ArticlePDF Available

Model driven testing-AGEDIS architecture interfaces and tools

Authors:
Alan Hartman at University of Haifa
Alan Hartman
Kenneth Nagin at IBM
Kenneth Nagin
Download full-text PDF
Read full-text
Download citation

Abstract

This article describes the AGEDIS project, a European Commission sponsored project for the creation of a methodology and tools for automated model driven test generation and execution for distributed systems. We describe the AGEDIS architecture, interfaces, and tools, and discuss some lessons learned over the three year life of the project.
Content uploaded by Alan Hartman
Author content
All content in this area was uploaded by Alan Hartman
Content may be subject to copyright.
Model Driven Testing –
AGEDIS Architecture
Interfaces and Tools
Alan Hartman
Kenneth Nagin
IBM Haifa Research Laboratory
Haifa University Campus
Haifa 31905
ISRAEL
{hartman, nagin}@il.ibm.com
ABSTRACT
This article describes the AGEDIS project, a European Commission sponsored project for
the creation of a methodology and tools for automated model driven test generation and
execution for distributed systems. We describe the AGEDIS architecture, interfaces, and
tools, and discuss some lessons learned over the three year life of the project.
1 Introduction
Software modeling is an area of research that has enjoyed great popularity in recent years
through the widespread adoption of object-oriented models as an aid to software design [5]. The
use of software models for the generation of test suites has also been reported in both an
academic setting [6, 11, 13, 13, 14], and in practical experiments [4, 7, 15, 16]. However, the
adoption of a specification based modeling strategy for generating test suites has yet to gain
much industrial momentum. One of the reasons for this is the lack of an integrated toolset whose
specific purpose the model-based generation and execution of software test. Most commercial
software modeling tools (e.g. Rational XDE, Together, Telelogic Tau) are intended for the use of
designers and developers of software rather than quality assurance and testing personnel.
There are however, a number of academic and proprietary tools in the area of model based test
generation and execution. These tools could benefit from being integrated into a framework
where they could interoperate. We describe here an architecture for model based testing that was
implemented in the AGEDIS project, together with its interfaces. We also describe some tools
that were plugged into this architecture, and we argue for greater cooperation and standardization
in this area.
The results of the AGEDIS experimentation with these tools [4] indicate that we still have a long
way to go before these tools are ready for widespread adoption by industry. The main
outstanding issues are the usability and interoperability of the available offerings. A number of
initiatives are under way to deal with these issues. Among these initiatives are the OMG
standardization body, the Eclipse organization, the ModelWare initiative, and the W3C standards
body. One of the aims of the ModelWare initiative is to provide European tool vendors and
academics with an infrastructure to support integration and interoperability of all model driven
software engineering tools. The AGEDIS project has taken a first step along the way by defining
clear interfaces between tools in the model based testing arena. It is the aim of this presentation
to publicize these interfaces, point out their interrelationships with other initiatives, and point the
way forward to standards based integration with other tools in the wider area of model driven
software engineering.
2 Architecture
User
Interface
Behavior
Model
Execution
Directives
Generation
Directives
Compiler
Analyzers
Edit/Browser
Execution
Trace
Abstract Test
Suite
Generator
Execution
Engine
Execution
Interface
Simulator
SW Component User Input Public Interface
The AGEDIS architecture is designed for open participation and interchangeable software
components to be developed and implemented as necessary. For example, we welcome the idea
that other academic groups adapt their experimental test generators to the interfaces described
here so that they may take advantage of the AGEDIS execution engine, test analyzers, and
visualizers. We also would like to encourage other analysis tools to be fitted to the interfaces to
enable the users to benefit from the increased power. We recognize that no one modeling
language will be adequate to express all software models from all domains. Some groups in the
telecommunications industry use SDL to model software, and case studies have been reported
using Z, CSP, UML, Murphi, SPIN, and others. We maintain that our architectural structure
allows for a diversity of modeling languages, and the reuse of existing testing tools and
execution engines.
The behavioural model of the system under test is specified by the user in the AGEDIS
Modelling Language (AML) [1]. Other languages have been used for behavioural modeling in
this context including both Objective VHDL[17] and Murphi[8].
In an intermediate step – hidden from the user – the modeling tool, Objecteering’s UML modeler
outputs an XML encoding of the model which is then read by the AGEDIS model compiler.
The compiler converts the behavioural model into an intermediate format (IF) which serves as
the execution interface. The test generation directives including the coverage goals of the test
suite, constraints on the test suite, and specific test purposes are compiled together with the
model and fed directly into the test generator. The test generation directives encapsulate the
testing strategy and tactics.
The execution interface can be executed either by a manual simulator or an automated test case
generator. The manual simulator is used both to verify that the model behaves as its author
intended it to, and also to produce additional test purposes.
The test generator produces an abstract test suite (ATS), which consists of paths and directed
graphs (in the case of a non-deterministic system) through the model satisfying the coverage
criteria or instantiating the test purposes. This ATS format [2] contains all the information
necessary to run the tests and verify the results at each stage of each test case. The user can
validate the model by viewing this suite, and use this format to communicate with the developers
when a defect is discovered.
The test execution directives (TED) form the bridge between the abstractions used in the
behavioural model and the implementation details of the system under test.
The execution engine reads the abstract test suite and the test execution directives in order to
execute the test suite against the application being tested. Each stimulus for each transition is
presented to the application under test. The execution engine queries the state of the application,
or waits for responses sent by the application in order to verify that the application and the model
agree on the results of applying the stimulus. The results of the stimulus and verification are
written to a suite execution trace (SET - also specified in [2]) in a standard form accessible to all
existing and future productivity tools including the analyzer and visualizer.
The visualizer is capable of showing both the suite execution trace and the abstract test suite in a
visually informative way to enable the test engineer to comprehend the massive amounts of data
generated by automated test generation and execution.
The coverage analyzer reads the execution trace and identifies areas of the model that may not
have been covered sufficiently. It is intended to produce input for the test generator to provide
additional test cases. This feedback to the test generator is important in real situations where the
translation from abstract tests to actual test runs may not be completely accurate. The defect
analyzer also produces input to the test generator. Its function is to cluster the defects observed
and to try and reproduce each defect cluster with a simpler test case.
The user interface can invoke editors for the models, test directives, and execution directives. It
also invokes the tools and manages the files and other artifacts produced by the automated
testing process.
3 Interfaces
The main interfaces in the AGEDIS architecture are the following:
Behavioural modeling language
Test Generation Directives
Test Execution Directives
Model Execution Interface
Abstract Test Suite
Test Suite Trace
The first three interfaces are for the users’ primary access to the tools. The latter three are more
for internal use by the tools, but the abstract test suite may also be directly used by a user to
script a particular test case.
3.1 Behavioural Modeling Language
The behavioural model describes the behaviour of the system under test. It is implemented as a
UML profile. The structure of the system under test is decribed by class diagrams together with
associations between classes. The behaviour of each class is described in a state diagram for that
class. The action language used in the state diagrams is the IF language. The interface between
the system under test and the environment is described by attaching stereotypes
<<controllable>> or <<observable>> to methods and attributes of the classes. A controllable
method or signal is one which the tester can call or send as a means of stimulating the system
under test. Observable artifacts of the system are those which can be used by the tester to check
the response of the system to the stimuli.
The initial state of the system is described using an object diagram. Stereotyped object diagrams
may also be used to specify particular states of the system which must be included or excluded
from test cases.
A full description of the syntax and semantics of the behavioural modeling language is available
from the AGEDIS web site [1].
3.2 Test Generation Directives
The test generation directives comprise the users’ testing strategies and tactics; they instruct the
test generator how to create test suites. They are expressed as either system level state diagrams,
message sequence charts, or by a set of simple defaults applied as run time parameters to the test
generation engine.
The state diagrams and message sequence charts use wild cards for details of the test case which
are to be filled in by the test generator. The transitions used in these state diagrams represent an
arbitrary sequence of transitions to be chosen by the test generator.
Test purposes are not easy for many users to create – and thus the AGEDIS test generator is
equipped with a set of graduated test generation directives which enable the naïve user to
generate test suites of increasing complexity and with presumably increasing probabilities of
exposing defects in the application. These simple test generation directives are:
1. Random test generation: Test cases are generated randomly, their length being provided
by the user or randomly chosen.
2. State coverage: Test cases aim to cover all states of the specification.
3. Transition coverage: Test cases aim to cover all transitions of the specification.
4. Interface coverage: Test cases aim to cover all controllable and observable elements of
the test interface.
5. Interface coverage with parameters: Test cases aim to cover all controllable and
observable elements of the test interface, with all combinations of parameters.
3.3 Test Execution Directives
The test execution directives describe the test architecture and the interface between the model
and the system under test; they instruct the test execution engine both where and how to execute
the test suites.
The TED contains both model translation information and test architecture information. The
model translation information comprises mappings from the abstractions of data types, classes,
methods, and objects described in the model to those of the system under test. The test
configuration information includes host information for distributed systems, delays and timeouts,
polling intervals, prologues and epilogues for test suites, test cases, and test steps, and sets of
parameters for parametrized test cases.
The test execution directives are described by an XML schema, so the user may edit the
directives using any XML editor. The XML schema is available from [].
3.4 Model Execution Interface (IF)
This is an encoding of the classes, objects, and finite state machines, which describe the
behaviour of the system under test. The model execution interface of the AGEDIS tools is in the
IF language created and extensively used by Verimag. It is a language for the description of
communicating asynchronous systems with extensions to support the generation of test cases.
The execution interface is documented and publicly available on the AGEDIS website [3].
3.5 Abstract Test Suite and Test Suite Trace
Both the abstract test suite and suite execution trace are described by the same XML schema
testSuite.xsd [2].
A test suite document consists of a set of test cases (or a reference to an external set of test cases)
and zero or more test suite traces. The test suite also contains a description of the model used to
create the test cases. The model is described in terms of its classes, objects, and interfaces for
observability and controllability.
Each test case consists of a set of test steps which may contain stimuli, observations and
directions for continuation to the next step or to the reaching of a verdict. The stimuli and
observations may take place between the system under test and the environment (tester), or
between two observable parts of the system under test (SUT). Usually, a test interaction is
initiated by the tester on a SUT object. However, SUT objects may initiate actions on the test
environment or the tester may be required to observe interactions between SUT objects. These
interactions may be either synchronous or asynchronous. Several actions may take place in any
given test step – and these within a single step may be executed sequentially or in parallel.
Each test case contains a verdict which may be one of pass, fail, or inconclusive. The latter
verdict is registered when a test case runs without observable deviation from the specification,
but also without achieving the purpose of the test case. The test cases can describe non-
deterministic behaviour using a construct for alternative steps. Test cases can be parametrized, so
that the same test case may be run several times with different values for the parameters. Test
cases may also invoke other test cases as sub steps of the invoking test case. A test case may be
visualized as a labeled transition system with nodes representing steps, and labels on the
transitions representing the stimuli and/or responses which trigger the system to move to the
target step of the transition.
The design of the Abstract Test Suite (ATS) was motivated by several objectives:
Expressiveness: the schema is expressive enough to describe complex test scenarios, and
to provide a rich set of interactions between a test engine and a system under testing. This
includes concurrent and sequential processing semantics.
Simplicity: the syntax chosen to express test cases is simple. Test suites may be produced
either by tools or manually. This implies that the ATS syntax is simple enough to be
read, written, or modified by a human being.
Flexibility: Therefore, the ATS format is flexible enough to support new features or new
primitives needed by other tools.
Compatibility: AGEDIS defined a new ATS format, since the existing formats were tool
dependent or too specific to a particular application domain. However, the AGEDIS ATS
format is influenced by three formalisms:
o The Gotcha-TCBeans ATS format
o The TGV ATS format
o The TTCN –3 (Tree and Tabular Combined Notation) language, standardized by
the ITU-T.
In the future, some translation tools may be provided between these different formats (or at
least between parts of them).
The suite execution trace is integrated into the abstract test suite definition. Its design was
motivated by the following objectives:
Expressiveness: The schema is expressive enough to capture the actual test suite
execution. Most importantly, it must contain enough information to allow replay of
a fault finding test scenario.
Traceability: The schema allows the user to identify which abstract test suite paths
are covered by the trace.
Packaging Flexibility: The suite execution trace and abstract test suite may reside in
the same or different files to simplify file handling and archiving.
Repeatability: The trace can be used as input to repeat its execution.
Feedback: The trace may be used as feedback in order to generate a new abstract
test suite, or test purposes.
The main motivation behind the choice of an XML schema is that this is a popular data exchange
standard, with a simple definition, and for which several public parsers, browsers and editors are
available.
4 Tools
4.1 User Interface
The AGEDIS tools have a common graphical user interface, written as a standalone Java
application, which enables the user to access all the tools and edit the inputs. The interface
supports the testing workflow by structuring the user’s interaction with the AGEDIS components
according to the AGEDIS methodology. That is:
1. Construct a model
2. Debug it with the IF simulator
3. Construct test generation directives
4. Generate test suites (by compiling the model together with the test generation directives)
5. Create the testing interface (test execution directives)
6. Execute the test suite
7. Analyze the test suite and test trace
8. If the coverage achieved is insufficient, or defects need to be analyzed, then use the
analysis results to construct more test generation directives and repeat from step 4.
4.2 Behavior simulation
The IF simulator enables the user to observe the behaviour of the model. The interface to the
simulator consists of two windows, one containing the controllable aspects of the model, and the
other with a message sequence chart describing the path taken through the model so far. The user
chooses an action to apply to the model and observes the set of possible responses by the system.
This enables the user to see the model “in action” and understand its behaviour more fully.
4.3 Test generation
The test generator creates a set of test cases which satisfy the coverage criteria and test purposes
specified in the test generation directives.
The test generation process consists of two stages. First a labeled transition system (LTS) is
constructed from the Cartesian product of the model’s behaviour and the test purposes. The LTS
is traversed and a set of test cases is extracted leading from the initial state to a state where the
test purpose reaches an “accept” verdict. The states also carry the observable values of variables,
so that when a coverage criterion occurs in a test purpose, the test generator may produce a series
of test cases passing through states where all values of the observable variables are realized. In
order to deal with large models, the test generator is able to generate test cases incrementally,
without unfolding the entire LTS. The details of the test generation algorithms will appear in a
forthcoming paper.
4.4 Test execution
The test execution framework – code named Spider for its ability to trap bugs – is an interpreter
of the test suite format. The translation between the abstractions of the model and the actual
implementation and deployment of the system under test is provided by the test execution
directives.
The primary goal of the test execution framework is to create a platform independent and
language independent set of utilities for test execution, tracing and logging of distributed
systems. Spider is able to execute test cases on systems written in Java, C, or C++ running on
distributed platforms including heterogeneous operating systems. Spider provides the facilities
for:
Distributing the test objects.
Generating the stimuli specified in the abstract test suite - both synchronous and
asynchronous interactions, with sequential or parallel execution of concurrent stimuli.
Making observations of the distributed system.
Comparing those observations with the expected results in the abstract test suite.
Creating a centralized log of the execution
Writing a trace in the test suite XML format
Passing parameters to test cases
Multiplying the test objects to create stress test from function tests
The details of the execution framework are described in [10].
4.5 Test analysis
AGEDIS provides two analysis tools, a coverage analyzer and a defect analyzer, for generating
both human and machine readable feedback to the test team.
The coverage analyzer reports on combinations of data values not covered, and sequences of
methods not invoked. It outputs test purposes which direct the test generator to create test cases
to cover these values and sequences. It also outputs coverage analysis reports. The coverage
analysis tool reads either the test suite or the test trace. The results of the trace may provide
significantly less coverage of the application since the trace only executes a deterministic part of
the entire non-deterministic test suite.
The defect analyzer clusters the defects observed in a test trace, and produces a single test
purpose which will recreate the common features of a set of test cases resulting in an observed
bug. This tool provides added value in the case when a large volume of test cases is run, with
many failures, but possibly many repeated occurrences of the same fault.
5 Lessons Learnt
The initial goal of the AGEDIS project was to increase the efficiency of software testing for
component based distributed applications. The industrial experiments – reported on in more
detail elsewhere in this volume – show that we still have a long way to go in terms of usability,
marketability, and even in the functionalities that the tools offer.
Another of the main aims of the AGEDIS project is to provide an infrastructure and standard
methods of communication between tools in the area of model driven testing.
Since the project began three years ago, the goals of interoperability of tools have received much
wider currency, and the entire area of model driven software engineering is awash now with
standards and interfaces.
None of these standards has become totally pervasive, with the possible exception of UML as a
modeling language. But even here there are several profiles for UML which provide for a
behavioural semantics. The behavioural aspects of UML 2.0 are still too new to have received
tooling support and acceptance in the software engineering industry. Other standards for the area
include SDL and TTCN – used by the telecommunications industry are not necessarily
appropriate for standard IT applications, database, transaction processing, or web services. The
Eclipse open source Modeling Framework, and the Eclipse tooling infrastructure are rapidly
gaining ground as the future interoperability platform for software engineering and software
integration. Although Eclipse too has its rivals for the hearts and minds of the development
community in the Microsoft worlds of C# and .Net, and the Sun initiatives NetBeans and MDR.
5.1 What we would do the same? What different?
If we could do it all over again with 20/20 hindsight, what would we repeat, and what would we
do differently? We have tried to summarize some of the decisions taken in the following table:
What would we repeat? What would we do differently?
Modeling language: We based our modeling
language on UML 1.4 with a profile for
behavioural and testing semantics. This proved
to be a wise decision in terms of industry
acceptance
Modeling language: We chose IF as the action
language. With 20/20 hindsight we should
have chosen either OCL or a subset of Java to
be more in line with standards and our
customer base.
Modeling Tool: We chose Objecteering for its
superior profile builder, and because there was
a free version for our customers.
Modeling Tool: The Objecteering UML
modeler is no longer freely available. We
would have done better to chose an open
source UML modeler of lower quality.
Interface to Simulation and Test
Generation: We chose an interface based on
IF in order to speed the development of the test
generator.
Interface to Simulation and Test
Generation: We should have chosen an
interface based on XMI 2.0 (which was not
defined 3 years ago).
Test Generation: We chose to build a test
generator merging the capacities of GOTCHA
and TGV. This proved difficult – but
eventually will be worth the effort.
Test Generation: We should have provided
more “instant gratification” to our customers
with simpler test purposes and coverage
criteria, even random test generation as an
immediate “smoke test” option.
Test Suite and Test Trace Format: The XML
testSuite format is a great achievement of the
project – and should be pushed to become a
standard in the IT sector of the industry.
Test Execution: The execution engine is very
powerful and flexible, eliminating much
repetitive effort in the foundation classes
needed for test execution and logging.
Test Execution: Provide more ready made
execution maps for common testing scenarios.
Test Analysis: Basing the analysis tools on the
XML format for test suites and test traces gave
us a lot of flexibility, and enabled rapid
prototyping of new analysis tools.
Test Analysis: Get more feedback earlier in
the project from users as to the kinds of
analysis that are relevant in industry.
User Interface: Had we started this effort now
– we would have chosen to integrate the
AGEDIS tools in an open source IDE like
Eclipse.
6 References

AGEDIS Public Document: AGEDIS Modeling Language Specification.

AGEDIS Public Document: Test Suite Specification
http://www.agedis.de/documents/d291_2/testSuite181202.zip

AGEDIS Public Document: Intermediate Language 2.0 with Test Directives Specification
http://www.agedis.de/documents/d289_1/IF2.0_TD.pdf

I. Craggs, T. Hierrault, M. Sardis, and J. Trost, this volume.

G. Booch, Object Oriented Analysis and Design With Applications. Benjamin/Cummings,
2
nd
edition, 1994.

J. Callahan, F. Schneider, and S. Easterbrook, Automated Software Testing Using Model-
checking, Proceedings 1996 SPIN Workshop, 1996.

J. M. Clarke, Automated Test Generation From a Behavioural Model, Proceedings of the
11th International Software Quality Week, QW98, May 1998.

D. L. Dill, A. J. Drexler, A. J. Hu and C. Han Yang, Protocol Verification as a Hardware
Design Aid, 1992 IEEE International Conference on Computer Design: VLSI in Computers
and Processors, IEEE Computer Society, pp. 522-525.
http://sprout.stanford.edu/dill/murphi.html

A. Hartman and K. Nagin, TCBeans Software Test Toolkit in Proceedings of the 12th
International Software Quality Week, QW99, May 1999.



A. Hartman, A. Kirshin, and K. Nagin,
    




J. Hartmann, C. Imoberdorf, and M. Meisinger, “UML-Based Integration Testing” in
Proceedings of ISSTA 2000.



R. M. Hierons, Testing From a Z Specification, The Journal of Software Testing,
Verification, and Reliability, 7:19–33, 1997.



J. Offutt and A. Abdurazik, Generating Tests from UML Specifications, Second
International Conference on the Unified Modeling Language (UML99), 1999.



A. J. Offutt and S. Liu, Generating Test Data from SOFL Specifications, to appear in The
Journal of Systems and Software 1999, currently available from
http://isse.gmu.edu/faculty/ofut/rsrch/spec.html.



A. Paradkar, SALT – An Integrated Environment to Automate Generation of Function Tests
for APIs, to appear in Proceedings of ISSRE 2000.



R. M. Poston, Automated Testing From Object Models, Aonix White Paper July 1998,
http://www.aonix.com.



M. Radetzki, W. Putzke-Röming, and W. Nebel, A Unified Approach to Object-Oriented
VHDL. Journal of Information Science and Engineering 14 (1998), pp. 523-545.
http://eis.informatik.uni-oldenburg.de/research/request.shtml



J. C. Widmaier, C. Smidts, and X. Huang, Producing More Reliable Software: Mature
Software Engineering Process vs. State-of-the-Art Technology, International Conference on
Software Engineering (ICSE) 2000.
... Additionally, the MDE techniques enable us to capture the process of generating one description from another, which has in the past been performed by hand using expert knowledge. The MDE approach has been successfully employed as a technique to automatically generate tests from system designs [5, 6, 8], and as a way to generate formal analysis models from system designs [1]. Given the high level of information available at design time, we intend to make advantageous use of it for the purpose of providing early feedback of expected performance results by way of formal analysis. ...
Towards a Twofold Approach to the Verification of Generated VHDL Systems
Article
Full-text available
  • Jan 2007
The rise of Model Driven Development, Domain Specific Languages and Generative Programming as new techniques for systems and software engineering means that the actual code that is compiled and executed is no longer written by a human, it is generated by a tool. To give confidence that the desired system has been generated, it is necessary to provide a successful means to verify the generated code. This paper proposes a twofold approach to verification, drawing on techniques from both the testing and formal approaches to verification. The concepts are discussed in the context of generating VHDL code from a UML State Machine.
View
... Existing model driven testing frameworks [8,5,7,17] deduce the correctness of a system under test (SUT) by detecting which events (operations) the SUT may respond to. As long as the SUT responds to the events specified by the model, the SUT is behaving correctly. ...
Data refinement based testing
Article
Full-text available
  • Jun 2011
FineFit is a model-driven framework for testing object-oriented systems. A FineFit specification is a collection of HTML tables representing the structure and the operations of the system under test. FineFit translates the specification into a relational model that serves both as a test oracle and as a source of test cases. FineFit uses the retrieve relation—the data refinement definition of the relationship between the abstract and the concrete system states—to check if the actual behavior of a Java program matches its abstract specification. The emphasis on representing and comparing system states makes this approach particularly attractive to object-oriented systems, which often consist of a complex graph of objects that represent the entities of a problem domain and the relationships between them. Thus, FineFit demonstrates the advantages of a data refinement approach to testing.
View
... It also allows to reason about dynamically instantiated object instances, which is essential in testing object-oriented systems . Support for dynamic object graphs is also present in the Agedis tools [14]. Regarding the conformance relation: In ioco theory tests can terminate in arbitrary states, and accepting states are not part of the theory. ...
On-the-fly testing of reactive systems
Article
Full-text available
On-the-fly testing is a technique in which test derivation from a model program and test execution are combined into a single algorithm. It can also be called online testing using a model program, to distinguish it from offline test generation as a separate process. We describe a practical on-the-fly testing algorithm that is implemented in the model-based testing tool developed at Microsoft Research called Spec Explorer. Spec Explorer is being used daily by several Microsoft product groups. Model programs in Spec Explorer are written in a high level spec-ification language AsmL or Spec#. We view model programs as implicit definitions of interface automata. The conformance relation between a model and an implementation under test is formalized in terms of re-finement between interface automata, and testing amounts to a game between the test tool and the implementation under test.
View
... Although these approaches are related, our problem setting is slightly different because we are given a meta model to describe all instances and not only a finite set of samples. Further (complementary) related work can be seen in the area of modeldriven testing [10] where the aim is to use a model of the system to produce suitable test data. The problem of generating those instances from the grammar that provide a suitable coverage for testing can possibly benefit from existing research in this area. ...
Automatically Generating Instances of Meta Models
Article
Meta modeling is a wide-spread technique to define visual languages, with the UML being the most prominent one. Despite several advantages of meta modeling such as ease of use, the meta modeling approach has one disadvantage: It is not constructive i. e. it does not offer a direct means of generating instances of the language. This disadvantage poses a severe limitation for certain applications. For example, when developing model transformations, it is desirable to have a large set of valid instance models available for large-scale testing. Producing such a large set by hand is tedious. In the related problem of compiler testing, a string grammar together with a simple generation algorithm is typically used to produce words of the language automatically. In this paper, we introduce instance-generating graph grammars for creating instances of meta models automatically, thereby overcoming the main deficit of the meta modeling approach for defining languages.
View
... This algorithm was initially implemented in the AsmLT tool that is the predecessor of Spec Explorer; the algorithm is also described in [4]. Similar techniques involving the use of state groupings for state space reduction have been used in other model-based testing tools [11,13], although, as far as we know, not with multiple simultaneous groupings as described in this paper. The notion of state grouping is analogous to predicate abstraction in the context of model-checking when the grouping expressions are tuples of Boolean expressions, in which case a grouping label of a state is a tuple of Boolean values. ...
State Exploration with Multiple State Groupings.
Conference Paper
  • Jan 2005
Exploration algorithms are relevant to the industrial practice of gen- erating test cases from an abstract state machine whose runs define the predicted behavior of the software system under test. In this paper we describe a new explo- ration algorithm that allows multiple state grouping functions to simultaneously guide the search for states that are interesting or relevant for testing. In some cases, our algorithm allows exploration to be optimized from exponential to lin- ear complexity. The paper includes an extended example that illustrates the use of the algorithm with the Spec Explorer tool developed as Microsoft Research.
View
Hybrid Directed Test Suite Augmentation: An Interleaving Framework
Conference Paper
  • Mar 2014
Test suite augmentation techniques generate test cases to cover code missed by existing regression test suites. Various augmentation techniques have been proposed, utilizing several test case generation algorithms. Research has shown that different algorithms have different strengths, and that combining them into a single hybrid approach may be cost-effective. In this paper we present a framework for hybrid test suite augmentation that allows test case generation algorithms to be interleaved dynamically and that can easily incorporate new algorithms, interleaving strategies, and choices of other parameters that influence algorithm performance. We empirically study an implementation of this framework in which we use two test case generation algorithms and several algorithm interleavings. Our results show that specific instantiations of our framework can produce augmentation techniques that are more cost-effective than others, and illustrate tradeoffs between instantiations.
View
Directed test suite augmentation: An empirical investigation
Article
Test suite augmentation techniques are used in regression testing to identify code elements in a modified program that are not adequately tested and to generate test cases to cover those elements. A defining feature of test suite augmentation techniques is the potential for reusing existing regression test suites. Our preliminary work suggests that several factors influence the efficiency and effectiveness of augmentation techniques that perform such reuse. These include the order in which target code elements are considered while generating test cases, the manner in which existing regression test cases and newly generated test cases are used, and the algorithm used to generate test cases. In this work, we present the results of two empirical studies examining these factors, considering two test case generation algorithms (concolic and genetic). The results of our studies show that the primary factor affecting augmentation using these approaches is the test case generation algorithm utilized; this affects both cost and effectiveness. The manner in which existing and newly generated test cases are utilized also has a substantial effect on efficiency and in some cases a substantial effect on effectiveness. The order in which target code elements are considered turns out to have relatively few effects when using concolic test case generation but in some cases influences the efficiency of genetic test case generation. The results of our first study, on four relatively small programs using a large number of test suites, are supported by our second study of a much larger program available in multiple versions. Together, the studies reveal a potential opportunity for creating a more cost-effective hybrid augmentation approach leveraging both concolic and genetic test case generation techniques, while appropriately utilizing our understanding of the factors that affect them. Copyright © 2014 John Wiley & Sons, Ltd.
View
Modeling Embedded Software Test Requirement Based on MARTE
Conference Paper
  • Jun 2013
Based on software requirement and interface control information, Model and Analysis of Real-Time Embedded System (MARTE) was selected to model embedded HW/SW and their interactions. A traversal algorithm was presented to search test scenarios in objects interaction model. We'll also analyze constraints between each scenario then generate test constraints. We'll combine test configuration, test scenarios and corresponding test constraints to create a well-formed embedded software test requirements model.
View
View
View
A test execution environment running abstract tests for distributed software
Article
Full-text available
  • Jan 2002
This paper addresses the problem of executing abstract tests on distributed software. Although our focus is on specification based behavior testing that exploits model based test generation, we provide an environment that supports both automatic and manual test generation. Tests derived from a specification are by nature abstract. The tester must manually convert the abstract tests into their concrete executable form. We claim that a test execution environment designed to execute abstract tests can transform and execute these tests efficiently to verify distributed software. We also claim that the same abstract tests can be reused and extended to verify issues related to concurrency, stress, and input data variations. We describe the test execution environment and discuss an industrial trial that exploited a prototype of the system to improve the testing of a distributed application. The trial reused a behavior test suite generated for its function test and executed it in its system test. The reuse required no additional coding and was successful in discovering five additional defects related to concurrency.
View
Automated Software Testing Using Model-Checking
Article
Full-text available
  • Jul 2000
White-box testing allows developers to determine whether or not a program is partially consistent with its specified behavior and design through the examination of intermediate values of variables during program execution. These intermediate values are often recorded as an execution trace produced by monitoring code inserted into the program. After program execution, the values in an execution trace are compared to values predicted by the specified behavior and design. Inconsistencies between predicted and actual values can lead to the discovery of errors in the specification and its implementation. This paper describes an approach to (1) verify the execution traces created by monitoring statements during white-box testing using a model checker as a semantic tableau; (2) organize multiple execution traces into distinct equivalence partitions based on requirements specifications written in linear temporal logic (LTL); and (3) use the counter-example generation mechanisms found in most m...
View
Automated test generation from a behavioral model
Article
The challenge for testers: reduce the testing interval without reducing quality. One answer: find a new way to approach test design and test generation. This paper will discuss an ongoing Lucent Technologies experiment in automated test generation from a behavioral model of the software product under test. Results indicate that our new approach can increase the effectiveness of our testing while reducing the cost of test design and generation.
View
View
SALT - An Integrated Environment to Automate Generation of Function Tests for APIs.
Conference Paper
  • Jan 2000
Automation of test design during the function testing phase is essential both to reduce the substantial cost of testing and to improve the delivered software reliability. We argue for a model based approach specifically designed from a test perspective to automate test design. We describe features of the Specification and Abstraction Language for Testing (SALT) environment which embodies this perspective. SALT allows testers to capture relationships among partitions of input and output variables for a function under test. The tester can also specify (potential) updates to context which result from the function invocation. This context enables the generation of sequences of function invocations with expected outputs. These test specifications along with a fault model, allow generation of an optimized set of test variations. We describe an example to illustrate SALT usage and report results of our pilot study using SALT
View
View
A unified approach to object-oriented VHDL
Article
  • Sep 1998
  • J INF SCI ENG
Abstraction and reuse are keys to dealing with the increasing complexity of electronic systems. We apply object-oriented modeling to achieve more reuse and higher abstraction in hardware design. This requires an object-oriented hardware description language, preferably an extension of VHDL. Several variants of such OO-VHDL are currently being debated. We present our unified approach. Objective VHDL. which adds object-oriented features to the VHDL design entity as well as to the type system to provide maximum modeling power.
View
View
Protocol verification as a hardware design aid
Conference Paper
  • Nov 1992
The role of automatic formal protocol verification in hardware design is considered. Principles that maximize the benefits of protocol verification while minimizing the labor and computation required are identified. A novel protocol description language and verifier (both called Murφ) are described, along with experiences in applying them to two industrial protocols that were developed as part of hardware designs
View
Automated Test Generation From a Behavioural Model r? ? ? ?? ? ? ? Protocol Verification as a Hardware Design Aid
  • 522-525
  • J M D L Clarke
  • A J Dill
  • A J Drexler
  • C Hu
  • Han
  • Yang
? ? ? ?? ? ? ? J. M. Clarke, Automated Test Generation From a Behavioural Model, Proceedings of the 11th International Software Quality Week, QW98, May 1998. r? ? ? ?? ? ? ? D. L. Dill, A. J. Drexler, A. J. Hu and C. Han Yang, Protocol Verification as a Hardware Design Aid, 1992 IEEE International Conference on Computer Design: VLSI in Computers and Processors, IEEE Computer http://sprout.stanford.edu/dill/murphi.html Society, pp. 522-525