Testing abstract distributed programs and their implementations: A constraint-based approach

An abstract program is a formal specification that models the valid behavior of a concurrent program without describing particular implementation mechanisms that achieve this behavior. Valid behavior can be modeled as the possible sequences of events that may be observed of a conforming concrete implementation of the abstract program. In this article, we address the problem of how to select event sequences from an abstract program to test its concrete implementation. Sequencing constraints make explicit certain types of required properties that are expressed only implicitly by the abstract program itself. The sequencing constraints derived from an abstract program can be used to guide the selection of event sequences during testing: sequences are selected to check the implementation for conformance to the required properties. We describe a constraint notation called CSPE and formally define CSPE constraints in the propositional modal mu-calculus. CSPE constraints can be automatically derived from abstract CCS and Lotos programs, and test sequences can be generated to cover the constraints. We describe a test sequence generation tool that can be used to partially automate this process. The test sequence generator inputs an abstract program and a list of constraints, and outputs a list of test sequences. The test sequence generator was used in an experiment to measure the effectiveness of the test sequences. We created mutations of a nontrivial concurrent Ada program in order to determine the mutation adequacy of a set of test sequences generated from an abstract program. The abstract program was a specification of the Sliding Window Protocol. The results of the experiment are reported.