1 / 35

Formal Testing with Input-Output Transition Systems

Formal Testing with Input-Output Transition Systems . Ed Brinksma Course 2004. Formal Testing. s  SPECS. der : SPECS   (TESTS). imp. T s  TESTS. IUT  IMPS. pass. i IUT  MODS. exec : TESTS  IMPS   (OBS). obs : TESTS  MODS   (OBS).

inez
Télécharger la présentation

Formal Testing with Input-Output Transition Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Formal Testing withInput-Output Transition Systems Ed Brinksma Course 2004

  2. Formal Testing s SPECS der : SPECS (TESTS) imp Ts  TESTS IUT IMPS pass iIUT MODS exec : TESTS  IMPS (OBS) obs : TESTS  MODS (OBS) t: (OBS) {fail,pass} OBS fail Test hypothesis : IUTIMPS . iIUT MODS . tTESTS . exec(t,IUT) = obs(t,iIUT) Proof soundness and exhaustivess: iMODS . ( tder(s) . t(obs(t,i)) = pass ) i imp s

  3. Input-Output Transition Systems ? ? S0 dub kwart ! ! S1 S2 coffee tea S4 S3 dub, kwart coffee, tea from user to machine from machine to userinitiative with user initiative with machinemachine cannot refuse user cannot refuse input outputLILU LI  LU =  LI  LU = L LI = { ?dub, ?kwart } LU = { !coffee, !tea }

  4. Input-Output Transition Systems ?dub ?kwart ?dub?kwart ?dub?kwart !coffee !tea ?dub?kwart ?dub?kwart ?a S Input-Output Transition Systems IOTS (LI ,,LU )  LTS (LI , LU ) IOTS is LTS with Input-Outputand always enabled inputs: for all states s,for all inputs ?a  LI : LI = { ?dub, ?kwart } LU = { !coffee, !tea }

  5. Input-Output Transition Systems ?kwart ?kwart ?kwart?dub ?dub ?dub?kwart !coffee !tea ?dub?kwart ?dub?kwart ?dub?kwart ?kwart ?dub ?dub ?dub ?kwart?dub ?kwart?dub !coffee !coffee !tea ?dub?kwart ?dub?kwart

  6. Labelled Transition System Testing ioco • SPECS  LTS ( LILU )  LTS • MODS  IOTS (LI , LU )  LTS • TESTS  TTS ( LU , LI )  LTS • OBS  traces • obs  t || i • der  der : LTS   ( LTS ) • Which imp ? • (strong, weak, branching, ... ) bisimulation • trace-, testing-, refusal - preorder / equivalence • conf, conf*, aconf, • ioconf, ioco, miocoF

  7. Formal Correctness Input Output Automata quiescence refusal testing canonical tester testing equivalences ioco

  8. Preorders on Transition Systems  implementationi specifications environmente environmente is  e  E. obs ( e, i )  obs (e, s ) i LTS s LTS ? ? ?

  9. Preorders onInput-Output Transition Systems implementationi specifications environmente environmente imp s LTS(LILU) i IOTS(LI,LU) imp  IOTS (LI,LU) x LTS (LILU) Observing IOTS where system inputs interact with environment outputs, and v.v.

  10. Preorders onInput-Output Transition System implementationi specifications environmente environmente imp s LTS(LILU) i IOTS(LI,LU) iimps eE. obs (e, i )  obs (e, s ) IOTS(LU,LI)

  11. Input-Output Testing Relation implementationi specifications environmente environmente iot s LTS(LILU) i IOTS(LI,LU) iiots eIOTS(LU,LI). obs (e, i )  obs (e, s ) obs (e, p )= ( traces (e||i ), Ctraces (e||i ) )

  12. Input-Output Refusal Relation implementationi specifications environmente environmente ior s LTS(LILU) i IOTS(LI,LU) iiors eIOTS(LU,LI {}). obs (e, i )  obs (e, s ) obs (e, p )= ( traces (e||i ), Ctraces (e||p) )

  13. Input-Output Testing Relation i,s  LTS : ites eLTS. obs (e, i )  obs (e, s )  FP ( i ) FP ( s ) FP ( p ) ={ ,A | A L, traces(p),p afer  refuses A} i IOTS(LI,LU): iiots eIOTS(LU,LI). obs (e, i )  obs (e, s ) inputs can never be refused by i outputs can never be refused by e : i afer  refuses A A= or A= LU

  14. Input-Output Testing Relation LU  !x ii= ii =  !xLU{} : i i IOTS(LI,LU): iiots eIOTS(LU,LI). obs (e, i )  obs (e, s )  FP ( i ) FP ( s )  { | traces(i),i afer  refuses }  { | traces(s),s afer  refuses } and { | traces(i),i afer  refuses LU}  { | traces(s),s afer  refuses LU}  traces(i)  traces(s)and Qtraces(i)Qtraces(s) Qtraces : Quiescent traces = traces ending in quiescence

  15. Input-Output Refusal Relation A    A  {} : i Failure A :  ii  ( L ( L) )* :i Failure trace :   Failure traces ofi : Ftraces ( i ) = {  ( L ( L) )* |i }  i IOTS(LI,LU): iiors eIOTS(LU,LI {}). obs (e, i )  obs (e, s )  Ftraces( i )  Ftraces ( s ) where: inputs can never be refused by i outputs can never be refused by e : i afer  refuses A A= or A= LU

  16. Input-Output Refusal Relation  Straces (i) = Ftraces ( i )  (L{LU})*= {  (L{})* | i } i IOTS(LI,LU): iiors eIOTS(LU,LI {}). obs (e, i )  obs (e, s )  Ftraces( i )  Ftraces ( s )  Straces( i )  Straces ( s ) Straces : Suspension traces = Failure traces restricted to refusals quiescence LU = 

  17. Input-Output Refusal Relation  !x out ( iafter ) = { !xLU {}| i } out ( I ) = { !xLU | i!x, iI }  { | ii, i S } i IOTS(LI,LU): iiors eIOTS(LU,LI {}). obs (e, i )  obs (e, s )  Straces( i )  Straces ( s )  (L{})*: out ( iafter ) out ( safter) where:

  18. Implementation Relation ioco i IOTS(LI,LU): iiors  (L{})*: out ( iafter ) out ( safter) To allow under-specification : iiocos  Straces( s ) : out ( iafter ) out ( safter)

  19. Implementation Relation ioco Correctness expressed by implementation relation ioco: iiocos =defStraces (s) : out (iafter )  out (safter) Intuition: i ioco-conforms to s, iff • if i produces output x after trace , then s can produce x after  • if i cannot produce any output after trace , then s cannot produce any output after  (quiescence)

  20. Implementation Relationioco out ( P) = { !xLU | p, pP } { | pp, pP } LU   !x pp = p p =  !xLU{} : p   Straces (s) = Ftraces (s)  (L{LU})*= {  (L{})* | s } !x pafter= { p’ | pp’ } iiocos =defStraces (s) : out (iafter ) out (safter)

  21. Implementation Relation ioco i d ?kwart ?dub ?dub ?kwart !coffee ?dub ?kwart d iiocos =defStraces (s) : out (iafter )  out (safter) {d} { !coffee } { !coffee } {d} {d}   {d} out ( iaftere )= out ( iafter ?dub ) = out ( iafter ?dub.?dub ) = out ( iafter ?dub.!coffee) = out ( iafter ?kwart ) = out ( iafter !coffee ) = out ( iafter ?dub.!tea ) = out ( iafterd ) =

  22. Implementation Relation ioco i s ?dub ?dub ?dub !coffee !coffee ?dub iiocos =defStraces (s) : out (iafter )  out (safter) ioco out (iaftere) = {d } out (iafter ?dub) = { !coffee } out (iafter ?dub.!coffee) = {d } out (saftere) = { d} out (safter ?dub) = { !coffee } out (safter ?dub.!coffee) = {d}

  23. Implementation Relation ioco i s ?dub ?dub ?dub !coffee !tea !coffee ?dub iiocos =defStraces (s) : out (iafter )  out (safter) ioco out (iafter ?dub) = { !coffee } out (safter ?dub) = { !coffee, !tea }

  24. Implementation Relation ioco i s ?dub ?dub ?dub !coffee !tea !coffee ioco ?dub ?dub  out (iafter ?dub) = { !coffee, !tea } out (safter ?dub) = { !coffee} iiocos =defStraces (s) : out (iafter )  out (safter)

  25. Implementation Relation ioco i s ?dub ?dub ?dub ?dub ?dub !coffee !tea !coffee !tea ?dub ?dub out (iafter ?dub) = { !coffee, !tea } out (safter ?dub) = { !coffee, !tea} iiocos =defStraces (s) : out (iafter )  out (safter) ioco

  26. Implementation Relation ioco i s ?dub ?kwart ?dub ?dub ?kwart !coffee !coffee !tea iiocos =defStraces (s) : out (iafter )  out (safter) ioco out (iafter ?dub) = { !coffee } out (iafter ?kwart) = { !tea } out (safter ?dub) = { !coffee }out (safter ?kwart) =  But ?kwart Straces ( s )

  27. Implementation Relation ioco i s ?dub ?kwart ?dub ?kwart ?dub ?kwart !coffee !coffee !tea !tea out (iafter ?dub) = { !coffee } out (iafter ?kwart) = { !tea } out (safter ?dub) = { !coffee }out (safter ?kwart) = { !tea } iiocos =defStraces (s) : out (iafter )  out (safter) ioco

  28. Implementation Relation ioco s i ?kwart ?dub ?kwart ?dub ?dub ?kwart !coffee !coffee !tea ioco ?dub ?kwart out (iafter ?kwart) = { d} out (safter ?kwart) = { !tea } iiocos =defStraces (s) : out (iafter )  out (safter)

  29. Implementation Relation ioco i s ?dub ?dub ?dub ?dub ?dub !coffee !coffee ioco ?dub iiocos =defStraces (s) : out (iafter )  out (safter) out (iafter ?dub) = { d, !coffee } out (safter ?dub) = { !coffee }

  30. Implementation Relation ioco i s ?dub ?dub ?dub ?dub ?dub t !coffee !coffee ?dub iiocos =defStraces (s) : out (iafter )  out (safter) ioco out (iafter ?dub) = { d, !coffee } out (safter ?dub) = { d, !coffee }

  31. Implementation Relation ioco ?dub ?dub ?dub ?dub s ioco i ?dub ?dub ?dub ?dub !tea !tea ?dub ?dub ?dub ?dub !tea !coffee !coffee ?dub ?dub ?dub iiocos =defStraces (s) : out (iafter )  out (safter) s i i ioco s out (iafter ?dub.?dub) = out (safter ?dub.?dub) = { !tea, !coffee } out (iafter ?dub.d.?dub) = { !coffee } out (safter ?dub.d.?dub) = { !tea, !coffee }

  32. Implementation Relation ioco ?kwart ioco ?dub?kwart ioco ?dub !coffee !tea ?dub?kwart ioco ioco ?dub ?kwart ?dub ioco ioco !coffee !coffee !tea

  33. Implementation Relation ioco implementation i specification s ? x (x < 0) ? x (x < 0) ! x ? x (x >= 0) ! -x ! x ? x (x >= 0) ? y ? y sioco i iiocos =defStraces (s) : out (iafter )  out (safter) equation solver for y2 =x : iioco s

  34. Genealogy of ioco Labelled Transition Systems IOTS (IOA, IOSM, IOLTS) Canonical Testerconf Testing Equivalences(Preorders) Quiescent Trace Preorder Repetitive QuiescentTrace Preorder(Suspension Preorder) Refusal Equivalence(Preorder) ioconf ioco

  35. Formal Testing with Transition Systems s  LTS der : LTS(TTS) ioco Ts TTS IUT IMPS pass t: (traces){fail,pass} iIUT IOTS exec : TESTS  IMPS (OBS) obs : TTS IOTS (traces) traces fail Test hypothesis : IUTIMPS . iIUT IOTS . tTTS . exec(t,IUT) = obs(t,iIUT) Soundness and exhaustivess proved: iIOTS . ( tder(s) . t(obs(t,i)) = pass ) iiocos

More Related