Pruning Infeasible Paths via Graph Transformations and Symbolic Execution: a Method and a Tool

Path-biased random testing is an interesting alternative to classical path-based approaches faced to the explosion of the number of paths, and to the weak structural coverage of random methods based on the input domain only. Given a graph representation of the system under test a probability distribution on paths of a certain length is computed and then used for drawing paths. A limitation of this approach, similarly to other methods based on symbolic execution and static analysis, is the existence of infeasible paths that often leads to a lot of unexploitable drawings. We present a prototype for pruning some infeasible paths, thus eliminating useless drawings. It is based on graph transformations that have been proved to preserve the actual behaviour of the program. It is driven by symbolic execution and heuristics that use detection of subsumptions and the abstract-check-refine paradigm. The approach is illustrated on some detailed examples.

[1]  Mike Papadakis,et al.  Mutation based test case generation via a path selection strategy , 2012, Inf. Softw. Technol..

[2]  Jorge A. Navas,et al.  Unbounded Symbolic Execution for Program Verification , 2011, RV.

[3]  Jorge A. Navas,et al.  TRACER: A Symbolic Execution Tool for Verification , 2012, CAV.

[4]  Sandrine-Dominique Gouraud,et al.  Utilisation des Structures Combinatoires pour le Test Statistique. (Using Combinatorial Structures for Statistical Testing) , 2004 .

[5]  Hélène Waeselynck,et al.  An investigation of statistical software testing , 1991, Softw. Test. Verification Reliab..

[6]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, SIGP.

[7]  Yves Le Traon,et al.  Sound and Quasi-Complete Detection of Infeasible Test Requirements , 2015, 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST).

[8]  Alain Denise,et al.  Coverage-biased random exploration of large models and application to testing , 2011, International Journal on Software Tools for Technology Transfer.

[9]  Burkhart Wolff,et al.  Infeasible Paths Elimination by Symbolic Execution Techniques - Proof of Correctness and Preservation of Paths , 2016, ITP.

[10]  Rajiv Gupta,et al.  Refining data flow information using infeasible paths , 1997, ESEC '97/FSE-5.

[11]  Jan Strejcek,et al.  Symbolic Memory with Pointers , 2014, ATVA.

[12]  Todd Mytkowicz,et al.  Parallelizing user-defined aggregations using symbolic execution , 2015, SOSP.

[13]  Sandrine Blazy,et al.  A Precise and Abstract Memory Model for C Using Symbolic Values , 2014, APLAS.

[14]  Simeon C. Ntafos,et al.  On Comparisons of Random, Partition, and Proportional Partition Testing , 2001, IEEE Trans. Software Eng..

[15]  Koushik Sen,et al.  Heuristics for Scalable Dynamic Test Generation , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[16]  Arnaud Gotlieb,et al.  Infeasible path generalization in dynamic symbolic execution , 2015, Inf. Softw. Technol..

[17]  Mike Papadakis,et al.  A Symbolic Execution Tool Based on the Elimination of Infeasible Paths , 2010, 2010 Fifth International Conference on Software Engineering Advances.

[18]  Bruno Marre,et al.  PathCrawler: Automatic Generation of Path Tests by Combining Static and Dynamic Analysis , 2005, EDCC.

[19]  Koushik Sen,et al.  Symbolic execution for software testing: three decades later , 2013, CACM.

[20]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[21]  Kenneth L. McMillan Lazy Annotation for Program Testing and Verification , 2010, CAV.