Consistent Composition and Testing of Components using Abstract State Machines

Modelling complex systems in a coherent and rigorous way is a basic goal in system design. In particular, the integration of specifications could be a problematic operation having potentially severe side effects: when components of a system separately developed are combined together, they may intersect and overlap giving rise to inconsistencies and conflicts which have to be resolved in order to obtain a consistent system. Moreover, the substitution of old components with new ones or the introduction of new features in the system may affect the overall system behavior in an unpredictable way. For these reasons, the introduction of composition operations producing consistent systems is required. Along the process of system development, testing is also of extreme importance to produce high-quality products. Testing allows to uncover development and coding errors, to assess system reliability and dependability, and to convince customers that the performance is acceptable. Although, software testing is extremely costly and time-consuming, specification based testing [11] offers an opportunity to significantly reduce the testing costs. In specification based testing, a specification can be used as ”test oracle” [14], i.e. as authoritative font of the expected system behavior, and as way to assess correctness of implementations. Moreover, ”test adequacy criteria” can be derived from a specification [15]. They determine if a test suite is adequate to test a system, whether enough testing has been performed or further tests are needed. A specification can also provide ”selection criteria” of adequate test suites. Normally a selection criterion introduces some algorithms or techniques to actually generate test sequences from formal specifications. We address both problems of components integration and specification-based testing of components using (sequential) Abstract State Machines (ASMs). The choice of this formal method as a platform to construct rigorous integration operations for partial specifications and to define methods for generating test suites from high-level specifications, is intentional and it is due to the fact that, besides having been successfully used in practice for design and analysis of complex hardware/software systems [3], ASMs have evident theoretical foundations, clear and precise semantics [8, 9, 1].