Killing Stubborn Mutants with Symbolic Execution
This addresses a specific challenge in software testing for developers and researchers, offering an incremental improvement over existing methods.
The paper tackles the problem of killing stubborn mutants (killable but undetected after testing) by introducing SeMu, a Dynamic Symbolic Execution technique that models mutant killing as a symbolic execution search, resulting in SeMu killing 37% of stubborn mutants within a two-hour limit, compared to 0% for KLEE and 17% for a previous strategy.
We introduce SeMu, a Dynamic Symbolic Execution technique that generates test inputs capable of killing stubborn mutants (killable mutants that remain undetected after a reasonable amount of testing). SeMu aims at mutant propagation (triggering erroneous states to the program output) by incrementally searching for divergent program behaviours between the original and the mutant versions. We model the mutant killing problem as a symbolic execution search within a specific area in the programs' symbolic tree. In this framework, the search area is defined and controlled by parameters that allow scalable and cost-effective mutant killing. We integrate SeMu in KLEE and experimented with Coreutils (a benchmark frequently used in symbolic execution studies). Our results show that our modelling plays an important role in mutant killing. Perhaps more importantly, our results also show that, within a two-hour time limit, SeMu kills 37% of the stubborn mutants, where KLEE kills none and where the mutant infection strategy (strategy suggested by previous research) kills 17%.