Web services choreography testing using semantic service description

Web services have become popular due to their ability to integrate with and to interoperate heterogeneous applications. Several web services can be combined into a single application to meet the needs of users. In the course of web services selection, a web candidate service needs to conform to the behaviour of its client, and one way of ensuring this conformity is by testing the interaction between the web service and its user. The existing web services test approaches mainly focus on syntax-based web services description, whilst the semantic-based solutions mostly address composite process flow testing. The aim of this research is to provide an automated testing approach to support service selection during automatic web services composition using Web Service Modeling Ontology (WSMO). The research work began with understanding and analysing the existing test generation approaches for web services. Second, the weaknesses of the existing approaches were identified and addressed by utilizing the choreography transition rules of WSMO in an effort to generate a Finite State Machine (FSM). The FSM was then used to generate the working test cases. Third, a technique to generate an FSM from Abstract State Machine (ASM) was adapted to be used with WSMO. This thesis finally proposed a new testing model called the Choreography to Finite State Machine (C2FSM) to support the service selection of an automatic web service composition. It proposed new algorithms to automatically generate the test cases from the semantic description (WSMO choreography description). The proposed approach was then evaluated using the Amazon E-Commerce Web Service WSMO description. The quality of the test cases generated using the proposed approach was measured by assessing their mutation adequacy score. A total of 115 mutants were created based on 7 mutant operators. A mutation adequacy score of 0.713 was obtained. The experimental validation demonstrated a significant result in the sense that C2FSM provided an efficient and feasible solution. The result of this research could assist the service consumer agents in verifying the behaviour of the Web service in selecting appropriate services for web service composition

Atomic components

There has been much interest in components that combine the best of state-based and event-based approaches. The interface of a component can be thought of as its specification and substituting components with the same interface cannot be observed by any user of the components. Here we will define the semantics of atomic components where both states and event can be part of the interface. The resulting semantics is very similar to that of (event only) processes. But it has two main novelties: one, it does not need recursion or unique fixed points to model nontermination; and two, the behaviour of divergence is modelled by abstraction, i.e. the construction of the observational semantics

An introduction to (Co)algebras and (Co)induction and their application to the semantics of programming languages

This report summarizes operational approaches to the formal semantics of programming languages and shows that they can be interpreted inductively by least fixed points as well as coinductively by greatest fixed points. While the inductive interpretation gives semantics to all terminating programs, the coinductive one defines moreover also a semantics for all non-terminating programs. This is especially important in areas where programs do not terminate in general, e.g. data bases, operating systems, or control software in embedded systems. The semantic foundations described in this report can be used to verify that transformations (e.g. in compilers) of such software systems are correct. In the course of this report, coalgebras and coinduction are introduced, starting with a gentle intuitive motivation and ending with a detailed mathematical description within the notions of category theory

Model based test suite minimization using metaheuristics

Software testing is one of the most widely used methods for quality assurance and fault detection purposes. However, it is one of the most expensive, tedious and time consuming activities in software development life cycle. Code-based and specification-based testing has been going on for almost four decades. Model-based testing (MBT) is a relatively new approach to software testing where the software models as opposed to other artifacts (i.e. source code) are used as primary source of test cases. Models are simplified representation of a software system and are cheaper to execute than the original or deployed system. The main objective of the research presented in this thesis is the development of a framework for improving the efficiency and effectiveness of test suites generated from UML models. It focuses on three activities: transformation of Activity Diagram (AD) model into Colored Petri Net (CPN) model, generation and evaluation of AD based test suite and optimization of AD based test suite. Unified Modeling Language (UML) is a de facto standard for software system analysis and design. UML models can be categorized into structural and behavioral models. AD is a behavioral type of UML model and since major revision in UML version 2.x it has a new Petri Nets like semantics. It has wide application scope including embedded, workflow and web-service systems. For this reason this thesis concentrates on AD models. Informal semantics of UML generally and AD specially is a major challenge in the development of UML based verification and validation tools. One solution to this challenge is transforming a UML model into an executable formal model. In the thesis, a three step transformation methodology is proposed for resolving ambiguities in an AD model and then transforming it into a CPN representation which is a well known formal language with extensive tool support. Test case generation is one of the most critical and labor intensive activities in testing processes. The flow oriented semantic of AD suits modeling both sequential and concurrent systems. The thesis presented a novel technique to generate test cases from AD using a stochastic algorithm. In order to determine if the generated test suite is adequate, two test suite adequacy analysis techniques based on structural coverage and mutation have been proposed. In terms of structural coverage, two separate coverage criteria are also proposed to evaluate the adequacy of the test suite from both perspectives, sequential and concurrent. Mutation analysis is a fault-based technique to determine if the test suite is adequate for detecting particular types of faults. Four categories of mutation operators are defined to seed specific faults into the mutant model. Another focus of thesis is to improve the test suite efficiency without compromising its effectiveness. One way of achieving this is identifying and removing the redundant test cases. It has been shown that the test suite minimization by removing redundant test cases is a combinatorial optimization problem. An evolutionary computation based test suite minimization technique is developed to address the test suite minimization problem and its performance is empirically compared with other well known heuristic algorithms. Additionally, statistical analysis is performed to characterize the fitness landscape of test suite minimization problems. The proposed test suite minimization solution is extended to include multi-objective minimization. As the redundancy is contextual, different criteria and their combination can significantly change the solution test suite. Therefore, the last part of the thesis describes an investigation into multi-objective test suite minimization and optimization algorithms. The proposed framework is demonstrated and evaluated using prototype tools and case study models. Empirical results have shown that the techniques developed within the framework are effective in model based test suite generation and optimizatio

An Assertional Proof System for Multithreaded Java - Theory and Tool Support

Besides the features of a class-based object-oriented language, Java integrates concurrency via its thread classes, allowing for a multithreaded flow of control. The concurrency model includes shared-variable concurrency via instance variables, coordination via reentrant synchronization monitors, synchronous message passing, and dynamic thread creation. To reason about safety properties of multithreaded Java programs, we introduce a tool-supported assertional proof method for JavaMT ("Multi-Threaded Java"), a small sublanguage of Java, covering the mentioned concurrency issues as well as the object-based core of Java. The verification method is formulated in terms of proof-outlines, where the assertions are layered into local ones specifying the behavior of a single instance, and global ones taking care of the connections between objects. We establish the soundness and the completeness of the proof system. From an annotated program, a number of verification conditions are generated and handed over to the interactive theorem prover PVS.IST project Omega (IST-2001-33522) NWO/DFG project Mobi-J (RO 1122/9-1, RO 1122/9-2)UBL - phd migration 201

Verification-based software-fault detection

Software is used in many safety- and security-critical systems. Software development is, however, an error-prone task. In this work new techniques for the detection of software faults (or software "bugs") are described which are based on a formal deductive verification technology. The described techniques take advantage of information obtained during verification and combine verification technology with deductive fault detection and test generation in a very unified way

Verification-based Software-fault Detection

Software is used in many safety- and security-critical systems. Software development is, however, an error-prone task. In this dissertation new techniques for the detection of software faults (or software "bugs") are described which are based on a formal deductive verification technology. The described techniques take advantage of information obtained during verification and combine verification technology with deductive fault detection and test generation in a very unified way

Enhancing the Auditability of the Agile XP Software Development Process in the Context of EU Medical Device Regulations

Nowadays, there is increasing reliance on software in the healthcare industry, such as software used for diagnostic or therapeutic purposes and software embedded in a medical device, often known as medical device software. Regulatory compliance has become increasingly visible in healthcare industries. Software development companies that develop medical devices software in Europe must comply with EU Medical Device Regulation (EU MDR) regulations in order to get the CE marking. Agile development practices are increasingly adopted by generic software development companies. For example, agile extreme programming (XP) is now considered a common model of choice for many business-critical projects. The reason behind that is that Agile XP has several benefits, such as developing high-quality software with a low cost and in a short period of time, with the capability to embrace any changing requirements during the development process. However, healthcare industries still have a low rate of agile adoption. This is due to the challenges that software developers face when using Agile XP within the stringent requirements of healthcare regulations. These challenges are the lack of fixed up-front planning, lack of documentation, traceability issues, and formality issues. Agile software companies must provide evidence of EU MDR conformity, and they need to develop their own procedures, tools, and methodologies to do so. As yet, there is no consensus on how to audit the Agile XP software companies to ensure that their software processes have been designed and implemented in conformity with EU MDR requirements. The motivation of this research is to assist the companies developing medical device software that wish to adopt Agile XP practices in their effort to meet the EU MDR certification requirements (CE marking). In addition, this research aims to help the information system auditors to extract auditing evidence that demonstrates conformity to the EU MDR requirements that must be met by Agile XP software organisations. This research will try to answer three main questions: Do Agile XP practices support the EU MDR requirements? Is it possible to adopt Agile XP practices when developing medical devices software? Is it possible to submit conformity evidence to EU MDR auditors? The main aim of this research is to enhance the auditability of the Agile XP software development process in the context of EU MDRs. This aim can be achieved by two main objectives: first, proposing an extension to the Agile XP user story to enhance the early planning activities of Agile XP according to EU MDR requirements. Second, designing an auditing model that covers the requirements of EU MDR. This auditing model should provide the EU MDR auditors with auditing evidence that the medical device software developed with an Agile XP process has fulfilled the requirements of EU MDR. The main contribution of this research study is the auditing model for EU MDR requirements that is aligned with the principles of Agile XP. The proposed auditing model would help auditors to audit the Agile XP development process of the medical device with regard to the EU MDR requirements in way of obtaining evidence in conformity to EU MDR requirements. And also, this auditing model can be considered as a guideline that would guide the Agile XP developers to follow the EU MDR requirements. The proposed auditing model has been assessed based on relevant case studies. As result, the evidence gathered shows at least partial support for the requirements in each case study. However, no case study has been demonstrated as supporting fully the auditing yardsticks of the proposed auditing model

An Assertional Proof System for Multithreaded Java - Theory and Tool Support

Besides the features of a class-based object-oriented language, Java integrates concurrency via its thread classes, allowing for a multithreaded flow of control. The concurrency model includes shared-variable concurrency via instance variables, coordination via reentrant synchronization monitors, synchronous message passing, and dynamic thread creation. To reason about safety properties of multithreaded Java programs, we introduce a tool-supported assertional proof method for JavaMT ("Multi-Threaded Java"), a small sublanguage of Java, covering the mentioned concurrency issues as well as the object-based core of Java. The verification method is formulated in terms of proof-outlines, where the assertions are layered into local ones specifying the behavior of a single instance, and global ones taking care of the connections between objects. We establish the soundness and the completeness of the proof system. From an annotated program, a number of verification conditions are generated and handed over to the interactive theorem prover PVS.IST project Omega (IST-2001-33522) NWO/DFG project Mobi-J (RO 1122/9-1, RO 1122/9-2)UBL - phd migration 201