Detecting infeasible branches based on code patterns

Infeasible branches are program branches that can never be exercised regardless of the inputs of the program. Detecting infeasible branches is important to many software engineering tasks such as test case generation and test coverage measurement. Applying full-scale symbolic evaluation to infeasible branch detection could be very costly, especially for a large software system. In this work, we propose a code pattern based method for detecting infeasible branches. We first introduce two general patterns that can characterize the source code containing infeasible branches. We then develop a tool, called Pattern-based method for Infeasible branch Detection (PIND), to detect infeasible branches based on the discovered code patterns. PIND only performs symbolic evaluation for the branches that exhibit the identified code patterns, therefore significantly reduce the number of symbolic evaluations required. We evaluate PIND from two aspects: accuracy and efficiency. The experimental results show that PIND can effectively and efficiently detect infeasible branches in real-world Java and Android programs. We also explore the application of PIND in measuring test case coverage,

[1]  Rajiv Gupta,et al.  Refining data flow information using infeasible paths , 1997, ESEC '97/FSE-5.

[2]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[3]  Bogdan Korel,et al.  Automated test data generation for programs with procedures , 1996, ISSTA '96.

[4]  Peng Li,et al.  Understanding integer overflow in C/C++ , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[5]  J. Paul Myers,et al.  The Path Prefix Software Testing Strategy , 1987, IEEE Transactions on Software Engineering.

[6]  Hee Beng Kuan Tan,et al.  Heuristics-based infeasible path detection for dynamic test data generation , 2008, Inf. Softw. Technol..

[7]  Rupak Majumdar,et al.  Joining dataflow with predicates , 2005, ESEC/FSE-13.

[8]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .

[9]  Hong Zhu,et al.  Software unit test coverage and adequacy , 1997, ACM Comput. Surv..

[10]  Rajiv Gupta,et al.  A practical framework for demand-driven interprocedural data flow analysis , 1997, TOPL.

[11]  Cheng Zhang,et al.  Soot-based implementation of a demand-driven reaching definitions analysis , 2012, SOAP '12.

[12]  David Hovemeyer,et al.  Finding bugs is easy , 2004, SIGP.

[13]  Benjamin Livshits,et al.  DynaMine: finding common error patterns by mining software revision histories , 2005, ESEC/FSE-13.

[14]  Nikolai Tillmann,et al.  Pex-White Box Test Generation for .NET , 2008, TAP.

[15]  Iulian Neamtiu,et al.  Automating GUI testing for Android applications , 2011, AST '11.

[16]  Gregg Rothermel,et al.  Interprocedural control dependence , 2001, TSEM.

[17]  Anas N. Al-Rabadi,et al.  A comparison of modified reconstructability analysis and Ashenhurst‐Curtis decomposition of Boolean functions , 2004 .

[18]  Hui Liu,et al.  Testing input validation in Web applications through automated model recovery , 2008, J. Syst. Softw..

[19]  D. Engler,et al.  Using redundancies to find errors , 2003, SOEN.

[20]  Chun Zhang,et al.  Checking enforcement of integrity constraints in database applications based on code patterns , 2011, J. Syst. Softw..

[21]  Jan Gustafsson,et al.  Automatic Derivation of Loop Bounds and Infeasible Paths for WCET Analysis Using Abstract Execution , 2006, 2006 27th IEEE International Real-Time Systems Symposium (RTSS'06).

[22]  Amitabha Sanyal,et al.  Data Flow Analysis - Theory and Practice , 2009 .