Support of Advanced Test cOverage Criteria for RObust and Secure Software
The project started with a review of code coverage criteria from the perspective of the needs of industry, in terms of bug detection, certifiability and acceptability for industrial users of tests generated automatically to satisfy the criteria. The results highlighted two aspects that have not received much attention in the literature: boundary coverage and output-guided criteria. Indeed, boundary coverage is often applied in practice and even demanded by industrial norms but rarely precisely defined, even though criteria must be formally defined in order to be handled by automatic tools. We proposed a new output-guided criterion in which tests are paired according to coverage or non-coverage of a given label, with the observable outputs of the two tests being different. We decided to study the formalization of these criteria using Frama-C Ltest hyper-labels, based on our preliminary investigation of the expression and treatment of dataflow criteria, which require similar treatment to output-guided criteria, and then adding the concepts of boundary testing and output visibility in order to extend Ltest to efficiently treat the SATOCROSS criteria.
Another result of the review of industrial needs was the problem of infeasible test objectives. Indeed, a criterion may demand coverage of a test objective that is in fact unreachable and so cannot be covered. It is difficult and time-consuming for testers to manually identify such objectives and so this is an important function of automatic tools. Infeasible objectives are one case of the more general problem of polluting test objectives which hamper efficient test generation and test assessment and are prevalent in MC/DC, boundary testing, dataflow coverage criteria and also mutation testing. The problem of polluting test objectives was extensively addressed by the project in several ways:
Finally, we also addressed the industrial need for integration of coverage-based testing into a Continuous Development process. We proposed solutions for test generation based on symbolic execution to two alternative formulations of this problem, both of which seemed to us to be relevant to industrial users: