Extend static analysis with control flow graph analysis capabilities to come up with sets of inputs that cover each possible branch of execution. Combine this with dynamic analysis of calls with those inputs to come up with real test cases that improve branch coverage of the code.
Because the code has to be run before we can generate a test case, do this only for safe functions (e.g. functions without side effects or with side effects we can handle).
Since we'll be testing a lot of input values, but are only interested in the outcome, calls should be grouped into equivalence classes.
* Blueprints in grey have been implemented.