Section: New Results

Model-Based Testing

Testing model transformations

Participants : Sagar Sen, Naouel Moha, Freddy Munoz, Benoit Baudry, Jean-Marc Jézéquel.

Automatic model transformations play a critical role in MDE since they automate complex, tedious, error-prone, and recurrent software development tasks. A fault in a transformation can introduce a fault in the transformed model, which if undetected and not removed, can propagate to other models in successive development steps. Model transformations constitute a class of programs with unique characteristics that make testing them challenging. We have identified these characteristics [14] and identified promising solutions to overcome these barriers. This work is part of the research developed in the MoCAA Equipe associée in collaboration with Sudipto Ghosh, Robert France from CSU, Franck Fleurey from SINTEF and Jean-Marie Mottu.

Following this work about analysis of current barriers, we have developed several propositions for the automatic generation of test data for model transformation and composition. We have presented test criteria to cover the transformation's input domain. Coverage criteria are thus based on an adaptation of category partition on metamodel properties and combinatorial techniques [50] . These criteria serve as the basis for automatic generation of test models or automatic completion of model [22] .

Automatic generation of test models requires a precise model of the effective input domain for the transformation. However, the declared source metamodel of a model transformation (e.g., UML) is usually an over approximation of the input domain. We have developed a systematic approach for pruning a large metamodel in order to obtain the effecitve source metamodel for the transformation [42] . Our tool Cartier can then use this to generate models and compare [41] the effectiveness of test criteria. experiments have shown that using partitioning strategies gives mutation scores of up to 87% vs. 72% in the case of unguided/random generation. These criteria and Cartier have then been used to synthesize models to test model composition engines[46] .

Requirements Modeling for Early Analysis

Participants : Gilles Perrouin, Erwan Brottier, Benoit Baudry.

Ever-growing systems' complexity and novel requirements engineering approaches such as reuse or globalization imply that requirements are produced by different stakeholders and written in possibly different languages. In this context, checking consistency so that requirements specifications are amenable to formal analysis is a challenge. We have defined the R2A (which stands for Requirements for Analysis) platform to promote a better integration of techniques for requirements verification and validation within software development processes [11] . The core of the platform is a model composition process working at two modeling levels [40] . At the instance-level, it produces a global specification of requirements from a collection of partial, heterogeneous and potentially inconsistent specifications. At the design level (so called meta-level), it produces the internal formalism of the platform from design components which embedd operational, compositional and deployment semantics. As such, this process promotes the adaptability of the platform to various industrial contexts. This work has been done in collaboration with Yves Le Traon from University of Luxemburg.

Artificial Table Testing Dynamically Adaptive Systems

Participants : Freddy Munoz, Benoit Baudry.

Dynamically Adaptive Systems (DAS) are systems that modify their behavior and structure in response to changes in their surrounding environment. A major challenge for testing these systems is the combinatorial explosions of variants and environment conditions to which the system must react. Artificial Shaking Table Testing (ASTT) is a strategy inspired by shaking table testing (STT), a technique widely used in civil engineering to evaluate building's structural resistance to seismic events. ASTT makes use of artificial earthquakes that simulate violent changes in the environmental conditions and stresses the system adaptation capability. We model the generation of artificial earthquakes as a search problem in which the goal is to optimize different types of environmental variations and use ASTT as sampling technique to select test vectors for DAS [51] .

Transforming and selecting functional test cases for security policy testing

Participants : Tejeddine Mouelhi, Benoit Baudry.

This work [37] considers typical applications in which the business logic is separated from the access control logic, implemented in an independent component, called the Policy Decision Point (PDP). The execution of functions in the business logic should thus include calls to the PDP, which grants or denies the access to the protected resources/functionalities of the system, depending on the way the PDP has been configured. The task of testing the correctness of the implementation of the security policy is tedious and costly. In this paper, we propose a new approach to reuse and automatically adapt existing functional test cases for specifically testing the security mechanisms. It includes a two step dynamic analysis technique based on mutation applied to security policies (RBAC, XACML, OrBAC). The method is applied to Java programs and provides tools for performing the two steps of the dynamic analyses. Three empirical case studies provide fruitful results and a first proof of concepts for this approach, e.g. by comparing its efficiency to an error-prone manual adaptation task. This work has been done in collaboration with Yves Le Traon from University of Luxemburg.