The Search for the Perfect Program
-
Upload
natallie-baikevich -
Category
Technology
-
view
1.098 -
download
0
Transcript of The Search for the Perfect Program
THE SEARCH FOR THE PERFECT PROGRAM
NATALLIE BAIKEVICH
@LU_A_JALLA
A ‘PERFECT PROGRAM’ IS …
- Maintainable
- Efficient
- Correct
A ‘PERFECT PROGRAM’ IS …
- Maintainable
- Efficient
- CorrectDoes anything else really matter without correctness?
THE PLAN- Assertions
- Random Testing
- Symbolic Execution
- Types
THE PLAN- Assertions
- Random Testing
- Symbolic Execution
- Types
1.Do something
2.Check it
3.Go to 1.
THE FAST TRACK
Write code -> Release
WELL, NOT THAT FAST
Dear <…>
…
We see XYZException!!!.............!
where n = enough for you to feel miserable
n times
OK, LET’S TEST IT
1. Choose your favourite library
(good chances it’s .*Unit)
2. Write some tests
aand
3. XYZException has gone
THE PROBLEM, PART 1
But…
- they only check what you think a program should do, not what it actually should do
- ... on what you think is all possible inputs
RANDOMIZE IT
Throw the thousands of inputs into your program with
- QuickCheck (Haskell)
- FsCheck (F#)
- ScalaCheck (Scala)
- or something else
DEMO
RANDOMIZE IT
FSCHECK- Expressive and
easy to use
- Checks your spec
- … in a large number
- … of randomly generated cases
“500 checks can’t be wrong!” © don’t remember who said that
THE PROBLEM, PART 2- Expressive and
easy to use
- Checks your spec
- … in a large number
- … of randomly generated cases
“500 checks can’t be wrong!” © don’t remember who said that
- Writing good tests might be tricky
- Checks your spec
- … in a large number
- … of randomly generated cases
500 checks can easily be wrong!
But:
DEMO
RANDOMIZE IT – WHAT’S MISSING?
I WILL BUILD MY OWN TEST GENERATOR
let f x y =
if x < 10 then x
else if x = 42 then
failwith “42”
else 1 / y
x < 10 or x >= 10
x = 42 or x <> 42
y = 0 or y <> 0
DEMO
QUOTATIONS
THE PROBLEM, PART 3
But it’s too complicated to do by hands:
- too many cases,
- lots of overlapping paths,
- difficult to solve when the number of variables grows,
- not everything is a quotation…
IDEA: USE A CONSTRAINT SOLVER
- Check out Z3 homepage
- Try Z3 in your browser
- LINQ to Z3 (ch9 video and a post by Bart de Smet)
Specially for fsharpers:
- Z3Fs on github
THERE’S A TOOL FOR THAT – MEET PEX
- Dynamic symbolic execution
- Analyses .NET instructions
- Uses constraint solver to find the inputs
PEX REFERENCES
- Project homepage
- Pex for fun in your browser
- Code Digger, addin for VS
- Code Hunt website
- Documentation, videos
and more
DEMO
PEX
TEST GENERATIONStatic:
- Conditional statements
- Check the formulas satisfiability
Dynamic:
- Collect the information during the program execution
- Unknown environments
- Enhanced values generation
- Better Performance
DYNAMIC EXECUTION EXAMPLE
int obscure(int x, int y) {
if (x == hash(y)) return -1; // error
return 0;
}
“Compositional Dynamic Test Generation”, Patrice Godefroid (paper)
THE PROBLEM, PART 4
Limitations:
- Nondeterministic cases (e.g. native code)
- Concurrency
- Constraint solver limitations
MORE AND LESS TYPES WITH F*
F* - an ML-like verification-oriented language
- F* project homepage
- GitHub repo
- Try F* in your browser
DEMO
TRYING F*
THE PROBLEM, PART 5
- currently under development
- issues on mono
- in more complex cases, the errors become quite cryptic
- you still need to come up with a way to define the requirements, at the type level
CONCLUSION
If you don’t know where you’re going, any road’ll take you there.
Lewis Caroll
QUESTIONS?