Evaluation of OCL for Large-Scale Modelling A Different View of the Mondex Smart Card Application Emine G. Aydal, Richard F. Paige, Jim Woodcock University of York 1 AGENDA Motivation Goal Modelling Mondex Modelling issues Validation Test case generation Conclusion 2 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Motivation MONDEX : Global e-payment scheme that offers immediate transfer of value without signature or PIN in currencies allowed. First Step in Grand Challenge Program Alloy (MIT) Contribution of this study Event-B (University of Southampton) Model the system from informal requirements by using OCL (University of Bremen) semi-formal techniques Perfect Developer (Escher Technologies) Perform model-based testing on formally-verified RAISE (Uni. of UN Macao and TUD) versions of Mondex Z (University of York) Assess the value added Based on the monograph that outlined the specifications, refinement and proof details of Mondex in Z (Stepney and Woodcock) 3 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation| Conclusion Goal Test cases derived from models before development stage Model-based testing of formally verified s/w 4 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation| Conclusion Goal Model Mondex by using UML and OCL Diagrams Invariants Pre/post-conditions Validate the model through scenarios Explore the relationship between test case generation and assertion-based scenarios 5 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Modelling Mondex No. Module Name M1 Payment M2 Logging M3 Recovery M4 Currency Management M5 Operational Control M6 Data Display and Customisation 6 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Modelling Mondex Modelling Language : UML enriched with OCL expressions Tool : UML Specification Environment (USE) Use case diagrams and use scenarios 7 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Modelling Mondex 8 Classes 30 Invariants 31 Operations 197 Pre/post-conditions Traceability Matrix 8 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Modeling issues Constants May be fixed at a later stage in the development or Derived Parameters during application loading Prefixed with ‘/’ in UML (‘_’ in USE) Currently no support for constants Supported by OCL Example: Not integrated into the OCL tools inv iNoLanguages: Workaround : create invariants ensuring the correct self.languages->size() <= cNoLanguages calculation of the derived attributes inv iNoUnusedException : _NumberOfUnusedExceptions = cNoException - exceptionlogs->size() 9 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Modeling issues Constants Derived Parameters Invariants No consistency check Pre/post-conditions (assertions) Restricting invariants No tool support yet (OCL Compiler v2.0) 10 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Modeling issues Pre/Post-conditions State Checking Self.OclInState(Unlocked) Self.LockingState = ‘Unlocked’ Messaging: HasSent Operator (‘^’) post ChangePersonalCodePost1: %Personal Code changes successfully or (PersonalCode = PersonalCode@pre and Self^ChangeTheStateToLockedOut and result = false) 11 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Modeling issues Pre/Post-conditions Frame Variables Set (FVS) Distinct set of variables read/written by each operation Determination of these variables Management of the post values of these variables Assumption : All the variables not included in FVS of an operation stay unchanged after the execution of that operation No tool support 12 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Validation of the model Overall Objective: The model behaves as expected when an instance of the model is executed under certain conditions. There is at least one instance of the model that satisfies all the invariants. There is at least one instance of the model that allows each operation to run successfully, i.e. preconditions and postconditions of the operation are satisfied and the instance does not conflict with any of the invariants. 13 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Validation of the model Scenario: An instance of the model that serves a purpose, i.e. that satisfies a property. Base object model : An initial, stable instance of the model that satisfies all the invariants. Scenario structure Setting/creation of FVS Access the operation (Precondition check) Modification/Deletion of FVS Exit the operation (Postcondition check) 14 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Validation of the model Creation of scenarios that validate operations Execution of scenarios Immediate feedback by the tool Drawback: Finding the set of frame variables and their values in order to satisfy assertions of a certain operation 15 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Test Case Generation Assertions ensure the correct functioning of operations. So why not using these critical points in test case generation? Idea: Find scenarios that violates each assertion of each operation. 16 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Test Case Generation Existing research: In order to validate a model, generate automatic snapshots of a model by using ASSL (A Snapshot and Sequence Language) in USE [Gogolla,2003] Based on invariant conflict. Each invariant is addressed separately by feeding the system with its reverse. 17 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Test Case Generation Additional information Scenarios that violate 197 assertions are already created manually. Future work Apply the technique described in [Gogolla,2003] for invariants to assertions . Automate the generation of such scenarios Compare the results of manual and automatic scenario generation Concretise scenarios into test scripts 18 Motivation | Goal | Modelling Mondex | Modelling Issues | Validation | Test case generation | Conclusion Conclusion Modeled a real life application by using OCL. The large number of invariants and assertions provided us ideas in terms of features that needs to be added into OCL tools. The scenarios are a way of validating your model. The fact that scenarios use artifacts of the model supports the validation process. Test case generation and Validation are two processes that may have common grounds. 19 Motivation | Goal | Modelling Mondex | Modeling Issues | Validation | Test case generation | Conclusion THANK YOU… 20 Motivation | Goal | Modelling Mondex | Modeling Issues | Validation | Test case generation | Conclusion
© Copyright 2024 Paperzz