Testing Software and Systems

The talk will begin with a review of general testing concepts, such as white-box and black-box testing, different realizations of oracles (including a formal behavior specification), fault models and fault coverage issues, and testing architectures. This will set the framework for the following discussion which has two parts: (a) a discussion of the history of the ICTSS conference and the issues discussed during the early times since around 1985, and (b) an overview of two ongoing research projects: (1) on testing implementations against partial-order specifications, and (2) on reverse engineering of Rich Internet Applications for vulnerability testing. The first ICTSS conference was held in Vancouver (Canada) in 1988 and was called International Workshop on Protocol Test Systems. The main question discussed at that time was how to test a protocol implementation to ensure that it satisfies all requirements of a given protocol specification (a form of black-box testing). The main issues were the modeling language used for the specification, fault models, and algorithms for obtaining test suites with given fault coverage. At the same time, standardization committees of ISO and ITU developed guidelines for architectures for protocol testing and a language (TTCN) for specifying test cases. Later, the scope of ICTSS was broadened to cover the testing of many other kinds of software systems. In the second part of the talk, we will first discuss issues that arise in testing systems against a behavior specification that defines a partial order for the interactions of the implementation. Different partial-order specification languages will be considered. Then another ongoing research project on crawling Rich Internet Applications (RIAs) is discussed. Through the testing of a given implementation, a model of the RIA is developed (this is a kind of black-box testing, but without a reference specification). The purpose here is to obtain a “complete” model of the application such that each state (i.e. each page at the user interface) of the application can be subsequently checked for security vulnerabilities or accessibility requirements. Since the state space of these applications is usually huge, we propose (a) different algorithms for obtaining the most important information relatively fast, (b) concurrent exploration by multiple crawlers, and (c) some methods for avoiding the exploration of “equivalent” and “redundant” states. Formal Modeling and Testing for Designing Future IoT Based Systems

[1]  Zheng Li,et al.  A runtime monitoring and validation framework for Web service interactions , 2006, Australian Software Engineering Conference (ASWEC'06).

[2]  Robert A. Kowalski,et al.  The Semantics of Predicate Logic as a Programming Language , 1976, JACM.

[3]  Ana R. Cavalli,et al.  Timed Extended Invariants for the Passive Testing of Web Services , 2010, 2010 IEEE International Conference on Web Services.

[4]  Assaf Schuster,et al.  Monitoring Distributed Streams using Convex Decompositions , 2015, Proc. VLDB Endow..

[5]  Zhi Xu,et al.  An EFSM-Based Passive Fault Detection Approach , 2007, TestCom/FATES.

[6]  Jorge López,et al.  Behavior evaluation for trust management based on formal distributed network monitoring , 2015, World Wide Web.

[7]  Rance Cleaveland,et al.  Using formal specifications to support testing , 2009, CSUR.

[8]  Arnaud Gonguet,et al.  An Automated Passive Testing Approach for the IMS PoC Service , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[9]  Bruno Legeard,et al.  A taxonomy of model‐based testing approaches , 2012, Softw. Test. Verification Reliab..

[10]  Krzysztof R. Apt,et al.  Contributions to the Theory of Logic Programming , 1982, JACM.

[11]  R. E. Miller,et al.  Passive testing of networks using a CFSM specification , 1998, 1998 IEEE International Performance, Computing and Communications Conference. Proceedings (Cat. No.98CH36191).

[12]  Mercedes G. Merayo,et al.  Passive testing of communicating systems with timeouts , 2015, Inf. Softw. Technol..

[13]  Stéphane Maag,et al.  A Formal Data-Centric Approach for Passive Testing of Communication Protocols , 2013, IEEE/ACM Transactions on Networking.

[14]  David Lee,et al.  Network protocol system monitoring-a formal approach with passive testing , 2006, IEEE/ACM Transactions on Networking.

[15]  Daniela E. Damian,et al.  V:Issue:lizer: Exploring requirements clarification in online communication over time , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[16]  Robert M. Hierons,et al.  Passive Testing with Asynchronous Communications , 2013, FMOODS/FORTE.

[17]  Nora Cuppens-Boulahia,et al.  Nomad: a security model with non atomic actions and deadlines , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[18]  Fatiha Zaïdi,et al.  Online Verification of Value-Passing Choreographies through Property-Oriented Passive Testing , 2012, 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering.

[19]  Tien-Dung Cao,et al.  Automated Runtime Verification for Web Services , 2010, 2010 IEEE International Conference on Web Services.

[20]  David Lee,et al.  Passive testing and applications to network management , 1997, Proceedings 1997 International Conference on Network Protocols.

[21]  Mercedes G. Merayo,et al.  PTTAC: Passive Testing Tool for Asynchronous Systems , 2014, 2014 Tenth International Conference on Signal-Image Technology and Internet-Based Systems.