PLEASE DO NOT REMOVE THIS PAGE

Similar documents
A Cost-driven Approach for Metamorphic Testing

State-Space Exploration. Stavros Tripakis University of California, Berkeley

Software Verification using Predicate Abstraction and Iterative Refinement: Part 1

How Effectively does Metamorphic Testing Alleviate the Oracle Problem?

Model Checking: An Introduction

Model checking the basic modalities of CTL with Description Logic

Formal Verification Techniques. Riccardo Sisto, Politecnico di Torino

Model Checking. Boris Feigin March 9, University College London

Compositional Reasoning

Double Header. Model Checking. Model Checking. Overarching Plan. Take-Home Message. Spoiler Space. Topic: (Generic) Model Checking

Lecture 2: Symbolic Model Checking With SAT

Automata-based Verification - III

Formal Verification of Mobile Network Protocols

Abstractions and Decision Procedures for Effective Software Model Checking

The State Explosion Problem

Automata-based Verification - III

Bounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39

Requirements Validation. Content. What the standards say (*) ?? Validation, Verification, Accreditation!! Correctness and completeness

A Brief Introduction to Model Checking

Using Machine Learning Techniques to Detect Metamorphic Relations for Programs without Test Oracles

Property Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms

SBMC : Symmetric Bounded Model Checking

New Complexity Results for Some Linear Counting Problems Using Minimal Solutions to Linear Diophantine Equations

Metamorphic Testing: A Literature Review

Linear Temporal Logic and Büchi Automata

Finite-State Model Checking

Algorithmic verification

Helsinki University of Technology Laboratory for Theoretical Computer Science Research Reports 66

Symbolic Trajectory Evaluation (STE): Orna Grumberg Technion, Israel

Counterexample-Guided Abstraction Refinement

Revising Specifications with CTL Properties using Bounded Model Checking

GROEBNER BASES COMPUTATION IN BOOLEAN RINGS

Fault-Based Testing Without the Need of Oracles

State Explosion in Almost-Sure Probabilistic Reachability

Boolean decision diagrams and SAT-based representations

Timed Test Generation Based on Timed Temporal Logic

Models for Efficient Timed Verification

Model Checking. Temporal Logic. Fifth International Symposium in Programming, volume. of concurrent systems in CESAR. In Proceedings of the

Reducing CTL-live Model Checking to Semantic Entailment in First-Order Logic (Version 1)

Model Checking, Theorem Proving, and Abstract Interpretation: The Convergence of Formal Verification Technologies

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Automata-Theoretic Model Checking of Reactive Systems

Verification Using Temporal Logic

Alan Bundy. Automated Reasoning LTL Model Checking

3-Valued Abstraction-Refinement

Introduction. Pedro Cabalar. Department of Computer Science University of Corunna, SPAIN 2013/2014

Ranking Verification Counterexamples: An Invariant guided approach

Reasoning about Strategies: From module checking to strategy logic

Parameter Synthesis for Timed Kripke Structures

Adaptive Model Checking

Postprint.

MODEL CHECKING. Arie Gurfinkel

ESE601: Hybrid Systems. Introduction to verification

Automata, Logic and Games: Theory and Application

Lecture Notes on Emptiness Checking, LTL Büchi Automata

IMITATOR: A Tool for Synthesizing Constraints on Timing Bounds of Timed Automata

Undergraduate work. Symbolic Model Checking Using Additive Decomposition by. Himanshu Jain. Joint work with Supratik Chakraborty

A brief history of model checking. Ken McMillan Cadence Berkeley Labs

Model for reactive systems/software

Model Checking with CTL. Presented by Jason Simas

Applications of Craig Interpolants in Model Checking

Semantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr

Complete Model-based Testing in Practise

r. Matthias Bretschneider amburg - Dept. Safety Fehleranalyse mit Hilfe von Model Checkern

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

PSPACE-completeness of LTL/CTL model checking

Representing Temporal System Properties Specified with CCTL formulas using Finite Automaton

Completeness and Complexity of Bounded Model Checking

Learning Abstractions for Model Checking

Assume-guarantee Cooperative Satisfaction of Multi-agent Systems

Abstraction in Program Analysis & Model Checking. Abstraction in Model Checking. Motivations & Results

Model Checking Games for a Fair Branching-Time Temporal Epistemic Logic

Computer Aided Verification

Temporal Logic Model Checking

Computation Tree Logic (CTL) & Basic Model Checking Algorithms

SAT-Based Explicit LTL Reasoning

Introduction to Model Checking. Debdeep Mukhopadhyay IIT Madras

Evolving Human Competitive Research Spectra-Based Note Fault Localisation Techniques

A Markov Reward Model for Software Reliability

Introduction. Büchi Automata and Model Checking. Outline. Büchi Automata. The simplest computation model for infinite behaviors is the

Nested Interpolants. Matthias Heizmann Jochen Hoenicke Andreas Podelski POPL University of Freiburg, Germany

A Compositional Approach to Bisimulation of Arenas of Finite State Machines

Bounded LTL Model Checking with Stable Models

Correcting a Space-Efficient Simulation Algorithm

Linear Classification: Perceptron

Model Repair in Systems Design. Panagiotis Katsaros Aristotle University of Thessaloniki (GR)

Learning k-edge Deterministic Finite Automata in the Framework of Active Learning

Compositional Verification of Probabilistic Systems using Learning

Software Verification with Abstraction-Based Methods

Software Verification

Testing with model checkers: A survey

Computation Tree Logic (CTL)

Automated Compositional Analysis for Checking Component Substitutability

Lecture Notes on Software Model Checking

Results on stability of linear systems with time varying delay

Relative Completeness of Abstraction Refinement for Software Model Checking

IC3 and Beyond: Incremental, Inductive Verification

Business Process Verification with Constraint Temporal Answer Set Programming

ParaGraphE: A Library for Parallel Knowledge Graph Embedding

Part I. Principles and Techniques

Transcription:

Thank you for downloading this document from the RMIT ResearchR Repository Citation: Liu, H, Wang, D, Huimin, L and Chen, T 2009, 'On the integration of metamorphic testing and model checking', in Hans Weghorn and Pedro T. Isaias (ed.) Proceedings of the International Association for Development of the Information Society (IADIS) International Conference on Applied Computing (IADIS AC 2009), Rome, Italy, 19-21 November 2009, pp. 299-302 See this record in the RMIT Research Repository at: https://researchbank.rmit.edu.au/view/rmit:20951 Version: Published Version Copyright Statement: 2009 IADIS Link to Published Version: http://www.iadisportal.org/digital-library/on-the-integration-of-metamorphic-... PLEASE DO NOT REMOVE THIS PAGE

IADIS International Conference Applied Computing 2009 ON THE INTEGRATION OF METAMORPHIC TESTING AND MODEL CHECKING Huai Liu 1, Daoming Wang 2, Huimin Lin 2, Tsong Yueh Chen 1 1 Centre for Software Analysis and Testing, Swinburne University of Technology, Australia 2 Institute of Software, Chinese Academy of Sciences, China ABSTRACT Metamorphic testing, an innovative software testing technique, generates test cases based on domain specific properties. Model checking is a technique that verifies software designs against system properties. Motivated by the fact that both techniques are based on some properties of software under development, we investigate how to integrate metamorphic testing and model checking. This paper will introduce and discuss some potential topics on this new research direction. 1. INTRODUCTION In many software testing techniques, a set of program inputs are selected as test cases according to some criteria. The software under test is then run against these test cases. Testers verify the program outputs (namely, the testing results) based on a mechanism called oracle. However, in practice, there may exist a problem called oracle problem where (i) there does not exist an oracle or (ii) it is theoretically possible, but practically too difficult to determine the correct output (Chen et al., 2003). Recently a new software testing technique, namely metamorphic testing (Chen et al., 1998; Gotlieb and Botella, 2003), has been proposed to alleviate the oracle problem. In metamorphic testing, some properties are first identified from the software under test. Then, metamorphic testing generates test cases based on these properties. In addition, the testing results are verified against these properties, not the oracle. Metamorphic testing technique has been widely used in various areas of software engineering (Chen et al., 2003, 2009a, 2009b; Murphy et al., 2008). Model checking (Clarke et al., 1999) is an automatic technique to check if a finite state system satisfies its specifications which are expressed as temporal formulas. In model checking, a software design is checked against a set of properties specified by such formulas. When the design violates a property, a counterexample will be generated to point out the source of the error. This feature makes model checking practically useful. Although metamorphic testing and model checking deal with different problems in different areas, they are both based on some properties of the system under test. In this paper, we are motivated to look at whether these two innovative techniques can be integrated, aiming at improving the effectiveness of software verification and testing. This paper is organized as follows. In Sections 2 and 3, we briefly introduce metamorphic testing and model checking, respectively. In Section 4, we propose some potential research topics about the integration of metamorphic testing and model checking. In Section 5, we conclude this paper. 2. METAMORPHIC TESTING In metamorphic testing, the program developers, testers, and/or end-users first identify some properties of the software under test. Some relations called metamorphic relations can then be constructed based on these properties. Source test cases are generated by some traditional test case selection techniques. Follow-up test cases are then constructed based on source test cases and metamorphic relations. The software under test is executed with all test cases as the program inputs. The outputs of the source and follow-up test cases are compared according to the metamorphic relations. If testing results do not satisfy a metamorphic relation, a failure is said to be detected. The basic process of metamorphic testing is shown in Figure 1. Corresponding author. 299

ISBN: 978-972-8924-97-3 2009 IADIS Since the proposal of metamorphic testing, it has been successfully applied to alleviate the oracle problem in testing various software products. For example, Murphy et al. (2008) have proposed some metamorphic relations that can be used for testing machine learning applications. Chen et al. (2009) detected a real-life bug in a bioinformatics program using metamorphic testing technique. In addition, metamorphic testing is also applicable to improve other software testing techniques (Chen et al., 2003; Chen et al., 2009b). Figure 1. The process of metamorphic testing Figure 2. The process of model checking 3. MODEL CHECKING Model checking is an automatic technique for verifying finite state concurrent systems. Figure 2 shows the basic process of model checking. Model checking mainly consists of three tasks. The first task is to convert a design into a formalism accepted by a model checker. Kripke structure (Clarke et al., 1999) is normally used to model the system. A Kripke structure is a type of state transition graph that consists of a set of states, a set of transitions between states, and a labeling function assigning atomic propositions to states. The second task is to state the properties that the system must satisfy. These properties are usually expressed using formulas of temporal logics (Emerson, 1990). Several temporal logics have been proposed to be used in model checking, such as linear temporal logic and computation tree logic. These logics provide different operators to express temporal properties, and vary in their expressive power. The last task is to verify the design against the properties. If the constructed Kripke structure satisfies the specifications, the model checker terminates with a yes answer, which implies that the design is guaranteed free of error with respect to the property. Otherwise, the model checker terminates with a no answer and provides a counterexample, a sequence of states that demonstrates where the design violates the expected property. This will help developers find the error in the system design. Many model checking algorithms (Gerth et al., 1995) have been proposed. When the system being verified has many concurrent parts or data variables, model checking suffers from the state explosion problem. Although techniques such as symbolic representation, abstraction, and partial order reduction have been developed to alleviate this problem (Clarke et al., 1999), it is still one of the most challenging problems in model checking research. Another technique called bounded model checking was introduced by Biere et al. (1999). Bounded model checking is particularly suitable for certain kinds of infinite state systems such as software systems. 4. INTEGRATING METAMORPHIC TESTING AND MODEL CHECKING Some researchers have investigated how to combine model checking with some traditional software testing techniques (Peled et al., 1999; Groce et al., 2002). In this section, we attempt to highlight several potential research topics on how to integrate metamorphic testing and model checking, as listed in the following. Such integration is inspired by the fact that both metamorphic testing and model checking are conducted based on some properties of the system under test, as shown in Sections 2 and 3. Selection of system properties. 300

IADIS International Conference Applied Computing 2009 In model checking, the system design is checked against some properties, which serve as the system specifications. In metamorphic testing, many properties are also derived from the system specifications, but these properties are identified specifically to examine whether the software under test is correct from certain perspectives, especially from the end-user s perspective. Metamorphic testing involves a lot of user domain knowledge, so the properties identified in metamorphic testing are very useful to ensure that the software under test can be correctly executed by end-users. Research (Chen et al., 2004; Mayer and Guderlei, 2006) has been conducted to develop some approaches to selecting effective metamorphic relations. It is worthwhile to see whether such approaches could be successfully applied in model checking. Enhancement of the effectiveness of detecting couterexamples. Counterexample generation is an important and useful feature of model checking, as counterexamples provide precise information for error fixing. Some researchers even used counterexamples to generate test cases (Beyer et al., 2004). Basically, model checker searches the state space of the Kripke structure to check if the structure satisfies its specifications. In case that it does not satisfy the specifications, a counterexample, usually in the form of a sequence of states, will be output to pinpoint the source of the error. Previous work (Chen et al., 1998) has shown that metamorphic testing can provide information about the constraints of the inputs that effectively reveal failures. Such information is very useful for debugging. It is thus natural to investigate the relationship between these failure-revealing constraints in metamorphic testing and the counterexamples in model checking. As shown in Figure 3, we propose to apply metamorphic relations into the selection of state sequences for checking. If the metamorphic relations are effective in revealing failure, it is intuitive that the resultant sequences of states will have a high chance to become a counterexample. Figure 3. Enhancing the effectiveness of detecting counterexamples. Figure 4. Integration of model-based testing and metamorphic testing Integration of model-based testing and metamorphic testing. Model-based testing (Pretschner, 2005; Utting and Legeard, 2007) is a software testing technique that generates test cases based on the model of the software under test. Various algorithms (Wu and Lin, 2006; Satpathy and Ramesh, 2007) have been proposed to derive test cases from a model. Model checking can also be used to guide the model-based test case generation. Since different test cases may have different failuredetection effectiveness, how to select good test cases is an important research topic for model-based testing. Since there are some successful investigations (Chen et al., 2004; Mayer and Guderlei, 2006) into selection of metamorphic relationship that could generate follow-up test cases which are more likely to reveal failures, it is intuitive to investigate how these results could be applied in the selection of good test cases for modelbased testing. Figure 4 gives a diagram to integrate metamorphic testing and model-based testing, where some metamorphic relations are used to help select model-based test cases. Combination of partial order reduction and properties in metamorphic testing. Partial order reduction (Peled, 1996) is a technique to reduce the size of the state space that is searched by a model checker. Briefly speaking, this technique will provide the model checker a reduced state graph instead of the original full state graph, and such a reduced state graph will present a sufficient number of behaviours such that the model checker still provides right answers (Clarke et al., 1999). Apparently, the reduced state graph is a subset of the full state graph. The properties identified by metamorphic testing are also a subset of the system specifications. It is interesting to study whether the technique of deriving a subset 301

ISBN: 978-972-8924-97-3 2009 IADIS (that is, the system properties) of specifications in metamorphic testing can be used to improve the technique of constructing a subset (that is, the reduced state graph) of the whole state space in partial order reduction. 5. CONCLUSION Metamorphic testing and model checking are two innovative techniques for software testing and verification. Since both techniques are conducted based on some properties of the system under test, it is intuitive to consider the integration of these two innovative techniques to improve the effectiveness of software testing and verification. A few potential topics were proposed in this paper, and we believe that they are all promising and worthwhile to be investigated. ACKNOWLEDGEMENT This project is supported by the Australian Research Council and a National Natural Science Foundation of China grant (No. 60721061). REFERENCES Beyer, D., Chlipala, A. J., Henzinger, T. A., Jhala, R., Majumdar, R., 2004. Generating tests from counterexamples. Proceedings of ICSE2004, pp. 326-335. Biere, A., Cimatti, A., Clarke, E. M., Zhu, Y., 1999. Symbolic model checking without BDDs. Proceedings of TACAS1999, pp. 193-207. Chen, T. Y., Cheung, S. C., Yiu, S. M., 1998. Metamorphic testing: a new approach for generating next test cases. Tech. Rep. HKUST-CS98-01, Department of Computer Science, Hong Kong University of Science and Technology. Chen, T. Y., Ho, J. W. K., Liu, H., Xie, X., 2009a. An innovative approach for testing bioinformatics programs using metamorphic testing. BMC Bioinformatics, Vol. 10, Article 24. Chen, T. Y., Huang, D. H., Tse, T. H., Zhou, Z. Q., 2004. Case studies on the selection of useful relations in metamorphic testing. Proceedings of JIISIC2004, pp. 569-583. Chen, T. Y., Tse, T. H., Zhou, Z. Q., 2003. Fault-based testing without the need of oracles. Inform. Softw. Tech., Vol. 45, No. 1, pp. 1-9. Chen, T. Y., Tse, T. H., Zhou, Z. Q., 2009b. Semi-Proving: An Integrated Method for Program Proving, Testing, and Debugging. Accepted to appear in IEEE T. Softw. Eng. Clarke, E. M., Grumberg, O., Peled, D. A., 1999. Model Checking. The MIT Press. Emerson, E. A., 1990. Temporal and modal logic. In: Handbook of Theoretical Computer Science. The MIT Press. Gerth, R., Peled, D., Vardi, M. Y., Wolper, P., 1995. Simple on-the-fly automatic verification of linear temporal logic. Proceedings of PSTV1995, pp. 3-18. Gotlieb, A., Botella, B., 2003. Automated metamorphic testing. Proceedings of COMPSAC 2003, pp. 34-40. Groce, A., Peled, D., Yannakakis, M., 2002. Adaptive model checking. Proceedings of TACAS 2002, pp. 357 370. Mayer, J., Guderlei, R., 2006. An empirical study on the selection of good metamorphic relations. Proceedings of COMPSAC2006, pp. 475-484. Murphy, C., Kaiser, G. E., Hu, L., Wu, L., 2008. Properties of machine learning applications for use in metamorphic testing. Proceedings of SEKE2008, pp. 867-872. Peled, D., 1996. Combining partial order reductions with on-the-fly model checking. Formal Methods in System Design, Vol. 8, No. 1, pp. 39-64. Peled, D., Vardi, M. Y., Yannakakis, M., 1999. Black box checking. Proceedings of FORTE/PSTV1999, pp. 225-240. Pretschner, A., 2005. Model-based testing. Proceedings of ICSE 2005, pp. 722-723. Satpathy, M., Ramesh, S., 2007. Test case generation from formal models through abstraction refinement and model checking. Proceedings of A-MOST2007, pp. 85-94. Utting, M., Legeard, B., 2007. Practical Model-Based Testing: a Tools Approach. Morgan Kaufmann. Wu, P., Lin, H., 2006. Model-based testing of concurrent programs with predicate sequencing constraints. International Int. J. Softw. Eng. Know., Vol. 16, No. 5, pp. 727-746. 302

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback