Why use coarse buckets for grading? No credit, Check-, Check, Check+
Good Faith Effort standard
Due dates
How are grades combined into final grade?
What are assessments?
Participation
Have something to say about the paper
Alternative: email 3-5 sentences to instructor
Paper
Project
OK, so what is the space that we are working in: Testing and analysis, but mostly testing. What is testing?
Why write tests?
To validate software - make sure that it conforms to some specification of functional and non-functional requirements
To create ad-hoc documentation of features and help validate their correctness in the future
What makes a good test?
Hypothetical: building a system that checks a zip code validator service [Diagram] Input is characters from user, output is “error” or 1..n “place names” that match that zip code (example: 02119 -> Roxbury, MA and Boston, MA)
Observation: two big problems in testing - inputs and oracles
What are input generation ideas?
Blackbox: (aim to generate and run 1000’s of inputs/sec)
Boundary values (example: zip code, boundaries are length 4, 6, very long, no digits, non character)
Random values (note: testing all is hard, consider all zip+4 - 100,000 inputs to test, but maybe we can do it if its fast and automated)
Sampled values from production system
Inputs that are more likely to violate some system property (e.g. SQL/XSS injection; inputs that are designed to test performance of system)
Whitebox: (aim to generate and run 1-10’s of inputs/sec)
Symbolic execution
Manual analysis of code
Greybox: (aim to generate and run 1000’s of inputs/sec)
What can we use as feedback to determine if our input is useful or not?
What are oracle ideas?
Human knows the right answer
Generic properties:
No-crash
Performance (e.g. response time, memory usage)
Security (e.g. no injection)
Formal specification
Pseudo-oracles:
Regression
Differential
Metamorphic
Example: self-driving cars, transform input images in a way that you can predict the output, e.g. adding fog. Question: how do you know the fog is realistic? :(
What to do for next class - how to read paper?
Note, if haven’t read technical papers before: might be challenging, often written in very condensed style, assumes certain knowledge
Note, might want to read a paper multiple times, first skimming and skipping over parts that you don’t fully understand, then go back over again more carefully. Might help to do in different sittings
Consider highlighting, note taking
Might want to think about what you want to get out of each paper, thinking about questions like:
What is the motivation for this work?
What is the problem that is being solved?
What is hard about that problem?
What is the proposed solution?
How is that solution achieved?
How is that solution evaluated?
After reading, good to reflect on the paper - the problem, the solution, and the evaluation:
Is this a problem worth solving?
Is the solution a good idea?
Do you see limitations to the problem, or the solution?
Is future work needed to fit this research prototype into the real world problem domain?
What questions does this paper leave you with?
If you think that you can answer each of these questions, then you have done an excellent job reading the paper. If you don’t think you can answer them each (despite re-reading the paper to try to find those answers), that is OK! Not graded weekly on answering these questions - reflection paper will do that, and can pick which papers.