2 Why We Need Model-Based Testing
2 Why We Need Model-Based Testing
2 Why We Need Model-Based Testing
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Overview 47<br />
no confidence that we are converging on a correct design. There might be even<br />
more ways that the controller can fail. How can we be sure that we have considered<br />
enough runs? <strong>We</strong> need some systematic way to check the design thoroughly.<br />
3.6 Reviews and inspections, static analysis<br />
The traditional way to detect design defects is to conduct reviews or inspections<br />
where people examine design documents and code, often while consulting a checklist<br />
of likely errors. These assurance techniques are a good match to programs like ours,<br />
which have a simple, regular structure. The control program is largely built from<br />
only two kinds of methods, guards and handlers, and has a simple control structure<br />
expressed here by the DispatchHandler method. This makes it easy to express and<br />
check design rules that the code should observe. The design should be complete:<br />
there should be a handler enabled for every event in every state. The design should<br />
be deterministic: there should be only one handler enabled for each event in every<br />
state. The design should make progress: each handler should execute statements<br />
that bring the controller closer to a goal, usually by enabling a different handler.<br />
Each of the failures described in Section 3.4 is caused by a defect that violates these<br />
rules.<br />
Considered against our design rules, the defects in this little program are obvious.<br />
But in general, reviews and inspections are time-consuming, subjective, and fallible.<br />
This little example is based on our experience with a program that has about a<br />
hundred handlers and a hundred variables, where the defects were not so obvious.<br />
It is possible to create a program that automates some of the checking of design<br />
rules that human reviewers do, removing the tedium and subjectivity. This automated<br />
checking of source code is called static analysis, and can be viewed as an extension<br />
of the checking already performed by compilers and style checkers. Static analysis<br />
is a promising research area, but it is not the approach we teach in this book.<br />
3.7 <strong>Model</strong>-based analysis reveals the design errors<br />
<strong>Model</strong>-based analysis reveals the design errors in our controller program. <strong>We</strong> write<br />
a model program that expresses the design, and then use our mpv (<strong>Model</strong> Program<br />
Viewer) tool to explore, search, and display the finite state machine (FSM) that<br />
expresses the model program’s behaviors (Figure 3.8). (It is not necessary to read<br />
the details in this figure now.) Reading the messages written by mpv, or inspecting<br />
this display while using mpv to highlight features of interest, reveals each defect.<br />
How to do this is explained in chapters to come (especially Chapters 5 and 6). For<br />
now, we just show what can be done.<br />
more free ebooks download links at:<br />
http://www.ebook-x.com
Change language