1 Jan Tretmans University of Nijmegen © Jan Tretmans University of Nijmegen Model Based Testing Property Checking for Real.

Slides:



Advertisements
Similar presentations
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Advertisements

Model-Based Testing and Test-Based Modelling
Applications of Automated Model Based Testing with TorX Ed Brinksma Course 2004.
1 Lars Frantzen, Pieter Koopman, René de Vries, Tim Willemse, Jan Tretmans Radboud University Nijmegen © Jan Tretmans Radboud University Nijmegen Testing.
Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Testing and Quality Assurance
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
Formal Conformance Testing of Systems with Refused Inputs and Forbidden Actions Igor Burdonov, Alexander Kossatchev, Victor Kuliamin ISP RAS, Moscow.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Automated Model-Based Testing of Hybrid Systems Michiel van Osch PROSE January 25,
November 2005J. B. Wordsworth: J5DAMQVT1 Design and Method Quality, Verification, and Testing.
Model-based Testing of Hybrid Systems Michiel van Osch IPA Spring Days on Testing 19 April – 21 April 2006.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Software Testing. Overview Definition of Software Testing Problems with Testing Benefits of Testing Effective Methods for Testing.
1 Jan Tretmans Embedded Systems Institute Eindhoven Radboud University Nijmegen Model-Based Testing.
Holger Hermanns Formal Methods for Software Engineering Part III: Applications of Formal Methods Lecture 10: Applications?
1 Jan Tretmans Radboud University Nijmegen (NL) © Jan Tretmans Radboud University Nijmegen together with: University of Twente Enschede.
Software Testing. “Software and Cathedrals are much the same: First we build them, then we pray!!!” -Sam Redwine, Jr.
MCA –Software Engineering Kantipur City College. Topics include  Formal Methods Concept  Formal Specification Language Test plan creation Test-case.
Software Testing Prasad G.
Introduction to Software Testing
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Software Testing Verification and validation planning Software inspections Software Inspection vs. Testing Automated static analysis Cleanroom software.
1 Jan Tretmans Embedded Systems Institute Eindhoven, NL Radboud University Nijmegen, NL Model-Based Testing with Labelled Transition.
1. Topics to be discussed Introduction Objectives Testing Life Cycle Verification Vs Validation Testing Methodology Testing Levels 2.
An Introduction to MBT  what, why and when 张 坚
Balancing Practices: Inspections, Testing, and Others JAXA scenario (formal method) Masa Katahira Japanese Space Agency.
CMSC 345 Fall 2000 Unit Testing. The testing process.
Testing Theory cont. Introduction Categories of Metrics Review of several OO metrics Format of Presentation CEN 5076 Class 6 – 10/10.
Testing with Formal Methods Ed Brinksma course 2004 A Formal Framework.
Model Based Conformance Testing for Extensible Internet Protocols Anastasia Tugaenko Scientific Adviser: Nikolay Pakulin, PhD.
Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.
WSMX Execution Semantics Executable Software Specification Eyal Oren DERI
Model Based Testing Group 7  Nishanth Chandradas ( )  George Stavrinides ( )  Jeyhan Hizli ( )  Talvinder Judge ( )  Saajan.
Introduction to Software Testing. Types of Software Testing Unit Testing Strategies – Equivalence Class Testing – Boundary Value Testing – Output Testing.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Software Verification, Validation and Testing.
Conformance Test Suites, Extensionally Arend Rensink University of Twente Dutch Workshop on Formal Testing Techniques University of Twente 13 September.
Natallia Kokash (Accepted for PACO’2011) ACG, 31/05/ Input-output conformance testing for channel-based connectors 1.
Submodule construction in logics 1 Gregor v. Bochmann, University of Ottawa Using First-Order Logic to Reason about Submodule Construction Gregor v. Bochmann.
Formal methods & Tools Ed Brinksma University of Twente, Netherlands ISSTA/Wosp Rome, July 24 th, 2002 Qualitative and Quantitative Analysis of Software.
Conformance Test Experiments for Distributed Real-Time Systems Rachel Cardell-Oliver Complex Systems Group Department of Computer Science & Software Engineering.
1 Black-box conformance testing for real-time systems Stavros Tripakis VERIMAG Joint work with Moez Krichen.
Ed Brinksma Course 2004 TorX : A Test Generation Tool.
Model-driven Test Generation Oleg Sokolsky September 22, 2004.
HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.
Software Engineering1  Verification: The software should conform to its specification  Validation: The software should do what the user really requires.
Software Testing and Quality Assurance 1. What is the objectives of Software Testing?
Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.
Model Based Testing implementing with tools Ruud van Houwelingen 1 December 2, 2009.
Tomás BarrosMonday, April 18, 2005FIACRE Toulouse p. 1 Behavioural Models for Hierarchical Components Tomás Barros, Ludovic Henrio and Eric Madelaine.
1 Phase Testing. Janice Regan, For each group of units Overview of Implementation phase Create Class Skeletons Define Implementation Plan (+ determine.
Formal Testing with Input-Output Transition Systems Ed Brinksma Course 2004.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.
Test Generation for Input/Output Transition Systems Ed Brinksma Course 2004.
Copyright 1999 G.v. Bochmann ELG 7186C ch.1 1 Course Notes ELG 7186C Formal Methods for the Development of Real-Time System Applications Gregor v. Bochmann.
CS223: Software Engineering Lecture 25: Software Testing.
Laurea Triennale in Informatica – Corso di Ingegneria del Software I – A.A. 2006/2007 Andrea Polini XVIII. Software Testing.
Software Testing.
Testing Tutorial 7.
Software Testing.
Chapter 13 & 14 Software Testing Strategies and Techniques
Software Design Methodology
Introduction to Software Testing
Software testing.
Chapter 10 – Software Testing
Model-based testing of complex manufacturing systems: A case study
Chapter 13 & 14 Software Testing Strategies and Techniques 1 Software Engineering: A Practitioner’s Approach, 6th edition by Roger S. Pressman.
Presentation transcript:

1 Jan Tretmans University of Nijmegen © Jan Tretmans University of Nijmegen Model Based Testing Property Checking for Real

© Jan Tretmans University of Nijmegen 2 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

© Jan Tretmans University of Nijmegen 3 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

© Jan Tretmans University of Nijmegen 4 Testing Testing: to check the quality of an object by performing experiments in a controlled way w.r.t. a specification Software Testing : testing the quality of a software product mn n+m tester IUT

© Jan Tretmans University of Nijmegen 5 Paradox of Software Testing Testing is:  important  much practiced  30% - 50% of project effort  expensive  time critical  not constructive (but sadistic?) But also:  ad-hoc, manual, error-prone  hardly theory / research  no attention in curricula  not cool : “if you’re a bad programmer you might be a tester” Attitude is changing:  more awareness  more professional Improvements possible with formal methods ! ?

© Jan Tretmans University of Nijmegen 6 Types of Testing unit integration system performance robustness functional behaviour white boxblack box Level of detail Accessibility Characteristics usability reliability module stress

© Jan Tretmans University of Nijmegen 7 Testing IUT specification property IUT correct w.r.t. specification tester pass fail test cases scenarios

© Jan Tretmans University of Nijmegen 8 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

© Jan Tretmans University of Nijmegen 9 Formal methods:  proving properties  research  sound theories  “clean” Testing :  trial & error  practice  heuristics  “dirty hands” Testing & Formal Methods A Perfect Couple ? “Testing is not necessary after formal verification” “Testing can only detect the presence of errors, not their absence” “Formal methods are toys for boys” “Formal methods are only for toy problems"

© Jan Tretmans University of Nijmegen 10 Formal Testing Why testing with a formal specification:  improves the testing process  precise and unambiguous basis for testing  allows automatic generation of tests Why no formal verification (theorem proving, model checking, …) :  code/structure of system not accessible (black-box)  system too complex  verification only on model of implementation  prove evidence to customer/user  no formalization possible

© Jan Tretmans University of Nijmegen 11 Development Process informal requirements specification realization design code formalizable

© Jan Tretmans University of Nijmegen 12 Goal: Testing functional behaviour of black-box implementation with respect to specification in formal language based on formal definition of conformance Specification Based Functional Testing with Formal Methods implementation under test formal testing Model assumed to be correct specification s

© Jan Tretmans University of Nijmegen 13 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

© Jan Tretmans University of Nijmegen 14 test execution pass / fail Formal Testing test generation test suite T S specification S implementatio n i correctness criterion implementation relation i passes T s i ioco s     soundexhaustive

© Jan Tretmans University of Nijmegen 15 Formal Testing : Conformance s  SPECS Specification IUT Implementation under Test IUT is concrete, physical object Model the physical world But IUT is black box ! ? Assume that model i IUT exists specification S implementatio n IUT correctness criterion IUT correct wrt s

© Jan Tretmans University of Nijmegen 16 Formal Testing : Test Hypothesis Test hypothesis :  IUT  IMPS.  i IUT  MODS.  t  TESTS. obs ( t, IUT ) = obs ( t, i IUT ) IUT i IUT test t

© Jan Tretmans University of Nijmegen 17 Formal Testing : Conformance specification S implementatio n i IUT formal correctness criterion i IUT imp s s  SPECSSpecification i IUT  MODSmodel of IUT Test hypothesis : each concrete IUT can be modelled by some i IUT  MODS Correctness : i IUT imp s i IUT is not known ; testing to learn about i IUT

© Jan Tretmans University of Nijmegen 18 Completeness exhaustive   sound  Completeness of test suite T s on models:  i  MODS.  t  T s. obs ( t, i ) = pass i imp s

© Jan Tretmans University of Nijmegen 19 Testing for Conformance IUT passes T s  def  t  T s. IUT passes t IUT passes t  def obs ( t, IUT ) = pass Test hypothesis :  t  TESTS. obs ( t, IUT ) = obs ( t, i IUT ) Proof obligation :  i  MODS. (  t  T s. obs ( t, i ) = pass )  i imp s IUT passes T s  IUT correct wrt s ? Definition : IUT correct wrt s IUT correct wrt s i IUT imp s   t  T s. obs ( t, i IUT )= pass   t  T s. obs ( t, IUT )= pass   t  T s. IUT passes t  IUT passes T s 

© Jan Tretmans University of Nijmegen 20 Formal Testing exec : TESTS  IMPS   (OBS) der : SPECS   (TESTS) T s  TESTS s  SPECS IUT  IMPS imp i IUT  MODS obs : TESTS  MODS   (OBS) Proof soundness and exhaustivess:  i  MODS.  t  T s. obs(t,i) = pass  i imp s Test hypothesis :  IUT  IMPS.  i IUT  MODS.  t  TESTS. obs(t, IUT ) = obs(t,i IUT ) pass / fail Then: IUT is correct iff it passes the test

© Jan Tretmans University of Nijmegen 21 Approaches to Formal Testing Instantiations of Formal Framework  Programs as functions (pre/post-conditions)  Finite State Machine / methods with state  Labelled Transition Systems  Abstract Data Type testing

© Jan Tretmans University of Nijmegen 22 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

© Jan Tretmans University of Nijmegen 23 Simple Input/Output Programs  Specification: s  X  Y  Test hypothesis: implementation i :: X  Y  Tests: T  X  Passing a test t  T : ( t, i(t) )  s  Tools: QuickCheck, G  ST  Problem/challenge: select "good" subset T  X: classical techniques: equivalence partitioning, boundary analysis, …… IUT x: Xy: Y

© Jan Tretmans University of Nijmegen 24 Input/Output Program: Example  Specification: propSqrt(x,y) = x  0  |y  y - x|   Possible test set: T = { 0, , 1, , }  Tools like QuickCheck, G  ST easily generate thousands of test cases  But still: what is a "good" set ? IUT i(x) =  x x: real pre: x  0 y: real post: |y  y - x| 

© Jan Tretmans University of Nijmegen 25 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

© Jan Tretmans University of Nijmegen 26 Formal Testing with Transition Systems exec : TESTS  IMPS   (OBS) der : LTS   (TTS) T s  TTS s  LTS IUT  IMPS ioco i IUT  IOTS obs : TTS  IOTS   (traces) Proof soundness and exhaustivess:  i  IOTS. (  t  der(s). t (obs(t,i)) = pass )  i ioco s Test hypothesis :  IUT  IMPS.  i IUT  IOTS.  t  TTS. exec(t, IUT ) = obs(t,i IUT ) pass / fail

© Jan Tretmans University of Nijmegen 27 Labelled Transition Systems Labelled Transition System  S, L, T, s 0  ?coin ?button !alarm ?button !coffee states actions transitions T  S  (L  {  })  S initial state s 0  S

© Jan Tretmans University of Nijmegen 28 i ioco s = def   Straces (s) : out (i after  )  out (s after  ) Implementation Relation ioco Correctness expressed by implementation relation ioco: p  p=  !x  L U  {  }. p !x out ( P )= { !x  L U | p !x, p  P }  {  | p  p, p  P } Straces ( s )= {   (L  {  })* | s  } p after  = { p’ | p  p’ }

© Jan Tretmans University of Nijmegen 29 i ioco s = def   Straces (s) : out (i after  )  out (s after  ) Implementation Relation ioco Correctness expressed by implementation relation ioco: Intuition: i ioco-conforms to s, iff if i produces output x after trace , then s can produce x after  if i cannot produce any output after trace , then s cannot produce any output after  ( quiescence  )

© Jan Tretmans University of Nijmegen 30 ?dub ! choc ?kwart !tea ! coffee ?dub ?kwart ?dub ?kwart ! choc ?dub !tea ioco Implementation Relation ioco ! coffee ?dub !tea s ioco

© Jan Tretmans University of Nijmegen 31 Algorithm To generate a test case from transition system specification s 0 compute T(S), with S a set of states, and initially S = s 0 after  ; 1end test case pass For T(S), apply the following recursively, non-deterministically: 2supply input !a T ( S after ?a   ) Test Generation Algorithm allowed outputs or  : !x  out ( S ) forbidden outputs or  : !y  out ( S ) 3observe output fail T ( S after !x ) fail allowed outputsforbidden outputs ?y  ?x

© Jan Tretmans University of Nijmegen 32 Completeness of Test Generation For every test t generated with algorithm we have:  Soundness : t will never fail with correct implementation i ioco s implies i passes t  Exhaustiveness : each incorrect implementation can be detected with a generated test t i ioco s implies  t : i fails t

© Jan Tretmans University of Nijmegen 33 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

© Jan Tretmans University of Nijmegen 34 A Test Tool : TorX  On-the-fly test generation and test execution  Implementation relation: ioco  Specification languages: LOTOS, Promela, FSP, Automata TorX IUT observe output offer input next input specification check output pass fail inconclusive user: manual automatic

© Jan Tretmans University of Nijmegen 35 TorX

© Jan Tretmans University of Nijmegen 36 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

© Jan Tretmans University of Nijmegen 37 TorX Case Studies  Conference Protocol  EasyLink TV-VCR protocol  Cell Broadcast Centre component  ‘’Rekeningrijden’’ Payment Box protocol  V5.1 Access Network protocol  Easy Mail Melder  FTP Client  “Oosterschelde” storm surge barrier-control academic Philips CMG Interpay Lucent CMG academic CMG

© Jan Tretmans University of Nijmegen 38 Interpay ‘’Rekeningrijden’’ Payment Box Protocol

© Jan Tretmans University of Nijmegen 39 “Rekeningrijden” Characteristics :  Simple protocol  Parallellism :  many cars at the same time  Encryption  Real-time issues  System passed traditional testing phase

© Jan Tretmans University of Nijmegen 40 Payment Box (PB) Road Side Equipment Onboard Unit UDP/IP Wireless ‘’Rekeningrijden’’ Highway Tolling System

© Jan Tretmans University of Nijmegen 41 spec PB TorX Payment Box ‘’Rekeningrijden’’: Test Architecture PCO

© Jan Tretmans University of Nijmegen 42 spec PB + ObuSim + TCP/IP + UDP/IP Payment Box TorX ‘’Rekeningrijden’’: Test Architecture SUT Test Context ObuSim TCP/IPUDP/IP IAPPCO

© Jan Tretmans University of Nijmegen 43 ‘’Rekeningrijden’’: Issues  Parallellism :  very easy  Encryption :  Not all events can be synthesized : Leads to reduced testing power  Real-time :  How to cope with real time constraints ?  Efficient computation for on-the-fly testing ?  Lack of theory: quiescence vs. time-out

© Jan Tretmans University of Nijmegen 44 ‘’Rekeningrijden” : Results  Test results :  1 error during validation (design error)  1 error during testing (coding error)  Automated testing :  beneficial: high volume and reliability  many and long tests executed ( > 50,000 test events )  very flexible: adaptation and many configurations

© Jan Tretmans University of Nijmegen 45 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

© Jan Tretmans University of Nijmegen 46 Concluding ……  Testing can be formal, too (M.-C. Gaudel, TACAS'95)  Testing shall be formal, too  But testing can never be complete  it increases confidence in correctness  Testing can be the first step:  counter-example finding before expensive formal verification  Or the last:  to show that not only the model is correct but also the real system

© Jan Tretmans University of Nijmegen 47 Thanks to... University of Twente: Ed Brinksma, Lex Heerink, Axel Belinfante, Jan Feenstra, René de Vries, Machiel van der Bijl, …… Eindhoven University of Technology: Nicolae Goga, Loe Feijs, Sjouke Mauw University of Nijmegen: Pieter Koopman Philips Research Labs Eindhoven: Lex Heerink, Ron Koymans KPN Research: Erik Kwast, Henri Dol Lucent Technologies - R&D Centre Twente: Arjan de Heer Project Pampa, IRISA, Rennes (Logica)CMG Information Technology: Peter Christian, Robert Spee, Wouter Geurts, …… Interpay B.V.: Cornel van Mastrigt, Rommert Jorritsma Ordina Utopics: Pim Kars ………

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.