VerTeCS

1. Ve r s e T C VerTeCS Verification models and techniques applied to the Testing and Control of reactive Systems Thierry Jéron IRISA/INRIA Rennes, France http://www.irisa.fr/vertecs Team : 4 Inria researchers, 1 Post Doc, 4PhD, 1 Engineer

2. Main research activities • Verification of finite/infinite state systems • Controller synthesis for Discrete Event Systems • Model-based test generation • Model-based fault diagnosis

3. Model Prop Verification M ⊨ P ? Y/N (witnesses/diagnostic) Verification M P Model-checking Abstract Interpretation Theorem proving

4. Model Prop Controler synthesis Build C s.t. M x C ⊨ P Controler synthesis for DES uc c M x C P M

5. Testing Model fail !otherwise ioco ? Test generation TC Vis(IUT) IUT || TC Build TC s.t. TC sound / M & ioco TS={TC} is exhaustive Impossible in practice ⇒ selection Vis(M) IUT ioco S  STraces(IUT) ⋂ STraces(S).S!  Straces(S)

6. Main research activities in test generation • Enumerative on-the-fly techniques → TGV off-line selection of behaviors of vis(M) accepted by TP based on reachability & co-reachability analysis • Symbolic test generation techniques →STG off-line selection by symbolic transformations and approximated analysis ∼ slicing of M wrt TD execution : on-line constraint solving • Methodological combination of V & T: “test on IUT what you tried to verify on M” (Vlad’s talk) M ⊨ P ? TC that detects ⌝(I ioco S) and/or I ⊭ P ? For enumerative and symbolic techniques

7. Test selection by test purpose fail !otherwise ! Vis(M) Pass TC coreach(Acc) ! inconc TP Acc Vis(M) Vis(M) x TP Coreach(Acc) not computable for (infinite) models with data ⇒ over-approximation needed

8. Test selection by approximate analysis Syntactical product M x TP y<0∧ p=y !err(p) x<0∧ p=x !err(p) End !end M x≥0 ?a(p) y:=p - Sink ?a(p) x:=p ?start ⌝(p=2∧x≥3) -2≤p≤2; !ok(p) Ry Cmp Rx Idle End Wait x<0 ∧ p=x !err(p) p=y-x ∧ -2≤p≤2 !ok(p) y<0 ∧p=y !err(p) p=2 ∧ x≥3 ∧ p=y-x ∧ -2≤p≤2 !ok(p) !end p=y-x ∧⌝(-2≤p≤2) !nok(p) x≥0 ?a(p) y:=p ?a(p) x:=p Idle Wait ?start Ry Wait Cmp Wait Rx Wait Pass * * p=2∧x≥3 !ok(p) TP Wait Acc !err(p) Sink p=y-x ∧⌝(-2≤p≤2) !nok(p) ⌝(p=2∧x≥3) !ok(p) *

9. Test selection by approximate analysis M x TP reacha (Acc) computed by NBAC → simplification - Sink ⊥ ⌝(p=2∧x≥3) ∧ p=y-x ∧ -2≤p≤2; !ok(p) End Wait Test execution against IUT: check output / choose input values by on-line constraint solving ⊥ y<0 ∧ p=y !err(p) x<0 ∧ p=x !err(p) ⊥ - Sink p=2 ∧ x≥3 ∧ p=y-x ∧ -2≤p≤2; !ok(p) inconc !end ⌝(p=2∧x≥3) ∧ p=y-x -2≤p≤2; !ok(p) x≥0 ?a(p) y:=p End Wait ?a(p) x:=p Idle Wait ?start Ry Wait Cmp Wait ⊤ Rx Wait x<0 ∧ p=x !err(p) Rx Acc y<0 ∧ p=x !err(p) ⊤ p=2 ∧ x≥3 ∧ p=y-x ∧ -2≤p≤2; !ok(p) y-x=2 ∧ x≥3 ⊤ ⊤ x≥3 !end p≥3 ?a(p) x:=p p=2 !ok(p) p=x+2; ?a(p) y:=p p=y-x ∧⌝(-2≤p≤2) !nok(p) Idle Wait ?start Ry Wait Cmp Wait Rx Wait Pass ⊤ ⊤ x≥3 x≥3 ∧ y-x=2 coreacha (Acc) computed by NBAC x≥3 ∧ y-x=2 !otherwise TC → guard strengthening p=y-x ∧⌝(-2≤p≤2) ! nok(p) fail

10. Perspectives linked with Artist • Extension of symbolic techniques to symbolic timed models • Testing of security policies: formalization of conformance, generation of attacks(Potestat French project with LSR, Verimag) • Tools extensions