Automated discovery of state transitions and their functions in source code

Finite‐state machine specifications form the basis for a number of rigorous state‐based testing techniques and can help to understand program behaviour. Unfortunately they are rarely maintained during software development, which means that these benefits can rarely be fully exploited. This paper describes a technique that, given a set of states that are of interest to a developer, uses symbolic execution to reverse‐engineer state transitions from source code. A particularly novel aspect of our approach is that, besides determining whether or not a state transition can take place, it also identifies the paths through the source code that govern a transition. The technique has been implemented as a prototype, enabling its preliminary evaluation with respect to real software systems. Copyright © 2007 John Wiley & Sons, Ltd.

[1]  P. D. Coward,et al.  Symbolic execution and testing , 1990 .

[2]  Mark Harman,et al.  ConSUS: a light-weight program conditioner , 2005, J. Syst. Softw..

[3]  David Lee,et al.  Principles and methods of testing finite state machines-a survey , 1996, Proc. IEEE.

[4]  Tao Xie,et al.  Automatic Extraction of Abstract-Object-State Machines Based on Branch Coverage , 2005 .

[5]  Tsun S. Chow,et al.  Testing Software Design Modeled by Finite-State Machines , 1978, IEEE Transactions on Software Engineering.

[6]  Nikolai Tillmann,et al.  Discovering Likely Method Specifications , 2006, ICFEM.

[7]  Mark Harman,et al.  Backward conditioning: a new program specialisation technique and its application to program comprehension , 2001, Proceedings 9th International Workshop on Program Comprehension. IWPC 2001.

[8]  Olly Gotel,et al.  An analysis of the requirements traceability problem , 1994, Proceedings of IEEE International Conference on Requirements Engineering.

[9]  Yuri Gurevich,et al.  Sequential abstract-state machines capture sequential algorithms , 2000, TOCL.

[10]  Mark Harman,et al.  CONSIT: a fully automated conditioned program slicer , 2004, Softw. Pract. Exp..

[11]  Jooyong Yi,et al.  Bogor/Kiasan: A k-bounded Symbolic Execution for Checking Strong Heap Properties of Open Systems , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[12]  Sarfraz Khurshid,et al.  Test input generation with java PathFinder , 2004, ISSTA '04.

[13]  Florentin Ipate,et al.  Correct systems - building a business process solution , 1998, Applied computing.

[14]  David Notkin,et al.  Symstra: A Framework for Generating Object-Oriented Unit Tests Using Symbolic Execution , 2005, TACAS.

[15]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[16]  Mark Harman,et al.  Loop squashing transformations for amorphous slicing , 2004, 11th Working Conference on Reverse Engineering.

[17]  Florentin Ipate,et al.  Testing methods for X-machines: a review , 2006, Formal Aspects of Computing.

[18]  David Notkin,et al.  Automatic Extraction of Object-Oriented Observer Abstractions from Unit-Test Executions , 2004, ICFEM.

[19]  David Chenho Kung,et al.  Object state testing and fault analysis for reliable software systems , 1996, Proceedings of ISSRE '96: 7th International Symposium on Software Reliability Engineering.

[20]  Aniello Cimitile,et al.  Conditioned program slicing , 1998, Inf. Softw. Technol..

[21]  Corina S. Pasareanu,et al.  Verification of Java Programs Using Symbolic Execution and Invariant Generation , 2004, SPIN.

[22]  Monica S. Lam,et al.  Automatic extraction of object-oriented component interfaces , 2002, ISSTA '02.

[23]  Matthew B. Dwyer,et al.  Evaluating the Effectiveness of Slicing for Model Reduction of Concurrent Object-Oriented Programs , 2006, TACAS.

[24]  Jerome A. Feldman,et al.  On the Synthesis of Finite-State Machines from Samples of Their Behavior , 1972, IEEE Transactions on Computers.

[25]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[26]  Michael E. Fagan Design and Code Inspections to Reduce Errors in Program Development , 1976, IBM Syst. J..

[27]  Laurie Hendren,et al.  Soot: a Java bytecode optimization framework , 2010, CASCON.

[28]  Alexander Pretschner,et al.  Abstractions for Model-Based Testing , 2005, Electron. Notes Theor. Comput. Sci..

[29]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[30]  Egon Börger Abstract state machines and high-level system design and analysis , 2005, Theor. Comput. Sci..

[31]  Leonardo Mariani,et al.  Inferring state-based behavior models , 2006, WODA '06.

[32]  Herbert Kuchen,et al.  Constraint Solving for Generating Glass-Box Test Cases , 2004 .

[33]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[34]  Sarfraz Khurshid,et al.  Generalized Symbolic Execution for Model Checking and Testing , 2003, TACAS.

[35]  A. S. Krishnakumar,et al.  Reachability and Recurrence in Extended Finite State Machines: Modular Vector Addition Systems , 1993, CAV.

[36]  Nikolai Tillmann,et al.  XRT- Exploring Runtime for .NET Architecture and Applications , 2006, Electron. Notes Theor. Comput. Sci..

[37]  Amer Diwan,et al.  Discovering Algebraic Specifications from Java Classes , 2003, ECOOP.