A Case Study of Model-Based Testing

Similar documents
10. Software Testing Fundamental Concepts

No Source Code. EEC 521: Software Engineering. Specification-Based Testing. Advantages

Black Box Testing. EEC 521: Software Engineering. Specification-Based Testing. No Source Code. Software Testing

In this Lecture you will Learn: Testing in Software Development Process. What is Software Testing. Static Testing vs.

The Bizarre Truth! Automating the Automation. Complicated & Confusing taxonomy of Model Based Testing approach A CONFORMIQ WHITEPAPER

Introduction to Software Testing

Lecture 10 Notes Linked Lists

So, You Want to Test Your Compiler?

Chapter 9. Software Testing

Dataworks Development, Inc. P.O. Box 174 Mountlake Terrace, WA (425) fax (425)

Software Engineering

Quality Assurance: Test Development & Execution. Ian S. King Test Development Lead Windows CE Base OS Team Microsoft Corporation

Part 5. Verification and Validation

ADL 101: Week 2 Syllabus

An Automated Testing Environment to support Operational Profiles of Software Intensive Systems

Selection of UML Models for Test Case Generation: A Discussion on Techniques to Generate Test Cases

AN EFFICIENT APPROACH FOR MODEL- BASED TESTING: SIEMENS USE CASE IN THE MBAT EUROPEAN PROJECT

What do Compilers Produce?

Software Engineering Testing and Debugging Testing

Offline Model-based Testing and Runtime Monitoring

StoryStylus Scripting Help

WACC Report. Zeshan Amjad, Rohan Padmanabhan, Rohan Pritchard, & Edward Stow

Your Essential Skills Online program is a web application, which runs in your web browser on a Windows PC or Macintosh computer.

1. Write two major differences between Object-oriented programming and procedural programming?

Eggplant Performance

UNIT 4 DATABASE SYSTEM CATALOGUE

Understanding Internet Speed Test Results

CERT C++ COMPLIANCE ENFORCEMENT

Optimizing Closures in O(0) time

Semantic Analysis. Outline. The role of semantic analysis in a compiler. Scope. Types. Where we are. The Compiler so far

This paper should be referenced as:

Topic: Software Verification, Validation and Testing Software Engineering. Faculty of Computing Universiti Teknologi Malaysia

Bridge. Calculated Fields Guide. Version

Software Security. Final Exam Preparation. Be aware, there is no guarantee for the correctness of the answers!

Verification of Clock Domain Crossing Jitter and Metastability Tolerance using Emulation

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

Stylus Studio Case Study: FIXML Working with Complex Message Sets Defined Using XML Schema

Excel 1. Module 6 Data Lists

STPCon Fall 2013 October 24, 2013

Dynamic Data Flow Analysis for Object Oriented Programs

Watch the video below to learn more about freezing panes in Excel. *Video removed from printing pages. To freeze rows:

Runtime assertion checking of multithreaded Java programs

Programming Embedded Systems

An Introductory Guide to SpecTRM

Lecture 1: Overview

Sequence-Based Specification

Designing Robust Classes

Finding Firmware Defects Class T-18 Sean M. Beatty

Static program checking and verification

Recognition Algorithms for 2-Tree Probe Interval Graphs

The role of semantic analysis in a compiler

LEVERAGING VISUAL STUDIO TEAM SYSTEM 2008 Course LTS08: Five days; Instructor-Led Course Syllabus

Semantic Analysis. CSE 307 Principles of Programming Languages Stony Brook University

Proposal for dynamic configuration

What are the characteristics of Object Oriented programming language?

USING APPIUM FOR MOBILE TEST AUTOMATION

Mitsubishi FX Net Driver PTC Inc. All Rights Reserved.

Parallelizing Windows Operating System Services Job Flows

DDE Client Driver PTC Inc. All Rights Reserved.

Motivation State Machines

XVIII. Software Testing. Laurea Triennale in Informatica Corso di Ingegneria del Software I A.A. 2006/2007 Andrea Polini

Database Systems: Design, Implementation, and Management Tenth Edition. Chapter 6 Normalization of Database Tables

PATTERN SEQUENCER GUIDE

A Tutorial for ECE 175

An Architecture for Semantic Enterprise Application Integration Standards

Software Testing Prof. Rajib Mall Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur. Lecture 13 Path Testing

Software Quality. Richard Harris

Software Development Methodologies

1 Visible deviation from the specification or expected behavior for end-user is called: a) an error b) a fault c) a failure d) a defect e) a mistake

Exploring Code with Microsoft Pex

SDMX self-learning package No. 5 Student book. Metadata Structure Definition

Starting Embedded C Programming CM0506 Small Embedded Systems

Programming Languages and Compilers Qualifying Examination. Answer 4 of 6 questions.1

Sample Exam. Advanced Test Automation - Engineer

Rapid Bottleneck Identification A Better Way to do Load Testing. An Oracle White Paper June 2008

Semantic Analysis. Outline. The role of semantic analysis in a compiler. Scope. Types. Where we are. The Compiler Front-End

Mapping ACL to JavaMOP: A Feasibility Study

Semantic Analysis. Lecture 9. February 7, 2018

Lecture Notes on Queues

Lecture 15 Software Testing

iii) Activity Definitions

Model based testing and Hardware-in-the-Loop simulation of embedded CANopen control devices

NHH Instruction Processing Specification

SSC32 SERVO SEQUENCER GUIDE

LarvaLight User Manual

Why testing and analysis. Software Testing. A framework for software testing. Outline. Software Qualities. Dependability Properties

Fast Automated Estimation of Variance in Discrete Quantitative Stochastic Simulation

BridgePoint Modeling Exercises in Building Executable Models Mentor Graphics Corporation

Chapter 15. Software Testing The assert Statement

Cover Page. The handle holds various files of this Leiden University dissertation

Briefing Paper: developing the DOI Namespace

Computer Organization & Assembly Language Programming

Rhapsody in C Tutorial

Let s illustrate this with an example: BCP Algorithm (2/8) ( ) ( 1 2) (-1) Lintao Zhang

Higher-order Testing. Stuart Anderson. Stuart Anderson Higher-order Testing c 2011

Oracle Tuxedo. CORBA Technical Articles 11g Release 1 ( ) March 2010

1 Preface About this Manual Intended Audience Revision History Document Conventions Version...

The A ssembly Assembly Language Level Chapter 7 1

Project Compiler. CS031 TA Help Session November 28, 2011

Appendix to The Health of Software Engineering Research

Transcription:

A Case Study of Model-Based Testing Using Microsoft Spec Explorer and Validation Framework Carleton University COMP 4905 Andrew Wylie Jean-Pierre Corriveau, Associate Professor, School of Computer Science 17/04/2012

Abstract Model-based testing (MBT) is a method of software testing which uses a specification of the behavior of an implementation for the creation of test cases. This report will focus on two different MBT tools used for software testing. They are Microsoft Spec Explorer and Validation Framework. The tools will be examined through the use of a case study of a stopwatch system. The stopwatch program was first implemented, followed by the development of model programs for both Spec Explorer and Validation Framework. Following this, test cases were created and run for both of the MBT tools. This allowed a comparison of the operability of the tools with respect to testing of the implementation. The report includes a description of the problems encountered during development as well as a comparison of the MBT tools. Overall, Spec Explorer allows for the automatic generation and running of test cases, however it does not allow for as comprehensive testing as Validation Framework. In either case, the testing of a software system should not be limited to a single tool, as this does not guarantee full coverage. 1

Table of Contents Project Description... 5 Validation Framework... 6 Spec Explorer... 7 Compare & Contrast... 9 References... 12 Appendix A Stopwatch Specification... A-1 Appendix B Stopwatch Tests... B-1 2

List of Figures FIGURE 1: Stopwatch system in Date/Time mode.... 6 FIGURE 2: Stopwatch System in Timer mode.... 6 FIGURE 3: Kleene star used to describe state expansion.... 8 FIGURE 4: Or operation used to describe state expansion.... 8 3

List of Tables TABLE B-1: Timer Start/Stop Test... B-1 TABLE B-2: Reset Timer Test... B-1 TABLE B-3: Timer Stopped, Toggle Display Test... B-1 TABLE B-4: Timer Running, Freeze & Unfreeze Display Test... B-2 TABLE B-5: Stop Running Timer with Frozen Display Test... B-2 TABLE B-6: Switch Modes with Frozen Timer Test... B-2 TABLE B-7: Switch Modes Test... B-2 TABLE B-8: Switch Modes with Running Timer Test... B-2 4

Project Description Software engineering, in a broad sense, is a collection of techniques, tools, and methodologies which help to develop a high quality software system within certain constraints. Of all of these techniques and methods, one common and important element is that of testing; as a software system doesn t break, but is delivered broken. This report will examine model-based testing (MBT) in particular, and investigate both the extent and ease at which several tools are able to assist in the development process. The tools investigated are Microsoft Spec Explorer, and Validation Framework (VF). As mentioned, both are MBT tools; though they provide testing abilities using separate approaches. Spec Explorer is a commercial state-based testing tool provided by Microsoft as an extension for Visual Studio. It allows system-level testing of the solution under test (SUT) while taking a black-box approach to testing by comparing only input and output values between the model methods and implementation methods. After a model program is constructed, it can be explored to derive a state machine which represents the possible paths of execution of the program being modelled. At this point, tests can be automatically generated from the model program and run on the implementation to determine conformance. Validation Framework however allows for both system-level testing, and for testing of values during execution of the implementation. This is able to be accomplished as VF runs on top of the implementation and uses observability methods to gather data from the implementation at specific points during execution. To properly compare the tools, the SUT was first written according to its specification. After the system was developed both test models were then written. Following this, tests were created and run to determine testability provided by the tools. The system implemented was a stopwatch program that has two separate display modes which allow for the current time to be displayed, or for a timer to be shown. When in timer mode, the user can start, stop, or reset the timer, in addition to being able to freeze or unfreeze the display while the timer is running. These functions are provided by three buttons on the watch; start/stop, mode, and reset/lap. FIGURE 1 along with FIGURE 2 show the system as tested by the tools. A full specification for the system is also available in Appendix A: Stopwatch Specification. 5

FIGURE 1: Stopwatch system in Date/Time mode. FIGURE 2: Stopwatch System in Timer mode. Validation Framework Validation Framework models an implementation using Another Contract Language (ACL) to specify certain behaviours which are then associated with functions carried out by the implementation. When a model method is bound to a function in the implementation, the bound model method is run whenever the corresponding function in the implementation is run. This technique allows VF to test state as Spec Explorer does, as well as allowing tests to be run on variable values of the implementation during runtime. The model program was created with this in mind; first by implementing methods to check state program state, and then adding additional checks to test the runtime values of the displayed time and timer. It is important to note that similar to Spec Explorer, there were some problems encountered during development. However in the case of VF, most problems had to do with the stability of the Validation Framework itself along with the difficulties of testing time data contained in the implementation. Some of the problems observed with the Validation Framework are as follows: The VF project needs to be located on the desktop (can t have an extended path). Observabilities in VF do not properly return lists. Static methods in the implementation cannot be bound to. 6

The implementation cannot use.net Framework 4. Any bound functions with a void return type must have an explicit return statement. Once these issues were identified progress was able to be quickly made on the VF model program. Responsibilities - which are most similar to rules in a Spec Explorer model program - were written for each method of the implementation to cover state testing. Observabilites combined with variables in the model program were then used to collect the state data before a transition was made. The gathered data would be tested against the current model state, and then be transformed according to the applied transition to yield oracle data for testing after the transformation. After the state testing code was in place, an invariant was added to the model program for the purpose of testing that the displayed time data was actually correct. As the model program kept track of its own state as an oracle for testing, this was used to determine which of the date or timer information should be displayed. The value retrieved from the implementation for either date or time was then compared to the displayed value. During testing it was found that this process to check the displayed values with the actual values did sometimes give false errors. The issue is that since VF runs on top of the implementation it is testing, any time measurements will be off. This caused errors in comparison when the timer was running, as the data gathered from the observabilities would return the timer value milliseconds apart from each other. In addition to this, in time mode if a second passes as the program is switching between modes an incorrect time will be recorded by the observability due to the processing time taken by switching modes. The first issue was dealt with by simply not testing the timer value if it is running, and the second issue can be dealt with by the setup of test cases. This is possible as the VF test cases must be manually run, so the tester can simply make sure to switch modes only when the time will not change as the mode is being switched. Spec Explorer Model-based testing with Spec Explorer consists of a model program to represent the actions and state of the implementation along with a configuration file to describe state paths with respect to the model program. Upon creation, the model program can be either static or instance-based. 7

Static models are meant to be paired with a static implementation program, while an instancebased model is to be used when the implementation is also instance-based (Kicillof, 2009). For this reason, the model program for the SUT was first created to be static as the system was planned to be static due to its low complexity. Further into development however, the model program was changed to be instance-based for reasons related to this particular study. When hooking the VF and Spec Explorer models to the implementation, it was found that VF was unable to have bindings to static methods, forcing the implementation, and therefore the Spec Explorer model to be instance-based (unless a test adapter was to be used). The development of the model program was mostly straight forward, with some problems being encountered along the way. To begin with, the model program was written to cover basic state of the implementation. This was done using an enumeration for the timer modes as well as variables to keep track of display related states. Additionally, several of Spec Explorer s built-in conditions were used to enforce that only valid transitions could be traversed between the derived states. At this point in development, the model was explored to find that every transition was listed twice. After some testing it was found that the issue related to the way that the machine was defined for state exploration. The original grammar for the machine is shown in FIGURE 1, which was simplified to give the working grammar shown in FIGURE 2. This change resolved the issue and development was able to continue. FIGURE 3: Kleene star used to describe state expansion. FIGURE 4: Or operation used to describe state expansion. With the basic model completed and exploration returning a proper state diagram for the system, it was now time to attempt any additional system testing which Spec Explorer may have allowed. 8

A Datetime variable was introduced into the model with the hope that the generated tests could both check state after each transition as well as test the display. Along with the Datetime variable, a diagnostics Timer object was added to keep track of timer actions from the model. For the model to compile and be explored properly, the newly added types had to also be declared as native types in a modeling assembly (Microsoft, 2012). After this was done, the model was explored and tests were generated. However, it was at this point that it was discovered that code was compiled at the stage of test generation, and that Spec Explorer along with the test framework have no notion of time. As mentioned previously, testing of the implementation is done by comparing method input and output values of the implementation with those produced by the model. The implementation is simply executed using the test data as input, with the model being executed along the same path to generate oracle data. The outcome of the added testing in this case would cause the generated tests to use the current time as oracle data, which would always fail as the tests would be run at a point in time after they were generated. These issues with the model program were solved by the removal of the display checking code, which left the base model program that would successfully monitor and test program state. In the end, the tested aspects of the implementation included watch mode, display mode, and timer mode. Compare & Contrast After the development of both the Validation Framework and Spec Explorer model programs, tests were generated and run against the implementation for both systems. For VF, there is no way to automatically generate test cases, so paper test cases were written to match the tests generated by Spec Explorer. The written test cases can be found in Appendix B: Stopwatch Tests. Both tools succeeded in testing the implementation with respect to a certain base level. State of the system; including the watch mode, display mode, and timer mode were all properly confirmed by tests run from both systems. The Validation Framework model program also included an additional invariant to check that the displayed value of the watch matched with both the calculated state, and with the internal value kept by the implementation. This level of testing was unable to be reached with Spec Explorer due to the issues relating to timekeeping and test generation noted earlier. However, Spec Explorer took overall less time for testing than 9

Validation Framework as the tests could be directly generated from the model, and run automatically. This was especially helpful when alterations had to be made in the model due to any incompleteness or errors. Overall, both tools performed adequately to test the specified implementation. Differences between the tools can be seen with respect to their ability to model the system, along with any additional features which they may introduce to speed up the development process. In regards to this, we have seen that Spec Explorer allows for both the automatic generation and running of the tests cases themselves. This is a great benefit over having to manually create, write out, and run test cases as is done with Validation Framework. However, when it comes to modelling the implementation, Spec Explorer is bound to using a state-based approach with formal rules and well-defined state machines to allow this automation. Modelling with Validation Framework can however be done in any way, which can allow for more coverage of the SUT. This point is demonstrated in the case study, as the model created using Validation Framework covers testing of the stopwatch display along with the system state, whereas the Spec Explorer model only covers testing of the system state. One more difference between the tools has to do with how they handle certain condition checking. This condition checking can be done with Spec Explorer through the use of some of its built in features, though for more complex models there may have to be additional variables introduced to assist in testing. Any variables added to the Spec Explorer model are automatically included as part of the system state, and will increase the state space of the explored model. This occurred during development when a Datetime variable was introduced to allow for display checking, which caused an explosion of states which could not be avoided. Introducing variables to a Validation Framework model however does not have any effect on the function of the model until its use is directly specified in the code. Overall, the case study examined the MBT tools using a base level of features provided. As a result of this, the operability between the tools was a trade-off between automation with strict restrictions on the model implementation, and no automation with freedom to create a model program to better fit the implementation. A look into the advanced capabilities of Spec Explorer s online testing abilities (On-The-Fly tests) as a comparison to the default offline testing (Test Code Generated testing) may be valuable, as this would be more similar to the 10

online testing done by Validation Framework. In addition to this, research into the ability of the tools to deal with larger systems would be interesting, as it would provide more information about their scalability, and allow usage of the more advanced features provided by the tools. 11

References Kicillof, N., 2009. Static vs. Instance-Based Models. [Online] Available at: http://blogs.msdn.com/b/specexplorer/archive/2009/11/23/static-vs-instance-basedmodels.aspx [Accessed 2012]. Kicillof, N., 2010. Channel 9 Blog. [Online] Available at: http://channel9.msdn.com/blogs/nicok/ [Accessed 2012]. Labiche, Y. & Shafique, M., 2010. A Systematic Review of Model-Based Testing Tool Support, Ottawa: Carleton University. Microsoft, 2012. NativeType Attribute. [Online] Available at: http://msdn.microsoft.com/en-us/library/ee620483.aspx [Accessed 6 March 2012]. 12

Appendix A Stopwatch Specification The specification for the stopwatch system was taken from the Spec Explorer Video Tutorial series found on the Channel 9 Blog. The specification is shown at 16:55 into Session 2, Part 1, and has also been duplicated below for quick reference. Some adjustments were also made to eliminate any unspecified behaviour. Two display modes Date & Time Timer Three Buttons Mode (always enabled) Switches between the Timer and Date & Time modes. Start/Stop timer Only available in timer mode. Starts or stops the timer depending on current watch mode. Unfreezes the display on a stop action. Reset/Lap timer Only available in timer mode. If the timer is running then the button freezes or unfreezes the display. If the timer is stopped then the button resets the timer to zero. A-1

Appendix B Stopwatch Tests The test cases used to test the implementation are available below. They are the same tests that are created by Spec Explorer test generation, and have also been checked to ensure that they cover all possible paths of execution in the implementation. The initial state of the implementation is shown in the left column of the first row, with the next action to be triggered listed on the same row on the right column. The resulting state after execution of an action is located in the row below the previous state. As shown in the tables, the current program state is displayed in the order of: Watch Mode / Timer Mode / Frozen Display. TABLE B-1: Timer Start/Stop Test State Timer / Stopped / False Action TABLE B-2: Reset Timer Test State Timer / Stopped / False Action ResetLapButton() TABLE B-3: Timer Stopped, Toggle Display Test State Timer / Stopped / False DateTime / Stopped / False Timer / Stopped / False Action B-1

TABLE B-4: Timer Running, Freeze & Unfreeze Display Test State Timer / Running / True Action ResetLapButton() ResetLapButton() TABLE B-5: Stop Running Timer with Frozen Display Test State Timer / Running / True Timer / Stopped / False Action ResetLapButton() TABLE B-6: Switch Modes with Frozen Timer Test State Timer / Running / True DateTime / Running / True Timer / Running / True Action ResetLapButton() TABLE B-7: Switch Modes Test State Action TABLE B-8: Switch Modes with Running Timer Test State DateTime / Running / False Action B-2

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback