202,854 research outputs found

    Using schedulers to test probabilistic distributed systems

    Get PDF
    This is the author's accepted manuscript. The final publication is available at Springer via http://dx.doi.org/10.1007/s00165-012-0244-5. Copyright © 2012, British Computer Society.Formal methods are one of the most important approaches to increasing the confidence in the correctness of software systems. A formal specification can be used as an oracle in testing since one can determine whether an observed behaviour is allowed by the specification. This is an important feature of formal testing: behaviours of the system observed in testing are compared with the specification and ideally this comparison is automated. In this paper we study a formal testing framework to deal with systems that interact with their environment at physically distributed interfaces, called ports, and where choices between different possibilities are probabilistically quantified. Building on previous work, we introduce two families of schedulers to resolve nondeterministic choices among different actions of the system. The first type of schedulers, which we call global schedulers, resolves nondeterministic choices by representing the environment as a single global scheduler. The second type, which we call localised schedulers, models the environment as a set of schedulers with there being one scheduler for each port. We formally define the application of schedulers to systems and provide and study different implementation relations in this setting

    Specification and testing of distributed software with executable state machines

    Get PDF
    Hajautettu järjestelmä koostuu useasta itsenäisesti toimivasta tietokonesovelluksesta, mikä tekee niiden määrittelystä ja testaamisesta haastavaa. Eräs haasteita tuottava osa on sovellusten välisen rajapinnan käyttö. XML-viesteillä kommunikoivassa järjestelmässä käytetyt viestit voidaan määritellä esimerkiksi XSD-skeemalla, mutta sillä ei voida määritellä sitä, miten viestejä tulee käyttää. Rajapinnan käytön määrittely on usein ihmisiä varten tehty, jolloin se voi olla puutteellinen ja suurpiirteinen. Tämän takia osaa sen toiminnoista ei välttämättä voida edes toteuttaa. Vaikka ne olisikin mahdollista toteuttaa, eri sovellusten kehittäjät voivat tulkita niiden käytön eri tavalla. Sovelluksia testatessakaan ei välttämättä ole varmuutta siitä toimiiko järjestelmä oikein, jos määritelmä antaa varaa tulkinnalle. Virhetilanteissa havaittu oire voi näkyä muussa kuin virheellisesti toimivassa sovelluksessa, joten virheen paikantaminen on myös työlästä. Tässä diplomityössä rajapintojen käyttö esitetään tilakoneina, joissa tilat kuvaavat kommunikaation sen hetkisen tilan ja tilasiirtymät kuvaavat mitä viestejä ja millä ehdoilla sovellukset saavat lähettää kussakin tilassa. Nämä tilakoneet määritellään koneluettavalla scxml-merkkauskielellä. Niiden lukemista sekä suorittamista varten toteutetaan tietokonesovellus, jonka tehtävä on valvoa sovellusten välistä viestiliikennettä ja todentaa sitä määritelmää vasten sekä raportoida virhetilanteista. Kommunikaatioprotokollan määrittely suoritettavilla tilakoneilla osoittautui toimivaksi ratkaisuksi järjestelmän kehityksen ja testauksen tukena. Järjestelmää testatessa se auttoi huomaamaan varmemmin ja paikantamaan nopeammin virheitä. Sillä havaittiin jopa virheitä, jotka eivät aiheuttaneet oireita järjestelmässä. Määrittely tilakoneilla pakottaa määrittelemään kaikki erikoistapauksetkin protokollan käytössä, jolloin rajapinnasta tulee huolellisemmin tehty. Kun järjestelmän voi tarkastaa suoraan määrittelyä vasten, ei määrittely myöskään ole irrallinen toteutuksesta, vaan molempien kehittäminen yhdessä on luontevaa

    Identifying Implicit Component Interactions in Distributed Cyber-Physical Systems

    Get PDF
    Modern distributed systems and networks, like those found in cyber-physical system domains such as critical infrastructures, contain many complex interactions among their constituent software and/or hardware components. Despite extensive testing of individual components, security vulnerabilities resulting from unintended and unforeseen component interactions (so-called implicit interactions) often remain undetected. This paper presents a method for identifying the existence of implicit interactions in designs of distributed cyber-physical systems using the algebraic modeling framework known as Communicating Concurrent Kleene Algebra (C²KA). Experimental results verifying the applicability of C²KA for identifying dependencies in system designs that would otherwise be very hard to find are also presented. More broadly, this research aims to advance the specification, design, and implementation of distributed cyber-physical systems with improved cybersecurity assurance by providing a new way of thinking about the problem of implicit interactions through the application of formal methods

    Scenarios-based testing of systems with distributed ports

    Get PDF
    Copyright @ 2011 John Wiley & SonsDistributed systems are usually composed of several distributed components that communicate with their environment through specific ports. When testing such a system we separately observe sequences of inputs and outputs at each port rather than a global sequence and potentially cannot reconstruct the global sequence that occurred. Typically, the users of such a system cannot synchronise their actions during use or testing. However, the use of the system might correspond to a sequence of scenarios, where each scenario involves a sequence of interactions with the system that, for example, achieves a particular objective. When this is the case there is the potential for there to be a significant delay between two scenarios and this effectively allows the users of the system to synchronise between scenarios. If we represent the specification of the global system by using a state-based notation, we say that a scenario is any sequence of events that happens between two of these operations. We can encode scenarios in two different ways. The first approach consists of marking some of the states of the specification to denote these synchronisation points. It transpires that there are two ways to interpret such models and these lead to two implementation relations. The second approach consists of adding a set of traces to the specification to represent the traces that correspond to scenarios. We show that these two approaches have similar expressive power by providing an encoding from marked states to sets of traces. In order to assess the appropriateness of our new framework, we show that it represents a conservative extension of previous implementation relations defined in the context of the distributed test architecture: if we onsider that all the states are marked then we simply obtain ioco (the classical relation for single-port systems) while if no state is marked then we obtain dioco (our previous relation for multi-port systems). Finally, we concentrate on the study of controllable test cases, that is, test cases such that each local tester knows exactly when to apply inputs. We give two notions of controllable test cases, define an implementation relation for each of these notions, and relate them. We also show how we can decide whether a test case satisfies these conditions.Research partially supported by the Spanish MEC project TESIS (TIN2009-14312-C02-01), the UK EPSRC project Testing of Probabilistic and Stochastic Systems (EP/G032572/1), and the UCM-BSCH programme to fund research groups (GR58/08 - group number 910606)

    Controllability problems in MSC-based testing

    Get PDF
    This is a pre-copyedited, author-produced PDF of an article accepted for publication in The Computer Journal following peer review. The definitive publisher-authenticated version [Dan, H and Hierons, RM (2012), "Controllability Problems in MSC-Based Testing", The Computer Journal, 55(11), 1270-1287] is available online at: http://comjnl.oxfordjournals.org/content/55/11/1270. Copyright @ The Authors 2011.In testing systems with distributed interfaces/ports, we may place a separate tester at each port. It is known that this approach can introduce controllability problems which have received much attention in testing from finite state machines. Message sequence charts (MSCs) form an alternative, commonly used, language for modelling distributed systems. However, controllability problems in testing from MSCs have not been thoroughly investigated. In this paper, controllability problems in MSC test cases are analysed with three notions of observability: local, tester and global. We identify two types of controllability problem in MSC-based testing. It transpires that each type of controllability problem is related to a type of MSC pathology. Controllability problems of timing are caused by races but not every race causes controllability problems; controllability problems of choice are caused by non-local choices and not every non-local choice causes controllability problems. We show that some controllability problems of timing are avoidable and some controllability problems of choice can be overcome when testers have better observational power. Algorithms are provided to tackle both types of controllability problems. Finally, we show how one can overcome controllability problems using a coordination service with status messages based on algorithms developed in this paper.EPSR

    The pros and cons of using SDL for creation of distributed services

    Get PDF
    In a competitive market for the creation of complex distributed services, time to market, development cost, maintenance and flexibility are key issues. Optimizing the development process is very much a matter of optimizing the technologies used during service creation. This paper reports on the experience gained in the Service Creation projects SCREEN and TOSCA on use of the language SDL for efficient service creation

    Requirements traceability in model-driven development: Applying model and transformation conformance

    Get PDF
    The variety of design artifacts (models) produced in a model-driven design process results in an intricate relationship between requirements and the various models. This paper proposes a methodological framework that simplifies management of this relationship, which helps in assessing the quality of models, realizations and transformation specifications. Our framework is a basis for understanding requirements traceability in model-driven development, as well as for the design of tools that support requirements traceability in model-driven development processes. We propose a notion of conformance between application models which reduces the effort needed for assessment activities. We discuss how this notion of conformance can be integrated with model transformations
    corecore