Testing of software and of communication systems. Richard Castanet, Bordeaux
|
|
- Georgina Cora Carpenter
- 6 years ago
- Views:
Transcription
1 Testing of software and of communication systems Richard Castanet, LaBRI Bordeaux 40ième anniversaire du LAAS 1
2 Overview Test positioning, definitions and norms Automatization andformal methods Test of reactive systems Optimizations (test on the fly, symbolic testing) Test of critical systems with temporal constraints Robustness testing Perspectives 40ième anniversaire du LAAS 2
3 Definition et positioning Test definitions : dynamic validation method, non exhaustive Need of the test : cost of systems and human life Live cycle : Position of the test t: test tof an implementation ti Types of test Conformance testing, interoperability testing, robustness testing, performance testing Test of unities, integration testing, test of the global system, test of acceptance Structural testing (white box) and functional testing (black box) Norms : ISO9646, DO178B, CEI 60880, CENELEC EN Need of automatization: test conception and test campaign Main questions about test : selection, coverage, testability, controllability 40ième anniversaire du LAAS 3
4 Use of formal methods Formal description language (well defined semantic) Scheme : Verification Informal specification Formal specification Simulation Proof Automatic test generation Automatic code generation 40ième anniversaire du LAAS 4
5 Test of reactive systems Formal languages: SDL, LOTOS, LUSTRE, ESTEREL Based model: transition systems: Labeled Transition Systems (LTS), IOLTS (semantic for non deterministic reactive systems) (Tretmans, Jéron), automata Formal approach for the test: conformance relation : conf, ioco (traces and suspension inclusion) 40ième anniversaire du LAAS 5
6 Automatic test sequence generation Types of test: Conformance/Interoperability/Performance/Robustness/ Conformance testing : Implantation conform to a specification Interoperability: Capacity several communicating system to interoperate Test Process: Property/ behavior Abstract test suite Executable test suite Specification Verdict: Impl. Under Test Pass Inconclusive Fail 40ième anniversaire du LAAS 6
7 Conformance relation : example After a visible behavior of the specification, the implementation is only authorized for the production of specified outputs or locking?a E1?a E2!b i!c!c?d S!e!f!e?g!x!f Non specified output Partial specification 40ième anniversaire du LAAS 7
8 Test case and tester Principles of a tester for communication with the implementation: inversion of inputs outputs Imp?a!a!b!c?e?b?c!e otherwise fail?d inconc!f?f!x Pass 40ième anniversaire du LAAS 8
9 Test Architectures : interoperability testing Observation Point (OP) and Control (COP) 2 types of test : black box/ grey box Architectures t for interoperability testing: ti Testeur TesteurB TesteurA PCO PCO PCO PCO B A B A PO PO PO PO Médium Médium 40ième anniversaire du LAAS 9
10 Automatic Test Generation Methods based on automata Paths in graphs Eulerian circuits Fault model, mutant method TT, W, UIO methods Optimization by chinese postman algorithm Executability problem 40ième anniversaire du LAAS 10
11 Generation Methods based on verification and simulation Construction of the reachability graph (all behaviors) Test sequence : pathin the reachability ab graph gap combinatorial explosion enumerative methods, interlacing. need of reduction methods (test number, test sequences length, ) 40ième anniversaire du LAAS 11
12 Test generation on the fly A method to reduce the combinatorial explosion Synchronous product between a test purpose and the specification Notion of observer Production of a part of all behaviors Optimizations with determinization of the graph 40ième anniversaire du LAAS 12
13 Suspension automaton The absence of visible behaviors is modeled by an output event!δ Δ(M) = M + loops of!δ on each quiescent states Suspended traces of M: STraces(M) = Traces(Δ(M)) det(δ(m)) characterizes the visible behaviors of M.!z τ 1?a!δ 2 τ!z 1?a!δ 3 4 Determinization 234 2,3,4!x!y τ τ 8!x!y!x 5 6 7!δ Δ(M)!δ!δ 5,8,7 6!δ!δ det(δ(m))!δ 40ième anniversaire du LAAS 13
14 An example of a specific tester related to a test purpose Specification: S Reachability of Det(Δ(S)): Conformance Relation: ioco suspended trace of S accepted by TP Property: Test purpose p TP 1!z!x!δ?a!y *!x *!z Accept 4?x?δ?otherwise 2 Fail!a 3?otherwise?y?δ Inc Fail Fail!δ!δ?δ?z?otherwise Det(Δ(S)) (S)) TP Inc Pass Fail TC 40ième anniversaire du LAAS 14
15 Symbolic testing Method used with test purpose Each state is linked a descriptor giving all the constraints on the variables ibl From a state to the next one, the constraints are modified by the actions of the state Use of a constraint solver 40ième anniversaire du LAAS 15
16 Symbolic Reachability Back observation (event or delay) current estimate runs matching observation next estimate 40ième anniversaire du LAAS 16
17 Test of critical temporal systems Need of test for critical system Model for critical temporal system : temporized automata 40ième anniversaire du LAAS 17
18 Temporized automaton Temporized automaton: (S,L, C,S0,T) with : S 0 S : initial iti states, tt T S x S x L x 2 C x Φ(C ).?c, x:=0 y:=0 S0?b, x:=0 y:=0?a y:=0 x>1!d y<1,?a, y:=0 y=1,!b S3 S1 S2 x<1,!c 40ième anniversaire du LAAS 18
19 Execution of a temporized automaton?c, x:=0y:=0 0?b, x:=0y:=0 0 S0?a y:=0 x>1!d y<1,?a, y:=0 y=1,!b S3 S1 S2 x<1,!c (S0, x=y =0)? a! c? a (S1, x=0.5 y =0) (S3, x=0.75 y =0.25) t=0.5 t=0.75 t=0.85 (S1, x=0.85 y =0)! b t=1.85 (S2, x=1.85 y =1)? b t=6.85 (S0, 0=x=y )? a t=7.85 (S1, x=1 y =0)! b t=8.85 (S2, x=2 y =1) 40ième anniversaire du LAAS 19
20 Automatic test generation Discrete time or continous time Infinite states Method based on the region graph (finite graph and exponential complexity) Test on the fly Timed constraints resolution 40ième anniversaire du LAAS 20
21 Clock regions and region graph Let C ={x,y} and Φ(C C )a set of constraints on C with C x =3 and C y =1. An example for a region graph: y r1 [ (2<x<3), (0<y<x-1)] r2 [ (x=3), (0<y<1)] 1 r3 [ (x>3), (0<y<1)] r4 [ (x>3), (y=1)] r5 [ (x>3), (y>1)] x r6 [2<x<3, y=0] Temporal successor of a region: The temporal successors of r1: r2, r6, r7. 40ième anniversaire du LAAS 21
22 Region automaton Lt(S Let (S,L, C,S0,T) a temporized automaton) t State representation : <state, region>. Transition representation : <<e1,r1>, a,<e2,r2>>with: <e1, a, c, r, e2> T, r2 is a temporal successor of r1, r2 satisfies c. Ex Example with C ={x,y}, C x =1 et C y =1. y s0 1 0 a y:=0 a s0, x=y=0 s1 s1, y=0<x<1 s1, y=0 et x=1 s1, y=0 et 1<x 40ième anniversaire du LAAS 22 a a
23 1 S0 x=y=0? c? b? a? a!b 2 S1! b 3 S1! b 4 S1 5 0=y <x<1 y=0,x=1 y=0,x>1 S2 1=y <x! c? a? a 6 S3! d 7 S3! d 8 S3! d 9 S3! d 0<y <x<1 0<y <1<x 1=y <x x>1, y>1! d (S0, x=y =0)? a! c? a (S1, 0=y <x <1) (S3, 0<y <x<1) δ=0.5 δ=0.25 δ=0.1 (S1, 0=y <x<1)! b δ=1 (S2, 1=y <x)? b δ=5 (S0, 0=x=y )? a δ=1 (S1, x=1 0=y )! b δ=1 (S2, 1=y <x) 40ième anniversaire du LAAS 23
24 ?c, x:=0 y:=0 S0?b, x:=0 y:=0?a y:=0 x>1!d y <1,?a, y:=0 y=1,!b S3 S1 S2 x<1,!c (S0, x=y=0) =0)? a t=0.5 (S1, x=0.5 y=0)! c t=0.75 (S3, x=0.75 y=0.25)? a t=0.85 (S1, x=0.85 y=0)! b t=1.85 (S2, x=1.85 y=1)? b t=6.85 (S0, 0=x=y )? a t=7.85 (S1, x=1 y=0)! b t=8.85 (S2, x=2 y=1) 40ième anniversaire du LAAS 24
25 Test on the fly 40ième anniversaire du LAAS 25
26 Approaches with test purpose Main idea for test with test purpose Let : S specification of the system to be tested, O test purpose Problem: Find an execution of S drived by the test purpose. Model : temporized automaton Several approaches (conformance testing) Region graph Test purpose Proof assistant 40ième anniversaire du LAAS 26
27 Region graph approach Extraction of a test sequence Producing a trace drived by a test purpose on the region automaton 1. Sequence of transitions of the region automaton (non temporized) 2. Choice of δ : fire instants disadvantage: combinatory explosion Abstraction of the specification (temporized automaton) Equivalence of states Minimization of the region graph (partition of the state space) 40ième anniversaire du LAAS 27
28 Method with test purpose Definition: A Test purpose is an deterministic atomaton without cycle automaton and with an non empty set of special states : Accept(TP). Goal: Find a sequence of transitions of the specfication according to the test purpose. p Verdicts (Pass) : the event satisfies the Spec and the TP Pass : The event satisfies the Spec and the TP and TP is in an acceptance state Fil Fail : the event does not verify the Spec Inc : the event satisfies the Spec, but not the TP. Example of a coffee machine:? token? token!end ^ t[30,60]!end ^ t[45,60] R(t) R(t) Specification (Spec) R(t) Test Purpose(TP) R(t) 40ième anniversaire du LAAS 28
29 Synchronized product Synchronized product on the events: Rule 1: Sync : product automaton : (s1,s3) S(Sync) ^ (s1,μ,ct1,cv1,ρ1,β1,s2) T(spec) ^ (s3,μ,ct2,cv2,ρ2,β2,s4) T(Ot) (s2,s3) S(Sync)^((s1,s3),μ,Ct1,Cv1,ρ1,β1,(s2,s3)) T(Sync) Spec: A B C^t[3,6] R(t) t[2,5] R(t1) A B 1,5 2,5 3,5 TP: R(t) t[2,5] C 5 6 Product automaton R(t2) 40ième anniversaire du LAAS 29
30 Synchronized product Synchronized product: Rule 2: (s1,s3) S(Sync) ^ (s1,μ,ct1,cv1,ρ1,β1,s2) T(spec) ^ (s3,μ,ct2,cv2,ρ2,β2,s4) T(Ot) (s2,s4) S(Sync) s4) S(Sync)^((s1,s3),μ,Ct1UCt2,Cv1UCv2,ρ1Uρ2, s3) μ Cv1UCv2 β1uβ2,(s2,s4)) T(Sync) s4)) T(Sync) ^ (s2,s3) S(Sync)^((s1,s3),μ1,Ct1,Cv1,ρ1,β1,(s2,s3)) T(Sync) Spec: C^t[3,6] A B C^t[3,6] 4, R(t1) R(t) t[2,5] R(t1) A B C^t[3,6] TP: 1,5 2,5 3,5 C t[2,5] R(t1,t2) 4,6 R(t) 5 6 R(t2) Automate Produit 40ième anniversaire du LAAS 30
31 Synchronized product Temporal lsynchronisation i : (method similar than the computtion of the state classes of the temporized Petri nets ) Main idea: inequations system keeping the temporal relationship between the different clocks. a transition is aware once all the clocks in his temporal constraint have been reset. 40ième anniversaire du LAAS 31
32 Synchronized product When a transition is fired, the system of inequalities is updated in 3 stages: 1) Calculating the time remaining to make transitions sensitized 2) Remove unnecessary relations. 3) Taking into account the new transitions sensitized by resetting clocks. 40ième anniversaire du LAAS 32
33 Robustness testing Robustness definitions : IEEE : degree from one system to function properly in the presence of invalid entries or stressful environment ability to exhibit acceptable behavior in the presence of hazards hazard correct or acceptable Classification of the hazards Fault extern/intern Accidental / intentional Change use profile and charge robustness stronger than conformity or orthogonal? sometimes, no specification i of expected behavior over hazard Internal, external, out of the system Representable or no representable 40ième anniversaire du LAAS 33
34 Methods based on behavior models P : S specification, M fault model l( (set of potential ti faults and unanticipated i t events planned), P robustness property : an implantation I is robust iff I met P even in the presence of faults S // M Robustness property p degraded d ds observer product Test purpose Test case 40ième anniversaire du LAAS 34
35 Approach «increasing the specification»and refusal graph specification S : LTS, extension with unknown or incorrect event (increase the specification) Construction of the refusal graph (set of refuse in each state) Adding fault traces (sequence of actions alternating with set of refusal) Construction of the robustness tester: refusal graph + fault traces, Adding of unobservable action to go back to the initial state Test selection and coverage computation S Refusal Graph Adding fault traces Selection of test purpose Robustness tester 40ième anniversaire du LAAS 35
36 Example Construction ofthe refusalgraph a 1 a 4 Ref : {{b, c}} a Ref : {{a, b};{a, c}} b c b c Ref = {{a, b, c}} Fault traces: alternating sequences of actions and set of refusal b Construction of the robustness tester a 4 ({b, c},, ) r 5 ({a, c}, {a, b},, ) r 40ième anniversaire du LAAS 36
37 Approach based on a model on the entries Operational profile Equivalence classes Model for the nominal behavior + model of the hazards Overlay nominal activity nominal x hazards? Problem of insignificant experiences Ex: injection of a fault that will not be activated in the system analysis : Online system activity, gray box analysis Selecting relevant case in an objective verification ( evaluation) Ex: heuristic optimization to guide the research of test the most "dangerous" case ( the mostrepresentative) 40ième anniversaire du LAAS 37
38 Perspectives Improvement of the use of formal methods in industries Treatment of real, complex systems Best selection of the tests Best coverage of a test suite Combining several methods : verification, proof, 40ième anniversaire du LAAS 38
39 An example for conformance testing OT 0 [True] True,!Begin, - True,?Menv,,- Init [True] Wait [True] Sender True, -, x =S Finish [True] True,!Begin, x =S x=s (S-x)=Lambda,!End, - True,?Busy, - Transmit [(S-x)<Lambda] Paramètres: Lambda=808 Sig=26 1 [True] S-x<=2*Sig,?Busy, x =S 2 [True] True,!End, - True,? Busy, x =S True,? CD, x =S Retry [(S-x)<=2*Sig] (S-x)<Sig,?CD, x =S x=s (S-x)<=2*Sig,!Begin, x =S S-x<=2*Sig,?CD, x =S (Wait)!Begin (Transmit) S=t1?Busy (Transmit) S= ]t1,t1+lambda[!end S=t1+Lambda (Transit) 40ième anniversaire du LAAS 39
40 Calcul des intervalles de l horloge h(2) Exemple: h(t 0 )= [0,0] 0] h(t 1 )= [0,2][0,2][0,1]=[0,1] h(t 2 )= [0+2,1+5][2,7]=[2,6] h(t 3 ) =[2+2,6+6][3,13]=[4,12] h(t 4 ) =[0+3,1+6][2+3,6+7] [5,13] =[5,7] 40ième anniversaire du LAAS 40
41 Exemple Pour atteindre t Pour atteindre t 2 1 h[01 Horloge C1: 0 τ 1 2 Transition t 2: [0,1] Horloge C2: 0 τ 1 1 Horloge C1: 0 τ 1 1 s1, C1[0,1] Horloge h : 0 τ τ 2 τ 1 5 C2[0,1] RC(t 1,h) =[0,1] 2 τ 2 6 Transition t 1 Horloge C1: 0 τ 1 2 Horloge C2: 0 τ 1 1 h[0,1 ] s1, C1[0,1] C2[0,1 ] Horloge h : 0 τ 1 1 τ 1 τ 2 RC(t 1,h) =[0,1] RC(t 2,h) =[2,6] h[2 [2,6] s2, C1[2,5] 40ième anniversaire du LAAS 41
42 Exemple Pour atteindre t 4 Transition t 4: Horloge h: 5 τ 4 7 Horloge C1: 3 τ 4 τ 1 6 Horloge C2: 3 τ 4 τ 2 7 Transition t 3: Horloge h: 4 τ 3 12 Horloge C2: 2 τ 3 τ 2 6 Transition t 2: Horloge h: 2 τ 2 6 Horloge C1: 2 τ 2 τ 1 5 Transition t 1: Horloge h : 0 τ 1 1 Horloge C1: 0 τ 1 2 Horloge C2: 0 τ 1 1 Domaine de tir potentiel h[0,1] s1, C1[0,1] C 2[0,1] h[2,4] s2, C1[2,4] h[4 [4,7] s3, C1[2,5] Domaine de tir h[0,1] s1, C1[0,1] C 2[0,1] h[2,4] s2, C1[2,3] h[4 [4,7] s3, C1[2,4] τ 1 τ 2 τ 3 τ 4 RC(t 1,h) =[0,1] RC(t 2,h) =[2,4] RC(t 3,h) =[4,7] RC(t 4,h) =[5,7] h[5,7] s4, C1[4,6] C 2[3,5] h[5,7] s4, C1[5,6] 4] C 2[3,4 40ième anniversaire du LAAS 42
Automatic Testing with Formal Methods
November 30th, 2010 Testing is Inevitable Can be applied to the actual implementation Scales up Can be applied to the actual implementation No need to build a model of the system It is complex to build
More informationSoftware Testing IV. Prof. Dr. Holger Schlingloff. Humboldt-Universität zu Berlin
Software Testing IV Prof. Dr. Holger Schlingloff Humboldt-Universität zu Berlin and Fraunhofer Institute of Computer Architecture and Software Technology FIRST Outline of this Lecture Series 2006/11/24:
More informationPart I: Preliminaries 24
Contents Preface......................................... 15 Acknowledgements................................... 22 Part I: Preliminaries 24 1. Basics of Software Testing 25 1.1. Humans, errors, and testing.............................
More informationTowards Compositional Testing of Real-Time Systems
Towards Compositional Testing of Real-Time Systems Kim G Larsen, Axel Legay, Marius Mikucionis, Brian Nielsen, Ulrik Nyman Aalborg University, DENMARK Compositional Testing Integration of fully conformant
More informationBy: Chaitanya Settaluri Devendra Kalia
By: Chaitanya Settaluri Devendra Kalia What is an embedded system? An embedded system Uses a controller to perform some function Is not perceived as a computer Software is used for features and flexibility
More informationIntroduction to Dynamic Analysis
Introduction to Dynamic Analysis Reading assignment Gary T. Leavens, Yoonsik Cheon, "Design by Contract with JML," draft paper, http://www.eecs.ucf.edu/~leavens/jml//jmldbc.pdf G. Kudrjavets, N. Nagappan,
More informationMONIKA HEINER.
LESSON 1 testing, intro 1 / 25 SOFTWARE TESTING - STATE OF THE ART, METHODS, AND LIMITATIONS MONIKA HEINER monika.heiner@b-tu.de http://www.informatik.tu-cottbus.de PRELIMINARIES testing, intro 2 / 25
More informationTesting: Test design and testing process
Testing: Test design and testing process Zoltán Micskei Based on István Majzik s slides Dept. of Measurement and Information Systems Budapest University of Technology and Economics Department of Measurement
More informationOverview. Discrete Event Systems - Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?
Computer Engineering and Networks Overview Discrete Event Systems - Verification of Finite Automata Lothar Thiele Introduction Binary Decision Diagrams Representation of Boolean Functions Comparing two
More informationA Test Case Generation Algorithm for Real-Time Systems
A Test Case Generation Algorithm for Real-Time Systems Anders Hessel and Paul Pettersson Department of Information Technology Uppsala University, P.O. Box 337 SE-751 05 Uppsala, Sweden {hessel,paupet}@it.uu.se
More informationTimo Latvala. January 28, 2004
Reactive Systems: Kripke Structures and Automata Timo Latvala January 28, 2004 Reactive Systems: Kripke Structures and Automata 3-1 Properties of systems invariants: the system never reaches a bad state
More informationFine-grained Compatibility and Replaceability Analysis of Timed Web Service Protocols
Fine-grained Compatibility and Replaceability Analysis of Timed Web Service Protocols Julien Ponge 1,2, Boualem Benatallah 2, Fabio Casati 3 and Farouk Toumani 1 (1) Université Blaise Pascal, Clermont-Ferrand,
More informationTimed Automata From Theory to Implementation
Timed Automata From Theory to Implementation Patricia Bouyer LSV CNRS & ENS de Cachan France Chennai january 2003 Timed Automata From Theory to Implementation p.1 Roadmap Timed automata, decidability issues
More informationDistributed Systems Programming (F21DS1) Formal Verification
Distributed Systems Programming (F21DS1) Formal Verification Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Focus on
More informationNo Source Code. EEC 521: Software Engineering. Specification-Based Testing. Advantages
No Source Code : Software Testing Black-Box Testing Test-Driven Development No access to source code So test cases don t worry about structure Emphasis is only on ensuring that the contract is met Specification-Based
More informationThree General Principles of QA. COMP 4004 Fall Notes Adapted from Dr. A. Williams
Three General Principles of QA COMP 4004 Fall 2008 Notes Adapted from Dr. A. Williams Software Quality Assurance Lec2 1 Three General Principles of QA Know what you are doing. Know what you should be doing.
More informationPetri Nets ee249 Fall 2000
Petri Nets ee249 Fall 2000 Marco Sgroi Most slides borrowed from Luciano Lavagno s lecture ee249 (1998) 1 Models Of Computation for reactive systems Main MOCs: Communicating Finite State Machines Dataflow
More informationReal-time Testing with Timed Automata Testers and Coverage Criteria
Unité Mixte de Recherche 5104 CNRS - INPG - UJF Centre Equation 2, avenue de VIGNATE F-38610 GIERES tel : +33 456 52 03 40 fax : +33 456 52 03 50 http://www-verimag.imag.fr Real-time Testing with Timed
More informationBlack Box Testing. EEC 521: Software Engineering. Specification-Based Testing. No Source Code. Software Testing
Black Box Testing EEC 521: Software Engineering Software Testing Black-Box Testing Test-Driven Development Also known as specification-based testing Tester has access only to running code and the specification
More informationKilling strategies for model-based mutation testing
SOFTWARE TESTING, VERIFICATION AND RELIABILITY Softw. Test. Verif. Reliab. 0000; 00:1 33 Published online in Wiley InterScience (www.interscience.wiley.com). Killing strategies for model-based mutation
More informationHardware Description Languages & System Description Languages Properties
Hardware Description Languages & System Description Languages Properties There is a need for executable specification language that is capable of capturing the functionality of the system in a machine-readable
More informationModel Checking with Automata An Overview
Model Checking with Automata An Overview Vanessa D Carson Control and Dynamical Systems, Caltech Doyle Group Presentation, 05/02/2008 VC 1 Contents Motivation Overview Software Verification Techniques
More informationLecture 2. Decidability and Verification
Lecture 2. Decidability and Verification model temporal property Model Checker yes error-trace Advantages Automated formal verification, Effective debugging tool Moderate industrial success In-house groups:
More informationOn the construction of convergent transfer subgraphs in general labeled directed graphs
On the construction of convergent transfer subgraphs in general labeled directed graphs 38th CGTC 7 March 2007 Christopher League * Mohammed Ghriga First, I ll explain what we mean by Convergent Transfer
More informationAbstract This thesis presents a mathematical model for test selection problem in protocol conformance testing, the goal of which is to select a test s
Budapest University of Technology and Economics Department of Telecommunication and Telematics Conformance Test Suite Optimization PhD thesis Tibor Csöndes Advisors Dr. Katalin Tarnay dr. Gyula Csopaki
More informationSoftware Engineering 2 A practical course in software engineering. Ekkart Kindler
Software Engineering 2 A practical course in software engineering Quality Management Main Message Planning phase Definition phase Design phase Implem. phase Acceptance phase Mainten. phase 3 1. Overview
More informationHardware Description Languages & System Description Languages Properties
Hardware Description Languages & System Description Languages Properties There is a need for executable specification language that is capable of capturing the functionality of the system in a machine-readable
More informationLecture 2. The SCADE Language Data Flow Kernel. Daniel Kästner AbsInt GmbH 2012
Lecture 2 The SCADE Language Data Flow Kernel Daniel Kästner AbsInt GmbH 2012 2 Synchronous Programming Two simple ways of implementing reactive systems: Event-driven Foreach input_event
More informationSpecification Coverage Aided Test Selection
Specification Coverage Aided Test Selection Tuomo Pyhälä Helsinki University of Technology Laboratory for Theoretical Computer Science P.O. Box 5400, FIN-02015 HUT, Finland Tuomo.Pyhala@hut.fi Keijo Heljanko
More informationImprovements on the Online Testing with T-UppAal: Coverage Measurement and Re-runs
Improvements on the Online Testing with T-UppAal: Coverage Measurement and Re-runs Gunnar Hall Piotr Kordy Dalia Vitkauskaitė Master Thesis Software System Engineering Department of Computer Science Aalborg
More informationThe UPPAAL Model Checker. Julián Proenza Systems, Robotics and Vision Group. UIB. SPAIN
The UPPAAL Model Checker Julián Proenza Systems, Robotics and Vision Group. UIB. SPAIN The aim of this presentation Introduce the basic concepts of model checking from a practical perspective Describe
More informationQuasimodo. under uncertainty. Alexandre David & K.G Larsen & Aalborg University, DK.
Quasimodo Testing real-time systems under uncertainty Alexandre David & K.G Larsen & & Shuhaoh Li & Bi Brian Nielsen Aalborg University, DK bnielsen@cs.aau.dk FMCO, Graz, December 1, 2010 Page 1 Automated
More informationInteraction Testing! Chapter 15!!
Interaction Testing Chapter 15 Interaction faults and failures Subtle Difficult to detect with testing Usually seen after systems have been delivered In low probability threads Occur after a long time
More informationINTRODUCTION TO SOFTWARE ENGINEERING
INTRODUCTION TO SOFTWARE ENGINEERING Introduction to Software Testing d_sinnig@cs.concordia.ca Department for Computer Science and Software Engineering What is software testing? Software testing consists
More informationCounting multiplicity over infinite alphabets
Counting multiplicity over infinite alphabets Amal Dev Manuel and R. Ramanujam The Institute of Mathematical Sciences, Chennai, India {amal,jam}@imsc.res.in Summary Motivation for infinite data. We need
More informationResearch Collection. Formal background and algorithms. Other Conference Item. ETH Library. Author(s): Biere, Armin. Publication Date: 2001
Research Collection Other Conference Item Formal background and algorithms Author(s): Biere, Armin Publication Date: 2001 Permanent Link: https://doi.org/10.3929/ethz-a-004239730 Rights / License: In Copyright
More informationSimulation semantics (a.k.a. event semantics)
Simulation semantics (a.k.a. event semantics) HDLs use discrete event simulation changes to variables threads enabled enabled threads executed non-deterministically execution of threads more events Combinational
More informationInteraction Testing. Chapter 15
Interaction Testing Chapter 15 Interaction faults and failures Subtle Difficult to detect with testing Usually seen after systems have been delivered In low probability threads Occur after a long time
More informationTesting! Prof. Leon Osterweil! CS 520/620! Spring 2013!
Testing Prof. Leon Osterweil CS 520/620 Spring 2013 Relations and Analysis A software product consists of A collection of (types of) artifacts Related to each other by myriad Relations The relations are
More informationBehavioural Equivalences and Abstraction Techniques. Natalia Sidorova
Behavioural Equivalences and Abstraction Techniques Natalia Sidorova Part 1: Behavioural Equivalences p. p. The elevator example once more How to compare this elevator model with some other? The cabin
More informationCOMP 763. Eugene Syriani. Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science. McGill University
Eugene Syriani Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science McGill University 1 OVERVIEW In the context In Theory: Timed Automata The language: Definitions and Semantics
More informationIntroduction to Formal Methods
2008 Spring Software Special Development 1 Introduction to Formal Methods Part I : Formal Specification i JUNBEOM YOO jbyoo@knokuk.ac.kr Reference AS Specifier s Introduction to Formal lmethods Jeannette
More informationM. De Wulf, L. Doyen,J.-F. Raskin Université Libre de Bruxelles Centre Fédéré en Vérification
Systematic Implementation of Real-Time Models M. De Wulf, L. Doyen,J.-F. Raskin Université Libre de Bruxelles Centre Fédéré en Vérification Model-based Development for Controllers Make a model of the environment
More informationT Reactive Systems: Kripke Structures and Automata
Tik-79.186 Reactive Systems 1 T-79.186 Reactive Systems: Kripke Structures and Automata Spring 2005, Lecture 3 January 31, 2005 Tik-79.186 Reactive Systems 2 Properties of systems invariants: the system
More informationA Model-based Certification Framework for the EnergyBus Standard
A Model-based Certification Framework for the EnergyBus Standard Alexander Graf- Brill, Saarland University Holger Hermanns, Saarland University Hubert Garavel, Inria Grenoble 1 Light Electric Vehicles
More informationDesign and Synthesis for Test
TDTS 80 Lecture 6 Design and Synthesis for Test Zebo Peng Embedded Systems Laboratory IDA, Linköping University Testing and its Current Practice To meet user s quality requirements. Testing aims at the
More informationCoverage Criteria for Model-Based Testing using Property Patterns
Coverage Criteria for Model-Based Testing using Property Patterns Kalou Cabrera Castillos 1, Frédéric Dadeau 2, Jacques Julliand 2 1 LAAS Toulouse, France 2 FEMTO-ST Besançon, France MBT workshop April
More informationModel checking pushdown systems
Model checking pushdown systems R. Ramanujam Institute of Mathematical Sciences, Chennai jam@imsc.res.in Update Meeting, IIT-Guwahati, 4 July 2006 p. 1 Sources of unboundedness Data manipulation: integers,
More informationOn Fault Coverage of Tests for Finite State Specifications
On Fault Coverage of Tests for Finite State Specifications A. Petrenko and G. v. Bochmann Département d'informatique et de Recherche Opérationnelle, Université de Montréal, CP. 6128, Succ. Centre-Ville,
More informationOutline. Petri nets. Introduction Examples Properties Analysis techniques. 1 EE249Fall04
Outline Petri nets Introduction Examples Properties Analysis techniques 1 Petri Nets (PNs) Model introduced by C.A. Petri in 1962 Ph.D. Thesis: Communication with Automata Applications: distributed computing,
More informationCh6 Protocol Testing. Outline. Outline. Protocol Conformance Testing. Introduction Concepts Fault models Related definitions General approach
Outline VI. Protocol Testing Introduction Concepts Fault models Related definitions General approach Methodologies based on FSM T-Method (Transition Tour method) D-Method d(distinguishing i sequences)
More informationSérgio Campos, Edmund Clarke
Sérgio Campos, Edmund 1 / 23 Model checking is a technique that relies on building a finite model of a system and checking that a desired property holds in that model. The check is performed by an exhaustive
More informationl Some materials from various sources! Soma 1! l Apply a signal, measure output, compare l 32-bit adder test example:!
Acknowledgements! Introduction and Overview! Mani Soma! l Some materials from various sources! n Dr. Phil Nigh, IBM! n Principles of Testing Electronic Systems by S. Mourad and Y. Zorian! n Essentials
More informationLeveraging Formal Verification Throughout the Entire Design Cycle
Leveraging Formal Verification Throughout the Entire Design Cycle Verification Futures Page 1 2012, Jasper Design Automation Objectives for This Presentation Highlight several areas where formal verification
More informationIntroduction 2 The first synchronous language (early 80 s) Gérard Berry and his team (École des Mines de Paris / INRIA Sophia-Antipolis) Imperative, s
Pascal Raymond, Verimag-CNRS Introduction 2 The first synchronous language (early 80 s) Gérard Berry and his team (École des Mines de Paris / INRIA Sophia-Antipolis) Imperative, sequential style (i.e.
More informationHybrid System Modeling: Operational Semantics Issues
Hybrid System Modeling: Operational Semantics Issues Edward A. Lee Professor UC Berkeley OMG Technical Meeting Feb. 4, 2004 Anaheim, CA, USA Special thanks to Jie Liu, Xiaojun Liu, Steve Neuendorffer,
More informationFrom synchronous models to distributed, asynchronous architectures
From synchronous models to distributed, asynchronous architectures Stavros Tripakis Joint work with Claudio Pinello, Cadence Alberto Sangiovanni-Vincentelli, UC Berkeley Albert Benveniste, IRISA (France)
More informationSoftware testing. Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 23 Slide 1
Software testing Ian Sommerville 2006 Software Engineering, 8th edition. Chapter 23 Slide 1 Objectives To discuss the distinctions between validation testing and defect testing To describe the principles
More informationAutomatic synthesis of switching controllers for linear hybrid systems: Reachability control
Automatic synthesis of switching controllers for linear hybrid systems: Reachability control Massimo Benerecetti and Marco Faella Università di Napoli Federico II, Italy Abstract. We consider the problem
More informationSymbolic Model Checking
Bug Catching 5-398 Symbolic Model Checking Hao Zheng Dept. of Computer Science & Eng. Univ. of South Florida Overview CTL model checking operates on sets. Calculates the fix points over finite state sets.
More informationTimed Automata: Semantics, Algorithms and Tools
Timed Automata: Semantics, Algorithms and Tools Johan Bengtsson and Wang Yi Uppsala University Email: {johanb,yi}@it.uu.se Abstract. This chapter is to provide a tutorial and pointers to results and related
More informationAutomatic Test Generation from Interprocedural Specifications
Automatic Test Generation from Interprocedural Specifications Camille Constant 1, Bertrand Jeannet 2 and Thierry Jéron 1 1 IRISA/INRIA, Campus de Beaulieu, Rennes, France, constant, jeron@irisa.fr 2 INRIA
More informationTimed Automata. Rajeev Alur. University of Pennsylvania
Timed Automata Rajeev Alur University of Pennsylvania www.cis.upenn.edu/~alur/ SFM-RT, Bertinoro, Sept 2004 model temporal property Model Checker yes error-trace Advantages Automated formal verification,
More informationModular Petri Net Processor for Embedded Systems
Modular Petri Net Processor for Embedded Systems Orlando Micolini 1, Emiliano N. Daniele, Luis O. Ventre Laboratorio de Arquitectura de Computadoras (LAC) FCEFyN Universidad Nacional de Córdoba orlando.micolini@unc.edu.ar,
More informationAdministrivia. ECE/CS 5780/6780: Embedded System Design. Acknowledgements. What is verification?
Administrivia ECE/CS 5780/6780: Embedded System Design Scott R. Little Lab 8 status report. Set SCIBD = 52; (The Mclk rate is 16 MHz.) Lecture 18: Introduction to Hardware Verification Scott R. Little
More informationMonitoring Interfaces for Faults
Monitoring Interfaces for Faults Aleksandr Zaks RV 05 - Fifth Workshop on Runtime Verification Joint work with: Amir Pnueli, Lenore Zuck Motivation Motivation Consider two components interacting with each
More informationEfficient Mutation Killers in Action
Efficient Mutation Killers in Action Bernhard K. Aichernig, Harald Brandl, Elisabeth Jöbstl Institute for Software Technology Graz University of Technology Graz, Austria {aichernig, brandl, joebstl}@ist.tugraz.at
More informationDiagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets)
Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets) Cédric Favre(1,2), Hagen Völzer(1), Peter Müller(2) (1) IBM Research - Zurich (2) ETH Zurich 1 Outline
More informationFormal Modeling of Testing Software for Cyber-Physical Automation Systems
Formal Modeling of Testing Software for Cyber-Physical Automation Systems Igor Buzhinsky, Cheng Pang, Valeriy Vyatkin Computer Technologies Laboratory, ITMO University, St. Petersburg, Russia Department
More informationDIVERSITY TG Automatic Test Case Generation from Matlab/Simulink models. Diane Bahrami, Alain Faivre, Arnault Lapitre
DIVERSITY TG Automatic Test Case Generation from Matlab/Simulink models Diane Bahrami, Alain Faivre, Arnault Lapitre CEA, LIST, Laboratory of Model Driven Engineering for Embedded Systems (LISE), Point
More informationEfficient Synthesis of Production Schedules by Optimization of Timed Automata
Efficient Synthesis of Production Schedules by Optimization of Timed Automata Inga Krause Institute of Automatic Control Engineering Technische Universität München inga.krause@mytum.de Joint Advanced Student
More informationFlexRay International Workshop. FAN analysis
FlexRay International Workshop 16 th and 17 th April, 2002 Munich FAN analysis Dipl. Inf. Jens Lisner - University of Essen Project FAN - Goals Verify the design of FlexRay in particular: countermeasures
More informationSynchronous Specification
Translation Validation for Synchronous Specification in the Signal Compiler Van-Chan Ngo Jean-Pierre Talpin Thierry Gautier INRIA Rennes, France FORTE 2015 Construct a modular translation validationbased
More informationTowards Validated Real-Time Software
Towards Validated Real-Time Software Valérie BERTIN, Michel POIZE, Jacques PULOU France Télécom - Centre National d'etudes des Télécommunications 28 chemin du Vieux Chêne - BP 98-38243 Meylan cedex - France
More informationA game-theoretic approach to real-time system testing David, Alexandre; Larsen, Kim Guldstrand; Li, Shuhao; Nielsen, Brian
Aalborg Universitet A game-theoretic approach to real-time system testing David, Alexandre; Larsen, Kim Guldstrand; Li, Shuhao; Nielsen, Brian Published in: Design, Automation and Test in Europe DOI (link
More informationReasoning about Timed Systems Using Boolean Methods
Reasoning about Timed Systems Using Boolean Methods Sanjit A. Seshia EECS, UC Berkeley Joint work with Randal E. Bryant (CMU) Kenneth S. Stevens (Intel, now U. Utah) Timed System A system whose correctness
More informationSynthesis of Complicated Asynchronous Control Circuits Using Template Based Technique
Synthesis of Complicated Asynchronous Control Circuits Using Template Based Technique Sufian Sudeng and Arthit Thongtak Abstract this paper proposes an approach for complicated asynchronous controller
More informationModeling and Verification of Real-Time Systems
Modeling and Verification of Real-Time Systems Formalisms and Software Tools Edited by Stephan Merz Nicolas Navet This page intentionally left blank Modeling and Verification of Real-Time Systems This
More informationRevisiting coverage criteria for Scade models Jean-Louis Colaço 7 December 2016
Revisiting coverage criteria for Scade models Jean-Louis Colaço 7 December 2016 Context Code coverage is a measure that characterises how much a given test suite exercises a code, lots of criteria exist,
More informationAutomated Refinement Checking of Asynchronous Processes. Rajeev Alur. University of Pennsylvania
Automated Refinement Checking of Asynchronous Processes Rajeev Alur University of Pennsylvania www.cis.upenn.edu/~alur/ Intel Formal Verification Seminar, July 2001 Problem Refinement Checking Given two
More informationParallel Model Checking of ω-automata
Parallel Model Checking of ω-automata Vincent Bloemen Formal Methods and Tools, University of Twente v.bloemen@utwente.nl Abstract. Specifications for non-terminating reactive systems are described by
More informationCommunication Protocols Testability Improvement by Narrow Input/Output (NIO) Sequences
Communication Protocols Testability Improvement by Narrow Input/Output (NIO) Sequences Tao Huang and Anthony Chung School of Computer Science, Telecommunications and Information Systems DePaul University
More informationCSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Unit Testing. Emina Torlak
CSE 403: Software Engineering, Fall 2016 courses.cs.washington.edu/courses/cse403/16au/ Unit Testing Emina Torlak emina@cs.washington.edu Outline Software quality control Effective unit testing Coverage
More informationModeling and Verification of Networkon-Chip using Constrained-DEVS
Modeling and Verification of Networkon-Chip using Constrained-DEVS Soroosh Gholami Hessam S. Sarjoughian School of Computing, Informatics, and Decision Systems Engineering Arizona Center for Integrative
More informationSpecification and Analysis of Contracts Tutorial
Specification and Analysis of Contracts Tutorial Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo Gerardo Schneider (UiO) Specification and
More informationFrom Analysis to Code Generation of Protocols and Embedded Software with a UML-Based Formal Environment Named TURTLE 2005
From Analysis to Code Generation of Protocols and Embedded Software with a UML-Based Formal Environment Named TURTLE 2005 Ludovic Apvrille ludovic.apvrille@enst.fr Ludovic Apvrille - UML - 2005. Slide
More informationStochastic Petri nets
Stochastic Petri nets 1 Stochastic Petri nets Markov Chain grows very fast with the dimension of the system Petri nets: High-level specification formalism Markovian Stochastic Petri nets adding temporal
More informationLecture 3 - Fault Simulation
Lecture 3 - Fault Simulation Fault simulation Algorithms Serial Parallel Deductive Random Fault Sampling Problem and Motivation Fault simulation Problem: Given A circuit A sequence of test vectors A fault
More informationA Tutorial on Runtime Verification and Assurance. Ankush Desai EECS 219C
A Tutorial on Runtime Verification and Assurance Ankush Desai EECS 219C Outline 1. Background on Runtime Verification 2. Challenges in Programming Robotics System Drona). 3. Solution 1: Combining Model
More informationThe testing process. Component testing. System testing
Software testing Objectives To discuss the distinctions between validation testing and defect testing To describe the principles of system and component testing To describe strategies for generating system
More informationLogic Model Checking
Logic Model Checking Lecture Notes 17:18 Caltech 101b.2 January-March 2005 Course Text: The Spin Model Checker: Primer and Reference Manual Addison-Wesley 2003, ISBN 0-321-22862-6, 608 pgs. checking omega
More informationA Modal Specification Approach for Assuring the Safety of On-Demand Medical Cyber-Physical Systems
A Modal Specification Approach for Assuring the Safety of On-Demand Medical Cyber-Physical Systems Lu Feng PRECISE Center Department of Computer and Information Science University of Pennsylvania lufeng@cis.upenn.edu
More informationModel-based Analysis of Event-driven Distributed Real-time Embedded Systems
Model-based Analysis of Event-driven Distributed Real-time Embedded Systems Gabor Madl Committee Chancellor s Professor Nikil Dutt (Chair) Professor Tony Givargis Professor Ian Harris University of California,
More informationSynthesis of Supervisory Control of Discrete Event System for Static VAR Compansator
Synthesis of Supervisory Control of Discrete Event System for Static VAR Compansator Tarun Jain Department of Electrical Engineering Indian Institute of Technology, BHU Varanasi, India tarun.jain.eee10@itbhu.ac.in
More informationFault-based Conformance Testing in Practice
Int J Software Informatics, Vol.XX, No.XX, XXXXXX 20XX, pp. 1 000 E-mail: ijsi@iscas.ac.cn International Journal of Software and Informatics, ISSN 1673-7288 http://www.ijsi.org c 20XX by Institute of Software,
More informationInteroperability Test Generation: Formal Definitions and Algorithm
Interoperability Test Generation: Formal Definitions and Algorithm Alexandra DESMOULIN César VIHO IRISA/Université de Rennes I Campus de Beaulieu 35042 Rennes Cedex, FRANCE {AlexandraDesmoulin,CesarViho}@irisafr
More informationIntegrated HW/SW Systems: Requirements
TECHNISCHE UNIVERSITÄT ILMENAU Integrated HW/SW Systems: Requirements Integrated Communication Systems http://www.tu-ilmenau.de/iks Analysis process Functional requirements Performance requirements Real-time
More informationComposability Test of BOM based models using Petri Nets
I. Mahmood, R. Ayani, V. Vlassov and F. Moradi 7 Composability Test of BOM based models using Petri Nets Imran Mahmood 1, Rassul Ayani 1, Vladimir Vlassov 1, and Farshad Moradi 2 1 Royal Institute of Technology
More informationFachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn. 2.3 Timed Automata and Real-Time Statecharts
2.3 Timed Automata and Real-Time Statecharts Develop a BOOK RATING APP and win awesome prizes! The creators of the best submissions will be invited to an exclusive party in February
More informationOn Nested Depth First Search
DIMACS Series in Discrete Mathematics and Theoretical Computer Science Volume 32, 1997 On Nested Depth First Search Gerard J. Holzmann, Doron Peled, and Mihalis Yannakakis The SPIN. ABSTRACT. We show in
More information