Games and Scenarios for Real-Time System Validation

This thesis presents research on the validation of real-time embedded software systems in the context of model-based development. The thesis proposes scenariobased and game-theoretic approaches to system analysis, verification, synthesis and testing to address the challenges that arise from the system characteristics of environment uncertainties, complex process interactions, quantitative timing constraints, partial observability and combinations thereof. We make timed extensions to live sequence chart (LSC) such that the interprocess behaviors and scenario-based requirements of concurrent communicating real-time systems can be modeled and specified with LSC. By translating LSC to timed automata (TAs), we reduce scenario-based model consistency checking and property verification to CTL real-time model checking problems, and reduce scenario-based synthesis to a timed game solving problem. By linking our prototype translators with existing model checker Uppaal and game solver Uppaal-Tiga, we show that these methods contribute to the interaction correctness and timeliness of early system designs. The thesis also shows that testing a real-time reactive system can be viewed as playing a timed game between the tester and the system under test (SUT). We propose methods of using winning strategies as test cases for black-box conformance testing. The methods are generalized to problems where only possibly winning game strategies can be obtained. In this case continued testing requires some early-stage “cooperations” from the SUT. Furthermore, we adapt the methods to the partial observability settings where only imperfect information about the SUT is available. All these methods contribute to the improved ability to test for reactivity correctness and timeliness of the systems in question. Experimental evaluations with case studies indicate that the proposed approaches are conceptually, algorithmically and computationally viable.

[1]  Jun Sun,et al.  Synthesis of Distributed Processes from Scenario-Based Specifications , 2005, FM.

[2]  Jan Tretmans,et al.  Testing Concurrent Systems: A Formal Approach , 1999, CONCUR.

[3]  Jochen Klose,et al.  Scenario-Based Monitoring and Testing of Real-Time UML Models , 2001, UML.

[4]  Hillel Kugler,et al.  Compositional Synthesis of Reactive Systems from Live Sequence Chart Specifications , 2009, TACAS.

[5]  Jun Sun,et al.  Realizing Live Sequence Charts in SystemVerilog , 2007, First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering (TASE '07).

[6]  Rajeev Alur,et al.  Model-Checking in Dense Real-time , 1993, Inf. Comput..

[7]  Thierry Jéron,et al.  Test Cases Generation for Nondeterministic Real-Time Systems , 2003, FATES.

[8]  Margus Veanes,et al.  Online testing with model programs , 2005, ESEC/FSE-13.

[9]  Jan Tretmans,et al.  Test Generation with Inputs, Outputs, and Quiescence , 1996, TACAS.

[10]  David Harel,et al.  LSCs: Breathing Life into Message Sequence Charts , 1999, Formal Methods Syst. Des..

[11]  Amir Pnueli,et al.  Controller Synthesis from LSC Requirements , 2009, FASE.

[12]  Stavros Tripakis,et al.  On-the-Fly Controller Synthesis for Discrete and Dense-Time Systems , 1999, World Congress on Formal Methods.

[13]  Thomas A. Henzinger,et al.  Robust Timed Automata , 1997, HART.

[14]  Paul Pettersson,et al.  Model-Based Testing of a WAP Gateway: An Industrial Case-Study , 2006, FMICS/PDMC.

[15]  Bernd Westphal,et al.  Check It Out: On the Efficient Formal Verification of Live Sequence Charts , 2006, CAV.

[16]  Peter Liggesmeyer,et al.  Qualitätssicherung Software-basierter technischer Systeme – Problembereiche und Lösungsansätze , 1998, Informatik-Spektrum.

[17]  Amir Pnueli,et al.  Temporal Logic for Scenario-Based Specifications , 2005, TACAS.

[18]  Mihalis Yannakakis,et al.  Testing, Optimizaton, and Games , 2004, ICALP.

[19]  Jun Sun,et al.  Model checking live sequence charts , 2005, 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05).

[20]  Joseph Sifakis,et al.  On the Synthesis of Discrete Controllers for Timed Systems (An Extended Abstract) , 1995, STACS.

[21]  Sanjai Rayadurgam,et al.  Coverage based test-case generation using model checkers , 2001, Proceedings. Eighth Annual IEEE International Conference and Workshop On the Engineering of Computer-Based Systems-ECBS 2001.

[22]  David Harel,et al.  Modeling and Verification of a Telecommunication Application Using Live Sequence Charts and the Play-Engine Tool , 2005, ATVA.

[23]  Pierre-Yves Schobbens,et al.  The computational complexity of scenario-based agent verification and design , 2007, J. Appl. Log..

[24]  Amir Pnueli,et al.  Smart play-out extended: time and forbidden elements , 2004, Fourth International Conference onQuality Software, 2004. QSIC 2004. Proceedings..

[25]  A. Pnueli,et al.  CONTROLLER SYNTHESIS FOR TIMED AUTOMATA , 2006 .

[26]  Hillel Kugler,et al.  Testing Scenario-Based Models , 2007, FASE.

[27]  Kim G. Larsen,et al.  Time-Optimal Real-Time Test Case Generation Using Uppaal , 2003, FATES.

[28]  Robert M. Keller,et al.  Formal verification of parallel programs , 1976, CACM.

[29]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[30]  Jan Tretmans,et al.  Testing Transition Systems: An Annotated Bibliography , 2000, MOVEP.

[31]  Yves Bontemps,et al.  Relating Inter-Agent and Intra-Agent Specifications (The Case of Live Sequence Charts) , 2005 .

[32]  Kim G. Larsen,et al.  Automatic Synthesis of Robust and Optimal Controllers - An Industrial Case Study , 2009, HSCC.

[33]  Wang Yi,et al.  Time-abstracted Bisimulation: Implicit Specifications and Decidability , 1997, Inf. Comput..

[34]  David L. Dill,et al.  Timing Assumptions and Verification of Finite-State Concurrent Systems , 1989, Automatic Verification Methods for Finite State Systems.

[35]  Ferhat Khendek,et al.  Timed test cases generation based on state characterization technique , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[36]  Thierry Jéron,et al.  TGV : theory , principles and algorithms A tool for the automatic synthesis of conformance test cases for non-deterministic reactive systems , 2004 .

[37]  Duncan Clarke,et al.  Testing Real-Time Constraints in a Process Algebraic Setting , 1995, 1995 17th International Conference on Software Engineering.

[38]  Ganesh Gopalakrishnan,et al.  Live sequence charts applied to hardware requirements specification and verification , 2005, International Journal on Software Tools for Technology Transfer.

[39]  Jussi Lahtinen Model checking timed safety instrumented systems , 2008 .

[40]  Margus Veanes,et al.  Online Testing with Reinforcement Learning , 2006, FATES/RV.

[41]  Kim G. Larsen,et al.  Timed I/O automata: a complete specification theory for real-time systems , 2010, HSCC '10.

[42]  Thomas A. Henzinger,et al.  Real-time system = discrete system + clock variables , 1994, International Journal on Software Tools for Technology Transfer.

[43]  Stephan Merz,et al.  Model Checking , 2000 .

[44]  K. Larsen,et al.  Online Testing of Real-time Systems Using Uppaal , 2004, FATES.

[45]  Axel van Lamsweerde,et al.  Formal specification: a roadmap , 2000, ICSE '00.

[46]  Alan Hartman,et al.  The AGEDIS tools for model based testing , 2004, ISSTA '04.

[47]  Luciano Lavagno,et al.  Uml for Real: Design Of Embedded Real-Time Systems , 2010 .

[48]  David Harel,et al.  Synthesizing State-Based Object Systems from LSC Specifications , 2000, Int. J. Found. Comput. Sci..

[49]  P. Ramadge,et al.  Supervisory control of a class of discrete event processes , 1987 .

[50]  Rajeev Alur,et al.  Distinguishing tests for nondeterministic and probabilistic machines , 1995, STOC '95.

[51]  Wolfgang Grieskamp,et al.  Formal Approaches to Software Testing, 5th International Workshop, FATES 2005, Edinburgh, UK, July 11, 2005, Revised Selected Papers , 2006, FATES.

[52]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[53]  Rajeev Alur,et al.  Decision Problems for Timed Automata: A Survey , 2004, SFM.

[54]  Supratik Mukhopadhyay,et al.  Dynamic Message Sequence Charts , 2002, FSTTCS.

[55]  Leslie Lamport,et al.  Real Time is Really Simple , 2005 .

[56]  Jochen Klose,et al.  An Automata Based Interpretation of Live Sequence Charts , 2001, TACAS.

[57]  Brian Nielsen,et al.  Test generation for time critical systems: Tool and case study , 2001, Proceedings 13th Euromicro Conference on Real-Time Systems.

[58]  T.C. Lethbridge,et al.  Guide to the Software Engineering Body of Knowledge (SWEBOK) and the Software Engineering Education Knowledge (SEEK) - a preliminary mapping , 2001, 10th International Workshop on Software Technology and Engineering Practice.

[59]  Stavros Tripakis,et al.  Interesting Properties of the Real-Time Conformance Relation , 2006, ICTAC.

[60]  Angelo Gargantini,et al.  Using Spin to Generate Testsfrom ASM Specifications , 2003, Abstract State Machines.

[61]  Kim G. Larsen,et al.  Playing Games with Timed Games , 2009, ADHS.

[62]  K. V. S. Prasad A Calculus of Broadcasting Systems , 1991, Sci. Comput. Program..

[63]  Jan Tretmans,et al.  TorX: Automated Model-Based Testing , 2003 .

[64]  Karlis Cerans,et al.  Decidability of Bisimulation Equivalences for Parallel Timer Processes , 1992, CAV.

[65]  Insup Lee,et al.  Data flow testing as model checking , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[66]  Jan Tretmans,et al.  Test Generation with Inputs, Outputs and Repetitive Quiescence , 1996, Softw. Concepts Tools.

[67]  David Harel,et al.  Come, let's play - scenario-based programming using LSCs and the play-engine , 2003 .

[68]  Brian Nielsen,et al.  Formal Approaches to Software Testing, 4th International Workshop, FATES 2004, Linz, Austria, September 21, 2004, Revised Selected Papers , 2005, FATES.

[69]  Loe M. G. Feijs,et al.  Test Generation for Intelligent Networks Using Model Checking , 1997, TACAS.

[70]  Kim G. Larsen,et al.  Guided Controller Synthesis for Climate Controller Using Uppaal Tiga , 2007, FORMATS.

[71]  Thomas A. Henzinger,et al.  The Embedded Systems Design Challenge , 2006, FM.

[72]  Manuel Núñez,et al.  Conformance Testing Relations for Timed Systems , 2005, FATES.

[73]  Dieter Hogrefe,et al.  SDL- and MSC-Based Specification and Automated Test Case Generation for INAP , 2002, Telecommun. Syst..

[74]  Rajeev Alur,et al.  An Analyzer for Message Sequence Charts , 1996, Softw. Concepts Tools.

[75]  Angelo Gargantini,et al.  Using model checking to generate tests from requirements specifications , 1999, ESEC/FSE-7.

[76]  Jan Tretmans,et al.  Model Based Testing with Labelled Transition Systems , 2008, Formal Methods and Testing.

[77]  Tao Wang,et al.  Symbolic Execution of Behavioral Requirements , 2004, PADL.

[78]  Kim G. Larsen,et al.  UPPAAL-Tiga: Time for Playing Games! , 2007, CAV.

[79]  Werner Damm,et al.  Verification of a Radio-Based Signaling System Using the STATEMATE Verification Environment , 2001, Formal Methods Syst. Des..

[80]  Thierry Jéron,et al.  Assessment of automatic generation methods of conformance test suites in an industrial context , 1996 .

[81]  Henrik C. Bohnenkamp,et al.  Timed Testing with TorX , 2005, FM.

[82]  Insup Lee,et al.  A Temporal Logic Based Theory of Test Coverage and Generation , 2002, TACAS.

[83]  Kim G. Larsen,et al.  A Game-Theoretic Approach to Real-Time System Testing , 2008, 2008 Design, Automation and Test in Europe.

[84]  Kim G. Larsen,et al.  A Tutorial on Uppaal , 2004, SFM.

[85]  Leslie Lamport,et al.  Real-Time Model Checking Is Really Simple , 2005, CHARME.

[86]  Jan Tretmans,et al.  On-the-fly conformance testing using SPIN , 2000, International Journal on Software Tools for Technology Transfer.

[87]  Kim G. Larsen,et al.  Model Checking via Reachability Testing for Timed Automata , 1997, TACAS.

[88]  Thomas A. Henzinger,et al.  A Determinizable Class of Timed Automata , 1994, CAV.

[89]  Bernd Westphal,et al.  The Rhapsody UML Verification Environment , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[90]  Paul Ammann,et al.  A specification-based coverage metric to evaluate test sets , 1999, Proceedings 4th IEEE International Symposium on High-Assurance Systems Engineering.

[91]  Amir Pnueli,et al.  Synthesis Revisited: Generating Statechart Models from Scenario-Based Requirements , 2005, Formal Methods in Software and Systems Modeling.

[92]  Krishnendu Chatterjee,et al.  Algorithms for Omega-Regular Games with Imperfect Information , 2006, Log. Methods Comput. Sci..

[93]  Julien Schmaltz,et al.  On Conformance Testing for Timed Systems , 2008, FORMATS.

[94]  Jüri Vain,et al.  Synthesis of test purpose directed reactive planning tester for nondeterministic systems , 2007, ASE.

[95]  S. Tripakis,et al.  Tools for Controller Synthesis of Timed Systems , 2002 .

[96]  Kim G. Larsen,et al.  Testing real-time embedded software using UPPAAL-TRON: an industrial case study , 2005, EMSOFT.

[97]  Stavros Tripakis,et al.  Conformance testing for real-time systems , 2004, SPIN.

[98]  Brian Nielsen,et al.  Automated test generation from timed automata , 2001, International Journal on Software Tools for Technology Transfer.

[99]  Tsun S. Chow,et al.  Testing Software Design Modeled by Finite-State Machines , 1978, IEEE Transactions on Software Engineering.

[100]  Paul Ammann,et al.  Using model checking to generate tests from specifications , 1998, Proceedings Second International Conference on Formal Engineering Methods (Cat.No.98EX241).

[101]  Ahmed Khoumsi,et al.  A Method for Testing the Conformance of Real Time Systems , 2002, FTRTFT.

[102]  Teruo Higashino,et al.  Generating Test Cases for a Timed I/O Automaton Model , 1999, IWTCS.

[103]  Nicolas Markey,et al.  Robust safety of timed automata , 2008, Formal Methods Syst. Des..

[104]  J. L. Lions ARIANE 5 Flight 501 Failure: Report by the Enquiry Board , 1996 .

[105]  David Harel,et al.  Playing with time: on the specification and execution of time-enriched LSCs , 2002, Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems.

[106]  Kim G. Larsen,et al.  Efficient on-the-fly Algorithm for Checking Alternating Timed Simulation , 2009, FORMATS.

[107]  Deepak D'Souza,et al.  Timed Control with Partial Observability , 2003, CAV.

[108]  Jyoti Mishra,et al.  Automated Model Based Testing , 2012 .

[109]  Rachel Cardell-Oliver Conformance Tests for Real-Time Systems with Timed Automata Specifications , 2000, Formal Aspects of Computing.

[110]  Radia J. Perlman,et al.  An algorithm for distributed computation of a spanningtree in an extended LAN , 1985, SIGCOMM '85.

[111]  Marco Bernardo,et al.  Formal methods for the design of real-time systems : International School on Formal Methods for the Design of Computer, Communication and Software Systems, SFM-RT 2004, Bertinoro, Italy, September 13-18, 2004 : Revised lectures , 2004 .

[112]  Jochen Klose Live sequence charts: a graphical formalism for the specification of communication behavior , 2003 .

[113]  Rance Cleaveland,et al.  Triggered message sequence charts , 2002, SIGSOFT '02/FSE-10.

[114]  Ed Brinksma,et al.  A Test Generation Framework for quiescent Real-Time Systems , 2004, FATES.

[115]  Kim G. Larsen,et al.  T-UPPAAL: online model-based testing of real-time systems , 2004, Proceedings. 19th International Conference on Automated Software Engineering, 2004..

[116]  Pierre-Yves Schobbens,et al.  Synthesis of open reactive systems from scenario-based specifications , 2003, Third International Conference on Application of Concurrency to System Design, 2003. Proceedings..

[117]  Ursula Goltz,et al.  Timed Sequence Diagrams and Tool-Based Analysis - A Case Study , 1999, UML.

[118]  Kim G. Larsen,et al.  Efficient On-the-Fly Algorithms for the Analysis of Timed Games , 2005, CONCUR.

[119]  Charles Lesire,et al.  Planning robust temporal plans a comparison between CBTP and TGA approaches , 2007 .

[120]  Kim G. Larsen,et al.  Cooperative Testing of Timed Systems , 2008, Electron. Notes Theor. Comput. Sci..

[121]  Amir Pnueli,et al.  Smart Play-out of Behavioral Requirements , 2002, FMCAD.

[122]  Sergio Yovine,et al.  KRONOS: a verification tool for real-time systems , 1997, International Journal on Software Tools for Technology Transfer.

[123]  Scott A. Smolka,et al.  Simple Linear-Time Algorithms for Minimal Fixed Points (Extended Abstract) , 1998, ICALP.

[124]  Jan Tretmans,et al.  A Formal Approach to Conformance Testing , 1993, Protocol Test Systems.

[125]  Anders Hessel,et al.  Model-Based Test Case Generation for Real-Time Systems , 2007 .

[126]  Alexandre Petrenko,et al.  Formal approaches to software testing : third International Workshop on Formal Approaches to Testing of Software, FATES 2003, Montreal, Quebec, Canada, October 6th, 2003 : revised papers , 2004 .

[127]  Elfriede Dustin,et al.  Implementing Automated Software Testing: How to Save Time and Lower Costs While Raising Quality , 2009 .

[128]  Bernd Westphal,et al.  On the Expressive Power of Live Sequence Charts , 2006, Program Analysis and Compilation.

[129]  Kim G. Larsen,et al.  Formal Verification of a Power Controller Using the Real-Time Model Checker UPPAAL , 1999, ARTS.

[130]  Margus Veanes,et al.  Optimal strategies for testing nondeterministic systems , 2004, ISSTA '04.

[131]  Kim G. Larsen,et al.  Timed Control with Observation Based and Stuttering Invariant Strategies , 2007, ATVA.

[132]  Ousmane Koné,et al.  On the fly test generation for real time protocols , 1998, Proceedings 7th International Conference on Computer Communications and Networks (Cat. No.98EX226).

[133]  Anca Muscholl,et al.  Specifying and Verifying Partial Order Properties Using Template MSCs , 2004, FoSSaCS.

[134]  Wang Yi,et al.  Clock Difference Diagrams , 1998, Nord. J. Comput..

[135]  Bengt Jonsson,et al.  Specifying and Generating Test Cases Using Observer Automata , 2004, FATES.

[136]  David Harel,et al.  Assert and negate revisited: Modal semantics for UML sequence diagrams , 2008, SCESM '06.