Evaluation and Improvement of ETCS Test Cases for the Ceiling Speed Monitor
|
|
- Julius Ramsey
- 5 years ago
- Views:
Transcription
1 Evaluation and Improvement of ETCS Test Cases for the Ceiling Speed Monitor Jan Peleska, Cecile Braunstein, Wen-ling Huang, Felix Hübner, and Uwe Schulze
2 Background ERTMS/ETCS specification describes system test cases in SUBSET-076 These test cases have the following objectives Verify availability and correctness of essential functions Verify conformance to the standard
3 Evaluation Technique Develop a test model for the CSM Formalise SUBSET-076 CSM tests so that they can be used for test data generation and test execution in RT-Tester model-based testing environment Develop a reference specification
4 Evaluation Technique Create mutants of the reference implementation Test Suite A. Run SUBSET-076 test suite against the mutants Test Suite B. Run extended SUBSET-076 test suite against the mutants, where sub-requirements have been considered Test Suite C. Run standard RT-Tester MBT tests against the mutants (transition coverage, MC/DC coverage ) Test Suite D. Run novel equivalence class strategy against the mutants Compare the model coverage and the mutation score achieved
5 Main Results Requirements Coverage / Model Coverage
6 Main Results Mutation Score
7 Remarks Equivalence class testing method is complete with respect to a given fault domain Every correct behaviour of an SUT will be accepted (soundness) Every erroneous behaviour of the SUT will be rejected, provided that the true SUT behaviour is inside a (very large) set of pre-defined behavioural models (exhaustiveness) Experiments have shown that the equivalence class strategy also shows superior test strength for SUT behaviours outside the fault domain
8 Improvements for SUBSET-076 We can easily improve the ETCS SUBSET-076 test suite by a (not tool large) number of test cases: Add test cases for case distinctions in the guard conditions concerning overspeeding Add some boundary value test
9 CSM-Behaviour Detailed Guard Conditions dv warning (V MRSP )= min{ V MRSP, 5} if V MRSP > if V MRSP apple 110 (1) dv sbi (V MRSP )= min{ VMRSP, 10} if V MRSP > if V MRSP apple 110 (2) dv ebi (V MRSP )= min{ VMRSP, 15} if V MRSP > if V MRSP apple 110 (3)
10 dv ebi (V MRSP )= min{ VMRSP, 15} if V MRSP > if V MRSP apple 110 Admissible tolerance is constant in ranges V_mrsp in [0,110], [210,max] and increases with constant gradient in range [110,210] 15 Test Case 3 Test Case Test Case V mrsp
11 Appendix II The Ceiling Speed Monitoring Model
12 The CSM Model Three variants of speed monitoring are performed by the ETCS onboard computer (EVC European Vital Computer) 1.Ceiling speed monitoring (CSM) supervise observance of maximal speed allowed according to speed profile 2.Target speed monitoring enforce speed restrictions while train brakes to a target 3.Release speed monitoring supervises speed while train approaches end of movement authority
13 The CSM Model SysML Model structure Top-down decomposition of blocks First decomposition shows interface between test environment (TE) and system under test (SUT) Last decomposition is associated with behaviour Model behaviour is represented by means of Block operations State machines
14 The CSM Model TE-SUT Interface
15 The CSM Model TE-SUT Interface V_est: estimated speed V_mrsp: maximal speed allowed
16 The CSM Model TE-SUT Interface allowrevokeeb: release condition for emergency brake SBAvailable: configuration switch for service brake csmswitch: activation switch for CSM functionality
17 The CSM Model TE-SUT Interface DMICmd: indications on drivermachine interface
18 The CSM Model TE-SUT Interface DMICmd: indications on drivermachine interface NORMAL OVERSPEED WARNING INTERVENTION
19 The CSM Model TE-SUT Interface TICmd: Train interface commands to service brake and emergency brake
20 The CSM Model TE-SUT Interface TICmd: Train interface commands to service brake and emergency brake NO_CMD SERVICE_BRAKE_CMD EMER_BRAKE_CMD
21 The CSM Model CSM Block
22 The CSM Model CSM Behaviour
23 CSM-Behaviour Detailed Guard Conditions dv warning (V MRSP )= min{ V MRSP, 5} if V MRSP > if V MRSP apple 110 (1) dv sbi (V MRSP )= min{ VMRSP, 10} if V MRSP > if V MRSP apple 110 (2) dv ebi (V MRSP )= min{ VMRSP, 15} if V MRSP > if V MRSP apple 110 (3)
24 dv ebi (V MRSP )= min{ VMRSP, 15} if V MRSP > if V MRSP apple 110 Admissible tolerance is constant in ranges V_mrsp in [0,110], [210,max] and increases with constant gradient in range [110,210] V mrsp
25 Appendix II Complete Model-based Equivalence Class Partitioning Strategy
26 Complete Test Strategy System domain Strategy is specified on semantic level: Reactive State Transition Systems (RSTS) All concrete modelling formalisms whose semantics can be encoded as RSTS, inherit test strategy from RSTS
27 Complete Test Strategy Reactive State Transition Systems (RSTS) S = (S, s 0,R) S V! D Variable valuation functions V = I [ M [ O Input, internal, output variable symbols D = Variable domains R S S transition relation Types of input variables may be infinite
28 Complete Test Strategy Reactive State Transition Systems (RSTS) Quiescent states: accept inputs, have quiescent or transient post states Transient states: do not accept inputs, have quiescent post states Livelock free
29 Complete Test Strategy q changes outputs and internal state, deterministic q t q only inputs change Reactive State Transition Systems (RSTS)
30 Complete Test Strategy I/O equivalence Two states are I/O-equivalent if every input trace applied to these states lead to the same output trace observable in quiescent states Two systems are I/O-equivalent if their initial states are I/O equivalent s s 0 8 = ~c 1...~c n 2 D I :(s/ ) O =(s 0 / ) O
31 Complete Test Strategy I/O equivalence Two states are I/O-equivalent if every input trace applied to these states lead to the same output trace observable in quiescent states Two systems are I/O-equivalent if their initial states are I/O equivalent s s 0 8 = ~c 1...~c n 2 D I :(s/ ) O =(s 0 / ) O input trace
32 Complete Test Strategy I/O equivalence Two states are I/O-equivalent if every input trace applied to these states lead to the same output trace observable in quiescent states Two systems are I/O-equivalent if their initial states are I/O equivalent s s 0 8 = ~c 1...~c n 2 D I :(s/ ) O =(s 0 / ) O resulting quiescent state trace, restricted to outputs
33 Complete Test Strategy Input Equivalence Class Partitioning (IECP) Factorise quiescent states into I/O-equivalence classes q Factorise input space into input equivalence classes (IEC) X, such that For all inputs c of input equivalence class X For all I/O-equivalence classes q For all states s in q s/c resides in the same target I/O-equivalence class B(q,X)
34 Complete Test Strategy Input Equivalence Class Partitioning (IECP) Factorise quiescent states into I/O-equivalence classes q Factorise input space into input equivalence classes (IEC) X, such that For all inputs c of input equivalence class X For all I/O-equivalence classes q For all states s in q target state resulting from changing inputs in state s to c s/c resides in the same target I/O-equivalence class B(q,X)
35 Complete Test Strategy Fault model Reference model Conformance relation Fault domain F =(S,, D(S, m, I 2 ))
36 Complete Test Strategy CSM model as RSTS semantic representation of SysML model F =(S,, D(S, m, I 2 ))
37 Complete Test Strategy I/O-equivalence as conformance relation F =(S,, D(S, m, I 2 ))
38 Complete Test Strategy Maximal number of I/O-equivalence classes for each member of the fault domain F =(S,, D(S, m, I 2 ))
39 Complete Test Strategy A refined IECP satisfying 8X 2I,X 0 2I 0 : X \ X 0 6=? ) 9X 2 2I 2 : X 2 X \ X 0 F =(S,, D(S, m, I 2 ))
40 Complete Test Strategy IECP of CSM reference model A refined IECP satisfying 8X 2I,X 0 2I 0 : X \ X 0 6=? ) 9X 2 2I 2 : X 2 X \ X 0 F =(S,, D(S, m, I 2 ))
41 Complete Test Strategy IECP of fault domain member A refined IECP satisfying 8X 2I,X 0 2I 0 : X \ X 0 6=? ) 9X 2 2I 2 : X 2 X \ X 0 F =(S,, D(S, m, I 2 ))
42 Complete Test Strategy A refined IECP satisfying 8X 2I,X 0 2I 0 : Refined IECP X \ X 0 6=? ) 9X 2 2I 2 : X 2 X \ X 0 F =(S,, D(S, m, I 2 ))
43 If X triggers behaviour in some CSM state s, and X triggers non-conforming behaviour of RSTS representing SUT behaviour, then there exists X2 in intersection of X, X, and a member of X2 will be used in the test 8X 2I,X 0 2I 0 : X \ X 0 6=? ) 9X 2 2I 2 : X 2 X \ X 0 F =(S,, D(S, m, I 2 ))
44 Complete Test Strategy Theorem. Given any IECP, create input alphabet A by selecting one input candidate c from each IEC X. For arbitrary input trace ɩ, there exists another input trace τ in A*, such that ɩ and τ produce the same outputs, when applied to any start state s. 8 2 D I : 9 2A : 8s 2 S :# =# ^ (s/ ) O =( / ) O
45 Complete Test Strategy I/O-equivalence class factorisation and IECP induce complete DFSM abstraction of test model Extract input DFSM alphabet A from refined IECP I_2 Apply complete DFSM strategy for DFSM fault model with maximal number of states m and conformance relation DFSM-equivalence Complete DFSM strategies are, e.g., W-Method or Wp-Method Theorem. DFSM(reference model) DFSM-equivalent to DFSM(implementation) if and only if RSTS(reference model) I/O-equivalent to RSTS(implementation)
46 ~c 3,~c 4 /(3, 0) ~c 6 /(4, 2) ~c 1,~c 3,~c 4,~c 5,~c 6 /(4, 2) Warning ~c 5 /(4, 2 sb 0 ) Service Brake Intervention ~c 6 /(4, 2) Emergency Brake Intervention ~c 5 /(4, 2 sb 0 ) ~c 3,~c 4,~c 5 /(4, 2 sb 0 ) ~c 6 /(4, 2) ~c 4 /(3, 0) ~c 1,~c 2 /(0, 0) ~c 1,~c 2 /(0, 0) ~c 2 /(0, 0) Normal or Overspeed ~c 1,~c 2 /(0, 0) ~c 3 /(2, 0)
47 Test suites resulting from W-Method application ~c i V est V MRSP allowrevokeeb X i specified by ~c X 1 0 <V est apple V MRSP ^ allowrevokeeb =0 ~c X 2 V est =0_ (V est apple V MRSP ^ allowrevokeeb = 1) ~c X 3 V MRSP <V est apple V MRSP + dv warning (V MRSP ) ~c X 4 V MRSP + dv warning (V MRSP ) <V est apple V MRSP + dv sbi (V MRSP ) ~c X 5 V MRSP + dv sbi (V MRSP ) <V est apple V MRSP + dv ebi (V MRSP ) ~c X 6 V MRSP + dv ebi (V MRSP ) <V est Coarsest IECP EST SUITE sb0 =1 = {~c i.~c j.~c k.~c 3 i, j, k =1,...,6}[ {~c j.~c i.~c k.~c h.~c 3 h, i, k =1,...,6, j =4,...,6} EST SUITE sb0 =0 = {~c i.~c j.~c h.~c g h, i, j =1,...,6, g =1, 3}[ {~c j.~c i.~c k.~c h.~c g h, i, k =1,...,6, j =4,...,6, g =1, 3}
A SysML Test Model and Test Suite for the ETCS Ceiling Speed Monitor Technical report, Work Package 4
Downloaded from orbit.dtu.dk on: Dec 25, 2018 A SysML Test Model and Test Suite for the ETCS Ceiling Speed Monitor Technical report, Work Package 4 Braunstein, Cécile; Peleska, Jan; Schulze, Uwe; Hübner,
More informationComplete Model-Based Equivalence Class Testing for the ETCS Ceiling Speed Monitor
Downloaded from orbit.dtu.dk on: Jul 06, 2018 Complete Model-Based Equivalence Class Testing for the ETCS Ceiling Speed Monitor Braunstein, Cécile; Haxthausen, Anne Elisabeth; Huang, Wen-ling; Hübner,
More informationSpecialised Test Strategies
Grant Agreement: 287829 Comprehensive Modelling for Advanced Systems of Systems Specialised Test Strategies Technical Note Number: D34.2 Version: 2.1 Date: September 2013 Public Document http://www.compass-research.eu
More informationTest Automation. Foundations and Applications of Model-based Testing
Test Automation Foundations and Applications of Model-based Testing Lecture Notes Jan Peleska and Wen-ling Huang {jp,huang}@cs.uni-bremen.de Issue 3.2 2017-04-26 Note. These lecture notes are still under
More informationComplete Model-based Testing in Practise
Complete Model-based Testing in Practise Jan Peleska University of Bremen and Verified Systems International GmbH jp@cs.uni-bremen.de TAV 2016 Program testing can best show the presence of errors but never
More informationIndustrial Verification of Avionic, Automotive, and Railway Systems Practical Applications and Theoretical Foundations
Industrial Verification of Avionic, Automotive, and Railway Systems Practical Applications and Theoretical Foundations Jan Peleska University of Bremen and Verified Systems International GmbH jp@cs.uni-bremen.de
More informationSemantic Families for Cyber-physical Systems
Semantic Families for Cyber-physical Systems Jan Peleska University of Bremen Verified Systems International GmbH jp@cs.uni-bremen.de 2015-12-07 BCS FACS - Annual Peter Landin Semantics Seminar 2015 Overview
More informationTesting Safety-critical Discrete- State Systems Mathematical Foundations and Concrete Algorithms
Testing Safety-critical Discrete- State Systems Mathematical Foundations and Concrete Algorithms Wen-ling Huang and Jan Peleska University of Bremen {huang,jp}@cs.uni-bremen.de Background My research group
More informationProperty Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms
Property Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms Wen-ling Huang and Jan Peleska University of Bremen {huang,jp}@cs.uni-bremen.de MBT-Paradigm Model Is a partial
More informationIndustrial-Strength Model-Based Testing - State of the Art and Current Challenges
Industrial-Strength Model-Based Testing - State of the Art and Current Challenges Jan Peleska University of Bremen, Department of Mathematics and Computer Science, Bremen, Germany Verified Systems International
More informationTesting Distributed Systems
Testing Distributed Systems R. M. Hierons Brunel University, UK rob.hierons@brunel.ac.uk http://people.brunel.ac.uk/~csstrmh Work With Jessica Chen Mercedes Merayo Manuel Nunez Hasan Ural Model Based Testing
More informationA General Testability Theory: Classes, properties, complexity, and testing reductions
A General Testability Theory: Classes, properties, complexity, and testing reductions presenting joint work with Luis Llana and Pablo Rabanal Universidad Complutense de Madrid PROMETIDOS-CM WINTER SCHOOL
More informationTESTING is one of the most important parts of the
IEEE TRANSACTIONS 1 Generating Complete Controllable Test Suites for Distributed Testing Robert M. Hierons, Senior Member, IEEE Abstract A test suite is m-complete for finite state machine (FSM) M if it
More informationModel-based conformance test generation for timed systems
Model-based conformance test generation for timed systems Thierry Jéron Joint work with Nathalie Bertrand, Amélie Stainer, Moez Krichen INRIA Rennes - Bretagne Atlantique, France Thierry.Jeron@inria.fr
More informationTesting for Refinement in CSP
Author manuscript, published in "Formal Methods and Software Engineering, ICFEM 2007, Boca-Raton : United States (2007)" Testing for Refinement in CSP Ana Cavalcanti 1 and Marie-Claude Gaudel 2 1 University
More informationEE249 - Fall 2012 Lecture 18: Overview of Concrete Contract Theories. Alberto Sangiovanni-Vincentelli Pierluigi Nuzzo
EE249 - Fall 2012 Lecture 18: Overview of Concrete Contract Theories 1 Alberto Sangiovanni-Vincentelli Pierluigi Nuzzo Outline: Contracts and compositional methods for system design Where and why using
More informationTest Statistique Structurel et Fonctionnel
Test Statistique Structurel et Fonctionnel Pascale Thévenod-Fosse, Hélène Waeselynck {thevenod,waeselyn}@laas.fr Journée Club SEE "Systèmes informatiques de confiance" Thème : Test Paris, le 1er juin 1999
More informationAlgebraic Trace Theory
Algebraic Trace Theory EE249 Roberto Passerone Material from: Jerry R. Burch, Trace Theory for Automatic Verification of Real-Time Concurrent Systems, PhD thesis, CMU, August 1992 October 21, 2002 ee249
More informationAlgebraic Trace Theory
Algebraic Trace Theory EE249 Presented by Roberto Passerone Material from: Jerry R. Burch, Trace Theory for Automatic Verification of Real-Time Concurrent Systems, PhD thesis, CMU, August 1992 October
More information1 Introduction. 1.1 The Problem Domain. Self-Stablization UC Davis Earl Barr. Lecture 1 Introduction Winter 2007
Lecture 1 Introduction 1 Introduction 1.1 The Problem Domain Today, we are going to ask whether a system can recover from perturbation. Consider a children s top: If it is perfectly vertically, you can
More informationDISTINGUING NON-DETERMINISTIC TIMED FINITE STATE MACHINES
DISTINGUING NON-DETERMINISTIC TIMED FINITE STATE MACHINES Maxim Gromov 1, Khaled El-Fakih 2, Natalia Shabaldina 1, Nina Yevtushenko 1 1 Tomsk State University, 36 Lenin Str.. Tomsk, 634050, Russia gromov@sibmail.com,
More informationOn the Executability of Interactive Computation. June 23, 2016 Where innovation starts
On the Executability of Interactive Computation Bas Luttik Fei Yang June 23, 2016 Where innovation starts Outline 2/37 From Computation to Interactive Computation Executability - an Integration of Computability
More informationRobust Controller Synthesis in Timed Automata
Robust Controller Synthesis in Timed Automata Ocan Sankur LSV, ENS Cachan & CNRS Joint with Patricia Bouyer, Nicolas Markey, Pierre-Alain Reynier. Ocan Sankur (ENS Cachan) Robust Control in Timed Automata
More informationErly Marsh - a Model-Based Testing tool. Johan Blom, PhD
Erly Marsh - a Model-Based Testing tool Johan Blom, PhD 1 Motivation Mobile Arts Develops server software for mobile telecom operators (Location server, SMSC etc.) Implementations rather big and complicated
More informationFormal Conformance Testing 2006
Formal Conformance Testing 2006 Lecture 1 14th Sep 2006 Welcome! This is T-79.5304: Formal Conformance Testing Lectures from 10 to 12 am, no regular tutorials Cancellations and other notes at the web page
More informationTrace Diagnostics using Temporal Implicants
Trace Diagnostics using Temporal Implicants ATVA 15 Thomas Ferrère 1 Dejan Nickovic 2 Oded Maler 1 1 VERIMAG, University of Grenoble / CNRS 2 Austrian Institute of Technology October 14, 2015 Motivation
More informationLecture 05: High-Level Design with SysML. An Introduction to SysML. Where are we? What is a model? The Unified Modeling Language (UML)
Where are we? Systeme hoher Sicherheit und Qualität Universität Bremen, WS 2017/2018 Lecture 05: High-Level Design with SysML Christoph Lüth, Dieter Hutter, Jan Peleska 01: Concepts of Quality 02: Legal
More informationModel Based Testing -- FSM based testing
Model Based Testing -- FSM based testing Brian Nielsen {bnielsen}@cs.aau.dk Automated Model Based Conformance Testing x>=2 Model DBLclick! click? x:=0 click? x
More informationComparing State Machines: Equivalence and Refinement
Chapter 14 Comparing State Machines: Equivalence and Refinement Hongwei Zhang http://www.cs.wayne.edu/~hzhang/ Ack.: this lecture is prepared in part based on slides of Lee, Sangiovanni-Vincentelli, Seshia.
More informationModel-based Mutation Testing via Symbolic Refinement Checking
Model-based Mutation Testing via Symbolic Refinement Checking Bernhard K. Aichernig a, Elisabeth Jöbstl a, Stefan Tiran a,b a Institute for Software Technology, Graz University of Technology Inffeldgasse
More informationTesting with model checkers: A survey
COMPETENCE NETWORK SOFTNET AUSTRIA Testing with model checkers: A survey SNA-TR-2007-P2-04 Gordon Fraser, Franz Wotawa, Paul E. Ammann SNA TECHNICAL REPORT NOVEMBER 2007 Competence Network Softnet Austria,
More informationModel-Based Testing: Testing from Finite State Machines
Model-Based Testing: Testing from Finite State Machines Mohammad Mousavi University of Leicester, UK IPM Summer School 2017 Mousavi FSM-Based Testing IPM 2017 1 / 64 Finite State Machines Outline 1 Finite
More informationTest generation from recursive tiles systems
Test generation from recursive tiles systems Sébastien Chédor 1, Thierry Jéron 2, Christophe Morvan 3 1 Université de Rennes I 2 INRIA Rennes - Bretagne Atlantique, 3 Université Paris-Est, Marne-La-Vallée,
More informationProbabilistic testing coverage
Probabilistic testing coverage NICOLAE GOGA Eindhoven University of Technology P.O. Box 513, 5600 MB Eindhoven THE NETHERLANDS Abstract: This paper describes a way to compute the coverage for an on-the-fly
More informationFormal Testing from Timed Finite State Machines
Formal Testing from Timed Finite State Machines Mercedes G. Merayo a, Manuel Núñez a and Ismael Rodríguez a a Departamento de Sistemas Informáticos y Computación Universidad Complutense de Madrid, E-28040
More informationDIAGNOSING MULTIPLE FAULTS IN COMMUNICATING FINITE STATE MACHINES
DIAGNOSING MULTIPLE FAULTS IN COMMUNICATING FINITE STATE MACHINES Khaled El-Fakih+, Nina Yevtushenko++ and Gregor v. Bochmann+ +School of Information Technology and Engineering,University of Ottawa, ON,
More informationTime(d) Petri Net. Serge Haddad. Petri Nets 2016, June 20th LSV ENS Cachan, Université Paris-Saclay & CNRS & INRIA
Time(d) Petri Net Serge Haddad LSV ENS Cachan, Université Paris-Saclay & CNRS & INRIA haddad@lsv.ens-cachan.fr Petri Nets 2016, June 20th 2016 1 Time and Petri Nets 2 Time Petri Net: Syntax and Semantic
More informationBITS F464: MACHINE LEARNING
BITS F464: MACHINE LEARNING Lecture-09: Concept Learning Dr. Kamlesh Tiwari Assistant Professor Department of Computer Science and Information Systems Engineering, BITS Pilani, Rajasthan-333031 INDIA Jan
More informationPDF hosted at the Radboud Repository of the Radboud University Nijmegen
PDF hosted at the Radboud Repository of the Radboud University Nijmegen The following full text is a preprint version which may differ from the publisher's version. For additional information about this
More informationA Simplified Approach for Testing Real-Time Systems Based on Action Refinement
A Simplified Approach for Testing Real-Time Systems Based on Action Refinement Saddek Bensalem, Moez Krichen, Lotfi Majdoub, Riadh Robbana, Stavros Tripakis Verimag Laboratory, Centre Equation 2, avenue
More informationHoare Logic and Model Checking
Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Introduction In the
More information} Some languages are Turing-decidable A Turing Machine will halt on all inputs (either accepting or rejecting). No infinite loops.
and their languages } Some languages are Turing-decidable A Turing Machine will halt on all inputs (either accepting or rejecting). No infinite loops. } Some languages are Turing-recognizable, but not
More informationCS 21 Decidability and Tractability Winter Solution Set 3
CS 21 Decidability and Tractability Winter 2018 Posted: January 31 Solution Set 3 If you have not yet turned in the Problem Set, you should not consult these solutions. 1. (a) A 2-NPDA is a 7-tuple (Q,,
More informationSeamless Model Driven Development and Tool Support for Embedded Software-Intensive Systems
Seamless Model Driven Development and Tool Support for Embedded Software-Intensive Systems Computer Journal Lecture - 22nd June 2009 Manfred Broy Technische Universität München Institut für Informatik
More informationAlgorithmic verification
Algorithmic verification Ahmed Rezine IDA, Linköpings Universitet Hösttermin 2018 Outline Overview Model checking Symbolic execution Outline Overview Model checking Symbolic execution Program verification
More informationAutomatic Verication and Conformance Testing for Validating Safety Properties of Reactive Systems
Automatic Verication and Conformance Testing for Validating Safety Properties of Reactive Systems Vlad Rusu, Hervé Marchand, and Thierry Jéron IRISA/INRIA, Campus de Beaulieu, Rennes, France First.Last@irisa.fr
More information6.8 The Post Correspondence Problem
6.8. THE POST CORRESPONDENCE PROBLEM 423 6.8 The Post Correspondence Problem The Post correspondence problem (due to Emil Post) is another undecidable problem that turns out to be a very helpful tool for
More informationStéphane Lafortune. August 2006
UNIVERSITY OF MICHIGAN DEPARTMENT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE LECTURE NOTES FOR EECS 661 CHAPTER 1: INTRODUCTION TO DISCRETE EVENT SYSTEMS Stéphane Lafortune August 2006 References for
More informationhal , version 1-10 Sep 2013
Verification of Modular Systems with Unknown Components Combining Testing and Inference Roland Groz 1, Keqin Li 2, Alexandre Petrenko 3 1 Université de Grenoble, LIG Lab, France. Roland.Groz@imag.fr 2
More informationAutomata with modulo counters and nondeterministic counter bounds
Loughborough University Institutional Repository Automata with modulo counters and nondeterministic counter bounds This item was submitted to Loughborough University's Institutional Repository by the/an
More informationThe State Explosion Problem
The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis
More informationTesting of real-time systems IOCO
Testing of real-time systems IOCO Brian Nielsen bnielsen@cs.aau.dk With Kim Larsen, Marius Mikucionis, Arne Skou Automated Model Based Conformance Testing x>=2 Model DBLclick! click? x:=0 click? x
More informationarxiv: v1 [cs.lo] 19 Mar 2019
Turing-Completeness of Dynamics in Abstract Persuasion Argumentation Ryuta Arisaka arxiv:1903.07837v1 [cs.lo] 19 Mar 2019 ryutaarisaka@gmail.com Abstract. Abstract Persuasion Argumentation (APA) is a dynamic
More informationDeterministic Finite Automata
Deterministic Finite Automata COMP2600 Formal Methods for Software Engineering Ranald Clouston Australian National University Semester 2, 2013 COMP 2600 Deterministic Finite Automata 1 Pop quiz What is
More informationGENERATING SETS AND DECOMPOSITIONS FOR IDEMPOTENT TREE LANGUAGES
Atlantic Electronic http://aejm.ca Journal of Mathematics http://aejm.ca/rema Volume 6, Number 1, Summer 2014 pp. 26-37 GENERATING SETS AND DECOMPOSITIONS FOR IDEMPOTENT TREE ANGUAGES MARK THOM AND SHEY
More informationCours M.2-6 «Interprétation abstraite: applications à la vérification et à l analyse statique» Examen partiel. Patrick Cousot.
Master Parisien de Recherche en Informatique École normale supérieure Année scolaire 2010/2011 Cours M.2-6 «Interprétation abstraite: applications à la vérification et à l analyse statique» Examen partiel
More informationmodels, languages, dynamics Eugene Asarin PIMS/EQINOCS Workshop on Automata Theory and Symbolic Dynamics LIAFA - University Paris Diderot and CNRS
models, s, LIAFA - University Paris Diderot and CNRS PIMS/EQINOCS Workshop on Automata Theory and Symbolic Dynamics Context A model for verification of real-time systems Invented by Alur and Dill in early
More informationCS20a: NP completeness. NP-complete definition. Related properties. Cook's Theorem
CS20a: NP completeness Cook s theorem SAT is an NP-complete problem http://www.cs.caltech.edu/courses/cs20/a/ December 2, 2002 1 NP-complete definition A problem is in NP if it can be solved by a nondeterministic
More informationA Goal-Oriented Algorithm for Unification in EL w.r.t. Cycle-Restricted TBoxes
A Goal-Oriented Algorithm for Unification in EL w.r.t. Cycle-Restricted TBoxes Franz Baader, Stefan Borgwardt, and Barbara Morawska {baader,stefborg,morawska}@tcs.inf.tu-dresden.de Theoretical Computer
More informationSoftware Verification with Abstraction-Based Methods
Software Verification with Abstraction-Based Methods Ákos Hajdu PhD student Department of Measurement and Information Systems, Budapest University of Technology and Economics MTA-BME Lendület Cyber-Physical
More informationsystem perform its tasks (performance testing), how does the system react if its environment does not behave as expected (robustness testing), and how
Test Generation with Inputs, Outputs, and Repetitive Quiescence Jan Tretmans Tele-Informatics and Open Systems Group Department of Computer Science University of Twente P.O. Box 17, NL-7500 AE Enschede
More informationInquiry Calculus and the Issue of Negative Higher Order Informations
Article Inquiry Calculus and the Issue of Negative Higher Order Informations H. R. Noel van Erp, *, Ronald O. Linger and Pieter H. A. J. M. van Gelder,2 ID Safety and Security Science Group, TU Delft,
More informationP Colonies with a Bounded Number of Cells and Programs
P Colonies with a Bounded Number of Cells and Programs Erzsébet Csuhaj-Varjú 1 Maurice Margenstern 2 György Vaszil 1 1 Computer and Automation Research Institute Hungarian Academy of Sciences Kende utca
More informationTime and Timed Petri Nets
Time and Timed Petri Nets Serge Haddad LSV ENS Cachan & CNRS & INRIA haddad@lsv.ens-cachan.fr DISC 11, June 9th 2011 1 Time and Petri Nets 2 Timed Models 3 Expressiveness 4 Analysis 1/36 Outline 1 Time
More informationDependable Computer Systems
Dependable Computer Systems Part 3: Fault-Tolerance and Modelling Contents Reliability: Basic Mathematical Model Example Failure Rate Functions Probabilistic Structural-Based Modeling: Part 1 Maintenance
More informationDesign of Distributed Systems Melinda Tóth, Zoltán Horváth
Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052
More informationIntroduction to Embedded Systems
Introduction to Embedded Systems Edward A. Lee & Sanjit A. Seshia UC Berkeley EECS 124 Spring 2008 Copyright 2008, Edward A. Lee & Sanjit A. Seshia, All rights reserved Lecture 6: Modeling Modal Behavior,
More informationAn integration testing method that is proved to find all faults
An integration testing method that is proved to find all faults Florentin Ipate & Mike Holcombe Formal Methods and Software Engineering (FORMSOFT) Group Department of Computer Science University of Sheffield,
More informationPushdown Automata. Chapter 12
Pushdown Automata Chapter 12 Recognizing Context-Free Languages We need a device similar to an FSM except that it needs more power. The insight: Precisely what it needs is a stack, which gives it an unlimited
More informationTESTING TIMED FINITE STATE MACHINES WITH GUARANTEED FAULT COVERAGE
TESTING TIMED FINITE STATE MACHINES WITH GUARANTEED FAULT COVERAGE Khaled El-Fakih 1, Nina Yevtushenko 2 *, Hacene Fouchal 3 1 American University o Sharjah, PO Box 26666, UAE kelakih@aus.edu 2 Tomsk State
More informationFoundations of the X-machine Theory for Testing
Foundations of the X-machine Theory for Testing Research Report CS-02-06 J. Aguado and A. J. Cowling Department of Computer Science, Sheffield University Regent Court, 211 Portobello Street, Sheffield,
More information1 Computational Problems
Stanford University CS254: Computational Complexity Handout 2 Luca Trevisan March 31, 2010 Last revised 4/29/2010 In this lecture we define NP, we state the P versus NP problem, we prove that its formulation
More informationCut-Set Bound and Dependence Balance Bound
Cut-Set Bound and Dependence Balance Bound Lei Xiao lxiao@nd.edu 1 Date: 4 October, 2006 Reading: Elements of information theory by Cover and Thomas [1, Section 14.10], and the paper by Hekstra and Willems
More informationTuring Machines. Chapter 17
Turing Machines Chapter 17 Languages and Machines SD D Context-Free Languages Regular Languages reg exps FSMs cfgs PDAs unrestricted grammars Turing Machines Grammars, SD Languages, and Turing Machines
More informationChoreographies and Behavioural Contracts on the Way to Dynamic Updates
Choreographies and Behavioural Contracts on the Way to Dynamic Updates Mario Bravetti Gianluigi Zavattaro University of Bologna, Italy / INRIA, France {mario.bravetti,gianluigi.zavattaro}@unibo.it We survey
More informationHomework. Turing Machines. Announcements. Plan for today. Now our picture looks like. Languages
Homework s TM Variants and the Universal TM Homework #6 returned Homework #7 due today Homework #8 (the LAST homework!) Page 262 -- Exercise 10 (build with JFLAP) Page 270 -- Exercise 2 Page 282 -- Exercise
More informationCompositional Synthesis with Parametric Reactive Controllers
Compositional Synthesis with Parametric Reactive Controllers Rajeev Alur University of Pennsylvania alur@seas.upenn.edu Salar Moarref University of Pennsylvania moarref@seas.upenn.edu Ufuk Topcu University
More informationSoftware Specification 2IX20
Software Specification 2IX20 Julien Schmaltz (with slides jointly with J. Tretmans, TNO&RUN) Lecture 11: Introduction to Model-Based Testing Context & Motivation Testing Testing: checking or measuring
More informationA Cut-Free Calculus for Second-Order Gödel Logic
Fuzzy Sets and Systems 00 (2014) 1 30 Fuzzy Sets and Systems A Cut-Free Calculus for Second-Order Gödel Logic Ori Lahav, Arnon Avron School of Computer Science, Tel Aviv University Abstract We prove that
More informationFinite State Machines. Languages g and Machines
Finite State Machines Chapter 5 Languages g and Machines Regular Languages g L Regular Language Regular Expression Accepts Finite State Machine Finite State Machines An FSM to accept $.50 in change: Definition
More informationFurther discussion of Turing machines
Further discussion of Turing machines In this lecture we will discuss various aspects of decidable and Turing-recognizable languages that were not mentioned in previous lectures. In particular, we will
More informationCSCE 471/871 Lecture 3: Markov Chains and
and and 1 / 26 sscott@cse.unl.edu 2 / 26 Outline and chains models (s) Formal definition Finding most probable state path (Viterbi algorithm) Forward and backward algorithms State sequence known State
More informationEnhancing Active Automata Learning by a User Log Based Metric
Master Thesis Computing Science Radboud University Enhancing Active Automata Learning by a User Log Based Metric Author Petra van den Bos First Supervisor prof. dr. Frits W. Vaandrager Second Supervisor
More informationEmbedded systems specification and design
Embedded systems specification and design David Kendall David Kendall Embedded systems specification and design 1 / 21 Introduction Finite state machines (FSM) FSMs and Labelled Transition Systems FSMs
More informationNotes for Lecture Notes 2
Stanford University CS254: Computational Complexity Notes 2 Luca Trevisan January 11, 2012 Notes for Lecture Notes 2 In this lecture we define NP, we state the P versus NP problem, we prove that its formulation
More informationRegister machines L2 18
Register machines L2 18 Algorithms, informally L2 19 No precise definition of algorithm at the time Hilbert posed the Entscheidungsproblem, just examples. Common features of the examples: finite description
More informationHybrid Systems Course Lyapunov stability
Hybrid Systems Course Lyapunov stability OUTLINE Focus: stability of an equilibrium point continuous systems decribed by ordinary differential equations (brief review) hybrid automata OUTLINE Focus: stability
More informationComplexity Classes in Membrane Computing
Complexity Classes in Membrane Computing Fernando Sancho Caparrini Research Group on Natural Computing Dpt. Computer Science and Artificial Intelligence University of Seville, Spain Goal Main Object of
More informationEquivalence of Regular Expressions and FSMs
Equivalence of Regular Expressions and FSMs Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Regular Language Recall that a language
More informationRelational Interfaces and Refinement Calculus for Compositional System Reasoning
Relational Interfaces and Refinement Calculus for Compositional System Reasoning Viorel Preoteasa Joint work with Stavros Tripakis and Iulia Dragomir 1 Overview Motivation General refinement Relational
More informationAutomata-Theoretic Model Checking of Reactive Systems
Automata-Theoretic Model Checking of Reactive Systems Radu Iosif Verimag/CNRS (Grenoble, France) Thanks to Tom Henzinger (IST, Austria), Barbara Jobstmann (CNRS, Grenoble) and Doron Peled (Bar-Ilan University,
More informationReal-Time Calculus. LS 12, TU Dortmund
Real-Time Calculus Prof. Dr. Jian-Jia Chen LS 12, TU Dortmund 09, Dec., 2014 Prof. Dr. Jian-Jia Chen (LS 12, TU Dortmund) 1 / 35 Arbitrary Deadlines The worst-case response time of τ i by only considering
More informationTuring Machines (TM) Deterministic Turing Machine (DTM) Nondeterministic Turing Machine (NDTM)
Turing Machines (TM) Deterministic Turing Machine (DTM) Nondeterministic Turing Machine (NDTM) 1 Deterministic Turing Machine (DTM).. B B 0 1 1 0 0 B B.. Finite Control Two-way, infinite tape, broken into
More informationAn On-the-fly Tableau Construction for a Real-Time Temporal Logic
#! & F $ F ' F " F % An On-the-fly Tableau Construction for a Real-Time Temporal Logic Marc Geilen and Dennis Dams Faculty of Electrical Engineering, Eindhoven University of Technology P.O.Box 513, 5600
More informationAdvanced Automata Theory 7 Automatic Functions
Advanced Automata Theory 7 Automatic Functions Frank Stephan Department of Computer Science Department of Mathematics National University of Singapore fstephan@comp.nus.edu.sg Advanced Automata Theory
More informationAn Active Learning Approach For Inferring Discrete Event Automata
An Active Learning Approach For Inferring Discrete Event Automata Mohammad Mahdi Karimi PhD. Candidate, ECE Supervisor: Dr Ali Karimoddini Summer 2015 1 Content 1. Discrete Event Systems Definitions Applications
More informationHeterogeneous mixture-of-experts for fusion of locally valid knowledge-based submodels
ESANN'29 proceedings, European Symposium on Artificial Neural Networks - Advances in Computational Intelligence and Learning. Bruges Belgium), 22-24 April 29, d-side publi., ISBN 2-9337-9-9. Heterogeneous
More informationCSCE 478/878 Lecture 9: Hidden. Markov. Models. Stephen Scott. Introduction. Outline. Markov. Chains. Hidden Markov Models. CSCE 478/878 Lecture 9:
Useful for modeling/making predictions on sequential data E.g., biological sequences, text, series of sounds/spoken words Will return to graphical models that are generative sscott@cse.unl.edu 1 / 27 2
More informationStephen Scott.
1 / 27 sscott@cse.unl.edu 2 / 27 Useful for modeling/making predictions on sequential data E.g., biological sequences, text, series of sounds/spoken words Will return to graphical models that are generative
More informationHybrid Systems - Lecture n. 3 Lyapunov stability
OUTLINE Focus: stability of equilibrium point Hybrid Systems - Lecture n. 3 Lyapunov stability Maria Prandini DEI - Politecnico di Milano E-mail: prandini@elet.polimi.it continuous systems decribed by
More information