Nicolas Rapin

Symbolic execution techniques for test purpose definition

We propose an approach to test whether a system conforms to its specification given in terms of an Input/Output Symbolic Transition System (IOSTS). IOSTSs use data types to enrich transitions with data-based messages and guards depending on state variables. We use symbolic execution techniques both to extract IOSTS behaviours to be tested in the role of test purposes and to ground an algorithm of test case generation. Thus, contrarily to some already existing approaches, our test purposes are directly expressed as symbolic execution paths of the specification. They are finite symbolic subtrees of its symbolic execution. Finally, we give coverage criteria and demonstrate our approach on a running example.

Automatic test generation with AGATHA

This tool demonstration paper describes the AGATHA toolset, developed at CEA/LIST. It is an automated test generator for specifications of communicating concurrent units described using an EIOLTS (Extended Input Output Labeled Transition System) formalism which can be extracted, for example, from UML specification.

Symbolic execution techniques for refinement testing

We propose an approach to test whether an abstract specification is refined or not by a more concrete one. The specifications are input/output symbolic transition systems (IOSTS). The refinement relation requires that all traces of the abstract system are also traces of the concrete system, up to some signature inclusion. Our work takes inspiration from the conformance testing area. Symbolic execution techniques allow us to select traces of the abstract system and to submit them on the concrete specification. Each trace execution leads to a verdict Fail, Pass or Warning. The verdict Pass is provided with a formula which has to be verified by the values only manipulated at the level of the concrete specification in order to ensure the refinement relation. The verdict Warning reports that the concrete specification has not been sufficiently explored to give a reliable verdict. This is thus a partial verification process, related to the quality of the set of selected traces and of the exploration of the concrete specification. Our approach has been implemented and is demonstrated on a simple example.

Symbolic Execution Based Model Checking of Open Systems with Unbounded Variables

We describe fundamental aspects of a method we have developed in order to check linear temporal logic formulas over Input Output Symbolic Transition Systems (IOSTSs). IOSTSs are used to describe reactive systems with communication channels and variables of different types ; in particular variables can take unbounded values. Thus the method can be applied to open systems, communicating with their environment, or with other modules that are not precisely specified. The method consists in a semi-decision algorithm based on symbolic execution techniques, usually used for tests generation purposes. We provide an adaptation of this technique in order to evaluate a LTL formula along a symbolic path ; moreover we have developed a termination criterion of the semi-decision algorithm for IOSTSs whose data part is specified by a decidable first order theory.

Enhanced Quality Using Intensive Test and Analysis on Simulators

Embedded systems are becoming ubiquitous and are subject to demanding standards in both safety and reliability. Modern vehicles, which must respect ISO 26262 standards, use up to 100 Electronic Control Unit (ECUs). Advances in microelectronics enable integration of more functions in the ECU, but at the cost of greater unreliability in hostile operating environments, such as electromagnetic fields, temperature, and humidity. Their software mainly drives embedded system flexibility and smartness. However due to lack of automation, its validation and verification (V&V) takes place throughout the design process and tends to swallow up 40% to 50% of the total development cost. The “Enhanced Quality Using Intensive Test Analysis on Simulators” (EQUITAS) project intends to limit the impact of software V&V on embedded systems cost and time-to-market while improving reliability and functional safety. Project activities include: development of a continuous tool-chain to automate the V&V process of embedded computers, improving the relevance of the test campaigns by detecting the redundant tests using equivalence classes, providing assistance for hardware failure effect analysis (FMEA), and finally assessing the tool-chain under the ISO 26262 requirements.

An end-to-end framework for safe software development

Abstract It is largely recognized that the architectures of embedded systems are becoming more and more complex both at hardware and software levels. Despite the significant advances in the development tools, developing the software of such systems while ensuring their safety is still a difficult task. In this paper, we propose an end-to-end programming framework to ease the development of safe software systems. The programming framework, supported by a proper methodology and workflow, make it possible to design safe/secure software that implements functional requirements while respecting multiple non-functional requirements and mastering architectural complexity, time-to-market and cost. The programming framework is based on five concepts: (1) model-based system engineering: MBSE, (2) design-by-contract approach, (3) formal analysis of models based on symbolic execution, (4) code generation, and (5) static and dynamic code analysis. The effectiveness of the methodology has been demonstrated through multiple use-cases. The framework is realized using CEA LIST ( http://www-list.cea.fr/en/ ) open-source development platforms: Papyrus, Frama-C, and UNISIM-VP. These platforms are results of many research and industrial projects such as FP7-SafeAdapt 1 , FUI-EQUITAS 2 , FP7-STANCE 3 , CATRENE-OpenES 4 , FSN-SESAM Grids 5 , and H2020-VESSEDIA 6 .