Midterm Flashcards
Study
___ analysis is one which accepts a buggy program.
unsound
___ analysis is one which rejects a correct program.
incomplete
Useful for testing multi-threaded programs.
Cuzz
Predicate assumed to hold before function executes
Pre-condition
Predicate expected to hold after function executes
Post-condition
Test which functions are called
function coverage
Test which statements are executed
Statement coverage
Test which branches are taken
Branch coverage
Feed random inputs to a program
Fuzzing
Random testing (fuzzing) pros
Easy to implement;
Provably good coverage given enough tests;
Can work on programs of any format;
Helps find security vulnerabilities
Random testing (fuzzing) cons
Inefficient test suite;
Might uncover unimportant bugs;
Poor coverage
Useful for systematic testing (linked data structures)
Korat
Useful for feedback-directed random testing (classes; libraries)
Randoop
Korat key idea
No pre-condition, no expansion
Never expands parts not examined by pre-condition
Randoop key idea
Randomly create new test guided by feedback from previously created tests
___ analysis show what might be an invariant and what definitely isn’t.
Dynamic
___ analysis show what definitely is an invariant and what definitely isn’t.
Static
Static analysis sacrifices ___ but is ___
Completeness; Sound
Testing that:
- works on unmodifiable code
- Doesn’t need code analysis
- Can use any format
Black box
Testing which has:
- efficient test suite
- potentially better coverage
White box
Metric to quantify extent to which a programs code is tested by test suite
Code Coverage
Mutation analysis key idea
test variations (mutants) of a program to reveal logical errors
Why use fuzzing
- observe whether program behaves correctly
- make sure program doesn’t crash
Fuzzing: feed ___ to program
random inputs
