Wen-ling Huang,Jan Peleska

DOI: https://doi.org/10.48550/arXiv.2105.11786

2021-05-25

Software Engineering

Abstract:In this paper, new contributions to requirements-based testing with deterministic finite state machines are presented. Elementary requirements are specified as triples consisting of a state in the reference model, an input, and the expected reaction of the system under test defined by a set of admissible outputs, allowing for different implementation variants. Composite requirements are specified as collections of elementary ones. Two requirements-driven test generation strategies are introduced, and their fault coverage guarantees are proven. The first is exhaustive in the sense that it produces test suites guaranteeing requirements satisfaction if the test suite is passed. If the test suite execution fails for a given implementation, however, this does not imply that the requirement has been violated. Instead, the failure may indicate an arbitrary violation of I/O-equivalence, which could be unrelated to the requirement under test. The second strategy is complete in the sense that it produces test suites guaranteeing requirements satisfaction if and only if the suite is passed. Complexity considerations indicate that for practical application, the first strategy should be preferred to the second. Typical application scenarios for this approach are safety-critical systems, where safety requirements should be tested with maximal thoroughness, while user requirements might be checked with lesser effort, using conventional testing heuristics.

陈涛,潘雪增,陈健,陈小平,陆魁军

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.06.017

2010-01-01

Abstract:In the field of communication protocol conformance test,how to generate test sequences which satisfy the requirements is one of hot research.Due to the generated test sequences aren’t simple and efficient enough,after introducing FSM which is the main formal model of communication protocol,this paper first studys test sequence generation algorithm based on UIO,and then improves the original algorithm.Test sequences generated by the improved algorithm have higher fault coverage,and the length of test sequences has been shortened.

Vaclav Rechtberger,Miroslav Bures,Bestoun S. Ahmed,Youcef Belkhier,Jiri Nema,Hynek Schvach

DOI: https://doi.org/10.48550/arXiv.2203.09596

2022-03-17

Software Engineering

Abstract:Model-based Testing (MBT) is an effective approach for testing when parts of a system-under-test have the characteristics of a finite state machine (FSM). Despite various strategies in the literature on this topic, little work exists to handle special testing situations. More specifically, when concurrently: (1) the test paths can start and end only in defined states of the FSM, (2) a prioritization mechanism that requires only defined states and transitions of the FSM to be visited by test cases is required, and (3) the test paths must be in a given length range, not necessarily of explicit uniform length. This paper presents a test generation strategy that satisfies all these requirements. A concurrent combination of these requirements is highly practical for real industrial testing. Six variants of possible algorithms to implement this strategy are described. Using a mixture of 180 problem instances from real automotive and defense projects and artificially generated FSMs, all variants are compared with a baseline strategy based on an established N-switch coverage concept modification. Various properties of the generated test paths and their potential to activate fictional defects defined in FSMs are evaluated. The presented strategy outperforms the baseline in most problem configurations. Out of the six analyzed variants, three give the best results even though a universal best performer is hard to identify. Depending on the application of the FSM, the strategy and evaluation presented in this paper are applicable both in testing functional and non-functional software requirements.

Robert Sachtleben,Jan Peleska

DOI: https://doi.org/10.48550/arXiv.2106.14284

2021-06-28

Abstract:For partial, nondeterministic, finite state machines, a new conformance relation called strong reduction is presented. It complements other existing conformance relations in the sense that the new relation is well-suited for model-based testing of systems whose inputs are enabled or disabled, depending on the actual system state. Examples of such systems are graphical user interfaces and systems with interfaces that can be enabled or disabled in a mechanical way. We present a new test generation algorithm producing complete test suites for strong reduction. The suites are executed according to the grey-box testing paradigm: it is assumed that the state-dependent sets of enabled inputs can be identified during test execution, while the implementation states remain hidden, as in black-box testing. It is shown that this grey-box information is exploited by the generation algorithm in such a way that the resulting best-case test suite size is only linear in the state space size of the reference model. Moreover, examples show that this may lead to significant reductions of test suite size in comparison to true black-box testing for strong reduction.

Software Engineering

Robert M. Hierons,Tao Xie

DOI: https://doi.org/10.1002/stvr.1810

2022-01-01

Software Testing Verification and Reliability

Abstract:This issue contains two papers. The first paper focuses on combinatorial testing and the second one focuses on model-based testing. The first paper, ‘Combinatorial methods for testing Internet of Things smart home systems’ by Bernhard Garn, Dominik-Philip Schreiber, Dimitris E. Simos, Rick Kuhn, Jeff Voas, and Raghu Kacker, presents an approach for applying combinatorial testing (CT) to the internal configuration and functionality of Internet of Things (IoT) home automation hub systems. The authors first create an input parameter model of an IoT home automation hub system for use with test generation strategies of combinatorial testing and then propose an automated test execution framework and two test oracles for evaluation purposes. The proposed approach makes use of the appropriately formulated model of the hub and generates test sets derived from this model satisfying certain combinatorial coverage conditions. The authors conduct an evaluation of the proposed approach on a real-world IoT system. The evaluation results show that the proposed approach reveals multiple errors in the devices under test, and all approaches under comparison perform nearly equally well (recommended by W. K. Chan). The second paper, ‘Effective grey-box testing with partial FSM models’ by Robert Sachtleben and Jan Peleska, explores the problem of testing from a finite state machine (FSM) and considers the scenario in which an input can be enabled in some states and disabled in other states. There is already a body of work on testing from FSMs in which inputs are not always defined (partial FSMs), but such work typically allows the system under test (SUT) to be such that some inputs are defined in a state of the SUT but are not defined in the corresponding state of the specification FSM (the SUT can be ‘more’ defined). The paper introduces a conformance relation, called strong reduction, that requires that exactly the same inputs are defined in the specification and the SUT. A new test generation technique is given for strong reduction, with this returning test suites that are complete: a test suite is guaranteed to fail if the SUT is faulty and also satisfies certain conditions that place an upper bound on the number of states of the SUT. The overall approach also requires that the tester can determine which inputs are enabled in the current state of the SUT and so testing is grey-box (recommended by Helene Waeselynck).

Adilson Luiz Bonifacio,Arnaldo Vieira Moura

DOI: https://doi.org/10.48550/arXiv.1508.02767

2015-08-12

Abstract:Completeness is a desirable property of test suites. Roughly, completeness guarantees that a non-equivalent implementation under test will always be identified. Several approaches proposed sufficient, and sometimes also necessary, conditions on the specification model and on the test suite in order to guarantee completeness. Usually, these approaches impose several restrictions on the specification and on the implementations, such as requiring them to be reduced or complete. Further, test cases are required to be non-blocking --- that is, they must run to completion --- on both the specification and the implementation models. In this work we deal test cases that can be blocking, we define a new notion that captures completeness, and we characterize test suite completeness in this new scenario. We establish an upper bound on the number of states of implementations beyond which no test suite can be complete, both in the classical sense and in the new scenario with blocking test cases.

Software Engineering,Logic in Computer Science

Bálint Kocsis,Jurriaan Rot

2024-11-20

Abstract:Conformance testing of automata is about checking the equivalence of a known specification and a black-box implementation. An important notion in conformance testing is that of a complete test suite, which guarantees that if an implementation satisfying certain conditions passes all tests, then it is equivalent to the specification. We introduce a framework for proving completeness of test suites at the general level of automata in monoidal closed categories. Moreover, we provide a generalization of a classical conformance testing technique, the W-method. We demonstrate the applicability of our results by recovering the W-method for deterministic finite automata, Moore machines, and Mealy machines, and by deriving new instances of complete test suites for weighted automata and deterministic nominal automata.

Formal Languages and Automata Theory,Logic in Computer Science

张涌,钱乐秋,王渊峰

2002-01-01

Abstract:The behavior of a software system or its subsystems can be described precisely using finite-state machines, so it has been used widely in software modeling. Many researchers have proposed some test selection methods based on FSM. Among these methods, the Wp-method, which has fewer use constraints and higher fault coverage, can be used more widely. But if the estimated states number (m) of the implementation of a specification is large, a large number of test sequences will be generated using the Wp-method, which will decrease the testing efficiency. An improved method of the Wp-method, named R-Wp method, is presented. When the m is large, fewer test sequences can be obtained through this method than through the Wp-method. In addition, the number of test sequences generated from the R-Wp method and the Wp-method, and factors which influence the number of test sequences generation, are discussed. Finally, it is proved that the R-Wp has the same fault detecting ability as the Wp-method.

Xintao Niu,Huayao Wu,Nie Changhai,Yu Lei,Xiaoyin Wang

DOI: https://doi.org/10.1109/tse.2021.3113920

IF: 7.4

2022-01-01

IEEE Transactions on Software Engineering

Abstract:Combinatorial Testing (CT) is an effective testing technique for detecting failures which are triggered by the interactions of various factors that influence the behaviour of a system. Although many studies in CT have designed elaborate test suites (called covering arrays) to systemically check each possible factor interaction, they provide weak support to locate the concrete failure-inducing interactions, i.e., the Minimal Failure-causing Schemas (MFS). To this end, a variety of MFS identification approaches have been proposed. However, as this study reveals, these approaches suffer from various issues such as cannot identify multiple overlapping MFSs, cannot handle MFSs with high degrees, cannot be applied to systems with large number of parameters, etc. These issues are essentially caused by the exponential computing complexity of checking every interaction in the test cases. Therefore, they can only focus on a subset of all the possible interactions, resulting in many interactions unnoticed. Ignoring these unnoticed interactions could potentially cause failures that have never been systematically checked. Hence, it is beneficial for MFS identification approaches to identify these interactions. In order to account for these unnoticed interactions in CT, this study introduces the notion of pending schema, based on which a theoretical framework of CT schemas is established. In particular, we formally define the determinability of a schema in CT with respect to given information; as such, the yet-to-be determined schemas are exactly the pending schemas. The relationships between the different schemas (faulty, healthy, and pending) and test cases are also theoretically analyzed. Based on which, we further propose three formulas, along with three corresponding algorithms, for the identification of the pending schemas in failing test cases, and formally prove their correctness. As a result, we reduce the complexity of obtaining pending schemas with respect to the number of factors that may have influences on the software.

Jiangyuan Yao,Zhiliang Wang,Xia Yin,Xingang Shi,Jianping Wu

DOI: https://doi.org/10.1109/ICCCN.2013.6614178

2013-01-01

Abstract:Current researches on model-based testing mainly focus on the single component model, such as FSM (Finite State Machine) and EFSM (Extended FSM). To model and test parallelism and concurrency among different protocol components, traditional CFSM (Communicating FSMs) models communication as asynchronous message exchange, which is not suitable for the scenario that parallel protocol components read shared variables from each other. We have developed Parallel Parameterized Extended Finite State Machine (PaP-EFSM) to handle this situation. In this paper, we present a hierarchical test generation approach for PaP-EFSMs based on reachability graphs. The combination of bottom-up reachability graph generation and top-down test sequence generation ensures the executability of the test sequences and alleviates state explosion. We apply this method to the conformance testing of SAVI, a real protocol for anti-spoofing of IP source addresses. We build a set of PaP-EFSMs for SAVI and derive the executable test sequences, which expose many implementation faults when applied to real devices from 4 different vendors.

刘鸿,尹霞,吴建平

DOI: https://doi.org/10.3321/j.issn:1000-0054.2003.07.036

2003-01-01

Abstract:Conventional methods of te st ing hierarchical finite state machines (HFSMs) always first flatten them to finite state machines (FSMs) and then evaluate them using FSM testing methods. The famous state-explosion problem always arises in the process. Algorithms have been developed using hierarchical characteristics to solve the state-ex plosion problem for state synchronization sequences and verification sequences . Though a bit less feasible than conventional methods, the algorithms can be ap plied to almost all HFSM models in practice and achieve shorter sequences in les s time. An efficient test generation method was then developed based on these al gorithms for conformance testing of the multicast listener discovery (MLD) proto col.

Changhai Nie,Hareton Leung

DOI: https://doi.org/10.1145/2000799.2000801

IF: 3.685

2011-01-01

ACM Transactions on Software Engineering and Methodology

Abstract:Combinatorial Testing (CT) involves the design of a small test suite to cover the parameter value combinations so as to detect failures triggered by the interactions among these parameters. To make full use of CT and to extend its advantages, this article first gives a model of CT and then presents a theory of the Minimal Failure-causing Schema (MFS), including the concept of the MFS, proof of its existence, some of its properties, and a method of finding the MFS. Then we propose a methodology for CT based on this MFS theory and the existing research. Our MFS-based methodology emphasizes that CT should work on accurate testing requirements, and has the following advantages: 1) Detect failure to the greatest degree with the least cost. 2) Effectiveness is improved by emphasizing mining of the information in software and making full use of the information gained from test design and execution. 3) Determine the root causes of failures and reveal related faults near the exposed ones. 4) Provide a foundation and model for regression testing and software quality evaluation of CT. A case study is presented to illustrate the MFS-based CT methodology, and an empirical study on a real software developed by us shows that the MFS really exists and the methodology based on MFS can considerably improve CT.

Xintao Niu,Changhai Nie,Jeff Y. Lei,Hareton Leung,Xiaoyin Wang

DOI: https://doi.org/10.1109/tse.2018.2844259

IF: 7.4

2020-01-01

IEEE Transactions on Software Engineering

Abstract:Combinatorial testing (CT) has been proven effective in revealing the failures caused by the interaction of factors that affect the behavior of a system. The theory of Minimal Failure-Causing Schema (MFS) has been proposed to isolate the cause of a failure after CT. Most algorithms that aim to identify MFS focus on handling a single fault in the System Under Test (SUT). However, we argue that multiple faults are more common in practice, under which masking effects may be triggered so that some failures cannot be observed. The traditional MFS theory lacks a mechanism to handle such effects; hence, they may incorrectly isolate the MFS. To address this problem, we propose a new MFS model that takes into account multiple faults. We first formally analyze the impact of the multiple faults on existing MFS identifying algorithms, especially in situations where masking effects are triggered by multiple faults. We then develop an approach that can assist traditional algorithms to better handle multiple faults. Empirical studies were conducted using several kinds of open-source software, which showed that multiple faults with masking effects do negatively affect traditional MFS identifying approaches and that our approach can help to alleviate these effects.

Shuai Wang,Yindong Ji,Shiyuan Yang

DOI: https://doi.org/10.4304/jsw.6.2.175-183

2011-01-01

Journal of Software

Abstract:This paper considers the test case generation for distributed software (a test case contains one or more test sequences). Applying the single finite state machine (FSM) test approach to distributed software, we will suffer from some problems: 1) the state combinatorial explosion problem; 2) some unexecutable test cases may be generated; 3) some fault may be masked and cannot be isolated accurately. This paper proposed a new test case generation method based on the FSM net model. Instead of testing the global transitions of product machine, the generated test cases are used to verify the local transitions. We discuss the detailed methods of verifying the outputs and the tail states of the local transitions. Moreover, we prove that if all the local transitions are right, the transition structure of the distributed software is right. The tests are generated on the local transition structure of components, so we will not meet the state combinatorial explosion problem. All the outputs of the local transitions are checked, so the fault isolation results may be more accurate.

Hao Lan,Yin Tong,Jin Guo,Yadong Zhang,Yao Li,Chang Rao

DOI: https://doi.org/10.1109/qrs-c.2018.00048

2018-07-01

Abstract:The traditional finite state machine (FSM) cannot express complicated systems due to its flattened sequential features. A safe state machine (SSM) is an extension of FSMs with capability of expressing hierarchical structure, parallel structure and historical mechanism. Therefore, it can accurately express complicated functions of a system, and SSMs have strict formal semantics. This paper provides a method for generating test paths based on SSMs. A method of creating the reachability graph (RG) of an SSM is presented, which can eliminate the hierarchical and parallel structure, and mark the history states. Finally, test paths are generated based on certain test coverage criteria of the RG model.

Pascal Nasahl,Martin Unterguggenberger,Rishub Nagpal,Robert Schilling,David Schrammel,Stefan Mangard

DOI: https://doi.org/10.48550/arXiv.2208.01356

2022-08-02

Abstract:Fault injection (FI) is a powerful attack methodology allowing an adversary to entirely break the security of a target device. As finite-state machines (FSMs) are fundamental hardware building blocks responsible for controlling systems, inducing faults into these controllers enables an adversary to hijack the execution of the integrated circuit. A common defense strategy mitigating these attacks is to manually instantiate FSMs multiple times and detect faults using a majority voting logic. However, as each additional FSM instance only provides security against one additional induced fault, this approach scales poorly in a multi-fault attack scenario. In this paper, we present SCFI: a strong, probabilistic FSM protection mechanism ensuring that control-flow deviations from the intended control-flow are detected even in the presence of multiple faults. At its core, SCFI consists of a hardened next-state function absorbing the execution history as well as the FSM's control signals to derive the next state. When either the absorbed inputs, the state registers, or the function itself are affected by faults, SCFI triggers an error with no detection latency. We integrate SCFI into a synthesis tool capable of automatically hardening arbitrary unprotected FSMs without user interaction and open-source the tool. Our evaluation shows that SCFI provides strong protection guarantees with a better area-time product than FSMs protected using classical redundancy-based approaches. Finally, we formally verify the resilience of the protected state machines using a pre-silicon fault analysis tool.

Cryptography and Security

Xia Yin,Jiangyuan Yao,Zhiliang Wang,Xingang Shi,Jun Bi,Jianping Wu

DOI: https://doi.org/10.1587/transinf.2015pap0013

2015-01-01

IEICE Transactions on Information and Systems

Abstract:The researches on model-based testing mainly focus on the models with single component, such as FSM and EFSM. For the network protocols which have multiple components communicating with messages, CFSM is a widely accepted solution. But in some network protocols, parallel and data-shared components maybe exist in the same network entity. It is infeasible to precisely specify such protocol by existing models. In this paper we present a new model, Parallel Parameterized Extended Finite State Machine (PaP-EFSM). A protocol system can be modeled with a group of PaP-EFSMs. The PaP-EFSMs work in parallel and they can read external variables form each other. We present a 2-stage test generation approach for our new models. Firstly, we generate test sequences for internal variables of each machine. They may be non-executable due to external variables. Secondly, we process the external variables. We make the sequences for internal variables executable and generate more test sequences for external variables. For validation, we apply this method to the conformance testing of real-life protocols. The devices from different vendors are tested and implementation faults are exposed.

Irith Pomeranz

DOI: https://doi.org/10.1109/tvlsi.2024.3365355

2024-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:The fabrication processes of chips in state-of-the-art technologies may introduce defects of various types, and a large number of tests may be needed for fault detection. However, constraints on the storage requirements of a test set can limit the number of tests and, consequently, the fault coverage. It was shown earlier that reductions in the input storage requirements of a test set can be achieved by using the same stored tests for applying several different tests. One of the operators used for this purpose complements bits of applied tests. The key contributions of this article to this scenario are the following. These issues are considered here for the first time: 1) the use of bit-complemented tests is guided by the fault coverage curve of a complete test set and bit-complementation is applied to tests from the beginning of the fault coverage curve to replace tests at the tail of the curve that detect small numbers of faults; 2) the input and output test data volume are considered together and bit-complementation is used for storing both the tests and their output responses; and 3) the procedure described in this article explores the tradeoff between the storage requirements and the number of applied tests. Experimental results for single-cycle gate-exhaustive faults in benchmark circuits demonstrate the tradeoff.

engineering, electrical & electronic,computer science, hardware & architecture

Zhi-Liang WANG,Jian-Ping WU,Xia YIN

DOI: https://doi.org/10.3321/j.issn:0254-4164.2006.11.002

2006-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:Protocol testing is one of the important techniques to ensure the quality of implementations of network communication protocols and interoperability testing is a widely-used protocol testing technique. This paper presents an interoperability test generation method based on the formal model, Communicating Multi-port Finite State Machines. Firstly, centralized test sequence can be generated by using existing reachability analysis approach. Then fault coverage of the resulting test suite is analyzed systematically using single fault models; in order to improve the fault coverage, an enhanced test generation method is presented. Finally, the controllability and observability problems in interoperability testing are discussed; suitable distributed test architecture is selected and a formal algorithm is presented to generate the distributed synchronizable test suite according to the distributed test architecture. The experimental results show that comparing with existing methods, the method in this paper can improve the fault coverage of the resulting test suite and is feasible and effective.

Gao Xiang,Wang Xin

DOI: https://doi.org/10.13382/j.jemi.2007.02.022

2007-01-01

JOURNAL OF ELECTRONIC MEASUREMENT AND INSTRUMENT

Abstract:Automatic generation of test sequences is an important issue in conformance testing of communication protocols. The optimal-length test sequences with high fault coverage are of great importance in enhancing the efficiency of the whole testing system. This paper presents a new approach for generating test sequences automatically. In this approach, a mathematical module-FSM state graph for communication protocol is specified by incidence matrix; the concept of linear programming is introduced; symmetrical FSM graph is obtained by utilizing integer linear programming renovation, and finally the shortest traversal sequences are obtained by utilizing the Chinese Postman Traversal Algorithm. The UIO sequence for the initial state in the Euler loop or for the tail state in the Euler path is used as the checking sequence for the tail state of each transition. It is proved that this approach has feasibility and superiority .