Results 1  10
of
46
Planning as satisfiability
 IN ECAI92
, 1992
"... We develop a formal model of planning based on satisfiability rather than deduction. The satis ability approach not only provides a more flexible framework for stating di erent kinds of constraints on plans, but also more accurately reflects the theory behind modern constraintbased planning systems ..."
Abstract

Cited by 459 (26 self)
 Add to MetaCart
We develop a formal model of planning based on satisfiability rather than deduction. The satis ability approach not only provides a more flexible framework for stating di erent kinds of constraints on plans, but also more accurately reflects the theory behind modern constraintbased planning systems. Finally, we consider the computational characteristics of the resulting formulas, by solving them with two very different satisfiability testing procedures.
Korat: Automated testing based on Java predicates
 IN PROC. INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS (ISSTA
, 2002
"... This paper presents Korat, a novel framework for automated testing of Java programs. Given a formal specification for a method, Korat uses the method precondition to automatically generate all nonisomorphic test cases bounded by a given size. Korat then executes the method on each of these test case ..."
Abstract

Cited by 295 (55 self)
 Add to MetaCart
This paper presents Korat, a novel framework for automated testing of Java programs. Given a formal specification for a method, Korat uses the method precondition to automatically generate all nonisomorphic test cases bounded by a given size. Korat then executes the method on each of these test cases, and uses the method postcondition as a test oracle to check the correctness of each output. To generate test cases for a method, Korat constructs a Java predicate (i.e., a method that returns a boolean) from the method’s precondition. The heart of Korat is a technique for automatic test case generation: given a predicate and a bound on the size of its inputs, Korat generates all nonisomorphic inputs for which the predicate returns true. Korat exhaustively explores the input space of the predicate but does so efficiently by monitoring the predicate’s executions and pruning large portions of the search space. This paper illustrates the use of Korat for testing several data structures, including some from the Java Collections Framework. The experimental results show that it is feasible to generate test cases from Java predicates, even when the search space for inputs is very large. This paper also compares Korat with a testing framework based on declarative specifications. Contrary to our initial expectation, the experiments show that Korat generates test cases much faster than the declarative framework.
TestEra: A Novel Framework for Automated Testing of Java Programs
, 2001
"... We present TestEra, a novel framework for automated testing of Java programs. TestEra automatically generates all nonisomorphic test cases, within a given input size, and evaluates correctness criteria. As an enabling technology, TestEra uses Alloy, a firstorder relational language, and the Alloy ..."
Abstract

Cited by 96 (29 self)
 Add to MetaCart
We present TestEra, a novel framework for automated testing of Java programs. TestEra automatically generates all nonisomorphic test cases, within a given input size, and evaluates correctness criteria. As an enabling technology, TestEra uses Alloy, a firstorder relational language, and the Alloy Analyzer. Checking a program with TestEra involves modeling the correctness criteria for the program in Alloy and specifying abstraction and concretization translations between instances of Alloy models and Java data structures. TestEra produces concrete Java inputs as counterexamples to violated correctness criteria. This paper discusses TestEra's analyses of several case studies: methods that manipulate singly linked lists and redblack trees, a naming architecture, and a part of the Alloy Analyzer.
TestEra: Specificationbased Testing of Java Programs Using SAT
 AUTOM. SOFTW. ENG
, 2004
"... TestEra is a framework for automated specificationbased testing of Java programs. TestEra requires as input a Java method (in sourcecode or bytecode) , a formal specification of the pre and postconditions of that method, and a bound that limits the size of the test cases to be generated. Using th ..."
Abstract

Cited by 41 (7 self)
 Add to MetaCart
TestEra is a framework for automated specificationbased testing of Java programs. TestEra requires as input a Java method (in sourcecode or bytecode) , a formal specification of the pre and postconditions of that method, and a bound that limits the size of the test cases to be generated. Using the method's precondition, TestEra automatically generates all nonisomorphic test inputs up to the given bound. It executes the method on each test input, and uses the method postcondition as an oracle to check the correctness of each output. Specifications are firstorder logic formulae. As an enabling technology, TestEra uses the Alloy toolset, which provides an automatic SATbased tool for analyzing firstorder logic formulae. We have used TestEra to check several Java programs including an architecture for dynamic networks, the Alloyalpha analyzer, a faulttree analyzer, and methods from the Java Collection Framework.
Software assurance by bounded exhaustive testing
 In Proc. ISSTA. ACM
, 2004
"... Abstract—Bounded exhaustive testing (BET) is a verification technique in which software is automatically tested for all valid inputs up to specified size bounds. A particularly interesting case of BET arises in the context of systems that take structurally complex inputs. Early research suggests tha ..."
Abstract

Cited by 37 (14 self)
 Add to MetaCart
Abstract—Bounded exhaustive testing (BET) is a verification technique in which software is automatically tested for all valid inputs up to specified size bounds. A particularly interesting case of BET arises in the context of systems that take structurally complex inputs. Early research suggests that the BET approach can reveal faults in small systems with inputs of low structural complexity, but its potential utility for larger systems with more complex input structures remains unclear. We set out to test its utility on one such system. We used Alloy and TestEra to generate inputs to test the Galileo dynamic fault tree analysis tool, for which we already had both a formal specification of the input space and a test oracle. An initial attempt to generate inputs using a straightforward translation of our specification to Alloy did not work well. The generator failed to generate inputs to meaningful bounds. We developed an approach in which we factored the specification, used TestEra to generate abstract inputs based on one factor, and passed the results through a postprocessor that reincorporated information from the second factor. Using this technique, we were able to generate test inputs to meaningful bounds, and the inputs revealed nontrivial faults in the Galileo implementation, our specification, and our oracle. Our results suggest that BET, combined with specification abstraction and factoring techniques, could become a valuable addition to our verification toolkit and that further investigation is warranted. Index Terms—Formal methods, program verification, testing and debugging. 1
Automatic Testing of Software with Structurally Complex Inputs
, 2005
"... Modern software pervasively uses structurally complex data such as linked data structures. The standard approach to generating test suites for such software, manual generation of the inputs in the suite, is tedious and errorprone. This dissertation proposes a new approach for specifying properties ..."
Abstract

Cited by 35 (10 self)
 Add to MetaCart
Modern software pervasively uses structurally complex data such as linked data structures. The standard approach to generating test suites for such software, manual generation of the inputs in the suite, is tedious and errorprone. This dissertation proposes a new approach for specifying properties of structurally complex test inputs; presents a technique that automates generation of such inputs; describes the Korat tool that implements this technique for Java; and evaluates the effectiveness of Korat in testing a set of datastructure implementations. Our approach allows the developer to describe the properties of valid test inputs using a familiar implementation language such as Java. Specifically, the user provides an imperative predicate—a piece of code that returns a truth value—that returns true if the input satisfies the required property and false otherwise. Korat implements our technique for solving imperative predicates: given a predicate and a bound on the size of the predicate’s inputs, Korat automatically generates the boundedexhaustive
General symmetry breaking constraints
 In: 12th International Conference on Principles and Practices of Constraint Programming (CP2006), SpringerVerlag
, 2006
"... Abstract. We present some general constraints for breaking symmetries in constraint satisfaction problems. These constraints can be used to break symmetries acting on variables, values, or both. We also consider symmetry breaking constraints to deal with conditional symmetries, and symmetries acting ..."
Abstract

Cited by 24 (14 self)
 Add to MetaCart
Abstract. We present some general constraints for breaking symmetries in constraint satisfaction problems. These constraints can be used to break symmetries acting on variables, values, or both. We also consider symmetry breaking constraints to deal with conditional symmetries, and symmetries acting on set and other types of variables. 1
Propagation algorithms for lexicographic ordering constraints
 Artificial Intelligence
, 2006
"... Finitedomain constraint programming has been used with great success to tackle a wide variety of combinatorial problems in industry and academia. To apply finitedomain constraint programming to a problem, it is modelled by a set of constraints on a set of decision variables. A common modelling pat ..."
Abstract

Cited by 16 (8 self)
 Add to MetaCart
Finitedomain constraint programming has been used with great success to tackle a wide variety of combinatorial problems in industry and academia. To apply finitedomain constraint programming to a problem, it is modelled by a set of constraints on a set of decision variables. A common modelling pattern is the use of matrices of decision variables. The rows and/or columns of these matrices are often symmetric, leading to redundancy in a systematic search for solutions. An effective method of breaking this symmetry is to constrain the assignments of the affected rows and columns to be ordered lexicographically. This paper develops an incremental propagation algorithm, GACLexLeq, that establishes generalised arc consistency on this constraint in O(n) operations, where n is the length of the vectors. Furthermore, this paper shows that decomposing GACLexLeq into primitive constraints available in current finitedomain constraint toolkits reduces the strength or increases the cost of constraint propagation. Also presented are extensions and modifications to the algorithm to handle strict lexicographic ordering, detection of entailment, and vectors of unequal length. Experimental results on a number of domains demonstrate the value of GACLexLeq. 1
Optimizations for compiling declarative models into Boolean formulas
 In 8th International Conference on Theory and Applications of Satisfiability Testing (SAT 2005), St.Andrews
, 2005
"... Abstract. Advances in SAT solver technology have enabled many automated analysis and reasoning tools to reduce their input problem to a SAT problem, and then to use an efficient SAT solver to solve the underlying analysis or reasoning problem. The solving time for SAT solvers can vary substantially ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
Abstract. Advances in SAT solver technology have enabled many automated analysis and reasoning tools to reduce their input problem to a SAT problem, and then to use an efficient SAT solver to solve the underlying analysis or reasoning problem. The solving time for SAT solvers can vary substantially for semantically identical SAT problems depending on how the problem is expressed. This property motivates the development of new optimization techniques whose goal is to produce more efficiently solvable SAT problems, thereby improving the overall performance of the analysis or reasoning tool. This paper presents our experience using several mechanical techniques that enable the Alloy Analyzer to generate optimized SAT formulas from firstorder logic formulas. These techniques are inspired by similar techniques from the field of optimizing compilers, suggesting the potential presence of underlying connections between optimization problems from two very different domains. Our experimental results show that our techniques can deliver substantial performance improvement results—in some cases, they reduce the solving time by an order of magnitude. 1
Generating structurally complex tests from declarative constraints
, 2003
"... This dissertation describes a method for systematic constraintbased test generation for programs that take as inputs structurally complex data, presents an automated SATbased framework for testing such programs, and provides evidence on the feasibility of using this approach to generate high quali ..."
Abstract

Cited by 12 (6 self)
 Add to MetaCart
This dissertation describes a method for systematic constraintbased test generation for programs that take as inputs structurally complex data, presents an automated SATbased framework for testing such programs, and provides evidence on the feasibility of using this approach to generate high quality test suites and find bugs in nontrivial programs.