Representation dependence testing using program inversion

The definition of a data structure may permit many different concrete representations of the same logical content. A (client) program that accepts such a data structure as input is said to have a representation dependence if its behavior differs for logically equivalent input values. In this paper, we present a methodology and tool for automated testing of clients of a data structure for representation dependence. In the proposed methodology, the developer expresses the logical equivalence by writing a normalization program f that maps each concrete representation to a canonical one. Our solution relies on automatically synthesizing the one-to-many inverse function of f: given an input value x, we can generate multiple test inputs logically equivalent to x by executing the inverse with the canonical value f(x) as input repeatedly. We present an inversion algorithm for restricted classes of normalization programs including programs mapping arrays to arrays in a typical iterative manner. We present a prototype implementation of the algorithm, and demonstrate how our methodology reveals bugs due to representation dependence in open source software such as Open Office and Picasa using the widely used image format TIFF. TIFF is a challenging case study for our approach.

[1]  Cesare Tinelli,et al.  Solving quantified verification conditions using satisfiability modulo theories , 2007, Annals of Mathematics and Artificial Intelligence.

[2]  Edsger W. Dijkstra,et al.  Program Inversion , 1978, Program Construction.

[3]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[4]  James Noble,et al.  Ownership types for flexible alias protection , 1998, OOPSLA '98.

[5]  John Tang Boyland,et al.  Why we should not add readonly to Java (yet) , 2006, J. Object Technol..

[6]  Brian J. Ross,et al.  Running programs backwards: The logical inversion of imperative computation , 1997, Formal Aspects of Computing.

[7]  Martin H. Trauth,et al.  MATLAB® Recipes for Earth Sciences , 2021, Springer Textbooks in Earth Sciences, Geography and Environment.

[8]  Liuba Shrira,et al.  Ownership types for object encapsulation , 2003, POPL '03.

[9]  James Noble,et al.  Overcoming Representation Exposure , 1999, ECOOP Workshops.

[10]  Arnaud Gotlieb,et al.  Automated metamorphic testing , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.

[11]  Berry Schoenmakers Inorder Traversal of a Binary Heap and its Inversion in Optimal Time and Space , 1992, MPC.

[12]  Sarfraz Khurshid,et al.  Korat: automated testing based on Java predicates , 2002, ISSTA '02.

[13]  Michael D. Ernst,et al.  A practical type system and language for reference immutability , 2004, OOPSLA '04.

[14]  Peter M. Maurer,et al.  Generating test data with enhanced context-free grammars , 1990, IEEE Software.

[15]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[16]  Anindya Banerjee,et al.  Ownership confinement ensures representation independence for object-oriented programs , 2002, JACM.

[17]  Pedram Amini,et al.  Fuzzing: Brute Force Vulnerability Discovery , 2007 .

[18]  Gail E. Kaiser,et al.  Automatic system testing of programs without test oracles , 2009, ISSTA.

[19]  David Gries,et al.  Inorder traversal of a binary tree and its inversion , 1989 .

[20]  Richard C. Holt,et al.  The Geneva convention on the treatment of object aliasing , 1992, OOPS.