Results 1  10
of
19
Strategy Logic
, 2007
"... We introduce strategy logic, a logic that treats strategies in twoplayer games as explicit firstorder objects. The explicit treatment of strategies allows us to handle nonzerosum games in a convenient and simple way. We show that the onealternation fragment of strategy logic, is strong enough ..."
Abstract

Cited by 49 (2 self)
 Add to MetaCart
(Show Context)
We introduce strategy logic, a logic that treats strategies in twoplayer games as explicit firstorder objects. The explicit treatment of strategies allows us to handle nonzerosum games in a convenient and simple way. We show that the onealternation fragment of strategy logic, is strong enough to express Nashequilibrium, secureequilibria, as well as other logics that were introduced to reason about games, such as ATL, ATL*, and gamelogic. We show that strategy logic is decidable, by constructing tree automata that recognize sets of strategies. While for the general logic, our decision procedure is nonelementary, for the simple fragment that is used above we show that complexity is polynomial in the size of the game graph and optimal in the formula (ranging between 2EXPTIME and polynomial depending on the exact formulas).
ModelBased Testing of ObjectOriented Reactive Systems with Spec Explorer
, 2007
"... Testing is one of the costliest aspects of commercial software development. Modelbased testing is a promising approach addressing these deficits. At Microsoft, modelbased testing technology developed by the Foundations of Software Engineering group in Microsoft Research has been used since 2003. T ..."
Abstract

Cited by 38 (11 self)
 Add to MetaCart
(Show Context)
Testing is one of the costliest aspects of commercial software development. Modelbased testing is a promising approach addressing these deficits. At Microsoft, modelbased testing technology developed by the Foundations of Software Engineering group in Microsoft Research has been used since 2003. The second generation of this tool set, Spec Explorer, deployed in 2004, is now used on a daily basis by Microsoft product groups for testing operating system components,.NET framework components and other areas. This chapter provides a comprehensive survey of the concepts of the tool and their foundations. 1
Online testing with model programs
 In ESEC/FSE13: Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
, 2005
"... Online testing is a technique in which test derivation from a model program and test execution are combined into a single algorithm. We describe a practical online testing algorithm that is implemented in the modelbased testing tool developed at Microsoft Research called Spec Explorer. Spec Explore ..."
Abstract

Cited by 28 (7 self)
 Add to MetaCart
(Show Context)
Online testing is a technique in which test derivation from a model program and test execution are combined into a single algorithm. We describe a practical online testing algorithm that is implemented in the modelbased testing tool developed at Microsoft Research called Spec Explorer. Spec Explorer is being used daily by several Microsoft product groups. Model programs in Spec Explorer are written in the high level specification languages AsmL or Spec#. We view model programs as implicit definitions of interface automata. The conformance relation between a model and an implementation under test is formalized in terms of refinement between interface automata. Testing then amounts to a game between the test tool and the implementation under test.
HigherOrder Test Generation
 In Proceedings of PLDI’2011 (ACM SIGPLAN 2011 Conference on Programming Language Design and Implementation
, 2011
"... Symbolic reasoning about large programs is bound to be imprecise. How to deal with this imprecision is a fundamental problem in program analysis. Imprecision forces approximation. Traditional static program verification builds “may ” overapproximations of the program behaviors to check universal “f ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
(Show Context)
Symbolic reasoning about large programs is bound to be imprecise. How to deal with this imprecision is a fundamental problem in program analysis. Imprecision forces approximation. Traditional static program verification builds “may ” overapproximations of the program behaviors to check universal “forallpaths ” properties, while automatic test generation requires “must ” underapproximations to check existential “forsomepath ” properties. In this paper, we introduce a new approach to test generation where tests are derived from validity proofs of firstorder logic formulas, rather than satisfying assignments of quantifierfree firstorder logic formulas as usual. Two key ingredients of this higherorder test generation are to (1) represent complex/unknown program functions/instructions causing imprecision in symbolic execution by uninterpreted functions, and (2) record uninterpreted function samples capturing inputoutput pairs observed at execution time for those functions. We show that higherorder test generation generalizes and is more precise than simplifying complex symbolic expressions using their concrete runtime values. We present several program examples where our approach can exercise program paths and find bugs missed by previous techniques. We discuss the implementability and applications of this approach. We also explain in what sense dynamic test generation is more powerful than static test generation.
State Exploration with Multiple State Groupings
 12TH INTERNATIONAL WORKSHOP ON ABSTRACT STATE MACHINES, ASM’05, MARCH 8–11, 2005, LABORATORY OF ALGORITHMS, COMPLEXITY AND LOGIC, UNIVERSITY PARIS 12 – VAL DE MARNE
, 2005
"... Exploration algorithms are relevant to the industrial practice of generating test cases from an abstract state machine whose runs define the predicted behavior of the software system under test. In this paper we describe a new exploration algorithm that allows multiple state grouping functions to ..."
Abstract

Cited by 10 (6 self)
 Add to MetaCart
Exploration algorithms are relevant to the industrial practice of generating test cases from an abstract state machine whose runs define the predicted behavior of the software system under test. In this paper we describe a new exploration algorithm that allows multiple state grouping functions to simultaneously guide the search for states that are interesting or relevant for testing. In some cases, our algorithm allows exploration to be optimized from exponential to linear complexity. The paper includes an extended example that illustrates the use of the algorithm with the Spec Explorer tool developed as Microsoft Research.
OnTheFly Testing of Reactive Systems
, 2005
"... Abstract. Onthefly testing is a technique in which test derivation from a model program and test execution are combined into a single algorithm. It can also be called online testing using a model program, to distinguish it from offline test generation as a separate process. We describe a practical ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Onthefly testing is a technique in which test derivation from a model program and test execution are combined into a single algorithm. It can also be called online testing using a model program, to distinguish it from offline test generation as a separate process. We describe a practical onthefly testing algorithm that is implemented in the modelbased testing tool developed at Microsoft Research called Spec Explorer. Spec Explorer is being used daily by several Microsoft product groups. Model programs in Spec Explorer are written in a high level specification language AsmL or Spec#. We view model programs as implicit definitions of interface automata. The conformance relation between a model and an implementation under test is formalized in terms of refinement between interface automata, and testing amounts to a game between the test tool and the implementation under test. 1
Timed Testing under Partial Observability
, 2009
"... This paper studies the problem of modelbased testing of realtime systems that are only partially observable. We model the System Under Test (SUT) using Timed Game Automata (TGA) which has internal actions, uncontrollable outputs and timing uncertainty of outputs. We define the partial observabilit ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
This paper studies the problem of modelbased testing of realtime systems that are only partially observable. We model the System Under Test (SUT) using Timed Game Automata (TGA) which has internal actions, uncontrollable outputs and timing uncertainty of outputs. We define the partial observability of SUT using a set of predicates over the TGA state space, and specify the test purposes in Computation Tree Logic (CTL) formulas. A recently developed partially observable timed game solver is used to generate winning strategies, which are used as test cases. We propose a conformance testing framework, define a partial observationbased conformance relation, present the test execution algorithms, and prove the soundness and completeness of this test method (i.e., a detected error really violates the conformance relation; and if the SUT violates the test purpose, then a test case can be generated to detect this violation). Experiments on some nontrivial examples show that this method yields encouraging results.
InputOutput Model Programs
, 2009
"... Model programs are used as highlevel behavioral specifications typically representing abstract state machines. For modeling reactive systems, one uses inputoutput model programs, where the action vocabulary is divided between two conceptual players: the input player and the output player. The pla ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Model programs are used as highlevel behavioral specifications typically representing abstract state machines. For modeling reactive systems, one uses inputoutput model programs, where the action vocabulary is divided between two conceptual players: the input player and the output player. The players share the action vocabulary and make moves that are labeled by actions according to their respective model programs. Conformance between the two model programs means that the output (input) player only makes output (input) moves that are allowed by the input (output) players model program. In a bounded game, the total number of moves is fixed. Here model programs use a background theory T containing linear arithmetic, sets, and tuples. We formulate the bounded game conformance checking problem, or BGC, as a theorem proving problem modulo T and analyze its complexity.
M.V.: P(l)aying for synchronization
 Implementation and Application of Automata, Lect. Notes Comput. Sci
, 2012
"... ar ..."
(Show Context)