Sung Deok Cha

Test cases generation from UML state diagrams

The paper discusses the application of state diagrams in UML to class testing. A set of coverage criteria is proposed based on control and data flow in UML state diagrams and it is shown how to generate test cases satisfying these criteria from UML state diagrams. First, control flow is identified by transforming UML state diagrams into extended finite state machines (EFSMs). The hierarchical and concurrent structure of states is flattened and broadcast communications are eliminated in the resulting EFSMs. Second, data flow is identified by transforming EFSMs into flow graphs to which conventional data flow analysis techniques can be applied.

Data flow testing as model checking

This paper presents a model checking-based approach to dataflow testing. We characterize dataflow oriented coverage criteria in temporal logic such that the problem of test generation is reduced to the problem of finding witnesses for a set of temporal logic formulas. The capability of model checkers to construct witnesses and counterexamples allows test generation to be fully automatic. We discuss complexity issues in minimal cost test generation and describe heuristic test generation algorithms. We illustrate our approach using CTL as temporal logic and SMV as model checker.

A test sequence selection method for statecharts

This paper presents a method for the selection of test sequences from statecharts. It is shown that a statechart can be transformed into a flow graph modelling the flow of both control and data in the statechart. The transformation enables the application of conventional control and data flow analysis techniques to test sequence selection from statecharts. The resulting set of test sequences provides the capability of determining whether an implementation establishes the desired flow of control and data expressed in statecharts. Copyright

Integration and analysis of use cases using modular Petri nets in requirements engineering

It is well known that requirements engineering plays a critical role in software quality. The use case approach is a requirements elicitation technique commonly used in industrial applications. Software requirements are stated as a collection of use cases, each of which is written in the users perspective and describes a specific flow of events in the system. The use case approach offers several practical advantages in that use case requirements are relatively easy to describe, understand, and trace. Unfortunately, there are a couple of major drawbacks. Since use cases are often stated in natural languages, they lack formal syntax and semantics. Furthermore, it is difficult to analyze their global system behavior for completeness and consistency, partly because use cases describe only partial behaviors and because interactions among them are rarely represented explicitly. We propose the Constraints-based Modular Petri Nets (CMPNs) approach as an effective way to formalize the informal aspects of use cases. CMPNs, an extension of Place/Transition nets, allow the formal and incremental specification of requirements. The major contributions of the paper, in addition to the formal definitions of CMPNs, are the development of: 1) a systematic procedure to convert use cases stated in natural language to a CMPN model; and 2) a set of guidelines to find inconsistency and incompleteness in CMPNs. We demonstrate an application of our approach using use cases developed for telecommunications services.

SAD: web session anomaly detection based on parameter estimation

Web attacks are too numerous in numbers and serious in potential consequences for modern society to tolerate. Unfortunately, current generation signature-based intrusion detection systems (IDS) are inadequate, and security techniques such as firewalls or access control mechanisms do not work well when trying to secure web services. In this paper, we empirically demonstrate that the Bayesian parameter estimation method is effective in analyzing web logs and detecting anomalous sessions. When web attacks were simulated with Whisker software, Snort, a well-known IDS based on misuse detection, caught only slightly more than one third of web attacks. Our technique, session anomaly detection (SAD), on the other hand, detected nearly all such attacks without having to rely on attack signatures at all. SAD works by first developing normal usage profile and comparing the web logs, as they are generated, against the expected frequencies. Our research indicates that SAD has the potential of detecting previously unknown web attacks and that the proposed approach would play a key role in developing an integrated environment to provide secure and reliable web services.

Testing of object-oriented programs based on finite state machines

In object-oriented testing literature, a class is considered to be a basic unit of testing. A major characteristic of classes is the interaction between data members and member functions. This interaction is represented as definitions and uses of data members in member functions and can be properly modeled with finite state machines (FSM). We discuss how FSMs can be effectively used for class testing. We demonstrate how to specify the behavior of classes using FSMs and present a test case generation technique based on FSMs. In our technique, FSMs are transformed into a flow of the graph from which we can explicitly identify data flows of the FSM. Then we generate test cases using conventional data flow testing techniques upon the flow graph.

A formal software requirements specification method for digital nuclear plant protection systems

This article describes NuSCR, a formal software requirements specification method for digital plant protection system in nuclear power plants. NuSCR improves the readability and specifiability by providing graphical or tabular notations depending on the type of operations. NuSCR specifications can be formally analyzed for completeness, consistency, and against the properties specified in temporal logic. We introduce the syntax and semantics of NuSCR and demonstrate the effectiveness of the approach using reactor protection system, digital protection system being developed in Korea, as a case study.

An empirical evaluation of six methods to detect faults in software

Although numerous empirical studies have been conducted to measure the fault detection capability of software analysis methods, few studies have been conducted using programs of similar size and characteristics. Therefore, it is difficult to derive meaningful conclusions on the relative detection ability and cost‐effectiveness of various fault detection methods. In order to compare fault detection capability objectively, experiments must be conducted using the same set of programs to evaluate all methods and must involve participants who possess comparable levels of technical expertise. One such experiment was ‘Conflict1’, which compared voting, a testing method, self‐checks, code reading by stepwise refinement and data‐flow analysis methods on eight versions of a battle simulation program. Since an inspection method was not included in the comparison, the authors conducted a follow‐up experiment ‘Conflict2’, in which five of the eight versions from Conflict1 were subjected to Fagan inspection. Conflict2 examined not only the number and types of faults detected by each method, but also the cost‐effectiveness of each method, by comparing the average amount of effort expended in detecting faults. The primary findings of the Conflict2 experiment are the following. First, voting detected the largest number of faults, followed by the testing method, Fagan inspection, self‐checks, code reading and data‐flow analysis. Second, the voting, testing and inspection methods were largely complementary to each other in the types of faults detected. Third, inspection was far more cost‐effective than the testing method studied. Copyright

Formal Modeling and Verification of Safety-Critical Software

Rigorous quality demonstration is important when developing safety-critical software such as a reactor protection system (RPS) for a nuclear power plant. Although using formal methods such as formal modeling and verification is strongly recommended, domain experts often reject formal methods for four reasons: there are too many candidate techniques, the notations appear complex, the tools often work only in isolation, and output is often too difficult for domain experts to understand. A formal-methods-based process that supports development, verification and validation, and safety analysis can help domain experts overcome these obstacles. Nuclear engineers can also use CASE tools to apply formal methods without having to know details of the underlying formalism. The authors spent more than seven years working with nuclear engineers in developing RPS software and applying formal methods. The engineers and regulatory personnel found the process effective and easy to apply with the integrated tool support.

A Verification Framework for FBD Based Software in Nuclear Power Plants

Formal verification of function block diagram (FBD) based software is an essential task when replacing traditional relay-based analog system with PLC-based software in nuclear reactor protection system (RPS). FBD programs are developed manually and revised frequently in process of development. There are a set of properties to be verified formally, which all FBD releases should satisfy. Whenever FBDs are modified, there is also a need to verify behavioral equivalence of subsequently modified FBDs. This paper proposes a software verification framework for FBD software in nuclear power plants. It uses SMV model checker for verifying whether an FBD meets its required properties, and VIS verification system for checking behavioral equivalence between modified FBDs. A case study, conducted using a nuclear power plant shutdown system being developed in Korea, demonstrated that the proposed verification framework is effective and useful.