A Survey of Infeasible Path Detection

Sun Ding, Hee Beng Kuan Tan, Kai Ping Liu

2012

Abstract

A program has many and usually an infinite number of logic paths from its entry point to its exit point. Each execution of the program follows one of its logic paths. Regardless of the quality of the program and the programming language used to develop it, in general, a sizable number of these paths are infeasible — that is no input can exercise them. Detection of these infeasible paths has a key impact in many software engineering activities including code optimization, testing and even software security. This article reviews methods for detecting infeasible paths and proposes to revisit this important problem by considering also empirical aspect in conjunction to program analysis.

References

  1. Altenbernd, P., 1996. On the False Path Problem in Hard Real-Time Programs. In Real-Time Systems, Euromicro Conference, pp. 0102-0102.
  2. Balakrishnan, G., Sankaranarayanan, S., Ivancic, F., Wei, O. and A. Gupta, 2008. SLR: Path-Sensitive Analysis through Infeasible-Path Detection and Syntactic Language Refinement. In Static Analysis, vol. 5079, pp. 238-254.
  3. Ball, T. and Rajamani, S. K., 2002. The SLAM project: debugging system software via static analysis. SIGPLAN Not., vol. 37, pp. 1-3.
  4. Ball, T., and Rajamani, S. K., 2001. Bebop: a pathsensitive interprocedural dataflow engine. Presented at the Proceedings of the 2001 ACM SIGPLANSIGSOFT workshop on Program analysis for software tools and engineering, Snowbird, Utah, United States.
  5. Bodik, R., Gupta, R. and Soffa, M. L., 1997. Refining data flow information using infeasible paths. SIGSOFT Softw. Eng. Notes, vol. 22, pp. 361-377.
  6. Bjørner, N., Tillmann, N. and Voronkov, A., 2009. Path Feasibility Analysis for String-Manipulating Programs. Presented at the Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, York, UK.
  7. Botella, B., Delahaye, M., Hong-Tuan-Ha, S., Kosmatov, N., Mouy, P., Roger, M. and Williams, N., 2009. Automating structural testing of C programs: Experience with PathCrawler, in Automation of Software Test, ICSE Workshop, pp. 70-78.
  8. Cobleigh, J. M., Clarke, L. A. and Ostenveil, L. J., 2001. The right algorithm at the right time: comparing data flow analysis algorithms for finite state verification. Presented at the Proceedings of the 23rd International Conference on Software Engineering, Toronto, Ontario, Canada.
  9. Edmund, M., Clarke, E., Allen, E. and Joseph, S., 2009. Model Checking: Algorithmic Verification and Debugging. In Communications of the ACM, Vol. 52, pp. 74-84.
  10. Das, M., Lerner S., Seigle, M., 2002. ESP: path-sensitive program verification in polynomial time. SIGPLAN Not., vol. 37, pp. 57-68.
  11. Delahaye, M., Botella, B. and Gotlieb, A., 2010. Explanation-Based Generalization of Infeasible Path. Presented at the Proceedings of the 2010 Third International Conference on Software Testing, Verification and Validation.
  12. Dor, N., Adams, S., Das M. and Yang. Z., 2004. Software validation via scalable path-sensitive value flow analysis. SIGSOFT Softw. Eng. Notes, vol. 29, pp. 12- 22.
  13. Dwyer, M. B., Clarke, L. A., Cobleigh, J. M. and Naumovich, G., 2004. Flow analysis for verifying properties of concurrent software systems. ACM Trans. Softw. Eng. Methodol., vol. 13, pp. 359-430.
  14. Ermedahl, A., June, 2003. A modular tool architecture for worst-Case execution time Analysis. PHD thesis, Uppsala University, Dept. of Information Technology, Uppsala University, Sweden.
  15. Fischer, J., Jhala, R. and Majumdar, R., 2005. Joining dataflow with predicates. SIGSOFT Softw. Eng. Notes 30, vol. 5, pp. 227-236.
  16. Forgács, I. and Bertolino, A., 1997. Feasible test path selection by principal slicing. SIGSOFT Softw. Eng. Notes, vol. 22, pp. 378-394.
  17. Goldberg, A., Wang, T. C. and Zimmerman, D., 1994. Applications of feasible path analysis to program testing, presented at the Proceedings of the 1994 ACM SIGSOFT international symposium on Software testing and analysis, Seattle, Washington, United States.
  18. Gustafsson, J., 2002. Worst case execution time analysis of Object-Oriented programs. In the proceedings of Proceedings of the Seventh International Workshop on Object-Oriented Real-Time Dependable Systems, San Diego, CA , USA, pp. 0071-0071.
  19. Gustafsson, J., Ermedahl, A., Sandberg, C. and Lisper, B., 2006. Automatic derivation of loop bounds and infeasible paths for WCET analysis using abstract execution. Presented at the Proceedings of the 27th IEEE International Real-Time Systems Symposium.
  20. Gustafsson, J., 2000. Analyzing execution-time of ObjectOriented programs using abstract interpretation. PhD thesis, Department of Computer Systems, Information Technology, Uppsala University.
  21. Gustafsson, J., Ermedahl, A. and Lisper, B., 2006. Algorithms for Infeasible Path Calculation. Sixth International Workshop on Worst-Case Execution Time Analysis, Dresden, Germany.
  22. Hampapuram, H., Yang, Y. and Das, M., 2005. Symbolic path simulation in path-sensitive dataflow analysis. SIGSOFT Softw. Eng. Notes, vol. 31, pp. 52-58.
  23. Hedley, D. and Hennell, M. A., 1985. The cause and effects of infeasible paths in computer programs. Presented at the Proceedings of the 8th International Conference on Software Engineering, London, England.
  24. Khedker, U., Sanyal, A., Karkare, B., 2009. Data flow analysis: theory and practice. Taylor and Francis.
  25. Korel, B., 1996. Automated test data generation for programs with procedures, SIGSOFT Softw. Eng. Notes, vol. 21, pp. 209-215.
  26. Liu, H. and Tan, H. B. K., 2009. Covering code behavior on input validation in functional testing. In Information and Software Technology, vol. 51(2), pp 546-553, 2009.
  27. Liu, H. and Tan, H. B. K., 2008. Testing input validation in web applications through automated model recovery. In Journal of Systems and Software, vol. 81(2), pp. 222-233.
  28. Malevris, N., Yates, D. F. and Veevers, A., 1990. Predictive metric for likely feasibility of program paths. Information and Software Technology, vol. 32, pp. 115-118.
  29. McMinn, P., 2004. Search-based software test data generation: a survey: Research Articles. Softw. Test. Verif. Reliab., vol. 14, pp. 105-156.
  30. Moura, L. D. and Bjorner, N., 2008. Z3: an efficient SMT solver. Presented at the Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems, Budapest, Hungary.
  31. Ngo, M. N. and Tan, H. B. K., 2008. Applying static analysis for automated extraction of database interactions in web applications. In Information and Software Technology, vol. 50(3), pp 160-175.
  32. Ngo, M. N. and Tan, H. B. K., 2008. Heuristics-based infeasible path detection for dynamic test data generation. Inf. Softw. Technol., vol. 50, pp. 641-655.
  33. Ngo, M. N. and Tan, H. B. K., 2007. Detecting Large Number of Infeasible Paths through Recognizing their Patterns. In Proceedings ESEC-FSE'07, Joint European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering, ACM Press, pp. 215-224.
  34. Padmanabhuni, B. and Tan, H. B. K., 2011. Defending against Buffer-Overflow Vulnerabilities. In IEEE Computer, vol. 44 (11), pp 53-60.
  35. Prather, R. E. and Myers, J. P., 1987. The Path Prefix Software Engineering. IEEE Trans on Software Engineering.
  36. Robinson, A. J. A. and Voronkov, A., 2001. Handbook of Automated Reasoning vol. II: North Holland.
  37. Sen, K., Marinov, D. and Agha, G., 2005. CUTE: a concolic unit testing engine for C. SIGSOFT Softw. Eng. Notes, vol. 30, pp. 263-272.
  38. Tahbildar, H. and Kalita, B., 2011. Automated Software Test Data Generation: Direction of Research. International Journal of Computer Science and Engineering Survey, vol. 2, pp. 99-120.
  39. Vergilio, S., Maldonado, J. and Jino, M., 1996. Infeasible paths within the context of data flow based criteria. In the VI International Conference on Software Quality, Ottawa, Canada, pp.310-321.
  40. Williams, N., 2010. Abstract path testing with PathCrawler. Presented at the Proceedings of the 5th Workshop on Automation of Software Test, Cape Town, South Africa.
  41. Wilhelm, R., Engblom, J., Ermedahl, A., Holsti, N., Thesing, S., Whalley, D., Bernat, G., Ferdinand, C., Heckmann, R., Mitra, T., Mueller, F., Puaut, I., Puschner, P., Staschulat, J. and Stenstrom, P., 2008. The worst-case execution-time problem--overview of methods and survey of tools. ACM Trans. Embed. Comput. Syst., vol. 7, pp. 1-53.
  42. Xie, T., Tillmann, N., Halleux, P. D. and Schulte, W., 2009. Fitness-Guided Path Exploration in Dynamic Symbolic Execution. Presented at the IEEE/IFIP International Conference on Dependable Systems & Networks, Lisbon.
  43. Zhang, J. and Wang, X., 2001. A constraint solver and its application to path feasibility analysis. International Journal of Software Engineering and Knowledge Engineering, vol. 11, pp. 139-156.
Download


Paper Citation


in Harvard Style

Ding S., Beng Kuan Tan H. and Ping Liu K. (2012). A Survey of Infeasible Path Detection . In Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE, ISBN 978-989-8565-13-6, pages 43-52. DOI: 10.5220/0003986400430052


in Bibtex Style

@conference{enase12,
author={Sun Ding and Hee Beng Kuan Tan and Kai Ping Liu},
title={A Survey of Infeasible Path Detection},
booktitle={Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,},
year={2012},
pages={43-52},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003986400430052},
isbn={978-989-8565-13-6},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 7th International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,
TI - A Survey of Infeasible Path Detection
SN - 978-989-8565-13-6
AU - Ding S.
AU - Beng Kuan Tan H.
AU - Ping Liu K.
PY - 2012
SP - 43
EP - 52
DO - 10.5220/0003986400430052