STM Unit 3 Notes
STM Unit 3 Notes
This unit gives an in-depth overview of the Paths of various flow graphs, their interpretations, and
applications.
Interpret the control flowgraph and identify the path products, path sums, and path expressions.
Identify how the mathematical laws (distributive, associative, commutative, etc) hold for the paths.
Apply the reduction procedure algorithm to a control flowgraph and simplify it into a single path
expression.
Find all possible paths (Max. Path Count) of a given flow graph.
Calculate the probability of paths and understand the need for finding the probabilities.
Understand how complementary operations such as PUSH / POP or GET / RETURN are
interpreted in a flowgraph.
Understand the problems due to flow anomalies and identify whether anomalies exist in the given
path expression.
MOTIVATION:
o Any question about a program can be cast into an equivalent question about an appropriate
flowgraph.
o Most software development, testing, and debugging tools use flow graph analysis
techniques.
PATH PRODUCTS:
o Normally flow graphs are used to denote only control flow connectivity.
o Using link names as weights, we then convert the graphical flow graph into an equivalent
algebraic like expression which denotes the set of all possible paths from entry to exit for
the flow graph.
o Every link of a graph can be given a name.
o In tracing a path or path segment through a flow graph, you traverse a succession of link
names.
o The name of the path or path segment that corresponds to those links is expressed naturally
by concatenating those link names.
o For example, if you traverse links a,b,c and d along some path, the name for that path
segment is abcd. This path name is also called a path product. Figure 5.1 shows some
examples:
PATH EXPRESSION:
o Consider a pair of nodes in a graph and the set of paths between those nodes.
o Denote that set of paths by Upper case letters such as X, Y. From Figure 5.1c, the members
of the path set can be listed as follows:
ac+abc+abbc+abbbc+abbbbc+...........
o The + sign is understood to mean "or" between the two nodes of interest, paths ac, or abc, or
abbc, and so on can be taken.
o Any expression consisting of path names and "OR"s that denotes a set of paths between two
nodes is called a "Path Expression.".
PATH PRODUCTS:
o The name of a path that consists of two successive path segments is conveniently expressed
by the concatenation or Path Product of the segment names.
o For example, if X and Y are defined as X=abcde, Y=fghij, then the path corresponding to X
followed by Y is denoted by
XY=abcdefghij
o Similarly,
o YX=fghijabcde
o aX=aabcde
o Xa=abcdea
XaX=abcdeaabcde
o If X and Y represent sets of paths or path expressions, their product represents the set of
paths that can be obtained by following every element of X by any element of Y in all
possible ways. For example,
o Y = uvw + z
Then,
o If a link or segment name is repeated, that fact is denoted by an exponent. The exponent's
value indicates the number of repetitions:
Similarly, if X = abcde
then
X1 = abcde
X2 = abcdeabcde = (abcde)2
X3 = abcdeabcdeabcde = (abcde)2abcde
= abcde(abcde)2 = (abcde)3
o The path product is not commutative (that is XY!=YX).
RULE 1: A(BC)=(AB)C=ABC
o The zeroth power of a link name, path product, or path expression is also needed for
completeness. It is denoted by the numeral "1" and denotes the "path" whose length is zero -
that is, the path that doesn't have any links.
o a0 = 1
o X0 = 1
PATH SUMS:
o The "+" sign was used to denote the fact that path names were part of the same set of paths.
o Links a and b in Figure 5.1a are parallel paths denoted by a + b. Similarly, links c and d are
parallel paths between the next two nodes denoted by c + d.
o The set of all paths between nodes 1 and 2 can be considered a set of parallel paths denoted
by eacf+eadf+ebcf+ebdf.
o If X and Y are sets of paths that lie between the same pair of nodes, then X+Y denotes the
UNION of those set of paths. For example, in Figure 5.2:
The first set of parallel paths is denoted by X + Y + d and the second set by U + V + W + h + i + j. The set
of all paths in this flowgraph is f(X + Y + d)g(U + V + W + h + i + j)k
RULE 2: X+Y=Y+X
RULE 3: (X+Y)+Z=X+(Y+Z)=X+Y+Z
DISTRIBUTIVE LAWS:
o The product and sum operations are distributive, and the ordinary rules of multiplication
apply; that is
RULE 4: A(B+C)=AB+AC and (B+C)D=BD+CD
o e(a+b)(c+d)f=e(ac+ad+bc+bd)f = eacf+eadf+ebcf+ebdf
ABSORPTION RULE:
o If X and Y denote the same set of paths, then the union of these sets is unchanged;
consequently,
o If a set consists of paths names and a member of that set is added to it, the "new" name,
which is already in that set of names, contributes nothing and can be ignored.
o For example,
o if X=a+aa+abc+abcd+def then
It follows that any arbitrary sum of identical path expressions reduces to the same path expression.
LOOPS:
o Loops can be understood as an infinite set of parallel paths. Say that the loop consists of a
single link b. then the set of all paths through that loop point is
b0+b1+b2+b3+b4+b5+..............
o This potentially infinite sum is denoted by b* for an individual link and by X* when X is a
path expression.
ab*c=ac+abc+abbc+abbbc+................
o Evidently,
o It is more convenient to denote that a loop cannot be taken more than a certain, say n,
number of times.
Xn = X0+X1+X2+X3+X4+X5+..................+Xn
RULES 6 - 16:
o RULE 6: Xn + Xm = Xn if n>m
RULE 6: Xn + Xm = Xm if m>n
RULE 11: 1 + 1 = 1
RULE 12: 1X = X1 = X
Following or preceding a set of paths by a path of zero length does not change the set.
RULE 13: 1n = 1n = 1* = 1+ = 1
No matter how often you traverse a path of zero length, It is a path of zero length.
The null set of paths is denoted by the numeral 0. It obeys the following rules:
If you block the paths of a graph for or aft by a graph that has no paths, there won't be any paths.
REDUCTION PROCEDURE:
o This section presents a reduction procedure for converting a flowgraph whose links are
labeled with names into a path expression that denotes the set of all entry/exit paths in that
flowgraph. The procedure is a node-by-node removal algorithm.
3. Remove all self-loops (from any node to itself) by replacing them with a link of the
form X*, where X is the path expression of the link in that loop.
4. Select any node for removal other than the initial or final node. Replace it with a set
of equivalent links whose path expressions correspond to all the ways you can form
a product of the set of inlinks with the set of outlinks of that node.
8. Does the graph consist of a single link between the entry node and the exit node? If
yes, then the path expression for that link is a path expression for the original
flowgraph; otherwise, return to step 4.
o A flowgraph can have many equivalent path expressions between a given pair of nodes; that
is, there are many different ways to generate the set of all paths between two nodes without
affecting the content of that set.
o The appearance of the path expression depends, in general, on the order in which nodes are
removed.
o Successive applications of this step eventually get you down to one entry and one exit node.
The following diagram shows the situation at an arbitrary node that has been selected for
removal:
From the above diagram, one can infer:
(a + b)(c + d + e) = ac + ad + + ae + bc + bd + be
o In the first way, we remove the self-loop and then multiply all outgoing links by Z*.
o In the second way, we split the node into two equivalent nodes, call them A and A' and put
in a link between them whose path expression is Z*. Then we remove node A' using steps 4
and 5 to yield outgoing links whose path expressions are Z*X and Z*Y.
o Let us see by applying this algorithm to the following graph where we remove several
nodes in order; that is
o Removing the loop and then node 6 result in the following expression:
a(bgjf)*b(c+gkh)d((ilhd)*imf(bjgf)*b(c+gkh)d)*(ilhd)*e
o You can practice by applying the algorithm on the following flowgraphs and generate their
respective path expressions:
A
PPLICATIONS:
APPLICATIONS:
o The node removal algorithm aims to present one very generalized concept- the path
expression and way of getting it.
o Every application follows this common pattern:
2. Identify a property of interest and derive an appropriate set of "arithmetic" rules that
characterize the property.
3. Replace the link names by the link weights for the property of interest. The path
expression has now been converted to an expression in some algebra, such as
ordinary algebra, regular expressions, or boolean algebra. This algebraic expression
summarizes the property of interest over the set of all paths.
4. Simplify or evaluate the resulting "algebraic" expression to answer the question you
asked.
o The question is not simple. Here are some ways you could ask it:
o Determining the actual number of different paths is an inherently difficult problem because
there could be unachievable paths resulting from correlated and dependent predicates.
o If we know both of these numbers (maximum and minimum number of possible paths) we
have a good idea of how complete our testing is.
o Label each link with a link weight that corresponds to the number of paths that link
represents.
o Also mark each loop with the maximum number of times that loop can be taken. If the
answer is infinite, you might as well stop the analysis because it is clear that the maximum
number of paths will be infinite.
o There are three cases of interest: parallel links, serial links, and loops.
o This arithmetic is an ordinary algebra. The weight is the number of paths in each set.
o EXAMPLE:
Each link represents a single link and consequently is given a weight of "1" to start. Lets say the outer loop
will be taken exactly four times and inner Loop Can be taken zero or three times Its path expression, with a
little work, is:
A: The flow graph should be annotated by replacing the link name with the
maximum of paths through that link (1) and also note the number of times for
looping.
B: Combine the first pair of parallel loops outside the loop and also the pair in the
outer loop.
C: Multiply the things out and remove nodes to clear the clutter.
For the Inner Loop:
D: Calculate the total weight of the inner loop, which can execute a min. of 0 times and max. of 3
times. So, its inner loop can be evaluated as follows:
13 = 10 + 11 + 12 + 13 = 1 + 1 + 1 + 1 = 4
G: Simpifying the loop further results in the total maximum number of paths in the
flowgraph:
2 X 84 X 2 = 32,768.
o Alternatively, you could have substituted a "1" for each link in the path expression and then
simplified, as follows:
a(b+c)d{e(fi)*fgj(m+l)k}*e(fi)*fgh
= 1(1 + 1)1(1(1 x 1)31 x 1 x 1(1 + 1)1)41(1 x 1)31 x 1 x 1
= 2(131 x (2))413
= 2(4 x 2)4 x 4
= 2 x 84 x 4 = 32,768
o Actually, the outer loop should be taken exactly four times. That doesn't mean it will be
taken zero or four times. Consequently, there is a superfluous "4" on the outlink in the last
step. Therefore, the maximum number of different paths is 8192 rather than 32,768.
STRUCTURED FLOWGRAPH:
o Structured code can be defined in several different ways that do not involve ad-hoc rules
such as not using GOTOs.
o A structured flowgraph is one that can be reduced to a single link by successive application
of the transformations of Figure 5.7.
Figure 5.7: Structured Flowgraph Transformations.
o The node-by-node reduction procedure can also be used as a test for structured code.
o Flow graphs that DO NOT contain one or more of the graphs shown below (Figure 5.8) as
subgraphs are structured.
o A lower bound on the number of paths in a routine can be approximated for structured flow
graphs.
o The values of the weights are the number of members in a set of paths.
o EXAMPLE:
Applying the arithmetic to the earlier example gives us the identical steps unitl step
3 (C) as below:
If you have fewer paths in your test plan than this minimum you probably haven't
covered. It's another check.
o Path selection should be biased toward the low - rather than the high-probability paths.
This question can be answered under suitable assumptions, primarily that all probabilities
involved are independent, which is to say that all decisions are independent and
uncorrelated.
Probabilities can come into the act only at decisions (including decisions associated
with loops).
Annotate each outline with a weight equal to the probability of going in that
direction.
For a simple loop, if the loop will be taken a mean of N times, the looping
probability is N/(N + 1) and the probability of not looping is 1/(N + 1).
In this table, in case of a loop, PA is the probability of the link leaving the loop and
PL is the probability of looping.
2. For the series case, if you must do both things, and their probabilities are
independent (as assumed), then the probability that you do both is the
product of their probabilities.
For example, a loop node has a looping probability of PL and a probability of not
looping of PA, which is obviously equal to I - PL.
Following the above rule, all we've done is replace the outgoing probability with 1 -
so why the complicated rule? After a few steps in which you've removed nodes,
combined parallel terms, removed loops and the like, you might find something like
this:
which is what we've postulated for any decision. In other words, division by 1 - PL renormalizes the outlink
probabilities so that their sum equals unity after the loop is removed.
o EXAMPLE:
Here is a complicated bit of logic. We want to know the probability associated with
cases A, B, and C.
Let us do this in three parts, starting with case A. Note that the sum of the probabilities at each
decision node is equal to 1. Start by throwing away anything that isn't on the way to case A, and
then apply the reduction procedure. To avoid clutter, we usually leave out probabilities equal to 1.
CASE A:
Case B is simpler:
This checks. It's a good idea when doing this sort of thing to calculate all the
probabilities and to verify that the sum of the routine's exit probabilities does equal
1.
If it doesn't, then you've made calculation error or, more likely, you've left out some
branching probability.
How about path probabilities? That's easy. Just trace the path of interest and
multiply the probabilities as you go.
Alternatively, write down the path name and do the indicated arithmetic operation.
o Given the execution time of all statements or instructions for every link in a flowgraph and
the probability for each direction for all decisions are to find the mean processing time for
the routine as a whole.
o The model has two weights associated with every link: the processing time for that link,
denoted by T, and the probability of that link P.
o EXAMPLE:
1. Start with the original flow graph annotated with probabilities and processing time.
2. Combine the parallel links of the outer loop. The result is just the mean of the
processing times for the links because there aren't any other links leaving the first
node. Also combine the pair of links at the beginning of the flowgraph..
3. Combine as many serial links as you can.
4. Use the cross-term step to eliminate a node and to create the inner self-loop.
5. Finally, you can get the mean processing time, by using the arithmetic rules as
follows:
PUSH/POP, GET/RETURN:
o This model can be used to answer several different questions that can turn up in debugging.
Given a pair of complementary operations such as PUSH (the stack) and POP (the
stack), considering the set of all possible paths through the routine, what is the net
effect of the routine? PUSH or POP? How many times? Under what conditions?
o Here are some other examples of complementary operations to which this model applies:
o OPEN/CLOSE a file.
The numeral 1 is used to indicate that nothing of interest (neither PUSH nor POP)
occurs on a given link.
"H" denotes PUSH and "P" denotes POP. The operations are commutative,
associative, and distributive.
Consider the following flowgraph:
Below Table 5.9 shows several combinations of values for the two looping terms -
M1 is the number of times the inner loop will be taken and M2 the number of times
the outer loop will be taken.
Figure 5.9: Result of the PUSH / POP Graph Analysis.
These expressions state that the stack will be popped only if the inner loop is not
taken.
The stack will be left alone only if the inner loop is iterated once, but it may also be
pushed.
For all other values of the inner loop, the stack will only be pushed.
The same arithmetic tables used for previous examples are used for GET / RETURN
a buffer block or resource, or, in fact, for any pair of complementary operations in
which the total number of operations in either direction is cumulative.
G(G + R)G(GR)*GGR*R
= G(G + R)G3R*R
= (G + R)G3R*
= (G4 + G2)R*
This expression specifies the conditions under which the resources will be balanced
on leaving the routine.
If the upper branch is taken at the first decision, the second loop must be taken four
times.
If the lower branch is taken at the first decision, the second loop must be taken
twice.
For any other values, the routine will not balance. Therefore, the first loop must not
be instrumented to verify this behavior because its impact should be nil.
o The node-by-node reduction procedure and most graph-theory-based algorithms work well
when all paths are possible, but may provide misleading results when some paths are
unachievable.
o The approach to handling unachievable paths (for any application) is to partition the graph
into subgraphs so that all paths in each of the subgraphs are achievable.
o The resulting subgraphs may overlap, because one path may be common to several different
subgraphs.
o Each predicate's truth-functional value potentially splits the graph into two subgraphs. For n
predicates, there could be as many as 2n subgraphs.
THE PROBLEM:
o The generic flow-anomaly detection problem (note: not just data-flow anomalies, but any
flow anomaly) is that of looking for a specific sequence of options considering all possible
paths through a routine.
o Let the operations be SET and RESET, denoted by s and r respectively, and we want to
know if there is a SET followed immediately a SET or a RESET followed immediately by a
RESET (an ss or an rr sequence).
1. A file can be opened (o), closed (c), read (r), or written (w). If the file is read or
written to after it's been closed, the sequence is nonsensical.
Therefore, cr and cw are anomalous. Similarly, if the file is read before it's been
written, just after opening, we may have a bug. Therefore, or is also anomalous.
Furthermore, oo and cc, though not actual bugs, are a waste of time and therefore
should also be examined.
2. A tape transport can do a rewind (d), fast-forward (f), read (r), write (w), stop (p),
and skip (k). There are rules concerning the use of the transport; for example, you
cannot go from rewind to fast-forward without an intervening stop or from rewind or
fast-forward to read or write without an intervening stop. The following sequences
are anomalous: df, dr, dw, fd, and fr. Does the flowgraph lead to anomalous
sequences on any path? If so, what sequences and under what circumstances?
3. The data-flow anomalies discussed in Unit 4 requires us to detect the dd, dk, kk,
and ku sequences. Are there paths with anomalous data flows?
4.
THE METHOD:
o Annotate each link in the graph with the appropriate operator or the null operator 1.
o Simplify things to the extent possible, using the fact that a + a = a and 12 = 1.
o You now have a regular expression that denotes all the possible sequences of operators in
that graph. You can now examine that regular expression for the sequences of interest.
o As an example, let
A = pp
B = srr
C = rp
T = ss
o However, let
A = p + pp + ps
B = psr + ps(r + ps)
C = rp
T = P4
Is it obvious that there is a p4 sequence in ABnC? The theorem states that we have only to
look at
Multiplying out the expression and simplifying shows that there is no p4 sequence.
o Incidentally, the above observation is an informal proof of the wisdom of looping twice
discussed in Unit 2. Because data-flow anomalies are represented by two-character
sequences, it follows the above theorem that looping twice is what you need to do to find
such anomalies.
LIMITATIONS:
o Huang's theorem can be easily generalized to cover sequences of greater length than two
characters. Beyond three characters, though, things get complex and this method has
probably reached its utilitarian limit for manual application.
o There are some nice theorems for finding sequences that occur at the beginnings and ends
of strings but no nice algorithms for finding strings buried in an expression.
o Static flow analysis methods can't determine whether a path is or is not achievable. Unless
the flow analysis includes symbolic execution or similar techniques, the impact of
unachievable paths will not be included in the analysis.
o The flow-anomaly application, for example, doesn't tell us that there will be a flow anomaly
- it tells us that if the path is achievable, there will be a flow anomaly. Such analytical
problems go away if you take the trouble to design routines for which all paths are
achievable.
Whenever we do the testing by boundary value analysis, the tester focuses on, while entering boundary
value whether the software is producing correct output or not.
Boundary values are those that contain the upper and lower limit of a variable. Assume that, age is a
variable of any function, and its minimum value is 18 and the maximum value is 30, both 18 and 30
will be considered as boundary values.
The basic assumption of boundary value analysis is, that the test cases that are created using boundary
values are most likely to cause an error.
There is 18 and 30 are the boundary values that's why tester pays more attention to these values, but
this doesn't mean that the middle values like 19, 20, 21, 27, 29 are ignored. Test cases are
developed for each and every value of the range.
Testing of boundary values is done by making valid and invalid partitions. Invalid partitions are
tested because testing of output in adverse condition is also essential.
Let's understand via practical:
Imagine, there is a function that accepts a number between 18 to 30, where 18 is the minimum and
30 is the maximum value of valid partition, the other values of this partition are 19, 20, 21, 22, 23,
24, 25, 26, 27, 28 and 29. The invalid partition consists of the numbers which are less than 18 such
as 12, 14, 15, 16 and 17, and more than 30 such as 31, 32, 34, 36 and 40. Tester develops test cases
for both valid and invalid partitions to capture the behavior of the system on different input
conditions.
The software system will be passed in the test if it accepts a valid number and gives the desired
output, if it is not, then it is unsuccessful. In another scenario, the software system should not
accept invalid numbers, and if the entered number is invalid, then it should display an error
message.
If the software which is under test, follows all the testing guidelines and specifications then it is
sent to the releasing team otherwise to the development team to fix the defects.
o Data flow testing is the name given to a family of test strategies based on selecting paths
through the program's control flow to explore sequences of events related to the status of
data objects.
o For example, pick enough paths to ensure that every data object has been initialized before
use or that all defined objects have been used for something.
o There are two types of data flow machines with different architectures.
The Von Neumann machine Architecture executes one instruction at a time in the
following, microinstruction sequence:
2. Interpret instruction
3. Fetch operands
4. Process or Execute
5. Store result
7. GOTO 1
They can also do arithmetic and logical operations simultaneously on different data
objects.
BUG ASSUMPTION:
o The bug assumption for data-flow testing strategies is that control flow is generally correct
and that something has gone wrong with the software so that data objects are not available
when they should be, or silly things are being done to data objects.
o Also, if there is a control-flow problem, we expect it to have symptoms that can be detected
by data-flow analysis.
o Although we'll be doing data-flow testing, we won't be using data flowgraphs as such.
Rather, we'll use an ordinary control flowgraph annotated to show what happens to the data
objects of interest at the moment.
DATA FLOW GRAPHS:
o The data flow graph is a graph consisting of nodes and directed links.
o We will use a control graph to show what happens to data objects of interest at that moment.
o Our objective is to expose deviations between the data flows we have and the data flows we
want.
They can be used in two distinct ways: (1) In a Calculation (2) As a part of a Control
Flow Predicate.
1. Defined (d):
A record is written.
When its contents are no longer known with certitude (with absolute
certainty/perfectness).
Return of records.
3. Usage (u):
A variable is used for computation (c) when it appears on the right-hand side
of an assignment statement.
Slice-based testing.
Prepares various subsets(called slices) of the program concerning its variables and their selected
locations in the program.
Slices are simpler than the original program and simplify the process of testing the program.
A slice S(v,n) of program P on variable v, or set of variables, at statement n yields the portions of
the program that contributed to the value of v just before the statement is executed.
S(v,n) is called slicing criteria.
Slice is an executable program.
Slice Based Testing
All statements where variables are defined and redefined should be considered.
All statements where variables are receiving values externally should be considered.
The status of all variables may be considered in the last statement of the program.
S(c,5) S(c,3)
1.a=3; 2. b=6
2.b=6; 3.c=b²
5.c=a+b;
1. void main()
2. {
3. int a,b,c,d,e;
4. printf(“Enter the values of a,b, and c\n”);
5. scanf(“%d %d %d”,&a,&b,&c);
6. d=a+b;
7. e=b+c;
8. printf(“%d”,d);
9. printf(“%d”,e);
10.}
Slices for the given program are:
1.S(A,6)=(1,2,3,4,5,6,28)
2. S(A, 13)=(1,2,3,4,5,6,7,8,9,10,11,12,13,14,18,27,28)
3. S(A, 28)=(1,2,3,4,5,6,7,8,9,10,11,12,13,14,18,27,28)
4. S(B, 8)=(1,2,3,4,7,8,28)
5. S(B, 24)=(1,2,3,4,5,6,7,8,9,10,11,19,20,23,24,25,26,27,28)
6. S(B, 28)=(1,2,3,4,5,6,7,8,9,10,11,19,20,23,24,25,26,27,28)
7. S(C, 10)=(1,2,3,4,9,10,28)
8. S(C, 16)=(1,2,3,4,5,6,7,8,9,10,11,12,15,16,17,18,27,28)
9. S(C, 21)=(1,2,3,4,5,6,7,8,9,10,11,19,20,21,22,26,27,28)
10. S(C, 28)=(1,2,3,4,5,6,7,8,9,10,11,19,20,21,22,26,27,28)
It focuses on a portion of a program concerning a variable location in any statement of the program.
Slicing cannot test behavior that is not represented by a set of variables or a variable of the
program.