Formal Conformance Testing 2006

Similar documents
TESTING is one of the most important parts of the

Testing Distributed Systems

Lecture 12: Core State Machines II

An object-oriented design process. Weather system description. Layered architecture. Process stages. System context and models of use

The State Explosion Problem

Formal Testing from Timed Finite State Machines

Design and Analysis of Distributed Interacting Systems

CSE 105 THEORY OF COMPUTATION

Simulation & Modeling Event-Oriented Simulations

Overview. 1 Lecture 1: Introduction. 2 Lecture 2: Message Sequence Charts. Joost-Pieter Katoen Theoretical Foundations of the UML 1/32

Interface Automata with Complex Actions - Extended Version

Theoretical Computer Science

Software Design, Modelling and Analysis in UML

A Simplified Approach for Testing Real-Time Systems Based on Action Refinement

ECS 120: Theory of Computation UC Davis Phillip Rogaway February 16, Midterm Exam

Embedded Systems 2. REVIEW: Actor models. A system is a function that accepts an input signal and yields an output signal.

Concurrent Models of Computation

State modeling. Marlon Dumas. Institute of Computer Science

Testing for Refinement in CSP

A General Testability Theory: Classes, properties, complexity, and testing reductions

Improved cellular models with parallel Cell-DEVS

arxiv: v1 [cs.dc] 26 Nov 2018

Formal Methods in Software Engineering

Discrete Dynamics Finite State Machines גרא וייס המחלקה למדעי המחשב אוניברסיטת בן-גוריון

UML modeling for INF5150

COMPUTER SCIENCE TRIPOS

Theory of Computation 1 Sets and Regular Expressions

EDA045F: Program Analysis LECTURE 10: TYPES 1. Christoph Reichenbach

Asynchronous Communication 2

MAD. Models & Algorithms for Distributed systems -- 2/5 -- download slides at

1 Introduction. 1.1 The Problem Domain. Self-Stablization UC Davis Earl Barr. Lecture 1 Introduction Winter 2007

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

CSE 311: Foundations of Computing. Lecture 26: Cardinality

Model Based Testing -- FSM based testing

Research Report 326 ISBN ISSN

CMP 309: Automata Theory, Computability and Formal Languages. Adapted from the work of Andrej Bogdanov

The STATEMATE Semantics of Statecharts. Presentation by: John Finn October 5, by David Harel

Process Algebras and Concurrent Systems

Our Problem. Model. Clock Synchronization. Global Predicate Detection and Event Ordering

Tree Automata and Rewriting

Solutions to Tutorial 8 (Week 9)

Software Specification 2IX20

Introduction to Computing II (ITI 1121) MIDTERM EXAMINATION

Object Modeling Approach! Object Modeling Approach!

Some. AWESOME Great Theoretical Ideas in Computer Science about Generating Functions Probability

Defining and validating the behavior of component interfaces in navigation software

Designing Information Devices and Systems I Spring 2018 Lecture Notes Note Introduction to Linear Algebra the EECS Way

Testing from a Finite State Machine: An introduction 1

Agile modeling for INF5150

EE 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2016

Go Tutorial. Ian Lance Taylor. Introduction. Why? Language. Go Tutorial. Ian Lance Taylor. GCC Summit, October 27, 2010

Multicore Semantics and Programming


Deterministic (DFA) There is a fixed number of states and we can only be in one state at a time

EE 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2014

Algebraic Trace Theory

Complex Systems Design & Distributed Calculus and Coordination

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

CMSC 330: Organization of Programming Languages

7. Queueing Systems. 8. Petri nets vs. State Automata

CCS: Syntax & Semantics (Final Version)

Lecture 11: Timed Automata

The equations of the ideal latches

Real-Time Systems. Lecture 10: Timed Automata Dr. Bernd Westphal. Albert-Ludwigs-Universität Freiburg, Germany main

CS 347 Parallel and Distributed Data Processing

ECS 120 Lesson 18 Decidable Problems, the Halting Problem

Designing Information Devices and Systems I Fall 2018 Lecture Notes Note Introduction to Linear Algebra the EECS Way

FIT100 Spring 01. Project 2. Astrological Toys

EE249 - Fall 2012 Lecture 18: Overview of Concrete Contract Theories. Alberto Sangiovanni-Vincentelli Pierluigi Nuzzo

Discrete Mathematics: Lectures 6 and 7 Sets, Relations, Functions and Counting Instructor: Arijit Bishnu Date: August 4 and 6, 2009

TRANSITION CONFLICTS DETECTION IN BINARY MODULAR STATECHART DIAGRAMS 1. Grzegorz Łabiak

Information System Design IT60105

Bounded Retransmission in Event-B CSP: a Case Study

A Brief Introduction to Model Checking

M. Smith. 6 September 2016 / GSAC

An Indian Journal FULL PAPER ABSTRACT KEYWORDS. Trade Science Inc.

Session-Based Queueing Systems

Embedded Systems 5. Synchronous Composition. Lee/Seshia Section 6.2

CS 361 Meeting 26 11/10/17

Sequence convergence, the weak T-axioms, and first countability

Undecidability. Andreas Klappenecker. [based on slides by Prof. Welch]

CSC236 Week 11. Larry Zhang

COMPUTER SCIENCE TRIPOS

Clocks in Asynchronous Systems

CIS 842: Specification and Verification of Reactive Systems. Lecture Specifications: Specification Patterns

Metrics for Data Uniformity of User Scenarios through User Interaction Diagrams

ISSP User Guide CY3207ISSP. Revision C

Introduction to Automata

Nondeterministic Finite Automata

Business Process Management

Chapter Five: Nondeterministic Finite Automata

Module 7. Software Engineering Issues. Version 2 EE IIT, Kharagpur 1

Synchronous Reactive Systems

Clarifications from last time. This Lecture. Last Lecture. CMSC 330: Organization of Programming Languages. Finite Automata.

Helsinki University of Technology Laboratory for Theoretical Computer Science Research Reports 66

Reliability of Technical Systems. Advanced Methods for Systems Modelling and Simulation I : Petri Nets

Using the Principles of Synchronous Languages in Discrete-event and Continuous-time Models

Basic System and Subsystem Structures in the Dataflow Algebra. A. J. Cowling

Computational Models #1

PDF hosted at the Radboud Repository of the Radboud University Nijmegen

Transcription:

Formal Conformance Testing 2006 Lecture 1 14th Sep 2006 Welcome! This is T-79.5304: Formal Conformance Testing Lectures from 10 to 12 am, no regular tutorials Cancellations and other notes at the web page (go to http://www.tcs.hut.fi/) 1

Lecturer Antti Huima = me Special teacher = not member of HUT staff Work: Managing Director at Conformiq Software Practical Matters Website contains all important information The news group can be used for discussion, but I will not follow it Lecture notes will be printed and distributed by the lecture note print service 2

Organization Lectured in Finnish All written material in English Examination material = lecture notes To pass the course you must pass the examination Testing Testing is the process of 1. interacting with a system, and 2. evaluating the results, in order to 3. determine if the system conforms to its specification In testing setup, the system is known as the system under test (SUT) 3

Interacting If you can t interact with a system, the system is uninteresting Interacting covers anything you can do with the system Conforms Interaction does not imply judgement Conformance = correspondence in form or appearance Conformance to a specification = works as specified Were the results of the interaction allowed by the specification? 4

Formal Formal = according to a form Here: testing is based on a mathematical, formalized foundation Not: testing based on a rigorous process where you need to fill lots of bureaucratic forms Also: formal methods based, but this is very vague Operational specification Specifies how a system should work Operational = describes behaviour, not e.g. usability scores Operational: after 3 s, system must respond with X Non-operational: users must like the stuff From now on just specification (assume operational) 5

FCT setup Specification Guides Defines correctness of Tester Interaction SUT Announces Verdict = test result Tester Tester has two functions: Interact = generate behaviour Give verdict = judge behaviour These two functions can be separated 6

Typical verdicts: Verdicts PASS = system behaved ok FAIL = system behaved badly ERROR = tester messed up (Often in the literature also inconclusive verdict we return to this later) Testing interface Tester Message traffic SUT Clock Testing interface 7

Testing interface All interaction happens through the testing interface Bidirectional message passing All transmissions have a time stamp Every event has a distinct time stamp (this simplifies the theory slightly) Directions Input input to the SUT output from the tester Output output from the SUT input to the tester SUT s viewpoint 8

Alphabets Σ in is the set of input messages Σ out is the set of out messages Σ is the union of the two Messages contain their direction Alphabet = traditional name for a set of potential messages Events Event = message + a time stamp Thus, event = (member of Σ) + (nonnegative real number) Formally, set of events is Σ [0, ) E.g. < hello world in, 1.4 s> 9

Traces A trace denotes an observation of events for a certain time Trace = a finite set of events with distinct time stamps + end time stamp E.g. <{< hello in, 0.5>}, 0.8> Graphical sketch First input Tester A SUT t=0.2 Second input First output B C t=0.9 t=1.2 Trace end t=2 <{<A,0.2>,<B,0.9>,<C,1.2>},2> 10

lecture 1 summary Testing = interact + judge Specification, tester, SUT Testing interface = point of interaction Trace = a finite series of events observed during a finite time span Practical Matters 28th September there is no lecture because I am in Berlin Probably also no lecture on 26th October Consider ordering the lectures notes if not ordered yet 11

Formal Conformance Testing 2006 Lecture 2 14th Sep 2006 Review of previous lecture Testing = interact + judge Specification, tester, SUT Testing interface = point of interaction Trace = a finite series of events observed during a finite time span 12

Process notation We need a notation for computational processes, i.e. a programming language to describe implementations = SUTs operational specifications as reference implementations full testers testing strategies = interaction strategies Requirements Support data, time, concurrency Familiar Compact Executable 13

The choice UML statecharts and Java We have formal conformance testing tools for this choice, which is good Zero-time execution principle We assume that all UML/Java execution consumes zero time The only exception are timeouts and explicit waiting for asynchronous communications 14

UML UML = Unified Modeling Language Standardized by OMG (Object Management Group) Current major version is UML 2 UML State Charts Most common state chart components: States Transitions Initial and final states 15

Statechart Example State1 after(timeout) trigger trigger [condition] / action State2 Statechart Example Initial state This is where an object instance s life begins. State1 after(timeout) trigger trigger [condition] / action State2 16

Statechart Example State State represents a control state. The object instance can stay in a state waiting for an event. (This is not true of initial and final states). State1 after(timeout) trigger trigger [condition] / action State2 Statechart Example Final state When an instance reaches its final state it finishes its behavior and dies. State1 after(timeout) trigger trigger [condition] / action State2 17

Statechart Example Transitions Transitions can be fired then the instance is in the source state. Then the instance moves to the destination state. State1 after(timeout) trigger trigger [condition] / action State2 Statechart Example Spontaneous transition Spontaneous transition is a transition without any trigger. It is fired spontaneously when the instance has arrived in the source state. State1 after(timeout) trigger trigger [condition] / action State2 18

Statechart Example Trigger A transition with a trigger is fired when the trigger happens and the instance is in the source state. Typically trigger is message reception. State1 after(timeout) trigger trigger [condition] / action State2 Statechart Example Condition A transition that has a condition is fired only if the condition evaluates to true. State1 after(timeout) trigger trigger [condition] / action State2 19

Statechart Example Action A transition can have an action. It is code that is run when the transition is fired. In our case we write actions (and conditions) in Java. State1 after(timeout) trigger trigger [condition] / action State2 Example system { Inbound userin : UserInput; Inbound netin : SIPResp, SIPReq; Outbound netout : SIPResp, SIPReq; } class SIPClient extends StateMachine { public int timeout = 1; public String dst = "sip:192.168.0.1"; } record UserInput { public String input1; } record SIPResp { public int status; } record SIPReq { public String op; public String param; } void main() { a = new SIPClient(); t = new Thread(a); t.start(); } 20

Formal Conformance Testing 2006 Lecture 5 5th Oct 2006 21

Course this far 1 2 Introduction General concepts Traces Java + UML FCT setup (replay) Specification Guides Defines correctness of Tester Interaction SUT Announces Verdict = test result 22

Testing interface (replay) Tester Message traffic SUT Testing interface Clock A trace (replay) First input Tester A SUT t=0.2 Second input First output B C t=0.9 t=1.2 Trace end t=2 <{<A,0.2>,<B,0.9>,<C,1.2>},2> 23

Traces Traces denote finitely long observations on the testing interface A trace contains a finite number of events and an end time stamp Traces are the lingua franca for discussing behaviours Traces Alphabet Event Trace Trace prefix Empty trace Trace extension Snapshot Difference time 24

Alphabets Σ in is the set of input messages Σ out is the set of out messages Σ is the union of the two Messages contain their direction Alphabet = traditional name for a set of potential messages Events Event = message + a time stamp Thus, event = (member of Σ) + (nonnegative real number) Formally, set of events is Σ [0, ) E.g. < hello world in, 1.4 s> 25

Traces A trace denotes an observation of events for a certain time Trace = a finite set of events with distinct time stamps + end time stamp E.g. <{< hello in, 0.5>}, 0.8> Graphical sketch First input Tester A SUT t=0.2 Second input First output B C t=0.9 t=1.2 Trace end t=2 <{<A,0.2>,<B,0.9>,<C,1.2>},2> 26

Prefixes A trace is a prefix of another if the first trace can be extended in time to become the second one Let T and T be traces T=<E,t> is a prefix of T =<E,t > (write T T ) if t t and E = { <α, κ> <α, κ> E κ< t } Prefix sketch Tester SUT Tester SUT A t=0.2 A t=0.2 B C t=0.9 t=1.2 B t=0.9 t=1.05 t=2 27

Empty trace <,0> is the empty trace, denoted by ε The empty trace is a prefix of every other trace Empty trace has no information content Extensions A trace T is an extension of trace T if the trace T is a prefix of trace T Thus, being extension = reverse of being prefix 28

Prefix set Pfx(T) is the set of all prefixes of T Pfx(T) = { T T T } Note: If T T then Pfx(T) Pfx(T ) Snapshot Denote Σ τ = Σ {τ} Here τ is an object that does not belong to set Σ Let T = <E,t> Assume κ < t Denote by T κ the event at time κ, or τ if no event at trace T has time stamp κ 29

Snapshot example Suppose T = <{<A,1>}, 2> T 1 = A T 1.5 = τ T 2 is not defined T 3 is not defined Difference time Suppose T and T are traces such that T is not a prefix T and T is not a prefix of T T and T are hence not equal Define (T,T ) = min t* : T t* T t* 30

Difference time sketch Tester SUT Tester SUT A t=0.2 A t=0.2 B C t=0.9 t=1.2 Q C t=0.7 t=1.2 t=2 t=2 Specifications Set of specifications Set of valid traces Prefix-completeness Seriality 31

Set of specification S is a countable set of specifications Could be e.g. Set of syntactically correct UML state charts Set of valid English documents Structure not relevant Assume exists Valid traces Every specification denotes a set of traces: the set of valid traces If S is a specification, Tr(S) is the set of valid traces for S Tr(S) must contain ε Tr(S) must be prefix-complete Tr(S) must be serial 32

Specifications Specifications Traces Prefix-completeness A set X of traces is prefix-complete if the following holds: If T X and T T then also T X If a trace belongs to a prefixcomplete set, then also all its prefixes belong to the set Why Tr(S) must be prefix-complete? 33

Motivation for prefixcompleteness Tr(S) denotes a set of acceptable behaviours Assume T is an acceptable behaviour Can you imagine a case where T, a prefix of T, would be not acceptable? Testing of Concurrent Systems 2004 Lecture 6 5th Oct 2004 34

Seriality A set X of traces is serial if for every <E, t> X and for every δ > 0 this holds: There exists <E, t+δ> X such that <E, t> <E, t+δ> Every trace of X has at least one arbitrarily long extension in X Seriality sketch t 35

Motivation for seriality Suppose non-serial Tr(S) There exists a valid trace T without an extension Let T T such that every far enough extension of T contains T Is the behaviour T acceptable? Why? And why not? Implementations We assume there exists a countable set of implementations, denoted by I Could be e.g. Set of all valid JAVA programs Set of all valid C programs Set of all functioning digital circuits 36

Failure model Failure model links a specification to its potential implementations A failure model is a function µ: S (I [0,1]) For every s S, it holds that i µ(s)[i] = 1 Hence µ(s) is a discrete probability distribution over implementations Use of failure models Failure model is a hypothesis about implementations and their potential defects Example: Boundary Value Pattern and the related failure model 37

Testing strategies A testing strategy is a strategy on how to interact with an implementation Let S denote the set of all testing strategies What happens when a testing strategy is executed against an implementation? Execution Testing strategy + implementation yields a sequence of traces T 1, T 2, T 3, Here T 1 T 2 T 3 These correspond to test steps Many different trace sequences are possible How do we formalize this? 38

Semantic function ξ Maps implementation, testing strategy and system state to extensions of the currently observed trace Actually to a probability distribution of extensions System state = trace observed this far ξ function properties Gives a probability distribution Test steps are proper trace extensions Progressivity (non-zenoness) Test steps are disjoint 39

Signature Let T denote the set of all traces The signature is ξ : I x S x T (T [0, 1]) Execution Implementation ξ : I x S x T (T [0, 1]) Testing strategy ξ Trace Probability distribution on 40

Gives probability distribution For all i, s and T, it must hold that T ξ(i,s,t)[t ] = 1 Gives probability distribution For all i, s and T, it must hold that T ξ(i,s,t)[t ] = 1 A B C p=0.6 p=0.4 D 0 1 2 3 4 5 41

Test steps = proper trace extensions For all i, s, T and T it must hold that ξ(i,s,t)[t ] > 0 T T Hence: every test step consumes time Test steps = proper trace extensions For all i, s, T and T it must hold that ξ(i,s,t)[t ] > 0 T T Hence: every test step consumes time A B C p=0.6 p=0.4 0 1 2 3 42

Test step disjointness For any i, s, T, and T 1 and T 2 it must hold that if T 1 T 2 and ξ(i, s, T)[T 1 ] > 0 and ξ(i, s, T)[T 2 ] > 0, then T 1 T 2, and T 2 T 1 A technical convenience Execution sketch C p=0.6 D A B p=0.4 0 1 2 3 4 5 43

Progressivity There does not exist an infinite sequence T 1, T 2, T 3, and a constant K Rsuch that ξ(i, s, T i )[T i+1 ] > 0 for all i, but such that for all T i = <E i, t i > it holds that t i < K. Non-progressivity sketch t = 1.875 t = 1.75 t=1.5 t=1 Infinitely many test steps before time t=2 0 1 2 3 4 5 44

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback