Real-time Testing: From Practice to Theory

Download Report

Transcript Real-time Testing: From Practice to Theory 

A test generation framework
for quiescent real-time
systems
Laura Brandán Briones
Dept. of CS, University of Twente, NL
joint work with
Ed Brinksma
Do We Still Need Quiescence?
Yes!
tea !
money?
money?
coffee?
tea?
tea?
bang?
bang?
coffee?
tea?
tea?
coffee?
coffee!
June, 2005
coffee?
tea !
coffee!
Do We Need
Coffee?
Have Money?
Time?
Yes!
money?
tea !
tea?
x:=0
x6
June, 2005
coffee?
tea?
money?
coffee!
coffee?
x:=0
x6
Overview
Real-time input-output transition systems
Timed implementation relation
Real-time test generation
Example
Future work ()
Multi real-time input-output transition
systems
 Multi timed implementation relation
 Multi real-time test generation






June, 2005
 Real-time input-output transition systems
June, 2005
LTS with delays:
(d)
s  s’ (dR+) with:



June, 2005
(time determinism)
(d) non-delay
(d)actions
s  s’ and s  s’’ implies s’=s’’
are now assumed to
(density)
occur instantaneously
(d1)
(d2)
(d)
s  s’ iff  s’’ : s  s’’ and s’’  s’ with d=d1+d2
(null delay)
(0)
s  s’ iff s=s’

June, 2005
Quiescence
For a system p, we extend the time transition relation
() with δ (denoted Δ(p)):
o!
 If for all o!Lout : q >,
δ
q
q
June, 2005
 Timed implementation relation
June, 2005
 impl tiorf spec iff
ttraces(Δ(impl))  ttraces(Δ(spec))
M
 impl tiorf spec iff ΔM(impl)  ΔM(spec)
where ΔM(p) = ttraces(Δ(p))  (D.L  (M).δ)*
June, 2005
Outputs
outM(s) =
o!(d)
{ o!(d) | s => }  { δ(M) | s quiescent}
tiocoM
M
 impl tiorf
spec
iff
ioco
 : outM(
June, 2005
impl after  )
(D.L  (M).δ)
ΔM(spec)
 outM( spec after  )
 Real-time test generation
June, 2005
Test cases
x:= 0
Test case t  TTA
x k
TTA – Test Timed Automata :
 labels in L  {  }, G(d)
off!
fail
 tree-structured
off!
 finite, deterministic
x=5
 final states pass and fail
 from each state  pass, fail
 choose input i? and time k
wait k accepting all outputs o! and
at k provide input i?, or
 wait accepting all outputs o! and 
June, 2005

pass
on?, x=k
x:=0
x M
off!
x:=0
x<5
x M
fail
off!
fail

x=M
fail
Timed test generation
Apply recursively & non-deterministically ( initially S = {s0} )
PASS
1 end test case
tioco
3 wait to observe possible output
2 choose k  (0, M) and input
μ M-sound
= conforming
implementation not rejected
x:=0
x:=0
forbidden o !
o!
x  k allowedtioco
forbidden o !
-complete
x  M allowed o !
M
after d time-units
after d’ time-units
after d time-units
after d’ time-units
= non-conforming
implementations can
o!
o!
μ?

o!
o!
o!
o !
o !
x=d
o!
x=d’
x=k
x=M
x=d
be rejected
x=d’
x=d’
x=d
x=d’
x=d
i
1
1
FAIL FAIL
June, 2005
j
n
1
n’
n’
1
n
n
n’
1
1
tμ
j
i
1
n’
t1
tn
FAIL FAIL
n
1
tδ
t1
tn
 Example
June, 2005
Example
spec:
δ
t!
m?
c?
t?
m?
b?
b?
t?
c?
t?
c!
fail
c!
c!
fail
c?
c?
c!
t!
t?
M=k
t!
t?
x<k
June, 2005
m?
c?
pass
b?
t?
t?
b?
c!
c?
c?
x<k
x1
t!
δ
x=M
x:=0
x1
x1
fail
t!
c!
pass
fail
t!
c?
x=1
x:=0
fail
fail
fail
b?
x=1
x:=0
c!
:test
t!
c! x  M
fail
m?
t!
m?
x=1
x:=0
c?
x=1
x:=0
c!
impl:
x1
fail
xM
t!
δ
x=M
fail
fail
Future work
 Extend the theory with multi input-output
 Confirm completeness (in the old sense)
 Evaluate applicability in practical situations
 Deal with the imprecision in measuring
physical time
 Integrate with data testing
June, 2005
Overview
Real-time input-output transition systems
Timed implementation relation
Real-time test generation
Example
Future work ()
Multi real-time input-output transition
systems
 Multi timed implementation relation
 Multi real-time test generation






June, 2005
A test generation framework
for quiescent real-time
multi
input-output
systems
input-output
systems
Laura Brandán Briones
&
Ed Brinksma
amount!
card!
card!
x>5
card?
x := 0
card!
Err-P!
Err-a!
x>5
Pin?
x≤5
x := 0
τ
x≤5
card!
τ
x5
x≤5
Ok!
x := 0
amount?
τ
x≤5
June, 2005
x≤5
x := 0
x5
Ok!
τ
x≤5
Channels
card!
amount!
card! card?
x := 0
x>5
card!
x>5
Pin?
x≤5
x := 0
Err-P!
x 5
τ
x≤5
Err-a!
1
LI = { card?}
2
L I = { Pin?, amount?}
card!
τ
x≤5
2
Ok!
LU = { amount!}
x := 0
3
LU = { Ok!, Err-a!, Err-P!}
amount?
τ
x≤5
June, 2005
1
LU = { card!}
x≤5
x := 0
x5
Ok!
τ
x≤5

June, 2005
Quiescence
o!
j
 LU -quiescent (s)
o!
 Mj –quiescent (s)
 Mj –quiescent (p)
 M-quiescent (p)
o!
Mj
Mi
o!
Mj
o!
j
o! Є L U
o!
o!
u! o!
j
U
o! Є L
o!M
j
Mj
June, 2005
o!
o!
o!
i
U
u! Є L
j
U
o! Є L
Channels
card!
amount!
card! card?
x := 0
x>5
card!
x>5
Pin?
x≤5
x := 0
Err-P!
x 5
τ
x≤5
Err-a!
=>
γ1
2
=>
γ2
1
=>
δ
2
=>
δ
LU = { Ok!, Err-a!, Err-P!} =>
δ
L I = { Pin?, amount?}
card!
τ
x≤5
Ok!
LU = { card!}
LU = { amount!}
x := 0
3
amount?
τ
x≤5
June, 2005
1
LI = { card?}
x≤5
x := 0
x5
Ok!
τ
x≤5
1
2
3

June, 2005
Saturation
2 1 2 3
γδδδ
amount!
card!
card!
x>5
γ1
γ2
δ2
δ3
x := 0
Pin?
γ1
2
δ
δ3
x≤5
x := 0
Err-P!
x5
τ
Err-a!
card?
1 1 2
1 1 2
γδδ
γδδ
card!
x>5
1 1 2
γδδ
τ
x≤5
x≤5
γ1
δ2
δ3
card!
Ok!
x≤5
γ 2γ 1δ 1δ2
June, 2005
γ1
γ2
δ2
δ3
x := 0
amount?
x≤5
x := 0
τ
γ2
δ1
δ3
x5
τ
x≤5
2 1 1 2
γγδδ
Ok!
γ1
γ2
δ1
δ2
Ttraces
ε(2).
δ.ε
(4).a?.γ.ε
(3)
.b!.ε
(2)(1)
.c?.ε
(1)(3)
.a?.ε
(3).b!
ε(6).
a?.ε
(3)a?.b!.c?.a?.b!
.b!.ε
(2)
.c?.ε
.a?.ε
.b!.b!
ε(6)
.δ.a?.γ.ε
(3)
.b!.ε
(2)
.c?.ε
(1)
.a?.ε
(3)
1 1
3
3
M1 = 2
ε(2).
δ.ε
(4).
(3)
.b!.ε
(2)
.c?.ε
(1)(3)
.a?.ε
(6).
δε(2)
δ.a?.γ.ε
.a?
(4)a?.γ.ε
.γ(3)
(0)
.b!.ε
.b!
(3)
(2)
.c?
.c?.ε
(2)
(1)
.a?
.a?.ε
(1)
.b!
(3)
(3)
.b!(3).b!
(6).
a?.ε
(3)
.b!.ε
(2)
.c?.ε
(1)
.a?.ε
.b!
1
June, 2005
11
3
3
3
γ2δ 1δ 2δ 3
amount!
card!
card! card?
x>5
γ21
γ
δ32
δ
Pin?
Err-a!
1 1 2
γδδ
γ1
2
δ3
δ
x≤5
x := 0
Err-P!
τ
x≤5
x := 0
x5
1 1 2
γδδ
γ1
δ23
δ
τ
x≤5
γ 2γ 1δ1δ2
card!
x>5
γ 1δ1δ2
x τ≤ 5
γ2
δ31
δ
card!
Ok!
x := 0
amount?
x≤5
x := 0
x5
τ
x≤5
γ21
γ
δ32
δ
Ok! γ1
γ2
δ21
δ
γ2γ1δ1 δ2
δ (2).c?(4).γ (0).P?(3).Ok?(2).a?(1).E!(3)
1
June, 2005
1
Outputs
outM (s) =
o
U outM (s)
sS
o
U
r
U outM (s)
sS
o!(d)
outM (s) = { o!(d) | s => }
ε(Mj)
j
U { δ (Mj ) | j-quiescent(s =>)}
ε(d)
outM (s) = U { γ (d) | i-refusal(s =>)}
r
June, 2005
i
M = <M1, M2, M3>
M1= 1
M2= 1
M3= 2
card! Є outM (s after card?(2).δ 1(1).Pin?(2).Err-P!(3))
outM (s after σ) = ∅  σ Є nttraces(s)
June, 2005
Timed multi input-output
implementation relation
mtiocoM
M
impl mtioco
spec iff
 :
ΔM(spec)
outM (impl after  )  outM (spec after  )
June, 2005
Test
Apply recursively & non-deterministically ( initially S = {s0} )
PASS
1 end test case
mtiocoM-sound
2 choose k Є [0, max{M1,..,Mm})
3 wait for output in channel j
=
conforming
implementation
not rejected
and input μ Є LI
x:=0
mtiocoM-complete
x:=0
forbidden o !
xMj allowed o !
forbidden o !
x  k allowed o !
after d’ time-units can after d time-units
=
non-conforming
implementations
after d’ time-units
after d time-units
j
o!
u
o!
be rejected
o!
o ! 
o!
 o!
j
i
i
x=d’1
j
1
on’! δu
x=d’n’ x=M
u
o1!
μ?
x=k
γ
i
x=k
FAIL FAIL FAIL
tμ
June, 2005
n
tγi
x=d1
x=d’1
x=dn
1
x=d’n’ x=Mu
FAIL FAIL FAIL
t1
tn
n
n’
1
x=Mj
tδj
x=d1
t1
x=dn
tn
 Future work
June, 2005
 Confirm completeness (in the old sense)
 Evaluate applicability in practical
situations
 Deal with the imprecision in measuring
physical time
 Integrate with data testing
June, 2005