ISSTA

Some DoD programs now require prospective contractors to demonstrate the superiority of their software architectures for new weapons systems. This acquisition policy provides new software engineering challenges that focus heavily on the test and ...

State explosion is a well-known problem that impedes analysis and testing based on state-space exploration. This problem is particularly serious in real-time systems because unbounded time values cause the state space to be infinite. In this paper, we ...

Structural testing of a concurrent program P involves the selection of paths of P according to a structure-based criterion. A common approach is to derive the reachability graph (RG) of P, select a set of paths of P, derive one or more inputs for each ...

Spurious results are an inherent problem of most static analysis methods. These methods, in an effort to produce conservative results, overestimate the executable behavior of a program. Infeasible paths and imprecise alias resolution are the two causes ...

We address the problem of generating functional test cases for complex, highly structured time-critical systems starting from a modularized logic-based specification written in the TRIOR⁺ language, an object-oriented extension of the temporal logic ...

Daistish is a tool that performs systematic algebraic testing similar to Gannon's DAISTS tool [2]. However, Daistish creates effective test drivers for programs in languages that use side effects to implement ADTs; this includes C++ and most other ...

This paper describes a specification-based black-box technique for testing program units. The main contribution is the method that we have developed to derive test conditions, which are descriptions of test cases, from the formal specification of each ...

Experience from a full scale effort to apply formal methods to automated testing in the open systems software arena is described. The formal method applied in this work is based upon the Clemson Automated Testing System (CATS) which includes a formal ...

This report highlights some of the experiences gathered while analyzing the requirements specification for a commercial avionics system called TCAS II (Traffic alert and Collision Avoidance System II) for consistency and completeness. Completeness in ...

In assessing the quality of software, we would like to make engineering judgements similar to those based on statistical quality control. Ideally, we want to support statements like: "The confidence that this program's result at X is correct is p," ...

We define the information content of test set T with respect to a program P to be the degree to which the behavior of P on T approximates the overall behavior of P. Informally, the higher the information content of a test set, the greater the likelihood ...

An approach to systematic informal program analysis is discussed in which comments that describe hypotheses and assertions about the behavior of programs are analyzed. Event sequence comments analysis methods analyze the consistency of comments that ...

Interprocedural dataflow information is useful for many software testing and analysis techniques, including dataflow testing, regression testing, program slicing and impact analysis. For programs with aliases, these testing and analysis techniques can ...

Developing effective debugging strategies to guarantee the reliability of software is important. By analyzing the debugging process used by experienced programmers, we have found that four distinct tasks are consistently performed: (1) determining ...

This paper describes a new approach to performing data flow testing on programs that use pointer variables and a tool based on this approach. Our technique is based on the observation that, under certain reasonable assumptions, we can determine which ...

Testing takes a considerable amount of the time and resources spent on producing software. It would therefore be useful to have ways 1) to reduce the cost of testing and 2) to estimate this cost. In particular, the number of tests to be executed is an ...

The paper reports on a first experimental comparison of software errors generated by real faults and by 1st-order mutations. The experiments were conducted on a program developed by a student from the industrial specification of a critical software from ...

As software evolves from early architectural sketches to final code, a variety of representations are appropriate. Moreover, at most points in development, different portions of a software system are at different stages in development, and consequently ...

Traditional program slices are based on variables and statements. Slices consist of statements that potentially affect (or are affected by) the value of a particular variable at a given statement. Two assumptions are implicit in this definition: 1) that ...

This paper describes the process of implementing a complex communications protocol that provides reliable delivery of data in multicast-capable, packet-switching telecommunication networks. The protocol, called the Reliable Multicasting Protocol (RMP), ...

Program faults are artifacts that are widely studied, but there are many aspects of faults that we still do not understand. In addition to the simple fact that one important goal during testing is to cause failures and thereby detect faults, a full ...

Load sensitive faults cause a program to fail when it is executed under a heavy load or over a long period of time, but may have no detrimental effect under small loads or short executions. In addition to testing the functionality of these programs, ...

Test data generation in program testing is the process of identifying a set of test data that satisfies a selected testing criterion, such as, statement coverage or branch coverage. The existing methods of test data generation are limited to unit ...

Features are added to an existing system to add functionality. A new feature interacts with an existing feature if the behavior of the existing feature is changed by the presence of the new feature. Our research group has started to investigate how to ...

Many concurrent systems are required to maintain certain safety and liveness properties. One emerging method of achieving confidence in such systems is to statically verify them using model checking. In this approach an abstract, finite-state model of ...

We illustrate the application of Nitpick, a specification checker, to the design of a style mechanism for a word processor. The design is cast, along with some expected properties, in a subset of Z. Nitpick checks a property by enumerating all possible ...

Concurrent real-time software is used in many safety-critical applications. Assuring the quality of such software requires the use of formal methods. Before a program can be analyzed formally, however, we must construct a mathematical model that ...

We have developed a formal validation tool that has been used on several projects that are developing software for AT&T's 5ESS^™ telephone switching system. The tool uses Holzmann's supertrace algorithm to check for errors such as deadlock and ...

This paper describes an application of formal methods to protocol specification, validation and verification. Formal methods can be incorporated in protocol design and testing so that time and resources are saved on implementation, testing, and ...

This paper presents a simple logic-model semantics for Software Cost Reduction (SCR) software requirements. Such a semantics enables model-checking of native SCR requirements and obviates the need to transform the requirements for analysis. The paper ...