Software integration testing based on communication coverage criteria and partial model generation

This paper considers the problem of integration testing the components of a timed distributed software system. We assume that communication between the components is specified using timed interface automata and use computational tree logic (CTL) to define communication-based coverage criteria that refer to send- and receive-statements and communication paths. The proposed method enables testers to focus during component integration on such parts of the specification, e.g. behaviour specifications or Markovian usage models, that are involved in the communication between components to be integrated. A more specific application area of this approach is the integration of test-models, e.g. a transmission gear can be tested based on separated models for the driver behaviour, the engine condition, and the mechanical and hydraulical transmission states. Given such a state-based specification of a distributed system and a concrete coverage goal, a model checker is used in order to determine the coverage or generate test sequences that achieve the goal. Given the generated test sequences we derive a partial test-model of the components from which the test sequences are derived. The partial model can be used to drive further testing and can also be used as the basis for producing additional partial models in incremental integration testing. While the process of deriving the test sequences could suffer from a combinatorial explosion, the effort required to generate the partial model is polynomial in the number of test sequences and their length. Thus, where it is not feasible to produce test sequences that achieve a given type of coverage it is still possible to produce a partial model on the basis of test sequences generated to achieve some other criterion. As a result, the process of generating a partial model has the potential to scale to large industrial software systems. While a particular model checker, UPPAAL, was used, it should be relatively straightforward to adapt the approach for use with other CTL based model checkers. A potential additional benefit of the approach is that it provides a visual description of the state-based testing of distributed systems, which may be beneficial in other contexts such as education and comprehension

04041 Abstracts Collection -- Component-Based Modeling and Simulation

From 18.01.04 to 23.01.04, the Dagstuhl Seminar 04041 ``Component-Based Modeling and Simulation\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

Implications of the operational environmental on software security requirements engineering

After presenting an overview about the most commonly referred reasons and issues for bad practice in software security requirements engineering, this paper introduces a security interdependency model, illustrating the implications between software and its physical, technical and organizational environment. The model is described in detail and the mutual implication and interdependencies between software security (requirements) and the operational environment are explained, enhanced with illustrative examples. Conclusions and further research perspectives with respect to security requirements engineering, and security in general are drawn

Understanding Success and Failure Profiles of ERP Requirements Engineering: an Empirical Study

Organizations adopting Enterprise Resource Planning (ERP) are also adopting standard ERPvendor- specific process models for engineering their requirements. Making successfully a live process out of such a model is hard. Maturity assessment frameworks can help ERP adopters identify and understand those practices which help their ERP processes succeed and those which do not. This paper deploys a Requirements Engineering maturity model to examine variations in instantiations of a standard ERP RE process. We draw on our previous results and our lessons learnt from eight years of experience in using ERP RE processes

Generating Optimal Distinguishing Sequences with a Model Checker

This paper presents an approach for the automatic generation of shortest Distinguishing Sequences (DS) with the Uppaal model checker. The presented method is applicable to a large number of extended finite state machines and it will find an optimal result, if a DS sequence exists for the considered automaton. Our approach is situated in an integrated testing environment that is used to generate checking sequences. The generation method is based on a DS model, which is derived from the same test model that is used for generating test cover sets. The problem of generating DS is reduced to the definition of a DS model and for this reason the complexity of our approach depends mainly on the used model checking algorithm. This means, that the presented method is automatically improved, when the model checking algorithm is improved. This includes the generation of optimal DS depending on the ability of the model checker to produce optimal results

Equivalence Class Definition for Automated Testing of Satellite On-Board Image Processing

On-board image processing technologies in the satellite domain are subject to strict requirements with respect to reliability and accuracy in hard real-time. Due to the large input domain of such processing technologies it is impracticable or even impossible to execute all possible test cases. As a solution we define a novel test approach that efficiently and systematically captures the input domain of satellite on-board image processing applications. We first partition each input parameter into equivalence classes. Based on these equivalence classes we define multidimensional coverage criteria to assess the coverage of a given test suite on the whole input domain. Finally, our test generation algorithm automatically inserts missing but relevant test cases into the given test suite such that our multidimensional coverage criteria are satisfied. As a result we get a reasonably small test suite that covers the complete input domain. We demonstrate the effectiveness of our approach with experimental results from the ESA medium-class mission PLATO

A Flexible Integration Strategy for In-Car Telematics Systems

This paper presents an approach for the planning of integration tests of automotive telematics systems. To our knowledge no method for the determination of an integration order exists that takes the project and the system environment into account, which in our opinion greatly influence the integration order. Furthermore, most known test generation methods and structural quality measures demand syntactically sound specifications to be applied efficiently. In our projects Message Sequence Charts are often created manually from the scratch with many different tools, and therefore they are of rather low syntactical quality. This paper addresses the determination of an integration strategy, which can easily be adapted to changes in the project or in the system environment, and which can be manually applied to any given specification

Automated Scenario-Based Evaluation of Embedded Software and System Architectures

Architecture scenarios are widely used to systematize the elicitation of architecture significant requirements and to evaluate the appropriateness of architecture decisions. Due to the lack of tool support, architects perform this evaluation manually whenever an architecture changes. In this paper, we present a scenario modeling, and evaluation approach for embedded systems that enables automated evaluation of architecture concepts with respect to scenarios. Our approach utilizes function nets contained in candidate architectures to derive main event chains of the system under development. Architecture scenarios are executed on these function nets. A novel scenario modeling approach is used to enable execution on function nets that neither provides a detailed design nor an implementation for functions. We discuss the applicability of our approach in context of the design of a control system for an aluminum cold-rolling mill. This discussion covers both functional and non-functional requirements formulated as architecture scenarios