Download Data Flow Testing- Dependable Software Systems | CS 576 and more Exams Computer Science in PDF only on Docsity!
Dependable Software Systems
Topics in
Data-Flow Testing
Material drawn from [Beizer] Courtesy Spiros Mancoridis
Data-Flow Testing
- Data-flow testing uses the control flowgraph to explore the unreasonable things that can happen to data ( i.e., anomalies).
- Consideration of data-flow anomalies leads to test path selection strategies that fill the gaps between complete path testing and branch or statement testing.
Data Object Categories
- (d) Defined, Created, Initialized
- (k) Killed, Undefined, Released
- (u) Used:
- (c) Used in a calculation
- (p) Used in a predicate
(d) Defined Objects
- An object ( e.g., variable) is defined when it:
- appears in a data declaration
- is assigned a new value
- is a file that has been opened
- is dynamically allocated
- ...
(u) Used Objects
- An object is used when it is part of a computation or a predicate.
- A variable is used for a computation (c) when it appears on the RHS (sometimes even the LHS in case of array indices) of an assignment statement.
- A variable is used in a predicate (p) when it appears directly in that predicate.
Data-Flow Anomalies
- A data-flow anomaly is denoted by a two character sequence of actions. E.g., - ku : Means that an object is killed and then used. - dd : Means that an object is defined twice without an intervening usage.
Two Letter Combinations for
d k u
- dd : Probably harmless, but suspicious.
- dk : Probably a bug.
- du : Normal situation.
- kd : Normal situation.
- kk : Harmless, but probably a bug.
- ku : Definitely a bug.
- ud : Normal situation (reassignment).
- uk : Normal situation.
- uu : Normal situation.
Single Letter Situations
- A leading dash means that nothing of interest ( d , k , u ) occurs prior to the action noted along the entry-exit path of interest.
- A trailing dash means that nothing of interest happens after the point of action until the exit.
Data-Flow Anomaly State Graph
U K D A k,u,d u u d k d d,k u,k state of variable action anomalous state
Data-Flow Anomaly State Graph
with Variable Redemption
D U K DD DK KU u u k u d d d d d d k k k u k k u u
Static vs Dynamic
Anomaly Detection (Cont’d)
- Dynamic Analysis is analysis done as a program is executing and is based on intermediate values that result from the program’s execution.
- E.g., A division by 0 error is caught by dynamic analysis.
- If a data-flow anomaly can be detected by static analysis then the anomaly does not concern testing. (Should be handled by the compiler.)
Anomaly Detection Using
Compilers
- Compilers are able to detect several data- flow anomalies using static analysis.
- E.g., By forcing declaration before use, a compiler can detect anomalies such as: - -u - ku
- Optimizing compilers are able to detect some dead variables.
Static Analysis Deficiencies
- Current static analysis methods are inadequate for: - Dead Variables: Detecting unreachable variables is unsolvable in the general case. - Arrays: Dynamically allocated arrays contain garbage unless they are initialized explicitly. ( -u anomalies are possible)
Static Analysis Deficiencies
(Cont’d)
- Pointers: Impossible to verify pointer values at compile time.
- False Anomalies: Even an obvious bug ( e.g., ku ) may not be a bug if the path along which the anomaly exists is unachievable. (Determining whether a path is or is not achievable is unsolvable.)