Fig 1 - uploaded by Wolfram Schulte
Content may be subject to copyright.
Source publication
One benefit of executable specifications is that they allow one to test the conformance of implementations to their specifications. We illustrate this on the example of Universal Plug and Play devices. The necessary test sequences are generated automatically from ASM specifications.
Similar publications
Résumé Le but de cet article consiste à mettre en oeuvre des techniques de construction incrémentale de machines d'états UML. Nous nous basons sur l'utilisation des relations de conformité établies sur les systèmes de transitions étiquetées. La difficulté consiste à rendre ces relations applicables dans le cadre des diagrammes d'états. Notre approc...
Citations
... Note that this is just one possible technique for composing specifications at the component level to derive a specification for the overall system. There exist other, related techniques that use different notations with similar goals (e.g., [45, 46]). Given a global behavioral model GB, the component user can generate a set of testing requirements for the application using any testing technique based on state-machine coverage, such as Binder's adaptation [47] of Chow's method [48]. ...
... Dangerous branches are branches that control the execution of affected edges (i.e., branches that, if executed, may lead to the execution of affected edges). For example, if edge (20,21) inFigure 5 were identified as an affected edge, edge (19,20) would be the corresponding dangerous branch. Finally, the algorithm selects the test cases in T that cover dangerous branches in P as test cases to be rerun on P . ...
... Note that this is just one possible technique for composing specifications at the component level to derive specification for the overall system. There exist other, related techniques that use different notations with similar goals (e.g., [2, 19]). Given a global behavioral model GB, the component user can generate a set of testing requirements for the application using any testing technique based on state-machine coverage, such as Binder's adaptation [6] of Chow's method [15]. ...
Abstract Increasingly, modern-day software systems are being built by combining externally-developed software components with application-specific code. For such systems, existing program-analysis-based softwareengineering techniques may not directly apply, due to lack of information about components. To address this problem, the use of component metadata has been proposed. Component metadata are metadata and metamethods provided with components, that retrieve or calculate information about those components.
... The obvious and the most usual way to produce oracles from operational specifications is to execute them, obtain a result, and compare it with the result of the corresponding operation of the target system. The more details on test oracle construction on the base of ASM specifications can be found in [4,5]. Operational models of complex systems are usually nondeterministic, since they are much more abstract than the corresponding systems. ...
... These methods and their derivatives are used to construct test on the base of formal specifications written in SDL [36], Estelle [37,38], LOTOS [39], or represented as Statecharts [40]. Methods of test sequence construction based on ASM specifications of the target system are considered in [4,41]. The approach presented there is based on construction an FSM, which states correspond to combinations of values of prime logic formulas in branching conditions of ASM specification. ...
The article discusses problems of model based test construction and ways of their solution using different kinds of models (operational, contract, axiomatic, and history-based specifications). The main idea is that the integration of model based techniques having different underlying formalisms can give valuable practical results in test construction. The idea is illustrated by successful applications of UniTesK test development technology based on the combination of contract specifications used to describe system behavior and operational models used for test sequence generation. UniTesK was designed in RedVerst [http://www.ispras.ru/groups/rv/rv.html] group of ISP RAS on the base of experience obtained in several industrial software testing projects.
... Test development techniques used in UniTesK have a lot of similarities with the ones used in AsmL Tester [7, 8], Spec# [9], and Gotcha [10, 11] tools. The main difference with these tools is use of explicitly written test scenarios representing the model used for test sequence generation and factorization technique for constructing a test scenario on the base of contract specifications and coverage criterion [12]. ...
We describe ISP RAS experience in applications of model based testing in various areas. The two different examples are consid-ered -UniTesK test development technology aimed at software compo-nent testing and OTK tool intended to be used in test development for complex structured text processors, the main example of which is com-pilers. The surprising fact is that the two methods used in the tools have different prerequisites for successful applications in industrial software development. This demonstrates possibility to change those prerequisites by changing the technical aspects of the method applied. Both techniques were developed in RedVerst group of ISP RAS [1].
... In the context of XGuide's Web components, we follow an approach similar to those found in testing of software components and formal specifications of programs. The assumption is that if the concerns are validated against the contracts and the composition rules are sound, no additional validation needs to be done for the composites [22,47,72,134]. This, of course, requires the contracts and composition rules to be correct. More details on a formal model of concerns, contracts, and contract composition is presented in Chapter 5. ...
In this dissertation we propose the XGuide Web development method. XGuide focuses on the timely development of Web applications while guaranteeing high-quality designs and reusable implementation artifacts. It supports the whole life-cycle of a Web application and covers the analysis, design, implementation and maintenance phases.
... The updates generated in a particular step are called the update set for the step. For a wealth of ASM-related literature see the Michigan Website (Huggins, 2001). AsmL is MicrosoftÕs ASM language. ...
We propose a method for implementing behavioral interface specifications on the .NET platform. Our interface specifications are expressed as executable model programs. Model programs can be run either as stand-alone simulations or used as contracts to check the conformance of an implementation class to its specification. We focus on the latter, which we call runtime verification.In our framework, model programs are expressed in the new specification language AsmL. We describe how AsmL can be used to describe contracts independently from any implementation language, how AsmL allows properties of component interaction to be specified using mandatory calls, and how AsmL is used to check the behavior of a component written in any of the .NET languages, such as VB, C♯, or C++.
... In [Gargantini and Heitmeyer 1999] tests are generated using model checkers (both SMV and Spin) from SCR specifications to achieve a coverage similar to the well known branch coverage for programs, or to cover particular system requirements. To the best of our knowledge, the only methods for generating test suites from ASM specifications are those recently developed by the Microsoft group in Redmond [Barnett et al. 2001, Grieskamp et al. 2001. In the former, in order to find a test suite, they extract a finite state machine from ASM specifications and then use test generation techniques for FSMs [Lee and Yannakakis 1996]. ...
This paper tackles some aspects concerning the exploitation of Abstract State Machines (ASMs) for testing purposes. We define for ASM specifications a set of adequacy criteria measuring the coverage achieved by a test suite, and determining whether sufficient testing has been performed. We introduce a method to automatically generate from ASM specifications test sequences which accomplish a desired coverage. This method exploits the counter example generation of the model checker SMV. We use ASMs as test oracles to predict the expected outputs of units under test.
... These tools use test purposes describing the part of behaviour to be tested in a test case (see121314) or, similar to UniTesK, may provide test generation intended to obtain some coverage (see [15, 16]). GOTCHA [17] and AsmL Test Tool [18] are the only two known to authors, which can use factorization of state spaces [19] similar with UniTesK tools. The most part of other transition-system-based tools are prone to space explosion problems or try to reduce the number of states with the help of some specific methods. ...
The article presents UniTesK technology, an automated model based test con-struction method for use in industrial testing of general-purpose software. The approach presented includes automatic generation of test oracles from software contracts, coverage driven test sequence generation, test artifacts reuse. This work stems from the ISP RAS re-sults of academic research and 10-years experience in industrial application of formal testing techniques [1].
... They also lend themselves to more uses than runtime verification of an implementation, although this paper has focused on that aspect. (See [21] for other uses of AsmL.) ...
We propose a method for implementing behavioral interface specifications on the .NET platform. Our interface...
... A rigorous semantics is often a prerequisite for many tool generators [20]. AsmL specifications can be used for automatic test case generation [17], conformance checking [3, 4], and to provide behavioral interfaces for components [2]. Methodological guidelines and epistemological reasons how and why the ASM paradigm offers a mathematically well founded approach to high-level systems design and analysis of complex system behavior, also in relation to other formal methods, are discussed in [5]. ...
Recently, Microsoft took the lead in the development of a standard for peer-to-peer network connectivity of various intelligent appliances, wireless devices and PCs. It is called the Universal Plug and Play Device Architecture (UPnP). We construct a high-level abstract state machine (ASM) model for UPnP using AsmL. AsmL is an advanced ASM-based executable specification language that has been developed at Microsoft Research. It provides a modern specification environment that is object-oriented and component-based. AsmL is integrated into Microsoft Visual Studio, Word and COM.
... Our specification language, AsmL, allows other opportunities which are beyond the scope of this paper. For instance, we have used it for early prototyping and test-case generation [15]. ...
A natural way to specify component-based systems is by an interface specification. Such a specification allows clients of a component to know not only its syntactic properties, as is current practice, but also its semantic properties. Any component implementation must be a behavioral refinement of its interface specification. We propose the use of executable specifications and a runtime monitor to check for behavioral equivalence between a component and its specification. Furthermore, we take advantage of the COM infrastructure to perform this kind of runtime verification without any instrumentation of the implementation, i.e., without any recompilation or re-linking.
