SlideShare una empresa de Scribd logo

SBST 2019 Keynote

Shiva Nejati
Shiva Nejati

Keynote presentation at SBST 2019 (https://sbst19.github.io/).

Presentaciones y charlas públicas
1 de 112
Descargar para leer sin conexión
.lusoftware verification & validation VVS Testing Cyber Physical Systems via Evolutionary Algorithms and 
 Machine Learning Shiva Nejati SnT, University of Luxembourg SBST @ ICSE 2019 May 27, 2019 !1
About SnT • ICT research centre to fuel the national innovation system • Part of the University of Luxembourg !2 40+ industry partners 20 MEUR turnover (70% external funding) Acquired competitive funding since launch >100 M€ 60% of PhDs and RAs work on industry projects >300 employees 51 nationalities
Software Verification and Validation Group (http://svv.lu) !3 • Established in 2012 • Requirements Engineering, Security Analysis, Design Verification, Automated Testing, Runtime Monitoring • 5 faculty members (head: Lionel Briand) • 11 research associates • 13 PhD candidates • 3 research fellows • 10 current industry partnerships • Budget 2018: ~2 M€
SVV Industry Partners !4 SES and LuxSpace (Satellites) Delphi and IEE (Automotive) Government of Luxembourg HITEC (Emergency systems) BGL – BNP Paribas, Clearstream (Banking) Escent (MDE Coaching) QRA (Quality Assurance)
SVV Industry Partners !4 SES and LuxSpace (Satellites) Delphi and IEE (Automotive) Government of Luxembourg HITEC (Emergency systems) BGL – BNP Paribas, Clearstream (Banking) Escent (MDE Coaching) QRA (Quality Assurance)
Mode of Collaboration • Research driven by industry needs • Realistic evaluations • Combining research with innovation and technology transfer !5 Adapted from [Gorschek et al. 2006] Problem Formulation Problem Identification State of the Art Review Candidate Solution(s) Initial Validation Training Realistic Validation Industry Partners Research Groups 1 2 3 4 5 7 Solution Release 8 6
Acknowledgements !6 Raja Ben Abdessalem Reza Matinnejad Annibale Panichella Lionel Briand
Cyber Physical Systems (CPS) !7 Cyber Space Physical Sensing Actuation Information Networks Object Domain Real Space
CPS Challenge !8 Computing Physical Dynamics
Model-based Development of CPS !9 Integration of SW and HW Model in the Loop (MiL) Software in the Loop (SiL) Hardware in the Loop (HiL) Function Modeling Software Modeling/ Development
Function Models • are hybrid – capture both discrete (algorithms) and continuous (physical dynamics) computations • are executable •capture uncertainty e.g., about the environment !10 Model Signal Signal ˙x(t) = ˙x(0) + 1 M R t 0 F(⌧)d⌧ Hybrid Automaton State space: Bm × Rn Dynamics: initial condition + state transitions + differential equations Thermostat: x0 off on t off x’ = -K·x on x’ = K·(H-x) x ≤ 19 x ≥ 21 x ≤ 23 x ≥ 17 Dynamic System Signal Signal
Software Models • capture software architecture and 
 real-time constraints • specify performance, security 
 and timing requirements • are in charge of integrating 
 different components • are heterogeneous !11
Software Model Benefits of CPS Modelling !12 Function Model Simulation/ Prediction Certification Early Testing Verification Automated Code Generation CPS Models
Software Model Benefits of CPS Modelling !12 Function Model Simulation/ Prediction Certification Early Testing Verification Automated Code Generation CPS Models
Fundamental Questions • What are the useful and realistic models of CPS? • What requirements should CPS satisfy to meet their safety standards? • What are the main challenges in developing scalable and effective testing techniques for CPS? !13
Simple Controller !14 Controller Actuator Commands Electronic dryer controller Plant
Adaptive Controller !15 Controller Actuator Commands Sensors Plant feedback Cruise control system, Satellite controller
Autonomous Controller !16 Controller Actuator Commands Sensors Plant feedback Perception & Decision Sensors/ Camera Environment Automated Driving, Unmanned Aerial Vehicle, Smart IoT
Temporal/Real Time Requirements • ``As soon as braking is requested, the contact between Caliper and Disk shall occur within 20ms’’ • ``The system shall respond within 32ms’’ !17
Controller Requirements • Stability • Smoothness !18 Stability Violation Stability Violation Responsiveness Violation
Autonomous Systems • Perception and decision requirements • ``The car shall detect all obstacles ahead of the vehicle within 100m distance.’’ • ``An unintended braking manouvre by the Automated Emergency Braking shall be prevented.’’ • Behavioral Safety • Driving Behavior Comfort • Energy Efficiency • …. !19 Stopping sight distancr Percep1on distance
CPS Verification Challenge • Analytical techniques and exact solvers cannot be applied to CPS models due to • non-linear, non-algebraic computations • continuous dynamic behaviours • heterogeneity !20
CPS test input spaces are large and multi-dimensional commands commands + plant states sensor data over times plant states + environment On/Off On/Off
Metaheuristic Search • Stochastic optimisation, e.g., evolutionary computing • Efficiently explore the search space in order to find good (near optimal) feasible solutions • Applicable to any search space irrespective of the size • Flexible and can be combined with different optimisation methods • Amenable to analysis of heterogeneous models • Applicable to many practical situations, including SW testing !22
Our Approach in a Nutshell !23 Test Input Generation Guided Search Optimisations via Machine Learning
Structured Test Inputs !24 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X • Domain models • Vectors and constraints
Genetic Algorithms !25 Search algorithms inspired by the theory of evolution
Genetic Algorithms !25 Search algorithms inspired by the theory of evolution Initial test inputs
Genetic Algorithms !25 Search algorithms inspired by the theory of evolution Initial test inputs Fitness computation (which test is more likely to reveal faults?)
Genetic Algorithms !25 Search algorithms inspired by the theory of evolution Initial test inputs Fitness computation (which test is more likely to reveal faults?) Select the most critical tests (the ones more likely to reveal faults)
Genetic Algorithms !25 Search algorithms inspired by the theory of evolution Initial test inputs Fitness computation (which test is more likely to reveal faults?) Select the most critical tests (the ones more likely to reveal faults) Bread (generate new tests using Genetic operators)
Genetic Algorithms !25 Search algorithms inspired by the theory of evolution Initial test inputs Fitness computation (which test is more likely to reveal faults?) Select the most critical tests (the ones more likely to reveal faults) Bread (generate new tests using Genetic operators)
Why Do We Need Additional Optimizations? • Few objective function evaluations are possible because executing/simulating CPS function models is expensive • They should be executed for a long enough time duration • They capture, in addition to software/controllers, models of hardware and environment • Several local-optima • Large and multi-dimensional search input spaces !26
Machine Learning and Search !27 Find critical test inputs in the entire search space - Learning where the most critical regions are - Learning fitter solutions instead of breading them - Predicting fitness values instead of computing them - Selecting effective search algorithms and tuning their parameters - … Search Machine Learning
Industrial Research Projects
Testing Automated Driving Systems
Autonomous Car Features !30 Automated Emergency Breaking (AEB) Traffic Sign Recognition (TSR)
Sensor/ Camera Data Autonomous Feature Actuator Command -  Steering -  Acceleration -  Braking
Testing Models of Automated Driving Systems !32 Physics-based Simulators SUT Sensor/ Camera Data Autonomous Feature Actuator Command
Testing Models of Automated Driving Systems !32 Physics-based Simulators SUT Sensor/ Camera Data Autonomous Feature Actuator Command Time Stamped Vectors
Testing Models of Automated Driving Systems !32 Physics-based Simulators SUT Sensor/ Camera Data Autonomous Feature Actuator Command Time Stamped Vectors We use PreScan, a commercial physics- base simulator
Test Inputs/Outputs !33 - intensity: Real SceneLight Dynamic Object 1 - weatherType: Condition Weather - fog - rain - snow - normal «enumeration» Condition - field of view: Real Camera Sensor RoadSide Object - roadType: RT Road 1 - curved - straight - ramped «enumeration» RT - v0: Real Vehicle - x0: Real - y0: Real - θ: Real - v0: Real Pedestrian - x: Real - y: Real Position 1 * 1 * 1 1 - state: Boolean Collision Parked Cars Trees - simulationTime: Real - timeStep: Real Test Scenario AEB - certainty: Real Detection 1 1 11 1 1 1 1 «positioned» «uses» 1 1 - AWA Output Trajectory Environment inputs Mobile object inputs Outputs
System Safety Requirements • Req1: “Automated Emergency Braking (AEB) shall detect pedestrians in front of the car and stop the car when there is a risk of collision” • Req2: “An unintended manoeuvre by AEB shall be prevented” • Fitness functions estimate how close AEB is into violating its requirements (e.g., by having a collision) !34
Guided Test Generation !35 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Select best tests • Generate new tests (Genetic Operators) • Simulate every (candidate) test • Compute fitness functions Fitness values Tests revealing requirements violations Test input generation Evaluating test inputs
Guided Test Generation !35 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Select best tests • Generate new tests (Genetic Operators) • Simulate every (candidate) test • Compute fitness functions Fitness values Tests revealing requirements violations Test input generation Evaluating test inputs
Guided Test Generation !35 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Select best tests • Generate new tests (Genetic Operators) • Simulate every (candidate) test • Compute fitness functions Fitness values Tests revealing requirements violations But, simulations are expensive to run! Test input generation Evaluating test inputs
Surrogate Models • It takes 8 hours to run our search-based test generation (≈500 simulations) ➡We use surrogate models developed based on machine learning to reduce the number of fitness computations • We first train a model based on a large number of simulations • We use this model during the search to predict fitnesses instead of actually computing them, but … !36
Guided Test Generation !37 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Select best tests • Generate new tests (Genetic Operators) • Simulate every (candidate) test • Compute fitness values Fitnesses Tests revealing requirements violations Test input generation Evaluating test inputs
Test Generation with Surrogates !38 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Select best tests • Generate new tests (Genetic Operators) • Predict the fitness and the error (surrogate) • If the test is likely to be selected • Simulate the test • Compute the fitness Fitness values Tests revealing requirements violations
Archive (A) New Population (P) simulated not simulated
Archive (A) New Population (P) Simulate and compute fitnesses F A + P simulated not simulated
Archive (A) New Population (P) Simulate and compute fitnesses F A + P Rank 1 2 3 simulated not simulated
Archive (A) New Population (P) Simulate and compute fitnesses F A + P Rank 1 2 3 Select simulated not simulated
A P simulated not simulated
A P Predict fitnesses A + P simulated not simulated ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Predicted values are only used to bypass simulations for unfit individuals Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
Comparing Search w/ and w/o Surrogate !41 0.00 0.25 0.50 0.75 1.00 Time (min) Hypervolume 50 100 15010 NSGA2 (mean) NSGA2-SM (mean) Search with surrogate models generates higher quality solutions than search without surrogate models
Comparing Search w/ and w/o Surrogate !41 0.00 0.25 0.50 0.75 1.00 Time (min) Hypervolume 50 100 15010 NSGA2 (mean) NSGA2-SM (mean) Search with surrogate models generates higher quality solutions than search without surrogate models A worst case scenario example
Guided Test Generation !42 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Select best tests • Generate new tests (Genetic Operators) • Simulate every (candidate) test • Compute fitness values Fitnesses Tests revealing requirements violations Test input generation Evaluating test inputs
Test Generation Guided by Classification !43 • Build a classification tree • Select/generate tests in the fittest regions xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Simulate every (candidate) test • Compute fitness values Fitnesses Tests revealing requirements violations + Failure Explanations
Genetic Evolution Guided by Classification !44 1. Initial Inputs 2. Fitness Computation 3. Classification 4. Selection 5. Breeding
Genetic Evolution Guided by Classification !44 1. Initial Inputs 2. Fitness Computation 3. Classification 4. Selection 5. Breeding
Genetic Evolution Guided by Classification !44 1. Initial Inputs 2. Fitness Computation 3. Classification 4. Selection 5. Breeding Fitnesses: F1. Min distance between pedestrian and the car F2. Speed of the car at the time of collision
Genetic Evolution Guided by Classification !44 1. Initial Inputs 2. Fitness Computation 3. Classification 4. Selection 5. Breeding Label: (F1 < threshold1) (F2 > threshold2)^<latexit sha1_base64="fN2vLjkdGPW+23P0LWTflayq2iM=">AAAB73icbVDLTgJBEOzFF+IL9ehlIph4Irt40CPRi0dM5JHAhszO9sKE2Yczsxqy4Se8eNAYr/6ON//GAfagYCWdVKq6093lJYIrbdvfVmFtfWNzq7hd2tnd2z8oHx61VZxKhi0Wi1h2PapQ8AhbmmuB3UQiDT2BHW98M/M7jygVj6N7PUnQDekw4gFnVBupW+0/oT/E6qBcsWv2HGSVODmpQI7moPzV92OWhhhpJqhSPcdOtJtRqTkTOC31U4UJZWM6xJ6hEQ1Rudn83ik5M4pPgliaijSZq78nMhoqNQk90xlSPVLL3kz8z+ulOrhyMx4lqcaILRYFqSA6JrPnic8lMi0mhlAmubmVsBGVlGkTUcmE4Cy/vEra9ZpzUavf1SuN6zyOIpzAKZyDA5fQgFtoQgsYCHiGV3izHqwX6936WLQWrHzmGP7A+vwBT+KPfA==</latexit>
Genetic Evolution Guided by Classification !44 1. Initial Inputs 2. Fitness Computation 3. Classification 4. Selection 5. Breeding Label: (F1 < threshold1) (F2 > threshold2)^<latexit sha1_base64="fN2vLjkdGPW+23P0LWTflayq2iM=">AAAB73icbVDLTgJBEOzFF+IL9ehlIph4Irt40CPRi0dM5JHAhszO9sKE2Yczsxqy4Se8eNAYr/6ON//GAfagYCWdVKq6093lJYIrbdvfVmFtfWNzq7hd2tnd2z8oHx61VZxKhi0Wi1h2PapQ8AhbmmuB3UQiDT2BHW98M/M7jygVj6N7PUnQDekw4gFnVBupW+0/oT/E6qBcsWv2HGSVODmpQI7moPzV92OWhhhpJqhSPcdOtJtRqTkTOC31U4UJZWM6xJ6hEQ1Rudn83ik5M4pPgliaijSZq78nMhoqNQk90xlSPVLL3kz8z+ulOrhyMx4lqcaILRYFqSA6JrPnic8lMi0mhlAmubmVsBGVlGkTUcmE4Cy/vEra9ZpzUavf1SuN6zyOIpzAKZyDA5fQgFtoQgsYCHiGV3izHqwX6936WLQWrHzmGP7A+vwBT+KPfA==</latexit>
Genetic Evolution Guided by Classification !44 1. Initial Inputs 2. Fitness Computation 3. Classification 4. Selection 5. Breeding
Failure Explanation • A characterisation of the input space showing under what conditions the system is likely to fail • Path conditions in the decision tree • Visualized by decision trees or dedicated diagrams !45 radius in [15m..40m] 30m22m 10m 26m vehicle speed > 36 km/h pedestrian speed > 6 km/h road sidewalk θ curved road
Results • Does the decision tree technique help guide the evolutionary search and make it more effective? • Search with decision tree classifications can find 78% more distinct, critical test scenarios compared to a baseline search algorithm • Does our approach help characterize and converge towards homogeneous critical regions? • The generated critical regions consistently become smaller, more homogeneous and more precise over successive tree generations !46
Usefulness • The characterisations of the different critical regions can help with: (1) Debugging the system or the simulator (2) Identifying hardware changes to increase ADAS safety (3) Identifying proper warnings to drivers !47
Sensor/ Camera Data Autonomous Feature Actuator Command Sensor/ Camera Data Autonomous Feature Actuator Command Sensor/ Camera Data Autonomous Feature Actuator Command … … -  Steering -  Acceleration -  Braking Actuator Commands:
Sensor/ Camera Data Autonomous Feature Actuator Command Sensor/ Camera Data Autonomous Feature Actuator Command Sensor/ Camera Data Autonomous Feature Actuator Command … … -  Steering -  Acceleration -  Braking Actuator Commands: Conflicts
Sensor/ Camera Data Autonomous Feature Actuator Command Sensor/ Camera Data Autonomous Feature Actuator Command Sensor/ Camera Data Autonomous Feature Actuator Command … … -  Steering -  Acceleration -  Braking Actuator Commands: Feature Interaction Problem Conflicts
Sensor/ Camera Data Autonomous Feature Actuator Command Sensor/ Camera Data Autonomous Feature Actuator Command Sensor/ Camera Data Autonomous Feature Actuator Command … … -  Steering -  Acceleration -  Braking Actuator Commands: Undesired Feature Interactions Conflicts
Using search-based testing to detect undesired feature interactions among function models of self-driving systems !49
Our Fitness Function • A combination of three heuristics • Coverage-based • Failure-based • Unsafe overriding !50
Coverage-based Objective !51 Goal: Exercising as many decision rules as possible F1 F2 Fn … Decision Logic SUT if (condition) F1
Failure-based Test Objective !52 Goal: Revealing violations of system-level requirements Example: -  Req: No collision between pedestrians " and cars -  Generating test cases that minimize" the distance between the car and the " pedestrian F1 F2 Fn … Decision Logic SUT
Feature Interaction Test Objective !53 Goal: Finding failures that are more likely to be due to faults in the integration component rather than faults in the features F1 F2 Fn … Decision Logic SUT
Feature Interaction Test Objective !53 Goal: Finding failures that are more likely to be due to faults in the integration component rather than faults in the features Braking-F1 0 .3 .3 .6 .8 1 1 Braking - Final F1 F1 F2 F2 F3 F3 F1 0 .3 .2 .2 .3 .3 1 F1 F2 Fn … Decision Logic SUT
Feature Interaction Test Objective !53 Goal: Finding failures that are more likely to be due to faults in the integration component rather than faults in the features Braking-F1 0 .3 .3 .6 .8 1 1 Braking - Final F1 F1 F2 F2 F3 F3 F1 0 .3 .2 .2 .3 .3 1 F1 F2 Fn … Decision Logic SUT
Feature Interaction Test Objective !53 Goal: Finding failures that are more likely to be due to faults in the integration component rather than faults in the features Braking-F1 0 .3 .3 .6 .8 1 1 Braking - Final F1 F1 F2 F2 F3 F3 F1 0 .3 .2 .2 .3 .3 1 F1 F2 Fn … Decision Logic SUT
Feature Interaction Test Objective !53 Goal: Finding failures that are more likely to be due to faults in the integration component rather than faults in the features Braking-F1 0 .3 .3 .6 .8 1 1 Braking - Final F1 F1 F2 F2 F3 F3 F1 0 .3 .2 .2 .3 .3 1 Reward failures that could have been avoided if another feature had been prioritised by the decision rules F1 F2 Fn … Decision Logic SUT
On Hybrid Fitness Function !54 One hybrid test objective for every rule j and every requirement l ⌦j,l if (cnd) F
On Hybrid Fitness Function !54 One hybrid test objective for every rule j and every requirement l ⌦j,l if (cnd) F ⌦j,l(tc) > 2 tc does not cover Branch j
On Hybrid Fitness Function !54 One hybrid test objective for every rule j and every requirement l ⌦j,l if (cnd) F ⌦j,l(tc) > 2 tc does not cover Branch j 2 ⌦j,l(tc) > 1 tc covers branch j but F is not unsafely overriden
On Hybrid Fitness Function !54 One hybrid test objective for every rule j and every requirement l ⌦j,l if (cnd) F ⌦j,l(tc) > 2 tc does not cover Branch j 2 ⌦j,l(tc) > 1 tc covers branch j but F is not unsafely overriden 1 ⌦j,l(tc) > 0 tc covers branch j and F is unsafely overriden but req l is not violated
On Hybrid Fitness Function !54 One hybrid test objective for every rule j and every requirement l ⌦j,l if (cnd) F ⌦j,l(tc) > 2 tc does not cover Branch j 2 ⌦j,l(tc) > 1 tc covers branch j but F is not unsafely overriden 1 ⌦j,l(tc) > 0 tc covers branch j and F is unsafely overriden but req l is not violated ⌦j,l(tc) = 0 A feature interaction failure is likely detected
Search Algorithm • Goal: Computing a test suite that covers all the test objectives • Challenges: • The number of test objectives is large: • Computing test objectives is computationally expensive • Not a Pareto front optimization problem • Objectives compete with each others, e.g., cannot have, in a single test scenario, a car that violates the speed limit after hitting the leading car !55 # of requirements × # of rules
MOSA: Many-Objective Search- based Test Generation !56 Objective 1 Objective 2 Not all (non-dominated) solutions are optimal for the purpose of testing Panichella et. al. [ICST 2015]
MOSA: Many-Objective Search- based Test Generation !56 Objective 1 Objective 2 Not all (non-dominated) solutions are optimal for the purpose of testing These points are better than others Panichella et. al. [ICST 2015]
4 80 2 6 10 12 Time (h) (a) SafeDrive1Numberoffeatureinteractionfailures 0 2 8 10 4 6 (b) SafeDrive2 0 2 8 10 4 6 Hybrid (mean) Fail (mean) Cov (mean) Hybrid Coverage-based Failure-based
4 80 2 6 10 12 Time (h) (a) SafeDrive1Numberoffeatureinteractionfailures 0 2 8 10 4 6 (b) SafeDrive2 0 2 8 10 4 6 Hybrid (mean) Fail (mean) Cov (mean) Hybrid Coverage-based Failure-based Hybrid test objectives reveal significantly more feature interaction failures (more than twice) compared to baseline alternatives
Feedback from Domain Experts • The failures we found were due to undesired feature interactions • The failures were not previously known to them • We identified ways to improve the decision logic (integration component) to avoid failures !58 Example Feature Interaction Failure
Luxembourg Emergency Management System • Goal: Monitoring emergency situations and providing a robust communication platform for disaster situations • Requirements • Resilience • Maintaining an acceptable level of quality of service in the face of emergency situations !59 Radiation
Concluding Remarks
Search-Based Testing • Versatile • Can be applied to complex systems (non-linear, non-algebraic, continuous, heterogeneous) • Can be used when systems have black box components or rely on computer simulations • Scalable, easy to parallelize • Can be combined with: Machine learning, Statistics, Solvers, e.g., SMT and CP !61
Conclusions • Contextual factors influence both the significance of a problem and the shape of the solution • Our context: function models capturing CPS continuous dynamics, functional requirements and simulators capturing environment and hardware • Focus on system-level testing • Not just on the perception layer (DNN) or the decision layer or the control layer • We have to deal with computational complexity, heterogeneity and very large input spaces !62
• Raja Ben Abdessalem, Shiva Nejati, Lionel C. Briand, Thomas Stifter,``Testing vision- based control systems using learnable evolutionary algorithms’’, ICSE 2018: 1016-1026 • Raja Ben Abdessalem, Annibale Panichella, Shiva Nejati, Lionel C. Briand, Thomas Stifter, ``Testing autonomous cars for feature interaction failures using many-objective search’’, ASE 2018: 143-154 • Raja Ben Abdessalem, Shiva Nejati, Lionel C. Briand, Thomas Stifter, ``Testing advanced driver assistance systems using multi-objective search and neural networks’’, ASE 2016: 63-74 • Annibale Panichella, Fitsum Meshesha Kifetew, Paolo Tonella, ``Reformulating Branch Coverage as a Many-Objective Optimization Problem’’, ICST 2015: 1-10 • Nejati et al., “Evaluating Model Testing and Model Checking for Finding Requirements Violations in Simulink Models”, arXiv:1905.03490, 2019 !63
We are hiring! Talk to me if you are interested in research positions in any of the following areas: Applied Machine Learning, Applied Natural Language Processing, Automated Verification and Validation, Information Retrieval, Model-driven Engineering, Program Analysis, Requirements Engineering, Software Security, Software Testing

Recomendados

SSBSE 2020 keynote
SSBSE 2020 keynoteSSBSE 2020 keynote
SSBSE 2020 keynoteShiva Nejati
 
AI in SE: A 25-year Journey
AI in SE: A 25-year JourneyAI in SE: A 25-year Journey
AI in SE: A 25-year JourneyLionel Briand
 
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...Lionel Briand
 
Analyzing Natural-Language Requirements: The Not-too-sexy and Yet Curiously D...
Analyzing Natural-Language Requirements: The Not-too-sexy and Yet Curiously D...Analyzing Natural-Language Requirements: The Not-too-sexy and Yet Curiously D...
Analyzing Natural-Language Requirements: The Not-too-sexy and Yet Curiously D...Lionel Briand
 
Metamorphic Security Testing for Web Systems
Metamorphic Security Testing for Web SystemsMetamorphic Security Testing for Web Systems
Metamorphic Security Testing for Web SystemsLionel Briand
 
Mining Assumptions for Software Components using Machine Learning
Mining Assumptions for Software Components using Machine LearningMining Assumptions for Software Components using Machine Learning
Mining Assumptions for Software Components using Machine LearningLionel Briand
 
Speeding-up Software Testing With Computational Intelligence
Speeding-up Software Testing With Computational IntelligenceSpeeding-up Software Testing With Computational Intelligence
Speeding-up Software Testing With Computational IntelligenceAnnibale Panichella
 
Enabling Automated Software Testing with Artificial Intelligence
Enabling Automated Software Testing with Artificial IntelligenceEnabling Automated Software Testing with Artificial Intelligence
Enabling Automated Software Testing with Artificial IntelligenceLionel Briand
 

Recomendados

SSBSE 2020 keynote
SSBSE 2020 keynoteSSBSE 2020 keynote
SSBSE 2020 keynoteShiva Nejati
 
AI in SE: A 25-year Journey
AI in SE: A 25-year JourneyAI in SE: A 25-year Journey
AI in SE: A 25-year JourneyLionel Briand
 
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...Lionel Briand
 
Analyzing Natural-Language Requirements: The Not-too-sexy and Yet Curiously D...
Analyzing Natural-Language Requirements: The Not-too-sexy and Yet Curiously D...Analyzing Natural-Language Requirements: The Not-too-sexy and Yet Curiously D...
Analyzing Natural-Language Requirements: The Not-too-sexy and Yet Curiously D...Lionel Briand
 
Metamorphic Security Testing for Web Systems
Metamorphic Security Testing for Web SystemsMetamorphic Security Testing for Web Systems
Metamorphic Security Testing for Web SystemsLionel Briand
 
Mining Assumptions for Software Components using Machine Learning
Mining Assumptions for Software Components using Machine LearningMining Assumptions for Software Components using Machine Learning
Mining Assumptions for Software Components using Machine LearningLionel Briand
 
Speeding-up Software Testing With Computational Intelligence
Speeding-up Software Testing With Computational IntelligenceSpeeding-up Software Testing With Computational Intelligence
Speeding-up Software Testing With Computational IntelligenceAnnibale Panichella
 
Enabling Automated Software Testing with Artificial Intelligence
Enabling Automated Software Testing with Artificial IntelligenceEnabling Automated Software Testing with Artificial Intelligence
Enabling Automated Software Testing with Artificial IntelligenceLionel Briand
 
Approximation-Refinement Testing of Compute-Intensive Cyber-Physical Models: ...
Approximation-Refinement Testing of Compute-Intensive Cyber-Physical Models: ...Approximation-Refinement Testing of Compute-Intensive Cyber-Physical Models: ...
Approximation-Refinement Testing of Compute-Intensive Cyber-Physical Models: ...Lionel Briand
 
An Empirical Comparison of Model Validation Techniques for Defect Prediction ...
An Empirical Comparison of Model Validation Techniques for Defect Prediction ...An Empirical Comparison of Model Validation Techniques for Defect Prediction ...
An Empirical Comparison of Model Validation Techniques for Defect Prediction ...Chakkrit (Kla) Tantithamthavorn
 
Testing Machine Learning-enabled Systems: A Personal Perspective
Testing Machine Learning-enabled Systems: A Personal PerspectiveTesting Machine Learning-enabled Systems: A Personal Perspective
Testing Machine Learning-enabled Systems: A Personal PerspectiveLionel Briand
 
Can we predict the quality of spectrum-based fault localization?
Can we predict the quality of spectrum-based fault localization?Can we predict the quality of spectrum-based fault localization?
Can we predict the quality of spectrum-based fault localization?Lionel Briand
 
Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Lionel Briand
 
Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...
Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...
Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...Lionel Briand
 
A practical guide for using Statistical Tests to assess Randomized Algorithms...
A practical guide for using Statistical Tests to assess Randomized Algorithms...A practical guide for using Statistical Tests to assess Randomized Algorithms...
A practical guide for using Statistical Tests to assess Randomized Algorithms...Lionel Briand
 
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...Lionel Briand
 
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow ControllersEffective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow ControllersLionel Briand
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect PredictionSung Kim
 
Automated Testing of Autonomous Driving Assistance Systems
Automated Testing of Autonomous Driving Assistance SystemsAutomated Testing of Autonomous Driving Assistance Systems
Automated Testing of Autonomous Driving Assistance SystemsLionel Briand
 
VST2022.pdf
VST2022.pdfVST2022.pdf
VST2022.pdfAnnibale Panichella
 
Personalized Defect Prediction
Personalized Defect PredictionPersonalized Defect Prediction
Personalized Defect PredictionSung Kim
 
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...Lionel Briand
 
Transfer defect learning
Transfer defect learningTransfer defect learning
Transfer defect learningSung Kim
 
Automated Testing of Autonomous Driving Assistance Systems
Automated Testing of Autonomous Driving Assistance SystemsAutomated Testing of Autonomous Driving Assistance Systems
Automated Testing of Autonomous Driving Assistance SystemsLionel Briand
 
Automated Change Impact Analysis between SysML Models of Requirements and Design
Automated Change Impact Analysis between SysML Models of Requirements and DesignAutomated Change Impact Analysis between SysML Models of Requirements and Design
Automated Change Impact Analysis between SysML Models of Requirements and DesignLionel Briand
 
STAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSTAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSung Kim
 
Automated and Scalable Solutions for Software Testing: The Essential Role of ...
Automated and Scalable Solutions for Software Testing: The Essential Role of ...Automated and Scalable Solutions for Software Testing: The Essential Role of ...
Automated and Scalable Solutions for Software Testing: The Essential Role of ...Lionel Briand
 
Artificial Intelligence for Automated Software Testing
Artificial Intelligence for Automated Software TestingArtificial Intelligence for Automated Software Testing
Artificial Intelligence for Automated Software TestingLionel Briand
 
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...Lionel Briand
 
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...Lionel Briand
 

Más contenido relacionado

La actualidad más candente

Approximation-Refinement Testing of Compute-Intensive Cyber-Physical Models: ...
Approximation-Refinement Testing of Compute-Intensive Cyber-Physical Models: ...Approximation-Refinement Testing of Compute-Intensive Cyber-Physical Models: ...
Approximation-Refinement Testing of Compute-Intensive Cyber-Physical Models: ...Lionel Briand
 
An Empirical Comparison of Model Validation Techniques for Defect Prediction ...
An Empirical Comparison of Model Validation Techniques for Defect Prediction ...An Empirical Comparison of Model Validation Techniques for Defect Prediction ...
An Empirical Comparison of Model Validation Techniques for Defect Prediction ...Chakkrit (Kla) Tantithamthavorn
 
Testing Machine Learning-enabled Systems: A Personal Perspective
Testing Machine Learning-enabled Systems: A Personal PerspectiveTesting Machine Learning-enabled Systems: A Personal Perspective
Testing Machine Learning-enabled Systems: A Personal PerspectiveLionel Briand
 
Can we predict the quality of spectrum-based fault localization?
Can we predict the quality of spectrum-based fault localization?Can we predict the quality of spectrum-based fault localization?
Can we predict the quality of spectrum-based fault localization?Lionel Briand
 
Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Lionel Briand
 
Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...
Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...
Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...Lionel Briand
 
A practical guide for using Statistical Tests to assess Randomized Algorithms...
A practical guide for using Statistical Tests to assess Randomized Algorithms...A practical guide for using Statistical Tests to assess Randomized Algorithms...
A practical guide for using Statistical Tests to assess Randomized Algorithms...Lionel Briand
 
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...Lionel Briand
 
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow ControllersEffective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow ControllersLionel Briand
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect PredictionSung Kim
 
Automated Testing of Autonomous Driving Assistance Systems
Automated Testing of Autonomous Driving Assistance SystemsAutomated Testing of Autonomous Driving Assistance Systems
Automated Testing of Autonomous Driving Assistance SystemsLionel Briand
 
Personalized Defect Prediction
Personalized Defect PredictionPersonalized Defect Prediction
Personalized Defect PredictionSung Kim
 
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...Lionel Briand
 
Transfer defect learning
Transfer defect learningTransfer defect learning
Transfer defect learningSung Kim
 
Automated Testing of Autonomous Driving Assistance Systems
Automated Testing of Autonomous Driving Assistance SystemsAutomated Testing of Autonomous Driving Assistance Systems
Automated Testing of Autonomous Driving Assistance SystemsLionel Briand
 
Automated Change Impact Analysis between SysML Models of Requirements and Design
Automated Change Impact Analysis between SysML Models of Requirements and DesignAutomated Change Impact Analysis between SysML Models of Requirements and Design
Automated Change Impact Analysis between SysML Models of Requirements and DesignLionel Briand
 
STAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSTAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSung Kim
 
Automated and Scalable Solutions for Software Testing: The Essential Role of ...
Automated and Scalable Solutions for Software Testing: The Essential Role of ...Automated and Scalable Solutions for Software Testing: The Essential Role of ...
Automated and Scalable Solutions for Software Testing: The Essential Role of ...Lionel Briand
 
Artificial Intelligence for Automated Software Testing
Artificial Intelligence for Automated Software TestingArtificial Intelligence for Automated Software Testing
Artificial Intelligence for Automated Software TestingLionel Briand
 

La actualidad más candente (20)

Approximation-Refinement Testing of Compute-Intensive Cyber-Physical Models: ...
Approximation-Refinement Testing of Compute-Intensive Cyber-Physical Models: ...Approximation-Refinement Testing of Compute-Intensive Cyber-Physical Models: ...
Approximation-Refinement Testing of Compute-Intensive Cyber-Physical Models: ...
 
An Empirical Comparison of Model Validation Techniques for Defect Prediction ...
An Empirical Comparison of Model Validation Techniques for Defect Prediction ...An Empirical Comparison of Model Validation Techniques for Defect Prediction ...
An Empirical Comparison of Model Validation Techniques for Defect Prediction ...
 
Testing Machine Learning-enabled Systems: A Personal Perspective
Testing Machine Learning-enabled Systems: A Personal PerspectiveTesting Machine Learning-enabled Systems: A Personal Perspective
Testing Machine Learning-enabled Systems: A Personal Perspective
 
Can we predict the quality of spectrum-based fault localization?
Can we predict the quality of spectrum-based fault localization?Can we predict the quality of spectrum-based fault localization?
Can we predict the quality of spectrum-based fault localization?
 
Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...
 
Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...
Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...
Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...
 
A practical guide for using Statistical Tests to assess Randomized Algorithms...
A practical guide for using Statistical Tests to assess Randomized Algorithms...A practical guide for using Statistical Tests to assess Randomized Algorithms...
A practical guide for using Statistical Tests to assess Randomized Algorithms...
 
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...
 
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow ControllersEffective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect Prediction
 
Automated Testing of Autonomous Driving Assistance Systems
Automated Testing of Autonomous Driving Assistance SystemsAutomated Testing of Autonomous Driving Assistance Systems
Automated Testing of Autonomous Driving Assistance Systems
 
VST2022.pdf
VST2022.pdfVST2022.pdf
VST2022.pdf
 
Personalized Defect Prediction
Personalized Defect PredictionPersonalized Defect Prediction
Personalized Defect Prediction
 
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
 
Transfer defect learning
Transfer defect learningTransfer defect learning
Transfer defect learning
 
Automated Testing of Autonomous Driving Assistance Systems
Automated Testing of Autonomous Driving Assistance SystemsAutomated Testing of Autonomous Driving Assistance Systems
Automated Testing of Autonomous Driving Assistance Systems
 
Automated Change Impact Analysis between SysML Models of Requirements and Design
Automated Change Impact Analysis between SysML Models of Requirements and DesignAutomated Change Impact Analysis between SysML Models of Requirements and Design
Automated Change Impact Analysis between SysML Models of Requirements and Design
 
STAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSTAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash Reproduction
 
Automated and Scalable Solutions for Software Testing: The Essential Role of ...
Automated and Scalable Solutions for Software Testing: The Essential Role of ...Automated and Scalable Solutions for Software Testing: The Essential Role of ...
Automated and Scalable Solutions for Software Testing: The Essential Role of ...
 
Artificial Intelligence for Automated Software Testing
Artificial Intelligence for Automated Software TestingArtificial Intelligence for Automated Software Testing
Artificial Intelligence for Automated Software Testing
 

Similar a SBST 2019 Keynote

Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...Lionel Briand
 
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...Lionel Briand
 
Automotive engineering design - Model Based Design
Automotive engineering design - Model Based DesignAutomotive engineering design - Model Based Design
Automotive engineering design - Model Based DesignVinayagam Mariappan
 
Validation Framework for Autonomous Aerial Vehicles
Validation Framework for Autonomous Aerial VehiclesValidation Framework for Autonomous Aerial Vehicles
Validation Framework for Autonomous Aerial VehiclesM. Ilhan Akbas
 
Incremental Queries and Transformations for Engineering Critical Systems
Incremental Queries and Transformations for Engineering Critical SystemsIncremental Queries and Transformations for Engineering Critical Systems
Incremental Queries and Transformations for Engineering Critical SystemsÁkos Horváth
 
Predictive Analytics
Predictive AnalyticsPredictive Analytics
Predictive Analyticsrkpv2002
 
Predictive Analytics
Predictive AnalyticsPredictive Analytics
Predictive Analyticsrkpv2002
 
It‘s Math That Drives Things – Simulink as Simulation and Modeling Environment
It‘s Math That Drives Things – Simulink as Simulation and Modeling EnvironmentIt‘s Math That Drives Things – Simulink as Simulation and Modeling Environment
It‘s Math That Drives Things – Simulink as Simulation and Modeling EnvironmentJoachim Schlosser
 
IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4Sailaja Tennati
 
ES2022-Minh-Nguyen-ShapingTestsIntoModelsForAutomatedTCGeneration.pdf
ES2022-Minh-Nguyen-ShapingTestsIntoModelsForAutomatedTCGeneration.pdfES2022-Minh-Nguyen-ShapingTestsIntoModelsForAutomatedTCGeneration.pdf
ES2022-Minh-Nguyen-ShapingTestsIntoModelsForAutomatedTCGeneration.pdfMinh Nguyen
 
Intro to LV in 3 Hours for Control and Sim 8_5.pptx
Intro to LV in 3 Hours for Control and Sim 8_5.pptxIntro to LV in 3 Hours for Control and Sim 8_5.pptx
Intro to LV in 3 Hours for Control and Sim 8_5.pptxDeepakJangid87
 
AI for Software Engineering
AI for Software EngineeringAI for Software Engineering
AI for Software EngineeringMiroslaw Staron
 
Model based design-Hardware in loop-software in loop
Model based design-Hardware in loop-software in loopModel based design-Hardware in loop-software in loop
Model based design-Hardware in loop-software in loopMahmoud Hussein
 
Engage with...Romax | Driving the Electric Revolution Webinar
Engage with...Romax | Driving the Electric Revolution WebinarEngage with...Romax | Driving the Electric Revolution Webinar
Engage with...Romax | Driving the Electric Revolution WebinarKTN
 
Presentation Verification & Validation
Presentation Verification & ValidationPresentation Verification & Validation
Presentation Verification & ValidationElmar Selbach
 
VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...
VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...
VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...voltriosolutions
 
Applications of Machine Learning and Metaheuristic Search to Security Testing
Applications of Machine Learning and Metaheuristic Search to Security TestingApplications of Machine Learning and Metaheuristic Search to Security Testing
Applications of Machine Learning and Metaheuristic Search to Security TestingLionel Briand
 
Model-Based Design & Analysis.ppt
Model-Based Design & Analysis.pptModel-Based Design & Analysis.ppt
Model-Based Design & Analysis.pptRajuRaju183149
 

Similar a SBST 2019 Keynote (20)

Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
 
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
 
Automotive engineering design - Model Based Design
Automotive engineering design - Model Based DesignAutomotive engineering design - Model Based Design
Automotive engineering design - Model Based Design
 
Validation Framework for Autonomous Aerial Vehicles
Validation Framework for Autonomous Aerial VehiclesValidation Framework for Autonomous Aerial Vehicles
Validation Framework for Autonomous Aerial Vehicles
 
Incremental Queries and Transformations for Engineering Critical Systems
Incremental Queries and Transformations for Engineering Critical SystemsIncremental Queries and Transformations for Engineering Critical Systems
Incremental Queries and Transformations for Engineering Critical Systems
 
Predictive Analytics
Predictive AnalyticsPredictive Analytics
Predictive Analytics
 
Predictive Analytics
Predictive AnalyticsPredictive Analytics
Predictive Analytics
 
It‘s Math That Drives Things – Simulink as Simulation and Modeling Environment
It‘s Math That Drives Things – Simulink as Simulation and Modeling EnvironmentIt‘s Math That Drives Things – Simulink as Simulation and Modeling Environment
It‘s Math That Drives Things – Simulink as Simulation and Modeling Environment
 
IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4IEEE Buenaventura cs Chapter March 9 2016 v4
IEEE Buenaventura cs Chapter March 9 2016 v4
 
ES2022-Minh-Nguyen-ShapingTestsIntoModelsForAutomatedTCGeneration.pdf
ES2022-Minh-Nguyen-ShapingTestsIntoModelsForAutomatedTCGeneration.pdfES2022-Minh-Nguyen-ShapingTestsIntoModelsForAutomatedTCGeneration.pdf
ES2022-Minh-Nguyen-ShapingTestsIntoModelsForAutomatedTCGeneration.pdf
 
Intro to LV in 3 Hours for Control and Sim 8_5.pptx
Intro to LV in 3 Hours for Control and Sim 8_5.pptxIntro to LV in 3 Hours for Control and Sim 8_5.pptx
Intro to LV in 3 Hours for Control and Sim 8_5.pptx
 
AI for Software Engineering
AI for Software EngineeringAI for Software Engineering
AI for Software Engineering
 
Model based design-Hardware in loop-software in loop
Model based design-Hardware in loop-software in loopModel based design-Hardware in loop-software in loop
Model based design-Hardware in loop-software in loop
 
Engage with...Romax | Driving the Electric Revolution Webinar
Engage with...Romax | Driving the Electric Revolution WebinarEngage with...Romax | Driving the Electric Revolution Webinar
Engage with...Romax | Driving the Electric Revolution Webinar
 
Presentation Verification & Validation
Presentation Verification & ValidationPresentation Verification & Validation
Presentation Verification & Validation
 
VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...
VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...
VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...
 
MIL_SIL.pdf
MIL_SIL.pdfMIL_SIL.pdf
MIL_SIL.pdf
 
Applications of Machine Learning and Metaheuristic Search to Security Testing
Applications of Machine Learning and Metaheuristic Search to Security TestingApplications of Machine Learning and Metaheuristic Search to Security Testing
Applications of Machine Learning and Metaheuristic Search to Security Testing
 
A2IoT OBDII Case Study
A2IoT OBDII Case StudyA2IoT OBDII Case Study
A2IoT OBDII Case Study
 
Model-Based Design & Analysis.ppt
Model-Based Design & Analysis.pptModel-Based Design & Analysis.ppt
Model-Based Design & Analysis.ppt
 

Último

Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar TrainingKylaCullinane
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxraffaeleoman
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsaqsarehman5055
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfSkillCertProExams
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lodhisaajjda
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Delhi Call girls
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Baileyhlharris
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIINhPhngng3
 

Último (20)

Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 

SBST 2019 Keynote

  • 1. .lusoftware verification & validation VVS Testing Cyber Physical Systems via Evolutionary Algorithms and 
 Machine Learning Shiva Nejati SnT, University of Luxembourg SBST @ ICSE 2019 May 27, 2019 !1
  • 2. About SnT • ICT research centre to fuel the national innovation system • Part of the University of Luxembourg !2 40+ industry partners 20 MEUR turnover (70% external funding) Acquired competitive funding since launch >100 M€ 60% of PhDs and RAs work on industry projects >300 employees 51 nationalities
  • 3. Software Verification and Validation Group (http://svv.lu) !3 • Established in 2012 • Requirements Engineering, Security Analysis, Design Verification, Automated Testing, Runtime Monitoring • 5 faculty members (head: Lionel Briand) • 11 research associates • 13 PhD candidates • 3 research fellows • 10 current industry partnerships • Budget 2018: ~2 M€
  • 4. SVV Industry Partners !4 SES and LuxSpace (Satellites) Delphi and IEE (Automotive) Government of Luxembourg HITEC (Emergency systems) BGL – BNP Paribas, Clearstream (Banking) Escent (MDE Coaching) QRA (Quality Assurance)
  • 5. SVV Industry Partners !4 SES and LuxSpace (Satellites) Delphi and IEE (Automotive) Government of Luxembourg HITEC (Emergency systems) BGL – BNP Paribas, Clearstream (Banking) Escent (MDE Coaching) QRA (Quality Assurance)
  • 6. Mode of Collaboration • Research driven by industry needs • Realistic evaluations • Combining research with innovation and technology transfer !5 Adapted from [Gorschek et al. 2006] Problem Formulation Problem Identification State of the Art Review Candidate Solution(s) Initial Validation Training Realistic Validation Industry Partners Research Groups 1 2 3 4 5 7 Solution Release 8 6
  • 8. Cyber Physical Systems (CPS) !7 Cyber Space Physical Sensing Actuation Information Networks Object Domain Real Space
  • 10. Model-based Development of CPS !9 Integration of SW and HW Model in the Loop (MiL) Software in the Loop (SiL) Hardware in the Loop (HiL) Function Modeling Software Modeling/ Development
  • 11. Function Models • are hybrid – capture both discrete (algorithms) and continuous (physical dynamics) computations • are executable •capture uncertainty e.g., about the environment !10 Model Signal Signal ˙x(t) = ˙x(0) + 1 M R t 0 F(⌧)d⌧ Hybrid Automaton State space: Bm × Rn Dynamics: initial condition + state transitions + differential equations Thermostat: x0 off on t off x’ = -K·x on x’ = K·(H-x) x ≤ 19 x ≥ 21 x ≤ 23 x ≥ 17 Dynamic System Signal Signal
  • 12. Software Models • capture software architecture and 
 real-time constraints • specify performance, security 
 and timing requirements • are in charge of integrating 
 different components • are heterogeneous !11
  • 13. Software Model Benefits of CPS Modelling !12 Function Model Simulation/ Prediction Certification Early Testing Verification Automated Code Generation CPS Models
  • 14. Software Model Benefits of CPS Modelling !12 Function Model Simulation/ Prediction Certification Early Testing Verification Automated Code Generation CPS Models
  • 15. Fundamental Questions • What are the useful and realistic models of CPS? • What requirements should CPS satisfy to meet their safety standards? • What are the main challenges in developing scalable and effective testing techniques for CPS? !13
  • 17. Adaptive Controller !15 Controller Actuator Commands Sensors Plant feedback Cruise control system, Satellite controller
  • 18. Autonomous Controller !16 Controller Actuator Commands Sensors Plant feedback Perception & Decision Sensors/ Camera Environment Automated Driving, Unmanned Aerial Vehicle, Smart IoT
  • 19. Temporal/Real Time Requirements • ``As soon as braking is requested, the contact between Caliper and Disk shall occur within 20ms’’ • ``The system shall respond within 32ms’’ !17
  • 20. Controller Requirements • Stability • Smoothness !18 Stability Violation Stability Violation Responsiveness Violation
  • 21. Autonomous Systems • Perception and decision requirements • ``The car shall detect all obstacles ahead of the vehicle within 100m distance.’’ • ``An unintended braking manouvre by the Automated Emergency Braking shall be prevented.’’ • Behavioral Safety • Driving Behavior Comfort • Energy Efficiency • …. !19 Stopping sight distancr Percep1on distance
  • 22. CPS Verification Challenge • Analytical techniques and exact solvers cannot be applied to CPS models due to • non-linear, non-algebraic computations • continuous dynamic behaviours • heterogeneity !20
  • 23. CPS test input spaces are large and multi-dimensional commands commands + plant states sensor data over times plant states + environment On/Off On/Off
  • 24. Metaheuristic Search • Stochastic optimisation, e.g., evolutionary computing • Efficiently explore the search space in order to find good (near optimal) feasible solutions • Applicable to any search space irrespective of the size • Flexible and can be combined with different optimisation methods • Amenable to analysis of heterogeneous models • Applicable to many practical situations, including SW testing !22
  • 25. Our Approach in a Nutshell !23 Test Input Generation Guided Search Optimisations via Machine Learning
  • 26. Structured Test Inputs !24 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X • Domain models • Vectors and constraints
  • 27. Genetic Algorithms !25 Search algorithms inspired by the theory of evolution
  • 28. Genetic Algorithms !25 Search algorithms inspired by the theory of evolution Initial test inputs
  • 29. Genetic Algorithms !25 Search algorithms inspired by the theory of evolution Initial test inputs Fitness computation (which test is more likely to reveal faults?)
  • 30. Genetic Algorithms !25 Search algorithms inspired by the theory of evolution Initial test inputs Fitness computation (which test is more likely to reveal faults?) Select the most critical tests (the ones more likely to reveal faults)
  • 31. Genetic Algorithms !25 Search algorithms inspired by the theory of evolution Initial test inputs Fitness computation (which test is more likely to reveal faults?) Select the most critical tests (the ones more likely to reveal faults) Bread (generate new tests using Genetic operators)
  • 32. Genetic Algorithms !25 Search algorithms inspired by the theory of evolution Initial test inputs Fitness computation (which test is more likely to reveal faults?) Select the most critical tests (the ones more likely to reveal faults) Bread (generate new tests using Genetic operators)
  • 33. Why Do We Need Additional Optimizations? • Few objective function evaluations are possible because executing/simulating CPS function models is expensive • They should be executed for a long enough time duration • They capture, in addition to software/controllers, models of hardware and environment • Several local-optima • Large and multi-dimensional search input spaces !26
  • 34. Machine Learning and Search !27 Find critical test inputs in the entire search space - Learning where the most critical regions are - Learning fitter solutions instead of breading them - Predicting fitness values instead of computing them - Selecting effective search algorithms and tuning their parameters - … Search Machine Learning
  • 37. Autonomous Car Features !30 Automated Emergency Breaking (AEB) Traffic Sign Recognition (TSR)
  • 39. Testing Models of Automated Driving Systems !32 Physics-based Simulators SUT Sensor/ Camera Data Autonomous Feature Actuator Command
  • 40. Testing Models of Automated Driving Systems !32 Physics-based Simulators SUT Sensor/ Camera Data Autonomous Feature Actuator Command Time Stamped Vectors
  • 41. Testing Models of Automated Driving Systems !32 Physics-based Simulators SUT Sensor/ Camera Data Autonomous Feature Actuator Command Time Stamped Vectors We use PreScan, a commercial physics- base simulator
  • 42. Test Inputs/Outputs !33 - intensity: Real SceneLight Dynamic Object 1 - weatherType: Condition Weather - fog - rain - snow - normal «enumeration» Condition - field of view: Real Camera Sensor RoadSide Object - roadType: RT Road 1 - curved - straight - ramped «enumeration» RT - v0: Real Vehicle - x0: Real - y0: Real - θ: Real - v0: Real Pedestrian - x: Real - y: Real Position 1 * 1 * 1 1 - state: Boolean Collision Parked Cars Trees - simulationTime: Real - timeStep: Real Test Scenario AEB - certainty: Real Detection 1 1 11 1 1 1 1 «positioned» «uses» 1 1 - AWA Output Trajectory Environment inputs Mobile object inputs Outputs
  • 43. System Safety Requirements • Req1: “Automated Emergency Braking (AEB) shall detect pedestrians in front of the car and stop the car when there is a risk of collision” • Req2: “An unintended manoeuvre by AEB shall be prevented” • Fitness functions estimate how close AEB is into violating its requirements (e.g., by having a collision) !34
  • 44. Guided Test Generation !35 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Select best tests • Generate new tests (Genetic Operators) • Simulate every (candidate) test • Compute fitness functions Fitness values Tests revealing requirements violations Test input generation Evaluating test inputs
  • 45. Guided Test Generation !35 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Select best tests • Generate new tests (Genetic Operators) • Simulate every (candidate) test • Compute fitness functions Fitness values Tests revealing requirements violations Test input generation Evaluating test inputs
  • 46. Guided Test Generation !35 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Select best tests • Generate new tests (Genetic Operators) • Simulate every (candidate) test • Compute fitness functions Fitness values Tests revealing requirements violations But, simulations are expensive to run! Test input generation Evaluating test inputs
  • 47. Surrogate Models • It takes 8 hours to run our search-based test generation (≈500 simulations) ➡We use surrogate models developed based on machine learning to reduce the number of fitness computations • We first train a model based on a large number of simulations • We use this model during the search to predict fitnesses instead of actually computing them, but … !36
  • 48. Guided Test Generation !37 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Select best tests • Generate new tests (Genetic Operators) • Simulate every (candidate) test • Compute fitness values Fitnesses Tests revealing requirements violations Test input generation Evaluating test inputs
  • 49. Test Generation with Surrogates !38 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Select best tests • Generate new tests (Genetic Operators) • Predict the fitness and the error (surrogate) • If the test is likely to be selected • Simulate the test • Compute the fitness Fitness values Tests revealing requirements violations
  • 50. Archive (A) New Population (P) simulated not simulated
  • 51. Archive (A) New Population (P) Simulate and compute fitnesses F A + P simulated not simulated
  • 52. Archive (A) New Population (P) Simulate and compute fitnesses F A + P Rank 1 2 3 simulated not simulated
  • 53. Archive (A) New Population (P) Simulate and compute fitnesses F A + P Rank 1 2 3 Select simulated not simulated
  • 56. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated ̂F ± error
  • 57. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive ̂F ± error
  • 58. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
  • 59. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
  • 60. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
  • 61. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
  • 62. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
  • 63. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
  • 64. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
  • 65. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
  • 66. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
  • 67. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
  • 68. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
  • 69. Pessimistic Rank Optimistic Rank 1 2 3 1 2 3 ̂F − error ̂F + error A P Predict fitnesses A + P simulated not simulated Predicted values are only used to bypass simulations for unfit individuals Selected Archive 1. Select best simulated elements from Optimistic Rank 2. Select best not-simulated elements from Pessimistic Rank, simulate them and compute their fitnesses 3. Re-rank and re-iterate ̂F ± error
  • 70. Comparing Search w/ and w/o Surrogate !41 0.00 0.25 0.50 0.75 1.00 Time (min) Hypervolume 50 100 15010 NSGA2 (mean) NSGA2-SM (mean) Search with surrogate models generates higher quality solutions than search without surrogate models
  • 71. Comparing Search w/ and w/o Surrogate !41 0.00 0.25 0.50 0.75 1.00 Time (min) Hypervolume 50 100 15010 NSGA2 (mean) NSGA2-SM (mean) Search with surrogate models generates higher quality solutions than search without surrogate models A worst case scenario example
  • 72. Guided Test Generation !42 xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Select best tests • Generate new tests (Genetic Operators) • Simulate every (candidate) test • Compute fitness values Fitnesses Tests revealing requirements violations Test input generation Evaluating test inputs
  • 73. Test Generation Guided by Classification !43 • Build a classification tree • Select/generate tests in the fittest regions xe 0 xl 0xp 0 y0, y0 0 ✓p xts ~vp 0 ~v0 ~v0 yp 0 Y X Test Input Characterisation • Simulate every (candidate) test • Compute fitness values Fitnesses Tests revealing requirements violations + Failure Explanations
  • 74. Genetic Evolution Guided by Classification !44 1. Initial Inputs 2. Fitness Computation 3. Classification 4. Selection 5. Breeding
  • 75. Genetic Evolution Guided by Classification !44 1. Initial Inputs 2. Fitness Computation 3. Classification 4. Selection 5. Breeding
  • 76. Genetic Evolution Guided by Classification !44 1. Initial Inputs 2. Fitness Computation 3. Classification 4. Selection 5. Breeding Fitnesses: F1. Min distance between pedestrian and the car F2. Speed of the car at the time of collision
  • 77. Genetic Evolution Guided by Classification !44 1. Initial Inputs 2. Fitness Computation 3. Classification 4. Selection 5. Breeding Label: (F1 < threshold1) (F2 > threshold2)^<latexit sha1_base64="fN2vLjkdGPW+23P0LWTflayq2iM=">AAAB73icbVDLTgJBEOzFF+IL9ehlIph4Irt40CPRi0dM5JHAhszO9sKE2Yczsxqy4Se8eNAYr/6ON//GAfagYCWdVKq6093lJYIrbdvfVmFtfWNzq7hd2tnd2z8oHx61VZxKhi0Wi1h2PapQ8AhbmmuB3UQiDT2BHW98M/M7jygVj6N7PUnQDekw4gFnVBupW+0/oT/E6qBcsWv2HGSVODmpQI7moPzV92OWhhhpJqhSPcdOtJtRqTkTOC31U4UJZWM6xJ6hEQ1Rudn83ik5M4pPgliaijSZq78nMhoqNQk90xlSPVLL3kz8z+ulOrhyMx4lqcaILRYFqSA6JrPnic8lMi0mhlAmubmVsBGVlGkTUcmE4Cy/vEra9ZpzUavf1SuN6zyOIpzAKZyDA5fQgFtoQgsYCHiGV3izHqwX6936WLQWrHzmGP7A+vwBT+KPfA==</latexit>
  • 78. Genetic Evolution Guided by Classification !44 1. Initial Inputs 2. Fitness Computation 3. Classification 4. Selection 5. Breeding Label: (F1 < threshold1) (F2 > threshold2)^<latexit sha1_base64="fN2vLjkdGPW+23P0LWTflayq2iM=">AAAB73icbVDLTgJBEOzFF+IL9ehlIph4Irt40CPRi0dM5JHAhszO9sKE2Yczsxqy4Se8eNAYr/6ON//GAfagYCWdVKq6093lJYIrbdvfVmFtfWNzq7hd2tnd2z8oHx61VZxKhi0Wi1h2PapQ8AhbmmuB3UQiDT2BHW98M/M7jygVj6N7PUnQDekw4gFnVBupW+0/oT/E6qBcsWv2HGSVODmpQI7moPzV92OWhhhpJqhSPcdOtJtRqTkTOC31U4UJZWM6xJ6hEQ1Rudn83ik5M4pPgliaijSZq78nMhoqNQk90xlSPVLL3kz8z+ulOrhyMx4lqcaILRYFqSA6JrPnic8lMi0mhlAmubmVsBGVlGkTUcmE4Cy/vEra9ZpzUavf1SuN6zyOIpzAKZyDA5fQgFtoQgsYCHiGV3izHqwX6936WLQWrHzmGP7A+vwBT+KPfA==</latexit>
  • 79. Genetic Evolution Guided by Classification !44 1. Initial Inputs 2. Fitness Computation 3. Classification 4. Selection 5. Breeding
  • 80. Failure Explanation • A characterisation of the input space showing under what conditions the system is likely to fail • Path conditions in the decision tree • Visualized by decision trees or dedicated diagrams !45 radius in [15m..40m] 30m22m 10m 26m vehicle speed > 36 km/h pedestrian speed > 6 km/h road sidewalk θ curved road
  • 81. Results • Does the decision tree technique help guide the evolutionary search and make it more effective? • Search with decision tree classifications can find 78% more distinct, critical test scenarios compared to a baseline search algorithm • Does our approach help characterize and converge towards homogeneous critical regions? • The generated critical regions consistently become smaller, more homogeneous and more precise over successive tree generations !46
  • 82. Usefulness • The characterisations of the different critical regions can help with: (1) Debugging the system or the simulator (2) Identifying hardware changes to increase ADAS safety (3) Identifying proper warnings to drivers !47
  • 87. Using search-based testing to detect undesired feature interactions among function models of self-driving systems !49
  • 88. Our Fitness Function • A combination of three heuristics • Coverage-based • Failure-based • Unsafe overriding !50
  • 89. Coverage-based Objective !51 Goal: Exercising as many decision rules as possible F1 F2 Fn … Decision Logic SUT if (condition) F1
  • 90. Failure-based Test Objective !52 Goal: Revealing violations of system-level requirements Example: -  Req: No collision between pedestrians " and cars -  Generating test cases that minimize" the distance between the car and the " pedestrian F1 F2 Fn … Decision Logic SUT
  • 91. Feature Interaction Test Objective !53 Goal: Finding failures that are more likely to be due to faults in the integration component rather than faults in the features F1 F2 Fn … Decision Logic SUT
  • 92. Feature Interaction Test Objective !53 Goal: Finding failures that are more likely to be due to faults in the integration component rather than faults in the features Braking-F1 0 .3 .3 .6 .8 1 1 Braking - Final F1 F1 F2 F2 F3 F3 F1 0 .3 .2 .2 .3 .3 1 F1 F2 Fn … Decision Logic SUT
  • 93. Feature Interaction Test Objective !53 Goal: Finding failures that are more likely to be due to faults in the integration component rather than faults in the features Braking-F1 0 .3 .3 .6 .8 1 1 Braking - Final F1 F1 F2 F2 F3 F3 F1 0 .3 .2 .2 .3 .3 1 F1 F2 Fn … Decision Logic SUT
  • 94. Feature Interaction Test Objective !53 Goal: Finding failures that are more likely to be due to faults in the integration component rather than faults in the features Braking-F1 0 .3 .3 .6 .8 1 1 Braking - Final F1 F1 F2 F2 F3 F3 F1 0 .3 .2 .2 .3 .3 1 F1 F2 Fn … Decision Logic SUT
  • 95. Feature Interaction Test Objective !53 Goal: Finding failures that are more likely to be due to faults in the integration component rather than faults in the features Braking-F1 0 .3 .3 .6 .8 1 1 Braking - Final F1 F1 F2 F2 F3 F3 F1 0 .3 .2 .2 .3 .3 1 Reward failures that could have been avoided if another feature had been prioritised by the decision rules F1 F2 Fn … Decision Logic SUT
  • 96. On Hybrid Fitness Function !54 One hybrid test objective for every rule j and every requirement l ⌦j,l if (cnd) F
  • 97. On Hybrid Fitness Function !54 One hybrid test objective for every rule j and every requirement l ⌦j,l if (cnd) F ⌦j,l(tc) > 2 tc does not cover Branch j
  • 98. On Hybrid Fitness Function !54 One hybrid test objective for every rule j and every requirement l ⌦j,l if (cnd) F ⌦j,l(tc) > 2 tc does not cover Branch j 2 ⌦j,l(tc) > 1 tc covers branch j but F is not unsafely overriden
  • 99. On Hybrid Fitness Function !54 One hybrid test objective for every rule j and every requirement l ⌦j,l if (cnd) F ⌦j,l(tc) > 2 tc does not cover Branch j 2 ⌦j,l(tc) > 1 tc covers branch j but F is not unsafely overriden 1 ⌦j,l(tc) > 0 tc covers branch j and F is unsafely overriden but req l is not violated
  • 100. On Hybrid Fitness Function !54 One hybrid test objective for every rule j and every requirement l ⌦j,l if (cnd) F ⌦j,l(tc) > 2 tc does not cover Branch j 2 ⌦j,l(tc) > 1 tc covers branch j but F is not unsafely overriden 1 ⌦j,l(tc) > 0 tc covers branch j and F is unsafely overriden but req l is not violated ⌦j,l(tc) = 0 A feature interaction failure is likely detected
  • 101. Search Algorithm • Goal: Computing a test suite that covers all the test objectives • Challenges: • The number of test objectives is large: • Computing test objectives is computationally expensive • Not a Pareto front optimization problem • Objectives compete with each others, e.g., cannot have, in a single test scenario, a car that violates the speed limit after hitting the leading car !55 # of requirements × # of rules
  • 102. MOSA: Many-Objective Search- based Test Generation !56 Objective 1 Objective 2 Not all (non-dominated) solutions are optimal for the purpose of testing Panichella et. al. [ICST 2015]
  • 103. MOSA: Many-Objective Search- based Test Generation !56 Objective 1 Objective 2 Not all (non-dominated) solutions are optimal for the purpose of testing These points are better than others Panichella et. al. [ICST 2015]
  • 104. 4 80 2 6 10 12 Time (h) (a) SafeDrive1Numberoffeatureinteractionfailures 0 2 8 10 4 6 (b) SafeDrive2 0 2 8 10 4 6 Hybrid (mean) Fail (mean) Cov (mean) Hybrid Coverage-based Failure-based
  • 105. 4 80 2 6 10 12 Time (h) (a) SafeDrive1Numberoffeatureinteractionfailures 0 2 8 10 4 6 (b) SafeDrive2 0 2 8 10 4 6 Hybrid (mean) Fail (mean) Cov (mean) Hybrid Coverage-based Failure-based Hybrid test objectives reveal significantly more feature interaction failures (more than twice) compared to baseline alternatives
  • 106. Feedback from Domain Experts • The failures we found were due to undesired feature interactions • The failures were not previously known to them • We identified ways to improve the decision logic (integration component) to avoid failures !58 Example Feature Interaction Failure
  • 107. Luxembourg Emergency Management System • Goal: Monitoring emergency situations and providing a robust communication platform for disaster situations • Requirements • Resilience • Maintaining an acceptable level of quality of service in the face of emergency situations !59 Radiation
  • 109. Search-Based Testing • Versatile • Can be applied to complex systems (non-linear, non-algebraic, continuous, heterogeneous) • Can be used when systems have black box components or rely on computer simulations • Scalable, easy to parallelize • Can be combined with: Machine learning, Statistics, Solvers, e.g., SMT and CP !61
  • 110. Conclusions • Contextual factors influence both the significance of a problem and the shape of the solution • Our context: function models capturing CPS continuous dynamics, functional requirements and simulators capturing environment and hardware • Focus on system-level testing • Not just on the perception layer (DNN) or the decision layer or the control layer • We have to deal with computational complexity, heterogeneity and very large input spaces !62
  • 111. • Raja Ben Abdessalem, Shiva Nejati, Lionel C. Briand, Thomas Stifter,``Testing vision- based control systems using learnable evolutionary algorithms’’, ICSE 2018: 1016-1026 • Raja Ben Abdessalem, Annibale Panichella, Shiva Nejati, Lionel C. Briand, Thomas Stifter, ``Testing autonomous cars for feature interaction failures using many-objective search’’, ASE 2018: 143-154 • Raja Ben Abdessalem, Shiva Nejati, Lionel C. Briand, Thomas Stifter, ``Testing advanced driver assistance systems using multi-objective search and neural networks’’, ASE 2016: 63-74 • Annibale Panichella, Fitsum Meshesha Kifetew, Paolo Tonella, ``Reformulating Branch Coverage as a Many-Objective Optimization Problem’’, ICST 2015: 1-10 • Nejati et al., “Evaluating Model Testing and Model Checking for Finding Requirements Violations in Simulink Models”, arXiv:1905.03490, 2019 !63
  • 112. We are hiring! Talk to me if you are interested in research positions in any of the following areas: Applied Machine Learning, Applied Natural Language Processing, Automated Verification and Validation, Information Retrieval, Model-driven Engineering, Program Analysis, Requirements Engineering, Software Security, Software Testing