Multiple Mutation Testing from Finite State Machines with Symbolic Inputs

Timo, Omer Nguena; Petrenko, Alexandre; Ramesh, S.

doi:10.1007/978-3-319-67549-7_7

Cited by 4 publications

(3 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We propose an abstraction of timed states of TFSM-TG and we use it to build the distinguishing automaton. This paper extends the approach proposed in [21,17] in a timed context. This is the main contribution of our paper.…”

Section: Introductionmentioning

confidence: 76%

Multiple Mutation Testing for Timed Finite State Machine with Timed Guards and Timeouts

Timo

Prestat

Rollet

2019

Testing Software and Systems

Self Cite

View full text Add to dashboard Cite

The problem of generating tests detecting all logical and timing faults which can occur in real-time systems is challenging; this is because the number of (timing) faults is potentially too big or innite. As a result, it might be time consuming to generate an important number of adequate tests. The traditional model based testing approach considers a fault domain as the universe of all machines with a given number of states and input-output alphabet while mutation based approaches dene a list of mutants to kill with a test suite. In this paper, we combine the two approaches by developing a mutation testing technique for realtime systems represented with deterministic timed nite state machines with timed guards and timeouts(TFSM-TG). In this approach, fault domains consisting of fault-seeded versions of the specication (mutants) are represented with non-deterministic TFSM-TG. The test generation avoids the one-by-one enumeration of the mutants and is based on constraint solving. We present the results of an empirical proof-of-concept implementation of the proposed approach.

show abstract

Section: Introductionmentioning

confidence: 76%

Multiple Mutation Testing for Timed Finite State Machine with Timed Guards and Timeouts

Timo

Prestat

Rollet

2019

Testing Software and Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…We take advantage of the fact that mutants, which are results of simple syntactic alterations, share a large portion of their code with the original program. This is recommended by other studies [22] in the context of specification-based testing, creating mutants from specifications or system models. Though, here we aim at source code, which involves a lower level representation and execution.…”

Section: Conservative Pruning Of the Search Spacementioning

confidence: 99%

Killing Stubborn Mutants with Symbolic Execution

Chekam

Papadakis

Cordy

et al. 2021

ACM Trans. Softw. Eng. Methodol.

View full text Add to dashboard Cite

We introduce SEMu , a Dynamic Symbolic Execution technique that generates test inputs capable of killing stubborn mutants (killable mutants that remain undetected after a reasonable amount of testing). SEMu aims at mutant propagation (triggering erroneous states to the program output) by incrementally searching for divergent program behaviors between the original and the mutant versions. We model the mutant killing problem as a symbolic execution search within a specific area in the programs’ symbolic tree. In this framework, the search area is defined and controlled by parameters that allow scalable and cost-effective mutant killing. We integrate SEMu in KLEE and experimented with Coreutils (a benchmark frequently used in symbolic execution studies). Our results show that our modeling plays an important role in mutant killing. Perhaps more importantly, our results also show that, within a two-hour time limit, SEMu kills 37% of the stubborn mutants, where KLEE kills none and where the mutant infection strategy (strategy suggested by previous research) kills 17%.

show abstract

“…The set Mut(M) of all mutants in mutation machine M is called a fault domain for S. If M is deterministic and complete then Mut(M) is empty. A general fault model is the tuple S, ≃, Mut(M) following [20,17]. Let λ M (s, i) denote the set of input/output transitions defined in state s with input i and ∆ M (s) denote the set of timeout transitions defined in state s. The number of mutants in Mut(M) is given by the formula…”

Section: Definition 3 (Mutation Machine For a Specification Machine) ...mentioning

confidence: 99%

Fault Detection for Timed FSM with Timeouts by Constraint Solving

Timo,

Prestat,

Avellaneda

2018

Preprint

View full text Add to dashboard Cite

Recently, an efficient constraint solving-based approach has been developed to detect logical faults in systems specified with classical finite state machines (FSMs). The approach is unsuitable to detect violations of time constraints. In this paper, we lift the approach to generated tests detecting both logical faults and violations of time constraints in systems specified with timed FSMs with timeouts (TFSMs-T). We propose a method to verify whether a given test suite is complete, i.e., it detects all the faulty implementations in a fault-domain and a method to generate a complete test suite. We conduct experiments to evaluate the scalability of the proposed methods.

show abstract

Multiple Mutation Testing from Finite State Machines with Symbolic Inputs

Cited by 4 publications

References 22 publications

Multiple Mutation Testing for Timed Finite State Machine with Timed Guards and Timeouts

Multiple Mutation Testing for Timed Finite State Machine with Timed Guards and Timeouts

Killing Stubborn Mutants with Symbolic Execution

Fault Detection for Timed FSM with Timeouts by Constraint Solving

Contact Info

Product

Resources

About