Functional Parameterized Unit Testing

advertisement
Tutorial
Nikolai Tillmann, Peli de Halleux, Wolfram Schulte (Microsoft Research)
Tao Xie (North Carolina State University)






Unit Testing
Parameterized Unit Testing
Input Generation with Pex
Patterns for Parameterized Unit Testing
Parameterized Models
Wrapping up


We will use the tool Pex as part of the exercises
To install it, you need
 Windows XP or Vista
 .NET 2.0

Download Pex from
http://research.microsoft.com/en-us/projects/pex/downloads.aspx

Two variations :
 pex.devlabs.msi:
requires Visual Studio 2008 Team System
 pex.academic.msi:
does not require Visual Studio,
but for non-commercial use only

To run the samples, you need VS Team System
Introduction


A unit test is a small program with assertions
Test a single (small) unit of code
void ReadWrite() {
var list = new List();
list.Add(3);
Assert.AreEqual(1, list.Count);
}





Design and specification By Example
Documentation
Short feedback loop
Code coverage and regression testing
Extensive tool support for test execution and
management


Happy path only
Hidden integration tests
 Touch the database, web services, requires multiple
machines, etc…


New Code with Old Tests
Redundant tests

Coverage: Are all parts of the program exercised?





statements
basic blocks
explicit/implicit branches
…
Assertions: Does the program do the right thing?
 test oracle
Experience:
 Just high coverage of large number of assertions is
no good quality indicator.
 Only both together are!
Goal: Implement and test TrimEnd:
// trims occurences of the ‘suffix’ from ‘target’
string TrimEnd(string target, string suffix);


Open Visual Studio
Create CodeUnderTestProject, and implement TrimEnd

File -> New -> Project -> Visual C# -> Class Library
 Add new StringExtensions class
 Implement TrimEnd

Create TestProject, and test TrimEnd

File -> New -> Project -> C# -> Test -> Test Project
 Delete ManualTest.mht, UnitTest1.cs, …
 Add new StringExtensionsTest class
 Implement TrimEndTest

Execute test

Test -> Windows -> Test View, execute test, setup and inspect Code Coverage
public class StringExtensions {
public static string TrimEnd(string target, string suffix) {
if (target.EndsWith(suffix))
target = target.Substring(0, target.Length-suffix.Length);
return target;
}
}
[TestClass]
public class StringExtensionTest {
[TestMethod]
public void TrimEndTest() {
var target = "Hello World";
var suffix = "World";
var result = StringExtensions.TrimEnd(target, suffix);
Assert.IsTrue(result == "Hello ");
}
}
Introduction

Three essential ingredients:
 Data
 Method Sequence
 Assertions
void Add() {
int item = 3;
var list = new List();
list.Add(item);
var count = list.Count;
Assert.AreEqual(1, count);
}
list.Add(3);

Which value matters?
 Bad choices cause redundant, or worse,
incomplete test suites.
 Hard-coded values get stale when product
changes.
 Why pick a value if it doesn’t matter?


Parameterized Unit Test =
Unit Test with Parameters
Separation of concerns
 Data is generated by a tool
 Developer can focus on functional specification
void Add(List list, int item) {
var count = list.Count;
list.Add(item);
Assert.AreEqual(count + 1, list.Count);
}

A Parameterized Unit Test can be read as a
universally quantified, conditional axiom.
void ReadWrite(string name, string data) {
Assume.IsTrue(name != null && data != null);
Write(name, data);
var readData = Read(name);
Assert.AreEqual(data, readData);
}
 string name, string data:
name ≠ null ⋀ data ≠ null ⇒
equals(
ReadResource(name,WriteResource(name,data)),
data)
Parameterized Unit Tests (PUTs) commonly supported by
various test frameworks
 .NET: Supported by .NET test frameworks
 http://www.mbunit.com/
 http://www.nunit.org/
 …

Java: Supported by JUnit 4.X
 http://www.junit.org/
Generating test inputs for PUTs supported by tools
 .NET: Supported by Microsoft Research Pex
 http://research.microsoft.com/Pex/
 Java: Supported by Agitar AgitarOne
 http://www.agitar.com/
Goal: Create a parameterized unit test for TrimEnd..
 Refactor: Extract Method
[TestMethod]
public void TrimEndTest() {
var target = "Hello World";
var suffix = "World";
var result = ParameterizedTest(target, suffix);
Assert.IsTrue(result == "Hello ");
}
static string ParameterizedTest(string target, string suffix) {
var result = StringExtensions.TrimEnd(target, suffix);
return result;
}
Goal: Given a program with a set of input
parameters, automatically generate a set of input
values that, upon execution, will exercise as many
statements as possible
Observations:
 Reachability not decidable, but approximations
often good enough
 Encoding of functional correctness checks as
assertions that reach an error statement on failure
17
void PexAssume.IsTrue(bool c) {
if (!c)
throw new AssumptionViolationException();
}
void PexAssert.IsTrue(bool c) {
if (!c)
throw new AssertionViolationException();
}


Assumptions and assertions induce branches
Executions which cause assumption violations are
ignored, not reported as errors or test cases

Human
 Expensive, incomplete, …

Brute Force
 Pairwise, predefined data, etc…

Semi - Random: QuickCheck
 Cheap, Fast
 “It passed a thousand tests” feeling

Dynamic Symbolic Execution: Pex, Cute,EXE
 Automated white-box
 Not random – Constraint Solving
Choose next path
Code to generate inputs for:
void CoverMe(int[] a)
{
if (a == null) return;
if (a.Length > 0)
if (a[0] == 1234567890)
throw new Exception("bug");
}
F
F
a.Length>0
a==null
T
Solve
Constraints to solve
Data
Observed constraints
null
a==null
a!=null &&
!(a.Length>0)
a!=null &&
a.Length>0 &&
a[0]!=1234567890
{}
a!=null
a!=null &&
a.Length>0
Execute&Monitor
{0} condition
Negated
a!=null &&
a.Length>0 &&
a[0]==1234567890
{123…}
a!=null &&
a.Length>0 &&
a[0]==1234567890
T
Done: There is no path left.
a[0]==123…
F
T
Open CoverMe project in Visual Studio.
Right-click on CoverMe method, and select “Run
Pex”.
 Inspect results in table.


public static void CoverMe(int[] a)
{
if (a == null) return;
if (a.Length > 0)
if (a[0] == 1234567890)
throw new Exception("bug");
}

How to test this code?
(Actual code from .NET base class libraries)
[PexClass, TestClass]
[PexAllowedException(typeof(ArgumentNullException))]
[PexAllowedException(typeof(ArgumentException))]
[PexAllowedException(typeof(FormatException))]
[PexAllowedException(typeof(BadImageFormatException))]
[PexAllowedException(typeof(IOException))]
[PexAllowedException(typeof(NotSupportedException))]
public partial class ResourceReaderTest {
[PexMethod]
public unsafe void ReadEntries(byte[] data) {
PexAssume.IsTrue(data != null);
fixed (byte* p = data)
using (var stream = new UnmanagedMemoryStream(p, data.Length)) {
var reader = new ResourceReader(stream);
foreach (var entry in reader) { /* reading entries */ }
}
}
}


If the test does not throw an exception, it succeeds.
If the test throws an exception,
 (assumption violations are filtered out),
 assertion violations are failures,
 for all other exception, it depends on further annotations.

Annotations
 Short form of common try-catch-assert test code
 [PexAllowedException(typeof(T))]
 [PexExpectedException(typeof(T))]
A brief overview



Instrumentation framework “Extended Reflection”
Instruments .NET code at runtime
Precise data flow and control flow analysis
Pex
Code
Under
Test
Z3
ExtendedReflection


Pex listens to monitoring callbacks
Symbolic execution along concrete execution
Pex
Code
Under
Test
Z3
ExtendedReflection


Constraint solving with SMT solver Z3
Computes concrete test inputs
Pex
Code
Under
Test
Z3
ExtendedReflection


Execute with test inputs from constraint solver
Emit test as source code if it increases coverage
Pex
Code
Under
Test
Z3
ExtendedReflection



ExtendedReflection: Code Instrumentation
Z3: SMT constraint solver
Pex: Dynamic Symbolic Execution
Pex
Code
Under
Test
Z3
ExtendedReflection
class Point { int x;
static int GetX(Point p) {
if (p != null) return p.X;
else return -1; } }
ldtoken
Point::X
call __Monitor::LDFLD_REFERENCE
ldfld Point::X
call __Monitor::AtDereferenceFallthrough
br
L2
L1:
ldtoken
Point::GetX
Prologue
call __Monitor::AtBranchTarget
call __Monitor::EnterMethod
Record concrete
values
call __Monitor::LDC_I4_M1
brfalseL0
ldarg.0
to have allldc.i4.m1
information
call __Monitor::Argument<Point>
L2:
p ==pnull
L0: .try {
Calls towhen
buildthis method
is called
call
__Monitor::RET
.try {
(The
real
C#with
compiler
path
condition
no proper
stloc.0 context
call __Monitor::LDARG_0
null
Calls
will
perform
ldarg.0
output is actually moreleave L4
call __Monitor::LDNULL
} catch NullReferenceException {
symbolic computation
complicated.)
ldnull
‘
call __Monitor::AtNullReferenceException
call __Monitor::CEQ
rethrow
ceq
call __Monitor::BRTRUE
}
Epilogue L4: leave L5
brtrue
L1
call __Monitor::BranchFallthrough
} finally {
call __Monitor::LDARG_0
call
__Monitor::LeaveMethod
ldarg.0
Calls
to
build
…
endfinally
path condition
}
L5: ldloc.0
ret
Pex’s representation of symbolic values and state is similar to the ones used
to build verification conditions in ESC/Java, Spec#, …
Terms for
 Primitive types (integers, floats, …), constants, expressions
 Struct types by tuples
 Instance fields of classes by mutable ”mapping of references to values"
 Elements of arrays, memory accessed through unsafe pointers
by mutable “mapping of integers to values"
Efficiency by
 Many reduction rules, including reduction of ground terms to constants
 Sharing of syntactically equal sub-terms
 BDDs over if-then-else terms to represent logical operations
 Patricia Trees to represent AC1 operators
(including parallel array updates)

SMT-Solver (“Satisfiability Modulo Theories”)
 Decides logical first order formulas with respect to theories
 SAT solver for Boolean structure
 Decision procedures for relevant theories:
uninterpreted functions with equalities,
linear integer arithmetic, bitvector arithmetic, arrays, tuples

Model generation for satisfiable formulas
 Models used as test inputs

Limitations
 No decision procedure for floating point arithmetic

http://research.microsoft.com/z3
Parameterized Unit Testing
Code-Under-Test
Project
Test Project
Parameterized
Unit Tests
Pex
Generated Tests

Right-click on the code-under-test project
 In the Solution Explorer


Select “Pex”
Select “Create Parameterized Unit Test Stubs”
Generated Test Project
References
Microsoft.Pex.Framework
(and
more)
References
VisualStudio
UnitTestFramework
Contains source files with
generated Parameterized Unit
Test stubs

Right-click on Parameterized Unit Test
 For now, it just calls the implementation,
but the you should edit it, e.g. to add assertions

Select “Run Pex Explorations”
Input/Output table
Current
Exploration
Row = generated test
Issue bar
Parameterized
Column = parameterized testStatus
input
or
Important
messages
Unit
Test
output
here !!!
Test outcome
filtering
Failing
New Test
Fix available
Test
Passing
Test
Exception
Review test
Stack trace
Allow exception
Pex Explorer makes it easy to
digest the results of many
Parameterized Unit Tests, and
many generated test inputs
pex.exe
Rich information, used
byrendered
Pex developers
HTML
from XML report file:
Full event log historyIt is easy to programmatically extract
information!
Parameter
table
 Code
coverage
 etc…




Tell Pex which Type you are testing
 Code coverage
 Exception filtering
 Search prioritization
[PexClass(typeof(Foo))]
public class FooTest {
…

3 Domains
 UserCodeUnderTest
public void CodeUnderTest() { … }
 UserOrTestCode
[PexClass] public class FooTest {
[PexMethod] public void ParamTest(…) { …
 SystemCode
public class String {
public bool Contains(string value) { …

Namespace, type, method filters
 pex.exe test.dll /tf:Foo /mf:Bar

Partial match, case insensitive
 Full match: add “!”: /tf:Foo!
 Prefix: add “*”: /tf:Foo*
 Many other filters
 e.g. to select a “suite”: /sf=checkin
 For more information:
pex.exe help filtering
Goal: Explore input generation techniques with TrimEnd


Write or discuss a random input generator for TrimEnd
Adapt your parameterized unit tests for Pex
 Start over with “Create Parameterized Unit Test Stubs”, or…
▪ Add reference to Microsoft.Pex.Framework
▪ Add using Microsoft.Pex.Framework;
▪ Add [PexClass(typeof(StringExtensions))] on
StringExtensionsTest
▪ Add [PexMethod] on your parameterized tests


Right-click in test and ‘Run Pex Explorations’
Compare test suites
It’s called Parameterized Unit Testing

The yellow event bar notifies about
important events, including certain
Click
on
issue
limitations
kind for more
information

You should act on these events:
 Refactor your code, or
 tell Pex to ignore it in the future,
 let Pex analyze (“instrument”) more code, if
possible.
Understand the
issue,
Clickand
on atake
particular
anevent
action
for more
information

If Pex reports that some code was uninstrumented,
you may tell Pex to instrument and analyze it
(if possible)

Code instrumentation on Demand
 Instrumentation has high performance overhead
 Some parts of the code better ignored

Use PexInstrument… attributes
[assembly: PexInstrumentAssembly(“Foo”)]

Pex will often suggest and insert those
attributes for you

Pex understand managed .NET code only
 Pex does not understand native code.

Problem if branching over values obtained from the
environment
 Pex may not automatically detect all such cases.
File System?
if (!File.Exists(f)) throw ...


Pex analyzes every executed .NET instruction
Some used libraries may be surprisingly expensive
to analyze
 XML parsing
 repeatedly converting data between different
representations
void Sum(string[] A) {
Don’t do this.
var sum = “0”;
foreach(var a in A)
sum = (int.Parse(a) + int.Parse(sum)).ToString();
if(sum == “123”) throw new Exception();
}
There are decision procedures for individual path
conditions, but…
 Number of potential paths grows
exponentially with number of branches
 Reachable code not known initially
 Without guidance, same loop might be
unfolded forever


To deal with the path explosion problem, Pex
uses search heuristics.
Heuristics try to create “diversity”, i.e. they
prefer paths which are so far
underrepresented e.g. by their coverage
vectors


In the presence of loops and recursion,
Pex could search forever, so Pex has many
ways to bound the search
Named arguments of [PexMethod]
[PexMethod(MaxConstraintSolverTime = 4)]

Pex will often suggest and update those
bounds for you.

Configurable bounds include:
 TimeOut
 MaxBranches
 MaxCalls
 MaxConditions
▪ Number of conditions that depend on test inputs
 MaxRuns
 ConstraintSolverTimeOut
 ConstraintSolverMemoryLimit
 Division and modulo are expensive
to reason about
 No decision procedures for floatingpoint arithmetic
 Pex currently uses heuristic search
techniques for floating-point constraints
Initially, choose Arbitrary
Path-constraint
solving is just
hard.
Test
Inputs
Constraint
System
Reachability is
undecidable!
(Loops)
Execution Path
(With external
Known
functions and
Paths
dynamic loading,
summaries
are difficult.)


Pex only explores single-threaded code
Related approach to explore threadschedules (but not input parameters): CHESS
http://research.microsoft.com/en-us/projects/chess/




Write assertions and Pex will try to break
them
Without assertions, Pex can only find
violations of runtime contracts causing
NullReferenceException,
IndexOutOfRangeException, etc.
Assertions leveraged in product and test code
Pex can leverage Code Contracts (discussed
later)



Pex only uses public methods to configure
non-public object fields
Heuristics built-in to deal with common types
User can help if needed
void (Foo foo) {
if (foo.Value == 123) throw …
[PexFactoryMethod]
Foo Create(Bar bar) {
return new Foo(bar);
}
Goal: Understand limitations of DSE.
 PexGoal/PexExpectedGoals
 Apply Pex to
if (File.Exists(fileName))
PexGoal.Reached();
if (DateTime.Parse(s).Year == 2009)
PexGoal.Reached();
class Foo { private Foo() {} }
…
if (foo != null) PexGoal.Reached();
Tips and tricks
Problem:
• Constraint solver determines
test inputs = initial state of test
• Most classes hide their state (private fields)
• State is initialized by constructor, and can be
mutated only by calling methods
• What sequence of method calls reaches a given
target state?
• There may be no such sequence
• In general, undecidable
Two approaches:
• (Guided) exploration of constructor/mutator methods
• Testing with class invariants
Specification:
[PexMethod]
public void ArrayListTest(ArrayList al, object o)
{
PexAssume.IsTrue(al != null);
int len = al.Count;
al.Add(o);
PexAssert.IsTrue(al[len] == o);
}

Factory methods
 Parameterized factories create and configure objects
 Explicit: Public static method annotated with
[PexFactoryMethod]
 Implicit: Pex guesses “best” constructor/setters

Result: Exploration of reachable states
 Reachable using factory method
 Reachable within configured bounds
 Under-approximation of possible states
We will now describe how you can create objects
via the exploration of a class invariant.
 Write class invariant as boolean-valued
parameterless method
 Refers to private fields
 Must be placed in implementation code

Write special constructor for testing only
 May be marked as "debug only"
 Constructor sets fields, assumes invariant

Result: Exploration of feasible states
 May include states that are not reachable
Open project “ArrayListSample”.
 Explore AddTestExplicit
 Explore AddTestImplicit
 Inspect generated test cases
 Notice constructor implicitly used by Pex


Edit code of ArrayList class:
Add “ad-hoc” Invariant method:
private bool Invariant() {
return this._items != null &&
this._size >= 0 &&
this._items.Length >= this._size;
}

Add DEBUG-only constructor that allows to configure object
freely, and then checks invariant:
#if DEBUG
public ArrayList(object[] items, int size) {
this._items = items;
this._size = size;
if (!this.Invariant()) throw new Exception();
}
#endif
Tips and tricks

Assume, Arrange, Act, Assert
[PexMethod]
void Add(List target, T value) {
PexAssume.IsNotNull(target); // assume
var count = target.Count; // arrange
target.Add(value); // act
Assert(target.Count == count + 1)//assert
}

For an API f(x),
f-1(f(x)) = x
for all x
void PropertyRoundtrip(string value) {
var target = new Foo();
target.Name = value;
var roundtripped = target.Name;
Assert.AreEqual(value, roundtripped);
}

For an API f(x),
f-1(f(x)) = x
for all x
void ToStringParseRoundtrip(int value) {
string s = value.ToString();
int parsed = int.Parse(s);
Assert.AreEqual(value, parsed);
}

For an API f(x),
f-1(f(f-1(x)) = f-1(x)
for all x
void ParseToString(string x) {
var normalized = int.Parse(x);
var intermediate = normalized.ToString();
var roundtripped = int.Parse(intermediate);
Assert(normalized == roundtripped);
}

Observe a state change
void ContainedAfterAdd(string value) {
var list = new List<string>();
list.Add(value);
Assert.IsTrue(list.Contains(value));
}

Given two methods f(x) and g(x), and a method b(y)
that observes the result or the exception behavior of a
method, assert that f(x) and g(x) have same observable
behavior under b, i.e. b(f(x)) = b(g(x)) for all x.
public void ConcatsBehaveTheSame(
string left, string right)
{
PexAssert.AreBehaviorsEqual(
() => StringFormatter.ConcatV1(left, right),
() => StringFormatter.ConcatV2(left, right));
}

Given two implementations f and g of the same
function, each possible requiring a different number of
steps, i.e. f(x)=f1(f2(…(fn(x)…)), and g(x)=g1(g2(…
(gm(x)…)), then it should hold that
f1(f2(…(fn(x))…) = g1(g2(…(gm(x)…)) for all x.
string Multiply(string x, string y);
int Multiply(int x, int y);
void CommutativeDiagram1(int x, int y) {
string z1 = Multiply(x, y).ToString();
string z2 = Multiply(x.ToString(), y.ToString());
PexAssert.AreEqual(z1, z2);
}

Allowed exception -> negative test case
[PexAllowedException(typeof(ArgumentException))]
void Test(object item) {
var foo = new Foo(item) // validates item
// generated test (C#)
[ExpectedException(typeof(ArgumentException))]
void Test01() {
Test(null); // argument check
}

Indicate which portions of a PUT should be
reachable.
[PexExpectedGoals]
public void InvariantAfterParsing(string input)
{
ComplexDataStructure x;
bool success = ComplexDataStructure.TryParse(
input, out x);
PexAssume.IsTrue(success);
PexGoal.Reached();
x.AssertInvariant();
}

Generated test asserts any observed value
 Return value, out parameters, PexGoal
int AddTest(int a, int b) {
return a + b; }

When code evolves, breaking changes in observable
will be discovered
void AddTest01() {
var result = AddTest(0, 0);
Assert.AreEqual(0, result);
}
Goal: Identify and apply patterns
 Apply patterns to parameterized unit tests of
TrimEnd.
Unit test: while it is debatable what a ‘unit’ is, a ‘unit’
should be small.
 Integration test: exercises large portions of a system.


Observation: Integration tests are often “sold” as
unit tests
White-box test generation does not scale well to
integration test scenarios.
 Possible solution: Introduce abstraction layers, and
mock components not under test

AppendFormat(null, “{0} {1}!”, “Hello”, “World”);

“Hello World!”
.Net Implementation:
public StringBuilder AppendFormat(
IFormatProvider provider,
char[] chars, params object[] args) {
if (chars == null || args == null)
throw new ArgumentNullException(…);
int pos = 0;
int len = chars.Length;
char ch = '\x0';
ICustomFormatter cf = null;
if (provider != null)
cf = (ICustomFormatter)provider.GetFormat(typeof(ICustomFormatter));
…


Introduce a mock class which implements the interface.
Write assertions over expected inputs, provide concrete outputs
public class MFormatProvider : IFormatProvider {
public object GetFormat(Type formatType) {
Assert.IsTrue(formatType != null);
return new MCustomFormatter();
}
}

Problems:
 Costly to write detailed behavior by example
 How many and which mock objects do we need to write?


Introduce a mock class which implements the interface.
Let an oracle provide the behavior of the mock methods.
public class MFormatProvider : IFormatProvider {
public object GetFormat(Type formatType) {
…
object o = call.ChooseResult<object>();
return o;
}
}

Result: Relevant result values can be generated by white-box
test input generation tool, just as other test inputs can be
generated!
92



Show AppendFormat code
Show AppendFormat test
Run Pex
93

Chosen values can be shaped by assumptions
public class MFormatProvider : IFormatProvider {
public object GetFormat(Type formatType) {
…
object o = call.ChooseResult<object>();
PexAssume.IsTrue(o is ICustomFormatter);
return o;
}
}

(Note: Assertions and assumptions are “reversed” when
compared to parameterized unit tests.)
94

Choices to build parameterized models
class PFileSystem : IFileSystem {
// cached choices
PexChosenIndexedValue<string,string> files;
string ReadFile(string name) {
var content = this.files[name];
if (content == null)
throw new FileNotFoundException();
return content;
}}
Goal: Test a ‘CopyFile’ method with a File System model
interface IFileSystem {
string ReadFile(string fileName);
void WriteFile(string name, string content);
}
Write a CopyFile method using IFileSystem
Implement IFileSystem with System.IO.File
and use it to test Copy.
 Write a parameterized model for IFileSystem and
use it to test Copy.


Design By Contracts
meets
Automated Whitebox Testing

http://research.microsoft.com/en-us/projects/contracts/

Library to state preconditions, postconditions,
invariants
Supported by two tools:

 Static Checker
 Rewriter: turns Code Contracts into runtime checks

Pex analyses the runtime checks
 Contracts act as Test Oracle


Pex may find counter examples for contracts
Missing Contracts may be suggested
If present, Pex leverages [ContractInvariantMethod] to create
objects via reflection and checking if invariant holds:
 Install Code Contracts:
Add reference to Microsoft.Contracts library
 Add empty [ContractInvariantMethod]
 Run Pex, click on “Add Invariant”
 Repeat, edit manually
[ContractInvariantMethod]
protected void Invariant() {
Contract.Invariant(this._items != (object[])null);
Contract.Invariant(
(uint)(this._size) <= (uint)(this._items.Length));
}



Code Contracts allow specification of interface contracts
Pex‘ stubs framework can leverage contracts to check
input and restrict output of mock objects.
Consider the following interfaces annotated with
contracts (using Spec# notation):
interface IFormatProvider {
object GetFormat(Type formatType)
requires
formatType != null;
ensures
result != null &&
}
formatType.IsAssignableFrom(result.GetType());





Create IFormatProvider interface with Code Contracts
in code-under-test project
Create (parameterized) test project
Show stubs
Create parameterized unit test using IFormatProvider
Explore parameterized unit test


Random input generators: many
Combining random testing and constraint solving
 DART, CUTE, EXE, KLEE, CREST (C)
 jCUTE, jFuzz (Java)
 SAGE (X86)
 …

Program model checkers
 JPF, Kiasan/KUnit (Java), XRT (.NET)

Commercial tools
 AgitarOne, …
103
http://research.microsoft.com/pex
http://codeplex.com/Pex
https://sites.google.com/site/asergrp/
Download