white-box testing techniques iii · path conditions •with a little luck, at least some white-box...

White-Box Testing Techniques III

Prepared by

Stephen M. Thebaut, Ph.D.

University of Florida

Software Testing and Verification

Lecture 9

White-Box Testing Topics

• Logic coverage (lecture I)

• Dataflow coverage (lecture II)

• Path conditions and symbolic evaluation (lecture III)

• Other white-box testing strategies (e.g., “fault-based testing”) (lecture IV)

Path Conditions

• With a little luck, at least some white-box coverage goals will have been met by executing test cases designed using black-box strategies. (How would you know if this were the case or not?)

• Designing additional test cases for this purpose involves identifying inputs that will cause given program paths to be executed. This can be difficult...

Path Conditions

• With a little luck, at least some white-box coverage goals will have been met by executing test cases designed using black-box strategies. (How would you know if this were the case or not?)

• Designing additional test cases for this purpose involves identifying inputs that will cause given program paths to be executed. This can be difficult...

Path Conditions (cont’d)

• To cause a path to be executed requires that the test case satisfy the path condition.

• For a given path, the PATH CONDITION is the conjunction of branch predicates that are required to hold for all the branches along the path to be taken.

Path Conditions (cont’d)

• To cause a path to be executed requires that the test case satisfy the path condition.

• For a given path, the PATH CONDITION is the conjunction of branch predicates that are required to hold for all the branches along the path to be taken.

Consider an example…

(1) input(A,B)

if (A>0) then(2) Z := A

else(3) Z := 0

end_if_elseif (B>0) then

(4) Z := Z+B

end_if(5) output(Z)

What is the path condition for path <1,2,5>?

(A>0) Л (B0)

A>0

F

23

1

4

5

B>0

T

F

T

Consider ANOTHER example…

(1) input(A,B)

if (A>B) then(2) B := B*B

end_ifif (B<0) then

(3) Z := A

else(4) Z := B

end_if_else(5) output(Z)

What is the path condition for path <1,2,3,5>?

(A>B) Л (B<0)

A>B

F2

4

1

3

5

T

F TB<0

Consider ANOTHER example…

(1) input(A,B)

if (A>B) then(2) B := B*B

end_ifif (B<0) then

(3) Z := A

else(4) Z := B

end_if_else(5) output(Z)

What is the path condition for path <1,2,3,5>?

(A>B) Л (B<0) (B2<0)

A>B

F2

4

1

3

5

T

F TB<0

Consider ANOTHER example…

(1) input(A,B)

if (A>B) then(2) B := B*B

end_ifif (B<0) then

(3) Z := A

else(4) Z := B

end_if_else(5) output(Z)

What is the path condition for path <1,2,3,5>?

(A>B) Л (B<0) (B2<0) = FALSE

A>B

F2

4

1

3

5

T

F TB<0

Conclusions

• To be useful, path conditions should be expressed in terms that reflect relevant state changes along the path.

• A path is INFEASIBLE if its path condition reduces to FALSE.

• Question: if a path is infeasible, does this imply the presence of “dead code”?

Answer:

Conclusions

• To be useful, path conditions should be expressed in terms that reflect relevant state changes along the path.

• A path is INFEASIBLE if its path condition reduces to FALSE.

• Question: if a path is infeasible, does this imply the presence of “dead code”?

Answer:

Conclusions

• To be useful, path conditions should be expressed in terms that reflect relevant state changes along the path.

• A path is INFEASIBLE if its path condition reduces to FALSE.

• Question: if a path is infeasible, does this imply the presence of “dead code”?

Answer:

Conclusions

• To be useful, path conditions should be expressed in terms that reflect relevant state changes along the path.

• A path is INFEASIBLE if its path condition reduces to FALSE.

• Question: if a path is infeasible, does this imply the presence of “dead code”?

Answer: No; code along an infeasible path may be reachable via some other path.

Symbolic Evaluation

• Symbolic evaluation provides a technique for systematically tracking state changesfor the purpose of expressing path conditions in useful terms.

Notation

• Variable A will have a succession of symbolic values, A0, A1, A2, ..., as a path is traversed.

– Subscripts refer to the number of the previous program statement (or block of statements) executed, so some numbers may be skipped.

– With loops, statements may be executed more than once, so double subscripts will be used when necessary.

Notation

• Variable A will have a succession of symbolic values, A0, A1, A2, ..., as a path is traversed.

– Subscripts refer to the number of the previous program statement (or block of statements) executed, so some numbers may be skipped.

– With loops, statements may be executed more than once, so double subscripts will be used when necessary.

Notation

• Variable A will have a succession of symbolic values, A0, A1, A2, ..., as a path is traversed.

– Subscripts refer to the number of the previous program statement (or block of statements) executed, so some numbers may be skipped.

– With loops, statements may be executed more than once, so double subscripts will be used when necessary.

Notation (cont’d)

• At each statement, the same notation is used to represent program variables regardless of path, but the symbolic values will usually be different. For example:

– The notation used for the symbolic value of variable X immediately after executing statement 5 is always denoted “X5”; how-

ever, the symbolic value itself depends on which execution path is taken to statement 5.

Notation (cont’d)

• At each statement, the same notation is used to represent program variables regardless of path, but the symbolic values will usually be different. For example:

– The notation used for the symbolic value of variable X immediately after executing statement 5 is always denoted “X5”; how-

ever, the symbolic value itself depends on which execution path is taken to statement 5.

Example 1

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

Example 1 (cont’d)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH T,T

T

T

Example 1

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH T,T

(1) X1 = X02

Y1 = Y02

T

T

Example 1

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH T,T

(1) X1 = X02

Y1 = Y02

(3) X3 = X1 + 1 = X02

+ 1

Y3 = Y1 + 1 = Y02

+ 1

T

T

Example 1

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH T,T

(1) X1 = X02

Y1 = Y02

(3) X3 = X1 + 1 = X02

+ 1

Y3 = Y1 + 1 = Y02

+ 1

T

T

Example 1 (cont’d)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH T,F

F

T

Example 1 (cont’d)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH T,F

(1) X1 = X02

Y1 = Y02

T

F

Example 1 (cont’d)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH T,F

(1) X1 = X02

Y1 = Y02

(4) X4 = X1 - 1 = X02

- 1

Y4 = Y1 - 1 = Y02

- 1

T

F

Example 1 (cont’d)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH T,F

(1) X1 = X02

Y1 = Y02

(4) X4 = X1 - 1 = X02

- 1

Y4 = Y1 - 1 = Y02

- 1

T

F

Example 1 (cont’d)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH F,T

F

T

Example 1 (cont’d)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH F,T

(2) X2 = X0 + 1

Y2 = Y0 + 1

F

T

Example 1 (cont’d)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH F,T

(2) X2 = X0 + 1

Y2 = Y0 + 1

(3) X3 = X2 + 1 = X0 + 2

Y3 = Y2 + 1 = Y0 + 2

F

T

Example 1 (cont’d)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH F,T

(2) X2 = X0 + 1

Y2 = Y0 + 1

(3) X3 = X2 + 1 = X0 + 2

Y3 = Y2 + 1 = Y0 + 2

F

T

Example 1 (cont’d)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH F,F

F

F

Example 1 (cont’d)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH F,F

(2) X2 = X0 + 1

Y2 = Y0 + 1

F

F

Example 1 (cont’d)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH F,F

(2) X2 = X0 + 1

Y2 = Y0 + 1

(4) X4 = X2 - 1 = X0

Y4 = Y2 - 1 = Y0

F

F

Example 1 (cont’d)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

There are 4 paths.

PATH F,F

(2) X2 = X0 + 1

Y2 = Y0 + 1

(4) X4 = X2 - 1 = X0

Y4 = Y2 - 1 = Y0

F

F

Path Conditions Revisited

• Having symbolically evaluated the program variables along a path, we can now symbolically represent the branch predicates that are required to hold in order for the path to be traversed.

• The symbolic variable values used in each branch predicate are the values which the variables have when the branch predicate is encountered.

Path Conditions Revisited

• Having symbolically evaluated the program variables along a path, we can now symbolically represent the branch predicates that are required to hold in order for the path to be traversed.

• The symbolic variable values used in each branch predicate are the values which the variables have when the branch predicate is encountered.

Path Conditions Revisited

• To simplify the task of identifying inputs that will cause the path to be executed, path conditions should be expressed in terms of the initial symbolic values of variables.

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH T,T

T

T

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH T,T

Variable values:

X1 = X02

Y1 = Y02

X3 = X02

+ 1 Y3 = Y02

+ 1T

T

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH T,T

Variable values:

X1 = X02

Y1 = Y02

X3 = X02

+ 1 Y3 = Y02

+ 1

Path Condition:

= ((X0 0) or (Y0 0)) and

((X1 < 1) or (Y1 < 1))

= ((X0 0) or (Y0 0)) and

((X02

< 1) or (Y02

< 1))

= ((X0 0) or (Y0 0) ) and

((-1 < X0 < 1) or (-1 < Y0 < 1))

T

T

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH T,T

Variable values:

X1 = X02

Y1 = Y02

X3 = X02

+ 1 Y3 = Y02

+ 1

Path Condition:

= ((X0 0) or (Y0 0)) and

((X1 < 1) or (Y1 < 1))

= ((X0 0) or (Y0 0)) and

((X02

< 1) or (Y02

< 1))

= ((X0 0) or (Y0 0) ) and

((-1 < X0 < 1) or (-1 < Y0 < 1))

T

T

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH T,T

Variable values:

X1 = X02

Y1 = Y02

X3 = X02

+ 1 Y3 = Y02

+ 1

Path Condition:

= ((X0 0) or (Y0 0)) and

((X1 < 1) or (Y1 < 1))

= ((X0 0) or (Y0 0)) and

((X02

< 1) or (Y02

< 1))

= ((X0 0) or (Y0 0) ) and

((-1 < X0 < 1) or (-1 < Y0 < 1))

T

T

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH T,F

T

F

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH T,F

Variable values:

X1 = X02

Y1 = Y02

X4 = X02

- 1 Y4 = Y02

- 1

T

F

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH T,F

Variable values:

X1 = X02

Y1 = Y02

X4 = X02

- 1 Y4 = Y02

- 1

Path Condition:

= ((X0 0) or (Y0 0)) and

((X1 ≥ 1) and (Y1 ≥ 1))

= ((X0 0) or (Y0 0)) and

((X02

≥ 1) and (Y02

≥ 1))

= ((X0 0) or (Y0 0)) and

((X0 -1) or (X0 ≥ 1)) and

((Y0 -1) or (Y0 ≥ 1))

T

F

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH T,F

Variable values:

X1 = X02

Y1 = Y02

X4 = X02

- 1 Y4 = Y02

- 1

Path Condition:

= ((X0 0) or (Y0 0)) and

((X1 ≥ 1) and (Y1 ≥ 1))

= ((X0 0) or (Y0 0)) and

((X02

≥ 1) and (Y02

≥ 1))

= ((X0 0) or (Y0 0)) and

((X0 -1) or (X0 ≥ 1)) and

((Y0 -1) or (Y0 ≥ 1))

T

F

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH T,F

Variable values:

X1 = X02

Y1 = Y02

X4 = X02

- 1 Y4 = Y02

- 1

Path Condition:

= ((X0 0) or (Y0 0)) and

((X1 ≥ 1) and (Y1 ≥ 1))

= ((X0 0) or (Y0 0)) and

((X02

≥ 1) and (Y02

≥ 1))

= ((X0 0) or (Y0 0)) and

((X0 -1) or (X0 ≥ 1)) and

((Y0 -1) or (Y0 ≥ 1))

T

F

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH F,T

F

T

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH F,T

Variable values:

X2 = X0 + 1 Y2 = Y0 + 1

X3 = X0 + 2 Y3 = Y0 + 2

F

T

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH F,T

Variable values:

X2 = X0 + 1 Y2 = Y0 + 1

X3 = X0 + 2 Y3 = Y0 + 2

Path Condition:

= ((X0 >0) and (Y0 >0)) and

((X2 < 1) or (Y2 < 1))

= ((X0 >0) and (Y0 >0)) and

((X0 + 1 < 1) or (Y0 + 1 < 1))

= ((X0 >0) and (Y0 >0)) and

((X0 < 0) or (Y0 < 0))

= FALSE

F

T

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH F,T

Variable values:

X2 = X0 + 1 Y2 = Y0 + 1

X3 = X0 + 2 Y3 = Y0 + 2

Path Condition:

= ((X0 >0) and (Y0 >0)) and

((X2 < 1) or (Y2 < 1))

= ((X0 >0) and (Y0 >0)) and

((X0 + 1 < 1) or (Y0 + 1 < 1))

= ((X0 >0) and (Y0 >0)) and

((X0 < 0) or (Y0 < 0))

= FALSE

F

T

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH F,T

Variable values:

X2 = X0 + 1 Y2 = Y0 + 1

X3 = X0 + 2 Y3 = Y0 + 2

Path Condition:

= ((X0 >0) and (Y0 >0)) and

((X2 < 1) or (Y2 < 1))

= ((X0 >0) and (Y0 >0)) and

((X0 + 1 < 1) or (Y0 + 1 < 1))

= ((X0 >0) and (Y0 >0)) and

((X0 < 0) or (Y0 < 0))

= FALSE

F

T

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH F,T

Variable values:

X2 = X0 + 1 Y2 = Y0 + 1

X3 = X0 + 2 Y3 = Y0 + 2

Path Condition:

= ((X0 >0) and (Y0 >0)) and

((X2 < 1) or (Y2 < 1))

= ((X0 >0) and (Y0 >0)) and

((X0 + 1 < 1) or (Y0 + 1 < 1))

= ((X0 >0) and (Y0 >0)) and

((X0 < 0) or (Y0 < 0))

= FALSE

F

T

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH F,F

F

F

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH F,F

Variable values:

X2 = X0 + 1 Y2 = Y0 + 1

X4 = X0 Y4 = Y0

F

F

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH F,F

Variable values:

X2 = X0 + 1 Y2 = Y0 + 1

X4 = X0 Y4 = Y0

Path Condition:

= ((X0 >0) and (Y0 >0)) and

((X2 ≥ 1) and (Y2 ≥ 1))

= ((X0 >0) and (Y0 >0)) and

((X0+1 ≥ 1) and (Y0+1 ≥1))

= ((X0 >0) and (Y0 >0)) and

((X0 ≥ 0) and (Y0 ≥ 0))

= (X0 >0) and (Y0 >0)

F

F

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH F,F

Variable values:

X2 = X0 + 1 Y2 = Y0 + 1

X4 = X0 Y4 = Y0

Path Condition:

= ((X0 >0) and (Y0 >0)) and

((X2 ≥ 1) and (Y2 ≥ 1))

= ((X0 >0) and (Y0 >0)) and

((X0+1 ≥ 1) and (Y0+1 ≥1))

= ((X0 >0) and (Y0 >0)) and

((X0 ≥ 0) and (Y0 ≥ 0))

= (X0 >0) and (Y0 >0)

F

F

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH F,F

Variable values:

X2 = X0 + 1 Y2 = Y0 + 1

X4 = X0 Y4 = Y0

Path Condition:

= ((X0 >0) and (Y0 >0)) and

((X2 ≥ 1) and (Y2 ≥ 1))

= ((X0 >0) and (Y0 >0)) and

((X0+1 ≥ 1) and (Y0+1 ≥1))

= ((X0 >0) and (Y0 >0)) and

((X0 ≥ 0) and (Y0 ≥ 0))

= (X0 >0) and (Y0 >0)

F

F

Example 1 (revisited)

if (X<=0) or (Y<=0) then(1) X := X**2

Y := Y**2else

(2) X := X+1Y := Y+1

end_if_elseif (X<1) or (Y<1) then

(3) X := X+1Y := Y+1

else(4) X := X-1

Y := Y-1end_if_else

PATH F,F

Variable values:

X2 = X0 + 1 Y2 = Y0 + 1

X4 = X0 Y4 = Y0

Path Condition:

= ((X0 >0) and (Y0 >0)) and

((X2 ≥ 1) and (Y2 ≥ 1))

= ((X0 >0) and (Y0 >0)) and

((X0+1 ≥ 1) and (Y0+1 ≥1))

= ((X0 >0) and (Y0 >0)) and

((X0 ≥ 0) and (Y0 ≥ 0))

= (X0 >0) and (Y0 >0)

F

F

Summary of Path Conditions

TT: ((X0 0) or (Y0 0) ) and ((-1 < X0 < 1) or (-1 < Y0 < 1))

TF: ((X0 0) or (Y0 0)) and ((X0 -1) or (X0 ≥ 1)) and((Y0 -1) or (Y0 ≥ 1))

FT: FALSE

FF: (X0 >0) and (Y0 >0)

The path domains in the (X0 ,Y0 ) plane may

also be depicted graphically...

Graph of Path Domains

TFFF

Y0 = 1

Y0 = -1

X0 = 1X0 = -1

TT X0

Y0

Incremental Generation of Path

Conditions

• Path conditions can also be generated incrementally, by considering the branches taken in a piecemeal fashion.

Example 2

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

..

.

PARTIAL PATH T

T

Example 2

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

..

.

PARTIAL PATH T

Variable values:

A0, B0

T

Example 2

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

..

.

PARTIAL PATH T

Variable values:

A0, B0

Partial path condition:

(B0 > A0+1)

T

Example 2

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

..

.

PARTIAL PATH F

F

Example 2

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

..

.

PARTIAL PATH F

Variable values:

A0, B0

F

Example 2

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

..

.

PARTIAL PATH F

Variable values:

A0, B0

Partial path condition:

(B0 A0+1)

F

Partial Path Domains

B0 = A0 + 1

T

F

A0

B0

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TT

T

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TT

Variable values:

A1 = A0 +1

B1 = B0

T

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TT

Variable values:

A1 = A0 +1

B1 = B0

Partial path condition:

(B0 > A0+1) and

(B1 > -A1+2)

= (B0 > A0+1) and

(B0 > -A0+1)

T

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TT

Variable values:

A1 = A0 +1

B1 = B0

Partial path condition:

(B0 > A0+1) and

(B1 > -A1+2)

= (B0 > A0+1) and

(B0 > -A0+1)

T

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TT

Variable values:

A1 = A0 +1

B1 = B0

Partial path condition:

(B0 > A0+1) and

(B1 > -A1+2)

= (B0 > A0+1) and

(B0 > -A0+1)

T

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TF

T

F

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TF

Variable values:

A1 = A0 +1

B1 = B0

T

F

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TF

Variable values:

A1 = A0 +1

B1 = B0

Partial path condition:

(B0 > A0+1) and

(B1 -A1+2)

= (B0 > A0+1) and

(B0 -A0+1)

T

F

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TF

Variable values:

A1 = A0 +1

B1 = B0

Partial path condition:

(B0 > A0+1) and

(B1 -A1+2)

= (B0 > A0+1) and

(B0 -A0+1)

T

F

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TF

Variable values:

A1 = A0 +1

B1 = B0

Partial path condition:

(B0 > A0+1) and

(B1 -A1+2)

= (B0 > A0+1) and

(B0 -A0+1)

T

F

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH FT

F

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH FT

Variable values:

A2 = A0

B2 = B0-1

F

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH FT

Variable values:

A2 = A0

B2 = B0-1

Partial path condition:

(B0 A0+1) and

(B2 > -A2+2)

= (B0 A0+1) and

(B0 > -A0+3)

F

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH FT

Variable values:

A2 = A0

B2 = B0-1

Partial path condition:

(B0 A0+1) and

(B2 > -A2+2)

= (B0 A0+1) and

(B0 > -A0+3)

F

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH FT

Variable values:

A2 = A0

B2 = B0-1

Partial path condition:

(B0 A0+1) and

(B2 > -A2+2)

= (B0 A0+1) and

(B0 > -A0+3)

F

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH FF

F

F

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH FF

Variable values:

A2 = A0

B2 = B0-1

F

F

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH FF

Variable values:

A2 = A0

B2 = B0-1

Partial path condition:

(B0 A0+1) and

(B2 -A2+2)

= (B0 A0+1) and

(B0 -A0+3)

F

F

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH FF

Variable values:

A2 = A0

B2 = B0-1

Partial path condition:

(B0 A0+1) and

(B2 -A2+2)

= (B0 A0+1) and

(B0 -A0+3)

F

F

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH FF

Variable values:

A2 = A0

B2 = B0-1

Partial path condition:

(B0 A0+1) and

(B2 -A2+2)

= (B0 A0+1) and

(B0 -A0+3)

F

F

Partial Path Domains (cont’d)

B0 = A0 + 1

A0

B0

B0 = -A0 + 3

B0 = -A0 + 1

FF

TF

FTTT

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TTT

T

T

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TTT

Variable values:

A1 = A0 +1

A3 = A1 + 2 = A0 + 3

T

T

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TTT

Variable values:

A1 = A0 +1

A3 = A1 + 2 = A0 + 3

B3 = B1 = B0

T

T

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TTT

Variable values:

A1 = A0 +1

A3 = A1 + 2 = A0 + 3

B3 = B1 = B0

Partial path condition:

(B0 > A0+1) and

(B0 > -A0+1) and

(B3 0) = (B0 0)

= FALSE

T

T

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TTT

Variable values:

A1 = A0 +1

A3 = A1 + 2 = A0 + 3

B3 = B1 = B0

Partial path condition:

(B0 > A0+1) and

(B0 > -A0+1) and

(B3 0) = (B0 0)

= FALSE

T

T

T

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TTT

Variable values:

A1 = A0 +1

A3 = A1 + 2 = A0 + 3

B3 = B1 = B0

Partial path condition:

(B0 > A0+1) and

(B0 > -A0+1) and

(B3 0) = (B0 0)

= FALSE

T

T

T

Partial Path Domains Revisited

B0 = A0 + 1

A0

B0

B0 = -A0 + 3

B0 = -A0 + 1

FF

TF

FTTT

Partial Path Domains Revisited

B0 = A0 + 1

A0

B0

B0 = -A0 + 3

B0 = -A0 + 1

FF

TF

FTTT

B0 0

Example 2 (cont’d)

if (B > A+1) then(1) A := A+1

else(2) B := B-1

end_if_elseif (B > -A+2) then

(3) A := A+2else

(4) B := B+1end_if_elseif (B <= 0) then

.

.

.

PARTIAL PATH TTT

Variable values:

A1 = A0 +1

A3 = A1 + 2 = A0 + 3

B3 = B1 = B0

Partial path condition:

(B0 > A0+1) and

(B0 > -A0+1) and

(B3 0) = (B0 0)

= FALSE

T

T

T

Loops

• In general, the simplification of path conditions involving loops is very difficult.

• The simplest form that is obtainable for N

iterations of a loop may involve N terms.

• “N iterations” =

– While loop body executes N-1 times

– Repeat_Until loop body executes N

times

Loops

• In general, the simplification of path conditions involving loops is very difficult.

• The simplest form that is obtainable for N

iterations of a loop may involve N terms.

• “N iterations” =

– While loop body executes N-1 times

– Repeat_Until loop body executes N

times

Loops

• In general, the simplification of path conditions involving loops is very difficult.

• The simplest form that is obtainable for N

iterations of a loop may involve N terms.

• “N iterations” =

– While loop body executes N-1 times

– Repeat_Until loop body executes N

times

Loops

• In general, the simplification of path conditions involving loops is very difficult.

• The simplest form that is obtainable for N

iterations of a loop may involve N terms.

• “N iterations” =

– While loop body executes N-1 times

– Repeat_Until loop body executes N

times

Loops

• In general, the simplification of path conditions involving loops is very difficult.

• The simplest form that is obtainable for N

iterations of a loop may involve N terms.

• “N iterations” =

– While loop body executes N-1 times

– Repeat_Until loop body executes N

times

Example 3

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Variable values: (Y does not change)

(1) X1 = X0

C1 = 0

(2,1) X2,1 = X1 – Y1 = X0 – Y0

C2,1 = C1 + 1 = 1

(2,2) X2,2 = X2,1 – Y2,1 = (X0 – Y0) - Y0 = X0 – 2Y0

C2,2 = C2,1 + 1 = 2

Example 3

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Variable values: (Y does not change)

(1) X1 = X0

C1 = 0

(2,1) X2,1 = X1 – Y1 = X0 – Y0

C2,1 = C1 + 1 = 1

(2,2) X2,2 = X2,1 – Y2,1 = (X0 – Y0) - Y0 = X0 – 2Y0

C2,2 = C2,1 + 1 = 2

Example 3

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Variable values: (Y does not change)

(1) X1 = X0

C1 = 0

(2,1) X2,1 = X1 – Y1 = X0 – Y0

C2,1 = C1 + 1 = 1

(2,2) X2,2 = X2,1 – Y2,1 = (X0 – Y0) - Y0 = X0 – 2Y0

C2,2 = C2,1 + 1 = 2

Example 3

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Variable values: (Y does not change)

(1) X1 = X0

C1 = 0

(2,1) X2,1 = X1 – Y1 = X0 – Y0

C2,1 = C1 + 1 = 1

(2,2) X2,2 = X2,1 – Y2,1 = (X0 – Y0) - Y0 = X0 – 2Y0

C2,2 = C2,1 + 1 = 2

Example 3 (cont’d)

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Variable values: (cont’d)

(2,2) X2,2 = X0 – 2Y0

C2,2 = 2

(2,3) X2,3 = X2,2 – Y2,2 = (X0 – 2Y0) - Y0 = X0 – 3Y0

C2,3 = C2,2 + 1 = 3

(2,N) X2,N = X0 – NY0

C2,N = N

Example 3 (cont’d)

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Variable values: (cont’d)

(2,2) X2,2 = X0 – 2Y0

C2,2 = 2

(2,3) X2,3 = X2,2 – Y2,2 = (X0 – 2Y0) - Y0 = X0 – 3Y0

C2,3 = C2,2 + 1 = 3

(2,N) X2,N = X0 – NY0

C2,N = N

Example 3 (cont’d)

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Variable values: (cont’d)

(2,2) X2,2 = X0 – 2Y0

C2,2 = 2

(2,3) X2,3 = X2,2 – Y2,2 = (X0 – 2Y0) - Y0 = X0 – 3Y0

C2,3 = C2,2 + 1 = 3

(2,N) X2,N = X0 – NY0

C2,N = N

Example 3 (cont’d)

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Variable values: (cont’d)

(2,2) X2,2 = X0 – 2Y0

C2,2 = 2

(2,3) X2,3 = X2,2 – Y2,2 = (X0 – 2Y0) - Y0 = X0 – 3Y0

C2,3 = C2,2 + 1 = 3

(2,N) X2,N = X0 – NY0

C2,N = N

Example 3 (cont’d)

Path Condition for Path F: (loop body executed 0 times)

(X1 < Y1) = X0 <Y0

Variable values:

X1= X0 C1= 0

X2,N = X0 – NY0

C2,N = N

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Example 3 (cont’d)

Path Condition for Path F: (loop body executed 0 times)

(X1 < Y1) = X0 <Y0

Variable values:

X1= X0 C1= 0

X2,N = X0 – NY0

C2,N = N

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Example 3 (cont’d)

Path Condition for Path F: (loop body executed 0 times)

(X1 < Y1) = X0 <Y0

Path Condition for Path T,F:

(loop body executed 1 time)

(X1 ≥ Y1) and (X2,1 <Y2,1)

= (X0 ≥ Y0) and (X0 - Y0 <Y0)

= (X0 ≥ Y0) and (X0 <2Y0)

= Y0 ≤ X0 <2Y0

Variable values:

X1= X0 C1= 0

X2,N = X0 – NY0

C2,N = N

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Example 3 (cont’d)

Path Condition for Path F: (loop body executed 0 times)

(X1 < Y1) = X0 <Y0

Path Condition for Path T,F:

(loop body executed 1 time)

(X1 ≥ Y1) and (X2,1 <Y2,1)

= (X0 ≥ Y0) and (X0 - Y0 <Y0)

= (X0 ≥ Y0) and (X0 <2Y0)

= Y0 ≤ X0 <2Y0

Variable values:

X1= X0 C1= 0

X2,N = X0 – NY0

C2,N = N

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Example 3 (cont’d)

Path Condition for Path F: (loop body executed 0 times)

(X1 < Y1) = X0 <Y0

Path Condition for Path T,F:

(loop body executed 1 time)

(X1 ≥ Y1) and (X2,1 <Y2,1)

= (X0 ≥ Y0) and (X0 - Y0 <Y0)

= (X0 ≥ Y0) and (X0 <2Y0)

= Y0 ≤ X0 <2Y0

Variable values:

X1= X0 C1= 0

X2,N = X0 – NY0

C2,N = N

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Example 3 (cont’d)

Path Condition for Path F: (loop body executed 0 times)

(X1 < Y1) = X0 <Y0

Path Condition for Path T,F:

(loop body executed 1 time)

(X1 ≥ Y1) and (X2,1 <Y2,1)

= (X0 ≥ Y0) and (X0 - Y0 <Y0)

= (X0 ≥ Y0) and (X0 <2Y0)

= Y0 ≤ X0 <2Y0

Variable values:

X1= X0 C1= 0

X2,N = X0 – NY0

C2,N = N

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Example 3 (cont’d)

Variable values:

X1= X0 C1= 0

X2,N = X0 – NY0 C2,N = N

Path Condition for Path T,T,F: (loop body executed 2

times)

(X1 ≥ Y1) and (X2,1 ≥ Y2,1) and (X2,2 <Y2,2)

= (X0 ≥ Y0) and (X0 - Y0 ≥ Y0) and (X0 - 2Y0 <Y0)

= (X0 ≥ Y0) and (X0 ≥ 2Y0) and (X0 <3Y0)

= (X0 ≥ Y0) and (2Y0 ≤ X0 <3Y0)

= 2Y0 ≤ X0 <3Y0 since (2Y0 < 3Y0 ) => Y0 > 0 => (X0 ≥ 2Y0 => X0 ≥ Y0)

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Example 3 (cont’d)

Variable values:

X1= X0 C1= 0

X2,N = X0 – NY0 C2,N = N

Path Condition for Path T,T,F: (loop body executed 2

times)

(X1 ≥ Y1) and (X2,1 ≥ Y2,1) and (X2,2 <Y2,2)

= (X0 ≥ Y0) and (X0 - Y0 ≥ Y0) and (X0 - 2Y0 <Y0)

= (X0 ≥ Y0) and (X0 ≥ 2Y0) and (X0 <3Y0)

= (X0 ≥ Y0) and (2Y0 ≤ X0 <3Y0)

= 2Y0 ≤ X0 <3Y0 since (2Y0 < 3Y0 ) => Y0 > 0 => (X0 ≥ 2Y0 => X0 ≥ Y0)

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Example 3 (cont’d)

Variable values:

X1= X0 C1= 0

X2,N = X0 – NY0 C2,N = N

Path Condition for Path T,T,F: (loop body executed 2

times)

(X1 ≥ Y1) and (X2,1 ≥ Y2,1) and (X2,2 <Y2,2)

= (X0 ≥ Y0) and (X0 - Y0 ≥ Y0) and (X0 - 2Y0 <Y0)

= (X0 ≥ Y0) and (X0 ≥ 2Y0) and (X0 <3Y0)

= (X0 ≥ Y0) and (2Y0 ≤ X0 <3Y0)

= 2Y0 ≤ X0 <3Y0 since (2Y0 < 3Y0 ) => Y0 > 0 => (X0 ≥ 2Y0 => X0 ≥ Y0)

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Example 3 (cont’d)

Variable values:

X1= X0 C1= 0

X2,N = X0 – NY0 C2,N = N

Path Condition for Path T,T,F: (loop body executed 2

times)

(X1 ≥ Y1) and (X2,1 ≥ Y2,1) and (X2,2 <Y2,2)

= (X0 ≥ Y0) and (X0 - Y0 ≥ Y0) and (X0 - 2Y0 <Y0)

= (X0 ≥ Y0) and (X0 ≥ 2Y0) and (X0 <3Y0)

= (X0 ≥ Y0) and (2Y0 ≤ X0 <3Y0)

= 2Y0 ≤ X0 <3Y0 since (2Y0 < 3Y0 ) => Y0 > 0 => (X0 ≥ 2Y0 => X0 ≥ Y0)

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Example 3 (cont’d)

Variable values:

X1= X0 C1= 0

X2,N = X0 – NY0 C2,N = N

Path Condition for Path T,T,F: (loop body executed 2

times)

(X1 ≥ Y1) and (X2,1 ≥ Y2,1) and (X2,2 <Y2,2)

= (X0 ≥ Y0) and (X0 - Y0 ≥ Y0) and (X0 - 2Y0 <Y0)

= (X0 ≥ Y0) and (X0 ≥ 2Y0) and (X0 <3Y0)

= (X0 ≥ Y0) and (2Y0 ≤ X0 <3Y0)

= 2Y0 ≤ X0 <3Y0 since (2Y0 < 3Y0 ) => Y0 > 0 => (X0 ≥ 2Y0 => X0 ≥ Y0)

(1) C := 0while (X>=Y) do

(2) X := X-YC := C+1

end_while

Example 3 (cont’d)

Path Condition for N>1 iterations of the loop:

(X1 ≥ Y1) and (X2,1 ≥ Y2,1) and … and (X2,N-1 ≥ Y2,N-1)

and (X2,N <Y2,N)

Example 3 (cont’d)

Path Condition for N>1 iterations of the loop:

(X1 ≥ Y1) and (X2,1 ≥ Y2,1) and … and (X2,N-1 ≥ Y2,N-1)

and (X2,N <Y2,N)

It can be proven by induction that this condition may be expressed in CLOSED FORM as:

(N-1)Y0 ≤ X0 < NY0

with the implied (eventual termination) condition that Y0 > 0.

Path Conditions & Symbolic

Evaluation Summary

• To cause a path to be executed requires that the test case satisfy its path condition.

• The path condition is the conjunction of branch predicates that are required to hold for all the branches along the path.

• In general, the simplification of path conditions for loops is very difficult. (The simplest form that is obtainable for N

iterations of a loop may involve N terms.)

Path Conditions & Symbolic

Evaluation Summary

• To cause a path to be executed requires that the test case satisfy its path condition.

• The path condition is the conjunction of branch predicates that are required to hold for all the branches along the path.

• In general, the simplification of path conditions for loops is very difficult. (The simplest form that is obtainable for N

iterations of a loop may involve N terms.)

Path Conditions & Symbolic

Evaluation Summary

• To cause a path to be executed requires that the test case satisfy its path condition.

• The path condition is the conjunction of branch predicates that are required to hold for all the branches along the path.

• In general, the simplification of path conditions for loops is very difficult. (The simplest form that is obtainable for N

iterations of a loop may involve N terms.)

Path Conditions & Symbolic

Evaluation Summary (cont’d)

• A path is infeasible if its path condition reduces to FALSE.

• Symbolic evaluation provides a systematic method for expressing path conditions in terms of the initial symbolic values of program variables.

Path Conditions & Symbolic

Evaluation Summary (cont’d)

• A path is infeasible if its path condition reduces to FALSE.

• Symbolic evaluation provides a systematic method for expressing path conditions in terms of the initial symbolic values of program variables.

Path Conditions & Symbolic

Evaluation Summary (cont’d)

• This simplifies the task of identifying inputs that will cause the path to be executed.

• But this “satisfiability problem” can be very difficult to solve…

Path Conditions & Symbolic

Evaluation Summary (cont’d)

• This simplifies the task of identifying inputs that will cause the path to be executed.

• But this “satisfiability problem” can be very difficult to solve…

Exactly HOW Difficult…?

• Given a Boolean expression E, decide if there is some assignment to the variables in E such that E will be true.

• This was the first problem shown to be NP-complete!

Exactly HOW Difficult…?

• Given a Boolean expression E, decide if there is some assignment to the variables in E such that E will be true.

• This was the first problem shown to be NP-complete!

White-Box Testing Techniques III

Prepared by

Stephen M. Thebaut, Ph.D.

University of Florida

Software Testing and Verification

Lecture 9