Download presentation
Presentation is loading. Please wait.
1
22.11.2002Formal Software Testing and Model Checking Generating Test Cases For a Timed I/O Automaton Model Leonid Mokrushin
2
Formal Software Testing and Model Checking 22.11.2002 Outline Timed I/O automaton model Semantics Relation to Timed Automata Example of timed I/O automaton Symbolic traces Must-traceability May-traceability An efficient algorithm to decide whether a test sequence is executable (traceable) Idea Input actions Output actions Conformance testing method for the model
3
Formal Software Testing and Model Checking 22.11.2002 Timed I/O automaton model is a finite set of states is a finite set of I/O actions is a set of I/O types is a global clock variable is a finite set of variables, which can hold rational numbers is a set of linear inequalities on rational numbers and their logical conjunctions is a set of assignments is a transition relation is the initial state of M is a set of initial values for variables There is no state from which there are two outgoing transitions with the same I/O action
4
Formal Software Testing and Model Checking 22.11.2002 Semantics An element of a transition relation is denoted by s0s1 a? v [true] {x a t,x b v} s2 b![x a ≤t≤x a +x b ] {x b t+0.1*x b } s3 s4 c?[x b -x a ≤3] { } d?[x b -x a >3 and t<x a +20] { } Let execution time of a? v is 5 and input value v is 3 s0->s1: x a 5, x b 3 s1->s2: action b! will be executed when 5 ≤ t ≤ 5 + 3 assume this moment is when t=6, x b 6+0.1*3 =6.3 s2->s3: x b – x a = 6.3 – 5 = 1.3 ≤ 3, hence c? is executable s2->s4: If x b – x a > 3, an input action d? is executable for 20 seconds after a? is executed.
5
Formal Software Testing and Model Checking 22.11.2002 Relation to Timed Automata s0s1s2 The model can simulate any timed automaton in the original version of Alur’s timed automata. t1 0t1 0 a? [0 ≤ t 1 ≤ 5]b! reset(t 1 ) Alur’s model s0s1s2 t1 tt1 t a? [0 ≤ t-t 1 ≤ 5] { } b! [true] {t1 t} Timed I/O model If Alur’s model has several clocks then the corresponding Timed I/O model also has (at most) the same number of variables.
6
Formal Software Testing and Model Checking 22.11.2002 Example data_start? v [true] {x 1 t, ts 1 v} s0 A receiving node of a media synchronization protocol, which allows to synchronize real-time continuous media such as video stream when transfer rate changes quickly. s1 s2 data_end? [x 1 +x ≤ t ≤ x 1 +y] {x 2 t} s3s3 s4s4 s5s5 s6s6s7s7s8s8 s9s9 first_display_start! [t ≤ x 2 +d] {x 3 t} first_display_end! [x 3 +a ≤ t ≤ x 3 +b] {x 4 t} not_mdf! [Th 2 ≥x 9 -(x 3 +w) and t ≤ x 10 +d] {x 3 x 3 +w, ts 1 ts 2 } mdf! [Th 2 <x 9 -(x 3 +w) and t ≤ x 10 +d] {x 3 x 9, ts 1 ts 2 } display_start! [x 6 ≥x 3 +w and t ≤ x 6 +d] {x 9 t} display_start_intime! [x 6 <x 3 +w and x 3 +w ≤ t ≤ x 3 +w+d] {x 7 t} data_start? v [true] {x 5 t, ts 2 v, w v-ts 1 } data_end? [x 5 +x≤ t ≤ x 5 +y] {x 6 t} display_end! [x 7 +a≤ t ≤ x 7 +b] {x 8 t} display_end! [x 9 +a ≤ t ≤ x 9 +b]{x 10 t}
7
Formal Software Testing and Model Checking 22.11.2002 Transition sequences A transition sequence of a timed I/O automaton M is an execution path of the transition graph of M. The value of each variable may change by executing a transition. In order to decide whether a given transition sequence is executable, we must consider how their values change. Step 1. Name each occurrence of variables in a transition sequence - values of variables on i -th state s i of . - execution times of actionsrespectively - input values of the corresponding m data input actions Step 2. Replace each occurrence of variables using an algorithm: j:=0, for p=1 to k do x p (0) := x pinit for i=1 to n do { if $ i = ? v then j:=j+1; $ i := ? vj for p=1 to k do { if x p f(t,v,x 1,…,x k ) D i then x p (i) :=f(t i,v j,x 1 (i-1),…,x k (i-1) ) else x p (i) :=x p (i-1) }
8
Formal Software Testing and Model Checking 22.11.2002 Symbolic traces, must/may traceability A symbolic trace for is: where: are conditions where each x k (i) is obtained by the algorithm described in step 2 and “/” means substitution. Must-traceability: A symbolic trace is must-traceable, if whenever each output action is executed, there always some input timing for each input action such that the rest of the sequence can be executed. May-traceability: A symbolic trace is may-traceable, if for some output timing there exists some input timing such that the rest of the sequence can be executed. We denote condition of must-traceability TrCondMust( ) We denote condition of may-traceability TrCondMay( )
9
Formal Software Testing and Model Checking 22.11.2002 TrCondMust( ) and TrCondMay( ) s0s1s2 a?v a @t a [P a ]b!@t b [P b ] s3 c?v c @t c [P c ] Conditions of must/may traceability are calculated recursively. For example: Must-traceability ( TrCondMust( ) ) : May-traceability ( TrCondMay( ) ): Symbolic trace: In general, TrCondMust( ) and TrCondMay( ) become rational Presburger sentences. The decision problem is known to be NP-hard for the general class. But restricting to inequalities on rational numbers and their logical conjunctions allows to decide must/may traceability effectively.
10
Formal Software Testing and Model Checking 22.11.2002 Efficient decision of must/may traceability (idea) Since the last action a n has no succeeding actions, the executable time t n of an is a solution of the constraint P n. We transform P n into the following conjunction: The lower and upper bounds of t n obtained as: In order that there exists an executable time t n of a n must be true. Thus, if the must-traceability condition is true, then the executable time t n of a n [ t n inf, t n sup ].
11
Formal Software Testing and Model Checking 22.11.2002 Efficient decision of must/may traceability (input actions) s1 a k ?.... snsn … … s k-1 Let a k ? be some input action, and k<n. Execution time t n of a n satisfies the constraint From this constraint we can obtain t k sup and t k inf, hence TrCondMust k ( ) can be obtained also. TrCondMust k ( ) shows whether the transition sequence a k, a k+1,…,a n in is must-traceable. sksk …
12
Formal Software Testing and Model Checking 22.11.2002 Efficient decision of must/may traceability (output actions (1)) Let a k’ ! be some output action, and k’<n. We must consider any moment satisfying P k’ since the output timing of a k’ is uncontrollable. From constraint P k’ we obtain: Then we transform TrCondMust k’+1 ( ) into: And obtain lower and upper bounds of TrCondMust k’+1 ( ):
13
Formal Software Testing and Model Checking 22.11.2002 Efficient decision of must/may traceability (output actions (2)) Action a k’ is executable and the succeeding sequence is also executable for any output timing t k’ of a k’ iff t 1,…,t k’-1 satisfy the following conditions: TrCondMust k’ ( ) is a conjunction of these conditions. TrCondMust 1 ( ) is obtained recursively. It is a logical combination of linear inequalities. By assigning initial values to the variables in V, we get a formula containing only v 1,...,v m (input values). If this formula is satisfiable (linear programming problem), then the given symbolic trace is must-traceable.
14
Formal Software Testing and Model Checking 22.11.2002 Conformance testing method Compose: set of UIO sequences U for each state s i set of transfer sequences V to drive system to s i Decide must/may traceability for V.U o = i v i u i Are all sequences must or at least may traceable? no Run test cases V.U o and V.U x = i≠j v i u’ j a ij on IUT. Each input action is executed with timing computed during must/may traceability analysis. Check timing of observed output actions against spec. yes Does the response from IUT match spec? noyes
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.