Testing Model-Processing Tools for Embedded Systems

Model-based development is increasingly becoming the method of choice for developing embedded systems for applications in automotive and aerospace industries. It relies on tool-suites consisting of a variety of model-processing tools like simulators, model-translators and code-generators. The correctness of these tools used in the development process is a key requirement for safety critical applications. This paper proposes a novel testing methodology for the rigorous verification of model processing tools. The proposed methodology takes as input the syntactic and semantic meta-model of a modeling language, expressed in the form of inference rules. Using a coverage criteria over this meta-model, it generates test-models, and test-inputs for these test-models. Apart from testing the syntactic aspects of the translation, our method aims at testing subtle semantic interactions of the modeling language that are potentially mistranslated by the model-processing tools. We illustrate the methodology with a simple prototypical process calculus. We also report on the experiments carried out with Stateflow, a variant of hierarchical state-machines implemented in the Matlab/Simulink tool-suite

[1]  Daniel Jackson,et al.  Alloy: a lightweight object modelling notation , 2002, TSEM.

[2]  Gordon D. Plotkin,et al.  A structural approach to operational semantics , 2004, J. Log. Algebraic Methods Program..

[3]  Ingo Stürmer,et al.  Test suite design for code generation tools , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[4]  Boris Beizer,et al.  Software Testing Techniques , 1983 .

[5]  Amir Pnueli,et al.  Translation Validation: From SIGNAL to C , 1999, Correct System Design.

[6]  Daniel Le Métayer,et al.  CASTING: a formally based software test generation method , 1997, First IEEE International Conference on Formal Engineering Methods.

[7]  Gerda Janssens,et al.  Verification of Source Code Transformations by Program Equivalence Checking , 2005, CC.

[8]  Proceedings of the 13th IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2007, April 3-6, 2007, Bellevue, Washington, USA , 2007, IEEE Real-Time and Embedded Technology and Applications Symposium.

[9]  Wolfgang J. Paul,et al.  Towards the Formal Verification of a C0 Compiler: Code Generation and Implementation Correctnes , 2005, SEFM.

[10]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[11]  Armin Biere,et al.  SDL Versus C Equivalence Checking , 2005, SDL Forum.

[12]  J. Van Leeuwen,et al.  Handbook of theoretical computer science - Part A: Algorithms and complexity; Part B: Formal models and semantics , 1990 .

[13]  John M. Rushby,et al.  An operational semantics for Stateflow , 2004, International Journal on Software Tools for Technology Transfer.

[14]  Nick Benton Machine Obstructed Proof How many months can it take to verify 30 assembly instructions , 2006 .

[15]  Joxan Jaffar,et al.  A decision procedure for a class of set constraints , 1990, [1990] Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science.

[16]  Amir Pnueli,et al.  TVOC: A Translation Validator for Optimizing Compilers , 2005, CAV.

[17]  Peter M. Maurer,et al.  Generating test data with enhanced context-free grammars , 1990, IEEE Software.

[18]  Ingo Stürmer,et al.  Generating Test Cases for Code Generators by Unfolding Graph Transformation Systems , 2004, ICGT.

[19]  Gordon D. Plotkin,et al.  The origins of structural operational semantics , 2004, J. Log. Algebraic Methods Program..

[20]  Ralf Lämmel,et al.  Controllable Combinatorial Coverage in Grammar-Based Testing , 2006, TestCom.

[21]  Amir Pnueli,et al.  Translation Validation for Synchronous Languages , 1998, ICALP.