Presentation is loading. Please wait.

Presentation is loading. Please wait.

Model-Based Testing Prof. Walter Kriha, Hochschule der Medien Stuttgart, Computer Science and Media Faculty September 16, 2005 Forces and Solutions GENERALLY.

Similar presentations


Presentation on theme: "Model-Based Testing Prof. Walter Kriha, Hochschule der Medien Stuttgart, Computer Science and Media Faculty September 16, 2005 Forces and Solutions GENERALLY."— Presentation transcript:

1 Model-Based Testing Prof. Walter Kriha, Hochschule der Medien Stuttgart, Computer Science and Media Faculty September 16, 2005 Forces and Solutions GENERALLY ACCESSIBLE

2 SECTION 1 Problem View

3 2 Other Company Example: Internet Service When „search“ returns passwords... Deploying an application into this environment can take month after month of laborious testing. But how can you be sure that core security concepts (like trust zones, end-to-end security, secrecy etc.) are met and maintained by the software? Automation of tests is a key requirement! Execution of tests must be fully traced. client Inter net External TTP Reverse Proxy Authent Server Author. Server Identity Server App. Server User Registry Host App. Server Credent. Vault. App. Server App. Server Domain Bridge (TTP) CSIv 2 WS-S

4 3 Challenges Technical and Social It will take advanced tools for developers to perform continuous and early testing of those complex systems multi-tier architectures complex infrastructures (J2EE/.NET) long deployment chains (Dev.Test/Mit/AIT/PTE/Production) Cross-cutting concerns (security, performance) Multiple technologies (descriptive, imperative) mixed Social factors (roles, skill sets, limitations, change)

5 4 Example: Browser Bugs An endless story? Every new feature in a browser (frames, pop-up windows, tabs, bookmarks etc.) seems to violate this simple principle of protection. Take a look at the mozilla security buglist. Why is that so? site A site B A B Script Engine Same Origin Concept

6 5 Challenges Concepts and Implementations Is it possible to capture advanced security concepts in models and use them for (automatic) testing? Another example that needs much better testing is the implementation of dynamic Role-based-access-control (RBAC) systems which rely on static data, rules and environment values to reach a verdict. The Code does not show „same origin“ Browser models do not contain the concept How can we test for such high-level concepts?

7 SECTION 2 Testing Approaches

8 7 Overview From no concept to a representation of test concepts I wonder what this change will do? The concepts need to be caught in models and used to drive test engines, simulators or generate code against the production software textual input, manual tests, automated reporting: What do they want me to test? Another application change, need to fix test scripts too model and test language supported by tools. The model itself contains concepts through profiles. No test conceptLogbook Scripts Model based

9 8 Model-Based Testing Architecture This is only one example of many different ways to use MBT. With UML 2.0 activity diagrams are an effective way to represent „unit-of-work“ like concepts which appear naturally in testing. specification model behavioral test models MSC Activity Diagram State chart Test Specification Test Generator Test Model Interpreter SUT Test Tooling Test libraries Abstract Concrete Profiles Control Flow Data Flow

10 9 Is it Better? Where are the benefits? According to Pretschner et.al. testing without a model gives the worst results. Just building the test model uncovers lots of bugs in the requirements (model) Number and quality of bugs found: A strong tendency towards better results with MDT Manually deriving tests from a model still benefits from the model.

11 10 Who can do it? EAI example: How to avoid the textual step A successful example how model driven development enables even end- users to create precise specifications of data transformations. Shouldn't this be possible with testing as well? Business creates Transformation Rules with specialized UML editor Create Meta-data and Actions for Interpreter/Server Tool Execute instructions in EAI server Server (UML VM)

12 11 Technologies and Tool Support UML For an example of the use of UML for model checking take a look at UMLsec. In non-technical environments UML is the prevailing modeling language Behavioral specifications are expressed as state charts or activity diagrams Tools should provide „canned know-how“ for tests of non-functional requirements Model checking and executable UML are possible options for the future. They bridge the gap between abstract models and implementations by bringing more concreteness (abstract syntax of actions e.g.) into the models.

13 12 MDD vs. MBT Different Benefits Model-Based Testing is not the same as Model-Driven Development. Different abstraction levels: MDD needs to express more general concepts and less implementation allow different implementations Requirement models in MDD need to be generalized to create flexible systems. In MBT requirement models need to be made more concrete. MBT can use concrete implementation know-how from the SUT MBT tools should be able to re-use models from MDD MBT tools need to cater to a different class of users

14 13 The Future Exept and HDM Based on a common understanding of concept based learning and development HDM and Exept will explore the above topics in projects and courses at HDM. Constraint modeling and transformation into tests Process modeling, semantics Representation of non-functional requirements

15 14 Resources 1.W.Prenninger, A.Pretschner, Abstractions for Model-Based Testing http://www4.informatik.tu- muenchen.de/~prenning/publications/tacos04.pdf (shows that developement and test models are different. Good introduction to MBT)http://www4.informatik.tu- muenchen.de/~prenning/publications/tacos04.pdf 2.Pretschner, Prenninger, Baumgartner, Stauner, One Evaluation of Model-Based Testing and its Automation. http://www.inf.ethz.ch/personal/pretscha/papers/icse05.pdf (empirical results on a comparison of MBT vs. manual testing and mixed forms)http://www.inf.ethz.ch/personal/pretscha/papers/icse05.pdf 3.M.Friske, H.Schlingloff, Von Use Cases zu Test Cases: Eine systematische Vorgehensweise http://www.informatik.hu-berlin.de/~hs/Publikationen/2004_MBEES_Schlingloff-Friske_Von- Use-Cases-zu-Test-Cases.pdf (shows requirements translation into activity diagrams) http://www.informatik.hu-berlin.de/~hs/Publikationen/2004_MBEES_Schlingloff-Friske_Von- Use-Cases-zu-Test-Cases.pdf 4.H.Störrle, LMU Munich, Towards a formal Semantics of UML 2.0 Activities http://www.pst.informatik.uni-muenchen.de/personen/stoerrle/V/AD-11-Limits.pdf (a denotational semantics for UML Activities based on extended Petri Nets) http://www.pst.informatik.uni-muenchen.de/personen/stoerrle/V/AD-11-Limits.pdf 5.Workgroups: GI-FG TAV (Test and Verification of Software) 6.Workgroups: Dagstuhl Seminar 2004: MBT for reactive systems http://www.it.uu.se/research/project/motres/subjects.html http://www.it.uu.se/research/project/motres/subjects.html 7.Hartmann, Nagin, The AGEDIS Tools for Model Based Testing 8.Bernhard Merkle, Designermodelle, IX 2005/5. Good Introduction to Model-Driven Architecture and Development Tools and Processes. 9.Jan Jürjens, Secure Systems Development with UML, Springer 2005. Uses a UML Profile for security to validate security protocols. Uses Model Checkers and shows how to test SAP3 permission settings against a model. 10.T.Stahl, M. Völter, Modellgetriebene Software-Entwicklung. Dpunkt Verlag 2005. Covers meta- modelling, Domain Languages, split-level development and generative patterns.


Download ppt "Model-Based Testing Prof. Walter Kriha, Hochschule der Medien Stuttgart, Computer Science and Media Faculty September 16, 2005 Forces and Solutions GENERALLY."

Similar presentations


Ads by Google