Thoroughness of specification-based testing of synchronous programs

Adequacy criteria for structural testing techniques are defined in terms of coverage (e.g. of statements or branches). For black-box testing, such criteria, making testers able to decide when to stop testing, are more difficult to define. In this paper, we propose such a definition for the particular case of specification-based testing techniques for synchronous software supplied by the Lutess testing environment. Lutess provides a framework for automatically building generators interacting with the software under test and feeding it with test input sequences. It requires a Lustre specification of both the software environment and the software safety properties. This specification is translated into an input-output automaton. A critical situation occurs when a safety property can be violated unless the software reacts adequately. Such situations correspond to particular states of the specification automaton, called suspect states. Suspect states definition can be used in two complementary ways: First, to design testing techniques able to reach several such states during testing. Second, to assess the thoroughness of a test input sequence in terms of covered suspect states. The above techniques are illustrated on a telephony software specification developed for the first Feature Interaction Detection Contest and involving 12 different telephone features. The thoroughness of the Lutess testing strategies is assessed as their ability to lead the software into suspect states.

[1]  Ioannis Parissis,et al.  Lutess: a testing environment for synchronous software , 1998, Tool Support for System Specification, Development and Verification.

[2]  Nancy D. Griffeth,et al.  Feature Interaction Detetion Contest , 1998, FIW.

[3]  Ioannis Parissis,et al.  Specification-based testing of synchronous software , 1996, SIGSOFT '96.

[4]  Nicolas Halbwachs,et al.  LUSTRE: A declarative language for programming synchronous systems* , 1987 .

[5]  Ioannis Parissis,et al.  Strategies for automated specification-based testing of synchronous software , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[6]  Debra J. Richardson,et al.  Specification-based test oracles for reactive systems , 1992, International Conference on Software Engineering.

[7]  Lydie du Bousquet,et al.  Incremental Feature Validation: a Synchronous Point of View , 1998, FIW.

[8]  Nicolas Halbwachs,et al.  LUSTRE: a declarative language for real-time programming , 1987, POPL '87.

[9]  Richard G. Hamlet,et al.  Partition Testing Does Not Inspire Confidence , 1990, IEEE Trans. Software Eng..

[10]  Qing Yu,et al.  Oracles for checking temporal properties of concurrent systems , 1994, SIGSOFT '94.

[11]  Adam A. Porter,et al.  Specification-based Testing of Reactive Software: Tools and Experiments Experience Report , 1997, Proceedings of the (19th) International Conference on Software Engineering.

[12]  Simeon C. Ntafos,et al.  An Evaluation of Random Testing , 1984, IEEE Transactions on Software Engineering.

[13]  Nicolas Halbwachs,et al.  From a Synchronous Declarative Language to a Temporal Logic Dealing with Multiform Time , 1988, FTRTFT.

[14]  Marie-Claude Gaudel,et al.  Software testing based on formal specifications: a theory and a tool , 1991, Softw. Eng. J..