Automatic test definition for high-integrity systems

A atividade de testes é uma das tarefas mais dispendiosas no ciclo de vida de desenvolvimento de software. No sentido de otimizar o esforço gasto nestas tarefas, foi desenvolvida uma ferramenta, Sesnando, cujo objectivo é interpretar e compilar requisitos de sistema escritos numa linguagem natural controlada e a partir destes gerar automaticamente um conjunto de testes que permitam verificar a implementação destes mesmos requisitos. Durante a fase de interpretação do requisito, o Sesnando age como um validador da sua escrita e fornece mensagens ao utilizador sobre a sua construção. Posteriormente, gera um conjunto de testes para a sua verificação. Neste trabalho, é também feita uma avaliação sobre as capacidades do Sesnando assim como uma análise relativamente aos métodos tradicionais. Os resultados obtidos mostram que é possível reduzir o esforço na atividade de especificação de testes de sistema em até 90%

The very model of a modern linguist — in honor of Helge Dyvik

publishedVersio

Constraint-based generation of database states for testing database applications

Testing is essential for quality assurance of database applications. To test the quality of database applications, it usually requires test inputs consisting of both program input values and corresponding database states. However, producing these tests could be very tedious and labor-intensive in a non-automated way. It is thus imperative to conduct automatic test generation helping reduce human efforts. The research focuses on automatic test generation of both program input values and corresponding database states for testing database applications. We develop our approaches based on the Dynamic Symbolic Execution (DSE) technique to achieve various testing requirements. We formalize a problem for program-input-generation given an existing database state to achieve high program code coverage and propose an approach that conducts program-input-generation through auxiliary query construction based on the intermediate information accumulated during DSE's exploration. We develop a technique to generate database states to achieve advanced code coverage criteria such as Boundary Value Coverage and Logical Coverage. We develop an approach that constructs synthesized database interactions to guide the DSE's exploration to collect constraints for both program inputs and associated database states. In this way, we bridge various constraints within a database application: query-construction constraints, query constraints, database schema constraints, and query-result-manipulation constraints. We develop an approach that generates tests for mutation testing on database applications. We use a state-of-the-art white-box testing tool called Pex for .NET from Microsoft Research as the DSE engine. Empirical evaluation results show that our approaches are able to generate effective program input values and sufficient database states to achieve various testing requirements

Constraint-based specifications for system configuration

Declarative, object-oriented configuration management systems are widely used, and there is a desire to extend such systems with automated analysis and decision-making. This thesis introduces a new formulation for configuration management problems based on the tools and techniques of constraint programming, which enables automated decision-making. We present ConfSolve, an object-oriented declarative configuration language, in which logical constraints on a system can be specified. Verification, impact analysis, and the generation of valid configurations can then be performed. This is achieved via translation to the MiniZinc constraint programming language, which is in turn solved via the Gecode constraint solver. We formally define the syntax, type system, and semantics of ConfSolve, in order to provide it with a rigorous foundation. Additionally we show that our implementation outperforms previous work, which utilised an SMT solver, while adding new features such as optimisation. We next develop an extension of the ConfSolve language, which facilitates not only one-off configuration tasks, but also subsequent re-configurations in which the previous state of the system is taken into account. In a practical setting one does not wish for a re-configuration to deviate too far from the existing state, unless the benefits are substantial. Re-configuration is of crucial importance if automated configuration systems are to gain industry adoption. We present a novel approach to incorporating state-change into ConfSolve while remaining declarative and providing acceptable performance

Ada as a design specification language

The primary thesis objective is research into current approaches to design specification languages, emphasizing Ada. Requirements specification is touched upon. Design specification is explored and related to requirements and implementation. The role of language in design is discussed, as well as objectives of the design specification and features that a specification language should provide in order to meet those objectives. Formal language is contrasted with natural language. Some formal specification languages are described, both Ada related and not Ada related. The secondary objective, the thesis project, is to illustrate a design specification in a formal language, Ada. The purpose of the project is to compare the Ada expression of an example design with the natural language specification for the same system

Observational models of requirements evolution

Requirements Evolution is one of the main issues that affect development activities as well as system features (e.g., system dependability). Although researchers and practitioners recognise the importance of requirements evolution, research results and experience are still patchy. This points out a lack of methodologies that address requirements evolution. This thesis investigates the current understanding of requirements evolution and explores new directions in requirements evolution research. The empirical analysis of industrial case studies highlights software requirements evolution as an important issue. Unfortunately, traditional requirements engineering methodologies provide limited support to capture requirements evolution. Heterogeneous engineering provides a comprehensive account of system requirements. Heterogeneous engineering stresses a holistic viewpoint that allows us to understand the underlying mechanisms of evolution of socio-technical systems. Requirements, as mappings between socio-technical solutions and problems, represent an account of the history of socio-technical issues arising and being solved within industrial settings. The formal extension of a heterogeneous account of requirements provides a framework to model and capture requirements evolution. The application of the proposed framework provides further evidence that it is possible to capture and model evolutionary information about requirements. The discussion of scenarios of use stresses practical necessities for methodologies addressing requirements evolution. Finally, the identification of a broad spectrum of evolutions in socio-technical systems points out strong contingencies between system evolution and dependability. This thesis argues that the better our understanding of socio-techn..

Whole blood in prehospital damage control resuscitation : -Safety, feasibility, and logistics

Bakgrunn De siste tiårene har det vært et paradigmeskifte i behandlingen av blødningsjokk. Skadebegrensende resuscitering har som hensikt å understøtte hemostatisk evne hos pasienten og reversere og dempe konsekvensene av sjokk slik at pasienten har tilstrekkelige fysiologiske reserver til å overleve påfølgende behandling i sykehus. Strategien baserer seg i all hovedsak på å starte tidlig behandling med blod og blodprodukter. I økende grad har sivile og militære prehospitale tjenester vurdert fullblod som et alternativ for den intiale resusciteringen av blødningsjokk. Selv om fullblod har tiltalende egenskaper er det flere utfordringer ved implementering av fullblod i et prehospitalt system. Forhold knyttet til sikkerhet, logistikk, lagring og praktisk bruk bør evalueres. Mål Å undersøke og evaluere implementeringen av et program for implementering av prehospitalt lavtiter gruppe O fullblod (LTOWB). Metode Paper I undersøkte gjennomførbarhet, sikkerheten og effektivitet av intraossøs sternal autolog re-infusjon av varmt friskt fullblod (WFWB) i en prospektiv human komparativ studie. Paper II undersøkte ex vivo kvaliteten til lav titer type O fullblod (LTOWB) under fremskutt lagring i opptil 21 dager i en lufttett temperaturregulert beholder ved en luftambulansebase sammenlignet med LTOWB lagret i blodbanken. Paper III identifiserte nåværende prehospitale blodtransfusjonsprogrammer, fremtidige behov og potensielle barriærer for implementering av LTOWB i en spørreundersøkelse blant medisinsk ansvarligeleger ved luft og redningshelikoptertjenestene i Norge. Paper IV beskrev implementeringen av et LTOWB-transfusjonsprogram i Luftambulansetjenesten i Bergen i perioden 2015-2020 i en prospektiv observasjonsstudie. Resultater Det var ingen hemolyse etter sternal intraossøs re-infusjon av fullblod. Median infusjonshastighet var 46,2 ml/min for FAST-1-IO nålen, og feilraten ved innleggelse av IO tilgangen for uerfarent personell var 9 %. Fremskutt lagring av LTOWB opptil 21 dager førte ikke til konsekvenser som kan true pasientsikkerheten. Blodet tilfredstilte EU krav i hele lagringsperioden. Det var ingen signifikante forskjeller i de hematologiske variablene, blodplateaggregering eller viskoelastiske egenskaper mellom blod lagret fremskutt og blod lagret i blodbanken. Alle luft og redningshelikopter i Norge har blodprodukter tilgjengelig. Fire av 20 (20 %) har implementert LTOWB. Et flertall av tjenestene har en preferanse for LTOWB siden dette muliggjør tidlig balansert transfusjon og kan ha logistiske fordeler i tidskritiske situasjoner. Blodbanker som leverer LTOWB rapporterer gunstige erfaringer. I løpet av 2015-2020 responderte Luftambulansen i Bergen til 5124 pasienter. Syttito (1,4%) mottok blodtransfusjon. 52 pasientene samtykket til deltagelse i studien. Av disse fikk 48 LTOWB. Førtiseks (88 %) ble innlagt på sykehuset i live, og 76 % av disse fikk ytterligere transfusjoner i løpet av de første 24 timene. De fleste pasienter presenterte med stump skademekanikk (69 %), etterfulgt av blødninger som ikke var relatert til traumer (29 %). Totalt overlevde 36 (69%) 24 timer, og 28 (54%) overlevde 30 dager. Ingen transfusjonsreaksjoner eller logistiske problemer ble rapportert. Konklusjon Intraossøs infusjon av WFWB er trygt, pålitelig og gir tilstrekkelig flow for den initielle resuscitering ved blødningsjokk. Fremskutt lagring av LTOWB i Luftambulansetjenesten er gjennomførbart og trygt. Kvalitet tilfredstiller EU krav opptil 21 dagers lagring, og hemostatiske egenskaper e LTOWB sammenlingbar med LTOWB lagret i blodbanken. Luftambulansetjenestene og blodbankene som leverer LTOWB har gode erfaringer med implementering av LTOWB. Våre undersøkelser viser at implementering av et prehospitalt transfusjonsprogram med fullblod er mulig og sikkert. Det er videre behov for studier som ser på effektiviteten av fullblod sammenlignet med blodkomponenter.Background In the last two decades, resuscitation of hemorrhagic shock has undergone a paradigm shift. Modern damage control resuscitation strategies aim to improve outcomes by facilitating early hemostatic resuscitation with blood and blood products. The ultimate goal is to prevent, reverse or mitigate the severity and duration of shock and its consequences until definitive hemorrhage control can be achieved. As a result, both civilian and military EMS systems are considering whole blood for prehospital resuscitation of hemorrhagic shock. Although appealing, establishing a robust system for forward resuscitation with whole blood is challenging as several vital factors regarding safety, logistics, and implementation barriers need to be considered. Aim To investigate and evaluate the implementation of a pre-hospital low titer group O whole blood (LTOWB) transfusion program. Methods Paper I investigated the feasibility, safety, and efficacy of autologous re-infusion of warm fresh whole blood (WFWB) through an intraosseous sternal device in a prospective human comparative study. Paper II investigated the ex vivo quality of LTOWB during storage for up to 21 days in an airtight thermal container at a helicopter emergency medical system (HEMS) base compared to LTOWB stored in the blood bank. Paper III identified current pre-hospital blood transfusion programs, future needs, and potential obstacles in implementing LTOWB in a national survey among the medical directors of the Norwegian HEMS and Search and Rescue (SAR) helicopter bases. Finally, in a prospective observational study, paper IV described and evaluated the implementation of a LTOWB program in one of the Norwegian HEMS services in 2015-2020. Results There was no evidence of hemolysis following sternal intraosseous re-infusion of whole blood. The median infusion rate was 46.2mL/min for the FAST-1 device, and the failure rate for inexperienced personnel was 9%. Storage of LTOWB complied with the EU regulations throughout remote and in- hospital storage for 21 days. In addition, there were no significant differences in hematology variables, platelet aggregation, or viscoelastic properties between blood stored remotely and in the blood bank. All HEMS and SAR helicopter services in Norway carry LTOWB or blood components. A majority of services have a preference for LTOWB because LTOWB enables early balanced transfusion and may have logistical benefits in time-critical emergencies. This far, four of 20 (20%) have implemented LTOWB. Blood banks and services that provide LTOWB report favorable experiences. During the five years, the Bergen HEMS in study IV responded to 5124 patients. Seventy-two (1.4%) were transfused. Twenty patients were excluded mainly due to a lack of informed consent. Of the 52 patients, 48 received LTOWB. Forty-six (88%) were admitted to the hospital alive, and 76% of these received additional transfusions during the first 24 hours. Most patients presented with blunt trauma mechanisms (69%), followed by hemorrhage unrelated to trauma (29%). Overall 36 (69%) survived 24 hours, and 28 (54%) survived 30 days. No suspected transfusion reactions or logistical issues were reported. Conclusion WFWB transfusion through the IO route is safe, reliable, and provides sufficient flow for the initial resuscitation of hemorrhagic shock. Storage of LTOWB in thermal containers in a pre-hospital HEMS service is feasible and safe. Hemostatic properties are present for up to 21 days of storage and are similar to LTOWB stored in the blood bank. HEMS services and blood banks report favorable experiences implementing and utilizing LTOWB in Norway. The logistics of LTOWB emergency transfusions are manageable and safe in a Norwegian HEMS service.Doktorgradsavhandlin

Towards the Correctness of Software Behavior in UML: A Model Checking Approach Based on Slicing

Embedded systems are systems which have ongoing interactions with their environments, accepting requests and producing responses. Such systems are increasingly used in applications where failure is unacceptable: traffic control systems, avionics, automobiles, etc. Correct and highly dependable construction of such systems is particularly important and challenging. A very promising and increasingly attractive method for achieving this goal is using the approach of formal verification. A formal verification method consists of three major components: a model for describing the behavior of the system, a specification language to embody correctness requirements, and an analysis method to verify the behavior against the correctness requirements. This Ph.D. addresses the correctness of the behavioral design of embedded systems, using model checking as the verification technology. More precisely, we present an UML-based verification method that checks whether the conditions on the evolution of the embedded system are met by the model. Unfortunately, model checking is limited to medium size systems because of its high space requirements. To overcome this problem, this Ph.D. suggests the integration of the slicing (reduction) technique