78,716 research outputs found
Rigorous development process of a safety-critical system: from ASM models to Java code
The paper presents an approach for rigorous development of safety-critical systems based on the Abstract State Machine formal method. The development process starts from a high level formal view of the system and, through refinement, derives more detailed models till the desired level of specification. Along the process, different validation and verification activities are available, as simulation, model review, and model checking. Moreover, each refinement step can be proved correct using an SMT-based approach. As last step of the refinement process, a Java implementation can be developed and linked to the formal specification. The correctness of the implementation w.r.t. its formal specification can be proved by means of model-based testing and runtime verification. The process is exemplified by using a Landing Gear System as case study
Relating computer systems to sequence diagrams with underspecification, inherent nondeterminism and probabilistic choice : Part 1
Having a sequence diagram specification and a computer system, we need to answer the question: Is the system compliant with the sequence diagram specification in the desired way? We present a procedure for answering this question for three variations of sequence diagrams.The procedure is independent of the choice of programming language used for the system. The semantics of sequence diagrams is denotational and based on traces. In order to answer the initial question, the procedure starts by obtaining the trace-set of the system by e.g. testing, and then transforming this into the same semantic model as that used for the sequence diagram. In addition to extending our earlier work on refinement relations for sequence diagrams, we define conformance relations relating systems to sequence diagrams.
The work is split in two parts. This paper presents part 1, in which we introduce the necessary definitions for using the compliance checking procedure on sequence diagrams with underspecification and sequence diagrams with inherent nondeterminism. In part 2 [RRS07], we present the definitions for using the procedure on sequence diagrams with probabilistic choice
Chaining Test Cases for Reactive System Testing (extended version)
Testing of synchronous reactive systems is challenging because long input
sequences are often needed to drive them into a state at which a desired
feature can be tested. This is particularly problematic in on-target testing,
where a system is tested in its real-life application environment and the time
required for resetting is high. This paper presents an approach to discovering
a test case chain---a single software execution that covers a group of test
goals and minimises overall test execution time. Our technique targets the
scenario in which test goals for the requirements are given as safety
properties. We give conditions for the existence and minimality of a single
test case chain and minimise the number of test chains if a single test chain
is infeasible. We report experimental results with a prototype tool for C code
generated from Simulink models and compare it to state-of-the-art test suite
generators.Comment: extended version of paper published at ICTSS'1
Towards Symbolic Model-Based Mutation Testing: Combining Reachability and Refinement Checking
Model-based mutation testing uses altered test models to derive test cases
that are able to reveal whether a modelled fault has been implemented. This
requires conformance checking between the original and the mutated model. This
paper presents an approach for symbolic conformance checking of action systems,
which are well-suited to specify reactive systems. We also consider
nondeterminism in our models. Hence, we do not check for equivalence, but for
refinement. We encode the transition relation as well as the conformance
relation as a constraint satisfaction problem and use a constraint solver in
our reachability and refinement checking algorithms. Explicit conformance
checking techniques often face state space explosion. First experimental
evaluations show that our approach has potential to outperform explicit
conformance checkers.Comment: In Proceedings MBT 2012, arXiv:1202.582
Predicate Abstraction with Under-approximation Refinement
We propose an abstraction-based model checking method which relies on
refinement of an under-approximation of the feasible behaviors of the system
under analysis. The method preserves errors to safety properties, since all
analyzed behaviors are feasible by definition. The method does not require an
abstract transition relation to be generated, but instead executes the concrete
transitions while storing abstract versions of the concrete states, as
specified by a set of abstraction predicates. For each explored transition the
method checks, with the help of a theorem prover, whether there is any loss of
precision introduced by abstraction. The results of these checks are used to
decide termination or to refine the abstraction by generating new abstraction
predicates. If the (possibly infinite) concrete system under analysis has a
finite bisimulation quotient, then the method is guaranteed to eventually
explore an equivalent finite bisimilar structure. We illustrate the application
of the approach for checking concurrent programs.Comment: 22 pages, 3 figures, accepted for publication in Logical Methods in
Computer Science journal (special issue CAV 2005
Towards an I/O Conformance Testing Theory for Software Product Lines based on Modal Interface Automata
We present an adaptation of input/output conformance (ioco) testing
principles to families of similar implementation variants as appearing in
product line engineering. Our proposed product line testing theory relies on
Modal Interface Automata (MIA) as behavioral specification formalism. MIA
enrich I/O-labeled transition systems with may/must modalities to distinguish
mandatory from optional behavior, thus providing a semantic notion of intrinsic
behavioral variability. In particular, MIA constitute a restricted, yet fully
expressive subclass of I/O-labeled modal transition systems, guaranteeing
desirable refinement and compositionality properties. The resulting modal-ioco
relation defined on MIA is preserved under MIA refinement, which serves as
variant derivation mechanism in our product line testing theory. As a result,
modal-ioco is proven correct in the sense that it coincides with traditional
ioco to hold for every derivable implementation variant. Based on this result,
a family-based product line conformance testing framework can be established.Comment: In Proceedings FMSPLE 2015, arXiv:1504.0301
A Polynomial Time Algorithm for Deciding Branching Bisimilarity on Totally Normed BPA
Strong bisimilarity on normed BPA is polynomial-time decidable, while weak
bisimilarity on totally normed BPA is NP-hard. It is natural to ask where the
computational complexity of branching bisimilarity on totally normed BPA lies.
This paper confirms that this problem is polynomial-time decidable. To our
knowledge, in the presence of silent transitions, this is the first
bisimilarity checking algorithm on infinite state systems which runs in
polynomial time. This result spots an instance in which branching bisimilarity
and weak bisimilarity are both decidable but lie in different complexity
classes (unless NP=P), which is not known before.
The algorithm takes the partition refinement approach and the final
implementation can be thought of as a generalization of the previous algorithm
of Czerwi\'{n}ski and Lasota. However, unexpectedly, the correctness of the
algorithm cannot be directly generalized from previous works, and the
correctness proof turns out to be subtle. The proof depends on the existence of
a carefully defined refinement operation fitted for our algorithm and the
proposal of elaborately developed techniques, which are quite different from
previous works.Comment: 32 page
- …