Towards Efficient Data-flow Test Data Generation
share
Data-flow testing (DFT) checks the correctness of variable definitions by observing their corresponding uses. It has been empirically proved to be more effective than control-flow testing in fault detection, however, its complexities still overwhelm the testers in practice. To tackle this problem, we introduce a hybrid testing framework: (1) The core of our framework is symbolic execution, enhanced by a novel guided path search to improve testing performance; and (2) we systematically cast DFT as reachability checking in software model checking to complement SE, yielding practical DFT that combines the two techniques' strengths. We implemented our framework on the state-of-the-art symbolic execution tool KLEE and model checking tools BLAST, CPAchecker and CBMC, and extensively evaluate it on 30 real-world subjects with collectively 22,793 def-use pairs. The enhanced SE approach not only covers more pairs, but also reduces testing time by 10∼43 approach can effectively weed out infeasible pairs that KLEE cannot infer by 70.1∼95.8 data-flow coverage by 28.7∼46.3 than the symbolic execution approach alone. This hybrid approach also enables the cross-checking of each component for reliable and robust testing results.
READ FULL TEXT