Effective Hybrid System Falsification Using Monte Carlo Tree Search Guided by QB-Robustness

Zhang, Zhenya; Lyu, Deyun; Arcaini, Paolo; Ма, Лей; Hasuo, Ichiro; Zhao, Jianjun

doi:10.1007/978-3-030-81685-8_29

Cited by 24 publications

(8 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We implement ATheNA-S as a plugin for S-Taliro [10], an opensource SBST tool. We selected S-Taliro, among other alternatives (e.g., Breach [26], FalCAuN [94], falsify [97], FalStar [31,93], Fore-See [98]) due to its recent classification as ready for industrial development [48], and its use in several industrial systems (e.g., [90]). In addition, this choice makes our solution applicable with other S-Taliro plugins, such as Aristeo [67].…”

Section: Methodsmentioning

confidence: 99%

Search-based Software Testing Driven by Automatically Generated and Manually Defined Fitness Functions

Formica¹,

Askarpour²,

Menghi³

2022

Preprint

View full text Add to dashboard Cite

Search-based software testing (SBST) typically relies on fitness functions to guide the search exploration toward software failures. There are two main techniques to define fitness functions: (a) automated fitness function computation from the specification of the system requirements and (b) manual fitness function design. Both techniques have advantages. The former uses information from the system requirements to guide the search toward portions of the input domain that are more likely to contain failures. The latter uses the engineers' domain knowledge.We propose ATheNA, a novel SBST framework that combines fitness functions that are automatically generated from requirements specifications and manually defined by engineers. We design and implement ATheNA-S, an instance of ATheNA that targets Simulink ® models. We evaluate ATheNA-S by considering a large set of models and requirements from different domains. We compare our solution with an SBST baseline tool that supports automatically generated fitness functions, and another one that supports manually defined fitness functions. Our results show that ATheNA-S generates more failure-revealing test cases than the baseline tools and that the difference between the performance of ATheNA-S and the baseline tools is not statistically significant. We also assess whether ATheNA-S could generate failure-revealing test cases when applied to a large case study from the automotive domain. Our results show that ATheNA-S successfully revealed a requirement violation in our case study.

show abstract

Section: Methodsmentioning

confidence: 99%

Search-based Software Testing Driven by Automatically Generated and Manually Defined Fitness Functions

Formica¹,

Askarpour²,

Menghi³

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…ART is a baseline strategy that generates evenly distributed test cases (within valid input ranges), thereby ensuring adequate diversity in the test inputs. On the other hand, FT generates counterexamples i.e., test cases that violate a property for a given model [38], [39]. Note that ART and FT work in radically complementary ways.…”

Section: B Experimental Setupmentioning

confidence: 99%

Property-Based Mutation Testing

Bartocci¹,

Mariani²,

Ničković³

et al. 2023

Preprint

View full text Add to dashboard Cite

Mutation testing is an established software quality assurance technique for the assessment of test suites. While it is well-suited to estimate the general fault-revealing capability of a test suite, it is not practical and informative when the software under test must be validated against specific requirements. This is often the case for embedded software, where the software is typically validated against rigorously-specified safety properties. In such a scenario (i) a mutant is relevant only if it can impact the satisfaction of the tested properties, and (ii) a mutant is meaningfully-killed with respect to a property only if it causes the violation of that property. To address these limitations of mutation testing, we introduce property-based mutation testing, a method for assessing the capability of a test suite to exercise the software with respect to a given property. We evaluate our property-based mutation testing framework on Simulink models of safety-critical Cyber-Physical Systems (CPS) from the automotive and avionic domains and demonstrate how propertybased mutation testing is more informative than regular mutation testing. These results open new perspectives in both mutation testing and test case generation of CPS.

show abstract

“…There exist many tools for falsifying STL properties of hybrid systems, including Breach [14], S-talrio [1], and TLTk [11]. STL falsification techniques are based on STL monitoring [13,32], and often use stochastic optimization techniques, such as Ant-Colony Optimization [1], Monte-Carlo tree search [43], deep reinforcement learning [41], and so on. These techniques are often quite useful for finding counterexamples in practice, but, as mentioned, cannot be used to verify STL properties of hybrid systems.…”

Section: Related Workmentioning

confidence: 99%

“…Due to the infinite-state nature of hybrid systems with continuous dynamics, most techniques and tools for analyzing STL properties focus on monitoring and falsification. These techniques analyze concrete samples of signals obtained by simulating hybrid automata to monitor the system's behavior [13,15,32] or find counterexamples [1,37,43], often combined with stochastic optimization. To this end, STL monitoring and falsification use quantitative semantics that defines the robustness degree to indicate how well the formula is satisfied.…”

Section: Introductionmentioning

confidence: 99%

STLmc: Robust STL Model Checking of Hybrid Systems Using SMT

Lee

Bae

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We present the STLmc model checker for signal temporal logic (STL) properties of hybrid systems. The STLmc tool can perform STL model checking up to a robustness threshold for a wide range of hybrid systems. Our tool utilizes the refutation-complete SMT-based bounded model checking algorithm by reducing the robust STL model checking problem into Boolean STL model checking. If STLmc does not find a counterexample, the system is guaranteed to be correct up to the given bounds and robustness threshold. We demonstrate the effectiveness of STLmc on a number of hybrid system benchmarks.

show abstract

Effective Hybrid System Falsification Using Monte Carlo Tree Search Guided by QB-Robustness

Cited by 24 publications

References 42 publications

Search-based Software Testing Driven by Automatically Generated and Manually Defined Fitness Functions

Search-based Software Testing Driven by Automatically Generated and Manually Defined Fitness Functions

Property-Based Mutation Testing

STLmc: Robust STL Model Checking of Hybrid Systems Using SMT

Contact Info

Product

Resources

About