N-way Program Merging for
Efficient Test Coverage of
Configurable Software
Malte Lochau (TU Darmstadt)
(Joint Work with Dennis Reuling and Johannes Bürdek)
FOSD Meeting 2017
Program Analysis
yes
𝑝𝑝
Software
ModelChecker
𝜑𝜑
⊨ 𝒍𝒍𝒍𝒍𝒍𝒍: 𝒙𝒙 ≥ 𝒚𝒚 ⇒ 𝒛𝒛 ≠ 𝟎𝟎 ?
?
no
Counter-Example:
𝒙𝒙 = 𝟎𝟎, 𝒚𝒚 = 𝟎𝟎, 𝒛𝒛 = 𝟎𝟎
 Witness for violation
of safety property 𝜑𝜑
 Test input for test
goal ¬𝜑𝜑
Counter-Example Guided Abstraction Refinement
[Clarke et al. 2004]
4
𝑥𝑥 < 𝑦𝑦
5
𝑎𝑎 ≔ 𝑥𝑥
15
𝑧𝑧 ≔ 𝑧𝑧 + 1
𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖 𝑥𝑥, 𝑦𝑦, 𝑧𝑧;
𝑖𝑖𝑖𝑖𝑖𝑖 𝑎𝑎;
𝑥𝑥 ≥ 𝑦𝑦
7
𝑎𝑎 ≔ 𝑦𝑦
24
𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜 𝑧𝑧
Program P
Control-Flow Automaton
(CFA)
4
5
𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡
𝑥𝑥 < 𝑦𝑦
15 𝑥𝑥 < 𝑦𝑦 ∧ 𝑎𝑎 = 𝑥𝑥
24 𝑥𝑥 < 𝑦𝑦 ∧
𝑎𝑎 = 𝑥𝑥 ∧ 𝑧𝑧24
= 𝑧𝑧0 + 𝑎𝑎
⊨ 𝜑𝜑
7
𝑥𝑥 ≥ 𝑦𝑦
15 𝑥𝑥 ≥ 𝑦𝑦 ∧ 𝑎𝑎 = 𝑥𝑥
24 𝑥𝑥 ≥ 𝑦𝑦 ∧
𝑎𝑎 = 𝑦𝑦 ∧ 𝑧𝑧24
= 𝑧𝑧0 + 𝑎𝑎
⊨ 𝜑𝜑
Abstract Reachability Graph
(ARG)
Product-based Product-Line Analysis
Software
ModelChecker
P1
P2
P3
𝜑𝜑
P4
P5
P6
𝑦𝑦𝑦𝑦𝑦𝑦
𝑛𝑛𝑛𝑛 (𝑥𝑥 = ⋯ )
𝑛𝑛𝑛𝑛 (𝑥𝑥 = ⋯ )
𝑛𝑛𝑛𝑛 (𝑥𝑥 = ⋯ )
𝑛𝑛𝑛𝑛 (𝑥𝑥 = ⋯ )
𝑦𝑦𝑦𝑦𝑦𝑦
Family-based Product-Line Analysis
Software
ModelChecker
𝑷𝑷𝑷𝑷 = 𝑳𝑳𝑳𝑳 ∧ 𝑷𝑷𝑷𝑷𝑷𝑷𝑷𝑷
n𝑜𝑜 (𝑥𝑥 = ⋯ )
𝜑𝜑
[Apel et al., 2013]
[Bürdek et al., 2015]
Family-based Product-Line Analysis
1
LE
𝑥𝑥 < 𝑦𝑦
5
𝑥𝑥 ≥ 𝑦𝑦
7
𝑎𝑎 ≔ 𝑥𝑥 𝑎𝑎 ≔ 𝑦𝑦
PLUS
SPL Implementation
𝑧𝑧 ≔ 𝑧𝑧 + 𝑎𝑎
3
18
24
𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖 𝑥𝑥, 𝑦𝑦, 𝑧𝑧;
𝑖𝑖𝑖𝑖𝑖𝑖 𝑎𝑎;
𝑥𝑥 > 𝑦𝑦
10
𝑎𝑎 ≔ 𝑥𝑥
3
GR
𝑥𝑥 ≤ 𝑦𝑦
12
𝑎𝑎 ≔ 𝑦𝑦
NOTNEG
𝑧𝑧 − 𝑎𝑎 ≥ 0𝑧𝑧 − 𝑎𝑎 < 0
5
𝑡𝑡𝑡𝑡𝑡𝑡𝑡𝑡
𝑓𝑓𝑓𝑓
𝑥𝑥 < 𝑦𝑦
𝐿𝐿𝐿𝐿
22
19
𝑎𝑎 ≔ 𝑎𝑎 ∗ (−1)
𝑧𝑧 ≔ 𝑧𝑧 − 𝑎𝑎
𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜 𝑧𝑧
Superimposed CFA
MINUS
24 𝑥𝑥 < 𝑦𝑦 ∧ 𝑎𝑎 = 𝑥𝑥 ∧ 𝑧𝑧24 = 𝑧𝑧0 − 1
𝐿𝐿𝐿𝐿 ∧ 𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃 ∧ ¬NOTNEG
Featured ARG
Challenges
Scalability / Precision Trade-offs
Partial / Incomplete / Evolving SPL Implementations
Product/Family-based SPL Analysis
Product/Family-based Analysis
1
LE
𝑥𝑥 < 𝑦𝑦
5
𝑥𝑥 ≥ 𝑦𝑦
7
𝑎𝑎 ≔ 𝑥𝑥 𝑎𝑎 ≔ 𝑦𝑦
PLUS
Partial/Evolving/Incomplete
SPL Implementation Artifacts
𝑧𝑧 ≔ 𝑧𝑧 + 𝑎𝑎
𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖𝑖 𝑥𝑥, 𝑦𝑦, 𝑧𝑧;
GR
𝑖𝑖𝑖𝑖𝑖𝑖 𝑎𝑎
3 ;
𝑥𝑥 > 𝑦𝑦
10
12
18
24
𝑎𝑎 ≔ 𝑥𝑥
𝑧𝑧 − 𝑎𝑎
≥22
0
𝑎𝑎 ≔ 𝑦𝑦
NOTNEG
𝑧𝑧 − 𝑎𝑎
< 019
𝑎𝑎 ≔ 𝑎𝑎 ∗ (−1)
𝑧𝑧 ≔ 𝑧𝑧 − 𝑎𝑎
𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜 𝑧𝑧
MINUS
(Continuously) Superimposed CFA
N-Way Model-Merging
Given: 𝑁𝑁 input models 𝑀𝑀𝑖𝑖
𝐶𝐶𝐶𝐶𝐴𝐴1
𝐶𝐶𝐶𝐶𝐴𝐴2
𝐶𝐶𝐶𝐶𝐴𝐴3
𝐶𝐶𝐶𝐶𝐴𝐴4
𝐶𝐶𝐶𝐶𝐴𝐴5
Find: a correct and good family model 𝑀𝑀
𝐶𝐶𝐶𝐶𝐴𝐴6
𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆𝑆 𝐶𝐶𝐶𝐶𝐶𝐶
Compare, …
[Rubin and Chechik, 2013]
𝑁𝑁-tuple t = 𝑒𝑒1 , … , 𝑒𝑒𝑘𝑘 ∈ 𝑇𝑇, 1 ≤ 𝑘𝑘 ≤ 𝑁𝑁,
such that no two elements belong to the
same input model
?
?
?
𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐 ∶ 𝑇𝑇 → [0,1]
?
?
?
…, Match, …
[Rubin and Chechik, 2013]
Subset 𝑇𝑇 ′ ⊆ 𝑇𝑇 is a (complete) match iff each model
element occurs in exactly one 𝑁𝑁-tuple 𝑡𝑡 ∈ 𝑇𝑇𝑇
Match 𝑇𝑇𝑇 is minimal iff for every match 𝑇𝑇𝑇𝑇 it holds
that ∑ 𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐 𝑡𝑡𝑡 ≥ ∑𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐(𝑡𝑡𝑡𝑡)
𝑡𝑡 ′ ∈ 𝑇𝑇𝑇
𝑡𝑡 ′′ ∈ 𝑇𝑇𝑇𝑇
… and Merge
[Rubin and Chechik, 2013]
Compose 𝑁𝑁 models into one by integrating matched
elements
Compare/Match/Merge has Problems
Three hard problems to be solved at once
1. Enumerate 𝑁𝑁-tuples: „combinatorial explosion“
2. Compare locations: „path explosion“
3. Find minimal match: „knapsack problem“
Configuration information is not preserved
Match/merge may produce ill-formed models as
model elements are untyped
Metrics for measuring quality of merging results?
Location Prepartitioning
l
l
l
Group similar locations with…
same type (initial, termination, sequence, branch, …)
at least one equally labeled incoming edge
similar block nestings
=> Parameter: Minimum Group Size (MGS)
Incremental Location Matching
…
l
l‘
l
l‘
l
l‘
…
…
Match grouped locations
Combination of depth-first and bredth-first traversal
Interleaved with randomized matching attempts
=> Parameter: Minimum Tuple Size (MTS)
Merging with Variability Encoding
𝑝𝑝𝑖𝑖
𝑝𝑝𝑘𝑘
𝑝𝑝𝑗𝑗
a
c
b
a
c
𝑡𝑡𝑡
𝑡𝑡𝑡𝑡
a
𝑡𝑡𝑡𝑡𝑡
c
𝑡𝑡𝑡𝑡𝑡𝑡
b
c
c
(𝑝𝑝𝑖𝑖 ∨ 𝑝𝑝𝑗𝑗 )
¬(𝑝𝑝𝑖𝑖 ∨ 𝑝𝑝𝑗𝑗 )
a
b
c
c
Evaluation Results for BusyBox
MFB /
Model Size
Reduction Factor
CPU Time
Speedup Factor
Test Suite Size
Reduction Factor
CbC
2.2 – 3.3
1.3 – 3.3
1.3 – 2.8
SPLFB
0.5 – 0.7
0.5 – 0.8
0.2 – 0.5
Thank You!