On the Safe IOCOS relation for Testing Safety PLC Code

In this paper, limitations of the IOCOS testing relation in regard to testing safety PLC code is examined and a modification of the current IOCOS relation, called safe-IOCOS is proposed. In the IOCOS testing relation, an implementation is IOCOS with respect to a specification, if it emits a subset of the specified outputs and a super-set of the specified inputs after the execution of each trace in the specification. However, for testing safety PLC code, the IOCOS relation is not detailed enough as the subset requirement on the respective inputs and outputs could allow some safety behaviors to go untested. These limitations of the IOCOS relation may thus pose threats to humans. So the notion of safe-IOCOS is defined, which strengthens IOCOS to require equality between the implementation and the specification in relation to the inputs and outputs, respectively. An example shows these shortcomings of IOCOS and how the proposed safe-IOCOS relation is better suited for testing safety PLC code

JTorX: Exploring Model-Based Testing

The overall goal of the work described in this thesis is: ``To design a flexible tool for state-of-the-art model-based derivation and automatic application of black-box tests for reactive systems, usable both for education and outside an academic context.'' From this goal, we derive functional and non-functional design requirements. The core of the thesis is a discussion of the design, in which we show how the functional requirements are fulfilled. In addition, we provide evidence to validate the non-functional requirements, in the form of case studies and responses to a tool user questionnaire. We describe the overall architecture of our tool, and discuss three usage scenarios which are necessary to fulfill the functional requirements: random on-line testing, guided on-line testing, and off-line test derivation and execution. With on-line testing, test derivation and test execution takes place in an integrated manner: a next test step is only derived when it is necessary for execution. With random testing, during test derivation a random walk through the model is done. With guided testing, during test derivation additional (guidance) information is used, to guide the derivation through specific paths in the model. With off-line testing, test derivation and test execution take place as separate activities. In our architecture we identify two major components: a test derivation engine, which synthesizes test primitives from a given model and from optional test guidance information, and a test execution engine, which contains the functionality to connect the test tool to the system under test. We refer to this latter functionality as the ``adapter''. In the description of the test derivation engine, we look at the same three usage scenarios, and we discuss support for visualization, and for dealing with divergence in the model. In the description of the test execution engine, we discuss three example adapter instances, and then generalise this to a general adapter design. We conclude with a description of extensions to deal with symbolic treatment of data and time

On-the-fly conformance testing of safety PLC code using QuickCheck

In this paper, an approach based on the IOCOS testing relation to test safety PLC code using the tool QuickCheck is presented. Testing and validation of the safety PLC code is typically carried out on a physical system using checklists. These checklists are developed by engineers using system specification. However, due to the manual nature of checklist generation and execution, certain test cases can be overlooked and can lead to human accidents. The presented approach allows on-the-fly generation and execution of test cases, which expands the scope of testing by including test cases unconceived during checklist generation. Furthermore, it is demonstrated how errors in the safety PLC code are uncovered based on the IOCOS relation