automated object’s statechart generation and testing from class-method contracts
DESCRIPTION
Automated Object’s Statechart Generation and Testing from Class-Method Contracts. Atul Gupta PhD Scholar, IIT Kapur, India. Organization. Motivation Underlying Models Automated Statechart Generation V&V Using Statechart Outcomes Related Work Conclusions. Organization. Motivation - PowerPoint PPT PresentationTRANSCRIPT
Automated Object’s Statechart Automated Object’s Statechart Generation and Testing from Generation and Testing from
Class-Method ContractsClass-Method Contracts
Atul GuptaAtul GuptaPhD Scholar, IIT Kapur, IndiaPhD Scholar, IIT Kapur, India
OrganizationOrganization
MotivationMotivation Underlying ModelsUnderlying Models Automated Statechart GenerationAutomated Statechart Generation V&V Using StatechartV&V Using Statechart OutcomesOutcomes Related WorkRelated Work ConclusionsConclusions
OrganizationOrganization
MotivationMotivation Underlying ModelsUnderlying Models Automated Statechart GenerationAutomated Statechart Generation V&V Using StatechartV&V Using Statechart OutcomesOutcomes Related WorkRelated Work ConclusionsConclusions
MotivationMotivation
Most development is maintenance.Most development is maintenance. Most specification is incremental.Most specification is incremental. Domain knowledge is important.Domain knowledge is important. The connections between Structural and The connections between Structural and
Behavior Specifications in OO Systems Behavior Specifications in OO Systems are weak Hence there is a need for tightly-are weak Hence there is a need for tightly-coupled deigns for better evolution of coupled deigns for better evolution of software objects.software objects.Aim:Aim: Effective semi-automated V&VEffective semi-automated V&V
OrganizationOrganization
MotivationMotivation
Underlying ModelsUnderlying Models Automated Statechart GenerationAutomated Statechart Generation V&V Using StatechartV&V Using Statechart OutcomesOutcomes Related WorkRelated Work ConclusionsConclusions
Object Contracts: Constrained Object Contracts: Constrained Class DiagramClass Diagram
A A pre-conditionpre-condition to a method which is a restriction that to a method which is a restriction that must be true at the moment that the method is going to must be true at the moment that the method is going to be executed. be executed.
A A post-conditionpost-condition to an method which is a restriction that to an method which is a restriction that must be true at the moment that the method has just must be true at the moment that the method has just ended its execution. ended its execution.
An An invariantinvariant which is a restriction that must be true which is a restriction that must be true before as well as after a method invocation.before as well as after a method invocation.
Specification Language: UML class Specification Language: UML class diagram with OCL constraintsdiagram with OCL constraints
Notion of Object’s Abstract StatesNotion of Object’s Abstract States
Object’s concrete states are infiniteObject’s concrete states are infinite Behavior typically depends on regions, defined Behavior typically depends on regions, defined
by a set of ‘domain variables’ and their values.by a set of ‘domain variables’ and their values. Typically, these variables are part of object’s Typically, these variables are part of object’s
method contractsmethod contracts Variables with abstracted-out values forms the Variables with abstracted-out values forms the
state variables state variables A state is an specific assignment of these state A state is an specific assignment of these state
variablesvariables
Example: A Bounded ListExample: A Bounded List
‘‘size’ is the ‘domain variable’ which exhibit size’ is the ‘domain variable’ which exhibit important behavior for the Listimportant behavior for the List
Five states corresponding to size<0, Five states corresponding to size<0, size=0, size>0 && size < maxElement, size=0, size>0 && size < maxElement, size = maxElement, and size>maxElementsize = maxElement, and size>maxElement
Two invalid (Error) states and three valid Two invalid (Error) states and three valid states states
Data Types: Abstract State ModelData Types: Abstract State Model
Numeric data types like integer, float, etc. are to Numeric data types like integer, float, etc. are to be mapped to a finite set of disjoint partitions be mapped to a finite set of disjoint partitions over its entire state space, e.g., an integer state over its entire state space, e.g., an integer state variable X is mapped to three abstract states ‘X variable X is mapped to three abstract states ‘X < 0’, ‘X = 0’, and ‘X > 0’. < 0’, ‘X = 0’, and ‘X > 0’.
Boolean and enumeration data types are Boolean and enumeration data types are considered inherently abstract.considered inherently abstract.
Object references X are mapped either to the Object references X are mapped either to the abstract state ‘X = null’, or to the abstract state abstract state ‘X = null’, or to the abstract state ‘X ‘X isInstance OfisInstance Of C’ for each class C, of the C’ for each class C, of the object referenced by X.object referenced by X.
OrganizationOrganization
MotivationMotivation Underlying ModelsUnderlying Models
Automated Statechart GenerationAutomated Statechart Generation V&V Using StatechartV&V Using Statechart OutcomesOutcomes Related WorkRelated Work ConclusionsConclusions
Statechart ElementsStatechart Elements
Generated as a Directed Graph with States Generated as a Directed Graph with States representing ‘nodes’ and method calls as representing ‘nodes’ and method calls as ‘edges’ in the graph.‘edges’ in the graph.
Edges may be associated with ‘conditions’.Edges may be associated with ‘conditions’. If-statements in the method-conditions are If-statements in the method-conditions are
represented by a ‘choice’ node in the graphrepresented by a ‘choice’ node in the graph An start state modeled by a constructor of An start state modeled by a constructor of
the classthe class
Some AssumptionsSome Assumptions
Method contracts are availableMethod contracts are available Pre-conditions are in CNFPre-conditions are in CNF Numeric Variables appearing in method Numeric Variables appearing in method
contracts but not the state variables, are contracts but not the state variables, are specified with their range constraints.specified with their range constraints.
Search for all those object’s methods Search for all those object’s methods which may be invoked at a given statewhich may be invoked at a given state
Method invocation at a StateMethod invocation at a State
X = B (a,b) X = S (a) X = UB-ve(< a) X = UB+ve (> a)
X > Y X = Y
X > Y X = Y
X > Y X = Y
X: Numeric state variable Y: Numeric state variable or expression
X > Y X = Y
Y = B(c,d)
At State:
Pre:
T
a > d
F
c> b
T[ X>Y]
other
Y = S (c)
T
a >=c
T[ X>Y]
other
Y= UB-ve(< c) Y = UB+ve(> c)
F
c>= b
T[ X>Y]
other B – Bounded S – Specific UB – Un-bounded other – other cases
Obtaining Resulting StatesObtaining Resulting States
Post-conditions may be one of the following type Post-conditions may be one of the following type X X <expr> ( X is a Numeric state variable) <expr> ( X is a Numeric state variable) X rop <expr> (X is a Numeric state variable or X rop <expr> (X is a Numeric state variable or
an <expr> containing Numeric variables)an <expr> containing Numeric variables) If <C1>then <expr>-else if <C2> …If <C1>then <expr>-else if <C2> …
aMethod() [C1]
[C2]
A B
C
The <expr> is evaluated and the results are mapped to set of states
OrganizationOrganization
MotivationMotivation Underlying ModelsUnderlying Models Automated Statechart GenerationAutomated Statechart Generation
V&V Using StatechartV&V Using Statechart OutcomesOutcomes Related WorkRelated Work ConclusionsConclusions
Effective V&V using statechartEffective V&V using statechart
The resulting statechart The resulting statechart can be inspected to can be inspected to find out discrepancies find out discrepancies in the object behavior. in the object behavior. E.g.E.g.
- Incorrect transitionsIncorrect transitions- Incorrect resulting statesIncorrect resulting states- Incorrect end-statesIncorrect end-states- Un-reachable statesUn-reachable states
A correct statechart A correct statechart can be used for can be used for performing automated performing automated testing which includestesting which includes
- Method test sequence Method test sequence generationgeneration
- test input generationtest input generation- Generation of test-oraclesGeneration of test-oracles
An Example: Class CoinBoxAn Example: Class CoinBoxClass CoinBox {int curQtr, quantity, totalQtrsboolean allowVend
addQtr( ) // adding a quarter in the machinepre : quantity > 0;post : curQtr curQtr@pre +1
if (curQtr >= 2) then allowVend TRUE
retQtrs( ) // returning quarters back to the user
pre : curQtr > 0;post : curQtr 0
allowVend FALSE
vend( ) // deliver a drinkpre : allowVend = TRUE &&
quantity > 0;post : curQtr 0
allowVend FALSE quantity quantity@pre –
1 totalQtrs totalQtrs@pre
+ curQtr
addDrink(m ) // add m unit of drink in the //machine
pre : quantity = 0;post : quantity quantity@pre + m
Automated TestingAutomated Testing
public class CoinBoxTest extends TestCase {CoinBox cbox;
public CoinBoxTest(String name) {super(name);cbox = new CoinBox();
}public void testAddDrinkAtA(){ //testing addDrink(m)
// in state ATry{
assertEquals(0, cbox.getCurrectQtrs());
assertFalse(cbox.isAllowVend());assertEquals(0,
cbox.getCurrectQty());cbox.addDrink(2);assertEquals(0,
cbox.getCurrectQtrs());assertFalse(cbox.isAllowVend());assertTrue(cbox.getCurrectQty()> 0)
}catch (Exception e){fail(“Unwanted exception is raised”}}}
public void testaddQtrRaiseExceptionAtA(){try{
assertEquals(0, cbox.getCurrectQtrs());assertFalse(cbox.isAllowVend());assertEquals(0, cbox.getCurrectQty());cbox.addQtr();fail(.Exception should be raised.)
}catch (Exception e){}}
OrganizationOrganization
MotivationMotivation Underlying ModelsUnderlying Models Automated Statechart GenerationAutomated Statechart Generation V&V Using StatechartV&V Using Statechart
OutcomesOutcomes Related WorkRelated Work ConclusionsConclusions
DiscussionsDiscussions
The approach identifies various discrepancies like The approach identifies various discrepancies like incomplete and inconsistent class specifications incomplete and inconsistent class specifications
A correct and consistent object statechart model is A correct and consistent object statechart model is obtained from which reliable automated code and unit obtained from which reliable automated code and unit tests can easily be generated tests can easily be generated
It facilitates essential and effective verification for It facilitates essential and effective verification for software re-use software re-use
The resulting statechart and class specifications are in a The resulting statechart and class specifications are in a lock-steps which facilitates effective incremental lock-steps which facilitates effective incremental development and change management development and change management
It allows a modeler to specify object's dynamic It allows a modeler to specify object's dynamic requirements declaratively on structural level, without the requirements declaratively on structural level, without the need to use full operational dynamic diagramsneed to use full operational dynamic diagrams
LimitationsLimitations
Variability in selecting ‘state variables’Variability in selecting ‘state variables’ All test-inputs may not be generated All test-inputs may not be generated
automaticallyautomatically Limitations of symbolic executionLimitations of symbolic execution
Related WorkRelated Work
Binder’s work on abstract state notion and Binder’s work on abstract state notion and state based testingstate based testing
FSM generation from object/system FSM generation from object/system specifications. [Grieskamp’02, specifications. [Grieskamp’02, Strooper’96]Strooper’96]
Tao Xie et al Testing Framework ‘Symstra’Tao Xie et al Testing Framework ‘Symstra’ Work on Symbolic ExecutionWork on Symbolic Execution From scenarios to statecharts [Whittle’00]From scenarios to statecharts [Whittle’00]
ConclusionsConclusions
The approach supports better software evolution The approach supports better software evolution (tightly-coupled modeling)(tightly-coupled modeling)
Performing effective V&V. Performing effective V&V. Nicely fit with ‘Design by Contract’ approach.Nicely fit with ‘Design by Contract’ approach. The model developed are human-The model developed are human-
comprehensible which can be further used for comprehensible which can be further used for effective and efficient change management and effective and efficient change management and requirements elicitation and validation. requirements elicitation and validation.
Some case studies and proper evaluations are Some case studies and proper evaluations are needed. needed.