test case generation for runtime analysis and vice versa
play

Test-Case Generation for Runtime Analysis and Vice-Versa: - PowerPoint PPT Presentation

Aug 31, 2022 •152 likes •614 views

Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation Assurance Dimitra Giannakopoulou Marko Dimjaevi University of Utah NASA Ames Research Center ISSTA 2015, Baltimore, Maryland July 17, 2015 1 /

  1. Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation Assurance Dimitra Giannakopoulou Marko Dimjašević University of Utah NASA Ames Research Center ISSTA 2015, Baltimore, Maryland July 17, 2015 1 / 21

  2. Goals ◮ Propose verification properties for aircraft separation assurance software ◮ Verify properties at runtime 2 / 21

  3. AutoResolver ◮ Part of US federal government’s NextGen project ◮ Developed at NASA Ames Research Center ◮ Software system for aircraft separation assurance ◮ 65K lines of Java code ◮ Its environment’s core: 450K lines of code 3 / 21

  4. Conflict, Loss of Separation, Separation Assurance 4 / 21

  5. Monitored Requirements Verification Properties 5 / 21

  6. Monitored Requirements Verification Properties P 1 There should be a resolution for every conflict. 5 / 21

  7. Monitored Requirements Verification Properties P 1 There should be a resolution for every conflict. P 2 Initial conflicts are resolved in the non-decreasing order of their first time to loss of separation. 5 / 21

  8. Monitored Requirements Verification Properties P 1 There should be a resolution for every conflict. P 2 Initial conflicts are resolved in the non-decreasing order of their first time to loss of separation. P 3 New conflicts arising as a result of conflict resolution should be inserted into the list of conflicts according to their first loss of separation time. 5 / 21

  9. Monitored Requirements Verification Properties P 1 There should be a resolution for every conflict. P 2 Initial conflicts are resolved in the non-decreasing order of their first time to loss of separation. P 3 New conflicts arising as a result of conflict resolution should be inserted into the list of conflicts according to their first loss of separation time. P 4 No picked resolution is allowed to cause a more imminent secondary conflict. 5 / 21

  10. Monitored Requirements Verification Properties P 1 There should be a resolution for every conflict. P 2 Initial conflicts are resolved in the non-decreasing order of their first time to loss of separation. P 3 New conflicts arising as a result of conflict resolution should be inserted into the list of conflicts according to their first loss of separation time. P 4 No picked resolution is allowed to cause a more imminent secondary conflict. Resolution Monitor M 1 For each conflict, report its resolution type and how it changes over time. 5 / 21

  11. Wrapper Motivation 6 / 21

  12. Wrapper Motivation ◮ Environment stubbing ◮ Light-weight testing with different kinds of input than trajectories ◮ E.g. airspeed, initial heading, climb rate, heading change, trajectory time, destination coordinates 6 / 21

  13. Wrapper Motivation ◮ Environment stubbing ◮ Light-weight testing with different kinds of input than trajectories ◮ E.g. airspeed, initial heading, climb rate, heading change, trajectory time, destination coordinates ◮ Test-case generation: control conflict creation process 6 / 21

  14. Wrapper Motivation ◮ Environment stubbing ◮ Light-weight testing with different kinds of input than trajectories ◮ E.g. airspeed, initial heading, climb rate, heading change, trajectory time, destination coordinates ◮ Test-case generation: control conflict creation process Purpose ◮ Test-case generation ◮ Property verification at runtime 6 / 21

  15. Wrapper — Aspect-Oriented Programming ◮ Avoid usual way: instrumentation for verification ◮ Leave AutoResolver’s source code intact 7 / 21

  16. Wrapper — Aspect-Oriented Programming ◮ Avoid usual way: instrumentation for verification ◮ Leave AutoResolver’s source code intact AspectJ ◮ Java language extension ◮ Bytecode weaving (instrumentation) 7 / 21

  17. Wrapper — Aspect-Oriented Programming ◮ Avoid usual way: instrumentation for verification ◮ Leave AutoResolver’s source code intact AspectJ ◮ Java language extension ◮ Bytecode weaving (instrumentation) In-house verification ◮ No external verification tool used (SMT solvers, MOP tools) 7 / 21

  18. Wrapper — Properties Properties as AspectJ aspects ◮ 1 property = 1 aspect ◮ 1 aspect = multiple pointcuts and advices 8 / 21

  19. Wrapper — Properties Properties as AspectJ aspects ◮ 1 property = 1 aspect ◮ 1 aspect = multiple pointcuts and advices Pointcuts ◮ Where are interesting points of execution in AutoResolver? 8 / 21

  20. Wrapper — Properties Properties as AspectJ aspects ◮ 1 property = 1 aspect ◮ 1 aspect = multiple pointcuts and advices Pointcuts ◮ Where are interesting points of execution in AutoResolver? ◮ Points in wrapper itself 8 / 21

  21. Wrapper — Properties Properties as AspectJ aspects ◮ 1 property = 1 aspect ◮ 1 aspect = multiple pointcuts and advices Pointcuts ◮ Where are interesting points of execution in AutoResolver? ◮ Points in wrapper itself Advices ◮ Actions to be taken at pointcuts 8 / 21

  22. AspectJ Example pointcut callAR(AacTestWrapper wrapper): call(public ArrayList conflictDetectResolve()) && target(wrapper) && !cflow(myAspect()) && !cflow(callFlyForMethod(*, *)) && if(isEnabled); after(AacTestWrapper wrapper): callAR(wrapper) { for (t = 60.0; t <= 480.0; t += 60.0) { AacTestWrapper w = wrapper.flyFor(t); w.conflictDetectResolve(); } } 9 / 21

  23. Runtime Verification ◮ Verification at runtime 10 / 21

  24. Runtime Verification ◮ Verification at runtime ◮ Need for good runtime drivers ◮ Test cases 10 / 21

  25. Runtime Verification ◮ Verification at runtime ◮ Need for good runtime drivers ◮ Test cases “Testing shows the presence, not the absence of bugs.” — Dijkstra 10 / 21

  26. Test-Case Generation ◮ Arbitrary many conflicts 11 / 21

  27. Test-Case Generation ◮ Arbitrary many conflicts ◮ Secondary conflicts — challenging to create 11 / 21

  28. Test-Case Generation ◮ Arbitrary many conflicts ◮ Secondary conflicts — challenging to create ◮ Time dimension added at runtime 11 / 21

  29. Generating Secondary Conflicts ◮ Secondary conflicts: created along a resolution trajectory 12 / 21

  30. Generating Secondary Conflicts ◮ Secondary conflicts: created along a resolution trajectory Extend black-box test cases through reflection and with runtime verification 12 / 21

  31. Generating Secondary Conflicts ◮ Secondary conflicts: created along a resolution trajectory Extend black-box test cases through reflection and with runtime verification T 3 T ′ T ′ T 1 T 2 T 2 T 2 1 1 12 / 21

  32. Test Case — Example public void test0() throws Throwable { AacTestWrapper wrapper = new AacTestWrapper(); wrapper.setUpCR(CR_parameters1); wrapper.setUpCL(CL_parameters2); wrapper.setUpCR(CR_parameters3); wrapper.conflictDetectResolve(); } 13 / 21

  33. Evaluation ◮ Test suite of 3.5 million test cases ◮ Each test case with about 5 conflicts ◮ Every test case executed at 9 different time points ◮ Fly all aircraft for some time and then call AutoResolver ◮ Effectively: 3 . 5 million · 9 = 31 . 5 million test cases ◮ Check if every requirement is exercised ◮ Second-level monitors 14 / 21

  34. Results — Property P 1 There should be a resolution for every conflict. 15 / 21

  35. Results — Property P 1 There should be a resolution for every conflict. ◮ It does not hold, but this is not a bug ◮ AutoResolver does not resolve conflicts that: ◮ involve aircraft already in violation ◮ happen earlier than a predetermined time limit (1 minute) ◮ happen later than a predetermined time limit (8 minutes) ◮ “Neither plane able to maneuver/neither plane able to be unfrozen” (current resolution round) 15 / 21

  36. Results — Property P 2 Initial conflicts are resolved in the non-decreasing order of their first time to loss of separation. 16 / 21

  37. Results — Property P 2 Initial conflicts are resolved in the non-decreasing order of their first time to loss of separation. ◮ No violation found 16 / 21

  38. Results — Property P 3 New conflicts arising as a result of conflict resolution should be inserted into the list of conflicts according to their first loss of separation time. 17 / 21

  39. Results — Property P 3 New conflicts arising as a result of conflict resolution should be inserted into the list of conflicts according to their first loss of separation time. ◮ No violation found ◮ No test case that exercises respective parts of code ◮ Second-level monitor ◮ Need support for weather conflict type 17 / 21

  40. Results — Property P 4 No picked resolution is allowed to cause a more imminent secondary conflict. 18 / 21

  41. Results — Property P 4 No picked resolution is allowed to cause a more imminent secondary conflict. ◮ No violation found ◮ Several test cases used to indicate violation (bug found in wrapper) 18 / 21

  42. Results — Resolution Monitor M 1 For each conflict, report its resolution type and how it changes over time. 19 / 21

  43. Results — Resolution Monitor M 1 For each conflict, report its resolution type and how it changes over time. ttlos [s] Delay time [s] Res type 430.0 0.0 26 370.0 60.0 26 310.0 120.0 26 250.0 180.0 26 190.0 240.0 26 130.0 300.0 13 70.0 360.0 13 10.0 420.0 not resolved 0.0 480.0 not resolved 19 / 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

When is a Clone not a Clone? (and vice-versa) Contextualized Analysis of Web Services Douglas

When is a Clone not a Clone? (and vice-versa) Contextualized Analysis of Web Services Douglas

When is a Clone not a Clone? (and vice-versa) Contextualized Analysis of Web Services Douglas Martin James R. Cordy Scott Grant David B. Skillicorn School of Computing Kingston, Canada Motivation The Personal Web Rapidly growing

631 views • 38 slides
Hedging Your Ifs and Vice Versa Kai von Fintel and Anthony S. Gillies MIT and Rutgers November

Hedging Your Ifs and Vice Versa Kai von Fintel and Anthony S. Gillies MIT and Rutgers November

Hedging Your Ifs and Vice Versa Kai von Fintel and Anthony S. Gillies MIT and Rutgers November 21 University of Latvia Ramseys Test If two people are arguing If p will q ? and are both in doubt as to p , they are adding p

733 views • 44 slides
Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD

Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD

Automated Test Case Generation Stefan Klikovits Automated Test Case Generation or: How to not write test cases Stefan Klikovits EN-ICE-SCD Universit e de Gen` eve 28 th September, 2015 Automated Test Reminder: Testing is not easy Case

609 views • 33 slides
Dwarf Spheroidal Galaxies : From observations to models and vice versa Yves Revaz The good

Dwarf Spheroidal Galaxies : From observations to models and vice versa Yves Revaz The good

Dwarf Spheroidal Galaxies : From observations to models and vice versa Yves Revaz The good reasons to study dSphs : Test for the LCDM paradigm : small structures are predicted in abundance Galaxy luminosity function Bower et al. 2003 The

904 views • 63 slides
MODEL-BASED, MUTATION-DRIVEN TEST CASE GENERATION VIA HEURISTIC-GUIDED BRANCHING SEARCH Andreas

MODEL-BASED, MUTATION-DRIVEN TEST CASE GENERATION VIA HEURISTIC-GUIDED BRANCHING SEARCH Andreas

MODEL-BASED, MUTATION-DRIVEN TEST CASE GENERATION VIA HEURISTIC-GUIDED BRANCHING SEARCH Andreas Fellner FMCAD Student Forum Wien, October 4th 2017 TEST CASE GENERATION WITH 1 Andreas Fellner TEST CASE GENERATION WITH Abstract Model UML /

358 views • 34 slides
Real-Time Modeling and Test Case Generation Konrad Krentz A Convincing Safety Case [1] 2 A

Real-Time Modeling and Test Case Generation Konrad Krentz A Convincing Safety Case [1] 2 A

Real-Time Modeling and Test Case Generation Konrad Krentz A Convincing Safety Case [1] 2 A Convincing Safety Case Fault Formal () Architecture Tree Testing Methods Analysis UPPAAL Agenda 3 Timed Timed UPPAAL Model- Overview

369 views • 36 slides
From High to Low Level and Vice-Versa: A New Language for the Translation between Abstraction

From High to Low Level and Vice-Versa: A New Language for the Translation between Abstraction

From High to Low Level and Vice-Versa: A New Language for the Translation between Abstraction Levels in Robot Control Architectures Jos Carlos Gonzlez , Javier Garca, Raquel Fuentetaja, ngel Garca-Olaya and Fernando Fernndez Planning

637 views • 11 slides
Turning Their Data into Your Money (and vice versa) Robert M. (r0ml) Lefkowitz

Turning Their Data into Your Money (and vice versa) Robert M. (r0ml) Lefkowitz

Turning Their Data into Your Money (and vice versa) Robert M. (r0ml) Lefkowitz r0ml@1010data.com 1 Sophisticated Wall Street analysts working with 3-D goggles and parallel processors. The answer: 10 day moving averages in pairs trading.

438 views • 16 slides
HOW OPENSTACK MAKES PYTHON BETTER (and vice-versa) Hello! I AM DOUG HELLMANN Red Hat

HOW OPENSTACK MAKES PYTHON BETTER (and vice-versa) Hello! I AM DOUG HELLMANN Red Hat

HOW OPENSTACK MAKES PYTHON BETTER (and vice-versa) Hello! I AM DOUG HELLMANN Red Hat Technical Committee member PSF Fellow @doughellmann on Twitter dhellmann on Freenode Hello! I AM THIERRY CARREZ OpenStack Foundation staff Technical

580 views • 39 slides
Lecture 17: Wrapup &amp; Questions . Runtime-Verification . Statement-, branch-, term-

Lecture 17: Wrapup &amp; Questions . Runtime-Verification . Statement-, branch-, term-

Topic Area Code Quality Assurance: Content Content Introduction and Vocabulary Formal Program Verification VL 14 Test case, test suite, test execution. Proof System PD . . Positive and negative outcomes. Softwaretechnik /

246 views • 13 slides
Using psychology to inform genetics and vice versa: Examples from neurodevelopmental disorders

Using psychology to inform genetics and vice versa: Examples from neurodevelopmental disorders

Using psychology to inform genetics and vice versa: Examples from neurodevelopmental disorders Dorothy Bishop Wellcome Trust Principal Research Fellow University of Oxford 1 Neurodevelopmental disorders of unknown origin Specific Language

499 views • 16 slides
Testing: Our Experiences Test Case Sof tware Testing Software to be tested Output When to

Testing: Our Experiences Test Case Sof tware Testing Software to be tested Output When to

Testing: Our Experiences Test Case Sof tware Testing Software to be tested Output When to Stop? A Real Testing Example Test Case Generation Test Cases Just a list. Test Case {1,3,2} SPECS: A sorted list. {1,2,3} Takes a list

316 views • 7 slides
A UML-Based Testing Approach Using Sequence Diagrams, Statecharts, and OCL Constraints Dehla

A UML-Based Testing Approach Using Sequence Diagrams, Statecharts, and OCL Constraints Dehla

A UML-Based Testing Approach Using Sequence Diagrams, Statecharts, and OCL Constraints Dehla Sokenou TU Berlin Softwaretechnik Overview of the Test System test data test generation driver test case abstract test data generation test

444 views • 20 slides
Improving Test Case Generation for Web Applications Using Automated Interface Discovery William

Improving Test Case Generation for Web Applications Using Automated Interface Discovery William

Improving Test Case Generation for Web Applications Using Automated Interface Discovery William G.J. Halfond and Alessandro Orso Georgia Institute of Technology Web Application Overview Request Web http://host?login=alice&amp;pin=1234

892 views • 40 slides
RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION 2 TESTING PARSERS IS HARD 3 HOW WE GOT

RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION 2 TESTING PARSERS IS HARD 3 HOW WE GOT

JOE ROZNER / @JROZNER RE-TARGETABLE GRAMMAR BASED TEST CASE GENERATION 2 TESTING PARSERS IS HARD 3 HOW WE GOT HERE Mostly clean room (ish) implementation of complex languages (context-free- ish) ~35k lines of grammar in total

400 views • 19 slides
Bridging C++ to Python and vice-versa Jack Jansen Centrum voor Wiskunde en Informatica About Me

Bridging C++ to Python and vice-versa Jack Jansen Centrum voor Wiskunde en Informatica About Me

Bridging C++ to Python and vice-versa Jack Jansen Centrum voor Wiskunde en Informatica About Me Active Python user since 1992, responsible for MacPython since 1995, when Guido got rid of his Mac. Work at CWI on multimedia research.

442 views • 22 slides
Graph kernels for chemical informatics Hosein Mohimani GHC7717 hoseinm@andrew.cmu.edu

Graph kernels for chemical informatics Hosein Mohimani GHC7717 hoseinm@andrew.cmu.edu

Graph kernels for chemical informatics Hosein Mohimani GHC7717 hoseinm@andrew.cmu.edu Quantitative Structure-Activity relation-ships Question. How can we design perfect chemical compounds for a specific biological activity? Nave

934 views • 82 slides
The caret Package: A Unified Interface for Predictive Models Max Kuhn Pfizer Global R &amp; D

The caret Package: A Unified Interface for Predictive Models Max Kuhn Pfizer Global R &amp; D

The caret Package: A Unified Interface for Predictive Models Max Kuhn Pfizer Global R &amp; D Nonclinical Statistics Groton, CT max.kuhn@pfizer.com Motivation Theorem (No Free Lunch) In the absence of any knowledge about the prediction

538 views • 17 slides
Identification of degradation products of Saquinavir mesylate by LC-MS: Molecular Docking and In

Identification of degradation products of Saquinavir mesylate by LC-MS: Molecular Docking and In

Identification of degradation products of Saquinavir mesylate by LC-MS: Molecular Docking and In Silico toxicity studies Gangarapu Kiran a* , Julakanti Venu a , Mulagada Gowri Monja a , Chettupalli Ananda Kumar a , Thumma Gouthami b , Vasudha Bakshi

826 views • 25 slides
electron materials: LDA+U and beyond Purpose: Understanding the limitation of standard local

electron materials: LDA+U and beyond Purpose: Understanding the limitation of standard local

ISS-2018 Summer School (Kashiwa, 07/04/2018) First-principles description of correlated electron materials: LDA+U and beyond Purpose: Understanding the limitation of standard local approximations to describe correlated electron systems

586 views • 39 slides
M6S4 - Hypothesis Tests Professor Jarad Niemi STAT 226 - Iowa State University November 1, 2018

M6S4 - Hypothesis Tests Professor Jarad Niemi STAT 226 - Iowa State University November 1, 2018

M6S4 - Hypothesis Tests Professor Jarad Niemi STAT 226 - Iowa State University November 1, 2018 Professor Jarad Niemi (STAT226@ISU) M6S4 - Hypothesis Tests November 1, 2018 1 / 13 Outline Hypothesis Tests Review Decision making Practical

262 views • 13 slides
!&quot;#$%&amp;'()*+,$-$&quot;+)'$.$ !&quot;#$/()0$123'04$ 5*,,04$6*330)$

!&quot;#$%&amp;'()*+,$-$&quot;+)'$.$ !&quot;#$/()0$123'04$ 5*,,04$6*330)$

!&quot;#$%&amp;'()*+,$-$&quot;+)'$.$ !&quot;#$/()0$123'04$ 5*,,04$6*330)$ 1'0,,078(39:$;7*&lt;0)3*'2$ =(3'$(&gt;$':0$3,*?03$82$&quot;0'0)$=0:,*'@$ A&lt;0)&lt;*0B$ CD+4E,03$ 5:+'$*3$!&quot;#F$ CD'07?*7G$!&quot;#$ H*3'070)3$

1.18k views • 69 slides
Java Path Finder (JPF) Christian Bergum Bergersen June 1, 2015 What is Java Path Finder?

Java Path Finder (JPF) Christian Bergum Bergersen June 1, 2015 What is Java Path Finder?

Java Path Finder (JPF) Christian Bergum Bergersen June 1, 2015 What is Java Path Finder? Java Path Finder is an open-source analysis system that automatically verifies/model check Java programs. Initially developed by NASA. The Java

615 views • 16 slides
ZigBee for Wireless Sensor Networks ZigBee for Wireless Sensor Networks in Space and Field

ZigBee for Wireless Sensor Networks ZigBee for Wireless Sensor Networks in Space and Field

ZigBee for Wireless Sensor Networks ZigBee for Wireless Sensor Networks in Space and Field Science in Space and Field Science Mark Foster, CSC / NASA Ames Rick Alena, NASA Ames Intelligent Systems Division Discovery and Systems Health NASA

504 views • 32 slides

More recommend