Derivation of Test Cases for LAP-B from a LOTOS Specification

this paper, we show how this method has been applied to obtain test cases for LAP-B that are comparable, and in fact occasionally better, than those obtained by [KLPU][Kan]. Since TTCN is a common language for the spec- ification of test trees, the test cases obtained are written in TTCN (we should observe, however, that LOTOS itself appears to be adequate for the specification of test trees [Steen]). This technique appears to be valuable for conformance testing, at least until such time as the more formal approaches being developed by other authors become available (see Section 7). It makes it possible to extract test cases directly from (possibly standardized) formal descriptions, eliminating or reducing the importance of the interpretation of the informally specified standard. The formal specification is more complete and precise than the state tables and, unlike the latter, allows full formal treatment of the data part. For example, we shall show that automatic or semiautomatic generation of frame values appear to be possible by using the information contained in selection predicates

DILL: Specifying digital logic in LOTOS

As a relatively new application area for LOTOS (Language Of Temporal Ordering Specification), the specification of digital logic is investigated. A specification approach is evolved and justified, illustrated with basic logic gates and the larger example of a keyboard controller. The construction and validation of the digital component library are discussed, along with a retrieval tool that allows access to the library

Analysis and representation of test cases generated from LOTOS

Cataloged from PDF version of article.This paper presents a method to generate, analyse and represent test cases from protocol specification. The language of temporal ordering specification (LOTOS) is mapped into an extended finite state machine (EFSM). Test cases are generated from EFSM. The generated test cases are modelled as a dependence graph. Predicate slices are used to identify infeasible test cases that must be eliminated. Redundant assignments and predicates in all the feasible test cases are removed by reducing the test case dependence graph. The reduced test case dependence graph is adapted for a local single-layer (LS) architecture. The reduced test cases for the LS architecture are enhanced to represent the tester's behaviour. The dynamic behaviour of the test cases is represented in the form of control graphs by inverting the events, assigning verdicts to the events in the enhanced dependence graph. © 1995

Conformance Testing with Labelled Transition Systems: Implementation Relations and Test Generation

This paper studies testing based on labelled transition systems, presenting two test generation algorithms with their corresponding implementation relations. The first algorithm assumes that implementations communicate with their environment via symmetric, synchronous interactions. It is based on the theory of testing equivalence and preorder, as is most of the testing theory for labelled transition systems, and it is found in the literature in some slightly different variations. The second algorithm is based on the assumption that implementations communicate with their environment via inputs and outputs. Such implementations are formalized by restricting the class of labelled transition systems to those systems that can always accept input actions. For these implementations a testing theory is developed, analogous to the theory of testing equivalence and preorder. It consists of implementation relations formalizing the notion of conformance of these implementations with respect to labelled transition system specifications, test cases and test suites, test execution, the notion of passing a test suite, and the test generation algorithm, which is proved to produce sound test suites for one of the implementation relations

Using formal methods to support testing

Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing

Contribución a la Formalización de la Fase de Ejecución de Pruebas

En el campo de la Ingeniería de Protocolos es fundamental el papel que han tomado los organismos normalizadores de Servicios y Sistemas de Comunicaciones, como ISO e ITU. En este entorno, las Técnicas de Descripción Formal son un mecanismo clave para el diseño y especificación de dichos protocolos.Esta actividad ha surgido, en gran parte, debida a las necesidades de interconectividad, que está alcanzando niveles difícilmente imaginables hace pocos añoos: se pretende que sistemas heterogéneos y completamente diferentes cooperen y trabajen de forma distribuida o, simplemente, que intercambien volúmenes de información cada vez mayores. Surgen normas y recomendaciones a partir de iniciativas públicas orientadas a proporcionar normas en los servicios y protocolos de comunicaciones; normas que los fabricantes deben cumplir y organismos independientes deben certificar u homologar. Existen dos campos de actuación bien diferentes: por un lado, las normas deben ser precisas y no contener ambigüedades . Por otro, es necesario comprobar que el producto se atiene a la norma. Este proceso se realiza en base a unas pruebas denominadas de Conformidad. l primer campo es el causante directo del desarrollo de las FDTs. El segundo, ha provocado que ISO normalice un entorno específico y una metodología para el desarrollo y ejecución de Pruebas de Conformidad: la norma ISO-9646. En este entorno tiene lugar el desarrollo de la presente tesis. Como objetivos fundamentales se ha trabajado en 1) conceptualización y subsiguiente formalización del proceso de ejecución de Pruebas de Conformidad y elementos integrantes en las arquitecturas de pruebas, y 2) definición de una métrica de cobertura que aproveche la existencia de especificaciones formales como elemento de referencia para la generación de las pruebas de conformidad

Verification of LOTOS Specifications Using Term Rewriting Techniques

Recently the use of formal methods in describing and analysing the behaviour of (computer) systems has become more common. This has resulted in the proliferation of a wide variety of different specification formalisms, together with analytical techniques and methodologies for specification development. The particular specification formalism adopted for this study is LOTOS, an ISO standard formal description technique. Although there are many works dealing with how to write LOTOS specifications and how to develop a LOTOS specification from the initial abstract requirements specification to concrete implementation, relatively few works are concerned with the problems of expressing and proving the correctness of LOTOS specifications, i.e. verification. The main objective of this thesis is to address this shortfall by investigating the meaning of verification as it relates to concurrent systems in general, and in particular to those systems described using LOTUS. Further goals are to automate the verification process using equational reasoning and term rewriting, and also to attempt to make the results of this work, both theoretical and practical, as accessible to LOTOS practitioners as possible. After introducing the LOTUS language and related formalisms, the thesis continues with a survey of approaches to verification of concurrent systems with a view to identifying those approaches suitable for use in verification of properties of systems specified using LOTOS. Both general methodology and specific implementation techniques are considered. As a result of this survey, two useful approaches are identified. Both are based on the technique of expressing the correctness of a LOTUS specification by comparison with another, typically more abstract, specification. The second approach, covered later in the thesis, uses logic for the more abstract specification. The main part of the thesis is concerned with the first approach, in which both specifications are described in LOTUS, and the comparison is expressed by a behavioural equivalence or preorder relation. This approach is further explored by means of proofs based on the paradigm of equational reasoning, implemented by term rewriting. Initially, only Basic LOTUS (i.e. the process algebra) is considered. A complete (i.e. confluent and terminating) rule set for weak bisimulation congruence over a subset of Basic LOTOS is developed using RRL (Rewrite Rule Laboratory). Although fully automatic, this proof technique is found to be insufficient for anything other than finite toy examples. In order to give more power, the rule set is supplemented by an incomplete set of rules expressing the expansion law. The incompleteness of the rule set necessitates the use of a strategy in applying the rules, as indiscriminate application of the rules may lead to non-termination of the rewriting. A case study illustrates the use of these rules, and also the effect of different interpretations of the verification requirement on the outcome of the proof. This proof technique, as a result of the deficiencies of the tool on which it is based, has two major failings: an inability to handle recursion, and no opportunity for user control in the proof. Moving to a different tool, PAM (Process Algebra Manipulator), allows correction of these faults, but at the cost of automation. The new implementation acts merely as computerised pencil and paper, although tactics can be defined which allow some degree of automation. Equations may be applied in either direction, therefore completion is no longer as important. (Note that the tactic language could be used to describe a a complete set of rules which would give an automatic proof technique, therefore some effort towards completion is still desirable. However, since LOTOS weak bisimulation congruence is undecidable, there can never be a complete rule set for deciding equivalence of terms from the full LOTUS language.) The composition of the rule set is re-considered, with a. view to using alternative axiomatisations of weak bisimulation congruence: two main axiomatisations are described and their relative merits compared. The axiomatisation of other LOTUS relations is also considered. In particular, we consider the pitfalls of axiomatising the cred preorder relation. In order to demonstrate the use of the PAM proof system developed, the case study, modified to use recursion, is re-examined. Four other examples taken from the literature, one substantial, the others fairly small, are also investigated to further demonstrate the applicability of the PAM proof system to a variety of examples. The above approach considers Basic LOTUS only; to be more generally applicable the verification of properties of full LOTOS specifications (i.e. including abstract data types) must also be studied. Methods for proving the equivalence of full LOTUS specifications are examined, including a modification of the technique used successfully above. The application of this technique is illustrated via proofs of the equivalence of three variants of the well-known stack example