Analyzing interaction orderings with model checking

Human-computer interaction (HCI) systems control an ongoing interaction between end-users and computer-based systems. For software-intensive systems, a graphic user interface (GUI) is often employed for enhanced usability. Traditional approaches to validation of GUI aspects in HCI systems involve prototyping and live-subject testing. These approaches are limited in their ability to cover the set of possible human-computer interactions that a system may allow, since patterns of interaction may be long running and have large numbers of alternatives. In this paper, we propose a static analysis that is capable of reasoning about user-interaction properties of GUI portions of HCI applications written in Java using modern GUI frameworks, such as Swing/spl trade/. Our approach consists of partitioning an HCI application into three parts: the Swing library, the GUI implementation, i.e., code that interacts directly with Swing, and the underlying application. We develop models of each of these parts that preserve behavior relevant to interaction ordering. We describe how these models are generated and how we have customized a model checking framework to efficiently analyze their combination.

[1]  Kim G. Larsen,et al.  To Store or Not to Store , 2003, CAV.

[2]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[3]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[4]  Jessica Chen,et al.  Formal Modelling of Java GUI Event Handling , 2002, ICFEM.

[5]  Matthew B. Dwyer,et al.  Model-Checking Middleware-Based Event-Driven Real-Time Embedded Software , 2002, FMCO.

[6]  Matthew B. Dwyer,et al.  Bogor: an extensible and highly-modular software model checking framework , 2003, ESEC/FSE-11.

[7]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[8]  Matthias Felleisen,et al.  Modeling Web Interactions , 2003, ESOP.

[9]  Matthew B. Dwyer,et al.  Exploiting Object Escape and Locking Information in Partial-Order Reductions for Concurrent Object-Oriented Programs , 2004, Formal Methods Syst. Des..

[10]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[11]  Matthew B. Dwyer,et al.  Automated environment generation for software model checking , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[12]  M. Robby,et al.  Bogor : An Extensible and Highly Modular Model Checking Framework , 2003 .

[13]  Matthew B. Dwyer,et al.  Model checking graphical user interfaces using abstractions , 1997, ESEC '97/FSE-5.

[14]  Atif M. Memon,et al.  GUI ripping: reverse engineering of graphical user interfaces for testing , 2003, 10th Working Conference on Reverse Engineering, 2003. WCRE 2003. Proceedings..

[15]  Michael D. Harrison,et al.  Model Checking Interactor Specifications , 2001, Automated Software Engineering.

[16]  Matthew B. Dwyer,et al.  Adapting side effects analysis for modular program model checking , 2003, ESEC/FSE-11.

[17]  Stefano Crespi-Reghizzi,et al.  A scalable formal method for design and automatic checking of user interfaces , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[18]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[19]  John Rushby,et al.  Using model checking to help discover mode confusions and other automation surprises , 2002, Reliab. Eng. Syst. Saf..

[20]  Victor Carreño,et al.  Analyzing Mode Confusion via Model Checking , 1999, SPIN.

[21]  Matthew B. Dwyer,et al.  Space Reductions for Model Checking Quasi-Cyclic Systems , 2003, EMSOFT.

[22]  Fabio Paternò,et al.  Integrating Model Checking and HCI Tools to Help Designers Verify User Interface Properties , 2000, DSV-IS.