Motivation State Machines

Similar documents
State-Based Testing Part B Error Identification. Generating test cases for complex behaviour

Software Testing. 2. Models. 2. Models. Testing Approaches. Why Models? (in Testing) (Based on Part II: Models of Testing Object-Oriented Systems)

Software Testing. 2. Models. 2. Models. Testing Approaches. Why Models? (in Testing) (Based on Part II: Models of Testing Object-Oriented Systems)

Class Modality. Modality Types. Modality Types. Class Scope Test Design Patterns

door Sasa Berberovic

17. Assertions. Outline. Built-in tests. Built-in tests 3/29/11. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen

17. Assertions. Jelle Slowack, Bart Smets, Glenn Van Loon, Tom Verheyen

Finite State Machine Modeling for Software Product Lines. Finite State Machines and Statecharts

Integration Testing Qualidade de Software 2

Combined Modeling and Programming with State Machines

Błaej Pietrzak Goal. Two approaches. Process. If we limit testing to method scope

User Interface Design with Components

In This Lecture You Will Learn: Specifying Control. Statechart. Event, State and Transition

Assertions. Assertions - Example

Decision tables. Combinational Models. Necessary Characteristics of the Implementation. Decision tables. Deriving decision tables

UML Fundamental. OutLine. NetFusion Tech. Co., Ltd. Jack Lee. Use-case diagram Class diagram Sequence diagram

12 Tutorial on UML. TIMe TIMe Electronic Textbook

SOFTWARE DESIGN COSC 4353 / Dr. Raj Singh

Introduction to Software Testing Chapter 2, Sec#: 2.5 Graph Coverage for Specifications

Błaej Pietrzak

Finite State Machines and Statecharts

Software Service Engineering

Inheritance. Benefits of Java s Inheritance. 1. Reusability of code 2. Code Sharing 3. Consistency in using an interface. Classes

Inheritance. Transitivity

Testing Object-Oriented Software. 22 November 2017

References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 10/14/2004 1

Dynamic Modeling - Finite State Machines

STATE MACHINES. Figure 1: State Machines

CA314 Object Oriented Analysis & Design - 7. File name: CA314_Section_07_Ver01 Author: L Tuohey No. of pages: 16

Object-Oriented and Classical Software Engineering

NOTES ON OBJECT-ORIENTED MODELING AND DESIGN

Checking General Safety Criteria on UML Statecharts

UNIT-4 Behavioral Diagrams

Program Verification (6EC version only)

Interactions A link message

Statecharts 1.- INTRODUCTION 1.- INTRODUCTION

Software Design and Analysis CSCI 2040

Meltem Özturan

A Short Summary of Javali

Safety SPL/2010 SPL/20 1

Software Engineering. Page 1. Objectives. Object-Behavioural Modelling. Analysis = Process + Models. Case Study: Event Identification

Basic Object-Oriented Concepts. 5-Oct-17

Index. Index. More information. block statements 66 y 107 Boolean 107 break 55, 68 built-in types 107

EINDHOVEN UNIVERSITY OF TECHNOLOGY

A3. Programming Languages for Writing Safety-Critical Software

An Annotated Language

SOFTWARE ENGINEERING IT 0301 Semester V B.Nithya,G.Lakshmi Priya Asst Professor SRM University, Kattankulathur

Programming II (CS300)

Design by Contract in Eiffel

Object-Oriented Design

Java: introduction to object-oriented features

System Analysis and Design. Statecharts

Requirements Engineering: Specification & Validation. Software Requirements and Design CITS 4401 Lecture 18

Chapter 8: Class and Method Design

Unified Modeling Language 2

Object-Oriented Design

Recap: Class Diagrams

JVA-103. Java Programming

Ingegneria del Software Corso di Laurea in Informatica per il Management

15. Regression testing

MSO Analysis & UML. Hans Philippi (based on the course slides of Wouter Swierstra) August 24, Analysis & UML 1 / 56

Contents. I. Classes, Superclasses, and Subclasses. Topic 04 - Inheritance

Ch. 21: Object Oriented Databases

Software Specification 2IX20

Self Stabilization. CS553 Distributed Algorithms Prof. Ajay Kshemkalyani. by Islam Ismailov & Mohamed M. Ali

CONTENTS. PART 1 Structured Programming 1. 1 Getting started 3. 2 Basic programming elements 17

Real-Time and Embedded Systems (M) Lecture 19

visualstate Reference Guide

Error Model Annex Revision

Synchronization SPL/2010 SPL/20 1

Argument Passing All primitive data types (int etc.) are passed by value and all reference types (arrays, strings, objects) are used through refs.

Advanced State Modeling

Pieter van den Hombergh. Fontys Hogeschool voor Techniek en Logistiek. September 9, 2016

Testing3. State-based Testing

Distributed Systems COMP 212. Revision 2 Othon Michail

Exercise Unit 2: Modeling Paradigms - RT-UML. UML: The Unified Modeling Language. Statecharts. RT-UML in AnyLogic

Formal Verification for UML/SysML models

GitHub code samples. Appendix B

Concurrency and Recovery

Design Pattern: Composite

Introduction Events States Transition State Diagrams State Diagram Behavior Advanced State Modeling In-Class Exercises.

R/3 System Object-Oriented Concepts of ABAP

CS 6456 OBJCET ORIENTED PROGRAMMING IV SEMESTER/EEE

DISTRIBUTED COMPUTER SYSTEMS

Safely Creating Correct Subclasses without Seeing Superclass Code

Top Down Design vs. Modularization

Real-Time and Concurrent Programming Lecture 4 (F4): Monitors: synchronized, wait and notify

Engineering Design w/embedded Systems

Software Testing. 14. Application Systems. International Funds Transfer System Development Team - Objects work, objects are right The System Works!

Regression testing. Whenever you find a bug. Why is this a good idea?

Structural specification

Introduction to Software Testing Chapter 3.1, 3.2 Logic Coverage Paul Ammann & Jeff Offutt

Introduction to Software Testing Chapter 3.1, 3.2 Logic Coverage Paul Ammann & Jeff Offutt

COURSE 2 DESIGN PATTERNS

Fortgeschrittene objektorientierte Programmierung (Advanced Object-Oriented Programming)

Chap 6. Test Models and Strategies

Information System Design (IT60105)

Chapter : Analysis Modeling

UC Santa Barbara. CS189A - Capstone. Christopher Kruegel Department of Computer Science UC Santa Barbara

CSE115 / CSE503 Introduction to Computer Science I. Dr. Carl Alphonce 343 Davis Hall Office hours:

Transcription:

Motivation State Machines Generating test cases for complex behaviour Textbook Reading: Chapter 7 We are interested in testing the behaviour of object-oriented software systems Behaviour: Interactions (message passing) between objects State machines can model such behaviour at any scope (class, cluster, system) If our test model is a state machine, we can generate test cases for the modeled behaviour What is a state machine? A system whose output is determined by both current and past input Previous inputs are represented by the state State-based behaviour: Identical inputs are not always accepted. When accepted, they may produce different outputs Building blocks of a state machine State: An abstraction that summarizes past inputs, and determines behaviour on subsequent inputs Transition: An allowable two-state sequence. Caused by an event Event: An input or a time interval Action: The output that follows an event State machine behaviour 1. Begin in the initial state 2. Wait for an event 3. An event comes in If not accepted in the current state, ignore If accepted, a transition fires, output is produced (if any), the resultant state of the transition becomes the current state 4. Repeat from step 2 unless the current state is the final state State machine properties How events are generated is not part of the model Transitions fire one at a time The machine can be in only one state at a time The current state cannot change except by a defined transition States, events, transitions, actions cannot be added during execution 1

State machine properties State transition diagrams Algorithms for output creation are not part of the model The firing of a transition does not consume any amount of time The challenge: How to model the behaviour of a given system using a state machine? Guarded transitions Guarded transitions The previous model is ambiguous, e.g. there are two possible reactions to push and pop in the Loaded state Guards can be added to transitions A guard is a predicate associated with the event A guarded transition cannot fire unless the guarded predicate evaluates to true State Transition Tables Limitations of the basic model Not specific for object-oriented systems Limited scalability Even with the best tools available, diagrams with 20 states or more are unreadable Concurrency cannot be modeled Different processes can be modeled with different state machines, but the interactions between them cannot 2

Scalability example Statecharts Four different levels Statechart advantages Concurrent statechart Easier to read Suited for object oriented systems (UML uses statecharts) Hierarchical structure helps with state explosion They can be used to model concurrent processes as well State model Must support automatic test generation The following criteria must be met Complete and accurate reflection of the implementation to be tested Allows for abstraction of detail Preserves detail that is essential for revealing faults Represents all events and actions Defines state so that the checking of resultant state can be automated 3

The FREE State Model Flattened Regular Expression Meets the criteria in the previous slide The class under test is flattened Defines conventions that resolve ambiguities in standard models Focus on object state at method activation and deactivation An example What is a state? We need an executable definition that can be evaluated automatically An object with two boolean fields has 4 possible states? This would lead to trillions of states for typical classes Instead, state is: A set of variable value combinations that share some property of interest Can be coded as a boolean expression Trillions of states Consider the following class Class Account { AccountNumber number; Money balance; Date lastupdate; } A primitive view of the state space would yield too many states Three abstract states State invariants A valid state can be expressed with a state invariant, a boolean expression that can be checked A state invariant defines a subset of the values allowed by the class invariant ensure a or b in Eiffel normally defines two states 4

Transitions A transition is a unique combination of Two state invariants (one for the accepting, one for the resultant state may be the same) An associated event An optional guard expression An optional action(s) Events 1. A message sent to the class under test 2. A response received from a supplier of the class under test 3. An interrupt or similar external control action that must be accepted Guards A predicate expression associated with an event Depending on the context of the model, guards may or may not reference private features Evaluation of the guard must not have side effects Actions 1. A message sent to a supplier object 2. The response provided by an object of the class under test to its client Alpha and Omega states The initial stage of an object is the state right after it is constructed However, a class may have multiple constructors that leave the object at different states To avoid modeling problems we define that an object is in the α state just before construction Similarly with ω and destruction (not necessary to model ω for languages that have garbage collection) Inheritance flattening When testing a class, one must consider its superclasses The state machine is a composite of the state machines of all ancestors Similar to contracts, a Require no more, ensure no less approach is taken Superclass state space must be preserved The set of acceptable events for a state cannot be reduced 5

Orthogonal composition Type concatenation Superstate partitioning Transition retargeting Transition splitting Expanding the statechart Statecharts are great for communication, reducing clutter etc. They might hide subtle bugs (e.g. entering a substate rather than a superstate) We need to expand them to full transition diagrams for testing purposes An automatable process 6

Expanded statechart Unspecified Event/State Pairs State machine models will not include all events for all states Implicit transitions may be illegal, ignored, or a specification omission Accepted illegal events lead to bugs called sneak paths For testing purposes, we cannot ignore implicit behaviour Example statechart Response matrix Possible responses to illegal events Interesting aside Illegal events can be coded either using defensive programming or contracts We saw many benefits of contracts in 3311 One benefit of defensive programming with regard to testing is that testing can concentrate on the supplier side (clients are allowed to send any message) 7

State model validation A state model must be complete, consistent, and correct before it is used to generate test cases Five validation checklists apply Structure checklist State name checklist Guarded transition checklist Flattened machine checklist Robustness checklist Structure checklist There is an initial state with only outbound transitions There is a final state with only inbound transitions (if not, explicit reason is needed) No equivalent states Every state is reachable from the initial state The final state is reachable from all states Every defined event and every defined action appears in at least one transition Structure checklist Except for the initial and final states, every state has at least one incoming and one outgoing transition The events accepted in a particular state are unique or differentiated by mutually exclusive guards Complete specification: For every state, every event is accepted or rejected (either explicitly or implicitly) State name checklist Poor names are often indications of incomplete or incorrect design Names must be meaningful in the context of the application If a state is not necessary, leave it out Wait states are often superfluous State names should be passive Adjectives are best, past participles are OK Guarded transition checklist The entire range of truth values for a particular event is covered Each guard is mutually exclusive of all other guards Guard variables are visible Guards with three or more variables are modeled with a decision table The evaluation of a guard does not cause side effects Flattened machine checklist All transitions accepted in the superclass are accepted in the subclass The subclass does not weaken the invariant of any superclass state The subclass does not break the invariant of a superclass state The subclass may add orthogonal states expressed over variables defined in the subclass All guards on superclass transitions are the same or weaker for the subclass transition 8

Robustness checklist There is an explicit spec for an error-handling or exception-handling mechanism for implicitly rejected events Illegal events do not corrupt the machine (preserve the last good state, reset to a valid state, or self-destruct safely) Actions have no side effects on the resultant state Explicit exception, error logging, and recovery mechanisms are specified for contract violations Fault model for state machines Two general types of error Control faults: An incorrect sequence of events is accepted, or an incorrect sequence of outputs is produced Incorrect composite behaviour: Errors associated with inheritance Control faults Missing transition Missing transition Incorrect transition Missing action Incorrect action Sneak path Corrupt state Illegal message failure Trap door Incorrect transition Missing action 9

Incorrect action Sneak path Corrupt state Sneak path to corrupt state Trap door Incorrect Composite Behaviour The subclass method to override a superclass method is missing or incorrect The subclass extension of state conflicts with a superclass state The subclass fails to retarget a superclass transition and switches to an incorrect or undefined superclass state The evaluation of a guard produces a sideeffect in a subclass 10

The N+ Test Strategy Test strategies for state machines may include: Exhaustive, All Transitions etc. The N+ Test strategy: We will use an extension of the 2-player game as an example Develop a FREE model of the system The 3-player game example Validate the model using the checklists Expand the statechart Develop the response matrix Generate the round-trip path test cases Generate the sneak path test cases Sensitize the transitions in each test case Flattened Transition Diagram Statechart for the 3player game Response Matrix Round-Tree Path Trip Exercise all transitions and loops on every possible alpha-omega path at least once Root: Initial stage Edge for each transition Stop if the resultant state has already been reached or is a final state Guards: One transition for each variant that evaluates to True Counter Guards: Transition annotated with * 11

Transition tree for the 3- player game Generated test cases Sneak path testing Transition tree tests explicit behaviour We need to test each state s illegal events A test case for each non-checked, nonexcluded transition cell in the response matrix Confirm that the actual response matches the specified response Sneak Path Test Suite Choosing a test strategy 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback