Email: {bodeveix,bouaziz,kone}@irit. Abstractâ Testing is an ultimate ... of ERTSs (Embedded Real Time Systems) the test selection problem is worsened ..... During a test campaign, three possible verdicts can be assigned according to the ...
Test method for embedded real-time systems J.P.Bodeveix, R.Bouaziz and O.Kon´e Universit´e Paul Sabatier - IRIT 118, Route de Narbonne 31062 Toulouse - France Email: {bodeveix,bouaziz,kone}@irit
Abstract— Testing is an ultimate phase of product life cycle to which particular attention is paid, namely when dependability is of great importance. This work is concerned with the checking of dependability requirements by means of tests experiments. Here we address real-time embedded systems for which validation encounters a complexity problem due to real-time requirements. In this paper we propose a partial technique aimed at avoiding this problem and illustrate it with an example.
I. I NTRODUCTION The interest for embedded systems in every day life is know well recognized. The ERCIM issue [6] is a good reference that highlights the importance of dependability issues for this type of systems. Formal validation plays a major role here since this activity contributes to the development of reliable systems. Model-based testing is one of the formal techniques used for the validation of software/hardware systems. It consists in applying a set of experiments, generated a priori from the formal model of the specification, to a system implementation, with the intention of finding and discovering errors. The set of experiments (also called test suites) should be of reasonable size, but exhaustive in the sense that for each faulty system a set of experiment generated is able to detect potential errors. To ensure this, a strategy of selection is required. In the case of ERTSs (Embedded Real Time Systems) the test selection problem is worsened because a huge number of time instances are relevant to test. To achieve a good selection, care must be taken to define when to deliver an input to the system under test and when to expect an output. In our framework, systems are modeled with Timed automata[1]. This popular model has been widely used as a basis for the verification of timed systems (real-time model checking) [11], [7] ... For tests selection from timed automata, there are currently two main approaches in the literature. The first one consists in selecting tests patterns from the socalled region graph by Alur and Dill[1]. But the combinatory explosion involved in the computation of the region graph constitutes a limitation of this approach [5], [3], [10]. The second approach is based on the so-called symbolic computation which enables a smaller graph, compared to the region graph. The concerned authors use the symbolic techniques for testing a specific class of non deterministic specifications [8], [9]. But the determinisation is realized “on the fly”, during test generation and execution. This task is often complex and time consuming. It can disturb the tester while the latter must react quickly to the actions performed by the system under test. In our work we do not address determinisation. We consider
specifications that are deterministic, but we use symbolic techniques for the selection of specific purpose tests that correspond to some expected dependability requirements. We argue that the resulting approach is a pragmatic and efficient way of computing timed tests suites with low complexity, since it combines symbolic technique with the exploration of specific/subset part of the specification model. The remainder of the paper is organized as follows. Section 2 describes the time based formalism we use for describing embedded systems. Section 3 presents the features of our test computation method. Section 4 concludes the paper. II. M ODEL FOR
EMBEDDED REAL - TIME SYSTEMS
We consider the functional and abstract behavior of embedded system that may be for instance controlling some process while interacting with its environment through inputs and outputs. Further testing of such embedded system will concern only functional and behavioral requirements [2], [4]. Here, we assume that the embedded system model can be directly provided in terms of input/output transition system, or compiled/translated into such model from another one (model translation takes part of our research). We need to model realtime mechanisms and we use clocks for that. The TIOSM model (Timed Input Output State Machine) is a particular kind of timed automaton [1] where inputs and outputs are modeled in an explicit manner. Definition 1: TIOSM. A TIOSM is a tuple M = (S(M ), L(M ), C(M ), s0 (M ), T (M )) where: S(M ) is a finite non-empty set of states (also named locations); • L(M ) is a finite non-empty set of interactions; • C(M ) is a finite set of clocks; • s0 (M ) is the initial state in which all the clocks are initially reset to zero; • T (M ) is a finite set of transitions. A transition t ∈ T (M ) is a tuple t = (s, µ, D, Z, d) where s and d are the starting state and the destination state of t. µ represents the interaction executed during the transition. µ may be some input (denoted ?a) or output (!a). Z is the set of clocks to be reset to 0. D is a set of real time constraints of the form Ci ∈ [ai , bi ] (Ci ∈ C(M ); ai , bi ∈ IR ∪ {∞}) (IR is the set of real numbers). The transition can be fired only if the conjunction of the time constraints in D is true. •
S3
!c
S5
otherwise
L1
L1
y>2 ?b
?a
!c S1
?a
S2
x:=0;y:=0
?b
?a
y:=0
y:=0
y>2
2
