SlideShare ist ein Scribd-Unternehmen logo

Uppaal

U
Ulrik Hørlyk Hjort

The document discusses model checking and its advantages over traditional software testing. It describes how model checking uses formal mathematical models and model verification to check for errors early in the development process. The UPPAAL model checking tool is also summarized, including how it allows modeling systems as networks of automata and verifying properties through reachability, safety, and liveness checks. An example ATM system model in UPPAAL is provided to illustrate these concepts.

Technologie
1 von 43
Downloaden Sie, um offline zu lesen
Model Checking with UPPAAL Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BestPractice Consulting — Thursday 31st May, 2012
Background Ulrik Hørlyk Hjort Safety Critical and High Integrity system development since 1997 Defence industry from 1997 Space industry from 2003 Medical industry from 2006 Formal software development since 2003 VDM, Z, B-Method and UPPAAL Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Overview Use of Model Checking to add value to traditional testing. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Traditional Testing Testing involves running a program with a set of inputs and comparing the actual outputs from the program against the expected outputs (as defined in the specification). There are several limitations to using testing as the sole approach to software error detection: Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Testing Limitations Testing cannot take place until some implementation is available. Correcting errors uncovered by testing could involve retracing many steps and undoing work previously done. If testing is the only approach to error detection then errors in the specification involve the greatest amount of work to rectify. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Testing Limitations Testing can only help to uncover errors it cannot guarantee the absence of them. Since, for any application, it is impossible to test every set of input values, residual errors will always have to be accepted. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Testing Limitations Testing is always carried out with respect to requirements as laid down in the specification. If the specification document is in any way ambiguous it is open to interpretation, and hence misinterpretation, making testing a rather inexact science. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Ambiguous Specification Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Testing Problems Clearly the specification plays a vital role in the reliability of the software produced. The design, and subsequent implementation, is based upon the information in the specification. The testing process relies upon the developers understanding of the specification to determine whether or not the software is behaving correctly. Misunderstandings in the specification can lead to the delivery of final applications that do not match user requirements. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Formal Methods A formal method provides a formal language in which to express the initial specification and all future design steps towards the final program in a unambiguous way. More than just a specification language —it also includes a proof system for demonstrating that each design step preserves the formal meaning captured in the previous step. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Formal Methods advantages The discipline required in producing a formal specification of user requirements and the ability to analyse a specification (which only arises if the specification language has a well-defined semantics) allows for feedback on system specifications at early development stages, increasing confidence that the specification accurately captures the real system requirements. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Formal Methods advantages Important properties (such as internal consistency) of the initial specification can be checked mathematically and incorporated as run-time checks in the final program. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Formal Methods advantages Proofs can help uncover design errors as soon as they are made, rather than having to wait for testing of the final implementation. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Formal Methods advantages A proof of program correctness can be constructed that is a much more robust method of achieving program correctness than is testing alone. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Formal Methods advantages Formal specifications can help considerably in generating suitable test cases. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Model Checking In a model-based approach an abstract mathematical model is built of the data, using abstract mathematical types such as sets and abstract state machines. The behaviour of the operations is then specified directly with respect to this model. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
The UPPAAL System Integrated tool environment for: System Modelling Simulation of the model Verification of the model Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
The System Editor The system editor is used to create and edit the system model to be analyzed A system model describe a network of a finite number of non-deterministic finite state automata Edges between states may be labeled with: Guards Synchronizations Assignment statements Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
UPPAAL Model Items Initial Location Location Edge Synchronization Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
UPPAAL Model Items class _Factorial { int result; public void Factorial() { for (int i = result-1; i > 1; i--) { result *= i; } } public _Factorial() { result = 5; } public voidShowResult() { System.out.println("Result:" + result); } public static void main(String args[]) { _Factorial fac = new _Factorial(); fac.Factorial(); fac.ShowResult(); } } Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
UPPAAL Model Items Subprogram Synchronization class Hello { private void Put_Line() { System.out.println("Hello World!n"); } public Hello() { Put_Line(); } public static void main(String args[]) { Hello hello = new Hello(); } } Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
UPPAAL Model Items Ada Tasks task body TaskA is begin TaskB.WriteTaskName; end TaskA; task body TaskB is begin accept WriteTaskName do Put_Line("Task B"); end WriteTaskName; end TaskB; Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
UPPAAL Model Items Parametrised Synchronization class Factorial { int result; public int Factorial(int N) { int result = 1; for (int i = N; i > 1; i--) { result *= i; } return result; } public static void main(String args[]) { Factorial fac = new Factorial(); int result = fac.Factorial(5); System.out.println(result); } } Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
The Model Checker (Verifier) The main purpose of a model checker is to verify the model with respect to a requirement specification. Like the model, the requirement specification must be expressed in a formally well-defined and machine readable language. The model checker support three path formulae expressed by temporal logic quantifiers: Reachability : Is the state formular ϕ satisfied from any reachable state ? Safety : ϕ is invariantly true in all reachable states Liveness : ϕ is eventually sastified Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Quantifiers E : There exists a path A : For all paths G (♦ in UPPAAL) : All states in a path F ( in UPPAAL) : Some states in a path The following combinations are supported: A , A♦, E♦, and E Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Reachability Properties: E ϕ “ϕ Reachable” E ϕ: It is possible from the initial state to reach a state in which ϕ is satisfied ϕ is true in at least one reachable state Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Safety Properties: A ϕ “Invariantly ϕ” A ϕ: ϕ holds invariantly ϕ is true in all reachable states Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Liveness Properties: A ♦ ϕ “Inevitable ϕ” A ♦ ϕ: ϕ will inevitable become true The automaton is guaranteed to eventually reach a state in which ϕ is true ϕ is true in some states of all paths Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
E ϕ “Potentially always ϕ” E ϕ: ϕ is potentially always true There exists a path in which ϕ is true in all states Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
The Simulator The simulator can be used in three ways: Running the system manually and manually choose the transitions to take Going through a trace generated by the verifier Running the system at is own in random mode Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
ATM System E X A M P L E Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Actors: Customer, Bank System: ATM Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Customer Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
ATM Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Bank Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
ATM System Requirements: 1 Transaction is only valid with a bank balance greater than 10 euro 2 Customer gets cash when transaction is done 3 System may not be able to enter a deadlock state Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Requirement 1 Transaction is only valid with a bank balance greater than 10 euro A (Customer.READY and Bank.TRANSACTION OK) imply Bank.balance >10 Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Requirement 2 Customer gets cash when transaction is done E ♦ Customer.GET CASH and Bank.TRANSACTION DONE Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Requirement 3 System may not be able to enter a deadlock state A not deadlock Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
System Automatic test of requirements and MMI flow of insulin pump Javascript with user actions commands and verification of expected result of these First manually written from UML diagrams, MMI flows and requirements Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
System UPPAAL model made from UML diagrams, MMI flows and requirements UPPAAL system locations was annotated with test script actions Full coverages paths of the model found by verifier A full coverage package of test Javascript generated from the model Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
System Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
Test script example expect_mainScreen() { expect(Label(Welcome); expect(Label(BatteryIndicator); } expect_callScreen() { expect(Label(Calling ...); } // Main Script: expect_mainScreen(); insert_card() expect_enter_pincode_screen(); key(5); expect(5); key(1); expect(1); expect_trasactionscreen(); . . . Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking

Empfohlen

functional testing
functional testing functional testing
functional testing bharathanche
 
Basics of Software Testing
Basics of Software TestingBasics of Software Testing
Basics of Software TestingShakal Shukla
 
State chart diagram
State chart diagramState chart diagram
State chart diagramPreeti Mishra
 
State Machine Diagram
State Machine DiagramState Machine Diagram
State Machine DiagramNiloy Rocker
 
Software Architecture: Design Decisions
Software Architecture: Design DecisionsSoftware Architecture: Design Decisions
Software Architecture: Design DecisionsHenry Muccini
 
HCI Models of System
HCI Models of SystemHCI Models of System
HCI Models of SystemTania Sahito
 
Test Automation Framework Designs
Test Automation Framework DesignsTest Automation Framework Designs
Test Automation Framework DesignsSauce Labs
 
Introduction to Software Test Automation
Introduction to Software Test AutomationIntroduction to Software Test Automation
Introduction to Software Test AutomationAmr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
 

Empfohlen

functional testing
functional testing functional testing
functional testing bharathanche
 
Basics of Software Testing
Basics of Software TestingBasics of Software Testing
Basics of Software TestingShakal Shukla
 
State chart diagram
State chart diagramState chart diagram
State chart diagramPreeti Mishra
 
State Machine Diagram
State Machine DiagramState Machine Diagram
State Machine DiagramNiloy Rocker
 
Software Architecture: Design Decisions
Software Architecture: Design DecisionsSoftware Architecture: Design Decisions
Software Architecture: Design DecisionsHenry Muccini
 
HCI Models of System
HCI Models of SystemHCI Models of System
HCI Models of SystemTania Sahito
 
Test Automation Framework Designs
Test Automation Framework DesignsTest Automation Framework Designs
Test Automation Framework DesignsSauce Labs
 
Introduction to Software Test Automation
Introduction to Software Test AutomationIntroduction to Software Test Automation
Introduction to Software Test AutomationAmr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
 
Lecture 02 Software Process Model
Lecture 02 Software Process ModelLecture 02 Software Process Model
Lecture 02 Software Process ModelAchmad Solichin
 
Chapter 9 Testing Strategies.ppt
Chapter 9 Testing Strategies.pptChapter 9 Testing Strategies.ppt
Chapter 9 Testing Strategies.pptVijayaPratapReddyM
 
Software Testing Fundamentals
Software Testing FundamentalsSoftware Testing Fundamentals
Software Testing FundamentalsChankey Pathak
 
Design and Implementation in Software Engineering
Design and Implementation in Software EngineeringDesign and Implementation in Software Engineering
Design and Implementation in Software EngineeringKourosh Sajjadi
 
Selenium Automation Framework
Selenium Automation FrameworkSelenium Automation Framework
Selenium Automation FrameworkMindfire Solutions
 
Chapter 15 software product metrics
Chapter 15 software product metricsChapter 15 software product metrics
Chapter 15 software product metricsSHREEHARI WADAWADAGI
 
Introduction to formal methods
Introduction to formal methodsIntroduction to formal methods
Introduction to formal methodsInzemamul Haque
 
Functional vs Non-functional Requirements - Which comes first?
Functional vs Non-functional Requirements - Which comes first?Functional vs Non-functional Requirements - Which comes first?
Functional vs Non-functional Requirements - Which comes first?Evgeniy Labunskiy
 
Software Engineering unit 3
Software Engineering unit 3Software Engineering unit 3
Software Engineering unit 3Abhimanyu Mishra
 
Types of test tools
Types of test toolsTypes of test tools
Types of test toolsVaibhav Dash
 
Seminar on Software Testing
Seminar on Software TestingSeminar on Software Testing
Seminar on Software TestingBeat Fluri
 
An introduction to software engineering
An introduction to software engineeringAn introduction to software engineering
An introduction to software engineeringCarlos Gavidia-Calderon
 
Ian Sommerville, Software Engineering, 9th EditionCh 8
Ian Sommerville, Software Engineering, 9th EditionCh 8Ian Sommerville, Software Engineering, 9th EditionCh 8
Ian Sommerville, Software Engineering, 9th EditionCh 8Mohammed Romi
 
Software Testing Tools | Edureka
Software Testing Tools | EdurekaSoftware Testing Tools | Edureka
Software Testing Tools | EdurekaEdureka!
 
Formal Methods lecture 01
Formal Methods lecture 01Formal Methods lecture 01
Formal Methods lecture 01Sidra Ashraf
 
Introduction to SDET
Introduction to SDETIntroduction to SDET
Introduction to SDETR Ravi Chandran
 
UML- Unified Modeling Language
UML- Unified Modeling LanguageUML- Unified Modeling Language
UML- Unified Modeling LanguageShahzad
 
Defects in software testing
Defects in software testingDefects in software testing
Defects in software testingsandeepsingh2808
 
SOFTWARE MANUAL TESTING SYLLABUS
SOFTWARE MANUAL TESTING SYLLABUSSOFTWARE MANUAL TESTING SYLLABUS
SOFTWARE MANUAL TESTING SYLLABUSSHPINE TECHNOLOGIES
 
UML Case Tools
UML Case ToolsUML Case Tools
UML Case ToolsAshesh R
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Keynote SBST 2014 - Search-Based Testing
Keynote SBST 2014 - Search-Based TestingKeynote SBST 2014 - Search-Based Testing
Keynote SBST 2014 - Search-Based TestingLionel Briand
 

Weitere ähnliche Inhalte

Was ist angesagt?

Lecture 02 Software Process Model
Lecture 02 Software Process ModelLecture 02 Software Process Model
Lecture 02 Software Process ModelAchmad Solichin
 
Chapter 9 Testing Strategies.ppt
Chapter 9 Testing Strategies.pptChapter 9 Testing Strategies.ppt
Chapter 9 Testing Strategies.pptVijayaPratapReddyM
 
Software Testing Fundamentals
Software Testing FundamentalsSoftware Testing Fundamentals
Software Testing FundamentalsChankey Pathak
 
Design and Implementation in Software Engineering
Design and Implementation in Software EngineeringDesign and Implementation in Software Engineering
Design and Implementation in Software EngineeringKourosh Sajjadi
 
Chapter 15 software product metrics
Chapter 15 software product metricsChapter 15 software product metrics
Chapter 15 software product metricsSHREEHARI WADAWADAGI
 
Introduction to formal methods
Introduction to formal methodsIntroduction to formal methods
Introduction to formal methodsInzemamul Haque
 
Functional vs Non-functional Requirements - Which comes first?
Functional vs Non-functional Requirements - Which comes first?Functional vs Non-functional Requirements - Which comes first?
Functional vs Non-functional Requirements - Which comes first?Evgeniy Labunskiy
 
Software Engineering unit 3
Software Engineering unit 3Software Engineering unit 3
Software Engineering unit 3Abhimanyu Mishra
 
Types of test tools
Types of test toolsTypes of test tools
Types of test toolsVaibhav Dash
 
Seminar on Software Testing
Seminar on Software TestingSeminar on Software Testing
Seminar on Software TestingBeat Fluri
 
Ian Sommerville, Software Engineering, 9th EditionCh 8
Ian Sommerville, Software Engineering, 9th EditionCh 8Ian Sommerville, Software Engineering, 9th EditionCh 8
Ian Sommerville, Software Engineering, 9th EditionCh 8Mohammed Romi
 
Software Testing Tools | Edureka
Software Testing Tools | EdurekaSoftware Testing Tools | Edureka
Software Testing Tools | EdurekaEdureka!
 
Formal Methods lecture 01
Formal Methods lecture 01Formal Methods lecture 01
Formal Methods lecture 01Sidra Ashraf
 
UML- Unified Modeling Language
UML- Unified Modeling LanguageUML- Unified Modeling Language
UML- Unified Modeling LanguageShahzad
 
Defects in software testing
Defects in software testingDefects in software testing
Defects in software testingsandeepsingh2808
 
SOFTWARE MANUAL TESTING SYLLABUS
SOFTWARE MANUAL TESTING SYLLABUSSOFTWARE MANUAL TESTING SYLLABUS
SOFTWARE MANUAL TESTING SYLLABUSSHPINE TECHNOLOGIES
 
UML Case Tools
UML Case ToolsUML Case Tools
UML Case ToolsAshesh R
 

Was ist angesagt? (20)

Lecture 02 Software Process Model
Lecture 02 Software Process ModelLecture 02 Software Process Model
Lecture 02 Software Process Model
 
Chapter 9 Testing Strategies.ppt
Chapter 9 Testing Strategies.pptChapter 9 Testing Strategies.ppt
Chapter 9 Testing Strategies.ppt
 
Software Testing Fundamentals
Software Testing FundamentalsSoftware Testing Fundamentals
Software Testing Fundamentals
 
Design and Implementation in Software Engineering
Design and Implementation in Software EngineeringDesign and Implementation in Software Engineering
Design and Implementation in Software Engineering
 
Selenium Automation Framework
Selenium Automation FrameworkSelenium Automation Framework
Selenium Automation Framework
 
Chapter 15 software product metrics
Chapter 15 software product metricsChapter 15 software product metrics
Chapter 15 software product metrics
 
Introduction to formal methods
Introduction to formal methodsIntroduction to formal methods
Introduction to formal methods
 
Functional vs Non-functional Requirements - Which comes first?
Functional vs Non-functional Requirements - Which comes first?Functional vs Non-functional Requirements - Which comes first?
Functional vs Non-functional Requirements - Which comes first?
 
Software Engineering unit 3
Software Engineering unit 3Software Engineering unit 3
Software Engineering unit 3
 
Types of test tools
Types of test toolsTypes of test tools
Types of test tools
 
Seminar on Software Testing
Seminar on Software TestingSeminar on Software Testing
Seminar on Software Testing
 
An introduction to software engineering
An introduction to software engineeringAn introduction to software engineering
An introduction to software engineering
 
Ian Sommerville, Software Engineering, 9th EditionCh 8
Ian Sommerville, Software Engineering, 9th EditionCh 8Ian Sommerville, Software Engineering, 9th EditionCh 8
Ian Sommerville, Software Engineering, 9th EditionCh 8
 
Software Testing Tools | Edureka
Software Testing Tools | EdurekaSoftware Testing Tools | Edureka
Software Testing Tools | Edureka
 
Formal Methods lecture 01
Formal Methods lecture 01Formal Methods lecture 01
Formal Methods lecture 01
 
Introduction to SDET
Introduction to SDETIntroduction to SDET
Introduction to SDET
 
UML- Unified Modeling Language
UML- Unified Modeling LanguageUML- Unified Modeling Language
UML- Unified Modeling Language
 
Defects in software testing
Defects in software testingDefects in software testing
Defects in software testing
 
SOFTWARE MANUAL TESTING SYLLABUS
SOFTWARE MANUAL TESTING SYLLABUSSOFTWARE MANUAL TESTING SYLLABUS
SOFTWARE MANUAL TESTING SYLLABUS
 
UML Case Tools
UML Case ToolsUML Case Tools
UML Case Tools
 

Ähnlich wie Uppaal

International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
Keynote SBST 2014 - Search-Based Testing
Keynote SBST 2014 - Search-Based TestingKeynote SBST 2014 - Search-Based Testing
Keynote SBST 2014 - Search-Based TestingLionel Briand
 
Agile in Medical Software Development
Agile in Medical Software DevelopmentAgile in Medical Software Development
Agile in Medical Software DevelopmentBernhard Kappe
 
Hardware In Loop - Hil Testing Syste For Firmware Tests.ppt
Hardware In Loop - Hil Testing Syste For Firmware Tests.pptHardware In Loop - Hil Testing Syste For Firmware Tests.ppt
Hardware In Loop - Hil Testing Syste For Firmware Tests.pptTMCS India
 
Basic of Software Testing.pptx
Basic of Software Testing.pptxBasic of Software Testing.pptx
Basic of Software Testing.pptxaparna14patil
 
Bloor: Test Design Automation
Bloor: Test Design AutomationBloor: Test Design Automation
Bloor: Test Design AutomationTestplant
 
Foundations of Software Testing Lecture 4
Foundations of Software Testing Lecture 4Foundations of Software Testing Lecture 4
Foundations of Software Testing Lecture 4Iosif Itkin
 
Agile for Software as a Medical Device
Agile for Software as a Medical DeviceAgile for Software as a Medical Device
Agile for Software as a Medical DeviceOrthogonal
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedAshley Zupkus
 
Hardware-In-Loop (Hil) Testing System for Firmware Tests.docx
Hardware-In-Loop (Hil) Testing System for Firmware Tests.docxHardware-In-Loop (Hil) Testing System for Firmware Tests.docx
Hardware-In-Loop (Hil) Testing System for Firmware Tests.docxTMCS India
 
Deciding what and when to automate in testing: Experience from multiple projects
Deciding what and when to automate in testing: Experience from multiple projectsDeciding what and when to automate in testing: Experience from multiple projects
Deciding what and when to automate in testing: Experience from multiple projectsVahid Garousi
 
Model-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesModel-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesAchim D. Brucker
 
Quality Assurance with Manual Testing
Quality Assurance with Manual TestingQuality Assurance with Manual Testing
Quality Assurance with Manual TestingEdureka!
 
Software Modeling and Verification
Software Modeling and VerificationSoftware Modeling and Verification
Software Modeling and VerificationRamnGonzlezRuiz2
 
Automating The Process For Building Reliable Software
Automating The Process For Building Reliable SoftwareAutomating The Process For Building Reliable Software
Automating The Process For Building Reliable Softwareguest8861ff
 
Study material for machenicql engenering student
Study material for machenicql engenering studentStudy material for machenicql engenering student
Study material for machenicql engenering studentWasifAli366658
 
Staroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBTStaroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBTSergey Staroletov
 

Ähnlich wie Uppaal (20)

International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
Keynote SBST 2014 - Search-Based Testing
Keynote SBST 2014 - Search-Based TestingKeynote SBST 2014 - Search-Based Testing
Keynote SBST 2014 - Search-Based Testing
 
Agile in Medical Software Development
Agile in Medical Software DevelopmentAgile in Medical Software Development
Agile in Medical Software Development
 
Hardware In Loop - Hil Testing Syste For Firmware Tests.ppt
Hardware In Loop - Hil Testing Syste For Firmware Tests.pptHardware In Loop - Hil Testing Syste For Firmware Tests.ppt
Hardware In Loop - Hil Testing Syste For Firmware Tests.ppt
 
Basic of Software Testing.pptx
Basic of Software Testing.pptxBasic of Software Testing.pptx
Basic of Software Testing.pptx
 
Bloor: Test Design Automation
Bloor: Test Design AutomationBloor: Test Design Automation
Bloor: Test Design Automation
 
PHP_eVoting
PHP_eVotingPHP_eVoting
PHP_eVoting
 
Foundations of Software Testing Lecture 4
Foundations of Software Testing Lecture 4Foundations of Software Testing Lecture 4
Foundations of Software Testing Lecture 4
 
Project P Open Workshop
Project P Open WorkshopProject P Open Workshop
Project P Open Workshop
 
Agile for Software as a Medical Device
Agile for Software as a Medical DeviceAgile for Software as a Medical Device
Agile for Software as a Medical Device
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically Guaranteed
 
Hardware-In-Loop (Hil) Testing System for Firmware Tests.docx
Hardware-In-Loop (Hil) Testing System for Firmware Tests.docxHardware-In-Loop (Hil) Testing System for Firmware Tests.docx
Hardware-In-Loop (Hil) Testing System for Firmware Tests.docx
 
Deciding what and when to automate in testing: Experience from multiple projects
Deciding what and when to automate in testing: Experience from multiple projectsDeciding what and when to automate in testing: Experience from multiple projects
Deciding what and when to automate in testing: Experience from multiple projects
 
Model-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesModel-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security Properties
 
Quality Assurance with Manual Testing
Quality Assurance with Manual TestingQuality Assurance with Manual Testing
Quality Assurance with Manual Testing
 
Software Modeling and Verification
Software Modeling and VerificationSoftware Modeling and Verification
Software Modeling and Verification
 
Automating The Process For Building Reliable Software
Automating The Process For Building Reliable SoftwareAutomating The Process For Building Reliable Software
Automating The Process For Building Reliable Software
 
Study material for machenicql engenering student
Study material for machenicql engenering studentStudy material for machenicql engenering student
Study material for machenicql engenering student
 
Staroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBTStaroletov testing TDD BDD MBT
Staroletov testing TDD BDD MBT
 
Ch8.Testing.pptx
Ch8.Testing.pptxCh8.Testing.pptx
Ch8.Testing.pptx
 

Kürzlich hochgeladen

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Kürzlich hochgeladen (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Uppaal

  • 1. Model Checking with UPPAAL Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BestPractice Consulting — Thursday 31st May, 2012
  • 2. Background Ulrik Hørlyk Hjort Safety Critical and High Integrity system development since 1997 Defence industry from 1997 Space industry from 2003 Medical industry from 2006 Formal software development since 2003 VDM, Z, B-Method and UPPAAL Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 3. Overview Use of Model Checking to add value to traditional testing. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 4. Traditional Testing Testing involves running a program with a set of inputs and comparing the actual outputs from the program against the expected outputs (as defined in the specification). There are several limitations to using testing as the sole approach to software error detection: Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 5. Testing Limitations Testing cannot take place until some implementation is available. Correcting errors uncovered by testing could involve retracing many steps and undoing work previously done. If testing is the only approach to error detection then errors in the specification involve the greatest amount of work to rectify. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 6. Testing Limitations Testing can only help to uncover errors it cannot guarantee the absence of them. Since, for any application, it is impossible to test every set of input values, residual errors will always have to be accepted. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 7. Testing Limitations Testing is always carried out with respect to requirements as laid down in the specification. If the specification document is in any way ambiguous it is open to interpretation, and hence misinterpretation, making testing a rather inexact science. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 8. Ambiguous Specification Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 9. Testing Problems Clearly the specification plays a vital role in the reliability of the software produced. The design, and subsequent implementation, is based upon the information in the specification. The testing process relies upon the developers understanding of the specification to determine whether or not the software is behaving correctly. Misunderstandings in the specification can lead to the delivery of final applications that do not match user requirements. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 10. Formal Methods A formal method provides a formal language in which to express the initial specification and all future design steps towards the final program in a unambiguous way. More than just a specification language —it also includes a proof system for demonstrating that each design step preserves the formal meaning captured in the previous step. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 11. Formal Methods advantages The discipline required in producing a formal specification of user requirements and the ability to analyse a specification (which only arises if the specification language has a well-defined semantics) allows for feedback on system specifications at early development stages, increasing confidence that the specification accurately captures the real system requirements. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 12. Formal Methods advantages Important properties (such as internal consistency) of the initial specification can be checked mathematically and incorporated as run-time checks in the final program. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 13. Formal Methods advantages Proofs can help uncover design errors as soon as they are made, rather than having to wait for testing of the final implementation. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 14. Formal Methods advantages A proof of program correctness can be constructed that is a much more robust method of achieving program correctness than is testing alone. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 15. Formal Methods advantages Formal specifications can help considerably in generating suitable test cases. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 16. Model Checking In a model-based approach an abstract mathematical model is built of the data, using abstract mathematical types such as sets and abstract state machines. The behaviour of the operations is then specified directly with respect to this model. Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 17. The UPPAAL System Integrated tool environment for: System Modelling Simulation of the model Verification of the model Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 18. The System Editor The system editor is used to create and edit the system model to be analyzed A system model describe a network of a finite number of non-deterministic finite state automata Edges between states may be labeled with: Guards Synchronizations Assignment statements Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 19. UPPAAL Model Items Initial Location Location Edge Synchronization Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 20. UPPAAL Model Items class _Factorial { int result; public void Factorial() { for (int i = result-1; i > 1; i--) { result *= i; } } public _Factorial() { result = 5; } public voidShowResult() { System.out.println("Result:" + result); } public static void main(String args[]) { _Factorial fac = new _Factorial(); fac.Factorial(); fac.ShowResult(); } } Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 21. UPPAAL Model Items Subprogram Synchronization class Hello { private void Put_Line() { System.out.println("Hello World!n"); } public Hello() { Put_Line(); } public static void main(String args[]) { Hello hello = new Hello(); } } Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 22. UPPAAL Model Items Ada Tasks task body TaskA is begin TaskB.WriteTaskName; end TaskA; task body TaskB is begin accept WriteTaskName do Put_Line("Task B"); end WriteTaskName; end TaskB; Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 23. UPPAAL Model Items Parametrised Synchronization class Factorial { int result; public int Factorial(int N) { int result = 1; for (int i = N; i > 1; i--) { result *= i; } return result; } public static void main(String args[]) { Factorial fac = new Factorial(); int result = fac.Factorial(5); System.out.println(result); } } Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 24. The Model Checker (Verifier) The main purpose of a model checker is to verify the model with respect to a requirement specification. Like the model, the requirement specification must be expressed in a formally well-defined and machine readable language. The model checker support three path formulae expressed by temporal logic quantifiers: Reachability : Is the state formular ϕ satisfied from any reachable state ? Safety : ϕ is invariantly true in all reachable states Liveness : ϕ is eventually sastified Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 25. Quantifiers E : There exists a path A : For all paths G (♦ in UPPAAL) : All states in a path F ( in UPPAAL) : Some states in a path The following combinations are supported: A , A♦, E♦, and E Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 26. Reachability Properties: E ϕ “ϕ Reachable” E ϕ: It is possible from the initial state to reach a state in which ϕ is satisfied ϕ is true in at least one reachable state Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 27. Safety Properties: A ϕ “Invariantly ϕ” A ϕ: ϕ holds invariantly ϕ is true in all reachable states Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 28. Liveness Properties: A ♦ ϕ “Inevitable ϕ” A ♦ ϕ: ϕ will inevitable become true The automaton is guaranteed to eventually reach a state in which ϕ is true ϕ is true in some states of all paths Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 29. E ϕ “Potentially always ϕ” E ϕ: ϕ is potentially always true There exists a path in which ϕ is true in all states Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 30. The Simulator The simulator can be used in three ways: Running the system manually and manually choose the transitions to take Going through a trace generated by the verifier Running the system at is own in random mode Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 31. ATM System E X A M P L E Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 32. Actors: Customer, Bank System: ATM Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 33. Customer Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 34. ATM Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 35. Bank Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 36. ATM System Requirements: 1 Transaction is only valid with a bank balance greater than 10 euro 2 Customer gets cash when transaction is done 3 System may not be able to enter a deadlock state Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 37. Requirement 1 Transaction is only valid with a bank balance greater than 10 euro A (Customer.READY and Bank.TRANSACTION OK) imply Bank.balance >10 Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 38. Requirement 2 Customer gets cash when transaction is done E ♦ Customer.GET CASH and Bank.TRANSACTION DONE Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 39. Requirement 3 System may not be able to enter a deadlock state A not deadlock Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 40. System Automatic test of requirements and MMI flow of insulin pump Javascript with user actions commands and verification of expected result of these First manually written from UML diagrams, MMI flows and requirements Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 41. System UPPAAL model made from UML diagrams, MMI flows and requirements UPPAAL system locations was annotated with test script actions Full coverages paths of the model found by verifier A full coverage package of test Javascript generated from the model Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 42. System Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking
  • 43. Test script example expect_mainScreen() { expect(Label(Welcome); expect(Label(BatteryIndicator); } expect_callScreen() { expect(Label(Calling ...); } // Main Script: expect_mainScreen(); insert_card() expect_enter_pincode_screen(); key(5); expect(5); key(1); expect(1); expect_trasactionscreen(); . . . Ulrik Hørlyk Hjort Ulrik.H.Hjort@BestPractice-Consulting.com BPC Model Checking