Embed Size (px)
Citation preview
MBT 2008 MBT 2008 -- Fourth Workshop on ModelFourth Workshop on Model--Based Testing Based Testing March 30, 2008, Budapest, HungaryMarch 30, 2008, Budapest, Hungary
Satellite event of Satellite event of ETAPS 2008ETAPS 2008
A Lightweight Approach for the Semantic Validation of Model Refinements
LIFIA – Faculty of Informatics, University of La Plata Buenos Aires, Argentina
http://sol.info.unlp.edu.ar/eclipse
Claudia Pons and Diego Garcia
2/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
This work is about…
Test Cases
3/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
The NEW paradigm
Model Driven Engineering
• Platform Independent Model (PIM)• Platform Specific Model (PSM)• Transformation languages (QVT)
A new problem:
How to test and/or verify
transformations?
4/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
The “NEW” paradigm ?Model-Driven Engineering
Specification
Refinementsteps
Refinement is the process of developing a more detailed design or
implementation from an abstract specification through a sequence of
mathematically-based steps that maintain correctness with respect to the
original specification.
Refinement captures the essential relationship between specification and
implementation.
Edsger W. Dijkstra, A Discipline of Programming. Prentice Hall Series in
Automatic Computation. New York, 1976
Software System
5/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
How to verify transformation (i.e., refinement)?Model-Driven Engineering
We have two alternatives:
MOF/UML/OCL Language Formal
Language
Translation of refinements
Promotion of refinements
Refinement in MOF/UML/OCL
Well founded refinement
structures in Z
Inspiration source for…
Our proposal:
6/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
SyntaxRefinements in Z
7/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
SemanticsRefinements in Z
Downward simulation rules:
Initialization:
Applicability:
Correctness:
A specificationsimulation of If:
is a downward
8/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
Syntax and semanticsThe standard modeling language UML provides an artifact named Abstractionto explicitly specify abstraction/refinement relationship between model elements.
Refinements in UML
Only syntax.No formal semantics is provided!
a.capacity = c.seat ->size() anda.reservedSeats=c.seat->select(s|s.reserved)->size()
9/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
A lightweight strategyEncoding downwards simulation in OCL.
Checking refinements in UML
(1) The Retrieve relation:
Context c:FlightC def: abs(): FlightA =
FlightA.allInstances() -> select ( a | a.capacity = c.seat -> size() anda.reservedSeats = c.seat -> select (s | s.reserved ) -> size()
) -> any()
10/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
A lightweight strategyEncoding downwards simulation in OCL.
Checking refinements in UML
(2) The Initialization condition:
is expressed in OCL by means of the following constraint,
The following initialization condition for Z specifications,
FlightC.allInstances()->forAll(c|c.isInit()implies a.isInit())
11/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
A lightweight strategyEncoding downwards simulation in OCL.
Checking refinements in UML
(3) The applicability condition:
is expressed in OCL by means of the following constraint,
The following applicability condition for Z specifications,
FlightC.allInstances()-> forAll(c|a.preReserve() implies c.preReserve())
12/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
A lightweight strategyEncoding downwards simulation in OCL.
Checking refinements in UML
(4) The correctness condition:
is expressed in OCL by means of the following constraint,
The following correctness condition for Z specifications,
FlightC.allInstances()-> forAll( c, c_post| (a.preReserve()and c_post.hasReturnedReserve(c))implies a_post.hasReturnedReserve(a) )
13/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
Tool supportChecking Refinements in UML
ePLATERO: EclipsePLuginAssisting Traceability in an Environment withRefinement Orientation
ePLATERO is a CASE tool for supporting refinement-driven and model-driven software development, using graphical notations with formal foundation.
ePLATERO is a plug-in for the Eclipse platform.
14/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
PLATERO’s Functionalitymodel editor ••Creation of UML artifacts with OCL constraintsCreation of UML artifacts with OCL constraints
••Visualization of errors of wellVisualization of errors of well--formedness.formedness.•• Specification of Abstraction artifact whit its corresponding abstraction mapping.
15/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
PLATERO’s Functionalitymodel editor (OCL invariants, pre and post conditions)
16/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
PLATERO’s Functionalityrefinement evaluation (OCL condition generation)
17/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
PLATERO’s Functionalityrefinement evaluation (OCL condition generation)
18/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
But, this is not enough…
19/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
The micro worlds strategyEvaluation of OCL conditions
To make the evaluation of refinement conditions viable, the technique of micro-worlds of software is applied:
•defining a finite bound on the size of instances;
•checking whether all instances of that size satisfy the property under consideration.
Positive answer(confidence)
Negative answer(refutation)
20/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
Improving the micro-worlds by applyingtesting techniques
Evaluation of OCL conditions
•Select only a finite amount of representative micro-worlds:• determine relevant values for the properties (attributes and multiplicities) of objects building up each micro-world;
The category-partition method
Partitions:FlightC::canceled {true}, {false} FlightC::#seat {0}, {1..299}, {300} Seat::reserved {true}, {false} Seat::number {0}, {1..299}, {300} Additional Constraints:context FlightA inv: self.reservedSeats
<= self.capacity
21/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
Improving the micro-worlds by applyingtesting techniques
• Adequacy criterions are defined.• Cost considerations and available resources determine the selection of one criterion over another.
OneRangeCombinationeach range of each property is covered at least once.
AllRangesCombinationone object for each possible combination of ranges for all the properties of a class.
the Strategy design pattern to facilitate adding other strategies
Evaluation of OCL conditions
22/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
PLATERO’s Functionalityrefinement evaluation (micro-world generation)
23/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
PLATERO’s Functionalityrefinement evaluation (micro-world size and range combination strategy)
24/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
PLATERO’s Functionalityrefinement evaluation (micro-world visualization)
25/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
PLATERO’s Functionalityrefinement evaluation (positive answer)
26/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
Experimental results
020406080
100
size 5 size 10 Size 15
ePlatero oneRangeePlatero AllRangeAlloy
0
2000
4000
6000
8000
10000
Size 5 Size 10 Size 15
ePlatero OneRangeePlatero AllRangeAlloy
Table 1. average evaluation costs according to the size of the micro-worlds
Table 2. percentage of correct responses according to the size of the micro-world
27/MBT at ETAPS - Budapest, Hungary - March 30th, 2008
Conclusions •Transformations should be formally verified - to guarantee
correctness
• Verification requires the application of formal modeling
languages - complex , rarely used in practice.
•We developed an automatic method for creating refinement
conditions for UML models, written in the standard and well-
accepted OCL language.
•We adapted a strategy for reducing the search scope in order
to make the evaluation of refinement conditions feasible.
•This is a lightweight approach that avoids the use of
mathematical languages and tools.
