Test Template Framework

The Test Template Framework (TTF) is a model-based testing (MBT) framework proposed by Phil Stocks and David Carrington in (Stocks & Carrington 1996) for the purpose of software testing. Although the TTF was meant to be notation-independent, the original presentation was made using the Z formal notation. It is one of the few MBT frameworks approaching unit testing.

Introduction

edit

The TTF is a specific proposal of model-based testing (MBT). It considers models to be Z specifications. Each operation within the specification is analyzed to derive or generate abstract test cases. This analysis consists of the following steps:

  1. Define the input space (IS) of each operation.
  2. Derive the valid input space (VIS) from the IS of each operation.
  3. Apply one or more testing tactics,[1] starting from each VIS, to build a testing tree for each operation. Testing trees are populated with nodes called test classes.
  4. Prune each of the resulting testing trees.
  5. Find one or more abstract test cases from each leaf in each testing tree.

One of the main advantages of the TTF is that all of these concepts are expressed in the same notation of the specification, i.e. the Z notation. Hence, the engineer has to know only one notation to perform the analysis down to the generation of abstract test cases.

Important concepts

edit

In this section the main concepts defined by the TTF are described.

Input space

edit

Let   be a Z operation. Let   be all the input and (non-primed) state variables referenced in  , and   their corresponding types. The Input Space (IS) of  , written  , is the Z schema box defined by  .

Valid input space

edit

Let   be a Z operation. Let   be the precondition of  . The Valid Input Space (VIS) of  , written  , is the Z schema box defined by  .

Test class

edit

Let   be a Z operation and let   be any predicate depending on one or more of the variables defined in  . Then, the Z schema box   is a test class of  . Note that this schema is equivalent to  . This observation can be generalized by saying that if   is a test class of  , then the Z schema box defined by   is also a test class of  . According to this definition the VIS is also a test class.

If   is a test class of  , then the predicate   in   is said to be the characteristic predicate of   or   is characterized by  .

Test classes are also called test objectives (Utting & Legeard 2007), test templates (Stocks & Carrington 1996) and test specifications.

Testing tactic

edit

In the context of the TTF a testing tactic[1] is a means to partition any test class of any operation. However, some of the testing tactics used in practice actually do not always generate a partition of some test classes.

Some testing tactics originally proposed for the TTF are the following:

  • Disjunctive Normal Form (DNF). By applying this tactic the operation is written in Disjunctive Normal Form and the test class is divided in as many test classes as terms are in the resulting operation's predicate. The predicate added to each new test class is the precondition of one of the terms in the operation's predicate.
  • Standard Partitions (SP). This tactic uses a predefined partition of some mathematical operator (Stocks 1993). For example, the following is a good partition for expressions of the form   where   is one of  ,   and   (see Set theory).
     
    As can be noticed, standard partitions might change according to how much testing the engineer wants to perform.
  • Sub-domain Propagation (SDP). This tactic is applied to expressions containing:
    1. Two or more mathematical operators for which there are already defined standard partitions, or
    2. Mathematical operators which are defined in terms of other mathematical operators.
    In any of these cases, the standard partitions of the operators appearing in the expression or in the definition of a complex one, are combined to produce a partition for the expression. If the tactic is applied to the second case, then the resulting partition can be considered as the standard partition for that operator. Stocks and Carrington in (Stocks & Carrington 1996) illustrate this situation with  , where   means domain anti-restriction, by giving standard partitions for   and   and propagating them to calculate a partition for  .
  • Specification Mutation (SM). The first step of this tactic consists in generating a mutant of the Z operation. A mutant of a Z operation is similar in concept to a mutant of a program, i.e. it is a modified version of the operation. The modification is introduced by the engineer with the intention of uncovering an error in the implementation. The mutant should be the specification that the engineer guesses the programmer has implemented. Then, the engineer has to calculate the subset of the VIS that yields different results in both specifications. The predicate of this set is used to derive a new test class.

Some other testing tactics that may also be used are the following:

  • In Set Extension (ISE). It applies to predicates of the form  . In this case, it generates n test classes such that a predicate of the form   is added to each of them.
  • Mandatory Test Set (MTS). This tactic associates a set of constant values to a VIS' variable and generates as many test classes as elements are in the set. Each test class is characterized by a predicate of the form   where var is the name of the variable and val is one of the values of the set.
  • Numeric Ranges (NR). This tactic applies only to VIS' variables of type   (or its "subtype"  ). It consists in associating a range to a variable and deriving test classes by comparing the variable with the limits of the range in some ways. More formally, let n be a variable of type   and let   be the associated range. Then, the tactic generates the test classes characterized by the following predicates:  ,  ,  ,  ,  .
  • Free Type (FT). This tactic generates as many test classes as elements a free (enumerated) type has. In other words, if a model defines type COLOUR ::= red | blue | green and some operation uses c of type COLOUR, then by applying this tactic each test class will by divided into three new test classes: one in which c equals red, the other in which c equals blue, and the third where c equals green.
  • Proper Subset of Set Extension (PSSE). This tactic uses the same concept of ISE but applied to set inclusions. PSSE helps to test operations including predicates like  . When PSSE is applied it generates   test classes where a predicate of the form   with   and  , is added to each class.   is excluded from   because expr is a proper subset of  .
  • Subset of Set Extension (SSE). It is identical to PSSE but it applies to predicates of the form   in which case it generates   by considering also  .

Testing tree&

edit

The application of a testing tactic to the VIS generates some test classes. If some of these test classes are further partitioned by applying one or more testing tactics, a new set of test classes is obtained. This process can continue by applying testing tactics to the test classes generated so far. Evidently, the result of this process can be drawn as a tree with the VIS as the root node, the test classes generated by the first testing tactic as its children, and so on. Furthermore, Stocks and Carrington in (Stocks & Carrington 1996) propose to use the Z notation to build the tree, as follows.

 

Pruning testing trees

edit

In general a test class' predicate is a conjunction of two or more predicates. It is likely, then, that some test classes are empty because their predicates are contradictions. These test classes must be pruned from the testing tree because they represent impossible combinations of input values, i.e. no abstract test case can be derived out of them.

Abstract test case

edit

An abstract test case is an element belonging to a test class. The TTF prescribes that abstract test cases should be derived only from the leaves of the testing tree. Abstract test cases can also be written as Z schema boxes. Let   be some operation, let   be the VIS of  , let   be all the variables declared in  , let   be a (leaf) test class of the testing tree associated to  , let   be the characteristic predicates of each test class from   up to   (by following the edges from child to parent), and let   be   constant values satisfying  . Then, an abstract test case of   is the Z schema box defined by  .

See also

edit

References

edit
  • Stocks, Phil; Carrington, David (1996), "A framework for specification-based testing", IEEE Transactions on Software Engineering, 22 (11): 777–793, doi:10.1109/32.553698.
  • Utting, Mark; Legeard, Bruno (2007), Practical Model-Based Testing: A Tools Approach (1st ed.), Morgan Kaufmann, ISBN 0-12-372501-1.
  • Stocks, Phil (1993), Applying Formal Methods to Software Testing, Department of Computer Science, University of Queensland, PhD thesis.

Notes

edit
  1. ^ a b Stocks and Carrington use the term testing strategies in (Stocks & Carrington 1996).