CS492A Automated Software Analysis, Fall 18

Announcement

Administrative Information

• Instructor: Moonzoo Kim

Office: 2434 (located at the east wing)

Phone:042-350-3543

E-mail: moonzoo @ c s . k a i s t . a c . k r

Office hour: TBD

(reservation e-mail would be preferred)

• Teaching assistants: Hyunsu Lim (bookman01@kaist.ac.kr), Kunwoo Park (kunwoo1209@kaist.ac.kr) 
• TA office hour: TBD

• Lecture hours: Mon/Wed  10:30 - 11:45 AM
• Lecture room: N1  RM#422
• Prerequisite: experience in C/C++ programming and Linux/Unix utilities
• Grading: attendance/class participation/quiz: 20%, HW: 50%, midterm exam: 10%, final exam:20%
• Late HW will be accepted with 10% penalty of the max score in 1 day, 30% penalty of the max score in 3 days. HW will not be accepted after then. 
• HW should be submitted both in hardcopy and softcopy (through KLMS to TA). 10% penalty of the max score for missing hardcopy or softcopy unless explicitly written in HW. 
• Hint: many questions of exams are from the homework.
• All programming HWs you submit must be able to be replayed by executing a single script file on a TA's verifier account (i.e., submitted HW should not have a dependency on your home directory, environment, etc.).  Also, the replayed execution must demonstrate the same output to the submitted hardcopy. You will get 10% penalty of the max score otherwise.
• For your programming HWs, you should not use external libraries which are not available on the verifier machines.  If you really need an external library, you have to ask TAs to install it on the verifier machines.  
• More than 7 absences of the class will get F grade
• Late attendance shall be considered as 1/3 absence. 
• Grad students who are occupied by his/her lab activities (e.g., attending conf, etc.) should submit 1 week prior notice.  
• No excuse for the absence of class including family issues, illness, etc.
• The official language in the class is English. All students should submit all written documents such as homework, project reports, exams, etc. in English; 20% penalty of the max score otherwise.
• Questions and answers can be done through KLMS 
• http://klms.kaist.ac.kr/course/view.php?id=61575
• Excerpts from 강의평가
• "실질적으로 써먹을 수 있는 내용을 많이 배워서 보람찼습니다"
• "과제가 많이 어려운것 같았다. 과제에 대한 도움을 수업에서 좀 더 주었으면 좋겠다."

Syllabus

This class covers automated SW testing/verification techniques to detect SW bugs effectively and efficiently. In particular, this class focuses to teach techniques that automatically generate test cases to achieve high code coverage and, thus, to detect many bugs.

The class aims to teach practical applications of advanced testing/verification techniques as well as their underlying algorithms.  This class guides students to use various open-source software testing/verification tools through HWs and learn the underlying mechanisms to maximize the performance of automated testing/verification.

Course Material

• Textbook
• "Introduction to Software Testing" by P.Ammann and J.Offutt.  2nd ed. Cambridge press 2017
• https://cs.gmu.edu/~offutt/softwaretest/
• Reading list
• Dictionary for testing terms (한글, English)
• Beautiful Testing: Leading Professionals Reveal How They Improve Software (Theory in Practice) by Tim Riley and Adam Goucher
• 역사속의 소프트웨어 오류 by 김종하
• The Model Checker Spin by G.Holzmann
• Logic in Computer Science 2nd ed by M. Huth and M.RyanLyan
• Related tool list
• Spin home page
• CBMC home page 
• MiniSAT home page
• Yices home page
• Z3 home page
• CROWN home page
• clang for LLVM
• gcov
• Understand C++ 
• Free academic license available here
• Graphviz
• http://www.webgraphviz.com/
• https://commons.wikimedia.org/wiki/Category:Images_with_Dot_source_code

Course Schedule

Aug 27 : Introduction [pdf]

Aug 29: Necessity for systematic & automated testing techniques [pdf]

Sep 3: Overview of testing techniques (including the input partitioning technique) [pdf]

Part I: Program coverage criteria and program analysis 

Sep 5: Graph coverage [pdf]

• Intro to Software Testing web site 

Sep 10, 12: Graph coverage for source code  [pdf]

• Generating CFG using GCC and Graphviz [pdf]
• http://www.webgraphviz.com/
• Cyclometic complexity (또다른 한글문서)
• https://www.guru99.com/cyclomatic-complexity.html

Sep 17: gcov tutorial [pdf], CLang tutorial 1/2: Clang AST [pdf]

• gcov manual 

• clang for LLVM
• Clang tutorial (code)

Sep 19: Clang tutorial 2/2: a program analysis tool by using Clang [pdf]

• func-name.cpp

Oct 1: Logic coverage [pdf]

• example [pdf]

Oct  8:  Logic coverage from source code  [pdf]

Oct  10 : Mutation testing [pdf],  Q&A session

• "Design Of Mutant Operators For The C Programming Language" by Agrawal et al

Oct  17: Mid-term exam  10:30~12:00 AM

Part II: Model checking and Test Oracles

Oct 22, 24: SAT-based bounded software model checking [pdf]

• The importance of unwinding loop bound: SAT-based Bounded Software Model Checking for Embedded Software: A Case Study, APSEC 2014 by Kim et al

Oct 29: Software model checking examples [pdf]

Oct 31: Model Checking flash memory storage platform software - an industrial case study

• "A Comparative Study of Software Model Checkers as Unit Testing Tools: An Industrial Case Study," IEEE Transactions on Software Engineering (TSE), vol 37, no 2, pages 146-160, March 2011 
• "Formal Verification of a Flash Memory Device Driver- an Experience Report" Spin 2008, by M.Kim, Y.Kim, Y.Choi, and H.Kim

Part III: Concolic testing (a.k.a., dynamic symbolic execution)

Nov 5 : Automated SW analysis for high reliability: a Concolic testing approach [pdf]

• Industrial Application of Concolic Testing on Embedded Software: Case Studies [ICSE'12 paper]

Nov 7: CROWN Tutorial [pdf] (** important **)

Nov 12, 14: CROWN Examples [pdf]

Nov 17: System-level concolic testing: Busybox application examples through CROWN [pdf]

Nov 19: Industrial Application of Concolic Testing on Embedded Software: Case Studies [pdf] [ICSE'12 paper]