Property-Based Test Generation Li Tan, Oleg Sokolsky, and Insup Lee University of Pennsylvania.

Slides:

Advertisements

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

Advertisements

The behavior of SAT solvers in model checking applications K. L. McMillan Cadence Berkeley Labs.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

CS6133 Software Specification and Verification

Predicate Complete Testing * Thomas Ball * Thomas Ball, A Theory of Predicate-Complete Test Coverage and Generation, Technical Report MSR-TR ,

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:

Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Strichman Carnegie Mellon University.

1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.

PTIDES: Programming Temporally Integrated Distributed Embedded Systems Yang Zhao, EECS, UC Berkeley Edward A. Lee, EECS, UC Berkeley Jie Liu, Microsoft.

Discrete Abstractions of Hybrid Systems Rajeev Alur, Thomas A. Henzinger, Gerardo Lafferriere and George J. Pappas.

Testing Generation at UPenn Testing Hybrid System: Phase I Randomized test generator=Randomized Simulator+ Coverage Checker. 1. Local ramdomization 1.

On the Use of Automata Techniques to Decide Satisfiability Mia Minnes May 3, 2005.

Testing and Monitoring at Penn Testing and Monitoring Model-based Generated Program Li Tan, Jesung Kim, and Insup Lee July, 2003.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.

Witness and Counterexample Li Tan Oct. 15, 2002.

CIS 700-3: Selected Topics in Embedded Systems Insup Lee University of Pennsylvania June 24, 2015 Introduction.

8/3/011 Formal methods for CARA development Insup Lee (Univ. of Pennsylvania) Rance Cleaveland (SUNY at Stony Brook) Elsa Gunter (NJIT)

1 State-Based Testing of Ajax Web Applications A. Marchetto, P. Tonella and F. Ricca CMSC737 Spring 2008 Shashvat A Thakor.

System Design Research Laboratory Model-based Testing and Monitoring for Hybrid Embedded Systems Li Tan Jesung Kim Oleg Sokolsky Insup Lee University of.

Witness and Counterexample Li Tan Oct. 15, 2002.

Automata and Formal Lanugages Büchi Automata and Model Checking Ralf Möller based on slides by Chang-Beom Choi Provable Software Lab, KAIST.

System Design Research Laboratory Specification-based Testing with Linear Temporal Logic Li Tan Oleg Sokolsky Insup Lee University of Pennsylvania.

Testing and Monitoring at Penn An Integrated Framework for Validating Model-based Embedded Software Li Tan University of Pennsylvania September, 2003.

The Model Checker SPIN Written by Gerard J. Holzmann Presented by Chris Jensen.

1 3rd of July 2009 CEA LIST Symbolic execution based model checking of open systems with unbounded variables Nicolas RAPIN CEA LIST.

LTL – model checking Jonas Kongslund Peter Mechlenborg Christian Plesner Kristian Støvring Sørensen.

5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.

Antoine Girard VAL-AMS Project Meeting April 2007 Behavioral Metrics for Simulation-based Circuit Validation.

AUTOMATIC CONCOLIC TEST GENERATION WITH VIRTUAL PROTOTYPES FOR POST-SILICON VALIDATION Reviewer: Shin-Yann Ho Instructor: Jie-Hong Jiang.

Institute for Applied Information Processing and Communications 1 Karin Greimel Semmering, Open Implication.

Testing Generation at UPenn Model-Based Test Generation I. Model-based test generation for discrete systems [HLS02]. Temp. Prop. Translator Controller.

Advanced Technology Center Slide 1 Requirements-Based Testing Dr. Mats P. E. Heimdahl University of Minnesota Software Engineering Center Dr. Steven P.

Model-based Methods for Web Service Verification.

1 Automatic Refinement and Vacuity Detection for Symbolic Trajectory Evaluation Orna Grumberg Technion Haifa, Israel Joint work with Rachel Tzoref.

1 New Development Techniques: New Challenges for Verification and Validation Mats Heimdahl Critical Systems Research Group Department of Computer Science.

5/27/03MDES Supporting Model-Based Validation at Run-time Insup Lee and Oleg Sokolsky Department of Computer and Information Science University of.

Safety-Critical Systems 5 Testing and V&V T

Testing Generation at UPenn Model-Based Test Generation Temp. Prop. Translator Controller Model Checker Witness generator  1 Æ.

Quantitative Model Checking Radu Grosu SUNY at Stony Brook Joint work with Scott A. Smolka.

1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.

Recognizing safety and liveness Presented by Qian Huang.

Verification & Validation By: Amir Masoud Gharehbaghi

Constraints Assisted Modeling and Validation Presented in CS294-5 (Spring 2007) Thomas Huining Feng Based on: [1]Constraints Assisted Modeling and Validation.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Chapter 8 Asynchronous System Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.

1 CSEP590 – Model Checking and Automated Verification Lecture outline for July 9, 2003.

Quality Assurance in the Presence of Variability Kim Lauenroth, Andreas Metzger, Klaus Pohl Institute for Computer Science and Business Information Systems.

Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.

Bounded Model Checking A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic Model Checking without BDDs, TACAS’99 Presented by Daniel Choi Provable Software.

From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.

Model Checking Lecture 1: Specification Tom Henzinger.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.

CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.

Fundamentals of Fault-Tolerant Distributed Computing In Asynchronous Environments Paper by Felix C. Gartner Graeme Coakley COEN 317 November 23, 2003.

Formal methods: Lecture

Input Space Partition Testing CS 4501 / 6501 Software Testing

An explicit state model checker

Program Synthesis is a Game

Hints for Building Self-. Systems Vijay K

Presentation transcript:

Property-Based Test Generation Li Tan, Oleg Sokolsky, and Insup Lee University of Pennsylvania

Temporal Property Translator Test Harness LTL formulae  1, …,  n Criteria not being covered Simulation-based randomized test generator Quasi linear (Lasso- shape) proof structure Test trace generator Traces {  1,…,  n } Traces Testing result Interface Definition Model Checker Specification Model (CHARON) Informal System Specification Environ. ModelingSystem Modeling Coverage Criteria Behavior specification LTL formulae  1, …,  n Hardware Specification/limitation Implementation Test result Feature conflict detection The Overview of Our Approach

Goal: Using model-checking technique to make test generation more efficient, flexible, and centered on the system-specific properties (features). Step I. Preparing specifications Properties (feature specification) as linear temporal logic formula (optional) System specification system as CHARON (for hybrid systems) and EFSM (for discrete systems) Step II. Test generation using model checkers. (For hybrid systems) Simulation-based test generation with the assistance of predicate abstraction reachability analysis. (For Discrete system) (Option A) Using the proof structures of evidence-ready model checkers. (Option B) Reducing the test generation for LTL formula to safety check (For temporal specification only) Functional test. Generating non-trivial test traces for temporal specification (feature specification) Detecting conflicting in temporal specification. Step III: Realizing test harness. Temporal (feature) Spec. + Model (optional) Test suite (Finite set of finite traces) Model-checking based Test generator

From Property and Model to Test suite: Property-based test generation I. From infinite length to finite: Synthesizing test suites for 9 LTL property

A infinite Lasso-shaped test suite can be checked adequately by finite steps if the implementation is bounded. Turn=1, : c1, : c2 Turn=1, c1, : c2 Turn=2, c1, : c2 Turn=2, c1, c2 Turn=1, c1, c2 A quasi-linear proof skeleton + Estimating the number of relevant implementation states using slicing A finite test suite

Test Generation using Model Checkers Option A: Modifying model checkers and retaining proofs. Option B: Using the idea of reducing LTL model checking to reachability analysis [A. Biere etc], but enhancing the observer to retain proof SMV model Linear Temporal Logic Specification + SMV model + Extended Observer Model Repetition information Extracted Proof Generated test trace

II. From infinite numbers of traces to finite: selecting interesting traces System properties are required to be held on all the paths, we will select only nontrivial paths, whose characteristics are caught by ELTL formula systematically deriving from the properties. LTL  => ELTL formulae a2e(  )={  (  ’ ! ð (  ’))|  ’ Á  } F = G(req -> F(cancel Ç response)) F Æ ( : G(req ! false)) = F Æ F(req) Test the case that there is request F Æ ( : G(true ! F(cancel Ç response))) = F Æ FG( : (cancel Ç response)) Test the case that no cancel or reponses occurs after time t, (hence should not a request occur). F Æ ( : G(req ! F(false Ç response))) = F Æ F(req Æ G( : response)) Test the case that no response follows a request (hence a cancel must be placed) F Æ ( : G(req ! F(cancel Ç false))) = F Æ F(req Æ G( : cancel)) Test the case that no cancel follows a request (hence a reponse must be placed)

From only Property to Test suite: Functional test generation So, what if only behavior (feature) specification is available …… LTL formulae  Nontrivial ELTL formulae Derived from   =a2e(  )  0 2  Æ 2   1 2  Æ 2   n 2  Æ 2  ……. Buchi automaton B 0 Buchi automaton B 1 Buchi automaton B n A trace satisfies  0 A trace satisfies  1 A trace satisfies  n Check nonemptiness

System Modeling CHARON (Model) Flatten hybrid model Implementation Test Suite Predicate set Bad set Reachability Checker Yes w/ Trace Simulation /refinement NO w/ more predicates YES No Testing Hybrid system: simulation-based test generator with predicate-abstract reachability analysis Concretize Coverage Criteria

An implementation of simulation-based test generator a. CHARON simulator with test generator b. Progress report of test generator c. Visual display of generated test traces.

Realizing Test Harness Charon model for CARA Charon model For patient Closed Charon Model for CARA Simulation-based test generator Coverage criteriae Test trace Variable back_EMF Value Time …… Test harness as I/O Interface CARA simulator /model-generated code Standalone executable program Test Result

Conclusion 1. Applying model-checking technique to traditional domain of test generation is appealing. 1. Test generation is centralized on system-specific properties 2. State-of-art model checkers may be adapted as general purpose test generator (and think properties as programs ). 3. Techniques in model checking may help find interesting test traces and provide new angle to view and think test generation. 2. Property-based test generation requires integrated efforts. 1. Test generation  witness generation. 1. Proof is necessary to generate partial test suite and perform optimization. 2. Proof is also needed to extend the notion of “testable” properties. 2. Model-based code generation may help build test harness.