Testing Generation at UPenn Testing Hybrid System: Phase I Randomized test generator=Randomized Simulator+ Coverage Checker. 1. Local ramdomization 1.

Slides:

Advertisements

Similar presentations

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Advertisements

Techniques to analyze workflows (design-time)

CS 267: Automated Verification Lecture 2: Linear vs. Branching time. Temporal Logics: CTL, CTL*. CTL model checking algorithm. Counter-example generation.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

Introduction to Formal Methods for SW and HW Development 09: SAT Based Abstraction/Refinement in Model-Checking Roberto Sebastiani Based on work and slides.

SAT Based Abstraction/Refinement in Model-Checking Based on work by E. Clarke, A. Gupta, J. Kukula, O. Strichman (CAV’02)

Knowledge Based Synthesis of Control for Distributed Systems Doron Peled.

Timed Automata.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Process Analysis Toolkit PAT is A SPIN-like self-contained environment for system specification, visualized simulation and automated verification. PAT.

Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Strichman Carnegie Mellon University.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

Making Choices using Structure at the Instance Level within a Case Based Reasoning Framework Cormac Gebruers*, Alessio Guerri †, Brahim Hnich* & Michela.

Discrete Abstractions of Hybrid Systems Rajeev Alur, Thomas A. Henzinger, Gerardo Lafferriere and George J. Pappas.

Testing and Monitoring at Penn Testing and Monitoring Model-based Generated Program Li Tan, Jesung Kim, and Insup Lee July, 2003.

1 Completeness and Complexity of Bounded Model Checking Ed Clarke Daniel Kroening Joel Ouaknine Carnegie Mellon University, Pittsburgh, USA Ofer Strichman.

6th Biennial Ptolemy Miniconference Berkeley, CA May 12, 2005 Operational Semantics of Hybrid Systems Haiyang Zheng and Edward A. Lee With contributions.

1 Today Another approach to “coverage” Cover “everything” – within a well-defined, feasible limit Bounded Exhaustive Testing.

Chess Review May 11, 2005 Berkeley, CA Operational Semantics of Hybrid Systems Haiyang Zheng and Edward A. Lee With contributions from the Ptolemy group.

Property-Based Test Generation Li Tan, Oleg Sokolsky, and Insup Lee University of Pennsylvania.

Analysis of Algorithms CS 477/677

1 Coverage Metrics in Formal Verification Hana Chockler Hebrew University.

System Design Research Laboratory Model-based Testing and Monitoring for Hybrid Embedded Systems Li Tan Jesung Kim Oleg Sokolsky Insup Lee University of.

ESE601: Hybrid Systems Introduction to verification Spring 2006.

1 Completeness and Complexity of Bounded Model Checking.

Witness and Counterexample Li Tan Oct. 15, 2002.

Automata and Formal Lanugages Büchi Automata and Model Checking Ralf Möller based on slides by Chang-Beom Choi Provable Software Lab, KAIST.

System Design Research Laboratory Specification-based Testing with Linear Temporal Logic Li Tan Oleg Sokolsky Insup Lee University of Pennsylvania.

Testing and Monitoring at Penn An Integrated Framework for Validating Model-based Embedded Software Li Tan University of Pennsylvania September, 2003.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

CS 267: Automated Verification Lecture 13: Bounded Model Checking Instructor: Tevfik Bultan.

The Model Checker SPIN Written by Gerard J. Holzmann Presented by Chris Jensen.

Abstract Verification is traditionally done by determining the truth of a temporal formula (the specification) with respect to a timed transition system.

Flavio Lerda 1 LTL Model Checking Flavio Lerda. 2 LTL Model Checking LTL –Subset of CTL* of the form: A f where f is a path formula LTL model checking.

5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.

Using a Formal Specification and a Model Checker to Monitor and Guide Simulation Verifying the Multiprocessing Hardware of the Alpha Microprocessor.

15-820A 1 LTL to Büchi Automata Flavio Lerda A 2 LTL to Büchi Automata LTL Formulas Subset of CTL* –Distinct from CTL AFG p  LTL  f  CTL. f.

Structural Coverage Verilog code is available to help generate tests o Code can be analyzed statically and/or simulated Easier to detect “additive” design.

Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila

Testing Generation at UPenn Model-Based Test Generation I. Model-based test generation for discrete systems [HLS02]. Temp. Prop. Translator Controller.

Advanced Technology Center Slide 1 Requirements-Based Testing Dr. Mats P. E. Heimdahl University of Minnesota Software Engineering Center Dr. Steven P.

Model-based Methods for Web Service Verification.

Model Checking Lecture 3 Tom Henzinger. Model-Checking Problem I |= S System modelSystem property.

Inferring Temporal Properties of Finite-State Machines with Genetic Programming GECCO’15 Student Workshop July 11, 2015 Daniil Chivilikhin PhD student.

Maximum Network Lifetime in Wireless Sensor Networks with Adjustable Sensing Ranges Cardei, M.; Jie Wu; Mingming Lu; Pervaiz, M.O.; Wireless And Mobile.

Lecture #5 Properties of hybrid systems João P. Hespanha University of California at Santa Barbara Hybrid Control and Switched Systems.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.

Testing Generation at UPenn Model-Based Test Generation Temp. Prop. Translator Controller Model Checker Witness generator  1 Æ.

Allen Linear Temporal Logic Translation to LTL and Monitor Synthesis Grigore Rosu (University of Illinois at U-C) Saddek Bensalem (VERIMAG)

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

Verification & Validation By: Amir Masoud Gharehbaghi

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Symbolic Algorithms for Infinite-state Systems Rupak Majumdar (UC Berkeley) Joint work with Luca de Alfaro (UC Santa Cruz) Thomas A. Henzinger (UC Berkeley)

Mobile Sensor Deployment for a Dynamic Cluster-based Target Tracking Sensor Network Niaoning Shan and Jindong Tan Department of Electrical and Computter.

Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.

Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.

From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.

Over-Approximating Boolean Programs with Unbounded Thread Creation

Generating Optimal Linear Temporal Logic Monitors by Coinduction

Discrete Controller Synthesis

Scalability in Model Checking

Abstraction, Verification & Refinement

Introduction to verification

Presentation transcript:

Testing Generation at UPenn Testing Hybrid System: Phase I Randomized test generator=Randomized Simulator+ Coverage Checker. 1. Local ramdomization 1. Stay or jump 2. Where to jump 3. How long to stay 2. Gobal ramdomization 1. Continuing on current trace. 3. Heuristic search 1. Uncovered neighbor first 2. Syntax-based distance matrix (Shortest distance to uncovered state/location) 3. Open question: deciding the weight for outgoing transitions based on the history of the search from these transitions. 4. Current status 1. A working version of randomized test generation is written on CHARON simulator. Mode A df/dt=1 a: True:f=0 b: 1<f<3:m=1 c: 2<f<4:m=2

Testing Generation at UPenn Testing Hybrid System: Phase II System Modeling CHARON (Model) Flatten hybrid model Converte Implementation Test Suite Set of predicates Coverage criteria Bad set Reachability Checker Yes w/ Trace Simulation /refinment NO w/ more predicates YES

Testing Generation at UPenn Intelligent simulator Intelligent simulator=Simulator+ property checker (monitor) 1. Verification as the byproduct of simulation 1. LTL Property encoded as the monitor 1. MEDL: A subset of LTL, has been applied to Java running-time monitoring. 2. Monitor advances when the simulation proceeds. 3. Open problem: LTL with eventuality only is easy, but how about the formula a R b. 1. Need to remember the states traversed to sense the loop. 1. Difficult because the domain of continuous variables are dense. 2. The search is tailored by the property. 1. A transition “measure” has the priority higher than “sendValue” if the property is G(measure => X (home)). 2. Most interesting simulation trace: Covering as many parts of property as possible using the minimal steps.

Testing Generation at UPenn Testing on discrete systems Given: Test setting = LTL/ 9 LTL + the specification+ Blackbox implementation. Problem: Currently the testing properties is limited to LTL with eventuality only. Question: is there a test for “F( G( a ! Xb))”. Constructing test suites for 9 LTL property. 1. Is the property “E GF a” testable? 1. No finite trace can be attest to this property. 2. If the number of states in blackbox is bounded by n, 1. A trace for 9 LTL + the specification is rational:  (  ) . 2. A infinite trace  (  )  can be cut to $  (  ) n 2. LTL can be translated to a set of interesting 9 LTL properties. 1. E( GF( a)) is an interesting property for F(G(a ! X b))

Testing Generation at UPenn Theoretical research Property-coverage testing, Testing criteria is directly presented as temporal property. Testing will yield some decisive result Does the system satisfy the property? Does the system conform to the specification. Testing+monitering, checking the property on every execution. Con: Generally cannot prove whether system satisfies the property. Pro: Cheap (easy to implement) and generic (available even the abstraction-based model check cannot give a decisive positive result.) What is a testable property? Other coverage criteria can be accommodated in model-based test generation.