Abstracting formal specifications to generate software tests via model checking

A recent method combines model checkers with specification-based mutation analysis to generate test cases from formal software specifications. However high-level software specifications usually must be reduced to make analysis with a model checker feasible. We propose a new reduction, parts of which can be applied mechanically, to soundly reduce some large, even infinite, state machines to manageable pieces. Our work differs from other work in that we use the reduction for generating test sets, as opposed to the typical goal of analyzing for properties. Consequently, we have different criteria, and we prove a different soundness rule. Informally the rule is that counterexamples from the model checker are test cases for the original specification. The reduction changes the state machine and temporal logic constraints the model checking specification to avoid generating unsound test cases. We use a Java virtual machine stack as an example of the reduction and test generation