Angelo Michele Gargantini

Using model checking to generate tests from requirements specifications

Recently, many formal methods, such as the SCR (Software Cost Reduction) requirements method, have been proposed for improving the quality of software specifications. Although improved specifications are valuable, the ultimate objective of software development is to produce software that satisfies its requirements. To evaluate the correctness of a software implementation, one can apply black-box testing to determine whether the implementation, given a sequence of system inputs, produces the correct system outputs. This paper describes a specification-based method for constructing a suite of test sequences, where a test sequence is a sequence of inputs and outputs for testing a software implementation. The test sequences are derived from a tabular SCR requirements specification containing diverse data types, i.e., integer, boolean, and enumerated types. From the functions defined in the SCR specification, the method forms a collection of predicates called branches, which “cover” all possible software behaviors described by the specification. Based on these predicates, the method then derives a suite of test sequences by using a model checkers ability to construct counterexamples. The paper presents the results of applying our method to four specifications, including a sizable component of a contractor specification of a real system.

ASM-based testing: Coverage criteria and automatic test sequence generation

This paper tackles some aspects concerning the exploitation of Abstract State Machines (ASMs) for testing purposes. We define for ASM specifications a set of adequacy criteria measuring the coverage achieved by a test suite, and determining whether sufficient testing has been performed. We introduce a method to automatically generate from ASM specifications test sequences which accomplish a desired coverage. This method exploits the counter example generation of the model checker SMV. We use ASMs as test oracles to predict the expected outputs of units under test.

Abstract State Machines 2003

Invited Papers.- Software Testing Research and Practice.- Abstract State Processes.- Recent Advances in Refinement.- Partial Updates Exploration II.- Experiments with Test Case Generation and Runtime Analysis.- A Framework for Proving Contract-Equipped Classes.- Mobile UNITY Schemas for Agent Coordination.- UML and Concurrency.- Research Papers.- A Unified Formal Specification and Analysis of the New Java Memory Models.- Modelling Conditional Knowledge Discovery and Belief Revision by Abstract State Machines.- Formal Description of a Distributed Location Service for Mobile Ad Hoc Networks.- Remarks on Turbo ASMs for Functional Equations and Recursion Schemes.- Integrating UML Static and Dynamic Views and Formalizing the Interaction Mechanism of UML State Machines.- The Hidden Computation Steps of Turbo Abstract State Machines.- Using Spin to Generate Tests from ASM Specifications.- Interfacing ASM with the MDG Tool.- ASMs versus Natural Semantics: A Comparison with New Insights.- Quantum Computing and Abstract State Machines.- Consistent Integration for Sequential Abstract State Machines.- Deciding the Verification Problem for Abstract State Machines.- An ASM Semantics of UML Derived from the Meta-model and Incorporating Actions.- Privacy, Abstract Encryption and Protocols: An ASM Model - Part I.- A Framework for Modeling the Semantics of Expression Evaluation with Abstract State Machines.- Extended Abstracts.- Using AsmL for Runtime Verification.- Modeling Information Services on the Basis of ASM Semantics.- Designing the Parlay Call-Control Using ASMs.- Test Case Generation from AsmL Specifications.- Teaching ASMs, Teaching with ASMs: Opportunities in Undergraduate Education.- Using ASM Specifications for Compiler Testing.- ASMs as Integration Platform towards Verification and Validation of Distributed Production Control Systems at Multiple Levels of Abstraction.- AsmL Specification of a Ptolemy II Scheduler.- ASM Specification of Database Systems.- The Computable Kernel of ASM.- A Non-standard Approach to Operational Semantics for Timed Systems.- Parallelism versus Nondeterminism - On the Semantics of Abstract State Machines.

Using spin to generate tests from ASM specifications

In this paper we introduce an algorithm to automatically encode an ASM specification in PROMELA, the language of the model checker Spin, and we present a method exploiting the counter example generation feature of Spin, to automatically generate from ASM specifications test sequences which accomplish a desired coverage. ASMs are used as test oracles to predict the expected outputs of units under test. A prototype tool that implements the proposed method is also presented. Experimental results in evaluating the method are reported. The experiments include test sequence generation, tests execution, code coverage measurement for a case study implemented in Java, and comparison with random tests generation. Benefits and limitations in using model checking are discussed.

A logic-based approach to combinatorial testing with constraints

Usage of combinatorial testing is wide spreading as an effective technique to reveal unintended feature interaction inside a given system. To this aim, test cases are constructed by combining tuples of assignments of the different input parameters, based on some effective combinatorial strategy. The most commonly used strategy is two-way (pairwise) coverage, requiring all combinations of valid assignments for all possible pairs of input parameters to be covered by at least one test case. In this paper a new heuristic strategy developed for the construction of pairwise covering test suites is presented, featuring a new approach to support expressive constraining over the input domain. Moreover, it allows the inclusion or exclusion of ad-hoc combinations of parameter bindings to let the user customize the test suite outcome. Our approach is tightly integrated with formal logic, since it uses test predicates to formalize combinatorial testing as a logic problem, and applies an external model checker tool to solve it. The proposed approach is supported by a prototype tool implementation, and early results of experimental assessment are also presented.

Encoding Abstract State Machines in PVS

In this paper we show how the specification and verification system PVS (Prototype Verification System) can provide tool support for Abstract State Machines (ASMs), especially oriented towards automatic proof checking and mechanized proving of properties. Useful templates are presented which allow encoding of ASM models into PVS without any extra users skill. We prove the transformation preserves the ASM semantics and provide a framework for an automatic tool, prototypically implemented, which translates ASM specifications in PVS. The ASM specification of the Production Cell given in [4] is taken as case study to show how to formalize multi-agent ASMs in PVS and prove properties.

AsmetaSMV: a way to link high-level ASM models to low-level NuSMV specifications

This paper presents AsmetaSMV, a model checker for Abstract State Machines (ASMs). It has been developed with the aim of enriching the ASMETA (ASM mETAmodeling) toolset – a set of tools for ASMs – with the capabilities of the model checker NuSMV to verify properties of ASM models written in the AsmetaL language. We describe the general architecture of AsmetaSMV and the process of automatically mapping ASM models into NuSMV programs. As a proof of concepts, we report the results of using AsmetaSMV to verify temporal properties of various case studies of different characteristics and complexity.

A Metamodel-based Language and a Simulation Engine for Abstract State Machines

In this paper, we present a concrete textual notation, called AsmetaL, and a general-purpose simulation engine, called AsmetaS, for Abstract State Machine (ASM) specifications. They have been developed as part of the ASMETA (ASMs mETAmodelling) toolset, which is a set of tools for ASMs based on the metamod- elling approach of the Model-driven Engineering. We briefly present the ASMETA framework, and we discuss how the language and the simulator have been developed exploiting the advantages offered by the metamodelling approach. We introduce the language AsmetaL used to write ASM specifications, and we provide the AsmetaL encoding of ASM specifications of increasing complexity. We explain the AsmetaS ar- chitecture, its kernel engine, and how the simulator works within the ASMETA tool set. We discuss the features currently supported by the simulator and how it has been validated.

Automated deductive requirements analysis of critical systems

We advocate the need for automated support to System Requirement Analysis in the development of time- and safety-critical computer-based systems. To this end we pursue an approach based on deductive analysis: high-level, real-world entities and notions, such as events, states, finite variability, cause-effect relations, are modeled through the temporal logic TRIO, and the resulting deductive system is implemented by means of the theorem prover PVS. Throughout the paper, the constructs and features of the deductive system are illustrated and validated by applying them to the well-known example of the Generalized Railway Crossing.

A semantic framework for metamodel-based languages

In the model-based development context, metamodel-based languages are increasingly being defined and adopted either for general purposes or for specific domains of interest. However, meta-languages such as the MOF (Meta Object Facility)—combined with the OCL (Object Constraint Language) for expressing constraints—used to specify metamodels focus on structural and static semantics but have no built-in support for specifying behavioral semantics. This paper introduces a formal semantic framework for the definition of the semantics of metamodel-based languages. Using metamodelling principles, we propose several techniques, some based on the translational approach while others based on the weaving approach, all showing how the Abstract State Machine formal method can be integrated with current metamodel engineering environments to endow language metamodels with precise and executable semantics.We exemplify the use of our semantic framework by applying the proposed techniques to the OMG metamodelling framework for the behaviour specification of the Finite State Machines provided in terms of a metamodel.