Testing for the unboundedness of fifo channels in programs (1)

Unsolvability of the unboundedness problem for specification models allowing fifo channels was proved a few years ago by Brand and Zafiropulo. The paper investigates a testing approach of that problem. Instead of reducing the model in order to give decidability results, we work with the largest possible framework. We find a sufficient condition for unboundedness based on a relation between reachable global states. This gives a testing procedure which can be applied as well to communicating finite state machines as to Fifo-Nets. Moreover, the test extends existing decidability results. In fact it becomes a decision procedure for a class of systems strictly including linear and monogeneous systems. A few modifications of the relation make it available for Estelle specifications

Model-Based Test Selection for Infinite-State Reactive Systems

International audienceThis paper addresses the problem of off-line selection of test cases for testing the conformance of a black-box implementation with respect to a specification, in the context of reactive systems. Efficient solutions to this problem have been proposed in the context of finite-state models, based on the ioco conformance testing theory. An extension of these is proposed in the context of infinite-state specifications, modelled as automata extended with variables. One considers the selection of test cases according to test purposes describing abstract scenarios that one wants to test. The selection of program test cases then consists in syntactical transformations of the specification model, using approximate analyses

Automatic Test Generation from Interprocedural Specifications

This paper adresses the generation of test cases for testing the conformance of a black-box implementation with respect to its specification, in the context of reactive systems. We aim at extending the principles and algorithms of model-based testing à la ioco for recursive specifications that can be modeled by Push-Down Systems (PDS). Such specifications may be more compact than non-recursive ones and are more expressive. The generated test cases are selected according to a test purpose, a (set of) scenario of interest that one wants to observe during test execution. The test generation method we propose in this paper is based on program transformations and a coreachability analysis, which allows to decide whether and how the test purpose can still be satisfied. However, despite the possibility to perform an exact analysis, the inability of test cases to inspect their own stack prevents it from using fully the coreachability information. We discuss this partial observation problem, its consequences, and how to minimize its impact

Génération automatique de tests pour des propriétés de sécurité

National audienceDans cet article, nous nous intéressons à l'utilisation conjointe de techniques de génération automatique de tests et de synthèse de contrôleurs pour tester des propriétés de sécurité. Nous suivons une approche orientée modèle, c'est-à-dire que nous supposons disposer d'une spécification du comportement du système. Sur celle-ci nous étudions la satisfaction de certaines classes de propriétés de confidentialité et d'intégrité. Nous proposons une méthode qui consiste à calculer automatiquement un modèle du contrôle d'accès idéal assurant ces deux types de propriétés de sécurité. Nous montrons ensuite comment en dériver des cas de tests qui, exécutés sur l'implémentation, permettent de détecter la non-conformité de l'implémentation et sous certaines hypothèses, la violation des propriétés de sécurité, et une éventuelle mauvaise implémentation du contrôle d'accès mis en place

Abstract Interpretation of FIFO channels

We address the analysis and the verification of communicating systems, which are systems built from sequential processes communicating via unbounded FIFO channels. We adopt the Abstract Interpretation approach to this problem, by defining approximate representations of sets of configuration of FIFO channels. In this paper we restrict our attention to the case where processes are finite-state processes and the alphabet of exchanged messages is finite. We first focus on systems with only one queue, for which we propose an abstract lattice based on regular languages, and we then generalize our proposal to systems with several queues. In particular, we define for these systems two abstract lattices, which are resp. non-relational and relational abstract lattices. We use those lattices for computing an over-approximation of the reachability set of a CFSM. Our experimental evaluation shows that, for some protocols, we obtain results that are as good as those obtained by exact methods founded on acceleration techniques

Synthèse de contrôleurs pour une relation de conformité

National audienceNous nous intéressons à la combinaison du test de conformité et de la synthèse de contrôleurs ; spécifiquement, au problème de rendre une implémentation d'un système conforme à sa spécification, à l'aide d'un contrôleur calculé automatiquement. Ce dernier peut être vu comme un ``patch'' qui corrige automatiquement des erreurs, qui autrement auraient dû être détectées par le test et corrigées à la main. Nous traitons ici le cas où toutes les actions de la spécification et de l'implémentation sont observables depuis l'environnement, mais seul un sous-ensemble des actions est contrôlabl

Abstract Interpretation of FIFO channels

We address the analysis and the verification of communicating systems, which are systems built from sequential processes communicating via unbounded FIFO channels. We adopt the Abstract Interpretation approach to this problem, by defining approximate representations of sets of configuration of FIFO channels. In this paper we restrict our attention to the case where processes are finite-state processes and the alphabet of exchanged messages is finite. We first focus on systems with only one queue, for which we propose an abstract lattice based on regular languages, and we then generalize our proposal to systems with several queues. In particular, we define for these systems two abstract lattices, which are resp. non-relational and relational abstract lattices. We use those lattices for computing an over-approximation of the reachability set of a CFSM. Our experimental evaluation shows that, for some protocols, we obtain results that are as good as those obtained by exact methods founded on acceleration techniques. \\ Nous nous intéressons à l'analyse et à la vérification de systèmes communiquants, qui sont des systèmes formés de processus séquentiels communiquant par des files de communication non bornées. Nous proposons de suivre l'approche de l'interprétation abstraite, en définissant des représentations approchées pour les ensembles de configuration de files de communication. Dans le cadre de cet article, nous nous restreignons au cas où les processus sont d'état fini et l'alphabet des messages échangés est également fini. Nous étudions d'abord les systèmes avec une seule file de communication, pour lesquels nous proposons un treillis abstrait fondé sur les langages réguliers, puis généralisons notre proposition aux systèmes avec plusieurs files. En particulier nous définissons pour ces derniers deux treillis abstraits, le premier non-relationel et le second relationel, c'est-à-dire capable de représenter des propriétés liant deux files de communication différentes. Nous utiliserons ces treillis pour calculer une sur-approximation de l'ensemble d'atteignabilité d'un CFSM. Notre évaluation expérimentale montre que nous obtenons, sur certains protocoles, des résultats aussi bons que ceux obtenus par des méthodes exactes fondées sur des techniques d'accélération

Ensuring the conformance of reactive discrete-event systems by means of supervisory control

International audienceWe study the problem of controlling a plant of a system by means of an automatically computed supervisor, in order to ensure a certain conformance relation between the plant and its formal specification. The supervisor can be seen as a device that automatically fixes errors that otherwise would have been discovered by testing and fixed by hand. The resulting controlled plant conforms to the specification and is maximal in terms of observable behaviour