Section: New Results
Automatic model synthesis
The input domain of a complex software is increasingly shifting from primitive data types like integers, booleans, reals, and strings and data structures such as lists, trees, and graphs to models. Models are complex graph structures specified and constrained by a meta-model. Exploring the space of models in the modelling domain, specified by such a meta-model, to effectively attain certain objectives is the theme of our research. In  , we present a tool, Cartier, to transform a meta-model to a first-order relational logic language with quantifiers, Alloy, in order to perform constraint satisfaction and model synthesis. We apply the building of effective modelling domains to generate models for model transformation testing.
Validating Aspect Oriented Programs
The maintenance of aspect-oriented programs is challenging for several reasons because aspects crosscut several program modules making it difficult to reason about their interactions with the program. If test cases exist, the introduction of aspects and / or the evolution of the system may make them fail. In order to address these problems we propose different approaches. To address interaction issues, we propose ABIS  ,  an aspect-base program interaction specification framework. To address the impact on test cases we propose Vidock  , a test case impact analysis for aspect-oriented programs. Vidock identifies the test cases which behavior is impacted by aspect weaving.
Model-based security testing
Our work on security testing consisted in three studies related to test generation and the implication of security test cases to evaluate the adaptability of a system to a change in sthe security policy.
We proposed a meta-model for access control policies  ,  ,  which is integrated to a framework for specifying, deploying and testing access control policies. We specify the security policy using our metamodel, then we instantiate the policy in a specific language (RBAC,OrBAC, MAC or DAC) using model transformation. The policy is deployed to the XACML architecture and the security calls are weaved in the business logic using AOP. A tool for mutation analysis injects faults in the system using fault mdoels defined at the generic level and is used to qualify security test cases.
We studied combinatorial testing  to generate test data for security policies. We compared pair-wise testing to several random test generations. In  we studied how to use security tests to detect hidden security mechanisms in legacy systems. If access control policy decision points are not neatly separated from the business logic of a system, the evolution of a security policy likely leads to the necessity of changing the system's code base. We analyzed the notion of flexibility which is related to the presence of hidden and implicit security mechanisms in the business logic.
P2P testing framework
Participant : Yves Le Traon.
Peer-to-peer (P2P) is becoming a key technology for software development, but still lacks integrated solutions to validate the final software. Testing P2P systems is difficult because of the high numbers of peers which can be volatile. In this collaboration with Eduardo Cunha de Almeida, Gerson Sunyé, and Patrick Valduriez of the LINA lab  ,  , we proposed an integrated solution for testing large-scale P2P systems. The solution is based on a framework with two original aspects: (i) the individual control of peers volatility and (ii) a distributed testing architecture to cope with large numbers of peers. The framework has been validated through implementation and experimentation on two open-source P2P systems. Through experimentation, we analyze the behavior of both systems on different conditions of volatility and show how the framework is able to detect problems.