6.3 SOURCES OF DOMAINS

Domains can be identified from both specifications and programs. We explain a method to identify domains from source code using the following steps:

• Draw a control flow graph from the given source code. • Find all possible interpretations of the predicates. In other words, express

the predicates solely in terms of the input vector and, possibly, a vector of constants. The reader may note that a predicate in a program may have multiple interpretations, because control may arrive at a predicate node via different paths.

• Analyze the interpreted predicates to identify domains. In the following, we explain the above procedure to identify domains. We show an

example C function in Figure 6.2 to illustrate a procedure to identify domains. The function accepts two inputs x and y and returns an integer. A control flow graph representation of codedomain() is shown in Figure 6.3. The two predicates in the two if() statements have been represented by nodes 3 and 6 in Figure 6.3. The predicate

c> 5

139 int codedomain(int x, int y){

6.3 SOURCES OF DOMAINS

int c, d, k c = x + y; if (c > 5) d = c - x/2; else

d = c + x/2; if (d >= c + 2) k = x + d/2; else

k = y + d/4; return(k); }

Figure 6.2 A function to explain program domains.

in the first if() statement has just one interpretation, namely,

x+y>5

because program control reaches the if() statement via only one path from the initial node. However, predicate

Initialize: x, y 1

c=x+y

1 :x+y>5

d=c+x /2

d = c − x /2

P 1 : False

P 1 : True

False P 2 6

P 2 :x≥4

True

d>=c+ 2 P 2 :x≤−4

k=y+d /4

k=x+d /2

9 return (k)

Figure 6.3 Control flow graph representation of the function in Figure 6.2.

140 CHAPTER 6 DOMAIN TESTING

d≥c+2

in the second if() statement gets two interpretations, because program control can reach the second if() statement along two paths: (i) when the first if() evaluates to true and (ii) when the first if() evaluates to false. These two interpretations are summarized in Table 6.1.

We explain a procedure to obtain domains from the interpretations of P 1 and P 2 (Figure 6.3). We show a two-dimensional grid labeled x and y in Figure 6.4. The grid size is large enough to show all the domains of the program under con- sideration. We consider the predicate nodes of the control flow graph one by one

(Figure 6.3). Predicate P 1 divides the grid into two regions. The P 1 boundary is shown by a straight line represented by the equality x + y = 5. All the points

above, but excluding this line, satisfy predicate P 1 .

TABLE 6.1 Two Interpretations of Second if() Statement in Figure 6.2

Evaluation of

Interpretation of

P 2 (P 1 = False) 7

P 2 (P 1 = True) ...

x Figure 6.4 Domains obtained from interpreted predicates in Figure 6.3.

6.4 TYPES OF DOMAIN ERRORS

141 Next, we consider the two interpretations of predicate P 2 . For P 1 = True,

P 2 has the following interpretation

x ≤ −4

Therefore, P 2 further divides the area, or set of points, defined by P 1 = True into two sets corresponding to its two truth values. The P 2 boundary, when P 1 evaluates to true, is represented by the straight line x = − 4. The area to the left of the P 2 boundary and above the P 1 boundary corresponds to P 1 P 2 = TT, and the area to the right of the P 2 boundary and above the P 1 boundary corresponds to P 1 P 2 = TF.

For P 1 = False, P 2 has the following interpretation:

x> 4

In other words, P 2 further divides the area, or set of points, defined by P 1 = False into two sets corresponding to its two truth values. The P 2 boundary, when P 1 evaluates to false, is represented by the straight line x = 4. The area to the right of the P 2 boundary and below the P 1 boundary corresponds to P 1 P 2 = FT, and the area to the left of the P 2 boundary and below the P 1 boundary corresponds to P 1 P 2 = FF in Figure 6.4. The reader may note that if a program contains k predicates in a sequence, the

maximum number of domains obtained is 2 k . In practice, the number of domains obtained is much smaller than 2 k , because certain combinations of truth values of those k predicates may not hold simultaneously.