Efficient Gray Box Checking for C/C ++ Modules - Technical Report

In this article, the well-known black box checking approach of Peled, Vardi, and Yannanakis
is specialized, optimized, and extended for practical property-oriented gray box testing of C/C++ modules. All software modules whose true behavior can be expressed by symbolic finite state machines (SFSMs) can be tested according to this novel approach. In contrast to conventional finite state machines, SFSMs can operate on input and output interfaces involving conceptually infinite data types, like real and integral numbers. Safety properties, liveness properties and combinations thereof are specified using Linear Temporal Logic (LTL), and a test strategy driven by a model learning algorithm is used to automatically create an SFSM model in the background that is equivalent to the true behavior of the module under test. The model learned by testing is checked with respect to fulfillment of the desired property, using standard LTL property checking algorithms. Various new optimization strategies allow for early detection of property violations. Moreover, the application of fuzz testing in the first testing phase accelerates the original black box checking approach in a considerable way, at the same time avoiding infeasible checks  due to memory exhaustion. 
This combined testing and model checking approach is complete in the sense that passing the suite proves that the module under test satisfies the specified property, provided that certain hypotheses about the size of the module's state space and the conditions and assignment expressions used in the code are fulfilled. Since these hypotheses can be easily checked by static code analyses, the gray box checking approach presented here is a viable alternative to ``conventional'' software model checking. All test and model checking algorithms presented here have been implemented in open source libraries and can be directly applied on a server farm in the cloud with an open interface provided by the authors' research group.