Documentation for testing (rust-lang#592)

* Docs for testing

* Address review comments

Author: adpaco-aws

rmc-docs/src/SUMMARY.md

@@ -16,5 +16,6 @@
   - [Where to start on real code](./tutorial-real-code.md)
 
 - [RMC developer documentation](./dev-documentation.md)
+  - [Testing](./rmc-testing.md)
 
 - [RMC dashboard](./dashboard.md)

rmc-docs/src/dashboard.md

@@ -13,30 +13,63 @@ However, not all examples from these books are suited for verification.
 For instance, some of them are only included to show what is valid Rust code (or what is not).
 
 Because of that, we run up to three different types of jobs when generating the dashboard:
- * `check` jobs (`BUILD` stage): This check uses the Rust front-end to detect if the example is valid Rust code.
- * `codegen` jobs (`TEST` stage): This check uses the RMC back-end to determine if we can generate GotoC code.
- * `verification` jobs (`REPORT` stage): This check uses CBMC to obtain a verification result.
+ * `check` jobs: This check uses the Rust front-end to detect if the example is valid Rust code.
+ * `codegen` jobs: This check uses the RMC back-end to determine if we can generate GotoC code.
+ * `verification` jobs: This check uses CBMC to obtain a verification result.
 
 Note that these are incremental: A `verification` job depends on a previous `codegen` job.
 Similary, a `codegen` job depends on a `check` job.
 
-> **Warning:** [Litani](https://github.com/awslabs/aws-build-accumulator) does not support
-> hierarchical views nor custom stages at the moment. For this reason, the results are
-> displayed for each example using Litani's default stages (`BUILD`, `TEST` and `REPORT`).
+> **Warning:** [Litani](https://github.com/awslabs/aws-build-accumulator) does
+> not support hierarchical views at the moment. For this reason, we are
+> publishing a [text version of the dashboard](./dashboard/dashboard.txt) which
+> displays the same results in a hierarchical way while we work on adding more
+> features to [Litani](https://github.com/awslabs/aws-build-accumulator).
 
 Before running the above mentioned jobs, we pre-process the examples to:
  1. Set the expected output according to flags present in the code snippet.
  2. Add any required compiler/RMC flags (e.g., CBMC unwinding flags).
- 3. Include custom assertions for verification (only in the case of `verification` jobs).
 
 Finally, we run all jobs, collect their outputs and compare them against the expected outputs.
 The results are summarized as follows: If the obtained and expected outputs differ,
 the color of the stage bar will be red. Otherwise, it will be blue.
 If an example shows one red bar, it is considered a failed example that cannot be handled by RMC.
 
-The [RMC Dashboard](./dashboard/index.html) is automatically updated whenever
-a PR gets merged into RMC.
+The [RMC Dashboard](./dashboard/index.html) and [its text version](./dashboard/dashboard.txt) are
+automatically updated whenever a PR gets merged into RMC.
 
-> **Tip:** In addition, we publish a [text version of the dashboard](./dashboard/dashboard.txt)
-> while we work on adding more features to [Litani](https://github.com/awslabs/aws-build-accumulator).
-> The [text-based dashboard](./dashboard/dashboard.txt) displays the same results in hierarchical way.
+## The dashboard procedure
+
+This section describes how the dashboard operates at a high level.
+
+To kick off the dashboard process use
+
+```
+./x.py run -i --stage 1 dashboard
+```
+
+The main function of the dashboard is `generate_dashboard()` in
+[`src/tools/dashboard/src/books.rs`](https://github.com/model-checking/rmc/blob/main/src/tools/dashboard/src/books.rs),
+which follows these steps:
+ * First, it calls the different `parse_..._hierarchy()` functions which parse
+   the summary files for each book.
+ * The `extract_examples(...)` function uses `rustdoc` to extract all examples
+   from the books.
+ * Then for each example it will check if there is a corresponding `.props` file
+   in `src/tools/dashboard/configs/`. The contents of these files (e.g.,
+   command-line options) are prepended to the example.
+ * All examples are written in the `src/test/dashboard/books/` folder.
+
+   In general, the path to a given example is
+   `src/test/dashboard/books/<book>/<chapter>/<section>/<subsection>/<line>.rs`
+   where `<line>` is the line number where the example appears in the
+   documentation. The `.props` files mentioned above follow the same naming
+   scheme in order to match them and detect conflicts.
+
+ * Then all examples are run using
+   [Litani](https://github.com/awslabs/aws-build-accumulator).
+ * Finally, the Litani log is used to generate the [text version of the
+   dashboard](./dashboard/dashboard.txt).
+
+> **Warning:** Note that any changes done to the examples in
+> `src/test/dashboard/books/` may be gone if the dashboard is executed.

rmc-docs/src/rmc-testing.md

@@ -0,0 +1,165 @@
+# Testing
+
+Testing in RMC is carried out in multiple ways. There are at least
+two very good reasons to do it:
+ 1. **Software regression**: A regression is a type of bug
+    that appears after a change is introduced where a feature that
+    was previously working has unexpectedly stopped working.
+
+    Regression testing allows one to prevent a software regression
+    from happening by running a comprehensive set of working tests
+    before any change is committed to the project.
+ 2. **Software metrics**: A metric is a measure of software
+    characteristics which are quantitative and countable. Metrics are
+    particularly valuable for project management purposes.
+
+We recommend reading our section on [Regression Testing](#regression-testing)
+if you are interested in RMC development. At present, we obtain metrics based
+on the [RMC dashboard](./dashboard.md).
+
+# Regression testing
+
+RMC relies on a quite extensive range of tests to perform regression testing.
+Regression testing can be executed by running the command:
+
+```
+./scripts/rmc-regression.sh
+```
+
+The `rmc-regression.sh` script executes different testing commands, which we classify into:
+ * [RMC testing suites](#rmc-testing-suites)
+ * [Rust unit tests](#rust-unit-tests)
+ * [Script-based tests](#script-based-tests)
+
+See below for a description of each one.
+
+Note that regression testing is run whenever a Pull Request is opened, updated or merged
+into the main branch. Therefore, it is a good idea to run regression testing locally before
+submitting a Pull Request for RMC.
+
+## RMC testing suites
+
+The RMC testing suites are the main testing resource for RMC. In most cases, the
+tests contained in the RMC testing suites are single Rust files that are run
+using the following command:
+
+```
+rmc file.rs <options>
+```
+
+Command-line options `<options>` can be passed to the test by adding a special
+comment to the file.
+Read more about it in the [Testingoptions](#testing-options) section.
+
+In particular, the RMC testing suites are composed of:
+ * `rmc`: The main testing suite for RMC. The test is a single Rust file that is
+          run through RMC. In general, the test passes if verification with RMC
+          is successful, otherwise it fails.
+ * `firecracker`: Works like `rmc` but contains tests inspired by
+   [Firecracker](https://github.com/firecracker-microvm/firecracker) code.
+ * `prusti`: Works like `rmc` but contains tests from the
+   [Prusti](https://github.com/viperproject/prusti-dev) tool.
+ * `smack`: Works like `rmc` but contains tests from the
+   [SMACK](https://github.com/smackers/smack) tool.
+ * `expected`: Similar to `rmc` but with an additional check which ensures that
+               lines appearing in `*.expected` files appear in the output
+               generated by `rmc`.
+ * `cargo-rmc`: This suite is designed to test the `cargo-rmc` command. As such,
+                this suite works with packages instead of single Rust files.
+                Flags can be specified in the `Cargo.toml` configuration file.
+                Similar to the `expected` suite, we look for `*.expected` files
+                for each function under test.
+
+We have extended
+[`compiletest`](https://rustc-dev-guide.rust-lang.org/tests/intro.html) (the
+Rust compiler testing framework) to work with these suites. That way, we take
+advantage of all `compiletest` features (e.g., parallel execution).
+
+### Testing stages
+
+The process of running single-file tests is split into three stages:
+ * `check`: This stage uses the Rust front-end to detect if the example is valid
+   Rust code.
+ * `codegen`: This stage uses the RMC back-end to determine if we can generate
+   GotoC code.
+ * `verify`: This stage uses CBMC to obtain a verification result.
+
+If a test fails, the error message will include the stage where it failed:
+
+```
+error: test failed: expected check success, got failure
+```
+
+When working on a test that is expected to fail, there are two options to
+indicate an expected failure. The first one is to add a comment
+
+```rust
+// rmc-<stage>-fail
+```
+at the top of the test file, where `<stage>` is the stage where the test is
+expected to fail.
+
+The other option is to use the predicate `rmc::expect_fail(cond, message)`
+included in the RMC library. The `cond` in `rmc::expect_fail` is a condition
+that you expect not to hold during verification. The testing framework expects
+one `EXPECTED FAIL` message in the verification output for each use of the
+predicate.
+
+> **Warning:** Note that `rmc::expect_fail` is only useful to indicate
+> failure in the `verify` stage, errors in other stages will be considered
+> testing failures.
+
+### Testing options
+
+Many tests will require passing command-line options to RMC. These options can
+be specified in single Rust files by adding a comment at the top of the file:
+```
+// rmc-flags: <options>
+```
+
+For example, to increase the unwinding value to 4 in a test, we can write:
+
+```
+// rmc-flags: --cbmc-args --unwind 4
+```
+
+Alternatively, CBMC flags can also be passed using `cbmc-flags`:
+
+```
+// cbmc-flags: --unwind 4
+```
+
+> **Warning:** `cbmc-flags` is likely to be deprecated in the near future. We
+> recommend using `rmc-flags` with `--cbmc-args` for now.
+
+For `cargo-rmc` tests, the preferred way to pass command-line options is adding
+them to `Cargo.toml` below the `[rmc.flags]` marker.
+
+## Rust unit tests
+
+These tests follow the
+[Rust unit testing](https://doc.rust-lang.org/rust-by-example/testing/unit_testing.html)
+style.
+
+At present, RMC only uses unit tests in the
+[cbmc crate](https://github.com/model-checking/rmc/tree/main/compiler/cbmc)
+to test the
+[identity symbol table transformer](https://github.com/model-checking/rmc/blob/main/compiler/cbmc/src/goto_program/symtab_transformer/identity_transformer.rs).
+
+## Script-based tests
+
+These are tests which are run using scripts. Scripting gives us the ability to
+perform ad-hoc checks that cannot be done otherwise. They are currently used
+for:
+ * Standard library codegen
+ * Firecracker virtio codegen
+ * Diamond dependency
+ * Type mismatch
+
+In fact, most of them are equivalent to running `cargo rmc` and performing
+checks on the output. The downside to scripting is that these tests will always
+be run, even if there have not been any changes since the last time the
+regression was run.
+
+> **Warning:** `cargo rmc` is under heavy development at the moment. Because of
+> that, this section may become outdated soon.