transactions in back of list 66 Follow this demo at http://bit.do/tap-tutorial (Switch to tab account4.e)
  • 67. ACCOUNT Semantic collaboration For collaborative object structures, AutoProof offers a novel protocol: semantic collaboration 67 invariant interest_rate = bank.rate BANK bank
  • 68. bank bank ACCOUNT Semantic collaboration For collaborative object structures, AutoProof offers a novel protocol: semantic collaboration 68 invariant interest_rate = bank.rate BANK bank
  • 69. subjects observers Semantic collaboration • Subjects = objects my consistency depends on • Observers = objects whose consistency depends on me 69 invariant subjects = [ bank ] Current in bank.observers -- Implicit in AutoProof interest_rate = bank.rate bank bank ACCOUNTBANK bank
  • 70. Demo 5: collaboration in AutoProof AutoProof verifies the ACCOUNT with a BANK that sets a master interest rate bank: BANK -- Provider of this account invariant non_negative_rate: 0 <= interest_rate bank_exists: bank /= Void consistent_rate: interest_rate = bank.master_rate 70 Follow this demo at http://bit.do/tap-tutorial (Switch to tabs account5.e sand bank5.e)
  • 71. AutoProof on realistic software Verification benchmarks: EiffelBase2 – a realistic container library: # programs LOC SPEC/CODE Verification time 25 4400 Lines: 1.0 Tokens: 1.9 Total: 3.4 min Longest method: 12 sec Average method: < 1 sec # classes LOC SPEC/CODE Verification time 46 8400 Lines: 1.4 Tokens: 2.7 Total: 7.2 min Longest method: 12 sec Average method: < 1 sec
  • 72. Testing, fixing, and proving with contracts: acknowledgements 72 Julian Tschannen Nadia Polikarpova Yu (Max) Pei Yi (Jason) Wei Andreas Zeller Bertrand MeyerIlinca Ciupa-MoserAndreas Leitner
  • 73. Testing, fixing, and proving with contracts (in Eiffel) 1. AutoTest 73 2. AutoFix 3. Verif. assist. 4. Two-step 5. AutoProof http://se.inf.ethz.ch/research/ eve/ http://cloudstudio.ethz.ch/ comcom/ See TAP 2015’s proceedings for references to technical papers