Reasoning over Test Specifications using Assume-Guarantee Contracts
From Murray WikiJump to navigationJump to search
|Reasoning over Test Specifications using Assume-Guarantee Contracts
|Apurva Badithela, Josefine B. Graebener, Inigo Incer and and Richard M. Murray
|Submitted, NASA Formal Methods (NFM), 2023
|We establish a framework to reason about test campaigns described formally. First, we introduce the notion of a test structure — an object that carries i) the formal specifications of the system under test, and ii) the test objective, which is specified by a test engineer. We build on test structures to define test campaigns and specifications for the tester. Secondly, we use the algebra of assume-guarantee contracts to reason about constructing tester specifications, comparing test struc- tures and test campaigns, and combining and splitting test structures. Using the composition operator, we characterize the conditions on the constituent tester specifications and test objectives for feasibly combin- ing test structures. We illustrate the different applications of the quotient operator to split the test objective, the system into subsystems, or both. Finally, we illustrate test executions corresponding to the combined and split test structures in a discrete autonomous driving example and an aircraft formation-flying example. We anticipate that reasoning over test specifications would aid in generating optimal test campaigns.