An experimental approach to analyzing software semantics using error flow information

White box software analysis techniques, like control flow analysis and data flow analysis, have been used for many years to support software testing, verifkation, complexity measures, and maintenance efforts. While these techniques are Usem their syntactic orientation leaves them inadequate for analyzing important semantic properties of a program, especially those related to the behavior of a faulty program. The fault/failure model provides a function~ data state-oriented view of program semantics that describes the relationship between a syntactic fault in the program’s code and the observation of incorrect output (failure). The model identiles 3 necessary and sufficient conditions for a fault to cause a failure : 1) the fault must be executed, 2) the execution of the fault must infect the subsequent data state, and 3) the infection in the data state must propagate to produce incorrect output. Sometimes a faulty program will produce correct output, a phenomenon called coincidental correctness. T~IS can be described by a “fault/success model” which is the logical complement of the fault/failure model : A faulty program will produce correct output iff for each fault, 1) the fault is not executed, or 2) the execution of the fault does not produce an infected data state (called resistance), or 3) the infection is cancelled by a subsequent computation and does not propagate to output. We have developed a semantic-oriented technique called error j70w analysis (EFA) that is based on this fault/failure/success model. Error flow analysis probes the semantic behavior of a program by comparing the corresponding data state sequences (h-aces) produced by the program and a syntactically close (mutant) version. Because the program and its mutant have similar structure, each data state in the program’s trace is paired with a (not necessarily unique) state in the mutant’s trace. For a pair of corresponding data states in the two