Citation
A run-time environment for concurrent Ada software test analysis

Material Information

Title:
A run-time environment for concurrent Ada software test analysis
Creator:
Xiao, Ji, 1971-
Place of Publication:
Gainesville Fla
Gainesville, Fla
Publisher:
University of Florida
Publication Date:
Copyright Date:
2000
Language:
English

Subjects

Subjects / Keywords:
Computer software -- Testing ( lcsh )
Computer and Information Science and Engineering thesis, M.S ( lcsh )
Dissertations, Academic -- Computer and Information Science and Engineering -- UF ( lcsh )
Genre:
bibliography ( marcgt )
theses ( marcgt )
non-fiction ( marcgt )

Notes

Summary:
ABSTRACT: Software testing is one of the most expensive and time-consuming phases in software development. Hence, to reduce the development cost and improve productivity and quality, CASE tool support is very desirable. We are developing an Ada run-time instrument environment, ADA-PINE, for test coverage analysis of real-time Ada programs. Based on the program analysis, ADA-PINE generates control flow and data flow, instruments the programs being tested, and collects the execution traces dynamically. This tool can help developer and tester in many ways such as displaying the code that has not been executed, drawing the control flow graph and task dependency graph of the program, and reducing redundant test cases. In this thesis, the basic concept of software testing and the high level design of ADA-PINE will be introduced. Then, the details of code generator, run-time library and Ada concurrent testing model, which were designed and implemented by author, will be emphasized.
Thesis:
Thesis (M.S.)--University of Florida, 2000.
Bibliography:
Includes bibliographical references (p. 50).
System Details:
System requirements: World Wide Web browser and PDF reader.
System Details:
Mode of access: World Wide Web.
General Note:
Title from first page of PDF file.
General Note:
Document formatted into pages; contains viii, 51 p.; also contains graphics.
General Note:
Vita.
Statement of Responsibility:
by Ji Xiao.

Record Information

Source Institution:
University of Florida
Holding Location:
University of Florida
Rights Management:
Copyright Ji Xiao. Permission granted to University of Florida to display this item for non-profit research and educational purposes. Any reuse of this item in excess of fair use or other copyright exemptions requires permission of the copyright holder.
Resource Identifier:
50751205 ( OCLC )
002678772 ( AlephBibNum )
ANE5999 ( NOTIS )

Downloads

This item is only available as the following downloads:


Full Text
xml version 1.0 encoding UTF-8
REPORT xmlns http:www.fcla.edudlsmddaitss xmlns:xsi http:www.w3.org2001XMLSchema-instance xsi:schemaLocation http:www.fcla.edudlsmddaitssdaitssReport.xsd
INGEST IEID EU9689CQ3_OJ15S5 INGEST_TIME 2017-07-14T16:35:01Z PACKAGE UF00100775_00001
AGREEMENT_INFO ACCOUNT UF PROJECT UFDC
FILES



PAGE 1

A RUN-TIME ENVIRONMENT FOR CONCURRENT ADA SOFTWARE TEST ANALYSIS By Ji Xiao A THESIS PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE UNIVERSITY OF FLORIDA 2000

PAGE 2

To My Family

PAGE 3

iii ACKNOWLEDGMENTS First, I sincerely thank my advisor, Dr. Yann-Hang Lee, for his excellent advice throughout the years. None of my work could be done without his kindly help. I would like to thank my supervisory committee members, Dr. Steve Thebaut and Dr. ChienLiang Liu, for their valuable and constructive suggestions on my thesis. I would also like to thank Mr. Youngjoon Byun and Miss Okehee Goh for their kindly help on this work. Finally, I would appreciate my family for their love.

PAGE 4

iv TABLE OF CONTENTS page ACKNOWLEDGMENTS ................................ ................................ .............................. iii LIST OF FIGURES ................................ ................................ ................................ ........ vi ABSTRACT ................................ ................................ ................................ .................. vii CHAPTERS 1 INTRODUCTION ................................ ................................ ................................ ...... 1 2 SOFTWARE TESTING AND CODE COVERAGE ANALYSIS ............................... 4 2.1 Software Testing Fundamentals ................................ ................................ ........... 4 2.2 Black-Box and White-Box Testing ................................ ................................ ...... 4 2.3 Code Coverage Analysis ................................ ................................ ...................... 5 2.3.1 Logic Coverage Criteria ................................ ................................ ............... 6 2.3.2 Data Flow Coverage Criteria ................................ ................................ ........ 9 3 DESIGN OF ADA-PINE ................................ ................................ .......................... 12 3.1 High Level Architecture of ADA -PINE ................................ ............................. 12 3.2 Ada Program Instrumentation Process ................................ ............................... 13 3.2.1 Lexical Analyzer ................................ ................................ ........................ 14 3.2.2 Syntax Analysis ................................ ................................ ......................... 14 3.2.3 Semantic Analysis ................................ ................................ ...................... 14 3.2.4 Flow Analysis ................................ ................................ ............................ 15 3.2.5 Instrumentation ................................ ................................ .......................... 15 3.2.6 Code Generation ................................ ................................ ........................ 15 3.3 Run-Time Library ................................ ................................ .............................. 16 3.4 Coverage An alyzer ................................ ................................ ............................ 16 4 IMPLEMENTATION OF ADA-PINE ................................ ................................ ..... 17 4.1 Implementation of Code Generator ................................ ................................ .... 17 4.1.1 Structure of Syntax Tree. ................................ ................................ ........... 19 4.1.2 The Design of S cript ................................ ................................ .................. 20 4.2 Implementation of Run-Time Library ................................ ................................ 26 4.2.1 Components of Run-Time Library ................................ .............................. 26

PAGE 5

v 4.2.2 Trace File ................................ ................................ ................................ ... 26 4.2.3 Common Used Data S tructure ................................ ................................ .... 26 4.2.4 Run-Time Environment --Calling-Stack Strategy ................................ ....... 29 4.2.5 Finalization ................................ ................................ ................................ 32 4.3 Conclusion ................................ ................................ ................................ ......... 35 5 ADA CONCURRENT TESTING ................................ ................................ ........ 36 5.1 Concurrency in Ada ................................ ................................ ........................... 36 5.1.1 Rendezvous ................................ ................................ ................................ 36 5.1.2 Protected Object ................................ ................................ ......................... 37 5.1.3 Select Statements ................................ ................................ ....................... 38 5.1.4 Task Identification ................................ ................................ ..................... 39 5.1.5 Task Attribute ................................ ................................ ............................ 39 5.2 Problem to Be Solved ................................ ................................ ........................ 39 5.2.1 Task Identification ................................ ................................ ..................... 39 5.2.2 Decision Coverage ................................ ................................ ..................... 39 5.2.3 Calling-Stack Based Run-Time Environment ................................ ............. 40 5.2.4 Task Dependency Graph ................................ ................................ ............ 41 5.3 Modeling Design ................................ ................................ ............................... 42 5.3.1 New Trace Format ................................ ................................ ..................... 42 5.3.2 Task Dependency Graph ................................ ................................ ............ 42 5.3.3 Run-Time Library ................................ ................................ ...................... 43 5.3.4 Code Generation ................................ ................................ ........................ 45 5.4 An Example ................................ ................................ ................................ ....... 46 6 FUTURE WORK ................................ ................................ ................................ ..... 49 REFERENCES ................................ ................................ ................................ ............. 50 BIOGRAPHICAL SKETCH ................................ ................................ ......................... 51

PAGE 6

vi LIST OF FIGURES Figure page 1.1 ATAC Operation Flow ................................ ................................ ................................ 1 2.1 A Sample Ada Program and Basic Block Division ................................ ....................... 7 2.2 Control Flow Graph of the Sample Ada Programs. ................................ ...................... 8 3.1 High Level Architecture of ADA-PINE ................................ ................................ ....... 12 3.2 Structure of ADA Instrument Processor analysis. ................................ ......................... 13 4.1 Structure of Syntax Tree. ................................ ................................ ............................. 20 4.2 A Syntax Sub-tree Containing Multi Children ................................ .............................. 22 4.3 Example of Probe Node ................................ ................................ ............................... 24 4.4 Calling-stack Strategy ................................ ................................ ................................ .. 30 5.1 The Egg Shell Model ................................ ................................ ................................ ... 37 5.2 Task Dependency Graph ................................ ................................ .............................. 41 5.3 The Run-Time Library For Ada Concurrent Testing ................................ .................... 43 5.4 Source-specific Data Structure for Decision ................................ ................................ 44 5.5 Block Coverage of A Concurrent Ada Program ................................ ........................... 47 5.6 Example Task Dependency Graph ................................ ................................ ............... 48

PAGE 7

vii Abstract of Thesis Presented to the Graduate School of the University of Florida in Partial Fulfillment of the Requirements for the Degree of Master of Science A RUN-TIME ENVIRONMENT FOR CONCURRENT ADA SOFTWARE TEST ANALYSIS By Ji Xiao December 2000 ABSTRACT Chairman: Yann-Hang Lee Major Department: Computer and Information Science and Engineering Software testing is one of the most expensive and time-consuming phases in software development. Hence, to reduce the development cost and improve productivity and quality, CASE tool support is very desirable. We are developing an Ada run-time instrument environment, ADA-PINE, for test coverage analysis of real-time Ada programs. Based on the program analysis, ADA-PINE generates control flow and data flow, instruments the programs being tested, and collects the execution traces dynamically. This tool can help developer and tester in many ways such as displaying the code that has not been executed, drawing the control flow graph and task dependency graph of the program, and reducing redundant test cases.

PAGE 8

viii In this thesis, the basic concept of software testing and the high level design of ADA-PINE will be introduced. Then, the details of code generator, run-time library and Ada concurrent testing model, which were designed and implemented by author, will be emphasized.

PAGE 9

1 CHAPTER 1 INTRODUCTION Software testing, which is the process of executing a program with the intent of finding errors, is one of the most expensive and time-consuming phases of the software life cycle. About 50% of the total life-cycle effort and time are spent on testing [The00] The only way to guarantee software to be error free is using exhaustive testing. However, it is almost impossible to achieve exhaustive testing because the cost is extremely high. To conduct effective testing, we need to reduce the cost of testing, and at the same time, improve the productivity and quality of software. Hence, it is very important to provide a solution, supported by CASE tools, which can not only reduce the cost but also improve the quality [Mye79] Figure 1.1 ATAC Operation Flow Telcordia s software visualization and analysis toolsuite (known as c Suds) is an example of CASE tools. The current version of c Suds has seven tools and ATAC atac cc test.out test.c test.out test. atac test case output test.out.trace test.out.trace test. atac summary GUI atac or c atac

PAGE 10

2 ( A utomatic T est A nalysis for C ) is one of them. ATAC consists of an ATAC compiler (atac cc) and a test coverage analyzer (atac or c atac). Figure 1.1 describes the operation flow of ATAC. First, atac cc analyzes and instruments test.c then stores control flow and data flow information into file test.atac It also compiles instrumented code of test.c with ATAC run-time library and generates an executable file test.out Each time the test.out runs, execution traces are appended to corresponding trace file test.out.trace Execution traces record how many times a particular software component (function, block, decision, c-use or p-use) is executed by test cases. Finally, by analyzing both execution trace and the static information stored in test.atac test coverage information is output to summary (text) or GUI [Tel98] However, c Suds supports only C and C++, but not Ada. Ada is a widely used real-time programming language in the defense industry whose grammar is almost three times bigger than C language. Moreover, Ada is a language that supports concurrent programming. Following a similar approach to that taken by ATAC, ADA-PINE performs lexical analysis, syntax analysis, semantic analysis, flow analysis, instrumentation and code generation on Ada source code being tested. Based on these analyses, ADA-PINE generates control flow graph, collects data flow information, and instruments Ada source code. At the same time, source-specific data that indicate the basic information of the modules being tested is generated. After compiling and linking instrumented Ada source code, corresponding source-specific data and ADA-PINE run-time library, an executable file is generated. By executing this executable file with test cases, ADA_PINE collects execution traces. Then, the analyzer of ADA-PINE analyzes the control and data flow

PAGE 11

3 information with execution traces, concludes whether the test cases satisfy code coverage criteria. The remainder of this thesis is organized as follows. Chapter 2 introduces the basic concept of software testing, especially code coverage analysis. Chapter 3 shows the high level design of ADA-PINE. The design and implementation of code generator and run-time library are presented in Chapter 4. In Chapter 5, the modeling design and implementation for Ada concurrency test will be discussed. Chapter 4 and Chapter 5 are emphasized because they are my own part of work. Finally, the future work and reference will be given in Chapter 6 and Chapter 7 respectively.

PAGE 12

4 CHAPTER 2 SOFTWARE TESTING AND CODE COVERAGE ANALYSIS ADA-PINE is a code coverage analysis toolsuite. Before we start to introduce ADA-PINE s design and implementation issues, we need to introduce the theoretical background of software testing. In this chapter, some basic concept of software testing is introduced. Concept of code coverage analysis and several code coverage criteria are emphasized especially. 2.1 Software Testing Fundamentals Software testing, as a process of executing programs with the intent of finding errors [Mye79] is usually conducted by using one or both of these two approaches: human-based testing and machine-based testing [The00] Human-based testing includes techniques such as walk-through, reviews, and inspections, which are used by people at any stage of software design and development. Machine-based testing is the execution of test cases to find errors in programs. Only machine-based testing will be emphasized here since ADA-PINE belongs to it. 2.2 Black-Box and White-Box Testing Black-box and white-box testing are two major techniques used in machine-based testing. The former is also known as functional testing, which conducts testing based solely on the analysis of software requirements [The00] Without the knowledge of programming structure, black-box testing is done by generating test cases based on the program specification, running the program with all of these test cases and comparing the

PAGE 13

5 output with expected output. The latter one is also known as structural testing. Structural testing is based on the analysis of internal logic of programs. It is mainly used for low level testing (unit and component testing) that focuses on the coding of software. In structural testing, designing test cases is a very important issue. The test cases are designed with the objective of testing as many execution paths in the program as possible in order to guarantee the program acts correctly in any circumstances. To decide whether the program is tested thoroughly, code coverage analysis techniques are needed. As an example, program instrumentation is used to add some instrument code into original program to collect the record of program executions [The00] ADA-PINE is a code coverage analysis toolsuite for Ada applications. 2.3 Code Coverage Analysis As mentioned in last section, code coverage analysis is a structural testing technique. Code coverage analysis is the process of finding areas of a program that is not exercised by a set of test cases. An optional aspect of code coverage analysis is to identify redundant test cases that do not increase coverage. People use code coverage analysis to assure the quality of test cases but not the quality of the actual product. Code coverage analysis is sometimes called test coverage analysis. The two terms are synonymous. The academic world more often uses the term test coverage analysis while practitioners more often use code coverage analysis. There exist a large variety of coverage criteria for code coverage analysis. This section gives a description of some fundamental measures. In ADA-PINE, we consider criteria of block coverage, decision coverage, all c-uses coverage, all p-uses coverage, and all-uses coverage. In the current stage, we implemented only block coverage and

PAGE 14

6 decision coverage. All these criteria are mainly divided into logic and data flow coverage criteria. 2.3.1 Logic Coverage Criteria Measuring logic coverage criteria can reflect the test cases ability to cover the statements, branches, paths, etc. 2.3.1.1 Block Coverage Criterion Basic block is a code sequence in which execution always enters at the beginning and leaves at the end without halt or the possibility of branching except at the end. Block coverage of a set of test cases is the ratio of the number of basic blocks executed by these test cases to the total number of basic blocks in the tested program [Hor91] A ratio of 1 implies that this set of test cases is adequate with respect to the block coverage criterion [Lee00] 2.3.1.2 Decision Coverage Criterion A decision is a pair of blocks, denoted (x, y), that shows a control transferring from a block x to block y. The decision coverage of a set of test cases is the ratio of the number of decisions executed by these test cases to the total number of decisions in the tested program [Hor91] A ratio of 1 implies that this set of test cases is adequate with respect to the decision coverage criterion [Lee00] 2.3.1.3 Logic Coverage Detection of ADA-PINE For the analysis of block coverage testing, ADA-PINE divides a program into basic blocks, and then creates edges to connect them. A block may have more that one statement if there is no branching among statements. A statement may contain multiple blocks if there is a control transfer within the statement.

PAGE 15

7 Figure 2.1 A Sample Ada Program and Basic Block Division WITH Ada.Integer_Text_IO; WITH Ada.Text_IO; PROCEDURE Order IS X: Integer; Y: Integer; BEGIN -Order Ada.Integer_Text_IO.Get (X); Ada.Integer_Text_IO.Get (Y); IF X > Y OR ELSE Y < X THEN Ada.Text_IO.Put ( X is bigger than Y ); ELSE Ada.Text_IO.Put ( Y is bigger than X ); END IF; END Order; 0 1 2 4 5 6 3

PAGE 16

8 Figure 2.2 Control Flow Graph of the Sample Ada Programs. Figure 2.1 provides an example of how ADA-PINE divides Ada source program into basic blocks. Ada source program in Figure 2.1 is divided into 7 basic blocks. Each of them can only be executed entirely from the beginning to the end with respect to the 0 2 4 5 6 1 3 ... ... ... ... Exception or abnormal exit Exception or abnormal exit Exception or abnormal exit Exception or abnormal exit X <=Y X > Y Y < X Y >=X Normal return Normal return Normal return Normal return

PAGE 17

9 definition of basic block. Figure 2.2 shows the control flow graph with respect to the Ada source program in Figure 2.1. Each solid edge represents flow control changing from one basic block to another. The following positions in Ada programs indicate possible change of flow control: short-circuit forms ( and then and or else ), branch statement (if and case statement), loop statement (basic loop, while, for), goto, exit, return, subprogram call, and select statement in task body [Lee00] The dotted arrow indicates possible exception or abnormal exit of procedure. Short-circuit ("and then" and "or else") are special logic operators of Ada. Operator and then has almost same functionality as logic operators and When Ada evaluates expression contains operator and both operands of "and" will be evaluated. However, when Ada evaluates expression contains operator and then the left operand will be evaluated first. If the value of the left operand is true the right operand will also be evaluated. Otherwise, the right operand will not be evaluated because no matter "true" or "false" it is, the result of and then operation is false Similar to the operator "and then", the "or else" will evaluate its left operand first. If the value of its left operand is "true", the right operand will not be evaluated because no matter which value the right operand has, the result of "or else" operation is "true". The example of operator or else is presented in Figure 2.1 and 2.2. If X>Y is true, then branch (2,4) will be taken. Hence, block 3 is not covered with respect to this test case. 2.3.2 Data Flow Coverage Criteria Data flow testing refers to forms of structural testing that focus on points at which variables receive values, and on whether these values are used. Several concepts will be introduced below.

PAGE 18

10 Define: A variable is defined whenever its value is changed, either by initializations, assignments, or out arguments of subprograms. P-use: Also known as a predicate-use, which means that a variable is used in the predicate of a branch statement. C-use: Also known as a computation use, which means any other use other than a p-use. A path in a control flow graph is a finite sequence of nodes (n 1 n k ), k>=2, such that there is an edge form n i to n i+1 For i = 1,2, ,k-1. A path is simple if all nodes except possibly the first and last, are distinct. A path is loop-free if all nodes in the path are distinct. A def-clear path (definition clear path) is, with respect to a particular variable, a path from a definition to a use of this variable without variable re-definition [The00] A definition-use pair ( du-pair ) with respect to a variable v is a double (d,u) or a triple (d,). In the double (d,u), d is a block at which v is defined, u is a node at which v is c-used, and there is at least one def-clear path with respect to v from d to u. In the triple (d,), d is a block at which v is defined, is a decision which depends on v, and there is at least one def-clear path from d to s. A c-use item is a triple (v,d,u) that represents a du-pair from d to u with respect to the variable v. A p-use item is a quadruple (v,d,) that represents a du-pair form u to decision with respect to the variable v. In ATAC, data flow coverage criteria like all c-uses coverage, all p-uses coverage and all-uses coverage are implemented for C language but not C++. Currently, the analysis of these coverage criteria has not been implemented in ADA-PINE yet.

PAGE 19

11 2.3.2.1 All C-Uses Coverage Criterion A c-use item (v,d,u) is covered with respect to a set of test cases when at least one of the def clear paths between d and u is covered. The c-use coverage of a set of test cases on a given program is the ratio of the number of c-use items executed by these test cases to the total number of c-use items in the program. A ratio of 1 implies that this set of test cases is adequate with respect to the all c-uses coverage criterion. 2.3.2.2 All P-Uses Coverage Criterion A p-use item (v,d,) is covered with respect to a set of test cases when at least one of the def clear paths between d and is covered. The p-use coverage of a set of test cases on a given program is the ratio of the number of p-use items executed by these test cases to the total number of p-use items in the program. A ratio of 1 implies that this set of test cases is adequate with respect to the all p-uses coverage criterion. 2.3.2.3 All-Uses Coverage Criterion All-uses coverage is the ratio of total number of covered c-use and p-use items to the total number of c-use and p-use items. A ratio of 1 implies that this set of tests is adequate with respect to the all-uses coverage criterion.

PAGE 20

12 CHAPTER 3 DESIGN OF ADA-PINE In this chapter, the architecture of ADA-PINE is presented. Then the details of each main component of ADA-PINE are introduced. Additional mechanism for concurrent execution of Ada program will be discussed in Chapter 5. 3.1 High Level Architecture of ADA-PINE For sequential program testing, ADA-PINE takes a similar approach to that taken by Telcordia s ATAC. Figure 3.1 shows the high level architecture of ADA-PINE. Firstly, ADA-PINE s instrumentation component analyzes Ada source Figure 3.1 High Level Architecture of ADA-PINE Ada source code Instrumented Ada code Ada compiler control & data flow information Ada Program Instrumentation executable code ADA-PINE library test cases execution traces source specific data ADA-PINE Analyzer /GUI

PAGE 21

13 code, and at the same time, collects control flow information, data flow information, and source-specific data that will be used by ADA-PINE run-time library. It also generates instrumented Ada source code. Then, the tester can compile the instrumented Ada source code with source-specific data and ADA-PINE run-time library. By executing the executable code with test cases, execution traces are gathered. Finally, ADA-PINE concludes the information about which blocks, decisions, and paths are covered with respect to the test cases by analyzing the control flow information, data flow information and execution traces. Figure 3.2 Structure of ADA Instrument Processor analysis. 3.2 Ada Program Instrumentation Process Ada instrumentation process acts as a language translator that carries out lexical analysis, syntax analysis, semantic analysis, flow analysis, instrumentation and code generation. Figure 3.2 shows the detail architecture of Ada instrumentation process. We Instrumented Ada code Ada Source Code Flow Analysis Syntax Analysis Code Generation Semantic Analysis Lexical Analysis syntax tree symbol table flow graph Flow info. & data Instrumentation

PAGE 22

14 assume that the source code to be instrumented is syntactically and semantically correct because the code has already passed the compilation phase before testing. So the process performs minimum syntax and semantic analysis only for test. 3.2.1 Lexical Analyzer Lexical analyzer scans the Ada source code and produces a sequence of tokens that are used by syntax analyzer. Tokens of Ada 95 can be grouped as delimiters, identifiers reserved words, numeric literal, character literal, string literal, and comments. Lexical analyzer also passes the token positions in source code, text strings of identifiers, and literal to syntax analyzer. ADA-PINE's lexical analyzer was designed and implemented by Mr. Yoonjoon Byun. 3.2.2 Syntax Analysis The syntax analyzer, generated by YACC [Lev92] builds an abstract syntax tree of the source code based on the Ada syntax. The tree node has its node type with respect to a syntax rule and symbol information space, which is actually filled during semantic analysis [Lee00] Mr. Yoonjoon Byun and I implemented the syntax analyzer of ADAPINE. 3.2.3 Semantic Analysis The main function of semantic analysis is the resolution of the symbols such as variable name, constant name and subprogram name in Ada source code. To classify the symbols, semantic analyzer traverses the syntax tree and identifies the meaning of the symbols based on their context in source. It also identifies type information of each symbol and decorates the syntax tree with the symbol information. This part is not implemented yet.

PAGE 23

15 3.2.4 Flow Analysis The flow analysis generates control flow and data flow information. As we described in 2.3.1.3, a control flow graph is composed by nodes that indicate basic blocks and edges that indicate decisions and unconditional control transfer. To generate control flow graph, the flow analyzer divides the source code into basic blocks, and links them by edges. Flow analyzer adds the data flow information (e.g., def, c-use, p-use) to each nodes of a control flow graph. All the static flow information such as block, decision, cuse, and p-use is stored in a DOT-ATADA file that is similar to DOT-ATAC file of ATAC. This is part is implemented by Mr. Yoonjoon Byun. 3.2.5 Instrumentation Instrumentation inserts a probe node for each basic block in the syntax tree. A probe node indicates the opsition of an instrument statement in Ada source code. Basicly, an instrument statement calls a probe routine. ATAC uses probe routine and comma operator to instrument C code, but Ada 95 provides only probe routine. Usually, a probe routine is inserted at the beginning of a basic block. In case of iteration and selection statements such as for and while instrumentation inserts a probe routine before and after the statement to correctly reflect the behavior of tested program. For any initialization statements in a declaration, which may have control transfer as a procedure call, a dummy probe node is added in order to invoke a probe routine [Lee00] Instrumentation is implemented by Mr. Youngjoon Byun. 3.2.6 Code Generation Code generator generates instrumented Ada code based on the instrumented Ada syntax tree. By depth first traversal of the instrumented syntax tree, it generates original

PAGE 24

16 Ada source code for regular syntax tree nodes and instrument statements for probe nodes. The instrument statements call probe routines defined in run-time library and generate trace information during the execution of instrumented Ada code. Code generator is designed and implemented by myself. The details will be introduced in Chapter 4. 3.3 Run-Time Library To collect execution traces, a set of Ada libraries called run-time library are built in separate packages. Run-time library is a set of data structures, procedures, and functions. For each module that is instrumented, ADA-PINE generates source-specific data that contains the basic information of that module. The data structure of run-time library declares the prototype of these source-specific data. Several kinds of probe routines are another essential part of run-time library. At last, an important routine called finalization is also defined in run-time library. The basic idea of finalization is to dump all trace information stored in the memory into trace file at the end of execution. Runtime library is also designed and implemented by myself. The details are shown in Chapter 4. 3.4 Coverage Analyzer The coverage analyzer analyzes the source code, the flow information, and the execution trace information. It shows coverage analysis summary for block coverage, decision coverage, c-use coverage, and p-use coverage. In the Graphical User Interface (GUI), covered source code is highlighted. Control flow graph is also shown by GUI This part is designed and implemented by Miss Ohekee Goh.

PAGE 25

17 CHAPTER 4 IMPLEMENTATION OF ADA-PINE This chapter presents some implementation issues of ADA-PINE. Since only code generator and run-time library are implemented by myself, this chapter will only emphasize these parts of implementation. The modification of code generator and runtime library for Ada concurrent testing is introduced in Chapter 5. 4.1 Implementation of Code Generator As mentioned in last chapter, code generator is used to generate instrumented Ada code based on the instrumented syntax tree. Code generator performs a depth first traversal on the instrumented syntax tree. During the depth first traversal, it generates original Ada source code for regular syntax tree nodes and instrument statements (probe routines call, begin, end, declare, etc.) for the probe nodes. Optionally, code generator can generate original Ada source code by omitting any probe nodes inserted. Choosing this option, the generated code is as same as source code except the comments, new lines, and spaces. This option is used to test the code generator itself by comparing the source code and the generated code. A syntax tree is generated by YACC parser. YACC parser is defined by several derivation rules. In each derivation rule, the single name on the left side of the operator : is defined as a genus. Each action code on the right side of operator ":" is defined as a species. Every genus has several species. Each node of a syntax tree has its own genus and species.

PAGE 26

18 Each derivation of the Ada grammar is described by genus and species pair. Because code generator generates code based on the syntax tree nodes, a script is defined for each (genus, species) pair. The script describes the action of code generator with respect to the corresponding (genus, species) pair. Genus of regular syntax tree nodes are numerated from 999 to 1233. All probe nodes have genus 2000. Species of probe nodes and their usage are described as below PROBE_START: This kind of probe node indicates the start of a subprogram. It is inserted before the tree nodes with genus GEN_SPROG_BODY or GEN_TASK_BODY. When PROBE_START is recognized, code generator will insert some instrumented code within the body of the subprogram or task. PROBE_STMT_R: This kind of probe node indicates a basic block. When PROBE_STMT_R is recognized, an instrumented procedure call will be inserted after the source code of this basic block. PROBE_STMT_L: This kind of probe node indicates a basic block. When PROBE_STMT_L is recognized, an instrumented procedure call will be inserted before the source code of this basic block. PROBE_EXPR_L: This kind of probe node indicates a short-circuit ( or else or and then ). When PROBE_EXPR_L is recognized, a boolean expression B will be replaced by the expression (probe () and then B). The "probe ()" is a probe function that always returns a boolean value true By this probe node, we can instrument boolean expression without comma expression. A script of code generator is defined as a triple (genus, species, script). All these triples are stored into a one-dimensional array called all_script []. So, a map between the

PAGE 27

19 (genus, species) pair to the corresponding index of all_script [] is needed. This map is stored in the array called scriptIndex []. "scriptIndex []" is initialized by function scriptIndex (). The main function of code generator is named deparse (). It calls function scriptIndex () to initialize the mapping, and calls the function dparse () to traverse the syntax tree. The action of function dparse () can be described as reading the genus and species field of a node, accessing the corresponding script with respect to the (genus, species) pair, analyzing the script symbol by symbol, and making the following actions according to the value of these symbols: If the script symbol is different from the @ symbol, the symbol is directly written to the target file. If the script symbol is @, then some action is taken according to the next symbol that follows the @ symbol. Before introducing the details of script design, the data structure of syntax tree nodes is described in section 4.1.1. 4.1.1 Structure of Syntax Tree. Table 4.1 shows the related tree node structure. Tree nodes are identified by their genus and species This structure can represent both normal tree nodes and probe nodes. The structure of the syntax tree is described in Figure 4.1. In Figure 4.1, node 0 is the root. Nodes 1,2,3,4 are children of node 0. Node 5 is the child of node 2. From Table 4.1, we know every node has 3 pointers: next, over and up. The next pointer is used to point to the first child if there are any. The over pointer is used to point to the brother nodes. If the node itself is the last brother node, the over pointer is used to point to first child. The up pointer is used to point to the parent node.

PAGE 28

20 Figure 4.1 Structure of Syntax Tree. 4.1.2 The Design of Script This section intends to give a detailed design of the scripts of code generator. Several important scripts and their functionality are given. 4.1.2.1 Named Sub-Tree When code generator meets the root of the abstract syntax tree or sub-tree, it calls function dparse () to run a depth first traversal through the syntax tree or sub-tree. During the traversal, instrumented code and original source code belonging to the syntax tree or sub-tree are generated. For example, when the code generator meets a named sub-tree like GEN_TYPE_DCL (new type declaration) or GEN_RECORD_DEF (record definition) in the abstract syntax tree, it calls dparse () recursively to run the depth first traversal. A script @N is defined to take the action of traversing sub-tree rooted by the child node. This script is used when the code generator knows exactly how many brothers are contained in this level, their genus and species, and their locations. 0 1 2 3 4 5

PAGE 29

21 Table 4.1 Related Attributes of a Tree Node Int Genus Int Species SRCPOS srcpos[2] /* LEFT_SRCPOS, RIGHT_SRCPOS */ TNODE *up Point to the parent node TNODE *down Point to the first children TNODE *over Point to the brother Char *text Record the related name of this node (Variable name, Function name etc.) struct symlist *symtab in case of MODULE, FUNCTION, COMPSTMT struct sym *sym short Blkno short Flag Branch type of the instrumented TNODE "D", "l", "d" --> 1, others("U", no branch) --> 0 short Tempn o union sym struct probe struct valtype *type

PAGE 30

22 4.1.2.2 Possible Multi-Child Node In syntax tree, sometimes we do not know how many children we have in this level. For example, consider the syntax derivation below: Choice_s > Choice | Choice_s Choice In this situation, the AST is like: Figure 4.2 A Syntax Sub-tree Containing Multi Children For this situation, number of sub-tree is unknown. The solution is to define scripts @L and @@. For @L, it recursively calls dparse () to traverse the sub-tree rooted by the next available child node. If there are no more available child, function dparse () will return. For @@, it returns the script pointer to the beginning of the script, which runs the previous script again. These two scripts are often used together like @L@@ which means executing action @L until there are no more children. Choice_s Choice Choice Choice

PAGE 31

23 4.1.2.3 Adjusting of Indentation To generate readable code, code generator adjusts the indentation of the instrumented code. Two scripts @+ and @are defined. The script @+ acts as increasing the tab level. The script @is defined as decreasing the tab level. 4.1.2.4 Get the Filename ADA_PINE instruments Ada programs file by file. For each Ada program file, ADA_PINE generates source-specific data and instrumented code named by the corresponding Ada program file. For example, if an Ada file named XXX.ada is instrumented, the source-specific data will be named ZZZ_INST_XXX.ADA. All the data structures involving the instrumentation are contained in this file. Since this file will be referenced by the instrumented code generated by a probe node, code generator needs to get the file name of Ada source code. The script @X is defined to get the file name of Ada source program. 4.1.2.5 Genus and Species Changing For most of the probe nodes, the purpose of code generator is to insert an instrumented code according to the type of the probe nodes before or after the source code generated by the abstract syntax sub-tree. However, the situation is not this sample when dealing with PROBE_START, which is inserted before sub_program_body and task_body. The PROBE_START indicates an intention to insert the instrumented code inside the source code generated by the abstract syntax sub-tree below it. Only an example of sub_program_body is given here to explain the problem since task body is similar to sub-program body. The syntax derivation of sub_program_body is

PAGE 32

24 Subprog_body > subprog_spec_is_push decl_part block_body END id_opt ; | subprog_spec_is_push decl_part block_body END ; | subprog_spec_is_push block END id_opt ; | subprog_spec_is_push block END ; Above syntax derivation of sub_program_body shows that it has four different kinds of derivations. For each kind of derivation, a script is needed to insert instrumented code to proper position. Following procedure simple is an example of the first derivation. Procedure simple is Begin Null; End simple; The AST of the instrumented procedure simple can be simply described in Figure 4.2. Figure 4.3 Example of Probe Node The desired instrumented code of procedure simple is PROCEDURE simple IS ZZZ_C_O_M_Level: Integer:=0; BEGIN ZZZ_Inst_Run_Time.START_INST4(ZZZ_C_O_M_Level,ZZZ_Inst_simple.ada.ZTsimple_Pointer); 2000.0 Subprog_body.1

PAGE 33

25 BEGIN ZZZ_INST_RUN_TIME.Blk_Count_Proc4(ZZZ_C_O_M_Level ,0,0); BEGIN NULL; ZZZ_INST_RUN_TIME.Blk_Count_Proc4( ZZZ_C_O_M_Level,1,0); END; -simple END; END; --The bold and underlined text is added for probe node 2000.0. Above procedure shows that because the insertion of some code such as begin, end, and declare is needed, code generator changes the genus and species of tree node sub_program_body. The genus and species of a node sub_program_body is changed to the genus and species of a special defined probe node. Then instrumented code is generated following the script with respect to this special defined probe node, which inserts code such as begin, end and declare. After the code generation, the previous genus and species of this tree node should be resumed. Script @K is defined to change the genus and species of a tree node into the genus and species of the corresponding special defined probe node. Script @R is defined to resume the previous genus and species of a tree node. 4.1.2.6 Block Number In most situations, we insert an instrumentation code in each basic block. We numerate the basic block in each file from 0. This number is defined in the attribute of probe node structure. Script @B is defined to print the basic block number into generated code.

PAGE 34

26 4.2 Implementation of Run-Time Library ADA-PINE run-time library is a set of data structures, procedures, and functions that are built in separate packages in order to collect execution traces of the test cases. 4.2.1 Components of Run-Time Library Run-time library of ADA-PINE is made by three components: definition of common data structures, definition and implementation of the probe routines, and a package that takes care of finalization. The function of run-time library can be described as generating execution trace. Trace information is stored in trace file. 4.2.2 Trace File A trace file contains coverage data collected at run-time by programs compiled and linked with instrumented code and run-time library. A trace file usually contains data for all test runs of a given executable program. The master trace file is defined as an index of different test cases. Every execution of a test case will generate a trace file. The master trace file contains the information of the names of the trace files and their corresponding directories. When ADA-PINE opens the master trace file, it can find trace file of each test case. 4.2.3 Common Used Data Structure As described in section 3.3, common used data structure is the prototype of source specific data that is used by probe routines. From 4.2.3.1 to 4.2.3.4, main components of common used data structures are introduced. 4.2.3.1 Version Information A constant string is defined to contain the information of the version. We want our tool can be integrated to c Suds, which allows the developers and testers to identify

PAGE 35

27 the program areas that require further testing. So, the version information that matches the c Suds version is required. 4.2.3.2 File Information A record named Zfile is defined as below: TYPE Zfile IS RECORD Name : Unbounded_String; Stamp : Integer; Visited : Boolean; FileId : Unsigned_Short; nCov : Integer; END RECORD; Name: The attribute Name indicates the Ada program file name that we are testing. Stamp: A time stamp indicating when this file is last saved. Visited: This is a boolean that indicates whether the code in this Ada program file has been executed during current execution. FileId: FileId numerates Ada program file in which code has been executed from 0. nCov: Indicates how many testable items (block, decision, c-use, p-use) there are in this file. 4.2.3.3 Decision Structure A record named Decision is defined as below: TYPE Decision IS Record Item_number : Integer;

PAGE 36

28 From : Integer; To : Integer; Executed_time : Integer; END RECORD; Item_number: Item_number of this decision. It represents the item_number of this decision with respect to all executable items defined in control flow. From: This decision starts from where (item number). To: The destination of this decision. Execution_time: This indicate the execution times of the decision. 4.2.3.4 Main Structure The record of Ztable is the main structure that contains the structure of all information that the trace file should record. The access (pointer) of this table is passed to instrument procedure as an argument. TYPE Ztables IS RECORD Files : Zfiles_pointer; Version : String(1..3); FileId : Unsigned_Short; FuncNo : Unsigned_Shor t; Nblk : Unsigned_Short; Nvar : Unsigned_Short; Next : Ztables_Pointer; BlkCount : B_Count_Pointer; FBIN : First_Blk_Item_Number;

PAGE 37

29 Visited : Boolean; D_Table : Decision_Count_Pointer END RECORD; -Ztables Zfiles_pointer: An access pointing to the file structure that represents the Ada program file in which the function is running. Version: Version of the run-time library. FileId: File id of this file. FuncNo: The function number of this function. Nblk: Number of blocks in this function. Nvar: Number of variables that are defined in this function. B_Count_Pointer: An access pointing to an array storing the number of execution times of each block. FBIN: An integer indicating the first block s item number in this function. Visited: A boolean indicating if this file has been visited. D_Table: An access pointing to the decision array that records the execution times of each decision. Next: A Ztable type access pointing to the next Ztable in an array. 4.2.4 Run-Time Environment --Calling-Stack Strategy In an earlier section of this chapter, we introduced code generator, which generates instrumented Ada code. An example of a piece of instrumented code is shown below: PROCEDURE simple IS BEGIN

PAGE 38

30 ZZZ_C_O_M_Level:Integer:=0; BEGIN ZZZ_Inst_Run_Time.START_INST(ZZZ_C_O_M_Level,ZZZ_Inst_simple_.ZTOrder_Pointer); BEGIN NULL; ZZZ_INST_RUN_TIME.Blk_Count_Proc(ZZZ_C_O_M_Level ,0,0) END; -simple END; END; Figure 4.4 Calling-stack Strategy Data structure 1.Instrument procedure call 2. Call_level Data structure 1.Instrument procedure call 2. Call_level Data structure 1.Instrument procedure call 2. Call_level Data structure 1.Instrument procedure call 2. Call_level Ada file 1 Ada file 2 Dummy Dummy Calling stack Visited function list

PAGE 39

31 In the instrumented code above, for procedure simple, a local variable ZZZ_C_O_M_Level is defined and initialized to 0. After this definition, a probe procedure ZZZ_Inst_Run_TimeStart_INST () is called to initialize the run-time environment for procedure simple. Then another probe procedure ZZZ_INST_RUN_TIME.Blk_Count_Proc () is called to record the execution trace for the only basic block in procedure simple. The instrumented code above will use a strategy called calling-stack to record traces, which is borrowed from ATAC. In this strategy, ADA-PINE defines source-specific data for each instrumented function to collect the traces for it. Run-time library maintains a list of pointer pointing to the source-specific data of all executed functions. At the same time, we maintain a callingstack of the run-time environment and a global variable that represents the level of this calling-stack. Whenever an instrumented procedure or function is executed, the run-time library judges whether it has been visited. If not, its data structure will be linked into the visited function list. At the same time, a running environment that is almost the copy of the data structure will be pushed into the calling-stack. Then, the current global level will be increased by 1.The local integer variable ZZZ_C_O_M_Level of this function gets the same value as the current level. If a function is called, the initial procedure will compare the call level of current environment and the level of this function. If call level of current environment is bigger, then what the run-time library does is to pop the calling-stack until they are equal. The benefit of calling-stack strategy is that the pointer of a source-specific data only needs to be passed at the beginning of each procedure. In all other situations, only passing the call_level is enough. However, the problem of this strategy is that it only

PAGE 40

32 supports the sequential execution of program because of the using of calling-stack. When programs run concurrently, this strategy would not work even if only the statement coverage information is needed. Figure 4.4 describes the details of calling-stack strategy. 4.2.5 Finalization 4.2.5.1 Why Finalization Run-time library s main function is to generate trace file. The straightforward strategy is to output trace information during each execution of instrumentation procedure call. That is, for each execution of a basic block, there will be a file I/O operation. For some big programs, especially ones containing loop statements, it will cost too much on files I/O. Another idea is to print the trace information whenever a basic block is first executed. After that, only recording the execution time in the Ztable structure is needed. At the time that the program finishes all execution and is about to quit, the information of item number and total execution time except the first execution will be output to trace file. The second solution is clearly more efficient. Hence, the question becomes how to detect the moment that the main procedure has finished all execution and it is about to quit. 4.2.5.2 Controlled Types of Ada 95 Ada 95, known as Object Oriented Programming Language, has the ability to extend a type with new components and operations. These allow a user to have complete control over the initialization and finalization of objects and also provide the capability for user-defined assignment.

PAGE 41

33 The general principle is that there are three distinct primitive activities concerning the control of objects: Initialization after creation Finalization before destruction Adjustment after assignment And the user is given the ability to provide appropriate procedures that are called to perform whatever is necessary at various points in the life of an object. These procedures are initialize, finalize and adjust, and they take the object as parameter. For example consider the code below: Declare A: Object; -create A, Initialize (A) Begin Null; End; -Finalize (A) We can see that the user need not actually call finalize (A), it is called automatically by the system when the object is just about to be destroyed. For a type, in order to be controlled, it has to be extended from one of the twotagged types declared in the library package Ada.Finalization, whose specification is as follows: Package Ada.Finalization is type Controlled is abstract tagged private; procedure Initialize(Object: in out Controlled);

PAGE 42

34 procedure Adjust(Object: in out Controlled); procedure Finalize(Object: in out Controlled); type li mited_controlled is abstract tagged limited private; procedure Initialize(Object: in out Limited_Controlled); procedure Finalize(Object: in out Limited_Controlled); private end Ada.Finalization; So by using Ada.Finalization, we are able to detect the moments when a main procedure is about to finish. 4.2.5.3 Implementation of Finalization The definition of package ZZZ_INST_C_O_M_AtAda_AtExit that makes use of Ada.Finalization is shown below. This package is in charge of the finalization of ADAPINE. package ZZZ_INST_C_O_M_AtAda_AtExit is type AtAda_AtExit is new Ada.Finalization.Controlled with record Int_Data : Integer; end record; private

PAGE 43

35 procedure Initialize (Object : in out AtAda_AtExit); procedure Adjust (Object : in out AtAda_AtExit); procedure Finalize (Object : in out AtAda_AtExit); end ZZZ_INST_C_O_M_AtAda_AtExit; A question arises when instrumenting several Ada programs in one project where several instances of type AtAda_AtExit are going to be finalized. To solve this problem, a static flag is set up to guarantee that only in the first time execution of the finalization that the traces will be dumped. After that, the procedure finalizes () will do nothing. In the package that contains source-specific data, a dummy variable of type AtAda_AtExit is defined. When the program is about to quit, this variable is going to be destroyed. Then the procedure Finalization is called by the system automatically. At this time, all information in the data structure will be dumped and will be written into the trace file. 4.3 Conclusion In this chapter, the implementation issues of code generator and run-time library of ADA-PINE are discussed. As mentioned earlier, at this stage, ADA-PINE structure does not support test coverage analysis of Ada concurrency tasks. So in the next chapter, we will address this situation more clearly and give the model and design in order to support Ada concurrency in ADA-PINE.

PAGE 44

36 CHAPTER 5 ADA CONCURRENT TESTING 5.1 Concurrency in Ada It is more efficient to do jobs concurrently, especially considering that modern computers often consist of one or more central processors and many I/O devices that are operating in parallel. There are two ways to implement concurrency programming, one is using the operating system s facility by making the system call, and another is providing concurrency mechanism on the programming language level. Ada is a real-time programming language. It supports concurrent programming mechanism. Generally, each single thread of control in the concurrent program is known as a process. In Ada, we use the terminology task instead of process. The execution of task takes one of the three forms listed below: As we see, the concurrent execution of tasks means they are executing in parallel potentially 5.1.1 Rendezvous Tasks can interact directly by sending messages to each other. Ada provides a mechanism known as the rendezvous to support the direct message passing between two independent tasks. A rendezvous between two independent tasks works as one task calling and an entry declared in another task. At first glance, an entry call is very like a All tasks share a single processor. Each task has its own processor and the processors share common memory. Each task has its own processor and the processors are distributed.

PAGE 45

37 procedure call. But the difference is that, in the case of a procedure call, the callee will execute immediately after the call, and in the case of entry call, the entry body will not be executed until the caller called theentry and the owner of the entry reaches the corresponding accept statement. While the execution of statements in the entry body of the callee task, the caller task will be suspended. When the callee task finishes the execution of its entry body, both caller and callee will resume execution independently. This potential relationship between caller and callee can easily be referred [Bar95] as a rendezvous 5.1.2 Protected Object Besides sending message directly to each other by using rendezvous, tasks also can communicate with each other by accessing shared data. Hence, synchronization Figure 5.1 The Egg Shell Model must be served. The typical solution of synchronization is using mutual exclusive access to critical sections. A critical section is a piece of code that can only be accessed by one thread of control. Synchronization can be satisfied by declaration of critical section. In Tasks waiting on barriers Accept Release At most one task inside

PAGE 46

38 Ada, the protected object is defined as critical section, that is, within a protected body we can have a number of subprograms and the implementation is such that calls of subprograms are mutually exclusive and thus cannot interfere with each other. 5.1.3 Select Statements Select statements that allow a task to select from one of several possible rendezvous sometimes can act as a protected object. Following is a sample of a select statement. In this example, the behavior of each execution of the select depends on whether calls of release_aircraft or receive_aircraft or both or neither have been made. If only one entry is called, either release_aircraft or receive_aircraft, the select statement will execute the body of called entry. If neither of them is called, the task is suspended until any entry call is made. If both of entries are called, an arbitrary choice is made. Task Carrier is Entry release_aircraft ( X : Integer); Entry receive_aircraft (X : Integer); End Carrier; Task body Carrier is air craft_on_board : Integer := initial_value; Begin Loop Select Accept release_aircraft ( X: Integer ) do Aircraft_on_board+=X; End; Or Accept receive_aircraft ( X : Integer) do Aircraft_on_board-=X; End; End select; End Loop; End;

PAGE 47

39 5.1.4 Task Identification Task identification is a new feature of Ada 95 that Ada 83 does not have. If the running environment supports the system programming annex, then all tasks are identified by a unique identifier that can be accessed and manipulated by the package Ada.Task_Identification. 5.1.5 Task Attribute In addition to the Ada.Task_Identification package, the system programming annex also supports the following two attributes: T Identity: For a given task T, yields a value of type task_id that represents the certain task denoted by T. E Caller: For a given entry, yields a value of type task_id that represents the certain task whose call is now being served. This attribute is only available in the entry body denoted by E. 5.2 Problem to Be Solved This section will introduce some existing problems in testing the concurrent Ada program. 5.2.1 Task Identification Though Ada 95 supports the task identification, unfortunately, Ada 95 does not provide any information about the relationship between the task variable name and its task id. Of course, although the type of task is easy to know, building up a relationship between the task variable name and its id is still very desirable. 5.2.2 Decision Coverage The decision information is generated by flow analysis statically during the instrumentation. Each decision is denoted by a block pair (a, b) that means the control is

PAGE 48

40 transferred from block a to block b directly. For a sequential execution of the program, there is only one thread of control. To record the decision coverage information, we judge whether each executed block pair matches any of the decisions contained in sourcespecific data. However, in a concurrent programming environment, where more than one thread of control may exist, the block number as well as which thread of control a decision belongs to needs to be considered. For example, assume a block pair (a b) is a decision inside a task body. After block a is executed, another task with higher priority preempts the current task. So the block b is not executed immediately after execution of block a. After the task containing block (a, b) resumes work and if it runs block b immediately, we should still say the decision (a, b) is made in this thread of control. From the above explanation we see that decision analysis should be handled differently from sequential executing programs when concurrent tasks are used in Ada programs, which means new strategy is needed. 5.2.3 Calling-Stack Based Run-Time Environment The calling-stack strategy has been used in run-time library. In the concurrentprogramming environment, if more than one thread of control exists, one procedure may be on different call levels in different thread of controls. To implement calling-stack based run-time library in concurrent programming environment, we must generate calling-stack for each running thread of control. It is not practical, so a suitable design for run-time library is needed to fit in programs including concurrent tasks.

PAGE 49

41 5.2.4 Task Dependency Graph By rendezvous or selection statements, one task can call an entry in another task, then build up dependency between tasks. A task graph is a picture of a concurrent system. It shows the individual sequential tasks and their interactions. Each node represents a task or a thread of control. The arrows between nodes represent the entry call, starting from the caller and pointing to the callee. The small arrows over or under the big arrows represent the data dependency between the two tasks. The directions of small arrows represent the data transferring direction Figure 5.2 Task Dependency Graph Figure 5.2 shows that there are three kinds of data transfer with respect to three kinds of arguments of an entry call: In, from caller to callee; out, from callee to caller and in out. T2 T3 1 T1 in out in out

PAGE 50

42 5.3 Modeling Design This section introduces the modeling and design in order to solve the problems caused by Ada concurrency. 5.3.1 New Trace Format Based on previous trace format, we add two new attributes in a trace file. The first attribute is the record of which task has executed a particular basic block. This new attribute is represented by adding a sequence of unique task id following the original trace. The second attribute, the entry calling information, will be put in another file using format: (entry_item_number,task_id) is called by (task_id) Entry item number can be gathered by static analysis and put into a dot atada file. The first task_id indicates the task id of a callee, the second task_id indicates the task id of a caller. 5.3.2 Task Dependency Graph A task dependency graph can be generated statically by syntax and semantic analysis. Here, we generate a task dependency graph dynamically based on the entry call between tasks. The information we need to gather includes executed task id and its respective type, entry call made between tasks, and the information transferred by entry arguments. The executed task id can be gathered by adding argument current_taskid into the instrument procedure. The current_taskid can be obtained by function Current_Task () that returns the unique id of the calling task. All entry calls that have ever been made can be gathered by attribute E Caller. The entry arguments can be gathered statically by the syntax analysis.

PAGE 51

43 Until this, we can generate a task dependency graph dynamically by drawing a node for each executed task id and linking nodes by arrow from caller to callee of the entry call. 5.3.3 Run-Time Library 5.3.3.1 Running Without Calling-Stack As we mentioned in 5.2.3, calling-stack strategy is not suitable for a concurrentprogramming environment because it is impossible to declare multi-calling-stack with respect to multi concurrent thread of control. Figure 5.3 The Run-Time Library For Ada Concurrent Testing Data structure 1.probe procedure call Data structure 1.probe procedure call Data structure 1.probe procedure call Data structure 1.probe procedure call Ada file 1 Ada file 2 Dummy Visited function list

PAGE 52

44 A new architecture of run-time library is designed as below. In the new design, the access that points to source-specific data will be passed as an argument of every instrument procedure call. That is, we do not need calling-stack at all. This design is suitable for both sequential and concurrency programming environments. 5.3.3.2 Decision In 5.2.2, I mentioned the problem of decision coverage analysis in concurrent programming environment. To solve the problem, the data structure of decision is changed to the following: Deicsion_item_no Start_block_no End_block_no Id_list D1 1 3 D2 1 4 D3 7 9 D4 7 10 Figure 5.4 Source-specific Data Structure for Decision In every instrument procedure or function call, there is an argument, which indicates whether this block is the starting block of a decision. Instrument procedure will check whether there exists any task_id that equals to the negative value of current task_id in Id_list. If so, the instrument procedure will check if the block number of the current block equals to the end_block number of the decision. If it is true, the negative value will be changed to positive. If not, the task_id that equals to the negative value of current task_id in the Id_list will be deleted. If an instrument procedure notices that the current block is a starting block of a decision, it will insert the task_id s negative value into the Id_list with respect to the start_block_no. For example, if block 1 is executed by task 1, the number will be inserted into the Id_list of D1 and D2.

PAGE 53

45 5.3.3.3 New Trace Attribute Gathering To gather the information about which task has been executed, the simplest idea is to make a two dimension array instead of an one dimension array. One dimension of the array represents the task id, another represents the block item number. The content of this array is the execution times of corresponding block with respect to the task_id. However, because we do not have a symbol table until this stage, it is impossible to implement this in current stage. Another idea is to define a stack in the source-specific data structure to store the visited task id. Whenever the block is executed, the current task id is simply pushed into a list. In the finalization stage, the list is dumped, and a unique list of task_id and execution times is generated. The positive part of this idea is that we can still know the execution times as in the previous idea. However, whenever the block is executed, a node will be inserted into the list, which might cause too much memory to be used. One answer to this problem is to consider only the total execution times of blocks for all tasks. To achieve this, list is still be used. However, the problem of possible high memory consumption is conquered by only allocating one unit to each block. For entry calling information, the current implementation is to output the information to the file immediately after being called. To achieve better performance, related data structure must be defined for each entry body. We can use the same strategy as task id information except each node should contain both caller s and callee s task id. 5.3.4 Code Generation Since source-specific data are passed into instrument procedure whenever it is called, code generator also needs to be altered. The access that points to the source-

PAGE 54

46 specific data for each procedure, function or task is named by the procedure name, function name or task name respectively. In the rest of this section, we call procedure, function, or task as a unit. In the current syntax tree, unit names are contained only in the root of the sub-tree that represents these syntax units. To generate instrument code with respect to the current unit name, we must remember the current unit name. In addition, considering that Ada 95 supports nested unit definition, a stack is needed to record the current unit name. The stack works like this: during depth first traversal (DFT), whenever entering a sub-tree representing a unit, the name of this unit is pushed into the stack. Otherwise, whenever leaving a sub-tree that represents a unit, the top of the stack will be popped. Hence, the current unit name is always kept on the top of this stack. All inserted instrument code will use the current unit name to represent the access that points to the respected source-specific data. 5.4 An Example Figure 5.5 shows the block coverage of an Ada program that contains concurrent execution. At the same time, a file named entry_calling.trace that contains the entry calling execution trace is generated as shown below: Entry StartRunning of Task 3 is called by 1 Entry StartRunning of Task 2 is called by 1 Entry StartRunning of Task 4 is called by 1 From the information gathered in this entry_calling_trace, the execution task dependency graph of this program is gathered. Figure 5.6 shows the task dependency graph generated by the entry_calling_trace.

PAGE 55

47 Figure 5.5 Block Coverage of A Concurrent Ada Program

PAGE 56

48 Figure 5.6 Example Task Dependency Graph 2 3 4 1 Startrunning Startrunning Startrunning

PAGE 57

49 CHAPTER 6 FUTURE WORK The next stage of this ADA-PINE development is to do semantic analysis and data flow analysis. By semantic analysis, we can generate a symbol table for each static scope. In each static scope, we can relate the task id and task variable name by the task s identity attribute, which cannot be achieved now in Ada concurrency test. For data flow analysis, a symbol table is needed to locate the c-use, p-use and definition. For Ada semantic analysis, it is more convenient to use tools compatible to Ada Semantic Interface Specification (ASIS) instead of building it ourselves because ASIS tool can answer the query by the information provided by compiler. Other than analysis for a module, it can help analyzing the whole project.

PAGE 58

50 REFERENCES [Bar95] Barnes, J. G. P., Programming in Ada 95 Addison-Wesley, Reading, Massachusetts, 1995. [Che97] Cheng, J. Task Dependence Nets for Concurrent System with Ada 95 and Its Application, Proc. 1997 ACM TRI-Ada International Conference St. Louis, Missouri, 1997. [Fra88] Frank, P. G., and E. J. Weyuker, An Applicable Family of Data Flow Testing Criteria, IEEE Trans. on Software Engineering Vol. SE-14, No.10, 1988. [Hor91] Horgan, J. R., and S. A. London, Data Flow Coverage and the C Language, Proceedings of the Fourth Symposium on Testing, Analysis, and Verification, Victoria, British Columbia, Canada, 1991. [Lee00] Lee, Y., Y. Byun, J. Xiao, O. Goh, W. E. Wong, and A. Lee. A Toolsuite for Testing Real-Time Ada Applications, 3rd IEEE Workshop on ApplicationSpecific Systems and Software Engineering & Technology Richardson, Texas, 2000. [Lev92] Levine, J. R., T. Mason, and D. Brown, Lex & Yacc O'Reilly & Associates, Inc., Sebastopol, California, 1992. [Mye79] Myers, G.J., The Art of Software Testing John Wiley, New York, 1979. [Tel98] Telcordia Technologies, Inc. c Suds User's Manual Author, Morristown, New Jersey, 1998. [The00] Thebaut, S. Software Testing and Verification class book and notes, University of Florida, Gainesville, Florida, 2000.

PAGE 59

51 BIOGRAPHICAL SKETCH Ji Xiao was born on April 13th, 1971, in Beijing, China. He received his Bachelor of Engineering degree from University of Electronic Science and Technology of China, Chengdu, in July 1994, majoring in computer and information science and engineering. He worked as a computer consultant after his graduation. He joined the University of Florida in January 1999 and started to pursue a master s degree in computer and information science and engineering. He conducted research as a research assistant for Dr. Yann-Hang Lee. His research interests include software testing and real-time system.