140 likes | 263 Views
Generating Test Cases For a Timed I/O Automaton Model. Leonid Mokrushin. Outline. Timed I/O automaton model Semantics Relation to Timed Automata Example of timed I/O automaton Symbolic traces Must-traceability May-traceability
E N D
Generating Test Cases For a Timed I/O Automaton Model Leonid Mokrushin Formal Software Testing and Model Checking
Outline • Timed I/O automaton model • Semantics • Relation to Timed Automata • Example of timed I/O automaton • Symbolic traces • Must-traceability • May-traceability • An efficient algorithm to decide whether a test sequence is executable (traceable) • Idea • Input actions • Output actions • Conformance testing method for the model Formal Software Testing and Model Checking
Timed I/O automaton model is a finite set of states is a finite set of I/O actions is a set of I/O types is a global clock variable is a finite set of variables, which can hold rational numbers is a set of linear inequalities on rational numbers and their logical conjunctions is a set of assignments is a transition relation is the initial state of M is a set of initial values for variables There is no state from which there are two outgoing transitions with the same I/O action Formal Software Testing and Model Checking
Semantics An element of a transition relation is denoted by s3 c?[xb-xa≤3] { } a?v[true] {xat,xb v} b![xa≤t≤xa+xb] {xbt+0.1*xb} s0 s1 s2 d?[xb-xa>3 and t<xa+20] { } s4 Let execution time of a?v is 5 and input value v is 3 s0->s1: xa5, xb3 s1->s2: action b! will be executed when 5 ≤ t ≤ 5 + 3 assume this moment is when t=6, xb6+0.1*3 =6.3 s2->s3: xb – xa= 6.3 – 5 = 1.3 ≤ 3, hence c? is executable s2->s4: If xb – xa > 3, an input action d? is executable for 20 seconds after a? is executed. Formal Software Testing and Model Checking
Relation to Timed Automata The model can simulate any timed automaton in the original version of Alur’s timed automata. Alur’s model t1 0 a? [0 ≤ t1 ≤ 5] b! reset(t1) s0 s1 s2 Timed I/O model a? [0 ≤ t-t1 ≤ 5] { } b! [true] {t1t} t1 t s0 s1 s2 If Alur’s model has several clocks then the corresponding Timed I/O model also has (at most) the same number of variables. Formal Software Testing and Model Checking
s0 Example A receiving node of a media synchronization protocol, which allows to synchronize real-time continuous media such as video stream when transfer rate changes quickly. data_start?v [true] {x1t, ts1v} s1 data_end? [x1+x ≤ t ≤ x1+y] {x2t} s2 first_display_start! [t ≤ x2+d] {x3t} not_mdf! [Th2≥x9-(x3+w) and t ≤ x10+d] {x3x3+w, ts1 ts2} s3 first_display_end! [x3+a ≤ t ≤ x3+b] {x4t} s9 s4 data_start?v [true] {x5t, ts2 v, w v-ts1} mdf! [Th2<x9-(x3+w) and t ≤ x10+d] {x3x9, ts1 ts2} display_end![x7+a≤ t ≤ x7+b] {x8t} s5 display_end! [x9+a ≤ t ≤ x9+b]{x10t} data_end?[x5+x≤ t ≤ x5+y] {x6t} s8 s6 s7 display_start! [x6≥x3+w and t ≤ x6+d] {x9t} display_start_intime! [x6<x3+w and x3+w ≤ t ≤ x3+w+d] {x7t} Formal Software Testing and Model Checking
Transition sequences A transition sequence of a timed I/O automaton M is an execution path of the transition graph of M. The value of each variable may change by executing a transition. In order to decide whether a given transition sequence is executable, we must consider how their values change. Step 1. Name each occurrence of variables in a transition sequence - values of variables on i-th state si of . - execution times of actions respectively - input values of the corresponding m data input actions Step 2. Replace each occurrence of variables using an algorithm: j:=0, for p=1 to k doxp(0):=xpinit for i=1 to n do { if$i=?vthen j:=j+1; $i:=?vj for p=1 to k do { ifxpf(t,v,x1,…,xk)Dithen xp(i):=f(ti,vj,x1(i-1),…,xk(i-1)) elsexp(i):=xp(i-1) } } Formal Software Testing and Model Checking
Symbolic traces,must/may traceability A symbolic trace for is: where: are conditions where each xk(i) is obtained by the algorithm described in step 2 and “/” means substitution. Must-traceability: A symbolic trace is must-traceable, if whenever each output action is executed, there always some input timing for each input action such that the rest of the sequence can be executed. We denote condition of must-traceability TrCondMust() May-traceability: A symbolic trace is may-traceable, if for some output timing there exists some input timing such that the rest of the sequence can be executed. We denote condition of may-traceability TrCondMay() Formal Software Testing and Model Checking
TrCondMust() and TrCondMay() Conditions of must/may traceability are calculated recursively. For example: a?va@ta[Pa] b!@tb[Pb] c?vc@tc[Pc] s0 s1 s2 s3 Symbolic trace: Must-traceability (TrCondMust()) : May-traceability (TrCondMay()): In general, TrCondMust() and TrCondMay() become rational Presburger sentences. The decision problem is known to be NP-hard for the general class. But restricting to inequalities on rational numbers and their logical conjunctions allows to decide must/may traceability effectively. Formal Software Testing and Model Checking
Efficient decision of must/may traceability (idea) Since the last action an has no succeeding actions, the executable time tn of an is a solution of the constraint Pn. We transformPn into the following conjunction: The lower and upper bounds of tn obtained as: In order that there exists an executable time tn of an must be true. Thus, if the must-traceability condition is true, then the executable time tn of an [tninf, tnsup]. Formal Software Testing and Model Checking
Efficient decision of must/may traceability (input actions) Let ak? be some input action, and k<n. ak?.... … … s1 sk-1 sk … sn Execution time tn of an satisfies the constraint From this constraint we can obtain tksup and tkinf, hence TrCondMustk() can be obtained also. TrCondMustk() shows whether the transition sequence ak, ak+1,…,an in is must-traceable. Formal Software Testing and Model Checking
Efficient decision of must/may traceability (output actions (1)) Let ak’! be some output action, and k’<n. We must consider any moment satisfying Pk’ since the output timing of ak’ is uncontrollable. From constraint Pk’ we obtain: Then we transformTrCondMustk’+1() into: And obtain lower and upper bounds of TrCondMustk’+1(): Formal Software Testing and Model Checking
Efficient decision of must/may traceability (output actions (2)) Actionak’ is executable and the succeeding sequence is also executable for any output timing tk’ of ak’ifft1,…,tk’-1 satisfy the following conditions: TrCondMustk’()is a conjunction of these conditions. TrCondMust1()is obtained recursively. It is a logical combination of linear inequalities. By assigning initial values to the variables in V, we get a formula containing onlyv1,...,vm (input values). If this formula is satisfiable(linear programming problem), then the given symbolic trace ismust-traceable. Formal Software Testing and Model Checking
Conformance testing method Compose: set of UIO sequences U for each state si set of transfer sequences V to drive system to si Decide must/may traceability for V.Uo=iviui Are all sequences must or at least may traceable? no yes Run test cases V.Uoand V.Ux=i≠jviu’jaij on IUT. Each input action is executed with timing computed during must/may traceability analysis. Check timing of observed output actions against spec. Does the response from IUT match spec? no yes Formal Software Testing and Model Checking