Foundational Property-Based Testing

Integrating property-based testing with a proof assistant creates an interesting opportunity: reusable or tricky testing code can be formally verified using the proof assistant itself. In this work we introduce a novel methodology for formally verified property-based testing and implement it as a foundational verification framework for QuickChick, a port of QuickCheck to Coq. Our framework enables one to verify that the executable testing code is testing the right Coq property. To make verification tractable, we provide a systematic way for reasoning about the set of outcomes a random data generator can produce with non-zero probability, while abstracting away from the actual probabilities. Our framework is firmly grounded in a fully verified implementation of QuickChick itself, using the same underlying verification methodology. We also apply this methodology to a complex case study on testing an information-flow control abstract machine, demonstrating that our verification methodology is modular and scalable and that it requires minimal changes to existing code.

[1]  Carl Eastlund DoubleCheck your theorems , 2009, ACL2 '09.

[2]  Benjamin C. Pierce,et al.  Testing noninterference, quickly , 2013, Journal of Functional Programming.

[3]  S. Owre Random Testing in PVS , 2006 .

[4]  Qiao Haiyan Testing and Proving in Dependent Type Theory , 2003 .

[5]  Herbert Kuchen,et al.  Systematic generation of glass-box test cases for functional logic programs , 2007, PPDP '07.

[6]  Arnaud Gotlieb,et al.  FocalTest: A Constraint Programming Approach for Property-Based Testing , 2010, ICSOFT.

[7]  B. Pierce,et al.  A Coq Framework For Verified Property-Based Testing ( Extended Abstract ) , 2014 .

[8]  John Hughes,et al.  QuickCheck Testing for Fun and Profit , 2007, PADL.

[9]  Peter Dybjer,et al.  Combining Testing and Proving in Dependent Type Theory , 2003, TPHOLs.

[10]  Colin Runciman,et al.  Smallcheck and lazy smallcheck: automatic exhaustive testing for small values , 2008, Haskell '08.

[11]  Lukas Bulwahn,et al.  The New Quickcheck for Isabelle - Random, Exhaustive and Symbolic Testing under One Roof , 2012, CPP.

[12]  Tobias Nipkow,et al.  Random testing in Isabelle/HOL , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[13]  Stefan Berghofer,et al.  Turning Inductive into Equational Specifications , 2009, TPHOLs.

[14]  Koen Claessen,et al.  Testing Polymorphic Properties , 2010, ESOP.

[15]  Koen Claessen,et al.  Splittable pseudorandom number generators using cryptographic hashing , 2013, Haskell '13.

[16]  Sam Tobin-Hochstadt,et al.  Run your research: on the effectiveness of lightweight mechanization , 2012, POPL '12.

[17]  David Delahaye,et al.  Producing Certified Functional Code from Inductive Specifications , 2012, CPP.

[18]  Koen Claessen Shrinking and showing functions: (functional pearl) , 2012, Haskell.

[19]  Achim D. Brucker,et al.  Formal firewall conformance testing: an application of test and proof techniques , 2015, Softw. Test. Verification Reliab..

[20]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2011, SIGP.

[21]  Assia Mahboubi,et al.  An introduction to small scale reflection in Coq , 2010, J. Formaliz. Reason..

[22]  Sean Wilson,et al.  Supporting dependently typed functional programming with proof automation and testing , 2011 .

[23]  Mark P. Jones,et al.  Functional Programming with Overloading and Higher-Order Polymorphism , 1995, Advanced Functional Programming.

[24]  Sebastian Fischer,et al.  EasyCheck - Test Data for Free , 2008, FLOPS.

[25]  Tobias Nipkow,et al.  Executing Higher Order Logic , 2000, TYPES.

[26]  Chris Okasaki,et al.  Red-black trees in a functional setting , 1999, Journal of Functional Programming.

[27]  Arnaud Gotlieb,et al.  A First Step in the Design of a Formally Verified Constraint-Based Testing Tool: FocalTest , 2012, TAP@TOOLS.

[28]  John Hughes,et al.  Testing telecoms software with quviq QuickCheck , 2006, ERLANG '06.

[29]  Andrew W. Appel Efficient Verified Red-Black Trees , 2011 .

[30]  Meng Wang,et al.  Feat: functional enumeration of algebraic types , 2012, Haskell.

[31]  Lukas Bulwahn,et al.  Counterexample generation for higher-order logic using functional and logic programming , 2012 .

[32]  Peter Dybjer,et al.  Random Generators for Dependent Types , 2004, ICTAC.

[33]  Achim D. Brucker,et al.  On theorem prover-based testing , 2012, Formal Aspects of Computing.

[34]  Lukas Bulwahn,et al.  Smart Testing of Functional Programs in Isabelle , 2012, LPAR.

[35]  Koen Claessen,et al.  Generating constrained random data with uniform distribution , 2014, Journal of Functional Programming.

[36]  David Delahaye,et al.  Extracting Purely Functional Contents from Logical Inductive Types , 2007, TPHOLs.

[37]  Koen Claessen,et al.  Making Random Judgments: Automatically Generating Well-Typed Terms from the Definition of a Type-System , 2015, ESOP.

[38]  José Meseguer,et al.  Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.

[39]  Achim D. Brucker,et al.  Interactive Testing with HOL-TestGen , 2005, FATES.

[40]  Panagiotis Manolios,et al.  Integrating Testing and Interactive Theorem Proving , 2011, ACL2.

[41]  Matthieu Sozeau A New Look at Generalized Rewriting in Type Theory , 2009, J. Formaliz. Reason..