Software Testing Based on Formal Specification
Marie-Claude Gaudel2010, Lecture Notes in Computer Science
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
This paper addresses the problem of constructing test data sets from formal specifications. Starting from a notion of an ideal exhaustive test data set, which is derived from the notion of satisfaction of the formal specification, we show how to select by refinements a practicable test set, i.e. computable, while not rejecting correct programs (unbiased) and accepting only correct programs (valid), when assuming certain hypotheses. The hypotheses play an important role; they formalise common test practices and they express the gap between the success of the test and correctness; the size of the test set depends on the strength of the hypotheses. The paper shows an application of this theory for algebraic specifications and presents the actual procedures used to mechanically product such test sets, using Horn clause logic. These procedures are embedded in an interactive system, which, given some general hypothesis schemes and an algebraic specification, produces a test set and the corresponding hypotheses.
Related papers
Formal Specifications and Test: Correctness and Oracle
1995
This article presents a new formal approach to testing. In the field of dynamic testing, as soon as a program fails for a test set, it is flagged incorrect. The remaining question is: how far can a successful program be considered as correct? We give a definition of program correctness with respect to a specification which is adequate to dynamic testing. Similarly to the field of abstract implementation, the idea is that in order to declare a program as correct, it suffices that its behavior fulfills the specification requirements. An intermediate semantic level between the program and the specification, called the oracle framework, is introduced in order to interpret observable results obtained from dynamic experiments on the program. This allows to give algebraic semantics (i.e. a set of models) to the program, compatible with the program behavior. Program correctness is then defined by some adequacy criterion between the specification semantics and the program semantics. We point out that while for some specifications, there exist exhaustive test sets (the success of which means program correctness), for some other specifications, there only exist “complete” (but not exhaustive) test sets. Of course, all the programs rejected by a complete test set are incorrect but unfortunately, there still exist successful incorrect programs. We also explain how the test set selection can be formalized within our approach.
A formal approach to specification-based black-box testing
Proceedings of the Workshop on Modelling …, 2000
Checking Formal Specifications by Testing
Formal specification methods hold promise for bridging the wide gap between an intuitive idea for solving a problem by computer, and the executable program that attempts to do the job. The use of formalism is itself a good thing, allowing professionals to understand and analyze their work better. However, formal methods are an aid to human effort, not a panacea. Conventional software testing can be an ideal complement to formally directed development. Tests are concrete and immediately comprehensible to end users, and they are unlikely to miss mistakes because of a pernicious correlation with the formal work. Research is needed on ways to make formal specifications and testing work together to realize the potential of both. Tests should serve to increase confidence that a formal method has been correctly applied. Such tests would free the developers from tedious checking of formalism details, and the success of only a few tests would have real significance for the software's correctness. As an example of a formalism/testing partnership, this talk describes joint work with Sergio Antoy [4] on automatically checking a conventional implementation of an abstract data type against its formal algebraic specification.
Automatic Testing from Formal Specifications
Lecture Notes in Computer Science
In this article, we consider model oriented formal specification languages. We generate test cases by performing symbolic execution over a model, and from the test cases obtain a Java program. This Java program acts as a test driver and when it is run in conjunction with the implementation then testing is performed in an automatic manner. Our approach makes the testing cycle fully automatic. The main contribution of our work is that we perform automatic testing even when the models are non-deterministic.
A formal analysis of requirements-based testing
2009
Abstract The aim of requirements-based testing is to generate test cases from a set of requirements for a given system or piece of software. In this paper we propose a formal semantics for the generation of test cases from requirements by revising and extending the results presented in previous works (eg:[21, 20, 13]).
Criteria for generating specification-based tests
Engineering of Complex Computer …, 1999
This paper presents general criteria for generating test inputs from state-based s p eci cations. Software testing can only be formalized and quanti ed w h e n a solid basis for test generation can be d e n e d. Formal speci cations of complex systems represent a signicant opportunity for testing because they precisely describe what functions the software i s s u p p osed t o p r ovide in a form that can easily be manipulated. These techniques provide coverage criteria that are b ased o n the speci cations, and are made up of several parts, including test pre xes that contain inputs necessary to put the software into the appropriate state for the test values. The test generation process includes several steps for transforming speci cations to tests. Empirical results from a comparative case study application of these criteria are p r esented.
Requirement-based testing through formal methods
Testing is not enough to achieve a correct and bug free system; it is necessary to maintain a cohesive set of artifacts, such as use cases, design diagrams, code and test cases. If this elements are loosely coupled, it is very probable that the implementation will not attend the clients expectations. In this context, we provide a model-based DSL editor to assist the engineer in the requirement specification edition and transform it into a formal use model in the CSP notation. This use model is further combined with test directives, or test purposes, to generate test cases using the FDR refinement checker. In addition, a strategy to execute the generated test cases in the Eclipse test platform is proposed.
Using formal methods to support testing
Csur, 2009
Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing.
Testing from Algebraic Specifications: Test Data Set Selection by Unfolding Axioms
2005
This paper deals with test data set selection from algebraic specifications. Test data sets are generated from selection criteria which are usually defined to cover specification axioms. The unfolding selection criterion consists in covering the input domain of an operation using case analysis. The unfolding procedure can be iterated in order to split input domains of operations into finer subdomains. In this paper we propose to extend an unfolding procedure previously developed in [5, 19] that could only be performed on very low level, i.e. executable specifications. On the contrary, our new unfolding procedure can be applied to any positive conditional specification. We show that our unfolding procedure is sound (no test is added) and complete (no test is lost) with respect to the starting reference test data set.
Kvest: Automated generation of test suites from formal specifications
1999
KVEST-Kernel VErification and Specification Technology-is based on automated test generation from formal specifications in the RAISE specification language. The technology was developed under contract with Nortel Networks. As of 1999, the methodology and toolset have been applied in three industrial project dealing with verification of large-scale telecommunication software. The first project, the Kernel Verification project, gives its name to the methodology and the toolset as a whole. Results of this project are available from the Formal Methods Europe Application database [13]. It is one of the biggest formal method application presented in the database. This paper provides a brief description of the approach, comparison to related works, and statistics on completed projects.
Related topics
Related papers
Using formal specifications to support testing
2009
Abstract Formal methods and testing are two important approaches that assist in the development of high-quality software. While traditionally these approaches have been seen as rivals, in recent years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing.
Testing can be formal, too
TAPSOFT '95: Theory and Practice of Software Development, 1995
The paper presents a theory of program testing based on formal specifications. The formal semantics of the specifications is the basis for a notion of an exhaustive test set. Under some minimal hypotheses on the program under test, the success of this test set is equivalent to the satisfaction of the specification. The selection of a finite subset of the exhaustive test set can be seen as the introduction of more hypotheses on the program, called selection hypotheses. Several examples of commonly used selection hypotheses are presented. Another problem is the observability of the results of a program with respect to its specification: contrary to some common belief, the use of a formal specification is not always sufficient to decide whether a test execution is a success. As soon as the specification deals with more abstract entities than the program, program results may appear in a form which is not obviously equivalent to the specified results. A solution to this problem is proposed in the case of algebraic specifications.
Abstracting formal specifications to generate software tests via model checking
1999
A recent method combines model checkers with specification-based mutation analysis to generate test cases from formal software specifications. However high-level software specifications usually must be reduced to make analysis with a model checker feasible. We propose a new reduction, parts of which can be applied mechanically, to soundly reduce some large, even infinite, state machines to manageable pieces. Our work differs from other work in that we use the reduction for generating test sets, as opposed to the typical goal of analyzing for properties. Consequently, we have different criteria, and we prove a different soundness rule. Informally, the rule is that counterexamples from the model checker are test cases for the original specification. The reduction changes both the state machine and temporal logic constraints in the model checking specification to avoid generating unsound test cases. We give an example of the reduction and test generation. 1 * Partially supported by the National Science Foundation under grant number CCR-99-01030 feasible. Our approach is to define a reduction from a given specification to a smaller one that is more likely to be tractable for a model checker. We tailor the reduction for test generation, as opposed to the usual goal of analysis. A broad span of research from early work on algebraic specifications [13] to more recent work such as [21] addresses the problem of relating tests to formal specifications. In particular, counterexamples from model checkers are potentially useful test cases. In addition to our use of the Symbolic Model Verifier (SMV) model checker [19] to generate mutation adequate tests [2], Callahan, Schneider, and Easterbrook use the Simple PROMELA Interpreter (SPIN) model checker [16] to generate tests that cover each block in a certain partitioning of the input domain [8]. Gargantini and Heitmeyer use both SPIN and SMV to generate branch-adequate tests from Software Cost Reduction (SCR) requirements specifications [14]. The model checking approach to formal methods has received considerable attention in the literature, and readily available tools such as SMV and SPIN are capable of handling the state spaces associated with realistic problems [11]. Although model checking began as a method for verifying hardware designs, there is growing evidence that model checking can be applied with considerable automation to specifications for relatively large software systems, such as the Traffic Alert &: Collision Avoidance System (TCAS) II [9]. The increasing usefulness of model checkers for software systems makes them attractive targets for use in aspects of software development other than pure analysis, which is their primary role today. Model checking has been successfully applied to a wide variety of practical problems, including hardware design, protocol analysis, operating systems, reactive system analysis, fault tolerance, and security. The chief advantage of
Exhaustive test sets for algebraic specifications
Software Testing, Verification and Reliability, 2016
In the context of testing from algebraic specifications, a first natural testing hypothesis is to suppose that programs and test cases are denoted respectively, by Σ-algebras and ground formulas. Hence, the test case interpretation is defined with respect to the formula satisfaction. So, the set of test cases is a subset of semantic consequences restricted to ground formulas with often further observational conditions on sorts to denote the ones equipped with an equality in the targeted programming language. This subset should ensure program correctness with respect to their specifications, i.e. for every uncorrect program P , there exists a test case that P interprets as "false" by a computation. We then say that this set of test cases is exhaustive. The main interest of such an exhaustive test set is that by submitting any of its test cases, correct programs cannot be rejected as incorrect or dually incorrect programs cannot be accepted as correct. Hence, it is appropriate to start the process of selecting test sets with reasonable sizes. However, depending on the nature of specifications and programs, this subset is not necessarily exhaustive. In this paper, we study conditions to ensure this exhaustiveness property for several algebraic formalisms (equational, conditional positive, quantifier-free and with quantifiers).
Application of PROLOG to test sets generation from algebraic specifications
Lecture Notes in Computer Science, 1985
A B~C T We present a method and a tool for generating test sets from algebraic data type specifications. We give formal definitions of the basic concepts required in our approach of functional testing. Then we discuss the problem of testing algebraic data types implementations. This allows the introduction of additional hypotheses and thus the description of an effective method for generating test sets. The method can be improved by using PROLOG. Indeed, it turns out that PROLOG is a very well suited tool for generating test sets in this context. Applicability of the method is discussed and a complete example is given.
A formal approach to testing programs in practice
2012 International Conference on Systems and Informatics (ICSAI2012), 2012
A program required to be tested in practice often has no available source code for some reason and how to adequately test such a program is still an open problem. In this paper, we describe a formal speci cation-based testing approach to tackle this challenge. The principal idea is rst to formalize the informal requirements into formal operation speci cations that take the interface scenarios of the program into account, and then utilize the speci cations for test case generation and test result analysis. An example and case study of applying the approach to an IC card system is presented to illustrate its usage and analyze its performance.
Exhaustive test sets for algebraic specification correctness
In the context of testing from algebraic specifications, a first natural testing hypothesis is to suppose that programs and test cases are denoted respectively, by Σ-algebras and ground formulas. Hence, the test case interpretation is defined with respect to the formula satisfaction. So, the set of test cases is a subset of semantic consequences restricted to ground formulas with often further observational conditions on sorts to denote the ones equipped with an equality in the targeted programming language. This subset should ensure program correctness with respect to their specifications, i.e. for every uncorrect program P , there exists a test case that P interprets as "false" by a computation. We then say that this set of test cases is exhaustive. The main interest of such an exhaustive test set is that by submitting any of its test cases, correct programs cannot be rejected as incorrect or dually incorrect programs cannot be accepted as correct. Hence, it is appropria...
Approach to specification-based testing systems
At the end of a software development process, there is a need for software verification. The aim of the software verification is to assess the software product to determine conformance to its specification. There are a few methods which can be used for doing this. However, the most popular method is software testing. For software testing to be done effectively, there is a need to select proper test cases such that all aspects of the software can be tested. In this paper we describe a technique for generating test cases automatically from the formal specification of the software. We also describe a testing system based on this technique.
Formal Specification Based Software Testing: An Automated Approach
2003
Our work focuses on the use of formal techniques in order to increase the quality of HCI software and of all the processes resulting from the development, verification, design and validation activities. This paper shows how the B formal technique can be used for user tasks modelling and validation. A trace based semantics is used to describe either the HCI or the user tasks. Each task is modelled by a sequence of fired events. Each event is defined in the abstract specification and design of the HCI system.
Specification-Based Testing for Refinement
… and Formal Methods, 2007. SEFM 2007, 2007
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.