USING MODEL CHECKING TO DISCOVER AUTOMATION SURPRISES Java class User: - getExpectation() - checkExpectation() FAULTY EXECUTION start incrMCPAlt pullAltKnob.

Slides:

Advertisements

Similar presentations

Author: Carlos Pacheco, Shuvendu K. Lahiri, Michael D. Ernst, Thomas Ball MIT CSAIL.

Advertisements

Testing Workflow Purpose

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.

Run Time Monitoring of Reactive System Models Mikhail Auguston Naval Postgraduate School Mark Trakhtenbrot Holon Academic Institute of.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Logic Based LSC Consistency Testing Presenter: Anup Niroula.

Introduction To System Analysis and Design

Drawing System Sequence Diagrams

CS 290C: Formal Models for Web Software Lecture 10: Language Based Modeling and Analysis of Navigation Errors Instructor: Tevfik Bultan.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Software Testing and Quality Assurance

The C++ Tracing Tutor: Visualizing Computer Program Behavior for Beginning Programming Courses Rika Yoshii Alastair Milne Computer Science Department California.

Modeling State-Dependent Objects Using Colored Petri Nets

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

UFCEPM-15-M Object-oriented Design and Programming Jin Sa.

 What is Software Testing  Terminologies used in Software testing  Types of Testing  What is Manual Testing  Types of Manual Testing  Process that.

Performing User Interface Design

1CMSC 345, Version 4/04 Verification and Validation Reference: Software Engineering, Ian Sommerville, 6th edition, Chapter 19.

The chapter will address the following questions:

Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.

 ETL: Extract Transformation and Load  Term is used to describe data migration or data conversion process  ETL may be part of the business process repeated.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

PROGRAMMING LANGUAGES The Study of Programming Languages.

272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 17: Code Mining.

UML - Development Process 1 Software Development Process Using UML (2)

Aurora: A Conceptual Model for Web-content Adaptation to Support the Universal Accessibility of Web-based Services Anita W. Huang, Neel Sundaresan Presented.

Object-Oriented Software Testing. C-S 5462 Object-Oriented Software Testing Research confirms that testing methods proposed for procedural approach are.

Understand Application Lifecycle Management

14-1 © Prentice Hall, 2004 Chapter 14: OOSAD Implementation and Operation Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph.

 Knowledge Acquisition  Machine Learning. The transfer and transformation of potential problem solving expertise from some knowledge source to a program.

CHAPTER FOUR COMPUTER SOFTWARE.

SOFTWARE ENGINEERING for REAL-TIME SYSTEMS (© J.E.Cooling 2003) Requirements - slide 1 Software engineering for real-time systems Section 3 Requirements.

14-1 © Prentice Hall, 2004 Chapter 14: OOSAD Implementation and Operation Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph.

Introduction To System Analysis and Design

Testing Workflow In the Unified Process and Agile/Scrum processes.

Using UML, Patterns, and Java Object-Oriented Software Engineering Chapter 4, Requirements Elicitation.

Software Engineering Research paper presentation Ali Ahmad Formal Approaches to Software Testing Hierarchal GUI Test Case Generation Using Automated Planning.

TTCN-3 MOST Challenges Maria Teodorescu

Validating Requirements Determining Completeness and Correctness of Requirements Using the System Reference Model IV&V Workshop 16 September 2009.

Service Service metadata what Service is who responsible for service constraints service creation service maintenance service deployment rules rules processing.

SilkTest 2008 R2 SP1: Silk4J Introduction. ConfidentialCopyright © 2008 Borland Software Corporation. 2 What is Silk4J? Silk4J enables you to create functional.

Mining System-User Interaction Traces for Use Case Models Mohammed El-Ramly Eleni Stroulia Paul Sorenson (presented by Hsiao-Ming Tsou)‏

March 2004 At A Glance autoProducts is an automated flight dynamics product generation system. It provides a mission flight operations team with the capability.

PRJ566 Project Planning & Management Software Architecture.

1 Technical & Business Writing (ENG-715) Muhammad Bilal Bashir UIIT, Rawalpindi.

12-1 © Prentice Hall, 2007 Topic 12: Implementation and Operation OOAD Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph.

Unit 10 Implementation and Operation. Key Concepts Implementation deliverables Documentation Coding Reuse Testing Installation Training Support Factors.

ISBN Prentice-Hall, 2006 Chapter 8 Testing the Programs Copyright 2006 Pearson/Prentice Hall. All rights reserved.

Chapter 5:User Interface Design Concepts Of UI Interface Model Internal an External Design Evaluation Interaction Information Display Software.

Using Symbolic PathFinder at NASA Corina Pãsãreanu Carnegie Mellon/NASA Ames.

UML (Unified Modeling Language)

PROGRAMMING TESTING B MODULE 2: SOFTWARE SYSTEMS 22 NOVEMBER 2013.

Lecture 11: Flight Management System (FMS)

( = “unknown yet”) Our novel symbolic execution framework: - extends model checking to programs that have complex inputs with unbounded (very large) data.

SEESCOASEESCOA SEESCOA Meeting Activities of LUC 9 May 2003.

T EST T OOLS U NIT VI This unit contains the overview of the test tools. Also prerequisites for applying these tools, tools selection and implementation.

Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.

1 Autopilot Tutor. 2 Model Checking the Autopilot GUI Program Program Automatically Replace GUI methods with stubs Instrument Event Handling (Semi-automated)

Requirement Elicitation Review – Class 8 Functional Requirements Nonfunctional Requirements Software Requirements document Requirements Validation and.

Sommerville 9th Edition Chapter 8: Software Testing

24 September 2002© Willem Visser Program Model Checking Enabling Technology Abstraction void add(Object o) { buffer[head] = o; head = (head+1)%size;

Table of Contents Program Model Checking: Case Studies and Practitioner’s Guide John Penix, ARC Owen O’Malley, QSS Lawrence Markosian, QSS Peter Mehlitz,

Tools of Software Development

Chapter 1 Introduction(1.1)

Criteria for rapid prototyping

Presentation transcript:

USING MODEL CHECKING TO DISCOVER AUTOMATION SURPRISES Java class User: - getExpectation() - checkExpectation() FAULTY EXECUTION start incrMCPAlt pullAltKnob fly incrMCPVS fly TRACE TRANSLATOR MACHINEINTERFACE USERUSER TASK start > ncrMCPAlt^{1,10} > pullAltKnob > (pilotExp > fly)^{1,10} > incrMCPVS^{1,10} > (pilotExp > fly)^5; DRIVER GENERATOR Java class User Task STUB GENERATOR GUI STUBS MACHINE CODE JPF MODEL CHECKER Java Models INCONSISTENCY Successful capture region Busted capture region Kill-the-capture anomaly

Explanation of Accomplishment POC: Guillaume Brat and Willem Visser Shown: The aim of this work is to develop an automated approach to identify mode confusion problems (e.g., when a pilot thinks a plane is one mode when the plane is actually in another mode) in automation used in modern aircraft and spacecraft. Specifically, we aim to develop a framework that supports 1) automatic extraction of machine and interface models from code of automation, 2) extraction of user and task models from manuals and training materials, 3) encoding of user tasks in an intuitive notation, 4) automatic code generation from task specifications, and 5) analyzing the obtained models for mode confusion problems. Accomplishment: We demonstrated our approach on the example of a Java web-based autopilot tutorial used at NASA for pilot training. The main approach is to identify the four models of the system: the machine, the interface, the user, and the user task. The user task is described, using regular expressions, as a collection of sequences of actions performed on the display, and the corresponding Java code is generated automatically. The user task plays the role of a driver that synchronously executes the remaining models in the system. The JPF model checker is used to explore all possible executions of the task and to check the consistency of the states across the models. When an inconsistency is discovered, JPF records the (faulty) execution path. We also automatically analyze these faulty execution paths to produce scenarios that illustrate inconsistencies in terms of the actions that the user performs on the display. Future Plans: The focus of the current work is on the extraction of the machine, interface, user, and the task models from given GUI applications. As an extension to the ongoing work, we see ourselves working on 1) verification of several additional GUI applications used for simulation of cockpit and shuttle automation, 2) improving the framework for processing GUI components and extracting meaningful models from them, 3) developing a framework for interface design and code generation for interfaces, and 4) construction of more elaborate user models.

USING MODEL CHECKING TO DISCOVER AUTOMATION SURPRISES Kill-the-capture region: if the pilot tries to capture an altitude in this region, the command is ignored by the flight control system, and the plane keeps going past its desired altitude. Capture region: if the pilot tries to capture an altitude in this region, the command is accepted by the flight control system, and the plane will level off at the desired altitude. kill-the-capture anomaly The pilot’s expectations and task can be modeled in a program, which can drive the code of the flight control system of a plane JAVA PROGRAM Void climb (int alt) { …. } Void move_rudder() { … } JPF explores all possible executions of this code, finds erroneous behaviors, and produces an error trace The error trace is translated into an anomalous scenario JPF Model Checker

Explanation of Accomplishment POC: Guillaume Brat, Oksana Tkatchuk and Willem Visser Shown: The aim of this work is to develop an automated approach to identify mode confusion problems in automation used in modern aircraft and spacecraft. These problems arise when a pilot thinks a plane is one mode when the plane is actually in another mode. For example, when a pilot tries to capture an altitude in the wrong region, the plane will keep climbing (or descending) rather than leveling off. In our work, we have developed a framework that supports 1) the automatic extraction of machine and interface models from flight control code, 2) the creation of user models in Java, 3) the encoding of user tasks in an intuitive notation that is automatically translated into Java code, and 4) the analysis of the obtained models for mode confusion problems. Accomplishment: Previous work in this area required to model the machine (flight control system), the user (pilot), its task, and the interface (cockpit display) in a formal language. In our work, all can be done using the actual code that is flown. Hence, we achieve a substantial gain in terms of fidelity of the analysis. We also simplify and automate the task of verifying these interactive systems. Future Plans: The focus of the current work is on the extraction of the machine, interface, user, and the task models from given GUI applications. As an extension to the ongoing work, we see ourselves working on 1) verifying several additional GUI applications used for simulation of cockpit and shuttle automation, 2) improving the framework for processing GUI components and extracting meaningful models from them, 3) developing a framework for interface design and code generation for interfaces, and 4) constructing more elaborate user models.