Synthesizing Adaptive Test Strategies from Temporal Logic Specifications

Constructing good test cases is difficult and time-consuming, especially if the system under test is still under development and its exact behavior is not yet fixed. We propose a new approach to compute test strategies for reactive systems from a given temporal logic specification using formal methods. The computed strategies are guaranteed to reveal certain simple faults in every realization of the specification and for every behavior of the uncontrollable part of the system's environment. The proposed approach supports different assumptions on occurrences of faults (ranging from a single transient fault to a persistent fault) and by default aims at unveiling the weakest one. Based on well-established hypotheses from fault-based testing, we argue that such tests are also sensitive for more complex bugs. Since the specification may not define the system behavior completely, we use reactive synthesis algorithms with partial information. The computed strategies are adaptive test strategies that react to behavior at runtime. We work out the underlying theory of adaptive test strategy synthesis and present experiments for a safety-critical component of a real-world satellite system. We demonstrate that our approach can be applied to industrial specifications and that the synthesized test strategies are capable of detecting bugs that are hard to detect with random testing

The application of workflows to digital heritage systems

Digital heritage systems usually handle a rich and varied mix of digital objects, accompanied by complex and intersecting workflows and processes. However, they usually lack effective workflow management within their components as evident in the lack of integrated solutions that include workflow components. There are a number of reasons for this limitation in workflow management utilization including some technical challenges, the unique nature of each digital resource and the challenges imposed by the environments and infrastructure in which such systems operate. This thesis investigates the concept of utilizing Workflow Management Systems (WfMS) within Digital Library Systems, and more specifically in online Digital Heritage Resources. The research work conducted involved the design and development of a novel experimental WfMS to test the viability of effective workflow management on the complex processes that exist in digital library and heritage resources. This rarely studied area of interest is covered by analyzing evolving workflow management technologies and paradigms. The different operational and technological aspects of these systems are evaluated while focusing on the areas that traditional systems often fail to address. A digital heritage resource was created to test a novel concept called DISPLAYS (Digital Library Services for Playing with Antiquity and Shared Heritage), which provides digital heritage content: creation, archival, exposition, presentation and interaction services for digital heritage collections. Based on DISPLAYS, a specific digital heritage resource was created to validate its concept and, more importantly, to act as a test bed to validate workflow management for digital heritage resources. This DISPLAYS type system implementation was called the Reanimating Cultural Heritage resource, for which three core components are the archival, retrieval and presentation components. To validate workflow management and its concepts, another limited version of these reanimating cultural heritage components was implemented within a workflow management host to test if the workflow technology is a viable choice for managing control and dataflow within a digital heritage system: this was successfully proved

Higher Order Mutation Testing

Mutation testing is a fault-based software testing technique that has been studied widely for over three decades. To date, work in this field has focused largely on first order mutants because it is believed that higher order mutation testing is too computationally expensive to be practical. This thesis argues that some higher order mutants are potentially better able to simulate real world faults and to reveal insights into programming bugs than the restricted class of first order mutants. This thesis proposes a higher order mutation testing paradigm which combines valuable higher order mutants and non-trivial first order mutants together for mutation testing. To overcome the exponential increase in the number of higher order mutants a search process that seeks fit mutants (both first and higher order) from the space of all possible mutants is proposed. A fault-based higher order mutant classification scheme is introduced. Based on different types of fault interactions, this approach classifies higher order mutants into four categories: expected, worsening, fault masking and fault shifting. A search-based approach is then proposed for locating subsuming and strongly subsuming higher order mutants. These mutants are a subset of fault mask and fault shift classes of higher order mutants that are more difficult to kill than their constituent first order mutants. Finally, a hybrid test data generation approach is introduced, which combines the dynamic symbolic execution and search based software testing approaches to generate strongly adequate test data to kill first and higher order mutants

Orta Doğu Teknik Üniversitesi- Bilgi Toplumu Teknolojileri- Mükemmeliyet merkez projesi

TÜBİTAK EEEAG Proje01.02.200

Combining formal verification environments and model-driven engineering

Les méthodes formelles (comme les prouveurs interactifs) sont de plus en plus utilisées dans la vérification de logiciels critiques. Elles peuvent compter sur leurs bases formelles solides ainsi que sur leurs sémantiques précises. Cependant, elles utilisent des notations complexes qui sont souvent difficiles à comprendre. D'un autre côté, l'Ingénierie Dirigée par les Modèles nous propose des langages de descriptions, comme les diagrammes de classes, utilisant des notations intuitives mais qui souffrent d'un manque de bases formelles. Dans cette thèse, nous proposons de faire interagir les deux domaines complémentaires que sont les méthodes formelles et l'ingénierie dirigée par les modèles. Nous proposons une approche permettant de transformer des types de données fonctionnels (utilisés dans les prouveurs interactifs) en diagrammes de classes et vice-versa. Afin d'atteindre ce but, nous utilisons une méthode de transformation dirigée par les modèles.Formal methods (such as interactive provers) are increasingly used in the verification of critical software. This is so because they rely on their strong formal basis and precise semantics. However, they use complex notations that are often difficult to understand. On the contrary, the tools and formalisms provided by Model Driven Engineering offer more attractive syntaxes and use intuitive notations. However, they suffer from a lack of formal foundations. In this thesis, we are interested in combining these two complementary domains that are formal methods and Model Driven Engineering. We propose an approach allowing to translate functional data types (used in interactive provers) into class diagrams and vice versa. To achieve this goal, we use a model-driven transformation method

Forschungsbericht Universität Mannheim 2006 / 2007

Sie erhalten darin zum einen zusammenfassende Darstellungen zu den Forschungsschwerpunkten und Forschungsprofilen der Universität und deren Entwicklung in der Forschung. Zum anderen gibt der Forschungsbericht einen Überblick über die Publikationen und Forschungsprojekte der Lehrstühle, Professuren und zentralen Forschungseinrichtungen. Diese werden ergänzt um Angaben zur Organisation von Forschungsveranstaltungen, der Mitwirkung in Forschungsausschüssen, einer Übersicht zu den für Forschungszwecke eingeworbenen Drittmitteln, zu den Promotionen und Habilitationen, zu Preisen und Ehrungen und zu Förderern der Universität Mannheim. Darin zeigt sich die Bandbreite und Vielseitigkeit der Forschungsaktivitäten und deren Erfolg auf nationaler und internationaler Ebene

An investigation of interoperability issues between authorisation systems within web services

The existing authorisation systems within the context of Web Services mainly apply two access control approaches – Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). The RBAC approach links an authenticated Web Service Requester to its specific access control permission through roles, but RBAC is not flexible enough to cater for some cases where extra attribute information is needed in addition to the identity. By contrast, the ABAC approach has more flexibility, as it allows a Web Service Requester to submit necessary credentials containing extra attribute information that can fulfil the policies declared by a Web Service Provider, which aims to protect the sensitive resources/services.RBAC and ABAC can only help to establish a unilateral trust relationship between two Web Services to enable a Web Service Provider to make an access control decision. Unfortunately, the nature of Web Services presents a high probability that two Web Services may not know each other. Therefore, successful authorisation may fail, if the Web Service Requester does not trust the Web Service Provider.Trust Negotiation (TN) is also an access control approach, which can provide a bilateral trust relationship between two unknown entities, so it sometimes can enable authorisation success in situations where success is not possible through RBAC or ABAC approaches. However, interoperability issues will arise between authorisation systems within Web Services, where a bilateral trust-based authorisation solution is applied. In addition, a lack of a unified approach that can address the interoperability issues remains as a research problem. This research aims to explore possible factors causing the lack of interoperability first, and then to explore an approach that can address the interoperability issues. The main contributions of this research are an improved interoperability model illustrating interoperability issues at different layers of abstraction, and a novel interoperability-solution design along with an improved TN protocol as an example of utilising this design to provide interoperability between authorisation systems within Web Services

A UI-driven approach to facilitating effective development of rich and composite web applications

It is well-recognized that the development of user interfaces is one of the most time-consuming tasks in the overall application development process. At the same time, there is an increasing demand for rich and fluid user interfaces from web users. As a result, developers are facing increasing challenges in delivering web applications, especially those with rich UI requirements. In this thesis we present two solutions to facilitate the execution and rapid development of web applications with rich user interfaces. The first solution is a rich internet application (RIA) framework aimed at providing high usability and productivity to web applications, while the second solution is a UI integration framework that simplifies web application development by facilitating the composition of reusable UI components. The foundation of our RIA framework is an XML-based high-level protocol for communicating asynchronous events and incremental UI updates on the web. The protocol facilitates rich and highly interactive UI, while at the same time eliminates frequent and slow page refreshes and provides a more responsive user experience. Built on top of the protocol, a server-side runtime allows UI logic code to be executed on the server side, while a set of server-side event-driven API enables developers to implement sophisticated application-specific UI behavior. On the client side, a thin client renders UI and processes native events, but leaves application-specific logic to the server side. The thin client thus allows end users to enjoy a rich UI experience in a safe client environment, without executing any downloaded code. The proposed UI integration framework includes an abstract UI component model which allows UI components to be programmatically manipulated via events, operations, and properties, essentially exposing UI as services. To facilitate component interactions, the framework offers an event-based composition model, which allows integration logic to be specified in the form of event listeners. Composite applications are executed via a lightweight runtime middleware, which provides component adapters that allow the middleware to communicate with native UI components implemented in a variety of languages and platforms. Finally, a graphical development environment allows composite applications to be built in a drag-and-drop fashion