1 / 73

Test des Automates Temporisés

Master 2 Recherche S&L « Méthodes de test ». Test des Automates Temporisés. Stavros Tripakis Laboratoire Verimag. Modèles, modèles, …. Les machines de Mealy Entr é es/sorties synchrones Bonnes pour circuits/programmes synchrones Les systèmes de transitions étiquetés

paiva
Download Presentation

Test des Automates Temporisés

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Master 2 Recherche S&L« Méthodes de test » Test des Automates Temporisés Stavros Tripakis Laboratoire Verimag

  2. Modèles, modèles, … • Les machines de Mealy • Entrées/sorties synchrones • Bonnes pour circuits/programmes synchrones • Les systèmes de transitions étiquetés • Bons pour systèmes asynchrones (ex. protocoles de communication) • Aspects temps-réel pas bien modélisés • Les automates temporisés

  3. conforme ? Exemple s1 s1 A? A? B! s2 s2 Spécification: pour chaque entrée A, retourner un B Implémentation (candidate)

  4. Exemple s1 s1 Comment capter la non-conformité ? A? A? B! s2 s2 Spécification: pour chaque entrée A, retourner un B Implémentation (candidate)

  5. SUT inputs outputs Tester Verdicts (pass/fail) Real-time testing

  6. Exemple s1 s1 Comment trouver la valeur « timeout » lors du test ? A? A? B! s2 s2 Spécification: pour chaque entrée A, retourner un B Implémentation (candidate)

  7. Plan of talk • Specification model • Conformance relation • Analog & digital tests • Test generation • Tool and case studies

  8. Plan of talk • Specification model: timed automata with inputs, outputs and unobservable actions. • Conformance relation • Analog & digital tests • Test generation • Tool and case studies

  9. a? b! x  4 x:=0 Simple example 1 “Output b at most 4 time units after receiving input a.”

  10. a? b! x  4 x:=0 Simple example 2 “Output b at most 4 time units after receiving input a, except if you fail, in which case output a failure notice at most after 8 time units.” fail! x  8 Unobservable action

  11. Compositional specifications A B C Compositional specifications with internal (unobservable) actions.

  12. internal (unobservable) actions. Compositional specifications

  13. Modeling assumptions on the environment env spec Export (make observable) interactions between the specification and its environment.

  14. a? b! x  4 x:=0 Simple example 3 “Output b at most 4 time units after receiving input a, provided a is received no later than 10 time units.” a? b! a! y  10 y:=0 A compositional modeling of the same example.

  15. Simple example 3 “Output b at most 4 time units after receiving input a, provided a is received no later than 10 time units.” a? b! x  10 x  4 x:=0 x:=0 Constraints on the inputs model assumptions. Constraints on the outputs model requirements. Specification is not always input-complete.

  16. Conclusion: a rich TA model • Time non-determinism: • Cannot impose exact input or output times. • Action non-determinism: • Model failures, abstract details. • Partial observability: • Internal actions of compositional specifications. • Not input-complete: • Model assumptions on the environment.

  17. Plan of talk • Specification model • Conformance relation: an extension of the “untimed” relation “ioco”. • Analog & digital tests • Test generation • Tool and case studies

  18. Conformance relation • A timed extension of Tretmans’ “ioco”: timed input-output conformance relation (tioco). • Informally, A tioco B if • For any observable behavior p of B, any possible observable output of A after p (including a delay) is also a possible observable output of B after p. • To put it otherwise: • Implementation accepts more inputs and produces fewer outputs than specification.

  19. Conformance relation • Formally: A tioco B (A: implementation, B:specification) iff Traces(B). out(A after )  out(B after )

  20. A after  = {s | Seq. s0  s  proj(,Obs)=} Conformance relation • where: out(S)= delays(S)  outputs(S)

  21. delays(S) = {tR | sS. UnobsSeq. time() = t  s }  a outputs(S) = {aOutputs | sS . s } Conformance relation • where:

  22. a? b! x  4 x:=0 Spec: Examples “Output b at most 4 time units after receiving input a.”

  23. a? a? b! b! x  4 x:=0 x:=0 x = 4 Spec: Impl 1: Examples “Output b at most 4 time units after receiving input a.”

  24. a? a? b! b! x  4 x:=0 x:=0 x = 4 Spec: Impl 1: Examples “Output b at most 4 time units after receiving input a.” OK!

  25. a? a? a? b! b! b! x  4 x  2 x:=0 x:=0 x:=0 x = 4 Spec: Impl 1: Impl 2: Examples “Output b at most 4 time units after receiving input a.” OK!

  26. a? a? a? b! b! b! x  4 x  2 x:=0 x:=0 x:=0 x = 4 Spec: Impl 1: Impl 2: Examples “Output b at most 4 time units after receiving input a.” OK! OK!

  27. a? a? b! b! x  4 x:=0 x:=0 x = 5 Spec: Impl 3: Examples “Output b at most 4 time units after receiving input a.”

  28. a? a? b! b! x  4 x:=0 x:=0 x = 5 Spec: Impl 3: Examples “Output b at most 4 time units after receiving input a.” NOT OK!

  29. a? a? b! b! x  4 x:=0 x:=0 x = 5 Spec: Impl 3: a? Impl 4: Examples “Output b at most 4 time units after receiving input a.” NOT OK!

  30. a? a? b! b! x  4 x:=0 x:=0 x = 5 Spec: Impl 3: a? Impl 4: Examples “Output b at most 4 time units after receiving input a.” NOT OK! NOT OK!

  31. Plan of talk • Specification model • Conformance relation • Analog & digital-clock tests • Test generation • Tool and case studies

  32. SUT inputs outputs Tester Verdicts (pass/fail) Real-time testing How accurate is this clock ?

  33. a? a? b! b! x:=0 x:=0 x = 4 x = 4 Spec: Impl 1: Example “Output bexactly 4 time units after receiving input a.” OK! a? b! NOT OK! Impl 2: x:=0 x = 3.99

  34. Timed tests • Two types of tests: • Analog-clock tests: • Can measure real-time precisely • Difficult (impossible) to implement for real-time SUTs • Good (flexible) for discrete-time SUTs with unknown time step • Digital-clock tests: • Can count “ticks” of a periodic clock/counter • Implementable for any SUT • Conservative (may say PASS when it’s FAIL)

  35. a a b b c c 1.3 2.4 2.7 time time Timed tests • Analog-clock tests: • They can observe real-time precisely, e.g.: • Digital-clock (or periodic-sampling) tests: • They only have access to a periodic clock, e.g.: 1 2 3

  36. Note • Digital-clock tests does not mean we discretize time: • The specification is still dense-time • The capabilities of the observer are discrete-time ) • Many dense-time traces will look the same to the digital observer

  37. Untimed tests • Can be represented as finite trees (“strategies”): i o1 o2 o3 o4 fail i1 i2 i3 … … fail pass

  38. Digital-clock tests • Can also be represented as finite trees: i Models the tick of the tester’s clock o1 o2 o3 o4 tick fail … i1 i2 i3 … … fail pass

  39. Analog-clock tests • Cannot be represented as finite trees: i … o1 o2 o3 o4 0.1 0.11 0.2 fail i1 i2 i3 Infinite number of possible delays … … fail pass

  40. 1.3 0.8 a b a b 1.3 2.1 Analog-clock tests • Solution: build the test on-the-fly i i time 0

  41. Test generation • Analog-clock tests: • Cannot be represented statically as finite trees: infinite number of possible inputs delays • Solution: on-the-fly testing: compute the test while you are testing ! • Digital-clock tests: • Can be generated both statically and on-the-fly. • In both cases: symbolic test generation

  42. Test generation principle • The tester is a state-estimator: it keeps a set of possible states of the SUT, according to the specification. • Updates this set with each new observation. • Gives inputs to SUT from time to time. • Announces FAIL if ever set becomes empty. • Announces PASS when tired of testing …

  43. observation (event or delay) runs matching observation next estimate Test generation principle current estimate

  44. Test generation principle • Sets of states are represented symbolically (standard timed automata technology, DBMs, etc.) • Updates amount to performing some type of symbolic reachability. • Can be used for on-the-fly testing (both for analog and digital) or static test generation (for digital only).

  45. Update operators for analog tests • Given current state estimation S … • Given observed event a (input or output): dsucc(S, a) : all states that can be reached from a state in S after performing a transition a. a dsucc(S, a) = {s’ | sS. s  s’}

  46. Update operators for analog tests • Given current state estimation S … • Given time delay t: tsucc(S, t) : all states that can be reached from a state in S after performing a run of unobservable actions of total duration t. tsucc(S, t) = {s’ | sS. UnobsSeq. s  s’  time()=t} 

  47. 1.3 a 1  0.3 a Putting it all together i S S’ = dsucc(tsucc(S,1.3), a)

  48. Update operator for digital tests • First, a trick: • tick is an observable event: • Models the ticks of the observer’s clock. • Can also model skew, etc, using different “Tick” automata. “Tick” original specification automaton tick! z = 1 z:= 0

  49. Update operator for digital tests • Given S and observed event a (could be tick): succ(S, a)= all states that can be reached from a state in S after performing a run of unobservable actions that ends with a. succ(S, a)= {s’ | sS. UnobsSeq. s   s’}  a

  50. tick Updates for digital tests i S S’ = succ(S, tick) a S’’ = succ(S’, a)

More Related