Model-based GUI testing using UPPAAL

Model-based Automatic Offline MMI Testing @ Novo Nordisk A/S

Jacob Illum, CISSUlrik Hørlyk Hjort, BestPractice Consulting

I-DAY @ FM2009, Eindhoven, Nov. 5th

Overview

• CISS and Uppaal

• Novo Nordisk A/S

• System Testing of Embedded Devices @ Novo Nordisk.

• Demo

• Experiences

• Conclusion/Future work

CISS Focus Areas

Applikationer

Teknologi

Værktø

j

Modeller

Metoder

Protokoller

Design- og Prog.sprog

Operativ system

HW platform

GPSOpen source

Home automationMobile robotter

Intelligente sensorerAd hoc netværk

MobiltlfAudio/Video

Konsum elektrKontrolsystemer

AutomobileX-by wire

Algo

ritm

ik

SW-u

dvikl

ingEf

fekt

forb

rug

Pålid

eligh

edTe

st &

Vali

derin

g

Hybr

ide sy

stem

er

Kom

mun

ikatio

nste

ori

Model Based Development of Embedded Software

Intelligent Sensor Networks

Embedded & RT Platform LAB

Safety Critical Software Systems

Embedded System Testing & Verification

HW/SW Co-Design, Design Space Exploration

Resource Optimal Scheduling

Security

High Level Programming Languages for ES

IT in Automation

Timed Automata

Synchronization

Guard

Invariant

Reset

[Alur & Dill’89]

Resource

Timed Automata

Resource

Semantics: ( Idle , x=0 ) ( Idle , x=2.5) d(2.5) ( InUse , x=0 ) use? ( InUse , x=5) d(5) ( Idle , x=5) done! ( Idle , x=8) d(3) ( InUse , x=0 ) use?

[Alur & Dill’89]

Timed Automata

Resource


[Alur & Dill’89]

Synchronization

Guard

Invariant

Reset

Timed Automata

Resource


[Alur & Dill’89]

Synchronization

Guard

Invariant

Reset

Timed Automata

Resource


[Alur & Dill’89]

Synchronization

Guard

Invariant

Reset

Timed Automata

Resource


[Alur & Dill’89]

Synchronization

Guard

Invariant

Reset

Composition

Resource Task

Shared variable

Synchronization

Semantics:( Idle , Init , B=0, x=0)

( Idle , Init , B=0 , x=3.1415 ) d(3.1415) ( InUse , Using , B=6, x=0 ) use ( InUse , Using , B=6, x=6 ) d(6) ( Idle , Done , B=6 , x=6 ) done

Composition

Resource Task



Shared variable

Synchronization

Composition

Resource Task



Shared variable

Synchronization

Composition

Resource Task



Shared variable

Synchronization

Advanced Features

int[0,1234] ivar = 42;

typedef struct { bool sL;} base_t;

base_t Base;

bool func(base_t & bt) { if (ivar < 31) return bt.sL; else return true;}

Template ( base_t & bt )

The Case

• An embedded device for medical purposes.

• MMI for user interaction.

• Strong process requirements from FDA.

A B C D E F

G H I J K L

M N O P Q R

• Automatic verification of requirements.• Use cases and MMI flows.• Simple scripting system to simulate user

actions and to verify the system response.

• Works well for use cases but not for MMI flows

MMI Flows verification old way:

• MMI Flow as Visio drawings. • Manually written javascript testcases.• Difficult to review.• Difficult to document coverage• Difficult to manage when MMI flow

changes.

MMI Flow verification new way

• Generate the javascript testcases automatic from the MMI flow.

• MMI flows as UML statemachine diagrams

Future Work

• UML Real-time profile• Model concurrency• Requirements verification• Tool integration

– Rational Systems Developer, Rational Rhapsody, Enterprise Architect

• Test scripts from verification• More use cases

Experiences

• Automatic verification that MMI implementation follow the specification.

• High documented software quality since the whole MMI flow is verified.

• Easy to do regression tests when MMI flows are updated.

• Test coverage is documented by the tool.

Experiences

• Information of deadlocks in the model.• Better review and analysis of models

and test models.• Flows are validated aready at the design

phase.

Experiences

• Models are in standard UML and gives a more excact model to work from and to communicate between the team (stackholders, designers, developers, testers etc.)

Questions?

Thank you for your attention!

Documents

Model-based GUI testing using UPPAAL