We show how one can use symbolic execution and model counting (i.e. probabilistic symbolic execution) to take a fresh approach to the analysis of mutations and the connection between coverage and fault detection capability. For mutations we show that reaching a mutation point is often times the most important point when trying to kill a mutant, and, when controlling for the reachability one can determine which operators create hard-to-kill mutations. We also show that the precision of the oracle plays a critical role when determining whether a mutant is hard to kill or not. Next we briefly explore the hypothesis that probability is maybe the missing link to explain when test suites that get certain levels of coverage is correlated with fault detection. Time permitting we will also discuss some recent work on the use of probabilistic symbolic execution for doing probabilistic programming and probabilistic model checking.
Willem Visser is a professor in Computer Science at Stellenbosch University, South Africa. Before joining Stellenbosch in 2009, he spent 8 years at NASA Ames Research Center, where he was one of the research leads for the Java PathFinder project. His research interests include model checking, testing, symbolic execution and model counting. He has been co-chair of ASE in 2008 and ICSE in 2016. He is also currently on the steering committee for ICSE and SPIN, on the executive committee of ACM SIGSOFT and is a member of the editorial board of TOSEM. He has an A rating from the South African National Research Foundation (one of only 2 in the country). More information can be found on his webpage at: www.cs.sun.ac.za/~wvisser/.