Random Testing for Language Design

Property-based random testing can facilitate formal verification, exposing errors early on in the proving process and guiding users towards correct specifications and implementations. However, effective random testing often requires users to write custom generators for well-distributed random data satisfying complex logical predicates, a task which can be tedious and error prone. In this work, I aim to reduce the cost of property-based testing by making such generators easier to write, read and maintain. I present a domain-specific language, called Luck, in which generators are conveniently expressed by decorating predicates with lightweight annotations to control both the distribution of generated values and the amount of constraint solving that happens before each variable is instantiated. I also aim to increase the applicability of testing to formal verification by bringing advanced random testing techniques to the Coq proof assistant. I describe QuickChick, a QuickCheck clone for Coq, and improve it by incorporating ideas explored in the context of Luck to automatically derive provably correct generators for data constrained by inductive relations. Finally, I evaluate both QuickChick and Luck in a variety of complex case studies from programming languages literature, such as information-flow abstract machines and type systems for lambda calculi. Degree Type Dissertation Degree Name Doctor of Philosophy (PhD) Graduate Group Computer and Information Science First Advisor Benjamin C. Pierce

[1]  Carl Eastlund DoubleCheck your theorems , 2009, ACL2 '09.

[2]  Alexander Pretschner,et al.  Idea: Unwinding Based Model-Checking and Testing for Non-Interference on EFSMs , 2015, ESSoS.

[3]  Arnar Birgisson,et al.  Boosting the Permissiveness of Dynamic Information-Flow Tracking by Testing , 2012, ESORICS.

[4]  Koen Claessen,et al.  Making Random Judgments: Automatically Generating Well-Typed Terms from the Definition of a Type-System , 2015, ESOP.

[5]  Dimitrios Vytiniotis,et al.  Under Consideration for Publication in J. Functional Programming Every Bit Counts: the Binary Representation of Typed Data and Programs , 2022 .

[6]  Emina Torlak,et al.  A lightweight symbolic virtual machine for solver-aided host languages , 2014, PLDI.

[7]  S. Owre Random Testing in PVS , 2006 .

[8]  Lukas Bulwahn,et al.  The New Quickcheck for Isabelle - Random, Exhaustive and Symbolic Testing under One Roof , 2012, CPP.

[9]  Tobias Nipkow,et al.  Random testing in Isabelle/HOL , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[10]  Thomas H. Austin,et al.  Permissive dynamic information flow analysis , 2010, PLAS '10.

[11]  Alex Groce,et al.  Swarm testing , 2012, ISSTA 2012.

[12]  Konstantinos Sagonas,et al.  A PropEr integration of types and function specifications with property-based testing , 2011, Erlang Workshop.

[13]  Robert Bruce Findler,et al.  The Racket virtual machine and randomized testing , 2012, High. Order Symb. Comput..

[14]  Qiao Haiyan Testing and Proving in Dependent Type Theory , 2003 .

[15]  David Brumley,et al.  Enhancing symbolic execution with veritesting , 2014, ICSE.

[16]  Benjamin C. Pierce,et al.  Beginner's luck: a language for property-based generators , 2016, POPL.

[17]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2011, SIGP.

[18]  Arnaud Gotlieb Euclide: A Constraint-Based Testing Framework for Critical C Programs , 2009, 2009 International Conference on Software Testing Verification and Validation.

[19]  Thomas H. Austin,et al.  Efficient purely-dynamic information flow analysis , 2009, PLAS '09.

[20]  Deepak Garg,et al.  Generalizing Permissive-Upgrade in Dynamic Information Flow Analysis , 2014, PLAS@ECOOP.

[21]  Sean Wilson,et al.  Supporting dependently typed functional programming with proof automation and testing , 2011 .

[22]  Alejandro Russo,et al.  Dynamic vs. Static Flow-Sensitive Security Analysis , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[23]  John Hughes,et al.  QuickCheck Testing for Fun and Profit , 2007, PADL.

[24]  Achim D. Brucker,et al.  Interactive Testing with HOL-TestGen , 2005, FATES.

[25]  Pierre Lescanne,et al.  Boltzmann samplers for random generation of lambda terms , 2014, ArXiv.

[26]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[27]  M. Hanus,et al.  Curry: A Truly Functional Logic Language , 1995 .

[28]  Rupak Majumdar,et al.  Hybrid Concolic Testing , 2007, 29th International Conference on Software Engineering (ICSE'07).

[29]  Dave Clarke,et al.  Noninterference via Symbolic Execution , 2012, FMOODS/FORTE.

[30]  Alejandro Russo,et al.  From Dynamic to Static and Back: Riding the Roller Coaster of Information-Flow Control Research , 2009, Ershov Memorial Conference.

[31]  Jeffrey S. Fenton Memoryless Subsystems , 1974, Comput. J..

[32]  Deian Stefan,et al.  Flexible dynamic information flow control in Haskell , 2012, Haskell '11.

[33]  Benjamin C. Pierce,et al.  A verified information-flow architecture , 2014, J. Comput. Secur..

[34]  Chung-Kil Hur,et al.  R2: An Efficient MCMC Sampler for Probabilistic Programs , 2014, AAAI.

[35]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[36]  Diane Gallois-Wong Formalising Luck Improved Probabilistic Semantics for Property-Based Generators , 2016 .

[37]  Peter Dybjer,et al.  Combining Testing and Proving in Dependent Type Theory , 2003, TPHOLs.

[38]  Andreas Zeller,et al.  Simplifying and Isolating Failure-Inducing Input , 2002, IEEE Trans. Software Eng..

[39]  Supratik Chakraborty,et al.  Balancing scalability and uniformity in SAT witness generator , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[40]  Casey Klein,et al.  Randomized Testing in PLT Redex , 2009 .

[41]  Paul Tarau On Type-directed Generation of Lambda Terms , 2015, ICLP.

[42]  Thomas P. Jensen,et al.  Disjunctive program analysis for algebraic data types , 1997, TOPL.

[43]  Andrei Sabelfeld,et al.  Information-Flow Security for a Core of JavaScript , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[44]  Pierre Lescanne,et al.  Counting and generating lambda terms , 2012, Journal of Functional Programming.

[45]  Tobias Nipkow,et al.  Nitpick: A Counterexample Generator for Higher-Order Logic Based on a Relational Model Finder , 2010, ITP.

[46]  Mads Dam,et al.  ENCoVer: Symbolic Exploration for Information Flow Security , 2012, 2012 IEEE 25th Computer Security Foundations Symposium.

[47]  Joshua B. Tenenbaum,et al.  Exact and Approximate Sampling by Systematic Stochastic Search , 2009, AISTATS.

[48]  Joshua B. Tenenbaum,et al.  Church: a language for generative models , 2008, UAI.

[49]  Panagiotis Manolios,et al.  Integrating Testing and Interactive Theorem Proving , 2011, ACL2.

[50]  Sam Tobin-Hochstadt,et al.  Run your research: on the effectiveness of lightweight mechanization , 2012, POPL '12.

[51]  David Delahaye,et al.  Producing Certified Functional Code from Inductive Specifications , 2012, CPP.

[52]  Herbert Kuchen,et al.  Systematic generation of glass-box test cases for functional logic programs , 2007, PPDP '07.

[53]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[54]  Graham Hutton,et al.  Towards a Theory of Reach , 2015, TFP.

[55]  Johan Jeuring,et al.  Enumerating Well-Typed Terms Generically , 2009, AAIP.

[56]  Lukas Bulwahn,et al.  Smart Testing of Functional Programs in Isabelle , 2012, LPAR.

[57]  Marinus J. Plasmeijer,et al.  Model-Based Shrinking for State-Based Testing , 2013, Trends in Functional Programming.

[58]  Benjamin C. Pierce,et al.  Foundational Property-Based Testing , 2015, ITP.

[59]  Michael Hanus,et al.  A unified computation model for functional and logic programming , 1997, POPL '97.

[60]  Koushik Sen,et al.  Heuristics for Scalable Dynamic Test Generation , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[61]  Chris Okasaki,et al.  Red-black trees in a functional setting , 1999, Journal of Functional Programming.

[62]  Viktor Kuncak,et al.  Scala to the Power of Z3: Integrating SMT and Programming , 2011, CADE.

[63]  Benjamin C. Pierce,et al.  Generating good generators for inductive relations , 2017, Proc. ACM Program. Lang..

[64]  Casey August Experience with Randomized Testing in Programming Language Metatheory , 2009 .

[65]  Koen Claessen,et al.  Generating constrained random data with uniform distribution , 2014, Journal of Functional Programming.

[66]  Xuejun Yang,et al.  Test-case reduction for C compiler bugs , 2012, PLDI.

[67]  Sarfraz Khurshid,et al.  Symbolic execution for software testing in practice: preliminary assessment , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[68]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[69]  Sarfraz Khurshid,et al.  Test generation through programming in UDITA , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[70]  B. Pierce,et al.  QuickChick: Property-based testing for Coq , 2014 .

[71]  Benjamin C. Pierce,et al.  Testing noninterference, quickly , 2013, Journal of Functional Programming.

[72]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[73]  Michal H. Palka Random Structured Test Data Generation for Black-Box Testing , 2014 .

[74]  Ranjit Jhala,et al.  Type Targeted Testing , 2014, ESOP.

[75]  Bruno Marre,et al.  On-the-fly generation of k-path tests for C functions , 2004, Proceedings. 19th International Conference on Automated Software Engineering, 2004..

[76]  Rachid Echahed,et al.  A needed narrowing strategy , 2000, JACM.

[77]  Stuart J. Russell,et al.  BLOG: Probabilistic Models with Unknown Objects , 2005, IJCAI.

[78]  Gilles Barthe,et al.  Relational Verification Using Product Programs , 2011, FM.

[79]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[80]  Sriram K. Rajamani,et al.  Efficiently Sampling Probabilistic Programs via Program Analysis , 2013, AISTATS.

[81]  Alastair F. Donaldson,et al.  Software Model Checking , 2014, Computing Handbook, 3rd ed..

[82]  Zhong Shao,et al.  CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels , 2016, OSDI.

[83]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[84]  Peter Dybjer,et al.  Verifying Haskell programs by combining testing, model checking and interactive theorem proving , 2004, Inf. Softw. Technol..

[85]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[86]  Leonidas Lampropoulos,et al.  Ode on a random urn (functional pearl) , 2017, Haskell.

[87]  Tom Minka,et al.  TrueSkillTM: A Bayesian Skill Rating System , 2006, NIPS.

[88]  Colin Runciman,et al.  Lazy Generation of Canonical Test Programs , 2011, IFL.

[89]  Alex Groce,et al.  Randomized Differential Testing as a Prelude to Formal Verification , 2007, 29th International Conference on Software Engineering (ICSE'07).

[90]  Fredrik Lindblad Property Directed Generation of First-Order Test Data , 2007, Trends in Functional Programming.

[91]  Suresh Jagannathan,et al.  A relational framework for higher-order shape analysis , 2014, ICFP.

[92]  Adam Chlipala Parametric higher-order abstract syntax for mechanized semantics , 2008, ICFP.

[93]  Nick Benton,et al.  Simple relational correctness proofs for static analyses and program transformations , 2004, POPL.

[94]  Arnaud Gotlieb,et al.  Constraint Reasoning in FocalTest , 2010, ICSOFT.

[95]  Alan K. Mackworth Consistency in Networks of Relations , 1977, Artif. Intell..

[96]  J. Rosenthal,et al.  Adaptive Gibbs samplers and related MCMC methods , 2011, 1101.5838.

[97]  P. H. Testing an Optimising Compiler by Generating Random Lambda Terms , 2012 .

[98]  Dawson R. Engler,et al.  EXE: automatically generating inputs of death , 2006, CCS '06.

[99]  John Hughes,et al.  Testing Erlang data types with quviq quickcheck , 2008, ERLANG '08.

[100]  Benjamin C. Pierce,et al.  All Your IFCException Are Belong to Us , 2013, 2013 IEEE Symposium on Security and Privacy.

[101]  David Delahaye,et al.  Extracting Purely Functional Contents from Logical Inductive Types , 2007, TPHOLs.

[102]  Koushik Sen,et al.  Symbolic execution for software testing: three decades later , 2013, CACM.

[103]  Sergio Antoy,et al.  A monadic semantics for core Curry , 2003, WFLP.

[104]  Colin Runciman,et al.  Smallcheck and lazy smallcheck: automatic exhaustive testing for small values , 2008, Haskell '08.

[105]  Michael D. Ernst,et al.  Randoop: feedback-directed random testing for Java , 2007, OOPSLA '07.

[106]  Mark Harman,et al.  An Analysis and Survey of the Development of Mutation Testing , 2011, IEEE Transactions on Software Engineering.

[107]  Andrew C. Myers,et al.  Programming Languages for Information Security , 2002 .

[108]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[109]  S. Rajamani,et al.  A decade of software model checking with SLAM , 2011, Commun. ACM.

[110]  Sebastian Fischer,et al.  EasyCheck - Test Data for Free , 2008, FLOPS.

[111]  Meng Wang,et al.  Feat: functional enumeration of algebraic types , 2012, Haskell.

[112]  Xuejun Yang,et al.  Finding and understanding bugs in C compilers , 2011, PLDI '11.

[113]  Adam Chlipala,et al.  Certified Programming with Dependent Types - A Pragmatic Introduction to the Coq Proof Assistant , 2013 .

[114]  Andrew C. Myers,et al.  Dynamic security labels and static information flow control , 2007, International Journal of Information Security.

[115]  Johannes Kinder,et al.  Hypertesting : The Case for Automated Testing of Hyperproperties , 2015 .

[116]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..