Assume-guarantee testing

Verification techniques for component-based systems should ideally be able to predict properties of the assembled system through analysis of individual components before assembly. This work introduces such a modular technique in the context of testing. Assume-guarantee testing relies on the (automated) decomposition of key system-level requirements into local component requirements at design time. Developers can verify the local requirements by checking components in isolation; failed checks may indicate violations of system requirements, while valid traces from different components compose via the assume-guarantee proof rule to potentially provide system coverage. These local requirements also form the foundation of a technique for efficient predictive testing of assembled systems: given a correct system run, this technique can predict violations by alternative system runs without constructing those runs. We discuss the application of our approach to testing a multi-threaded NASA application, where we treat threads as components.

[1]  Koushik Sen,et al.  Detecting Errors in Multithreaded Programs by Generalized Predictive Analysis of Executions , 2005, FMOODS.

[2]  Sarfraz Khurshid,et al.  Test input generation with java PathFinder , 2004, ISSTA '04.

[3]  Corina S. Pasareanu,et al.  Assume-guarantee verification of source code with design-level assumptions , 2004, Proceedings. 26th International Conference on Software Engineering.

[4]  Koushik Sen,et al.  Rule-Based Runtime Verification , 2004, VMCAI.

[5]  Jürgen Dingel,et al.  Computer-assisted assume/guarantee reasoning with VeriSoft , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[6]  Corina S. Pasareanu,et al.  Learning Assumptions for Compositional Verification , 2003, TACAS.

[7]  Howard Barringer,et al.  Proof Rules for Automated Compositional Verification through Learning , 2003 .

[8]  Tomás E. Uribe,et al.  Combining Monitors for Runtime System Verification , 2002, Electron. Notes Theor. Comput. Sci..

[9]  Howard Barringer,et al.  Assumption generation for software component verification , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.

[10]  Margus Veanes,et al.  Generating finite state machines from abstract state machines , 2002, ISSTA '02.

[11]  Stephen N. Freund,et al.  Thread-Modular Verification for Shared-Memory Programs , 2002, ESOP.

[12]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[13]  Klaus Havelund,et al.  Model checking programs , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[14]  Nicolas Halbwachs,et al.  Automatic testing of reactive systems , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[15]  Thomas A. Henzinger,et al.  MOCHA: Modularity in Model Checking , 1998, CAV.

[16]  Adam A. Porter,et al.  Specification-based Testing of Reactive Software: Tools and Experiments Experience Report , 1997, Proceedings of the (19th) International Conference on Software Engineering.

[17]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[18]  Orna Grumberg,et al.  Model checking and modular verification , 1991, TOPL.

[19]  Edmund M. Clarke,et al.  Compositional model checking , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[20]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[21]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.