A test generation framework for quiescent real-time systems Laura Brandán Briones Dept. of CS, University of Twente, NL joint work with Ed Brinksma

Do We Still Need Quiescence? Yes! money? money? tea ! coffee! coffee? tea? tea? coffee? bang? bang? tea? coffee? coffee? tea? coffee! tea ! June, 2005

Do We Need Time? Do We Have Money? Do We Need Coffee? Yes! money? tea ! coffee? coffee! tea? tea? coffee? x:=0 x:=0 x  6 x  6 June, 2005

Overview Real-time input-output transition systems Timed implementation relation Real-time test generation Example Future work () Multi real-time input-output transition systems Multi timed implementation relation Multi real-time test generation June, 2005

Real-time input-output transition systems June, 2005

occur instantaneously non-delay actions are now assumed to occur instantaneously LTS with delays: s  s’ (dR+) with: (time determinism) s  s’ and s  s’’ implies s’=s’’ (density) s  s’ iff  s’’ : s  s’’ and s’’  s’ with d=d1+d2 (null delay) s  s’ iff s=s’ (d) (d) (d) (d) (d1) (d2) (0) June, 2005

Quiescence June, 2005

If for all o!Lout : q >, q  q For a system p, we extend the time transition relation () with δ (denoted Δ(p)): If for all o!Lout : q >, q  q o! δ June, 2005

Timed implementation relation June, 2005

ttraces(Δ(impl))  ttraces(Δ(spec)) impl tiorf spec iff ttraces(Δ(impl))  ttraces(Δ(spec)) impl tiorf spec iff ΔM(impl)  ΔM(spec) where ΔM(p) = ttraces(Δ(p))  (D.L  (M).δ)* M June, 2005

Outputs outM(s) = { o!(d) | s => }  { δ(M) | s quiescent} impl  spec iff  : outM( impl after  )  outM( spec after  ) o!(d) tiocoM (D.L  (M).δ) M ΔM(spec) tiorf ioco June, 2005

Real-time test generation June, 2005

Test cases Test case t  TTA TTA – Test Timed Automata : x:= 0 Test case t  TTA TTA – Test Timed Automata : x k on? x:=0 , x=k off! labels in L  {  }, G(d) tree-structured finite, deterministic final states pass and fail from each state  pass, fail choose input i? and time k wait k accepting all outputs o! and at k provide input i?, or wait accepting all outputs o! and  fail xM off! x=5 x:=0  x=M off! x<5 xM fail fail  off! pass fail June, 2005

Timed test generation tiocoM-sound = conforming implementation not rejected tiocoM-complete = non-conforming implementations can be rejected Apply recursively & non-deterministically ( initially S = {s0} ) 1 end test case PASS allowed oj! after d time-units 2 choose k  (0, M) and input μ FAIL forbidden oi! after d’ time-units o1! x=dn x=d1 x=d’n’ x=k x  k tμ t1 tn x:=0 x=d’1 on’! μ? on! allowed oj! after d time-units 3 wait to observe possible output FAIL forbidden oi! after d’ time-units  x=d’1 x=dn x=d1 x=d’n’ x=M x  M tδ t1 tn x:=0 o1! on’! on! June, 2005

Example June, 2005

Example :test spec: impl: fail fail δ fail fail fail pass fail fail b? c! t! x  1 c! t! δ c? x=1 fail fail x:=0 x  M c! t! δ pass x=M fail x:=0 x  1 c! t! b? impl: M=k x=1 fail fail x:=0 m? t? c? b? c! x<k t! x  1 c! t! c? fail fail x=1 x:=0 x  M c! t! δ x=M pass fail fail June, 2005

Future work Extend the theory with multi input-output Confirm completeness (in the old sense) Evaluate applicability in practical situations Deal with the imprecision in measuring physical time Integrate with data testing June, 2005

Overview Real-time input-output transition systems Timed implementation relation Real-time test generation Example Future work () Multi real-time input-output transition systems Multi timed implementation relation Multi real-time test generation June, 2005

Laura Brandán Briones & Ed Brinksma A generation framework for quiescent test real-time multi input-output systems input-output systems Laura Brandán Briones & Ed Brinksma

amount! card! card? card! card! Pin? Err-P! card! τ τ Err-a! Ok! x > 5 x := 0 card! x > 5 Pin? x ≤ 5 Err-P! x := 0 card! τ x ≤ 5 x  5 Err-a! τ x ≤ 5 Ok! x := 0 amount? x ≤ 5 Ok! x := 0 x  5 τ τ x ≤ 5 x ≤ 5 June, 2005

Channels τ amount! card? L = { card?} Pin? L = { Pin?, amount?} Err-P! Ok! Pin? Err-P! card! Err-a! amount! x5 x := 0 x ≤ 5 τ amount? x > 5 L = { card?} I 1 L = { Pin?, amount?} I 2 1 U L = { card!} U L = { amount!} 2 L = { Ok!, Err-a!, Err-P!} U 3 June, 2005

Quiescence June, 2005

L -quiescent (s) M –quiescent (s) M –quiescent (p) M-quiescent (p) o! o! Є L U j j U L -quiescent (s) M –quiescent (s) M –quiescent (p) M-quiescent (p) o! M j o! j M o! Є L U j j o! M i u! u! Є L U o! Є L j June, 2005

Channels τ card? Ok! Pin? Err-P! card! Err-a! amount! amount? x5 x := 0 x ≤ 5 τ amount? x > 5 L = { card?} I 1 => γ L = { Pin?, amount?} I 2 => γ 1 U L = { card!} => δ U L = { amount!} 2 => δ L = { Ok!, Err-a!, Err-P!} U 3 => δ June, 2005

Saturation June, 2005

γ δ δ δ amount! card! card! card? γ δ γ δ δ γ card! Pin? Err-P! γ δ δ 2 1 2 3 γ δ δ δ amount! card! card! card? x > 5 x := 0 γ δ 2 1 3 γ δ 2 3 1 δ 2 3 γ 1 card! x > 5 Pin? x ≤ 5 Err-P! 1 1 2 x := 0 γ δ δ card! x  5 Err-a! τ τ x ≤ 5 x ≤ 5 Ok! x := 0 γ δ 2 3 1 γ δ δ 1 1 2 γ δ δ 1 1 2 δ 2 3 γ 1 δ amount? x ≤ 5 Ok! x := 0 γ δ 2 1 x  5 τ τ x ≤ 5 x ≤ 5 γ γ δ δ 2 1 1 2 γ γ δ δ 2 1 1 2 June, 2005

Ttraces ε(2).δ.ε(4).a?.γ.ε(3).b!.ε(2).c?.ε(1).a?.ε(3).b! M = 2 1 ε(6).δ.a?.γ.ε(3).b!.ε(2).c?.ε(1).a?.ε(3).b! 1 3 ε(2).δ.ε(4).a?.γ.ε(3).b!.ε(2).c?.ε(1).a?.ε(3).b! 1 3 δ(2).a?(4).γ (0).b!(3).c?(2).a?(1).b!(3) 3 1 ε(6).a?.ε(3).b!.ε(2).c?.ε(1).a?.ε(3).b! June, 2005

δ (2).c?(4).γ (0).P?(3).Ok?(2).a?(1).E!(3) card? Ok! Pin? Err-P! card! Err-a! amount! x5 x := 0 x ≤ 5 τ amount? γ δ δ δ γ δ δ γ γ δ δ 2 1 2 3 1 1 2 2 1 1 2 γ δ 2 1 3 x > 5 δ (2).c?(4).γ (0).P?(3).Ok?(2).a?(1).E!(3) 1 June, 2005

outM (s) = U outM (s) U U outM (s) Outputs outM (s) = U outM (s) U U outM (s) outM (s) = { o!(d) | s => } U { δ (M ) | j-quiescent(s =>)} outM (s) = U { γ (d) | i-refusal(s =>)} o r sS sS o o!(d) ε(Mj) j j r ε(d) i June, 2005

card! Є outM (s after card?(2).δ (1).Pin?(2).Err-P!(3)) M = <M1, M2, M3> M1= 1 M2= 1 M3= 2 card! Є outM (s after card?(2).δ (1).Pin?(2).Err-P!(3)) outM (s after σ) = ∅  σ Є nttraces(s) 1 June, 2005

Timed multi input-output implementation relation mtiocoM impl mtioco spec iff  : outM (impl after  )  outM (spec after  ) M ΔM(spec) June, 2005

Test mtiocoM-sound = conforming implementation not rejected mtiocoM-complete = non-conforming implementations can be rejected Apply recursively & non-deterministically ( initially S = {s0} ) 1 end test case PASS allowed oj! after d time-units choose k Є [0, max{M1,..,Mm}) and input μ Є LI FAIL forbidden oi! after d’ time-units o1! x=dn x=d1 x=d’n’ x=k x  k tγi t1 tn x:=0 x=d’1 on’! μ? on! tμ γ i x=Mu δu allowed oj! after d time-units 3 wait for output in channel j FAIL forbidden oi! after d’ time-units  x=d’1 x=dn x=d1 x=d’n’ x=Mu xMj tδj t1 tn x:=0 o1! on’! on! j u x=Mj June, 2005

Future work June, 2005

Confirm completeness (in the old sense) Evaluate applicability in practical situations Deal with the imprecision in measuring physical time Integrate with data testing June, 2005