Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Jan Tretmans University of Nijmegen © Jan Tretmans University of Nijmegen Model Based Testing Property Checking for Real.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Jan Tretmans University of Nijmegen © Jan Tretmans University of Nijmegen Model Based Testing Property Checking for Real."— Presentation transcript:

1 1 Jan Tretmans University of Nijmegen tretmans@cs.kun.nl © Jan Tretmans University of Nijmegen Model Based Testing Property Checking for Real

2 © Jan Tretmans University of Nijmegen 2 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

3 © Jan Tretmans University of Nijmegen 3 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

4 © Jan Tretmans University of Nijmegen 4 Testing Testing: to check the quality of an object by performing experiments in a controlled way w.r.t. a specification Software Testing : testing the quality of a software product mn n+m tester IUT

5 © Jan Tretmans University of Nijmegen 5 Paradox of Software Testing Testing is:  important  much practiced  30% - 50% of project effort  expensive  time critical  not constructive (but sadistic?) But also:  ad-hoc, manual, error-prone  hardly theory / research  no attention in curricula  not cool : “if you’re a bad programmer you might be a tester” Attitude is changing:  more awareness  more professional Improvements possible with formal methods ! ?

6 © Jan Tretmans University of Nijmegen 6 Types of Testing unit integration system performance robustness functional behaviour white boxblack box Level of detail Accessibility Characteristics usability reliability module stress

7 © Jan Tretmans University of Nijmegen 7 Testing IUT specification property IUT correct w.r.t. specification tester pass fail test cases scenarios

8 © Jan Tretmans University of Nijmegen 8 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

9 © Jan Tretmans University of Nijmegen 9 Formal methods:  proving properties  research  sound theories  “clean” Testing :  trial & error  practice  heuristics  “dirty hands” Testing & Formal Methods A Perfect Couple ? “Testing is not necessary after formal verification” “Testing can only detect the presence of errors, not their absence” “Formal methods are toys for boys” “Formal methods are only for toy problems"

10 © Jan Tretmans University of Nijmegen 10 Formal Testing Why testing with a formal specification:  improves the testing process  precise and unambiguous basis for testing  allows automatic generation of tests Why no formal verification (theorem proving, model checking, …) :  code/structure of system not accessible (black-box)  system too complex  verification only on model of implementation  prove evidence to customer/user  no formalization possible

11 © Jan Tretmans University of Nijmegen 11 Development Process informal requirements specification realization design code formalizable

12 © Jan Tretmans University of Nijmegen 12 Goal: Testing functional behaviour of black-box implementation with respect to specification in formal language based on formal definition of conformance Specification Based Functional Testing with Formal Methods implementation under test formal testing Model assumed to be correct specification s

13 © Jan Tretmans University of Nijmegen 13 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

14 © Jan Tretmans University of Nijmegen 14 test execution pass / fail Formal Testing test generation test suite T S specification S implementatio n i correctness criterion implementation relation i passes T s i ioco s     soundexhaustive

15 © Jan Tretmans University of Nijmegen 15 Formal Testing : Conformance s  SPECS Specification IUT Implementation under Test IUT is concrete, physical object Model the physical world But IUT is black box ! ? Assume that model i IUT exists specification S implementatio n IUT correctness criterion IUT correct wrt s

16 © Jan Tretmans University of Nijmegen 16 Formal Testing : Test Hypothesis Test hypothesis :  IUT  IMPS.  i IUT  MODS.  t  TESTS. obs ( t, IUT ) = obs ( t, i IUT ) IUT i IUT test t

17 © Jan Tretmans University of Nijmegen 17 Formal Testing : Conformance specification S implementatio n i IUT formal correctness criterion i IUT imp s s  SPECSSpecification i IUT  MODSmodel of IUT Test hypothesis : each concrete IUT can be modelled by some i IUT  MODS Correctness : i IUT imp s i IUT is not known ; testing to learn about i IUT

18 © Jan Tretmans University of Nijmegen 18 Completeness exhaustive   sound  Completeness of test suite T s on models:  i  MODS.  t  T s. obs ( t, i ) = pass i imp s

19 © Jan Tretmans University of Nijmegen 19 Testing for Conformance IUT passes T s  def  t  T s. IUT passes t IUT passes t  def obs ( t, IUT ) = pass Test hypothesis :  t  TESTS. obs ( t, IUT ) = obs ( t, i IUT ) Proof obligation :  i  MODS. (  t  T s. obs ( t, i ) = pass )  i imp s IUT passes T s  IUT correct wrt s ? Definition : IUT correct wrt s IUT correct wrt s i IUT imp s   t  T s. obs ( t, i IUT )= pass   t  T s. obs ( t, IUT )= pass   t  T s. IUT passes t  IUT passes T s 

20 © Jan Tretmans University of Nijmegen 20 Formal Testing exec : TESTS  IMPS   (OBS) der : SPECS   (TESTS) T s  TESTS s  SPECS IUT  IMPS imp i IUT  MODS obs : TESTS  MODS   (OBS) Proof soundness and exhaustivess:  i  MODS.  t  T s. obs(t,i) = pass  i imp s Test hypothesis :  IUT  IMPS.  i IUT  MODS.  t  TESTS. obs(t, IUT ) = obs(t,i IUT ) pass / fail Then: IUT is correct iff it passes the test

21 © Jan Tretmans University of Nijmegen 21 Approaches to Formal Testing Instantiations of Formal Framework  Programs as functions (pre/post-conditions)  Finite State Machine / methods with state  Labelled Transition Systems  Abstract Data Type testing

22 © Jan Tretmans University of Nijmegen 22 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

23 © Jan Tretmans University of Nijmegen 23 Simple Input/Output Programs  Specification: s  X  Y  Test hypothesis: implementation i :: X  Y  Tests: T  X  Passing a test t  T : ( t, i(t) )  s  Tools: QuickCheck, G  ST  Problem/challenge: select "good" subset T  X: classical techniques: equivalence partitioning, boundary analysis, …… IUT x: Xy: Y

24 © Jan Tretmans University of Nijmegen 24 Input/Output Program: Example  Specification: propSqrt(x,y) = x  0  |y  y - x|  0.00001  Possible test set: T = { 0, 0.00232, 1, 1.87392, 2738894 }  Tools like QuickCheck, G  ST easily generate thousands of test cases  But still: what is a "good" set ? IUT i(x) =  x x: real pre: x  0 y: real post: |y  y - x|  0.00001

25 © Jan Tretmans University of Nijmegen 25 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

26 © Jan Tretmans University of Nijmegen 26 Formal Testing with Transition Systems exec : TESTS  IMPS   (OBS) der : LTS   (TTS) T s  TTS s  LTS IUT  IMPS ioco i IUT  IOTS obs : TTS  IOTS   (traces) Proof soundness and exhaustivess:  i  IOTS. (  t  der(s). t (obs(t,i)) = pass )  i ioco s Test hypothesis :  IUT  IMPS.  i IUT  IOTS.  t  TTS. exec(t, IUT ) = obs(t,i IUT ) pass / fail

27 © Jan Tretmans University of Nijmegen 27 Labelled Transition Systems Labelled Transition System  S, L, T, s 0  ?coin ?button !alarm ?button !coffee states actions transitions T  S  (L  {  })  S initial state s 0  S

28 © Jan Tretmans University of Nijmegen 28 i ioco s = def   Straces (s) : out (i after  )  out (s after  ) Implementation Relation ioco Correctness expressed by implementation relation ioco: p  p=  !x  L U  {  }. p !x out ( P )= { !x  L U | p !x, p  P }  {  | p  p, p  P } Straces ( s )= {   (L  {  })* | s  } p after  = { p’ | p  p’ }

29 © Jan Tretmans University of Nijmegen 29 i ioco s = def   Straces (s) : out (i after  )  out (s after  ) Implementation Relation ioco Correctness expressed by implementation relation ioco: Intuition: i ioco-conforms to s, iff if i produces output x after trace , then s can produce x after  if i cannot produce any output after trace , then s cannot produce any output after  ( quiescence  )

30 © Jan Tretmans University of Nijmegen 30 ?dub ! choc ?kwart !tea ! coffee ?dub ?kwart ?dub ?kwart ! choc ?dub !tea ioco Implementation Relation ioco ! coffee ?dub !tea s ioco

31 © Jan Tretmans University of Nijmegen 31 Algorithm To generate a test case from transition system specification s 0 compute T(S), with S a set of states, and initially S = s 0 after  ; 1end test case pass For T(S), apply the following recursively, non-deterministically: 2supply input !a T ( S after ?a   ) Test Generation Algorithm allowed outputs or  : !x  out ( S ) forbidden outputs or  : !y  out ( S ) 3observe output fail T ( S after !x ) fail allowed outputsforbidden outputs ?y  ?x

32 © Jan Tretmans University of Nijmegen 32 Completeness of Test Generation For every test t generated with algorithm we have:  Soundness : t will never fail with correct implementation i ioco s implies i passes t  Exhaustiveness : each incorrect implementation can be detected with a generated test t i ioco s implies  t : i fails t

33 © Jan Tretmans University of Nijmegen 33 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

34 © Jan Tretmans University of Nijmegen 34 A Test Tool : TorX  On-the-fly test generation and test execution  Implementation relation: ioco  Specification languages: LOTOS, Promela, FSP, Automata TorX IUT observe output offer input next input specification check output pass fail inconclusive user: manual automatic

35 © Jan Tretmans University of Nijmegen 35 TorX

36 © Jan Tretmans University of Nijmegen 36 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

37 © Jan Tretmans University of Nijmegen 37 TorX Case Studies  Conference Protocol  EasyLink TV-VCR protocol  Cell Broadcast Centre component  ‘’Rekeningrijden’’ Payment Box protocol  V5.1 Access Network protocol  Easy Mail Melder  FTP Client  “Oosterschelde” storm surge barrier-control academic Philips CMG Interpay Lucent CMG academic CMG

38 © Jan Tretmans University of Nijmegen 38 Interpay ‘’Rekeningrijden’’ Payment Box Protocol

39 © Jan Tretmans University of Nijmegen 39 “Rekeningrijden” Characteristics :  Simple protocol  Parallellism :  many cars at the same time  Encryption  Real-time issues  System passed traditional testing phase

40 © Jan Tretmans University of Nijmegen 40 Payment Box (PB) Road Side Equipment Onboard Unit UDP/IP Wireless ‘’Rekeningrijden’’ Highway Tolling System

41 © Jan Tretmans University of Nijmegen 41 spec PB TorX Payment Box ‘’Rekeningrijden’’: Test Architecture PCO

42 © Jan Tretmans University of Nijmegen 42 spec PB + ObuSim + TCP/IP + UDP/IP Payment Box TorX ‘’Rekeningrijden’’: Test Architecture SUT Test Context ObuSim TCP/IPUDP/IP IAPPCO

43 © Jan Tretmans University of Nijmegen 43 ‘’Rekeningrijden’’: Issues  Parallellism :  very easy  Encryption :  Not all events can be synthesized : Leads to reduced testing power  Real-time :  How to cope with real time constraints ?  Efficient computation for on-the-fly testing ?  Lack of theory: quiescence vs. time-out

44 © Jan Tretmans University of Nijmegen 44 ‘’Rekeningrijden” : Results  Test results :  1 error during validation (design error)  1 error during testing (coding error)  Automated testing :  beneficial: high volume and reliability  many and long tests executed ( > 50,000 test events )  very flexible: adaptation and many configurations

45 © Jan Tretmans University of Nijmegen 45 Overview  Introduction  Testing  Formal methods and Testing  Formal Testing  Framework  Pre/post-condition program testing  Transition system testing  ioco test theory  a test tool  an application: "Rekeningrijden"  Conclusions

46 © Jan Tretmans University of Nijmegen 46 Concluding ……  Testing can be formal, too (M.-C. Gaudel, TACAS'95)  Testing shall be formal, too  But testing can never be complete  it increases confidence in correctness  Testing can be the first step:  counter-example finding before expensive formal verification  Or the last:  to show that not only the model is correct but also the real system

47 © Jan Tretmans University of Nijmegen 47 Thanks to... University of Twente: Ed Brinksma, Lex Heerink, Axel Belinfante, Jan Feenstra, René de Vries, Machiel van der Bijl, …… Eindhoven University of Technology: Nicolae Goga, Loe Feijs, Sjouke Mauw University of Nijmegen: Pieter Koopman Philips Research Labs Eindhoven: Lex Heerink, Ron Koymans KPN Research: Erik Kwast, Henri Dol Lucent Technologies - R&D Centre Twente: Arjan de Heer Project Pampa, IRISA, Rennes (Logica)CMG Information Technology: Peter Christian, Robert Spee, Wouter Geurts, …… Interpay B.V.: Cornel van Mastrigt, Rommert Jorritsma Ordina Utopics: Pim Kars ………

Download ppt "1 Jan Tretmans University of Nijmegen © Jan Tretmans University of Nijmegen Model Based Testing Property Checking for Real."

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Model-Based Testing and Test-Based Modelling

Model-Based Testing and Test-Based Modelling
Applications of Automated Model Based Testing with TorX Ed Brinksma Course 2004.

Applications of Automated Model Based Testing with TorX Ed Brinksma Course 2004.
1 Lars Frantzen, Pieter Koopman, René de Vries, Tim Willemse, Jan Tretmans Radboud University Nijmegen © Jan Tretmans Radboud University Nijmegen Testing.

1 Lars Frantzen, Pieter Koopman, René de Vries, Tim Willemse, Jan Tretmans Radboud University Nijmegen © Jan Tretmans Radboud University Nijmegen Testing.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Testing and Quality Assurance

Testing and Quality Assurance
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
Formal Conformance Testing of Systems with Refused Inputs and Forbidden Actions Igor Burdonov, Alexander Kossatchev, Victor Kuliamin ISP RAS, Moscow.

Formal Conformance Testing of Systems with Refused Inputs and Forbidden Actions Igor Burdonov, Alexander Kossatchev, Victor Kuliamin ISP RAS, Moscow.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Automated Model-Based Testing of Hybrid Systems Michiel van Osch PROSE January 25, 2007 13.

Automated Model-Based Testing of Hybrid Systems Michiel van Osch PROSE January 25,
November 2005J. B. Wordsworth: J5DAMQVT1 Design and Method Quality, Verification, and Testing.

November 2005J. B. Wordsworth: J5DAMQVT1 Design and Method Quality, Verification, and Testing.
Model-based Testing of Hybrid Systems Michiel van Osch IPA Spring Days on Testing 19 April – 21 April 2006.

Model-based Testing of Hybrid Systems Michiel van Osch IPA Spring Days on Testing 19 April – 21 April 2006.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Software Testing. Overview Definition of Software Testing Problems with Testing Benefits of Testing Effective Methods for Testing.

Software Testing. Overview Definition of Software Testing Problems with Testing Benefits of Testing Effective Methods for Testing.
1 Jan Tretmans Embedded Systems Institute Eindhoven Radboud University Nijmegen Model-Based Testing.

1 Jan Tretmans Embedded Systems Institute Eindhoven Radboud University Nijmegen Model-Based Testing.
Holger Hermanns Formal Methods for Software Engineering Part III: Applications of Formal Methods Lecture 10: Applications?

Holger Hermanns Formal Methods for Software Engineering Part III: Applications of Formal Methods Lecture 10: Applications?
1 Jan Tretmans Radboud University Nijmegen (NL) © Jan Tretmans Radboud University Nijmegen together with: University of Twente Enschede.

1 Jan Tretmans Radboud University Nijmegen (NL) © Jan Tretmans Radboud University Nijmegen together with: University of Twente Enschede.
Software Testing. “Software and Cathedrals are much the same: First we build them, then we pray!!!” -Sam Redwine, Jr.

Software Testing. “Software and Cathedrals are much the same: First we build them, then we pray!!!” -Sam Redwine, Jr.
MCA –Software Engineering Kantipur City College. Topics include  Formal Methods Concept  Formal Specification Language Test plan creation Test-case.

MCA –Software Engineering Kantipur City College. Topics include  Formal Methods Concept  Formal Specification Language Test plan creation Test-case.

Similar presentations

Ads by Google