Synthesizing adaptive test strategies from temporal logic specifications

Constructing good test cases is difficult and time-consuming, especially if the system under test is still under development and its exact behavior is not yet fixed. We propose a new approach to compute test strategies for reactive systems from a given temporal logic specification using formal methods. The computed strategies are guaranteed to reveal certain simple faults in every realization of the specification and for every behavior of the uncontrollable part of the system’s environment. The proposed approach supports different assumptions on occurrences of faults (ranging from a single transient fault to a persistent fault) and by default aims at unveiling the weakest one. We argue that such tests are also sensitive for more complex bugs. Since the specification may not define the system behavior completely, we use reactive synthesis algorithms with partial information. The computed strategies are adaptive test strategies that react to behavior at runtime. We work out the underlying theory of adaptive test strategy synthesis and present experiments for a safety-critical component of a real-world satellite system. We demonstrate that our approach can be applied to industrial specifications and that the synthesized test strategies are capable of detecting bugs that are hard to detect with random testing.

[1]  Grigore Rosu,et al.  Monitoring programs using rewriting , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[2]  Mark Harman,et al.  An Analysis and Survey of the Development of Mutation Testing , 2011, IEEE Transactions on Software Engineering.

[3]  Marco Faella,et al.  Best-Effort Strategies for Losing States , 2008, ArXiv.

[4]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[5]  Margus Veanes,et al.  Optimal strategies for testing nondeterministic systems , 2004, ISSTA '04.

[6]  Margus Veanes,et al.  Play to Test , 2005, FATES.

[7]  Wei Ding,et al.  Using a model checker to test safety properties , 2001, Proceedings Seventh IEEE International Conference on Engineering of Complex Computer Systems.

[8]  Krishnendu Chatterjee,et al.  Graph Games and Reactive Synthesis , 2018, Handbook of Model Checking.

[9]  Richard J. Lipton,et al.  Hints on Test Data Selection: Help for the Practicing Programmer , 1978, Computer.

[10]  Amir Pnueli,et al.  On the synthesis of a reactive module , 1989, POPL '89.

[11]  Rajeev Alur,et al.  Distinguishing tests for nondeterministic and probabilistic machines , 1995, STOC '95.

[12]  Alexandre Petrenko,et al.  Can a Model Checker Generate Tests for Non-Deterministic Systems? , 2007, MBT.

[13]  Rüdiger Ehlers,et al.  Symbolic bounded synthesis , 2010, Formal Methods Syst. Des..

[14]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[15]  Gordon Fraser,et al.  Issues in using model checkers for test case generation , 2009, J. Syst. Softw..

[16]  Jan Tretmans,et al.  Conformance Testing with Labelled Transition Systems: Implementation Relations and Test Generation , 1996, Comput. Networks ISDN Syst..

[17]  Nina Yevtushenko,et al.  Conformance Tests as Checking Experiments for Partial Nondeterministic FSM , 2005, FATES.

[18]  Martin Leucker,et al.  Runtime Verification for LTL and TLTL , 2011, TSEM.

[19]  Orna Kupferman,et al.  Vacuity detection in temporal model checking , 2003, International Journal on Software Tools for Technology Transfer.

[20]  Gordon Fraser,et al.  Test-Case Generation and Coverage Analysis for Nondeterministic Systems Using Model-Checkers , 2007, International Conference on Software Engineering Advances (ICSEA 2007).

[21]  Aditya P. Mathur,et al.  Foundations of Software Testing , 2007 .

[22]  Massimo Tipaldi,et al.  Survey on Fault Detection, Isolation, and Recovery Strategies in the Space Domain , 2015, J. Aerosp. Inf. Syst..

[23]  Alexandre Petrenko,et al.  Test Selection Based on Communicating Nondeterministic Finite-State Machines Using a Generalized WP-Method , 1994, IEEE Trans. Software Eng..

[24]  Nina Yevtushenko,et al.  Generating Checking Sequences for Nondeterministic Finite State Machines , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[25]  Bernhard K. Aichernig,et al.  Killing strategies for model‐based mutation testing , 2015, Softw. Test. Verification Reliab..

[26]  Kavita Ravi,et al.  Fate and free will in error traces , 2004, International Journal on Software Tools for Technology Transfer.

[27]  Gordon Fraser,et al.  Testing with model checkers: a survey , 2009, Softw. Test. Verification Reliab..

[28]  Roderick Bloem,et al.  PARTY Parameterized Synthesis of Token Rings , 2013, CAV.

[29]  Marco Faella,et al.  Admissible Strategies in Infinite Games over Graphs , 2009, MFCS.

[30]  A. Jefferson Offutt,et al.  Investigations of the software testing coupling effect , 1992, TSEM.

[31]  Wolfgang Grieskamp,et al.  Formal Approaches to Software Testing, 5th International Workshop, FATES 2005, Edinburgh, UK, July 11, 2005, Revised Selected Papers , 2006, FATES.

[32]  Roderick Bloem,et al.  Synthesizing adaptive test strategies from temporal logic specifications , 2016, 2016 Formal Methods in Computer-Aided Design (FMCAD).

[33]  Nina Yevtushenko,et al.  Adaptive Testing of Nondeterministic Systems with FSM , 2014, 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering.

[34]  Kohei Miyase,et al.  XID: Don't care identification of test patterns for combinational circuits , 2004, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[35]  Gordon Fraser,et al.  Testing with model checkers: a survey , 2009 .

[36]  Kim G. Larsen,et al.  A Game-Theoretic Approach to Real-Time System Testing , 2008, 2008 Design, Automation and Test in Europe.

[37]  Alexandre Petrenko,et al.  Generalizing the DS-Methods for Testing Non-Deterministic FSMs , 2015, Comput. J..

[38]  K AichernigBernhard,et al.  Killing strategies for model-based mutation testing , 2015 .

[39]  Orna Kupfermant,et al.  Synthesis with Incomplete Informatio , 2000 .

[40]  Gordon Fraser,et al.  Reachability and Propagation for LTL Requirements Testing , 2008, 2008 The Eighth International Conference on Quality Software.

[41]  Isil Dillig,et al.  Minimum Satisfying Assignments for SMT , 2012, CAV.

[42]  Orna Grumberg,et al.  Enhanced Vacuity Detection in Linear Temporal Logic , 2003, CAV.

[43]  Roderick Bloem,et al.  Debugging formal specifications: a practical approach using model-based diagnosis and counterstrategies , 2011, International Journal on Software Tools for Technology Transfer.

[44]  Robert M. Hierons Applying adaptive test cases to nondeterministic implementations , 2006, Inf. Process. Lett..

[45]  Mihalis Yannakakis,et al.  Testing, Optimizaton, and Games , 2004, ICALP.

[46]  Bernd Finkbeiner,et al.  Bounded synthesis , 2012, International Journal on Software Tools for Technology Transfer.

[47]  Andreas Pieris,et al.  IJCAI 2013, Proceedings of the 23rd International Joint Conference on Artificial Intelligence, Beijing, China, August 3-9, 2013 , 2013, AAAI 2013.

[48]  Ilan Beer,et al.  Efficient Detection of Vacuity in Temporal Model Checking , 2001, Formal Methods Syst. Des..

[49]  Klaus Schneider,et al.  An Asymptotically Correct Finite Path Semantics for LTL , 2012, LPAR.

[50]  Giuseppe De Giacomo,et al.  Linear Temporal Logic and Linear Dynamic Logic on Finite Traces , 2013, IJCAI.

[51]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.