Towards Symbolic Model-Based Mutation Testing: Combining Reachability and Refinement Checking

Model-based mutation testing uses altered test models to derive test cases that are able to reveal whether a modelled fault has been implemented. This requires conformance checking between the original and the mutated model. This paper presents an approach for symbolic conformance checking of action systems, which are well-suited to specify reactive systems. We also consider nondeterminism in our models. Hence, we do not check for equivalence, but for refinement. We encode the transition relation as well as the conformance relation as a constraint satisfaction problem and use a constraint solver in our reachability and refinement checking algorithms. Explicit conformance checking techniques often face state space explosion. First experimental evaluations show that our approach has potential to outperform explicit conformance checkers.Comment: In Proceedings MBT 2012, arXiv:1202.582

Waste Wood Gasification: Distribution of Nitrogen, Sulphur and Chlorine in a Dual Fluidised Bed Steam Gasifier

Waste wood was gasified in a dual fluidised bed gasifier in order to investigate the behaviour of waste fuels in this technology. The distribution of nitrogen, sulphur and chlorine between the gasifier and combustor of the dual bed system was studied to identify the requirements for gas cleaning devices. The gasification system is suitable for the use of waste wood. A slight adaption of the gas cleaning equipment was necessary compared to gasification of natural woody biomass

Performance Characteristics of an 8 MW(th) Combined Heat and Power Plant Based on Dual Fluidized Bed Steam Gasification of Solid Biomass

The work focuses on a dual fluidized bed gasification technology for which a model has been developed and validated accompanying the operation of the 8 MWth biomass combined heat and power plant in Guessing/Austria. The reactor concept is a circulating fluidized bed system with a large steam-fluidized bubbling bed integrated into the solids return loop. The solids circulation rate is shown versus the riser exit velocity. Further, plant performance maps are presented for both electric and heat power output. The water content of the fuel is a major parameter with respect to plant performance. High fuel water content at high gas engine load means high gas velocities in the riser (erosion limit) and higher heat share in the produced energy

Formal mutation testing for Circus

International audienceContext: The demand from industry for more dependable and scalable test-development mechanisms has fostered the use of formal models to guide the generation of tests. Despite many advancements having been obtained with state-based models, such as Finite State Machines (FSMs) and Input/Output Transition Systems (IOTSs), more advanced formalisms are required to specify large, state-rich, concurrent systems. Circus, a state-rich process algebra combining Z, CSP and a refinement calculus, is suitable for this; however, deriving tests from such models is accordingly more challenging. Recently, a testing theory has been stated for Circus, allowing the verification of process refinement based on exhaustive test sets. Objective: We investigate fault-based testing for refinement from Circus specifications using mutation. We seek the benefits of such techniques in test-set quality assertion and fault-based test-case selection. We target results relevant not only for Circus, but to any process algebra for refinement that combines CSP with a data language. Method: We present a formal definition for fault-based test sets, extending the Circus testing theory, and an extensive study of mutation operators for Circus. Using these results, we propose an approach to generate tests to kill mutants. Finally, we explain how prototype tool support can be obtained with the implementation of a mutant generator, a translator from Circus to CSP, and a refinement checker for CSP, and with

Formal specification of a voice communication system used in air traffic control an industrial application of light weight formal methods using vdm

A joint project of the Austrian company Frequentis1 and the Technical University Graz demonstrates the applicability of executable formal models2. The formal method VDM++ has been applied to specify a safety critical voice communication system (VCS) for air-traffic control. Besides the expected improvement of the informal speciffication documents, 64 defects have been found, the efficiency of the system test-cases to cover the functionality of the VCS has been analyzed. In order to get a test-coverage measure, the formal specification has been animated with existing system test-cases using IFADs VDMTools. Document type: Part of book or chapter of boo

Bounded Determinization of Timed Automata with Silent Transitions

Deterministic timed automata are strictly less expressive than their non-deterministic counterparts, which are again less expressive than those with silent transitions. As a consequence, timed automata are in general non-determinizable. This is unfortunate since deterministic automata play a major role in model-based testing, observability and implementability. However, by bounding the length of the traces in the automaton, effective determinization becomes possible. We propose a novel procedure for bounded determinization of timed automata. The procedure unfolds the automata to bounded trees, removes all silent transitions and determinizes via disjunction of guards. The proposed algorithms are optimized to the bounded setting and thus are more efficient and can handle a larger class of timed automata than the general algorithms. The approach is implemented in a prototype tool and evaluated on several examples. To our best knowledge, this is the first implementation of this type of procedure for timed automata.Comment: 25 page

Dynamic symbolic execution for testing distributed objects

Abstract. This paper extends dynamic symbolic execution to distributed and concurrent systems. Dynamic symbolic execution can be used in software testing to systematically identify equivalence classes of input values and has been shown to scale well to large systems. Although mainly applied to sequential programs, this scalability makes it interesting to consider the technique in the distributed and concurrent setting as well. In order to extend the technique to concurrent systems, it is necessary to obtain sufficient control over the scheduling of concurrent activities to avoid race conditions. Creol, a modeling language for distributed concurrent objects, solves this problem by abstracting from a particular scheduling policy but explicitly defining scheduling points. This provides sufficient control to apply the technique of dynamic symbolic execution for model based testing of interleaved processes. The technique has been formalized in rewriting logic, executes in Maude, and applied to nontrivial examples, including an industrial case study