1
MC LC
M U8
CHNG 1-C S L LUN10
1.1Tng quan kim nh phn mm10
1.2Cc nhm kim nh phn mm10
CHNG 2-JAVA PATH FINDER V THC THI TNG TRNG12
2.1Gii thiu v JPF12
2.1.1JPF c th kim tra nhng chng trnh g?13
2.1.2Kin trc mc cao ca JPF14
2.1.3Kh nng m rng ca JPF15
2.1.4Mt s m rng ca JPF16
2.2Thc thi tng trng sinh d liu kim th17
2.2.1Thc thi tng trng l g?17
2.2.2Thc thi tng trng vi JPF18
2.2.3Hng dn thc thi tng trng vi JPF19
2.2.4Hn ch29
CHNG 3-MICROSOFT Z331
3.1SMT l g31
3.2Z3 l g31
3.3Ti sao li l Z3?32
3.4Kin trc ca Z332
3.5nh dng u vo33
3.6nh dng SMT-LIB34
3.6.1Cc chc nng chnh ca SMT-LIB.34
3.7Cc quan h, phng thc, v hng s.35
3.7.1Tt c cc phng thc l tuyt i ( total)35
3.7.2Uninterpreted function v hng s36
3.7.3Phng thc quy36
3.8S hc37
3.8.1S hc tuyn tnh thc37
3.8.2S hoc tuyn tnh nguyn37
3.8.3Trn gia s nguyn v s thc.38
3.8.4S hc phi tuyn tnh38
3.9Kiu d liu39
3.9.1Kiu bn ghi39
3.9.2Kiu lit k ( enumeration)39
3.9.3Kiu d liu qui.39
3.10V d v Z340
3.11Mt vi ng dng ca Z340
CHNG 4-TCH HP Z3 VI JPF42
4.1Nghin cu nh gi cc gii php42
4.2Kin trc h thng42
4.3Chuyn i d liu43
4.4Thit k v ci t47
4.5Kt qu v nh gi48
KT LUN V HNG PHT TRIN CA TI53
TI LIU THAM KHO54
DANH MC CC HNH
Hnh 2.1: M hnh hot ng ca JPF12
Hnh 2.2: S trng thi trong qu trnh kim th13
Hnh 2.3: Kin trc mc cao14
Hnh 2.4: Mu Listener15
Hnh 2.5: V d v thc thi tng trng18
Hnh 2.6: u ra trn Eclipse cho MyClass121
Hnh 2.7: u ra ca MyClass2 trn Eclipse22
Hnh 2.8: u ra ca MyClass2sau khi lc kt qu trn Eclipse24
Hnh 2.9: u ra ca MyDriver trn Eclipse25
Hnh 2. 10: u ra ca MyClassFP trn Eclipse27
Hnh 3.1: Kin trc ca Z333
Hnh 4.1: Kin trc h thng43
Hnh 4.2: S mc gi47
Hnh 4.3: S lp tng qut48
Hnh 4.4: Kt qu vi Choco - s hc tuyn tnh49
Hnh 4. 5: Kt qu vi z3 - s hc tuyn tnh.50
Hnh 4. 6: Kt qu vi Choco s hc phi tuyn tnh51
Hnh 4. 7: Kt qu vi Z3 s hc phi tuyn tnh52
M U
Trong nhng nm gn y, vic pht trin phn mm ngy cng c chuyn nghip ha. Cc phn mm c pht trin ngy cng c quy m ln. Yu cu m bo cht lng phn mm l mt trong nhng mc tiu quan trong nht, c bit trong mt s lnh vc nh y khoa, ngn hng, hng khng Vic kim th, kim chng phn mm mt cch th cng ch m bo c phn no cht lng ca phn mm. V vy rt nhiu cc t chc, cng ty nghin cu v pht trin cc l thuyt cng nh cng c kim chng, kim th phn mm mt cch t ng.
Xut pht t nhu cu thc t trn, tc gi nghin cu mt s l thuyt, cng c trong vic kim chng v kim th phn mm. Mt l thuyt nn tng rt quan trng l l thuyt v tnh tha c, vit tt l SMT (Satisfiability Modulo Theories). L thuyt v tnh tha c c ng dng gii quyt nhiu bi ton trong cng ngh phn mm nh:
Kim chng chng trnh
Khm ph chng trnh
M hnh ha phn mm
Sinh cc ca kim th
Hin nay Microsoft Z3 l mt cng c tm li gii cho SMT ang c p dng trong nhiu d n ca Microsoft nh: Pex, Spec#, SLAM/SDV, Yogi. Z3 c nh gi l cng c tm li gii mnh nht hin nay. Tuy nhin Z3 ch c p dng cho cc ngn ng ca Microsoft. V vy tc gi t ra vn : Liu c th s dng Z3 kim chng cho cc chng trnh vit bng ngn ng khc nh Java?
Trong qu trnh nghin cu v kim chng chng trnh tc gi cng c tm hiu v JavaPathFinder (JPF). JPF l mt d n m ngun m c pht trin trn ngn ng Java. Hin nay c mt m rng ca JPF trong vic sinh t ng d liu u vo kim th chng trnh. Tuy nhin cn rt nhiu hn ch, v vy tc gi ngh n vic lm sao tch hp c Z3 vi JPF c th sinh t ng d liu kim th chng trnh. Nu vic tch hp thnh cng th s dn ti vic gii quyt c lp bi ton rng hn. iu ny l rt c ngha i vi thc t.
Mc tiu ti:
Mc tiu ca ti l nghin cu nm bt r v Z3 v JPF. Sau bc u tch hp thnh cng Z3 v JPF c th sinh t ng d liu kim th chng trnh Java cho cc bi ton m hin nay JPF khng th thc hin c. (v d: sinh t ng d liu cho s hc phi tuyn tnh).
CU TRC CA LUN VN
Lun vn bao gm cc phn sau:
M u: Gii thiu v ti, tnh cp thit cng nh mc tiu ca ti
Chng 1: C s l lun
Chng 2: JPF v Thc thi tng trng
Ni dung: Gii thiu JPF l g? Kin trc ca JPF, cch m rng, pht trin trn JPF. Ngoi ra cn mt phn rt quan trng l gii thiu v thc thi tng trng sinh d liu kim th cho chng trnh trong JPF. M rng ny s cho php sinh t ng d liu kim th chng trnh Java.
Chng 3: Microsoft Z3
Ni dung: Gii thiu v l thuyt tnh tha c SMT, Z3, cc l thuyt c h tr trn Z3, cc API ca Z3 tch hp vi JPF, cc ng dng ca Z3.
Chng 4: Tch hp JPF vi Z3
Ni dung: Nghin cu, nh gi cc gii php. Sau khi c gii php tin hnh thit k kin trc h thng, sau chi tit ha sang mc gi, mc lp cui cng l ci t v nh gi kt qu.
Kt lun v hng pht trin ca lun vn
Trnh by kt qu sau khi nghin cu, trin khai v hng pht trin tip theo.
C S L LUN
Tng quan kim nh phn mm
Nh chng ta bit, vic kim th phn mm l mt khu khng th thiu trong cc bc pht trin phn mm, c bit cc phn mm ln, nhiu module do nhiu ngi pht trin, d sinh ra cc li tim n m nh pht trin khng th lng trc. Trong lnh vc kim nh cht lng phn mm hin nay trn th gii, hin c nhiu k thut nhng tu chung c th phn theo ba nhm chnh: Phn tch m ngun tnh (static code analysis), kim th d liu ng (dynamic data testing) v k thut hnh thc da trn m hnh (model-based verification). Hai nhm u tp trung vo vic nng cao cht lng phn mm ti mc m ngun, trong khi nhm cui cng x l phn mm ti mc tru tng cao hn m hnh.
Cc nhm kim nh phn mm
Phn tch m ngun tnh l k thut pht hin li chng trnh m khng yu cu chy chng trnh . Khng ging nh k thut kim th d liu ng i hi phi chy chng trnh vi d liu u vo tht, k thut phn tch m ngun tnh ch xem xt m ngun ca chng trnh.
K thut kim th phn mm da trn m hnh: khc vi hai nhm trn im i tng c kim th l cc m hnh c tru tng ha t h thng c xem xt. Qu trnh tru tng ha l vic lc b nhng chi tit ca h thng trong khi ch gi li nhng thng tin/kha cnh quan trng cn c lu tm. K thut tru tng ha n gin ha h thng c xem xt v do gim khng gian tm kim v thi gian phn tch chng trnh i nhiu ln so vi lc thc hin cng vic phn tch trn m ngun.
Khi xy dng xong phn mm, chng ta phi s dng cc testcase (trng hp kim th) cho vic kim th. Cht lng ca vic kim th ph thuc rt ln vo tp hp cc testcase m chng ta s dng. Hai tiu ch chnh ca vic nh gi cht lng kim th l hiu qu cho cht lng phn mm c kim th l ph dng chy (control flow coverage) v ph d liu (data coverage). Tiu ch th nht tp trung vo vic kim th tt c cc im iu khin trn chng trnh (v d: cc nhnh r kh t trong cu trc chng trnh reachable control points). Trong khi tiu ch th hai tp trung vo tp d liu kim th ng vi mi im iu khin trong cu trc chng trnh.
Bng k thut phn tch chng trnh da trn m hnh sau khi tru tng ha m ngun ca chng trnh c kim th, vic phn tch cu trc logic ca chng trnh v tp d liu ng vi mi im iu khin trong chng trnh s d dng hn. Qua , qu trnh sinh ra tp cc testcase s nhanh chng v chnh xc, m bo cc tiu ch control flow v data coverage tt hn nhiu so vi cch tip cn mc m ngun truyn thng. Hn na, nu qu trnh ny c thc hin mt cch t ng s gim thiu nhiu cng sc cho cc chuyn gia kim th chng trnh. Vi cch tip cn nh vy, phn mm c th c kim th mt cch t ng bng my, em li kt qu chun hn, xt c nhiu trng hp hn, t bit l cc li logic, tit kim chi ph sn xut.
nh gi tp d liu kim th: Ngoi tr nhng chng trnh n gin, s l khng thc t nu kim chng phn mm trn tp tt c d liu u vo c th. Ngay c khi ch tnh t hp ca cc d liu u vo hoc t hp ca cc hm, s lng u vo v s lng cc trng thi cng l qu ln. Khi h thng c b nh ln, cc d liu u vo, u ra s c log li theo di trng thi. Trong khi khng c mt cng c to ra mt thit k phn mm chun, hon chnh v chc chn th vic kim th l mt khu khng th thiu c th nh gi c cht lng phn mm. V th ngi ta phi tm cch chn c mt tp d liu nh m c th kim th mang li c tin cy cao vi mi h thng.
ph hay mc y bng trc quan nh gi c phm vi hay mc kim th. Nu kim th khng y c ht mi kha cnh ca phn mm ng ngha vi vic chng ta b st nhiu li. Cc tn sut ca cc trng hp cng khng ging nhau.
Khi nim ca kim th n gin l kim chng cc trng thi a ra th hin cho hot ng ca h thng. Chng ta c th to ra ca kim th t c trng thi c th bng cch a vo cc bin c bit, trng thi iu khin h thng.
JAVA PATH FINDER V THC THI TNG TRNG
Trong chng ny s bao gm hai phn chnh. Phn 1 gii thiu v JPF, mt d n m ngun m c vit bng ngn ng java kim chng m hnh. Phn 2 gii thiu mt m rng ca JPF l thc thi tng trng trong vic sinh t ng d liu kim th chng trnh Java.
Gii thiu v JPF
JPF l mt b kim tra m hnh phn mm trng thi tng minh cho Java [5]. Hiu mt cch c bn JPF l mt my o thc thi chng trnh Java khng ch mt ln (ging nh cc my o thng thng), m thc thi trong tt c cc nhnh, cc ng i c th. JPF s kim tra cc vi phm thuc tnh nh kha cht hoc cc ngoi l khng th bt c xuyn xut cc ng thc thi tim nng. Hnh 2-1 m t m hnh hot ng ca JPF.
Hnh 2.1: M hnh hot ng ca JPF
V l thuyt iu ny l rt kh thi, tuy nhin vi vic tng kch c ca ng dng, phn mm kim chng m hnh phi i mt vi nhiu thch thc. JPF cng khng l ngoi l. Cu tr li ca chng ta l tng s linh hot ca JPF thch nghi vi mt ng dng c th. Chng ta c th coi JPF nh l mt Framework v t pht trin m rng c th gii quyt c bi ton c th m chng ta mun.
JPF c th kim tra nhng chng trnh g?
JPF c th kim tra tt c cc chng trnh Java. JPF c th tm ra cc kha cht hoc ngoi l. Ngoi ra chng ta c th t pht trin m rng kim tra cc thuc tnh khc. hiu r hn v JPF chng ta c th xt v d sau:
To mt lp l Rand.java nh bn di, sau chng ta s dng JPF kim tra xem c li khng.
import java.util.Random;
public class Rand {
public static void main (String[] args) {
Random random = new Random(42); // (1)
int a = random.nextInt(2); // (2)
System.out.println("a=" + a);
int b = random.nextInt(3); // (3)
System.out.println(" b=" + b);
int c = a/(b+a -2); // (4)
System.out.println(" c=" + c);
}
}
Hnh 2.2: S trng thi trong qu trnh kim th
Hot ng ca lp trn l khi to 2 bin a v b mt cch ngu nhin trong cc khoang tng ng la [0,2] v [0,3]. Sau c mt bin c c gi tr c xc nh bng cng thc c = a/(b+a-2).
Nu ta chy chng trnh java ny thng thng th c th thy kt qu l: a = 1, b =0, v c = -1. Nh vy chng trnh l khng c li. Tuy nhin nu ta s dng JPF kim tra chng trnh trn th s thy nh hnh v bn di:
Nhn hnh v trn ta c th thy nu chy chng trnh java bnh thng th ta ch c th nhn c 1 trong 6 kt qu trn, do vy kh nng ln l khng pht hin c ra li ( ng bi l v d). Tuy nhin JPF s tm ra tt c cc ng i ca chng trnh sau kim tra chng. Ta s thy c 2 trng hp li gy ra bi php chia cho 0.
Kin trc mc cao ca JPF
Hnh 2.3: Kin trc mc cao
Hnh 2-3 biu din s kin trc mc cao ca JPF. JPF c thit k thnh 2 thnh phn chnh l: JVM, v Search.
JVM l mt b sinh trng thi c th Java. Bng vic thc hin cc ch th Java bytecode.
Search chu trch nhim la chn trng thi m JVM nn x l, hoc hng JVM sinh trng thi tip theo, hoc yu cu JVM quay tr li mt trng thi trc . Ni mt cc khc Search c th coi nh cc driver cho cc i tng JVM. Search cng cu hnh v nh gi cc i tng thuc tnh. Cc ci t chnh ca Search bao gm tm kim theo su (DFSearch) v HeuristicSearch. Mt ci t Search s cung cp mt phng thc Search n gin bao gm mt vng lp chnh s duyt qua tt c cc khng gian trng thi lin quan cho n khi n duyt xong tt c hoc tm ra mt vi phm thuc tnh (property violation).
Kh nng m rng ca JPF
Hnh 2.4: Mu Listener
JPF c th c coi nh l mt Framework m ti bt k nh pht trin no u c th m rng phc v cho mt mc ch c th. JPF cung cp mt c ch m rng cho php thm vo cc chc nng mi m khng phi thay i trc tip ci t ca Search hoc VM.
Yu cu v kh nng m rng c th t c bng cch s dng mu Listerner trn hnh 2-4. Cc th hin s t ng k hoc ng k vi i tng Search/VM, nhn thng bo khi mt i tng (Subject) tng ng thc thi mt hot ng nht nh, v sau c th tng tc vi i tng truy vn cc thng tin b sung hoc iu khin hnh vi ca i tng.
Vic thay i cc kha cnh ca i tng c nh x vo cc phng thc Observer ring bit, cc th hin ca i tng s c truyn i nh tham s. i tng Subject s theo di cc listener ng k theo Multicaster.
C 3 mc khc nhau c th ly c thng tin ca i tng Subject bng cch ci t listener.
Generic listener c tr bn ngoi cc gi JPF v ch s dng cc thng tin c cng khai (public) theo gov.nasa.jpf.Search / VM.
Search-specific listener c tr bn ngoi gi JPF nhng s a cc tham s thng bo ca i tng Subject vo cc ci t c th (v d: gov.nasa.jpf.search.heuristic.BFSHeuristic), v s dng cc API ca n ly cc thng tin ci t c th.
Internal - listener c tr trong cc gi ci t Subject ring bit v truy cp cc thng tin ring ca gi ( private) .
Mt s m rng ca JPF
Vi kin trc m rng linh hot, hin nay c mt s m rng c pht trin cho JPF
UI - User Interface Model Checking
y l m rng cho vic kim tra m hnh mt lp c bit ca cc ng dng Java l cc chng trnh Swing v AWT. M rng ny c ci t nh mt nh vin chun c m hnh ha MJI (MJI L vit tt ca: Model Java Interface) nhm thay th cc chc nng ca Swing v AWT m cc ng dng giao din s dng chun ca Java c th c kim th vi cc u vo khc nhau.symbc - Symbolic Test Data Generation
M rng ny s dng BytecodeFactory ghi li (core) JPF bytecodes nhm sinh ra cc ca kim th ring bit. Ni tm li n hot ng bng cch s dng cc thuc tnh/ trng ca JPF thu thp cc iu kin ng i PC, sau c a cc PC vo mt h thng tm li gii theo inh dng ca h thng a ra d liu kim th. M rng ny s c trnh by chi tit hn phn 2.2.
cv - Compositional Verification Framework
M rng ny l mt thut ton hc my c s dng cho cc lp lun tha nhn/ m bo, nhm mc ch phn chia h thng thnh cc thnh phn con v sau kim chng tng thnh phn mt cch ring r. Mc ch chnh ca m rng ny l ci tin kh nng ca JPF, n c th c s dng sinh ra mi trng gi nh cho kim chng m hnh UML, xc nh cc trnh t s kin ng.
numeric - Numeric Property Verification
M rng ny c s dng kim chng cc thuc tnh ca s hc. Ban u m rng c s dng nh nh mt tp cc lp ch th s hc pht hin trn b nh, sau c m rng kim chng vic truyn gi tr khng chnh xc, so snh du phy ng chnh xc (floating point comparison).
statechart - UML State Chart Model Checking
Mc ch ca m rng ny l kim tra lc chuyn trng thi UML. Trong m rng ny mi mt biu chuyn trng thi s c biu din tng ng vi mt lp Java (hoc nhiu lp). Sau qu trnh kim tra s l kim tra cc lp java .
Thc thi tng trng sinh d liu kim thThc thi tng trng l g?
i gi tr gia 2 bin ng i c th
Hnh 2.5: V d v thc thi tng trng
K thut thc thi tng trng l k thut thc thi chng trnh bng cch s dng cc gi tr tng trng, khng phi s dng cc gi tr c th [2]. hiu r thc thi tng trng l g, xt v d chuyn i gia 2 bin x v y:
v d trn, nu trong trng hp thc thi tng trng, gi tr ca x v y l cc gi tr tng trng X, Y ch khng phi l cc gi tr c th. Kt qu ca qu trnh thc thi tng trng s duyt ht cc dng i c th c ca chng trnh, v cho ra iu kin ng i.
u im ca phng php ny l ta c th thc thi ti bt k im no trong chng trnh v c th trn gia u vo tng trng vi u vo c th. Phng php ny s cho ta cc iu kin ng i ca chng trnh, v vi vic s dng cc cng c tm li gii cho cc iu kin ng i (coi mi iu kin ng i l mt biu thc) s sinh ra d liu kim th cho chng trnh.
Tuy nhin phng php ny cng c gii hn l c th bng n cc ng i trong vic thc thi tng trng.
Thc thi tng trng vi JPF
Thc thi tng trng l mt m rng ca JPF. M rng ny ca JPF s thc thi tng trng cc chng trnh java. Mt trong nhng ng dng chnh ca m rng ny, l t ng sinh d liu kim th bao ph ton b chng trnh ca m ngun.
M rng ny phi hp thc thi tng trng vi kim chng m hnh v cc rng buc gii quyt sinh d liu kim th. Trong cng c ny, cc chng trnh c thc thi trn u vo tng trng. Cc gi tr ca cc bin c biu din nh v cc biu thc s v rng buc, chng c sinh t vic phn tch cu trc m ngun. Nhng rng buc sau c gii quyt sinh ra cc d liu kim th m bo t c phn m ngun .
Ti thi im hin ti JPF h tr cc tham s nguyn v thc. Tuy nhin vn cn mt s trng hp cn gii quyt cho s thc.
Hin ti m rng ny ch h tr cc rng buc tuyn tnh (s hc tuyn tnh), s hc phi tuyn l cha c h tr. Thng tin tng trng c truyn theo cc thuc tnh kt hp vi cc bin v cc ton t. Thc thi tng trng c th bt u t bt k im no trong chng trnh v n c th thc thi tng trng ring bit vi nhau.
Hng dn thc thi tng trng vi JPF
thc hin mt phng thc mt cch tng trng, ngi s dng cn c t tham s phng thc no l tng trng/c th. Cc tham bin ton cc cng c th c c t thc thi tng trng, theo cc s ch thch c bit. y l mt v d chy mt thc thi tng trung. V d ny cho php thc thi tng trng ca phng thc test trong lp chnh.
+vm.insn_factory.class=gov.nasa.jpf.symbc.SymbolicInstructionFactory
+jpf.listener=gov.nasa.jpf.symbc.SymbolicListener
+symbolic.method=test(sym#con)
+search.multiple_errors=true
+jpf.report.console.finished=
ExSymExe
Mt v d n gin
Sau y l mt v d rt n gin ca vic thc thi tng trng vi JPF. Chng ta c th s dng Eclipse hoc thng qua giao din dng lnh.
Gi s ta c phng thc sau trong lp bn mun sinh kim th:
public class MyClass1 {
public int myMethod(int x, int y) {
int z = x + y;
if (z > 0) {
z = 1;
} else {
z = z - x;
}
z = 2 * z;
return z;
}
}
Chng ta s cn to mt driver gi myMetho(int,int). Driver c th l mt lp khc hoc phng thc main() ca chnh lp ny. Trong trng hp ny ta s vit driver trong phng thc main() ca lp MyClass1.
Trong v d n gin ny, driver ch cn gi myMethod() vi s v kiu tham s ng sau in ra iu kin ng i (Path condition PC). iu lu l tham s chnh xc khng phi l vn , v chng ta s thc thi myMethod() mt cch tng trng, tt c cc gi tr c th s c thay th bng gi tr tng trng.
Chng ta c th xem cc ca kim th (test case) bng cch in ra iu kin ng i. Vic ny thc hin c bng cch gi phng thc: gov.nasa.jpf.symbc.Debug.printPC(). Sau y l m ngun y :
public class MyClass1 {
public int myMethod(int x, int y) {
int z = x + y;
if (z > 0) {
z = 1;
} else {
z = z - x;
}
z = 2 * z;
return z;
}
// driver kim th
public static void main(String[] args) {
MyClass1 mc = new MyClass1();
int x = mc.myMethod(1, 2);
Debug.printPC("MyClass1.myMethod Path Condition: ");
}
}
Khi nu chy bng Eclipse s cho kt qu sau:
Hnh 2.6: u ra trn Eclipse cho MyClass1
Nhn vo kt qu trn cc PC s ch ra cc ca kim th l
Ca kim th 1: y = -9999999, x = 10000000
Ca kim th 2: y = -10000000, x = 10000000
Ca kim th 1 tng ng vi z > 0 ca cu lnh if ca phng thc myMethod. Ca kim th 2 tng ng vi nhnh z0.
Lc cc trng hp kim th
Chng ta thay i MyClass1 thnh MyClass 2 nh sau.
public class MyClass2 {
private int myMethod2(int x, int y) {
int z = x + y;
if (z > 0) {
z = 1;
}
if (x < 5) {
z = -z;
}
return z;
}
// The test driver
public static void main(String[] args) {
MyClass2 mc = new MyClass2();
int x = mc.myMethod2(1, 2);
Debug.printPC("\nMyClass2.myMethod2 Path Condition: ");
}
}
Chng ta c th chy chng trnh vi cc tham s cu hnh nh sau:
+vm.insn_factory.class=gov.nasa.jpf.symbc.SymbolicInstructionFactory
+vm.classpath=.
+vm.storage.class=
+symbolic.method=myMethod2(sym#sym)
+search.multiple_errors=true
+jpf.report.console.finished=
MyClass2
Hnh 2.7: u ra ca MyClass2 trn Eclipse
Khi chng ta s nhn c 4 ca kim th nh sau:
Ca kim th 1: y = 10000000, x = -9999999
Ca kim th 2: y = -4, x = 5
Ca kim th 3: y = -10000000, x = -10000000
Ca kim th 4: y = -10000000, x = 5
Tuy nhin gi s chng ta ch cn quan tm trong cc ca kim th m lnh if c thc hin, khi chng ta ch cn quan tm n ca kim th 2 v 3. Chng ta c th ch chy JPF nh trn v lc chng mt cch th cng. Tuy nhin c mt cch khc tt hn l ta s dng Verify.ignoreIf() bt JPF quay tr li khi mt cu lnh if c tm ra hn mt ln, v d ta c th thng bo myMethod2() nh sau:
import gov.nasa.jpf.jvm.Verify;
import gov.nasa.jpf.symbc.Debug;
public class MyClass2 {
private int myMethod2(int x, int y) {
int jpfIfCounter = 0;
int z = x + y;
if (z > 0) {
jpfIfCounter++;
z = 1;
}
if (x < 5) {
jpfIfCounter++;
Verify.ignoreIf(jpfIfCounter > 1);
z = -z;
}
Verify.ignoreIf(jpfIfCounter == 0);
return z;
}
// The test driver
public static void main(String[] args) {
MyClass2 mc = new MyClass2();
int x = mc.myMethod2(1, 2);
Debug.printPC("\nMyClass2.myMethod2 Path Condition: ");
}
}
Cc ch thch (annotations) c bi m. V by gi ta c th chy chng trnh v kt qu l s ch nhn c 2 ca kim th cn thit:
Test Case 1: y = -4, x = 5
Test Case 2: y = -10000000, x = -10000000
Hnh 2.8:u ra ca MyClass2 sau khi lc kt qu trn Eclipse
B sung tin iu kin
Gi s rng ta mun gii hn cc ca kim th c sinh ra, nhng by gi vn l bn mun rng phng thc ca bn s ch c gi vi cc tham s trong mt khong no. V d trong MyClass1.myMethod() bn tin tng rng x v y c gii hn trong khong -100 0 l tha mn trong l thuyt s nguyn, v tn ti a = -1 v b= 5 cng thc trn l ng.
Mt khi nim na l khng tha mn. Mt cu hp l (valid) khi n l TRUE vi tt c cc cu trc (cc gi tr ca n). V d: Vi mi x P(x)->p(a) l hp l. V vy cu (biu thc) l khng tha mn nu n sai vi tt c cc cu trc (gi tri).
Mt cng c tm li gii cho SMT c chc nng kim tra mt biu thc l tha mn hay khng trn l thuyt ca n. Nu biu thc l tha mn, mt m hnh cho biu thc s c sinh ra.
Z3 l g
Z3 l cng c tm li gii cho l thuyt tnh tha c (SMT- Solver) [3]. Z3 c chc nng nh l mt b kim tra tnh tha mn cho rt nhiu kiu logic bc nht vi l thuyt c xy ng trong . Nhng l thuyt c h tr l:
Uninterpreter function v cc k hiu v t.
S thc v s nguyn( h tr gii hn cho s hc khng tuyn tnh)
Kiu bit- Vector
Kiu mng
Kiu bn nghi, kiu lit v kiu d liu quy
Z3 kim tra mt tp cc cng thc c tha mn trong l thuyt ca n hay khng. Nu tp cng thc l tha mn, khi tp cng thc l tn ti. Trong thc t Z3 l mt th tc ra quyt nh: N lun lun m bo rng tr v 1 cu tr li chnh xc. Khi mt tp ca cng thc F l tha mn, Z3 c th a ra mt m hnh cho F. M hnh ny c th s dng trong kim chng phn mm, bi v chng c th d dng c bin dch vo cc vt thc thi.
Z3 c th c s dng bng dng lnh, hoc mt th vin, trong phin bn hin thi, Z3 cung cp cc giao din lp trnh ng dng (API ) cho C, .NET v OCaml.
Ti sao li l Z3?
Phn ny gii thch ti sao li s dng Z3 m rng ch khng phi l cc cng c tm li gii khc. Hin nay c rt nhiu cc cng c tm li gii nh Z3, Yices, CVC, CVC3, Choco, Iasolver, Spear, OpenSMT... Tuy nhin Z3 ni ln nh l mt cng c mnh nht hin nay, bng chng l hng nm c mt cuc thi SMT-COMP. Trong cuc thi ny c s tham ra ca hu ht cc cng c tm li gii v c phn chia theo tng mng: V d thi vi S hc tuyn tnh nguyn, S hc tuyn tnh thc hay x l mng, uninterpreted functions. V Z3 dnh chin thng trong rt nhiu tiu ch. Nh nm 2007, Z3 dnh c 4 gii nht v 7 gii nh. Nm 2008, Z3 dnh c 9 gii nht v 6 gii nh.
Ngoi ra JPF hin thi cn nhiu hn ch (nh ch ra phn 2.2.4). V vic s dng Z3 s gip m rng kh nng ca JPF trong vic sinh d liu kim th. Hn na mc d Z3 c pht trin bng ngn ng C ++, tuy nhin Z3 h tr rt nhiu nh dng cng nh nhiu API, v vy vic tch hp cng s tr ln d dng hn.
Kin trc ca Z3
Hnh 3-1 m t kin trc tng quan ca Z3 [6].
Simplifier B gin ha : Biu thc u vo trc tin c x l thng qua b gin ha. B gin ha ny s p dng mt s quy tc gim bt i s chun nh: P true -> P.
Compiler B bin dch: Cu trc dng cy n gin khi qua b gin ha c chuyn v mt cu trc khc bao gm cc mnh v cc nt (node).
Congruence Closure core Li kt thc tng ng: S nhn cc lnh thc s t cng c tm li gii SAT n cc nguyn t (atoms). Cc nguyn t s c phn loi trn cc ng thc v cc biu thc nguyn t, nh bt ng thc s hc. Cc ng thc c xc nhn bi SAT s c m rng bng li kt thc tng ng, v s dng mt cu trc d liu gi l lc E ( E-graph)[3]. Mi mt nt trong lc ny s tr vo mt cng c tm li gii l thuyt ( Theory Solver).
Hnh 3.1: Kin trc ca Z3
Theory Combination - Phi hp l thuyt: Cc phng thc truyn thng cho vic phi hp cc l thuyt da trn kh nng ca cc cng c tm li gii a ra c cc ng thc gi hoc cc bc tin x l, sau gii thiu cc cng thc nguyn t b xung vo khng gian tm kim. Z3 s dng mt phng php mi phi hp l thuyt.
SAT Solver: SAT tch hp cc phng php tm kim lc bt chun nh hc lema s dng cc mnh mu thun, caching giai on hng dn vic chia cc trng hp.
nh dng u vo
Z3 h tr mt s nh dng u vo nh sau:
.dimacs nh dng DIMACS c s dng bi cc b gii quyt SAT thong thng
.sx, .smp, .simplify nh dng n gin(simplify format)
.smt nh dng SMT-Lib
.z3 nh dng u vo do Z3 a ra
nh dng SMT-LIB s c gii thiu k hn phn 3.6 v y l nh dng s c s dng tch hp Z3 vi JPF.
nh dng SMT-LIB
Phn ny s gii thiu v th vin o lng chun cho l thuyt tnh tha c (SMT-LIB) [1]. SMT LIB cung cp mt th vin kim tra tnh tha mn ca cc cng thc vi vic h tr rt nhiu l thuyt: l thuyt danh sch, mng, i s tuyn tnh, i s phi tuyn.
Cc h thng cho l thuyt tnh tha c c ng dng trong kim chng chng trnh, ti u ha trnh bin dch, v lp lch Rt nhiu cng vic c thc hin trong vi nm tr li y da trn xy ng cc h thng SMT. Tham vng chnh ca SMT-LIB l c mt th vin cc o lng chun s lm thun tin cho vic nh gi v so snh cc h thng .
Cc chc nng chnh ca SMT-LIB.
SMT-LIB cung cp cc l thuyt c t, logic v cc tiu chun o lng. Vi mt tiu chun o lng c, mt biu thc c th c kim tra tnh tha mn vi kha cnh ca l thuyt no .
Phin bn 2.0 ci tin mt s chc nng lm tng kh nng biu din cng nh linh ng hn. Phin bn ny a ra:
Mt ngn ng c s dng chuyn cc cng thc di dng mt kiu phin bn ca logic bc mt.
Mt ngn ng cho vic c t cc l thuyt nn tng (background theories) v chnh sa mt s t vng chun cho cc kiu, cc phng thc, v cc k hiu v t (predicate symbol).
Mt ngn ng cho c t logic, cc lp c gii hn ca cc biu thc c kim tra tnh tha c trn l thuyt nn tng.
Mt ngn ng dng lnh (command language) cho vic tng tc vi cc cng c tm li gii SMT theo giao din ng cnh. N cho php xc nhn hoc hy b cc biu thc, truy vn v kh nng tha mn ca chng, thc thi m hnh ca chng.
Di y l mt v d v mt biu thc c biu din di dng SMT LIB:
Vi: x1, x2, x3, x4, x5, x6 l s nguyn, biu thc:
((x1 x2)>=1) && ((x1 - x2) = (- x1 x2) 1)
( val!0
; y -> val!1
; f ->{
; val!0 -> val!1
;val!1->val!0
;else -> val!0
;})
Kt qu trong m hnh trn l nhng gi tr tru tng, bi v kiu A l kiu tru tng ( khng c th hin).
Phng thc quy
Z3 khng cung cp bt k h tr c bit no cho cc phng thc quy. Chng ta c th tin ha s ca phng thc quy bng vic s dng cc tin ca logic bc 1, nhng ch rng z3 ch nh cc ng ngha ca logic bc 1 vi cc php bng v khng ch nh mt gii php im c nh ( fixed point) nh l 1 chun vi cc ngn ng lp trnh.
V d v phng thc fibonaxi chng ta c th biu din chng nh sau:
(declare-fun fib ( Int) Int)
(assert (=1 (fib 0)))
(assert (-1 (fib 1)))
(assert ( foall (x int) (=>(x >=2)(=( fib x) *+ (fix (- x 1) (-x 3)))))))
S hc
Z3 cha cc th tc quyt nh cho s hc tuyn tnh trn cc s nguyn v s thc. Hin nay Z3 cng cung cp mt phn cc h tr cho s hc phi tuyn tnh.
S hc tuyn tnh thc
Trong S hc tuyn tnh thc Z3 h tr cc php ton cho kiu s thc nh: + , -, ~ ( unary minus), *, / ( php chia) v s dng cc php so snh: =,
Vi d biu din mt biu thc:
(declare-funs ((x Real) (y Real) (z Real)))
(push)
(assert (> (+ x y) (* 2.0 z)))
(assert (< (/ z 2.3) x))
(check-sat)
; sat
(model)
; ("model" "x -> 0
; y -> -18/5
; z -> -23/10")
(pop)
(assert (> x 2.0))
(assert (>= y x))
(assert (< y 1.3))
(check-sat)
; unsat
S hoc tuyn tnh nguyn
H tr php ton +, -, ~, *, /, mod. Trong php ton / v mod, tham s th 2 phi khc 0. S dng cc php so snh: =, >,>=, x 2) (>= y x) (< y 1))
(check-sat)
; unsat
Trn gia s nguyn v s thc.
Z3 cng cho php c th trn gia s nguyn v s thc.
V d:
(declare-fun to_real (Int) Real)
(declare-fun to_int (Real) Int)
(declare-fun is_int (Real) Bool)
(= 4.0 (to_real 4))
(= 4 (to_int 4.5))
(iff (is_int x) (= x (to_real (to_int x))))
S hc phi tuyn tnh
Z3 h tr s hc phi tuyn tnh:
V d:
(declare-funs ((x Int) (y Int) (z Int)))
(assert (= (* x x) (+ x 2)))
(assert (= (* x y) x))
(assert (= (* (- y 1) z) 1))
(check-sat)
; unsat
V d trn s kim tra (x*x = 2*x AND x*y = x AND (y-1)*z = 1). Kt qu l biu thc trn khng tha mn v khng c bt k mt m hnh no kt qu l TRUE.
Kiu d liu
Z3 h tr rt nhiu kiu d liu, t kiu nguyn t nh s nguyn, s thc cho n cc kiu mng, kiu danh sch, kiu lit k, kiu bn ghi
Kiu bn ghi
Mt bn ghi c c t nh mt kiu d liu vi mt phng thc khi to v rt nhiu cc tham s nh l cc thnh phn bn ghi. S lng cc tham s cho mt bn ghi l lun ging nhau. Kiu h thng khng cho php m rng cc bn ghi v khng c kiu bn ghi con.
V d di trnh by 2 bn ghi l bng nhau nu tt c cc tham s ca n l bng nhau. N khai bo kiu int-pair, vi phng thc khi tao la mk-pair v 2 tham s c th c truy nhp bng s dng cc phng thc la chn first v second
(declare-datatypes ((int-pair (mk-pair (first Int) (second Int)))))
(declare-funs ((p1 int-pair) (p2 int-pair)))
(push)
(assert (= p1 p2))
(assert (not (= (first p1) (first p2))))
(check-sat)
;unsat
(pop)
Kiu lit k ( enumeration)
Kiu lit k l mt loi min hu hn. Cc thnh phn ca min hu hn c lit k nh l cc hng s phn bit. V d, kiu S l kiu lit k vi 3 gi tr A, B v C. Khi n l c th cho 3 bin kiu S l khc nhau nhng khng phi cho 4 bin:
(declare-datatypes ((S (A) (B) (C))))
(declare-funs ((x S) (y S) (z S) (u S)))
(assert (distinct x y z))
(check-sat)
;sat
(assert (distinct x y z u))
(check-sat)
;unsat
Kiu d liu qui.
Mt kiu d liu quy bao gm chnh n. Mt v d cho kiu qui c trnh by bn di
(declare-datatypes ((list (nil) (cons (hd Int) (tl list)))))
Ngoi cc kiu d liu trn Z3 cn h tr nhiu kiu d liu khc nh kiu bit-vector, kiu mng Chi tit v nhng kiu ny c th tham khao ti liu [5].
V d v Z3
Z3 c kh nng a ra m hnh nh mt phn ca u ra. Cc m hnh s gn cc gi tr cho cc hng s trong u vo v sinh cc lc chc nng tng phn cho cc k hiu v t v k hiu phng thc.
Sau y l mt v d v z3, gi s chng ta c file example1.smt la file cha 1 biu thc di dng SMT-LIB format. Khi chng ta c th s dng z3 kim chng biu thc ny bng cch s dng dng lnh z3 /m example1.smt
(benchmark example1
:status sat
:logic QF_LIA
:extrafuns((x1 Int)(x2 Int)(x3 Int)(x4 Int)(x5 Int))
:formula (and (>= (- x1 x2) 1)
( y +z
Khi biu thc bn tri l x + 1, bn phi l y + z v php so snh l php ln hn > .
Mt biu thc cng s c nh ngha bao gm biu thc bn tri, php ton v biu thc bn phi. Bn di l lp nh ngha biu thc cho s thc:
class BinaryRealExpression extends RealExpression
{
RealExpression left;
Operator op;
RealExpression right;
BinaryRealExpression (RealExpression l, Operator o, RealExpression r)
{
left = l;
op = o;
right = r;
}
public double solution()
{
double l = left.solution();
double r = right.solution();
switch(op){
case PLUS: return l + r;
case MINUS: return l - r;
case MUL: return l * r;
case DIV: assert(r!=0); return l/r;
default: throw new RuntimeException("## Error: BinaryRealSolution solution: l " + l + " op " + op + " r " + r);
}
}
public void getVarsVals(Map varsVals) {
left.getVarsVals(varsVals);
right.getVarsVals(varsVals);
}
}
JPF a ra mt lp chun chuyn t nhng nh dng ca JPF sang mt cng c tm li gii no . l lp tru tng ProblemGenenal, lp ny s cha cc phng thc chuyn cc biu thc nguyn t hoc rng buc nguyn t sang nh dng ca cng c tm li gii, cc lp c th s c m rng t nhng lp ny. Trong m rng ny c 3 ci t l ProblemChoco, ProblemIAsolver, ProblemCVC3, tng ng vi vic s dng: Choco, IAsolver, CVC3. V d chuyn i sang nh dng ca rng buc php ln hn ca IAsolver s nh sau:
Object gt(Object exp1, Object exp2){
return (String)exp1 + " > " + (String)exp2 + "; ";
}
Vic m rng vi Z3 cng nn tun th m hnh tch hp vi cc cng c tm li gii khc ca JPF. By gi ta phi t chc sao cho chuyn rng buc t JPF sang SMT-LIB. Mt SMT-LIB s c dng nh sau:
(benchmark:// Ten
:logic // kieu cua logic vi du so hoc tuyn tinh la: QF_LIA
:extrafuns: // Khai bao bien
:formula :// Dinh nghia bieu thuc o day
)
Trong formula chnh l biu thc cn phi chuyn rng buc ca JPF
sang, v d v mt biu thc c nh ngha bng SMT LIB nh sau.
(benchmark example
:status sat
:logic QF_LIA
:extrafuns ((x1 Int) (x2 Int) (x3 Int)
:formula (and (>= (- x1 x2) 1)
(= s nh sau:
Object geq(int value, Object exp){
return "(>= " + value + " " + (String)exp + ")";
}
Object geq(Object exp, int value){
return "(>= " + (String)exp + " " + value + ")";
}
Object geq(Object exp1, Object exp2){
return "(>= " + (String)exp1 + " " + (String)exp2 + ")";
}
Object geq(double value, Object exp){
return "(>= " + String.format(format,value) + " " + (String)exp + ")";
}
Object geq(Object exp, double value){
return "(>= " + (String)exp + " )" + String.format(format,value) + ")";
}
Sau ta s thc hin vic lu nh dng trn ra file theo ng nh cu trc ca ngn ng SMT-LIB v gi z3 thng qua dng lnh. Kt qu tr v s c lu trong i tng Result. i tng ny s gm mt thuc tnh Boolean v mt vector. Bin Boolean s = true nu cu tr li l tha mn, v false nu cu tr li l khng tha mn. Bin vector s lu tr nhng cp ( bin, gi tr) nu nhn c cu tr li l true.
public class Result {
public Boolean result;
public Vector vresult;
public Result() {
super();
vresult= new Vector();
}
public Vector getVresult() {
return vresult;
}
public void setVresult(Vector vresult) {
this.vresult = vresult;
}
public Boolean getResult() {
return result;
}
public void setResult(Boolean result) {
this.result = result;
}
}
Thit k v ci t
Vic thit k v ci t phi tun theo quy tc m rng ca JPF . V vy, ta s to mt lp l ProblemZ3 c s dng chuyn rng buc t JPF sang cu trc d liu ring. Tip theo ta s to mt gi (gi ny s hot ng tng t nh th vin Choco, Iasolver, hoc CVC3). Gi ny s c nhim v chuyn cu trc d liu t Z3 ra file, sau chy Z3 thng qua dng lnh vi u vo l file va to ra, v ly kt qu t z3. Chuyn kt qu t Z3 sang nh dng chung lp ProblemZ3 c th s dng c.
Hnh 4-2 biu din s mc gi:
Hnh 4.2: S mc gi
Trong s lp hnh 4-3, 2 lp quan trng nht l lp ProblemZ3 v lp Z3Solver. Trong ProblemZ3 s c nhim v chuyn rng buc ca JPF (PC) sang biu thc di dng SMT-LIB. Sau gi lp Z3Solver tm li gii cho biu thc . u vo Z3Solver s l biu thc di dng SMTL-LIB, Z3Solver s c nhim v lu cu trc d liu ra file sau thc thi Z3 thng qua dng lnh v tr kt qu v cho i tng ProblemZ3.
Hnh 4.3: S lp tng qut
Kt qu v nh gi
Chng trnh v c bn c hon thnh. nh gi c chng trnh chng ta s th 2 v d sau y:
V d 1: p dng cho s hc tuyn tnh:
To mt lp l MyClass1 v yu cu s dng JPF sinh t ng d liu kim th chng trnh ny:
public class MyClass1 {
// The method you need tests for
public int myMethod(int x, int y) {
int z = x + y;
if (z > 0) {
z = 1;
} else {
z = z - x;
}
z = x * z;
return z;
}
// The test driver
public static void main(String[] args) {
MyClass1 mc = new MyClass1();
int x = mc.myMethod(1, 2);
Debug.printPC("\nMyClass1.myMethod Path Condition: ");
}
}
Hnh 4-4 l kt qu khi s dng Choco.
Hnh 4.4: Kt qu vi Choco - s hc tuyn tnh
V y l kt qu khi s dng Z3:
Hnh 4. 5: Kt qu vi z3 - s hc tuyn tnh.
So snh kt qu trn ta thy c 2 cng c u cho ra li gii.
V d 2: p dng cho s hc phi tuyn
Vi v d trn ta thay z= x + y bng x*y. Lc ny z l hm phi tuyn.
public class MulClass {
// The method you need tests for
public int myMethod(int x, int y) {
int z = x * y;
if (z > 10) {
z = 1;
} else {
z = z - x;
}
z = x * z;
return z;
}
// The test driver
public static void main(String[] args) {
MulClass mc = new MulClass();
int x = mc.myMethod(1, 2);
Debug.printPC("\nMyClass1.myMethod Path Condition: ");
}
}
Kt qu khi s dng Choco: chng trnh thng bo ngoi l ( hnh 4-6).
Hnh 4. 6: Kt qu vi Choco s hc phi tuyn tnh
Kt qu khi s dng Z3 c ch ra hnh 4-7:
Hnh 4. 7: Kt qu vi Z3 s hc phi tuyn tnh
Nhn vo hnh trn ta s thy Z3 cho ra 2 m hnh tng ng vi cc trng hp z> 10 v z
Top Related