Abstract
System specification with Lotos (Language Of Temporal Ordering Specification) is briefly introduced. To make test generation practicable, specifications are annotated with event constraints using PCL (Parameter Constraint Language) as a means of stating test purposes. Automated test generation can then use the principle of input-output conformance to check whether an implementation agrees with its specification. Test suites are generated by a transition tour that either visits every transition at least once (for infinite behaviour) or follows every path (for finite behaviour). The approach is applied to a case study in which tests are generated for radiotherapy accelerators used in cancer treatment. A typical specification and set of test purposes yields 256 test cases that can be executed manually or automatically. The goal is to determine situations in which an accelerator does not behave in conformity with its specification.
Similar content being viewed by others
References
Blair G, Blair L, Bowman H, Chetwynd A (1998) Formal Specification of Distributed Multimedia Systems. UCL Press, London
Bolognesi T, Brinksma E (1988) Introduction to the ISO specification language Lotos. Comput Netw 14(1):25–59
Brinksma E (1988) A theory for the derivation of tests. In: Aggarwal S, Sabnani KK (eds) Proc. Protocol Specification, Testing and Verification VIII, June 1988. North-Holland, Amsterdam
Calder M, Shankland CE (2001) A symbolic semantics and bisimulation for full Lotos. In: Kim M, Chin B, Kang S, Lee D (eds) Proc. Formal Techniques for Networked and Distributed Systems (FORTE XIV), September 2001. Kluwer, London, pp 184–200
Chehaibar G, Garavel H, Mounier L, Tawbi N, Zulian F (1996) Specification and verification of the PowerScale bus arbitration protocol: an industrial experiment with Lotos. Technical Report 2958, INRIA, 78153 Le Chesnay Cedex, France
Clark RG (1991) The development of concurrent Ada systems from Lotos specifications. In: Mitchell RJ, Simpson D (eds) Ada into the 90’s. Woodhead Publishing, Cambrdige, UK, pp 115–129
Clarke D, Jéron T, Rusu V, Zinovieva E (2002) STG: A symbolic test generation tool. In: Proc. Tools and Algorithms for the Construction and Analysis of Systems (TACAS). Lecture notes in computer science, vol 2280. Springer, Berlin Heidelberg New York
De Nicola R, Hennessy MCB (1984) Testing equivalences for processes. Theor Comput Sci 34:83–133
Eertink H, Wolz D (1992) Symbolic execution of Lotos specifications. In: Diaz M, Groz R (eds) Proc. Formal Description Techniques V. October 1992. North-Holland, Amsterdam, pp 295–310
Ehrig H, Mahr B (1985) Fundamentals of algebraic specification 1, EATCS Monographs on Theoretical Computer Science, vol 6. Springer, Berlin Heidelberg New York
Faci M, Logrippo LMS, Stepien B (1997) Structural models for specifying telephone systems. Comput Netw 29(4):501–528
Fernández J-C, Garavel H, Kerbrat A, Mateescu R, Mounier L, Sighireanu M (1996) CADP (CaesarAldébaran Development Package): A protocol validation and verification toolbox. In: Alur R, Henzinger TA (eds) Proc. 8th conference on computer-aided verification, August 1996. Lecture notes in computer science, vol 1102. Springer, Berlin Heidelberg New York, pp 437–440
Fernandez JC, Jard C, Jéron T, Viho C (1996) Using on-the-fly verification techniques for the generation of test suites. In: Alur R, Henzinger TA (eds) Proc. Computer Aided Verification’96. Lecture notes in computer science, vol 1102. Springer, Berlin Heidelberg New York, pp 348–359
Gaudel M-C, James PR (1999) Testing algebraic data types and processes: a unifying theory. Formal Aspects Comput 10(5):436–451
Gibson JP (1993) A Lotos-based approach to neural network specification. Technical Report CSM-112, Department of Computing Science and Mathematics, University of Stirling, UK, May 1993
Greene D, Williams PC (1997) Linear Accelerators for Radiation Therapy. IOP Publishing, Bristol, UK
Ho RC, Yang CH, Horowitz MA, Dill DL (1995) Architecture validation for processors. In: Proc. 22nd annual international symposium on computer architecture
Hoare CAR (1985) Communicating sequential processes. Prentice-Hall, Englewood Cliffs, NJ
IEEE (1993) VHSIC Hardware Design Language. IEEE 1076. IEEE Press, New York
IEEE (1995) IEEE Standard Hardware Design Language based on the Verilog Hardware Description Language. IEEE 1364. IEEE Press, New York
ISO/IEC (1989) Information Processing Systems – Open Systems Interconnection – Lotos – a formal description technique based on the temporal ordering of observational behaviour. ISO/IEC 8807. International Organization for Standardization, Geneva
ISO/IEC (1991) Information Processing Systems – Open Systems Interconnection – Conformance Testing Methodology and Framework. ISO/IEC 9646. International Organization for Standardization, Geneva
ISO/IEC (1997) Information Technology – Framework: Formal Methods in Conformance Testing. ISO/IEC 13245-1. International Organization for Standardization, Geneva
ISO/IEC (2001) Information Processing Systems – Open Systems Interconnection – Enhanced Lotos – a formal description technique based on the temporal ordering of observational behaviour. ISO/IEC 15437. International Organization for Standardization, Geneva
ITU (1996) Information Processing Systems – Open Systems Interconnection – Conformance Testing Methodology and Framework. ITU X.290. International Telecommunications Union, Geneva
Jacky J (1993) Specifying a safety-critical control system in Z. In: Woodcock JCP, Larsen PG (eds) Proc. Formal Methods Europe ’93: (Industrial-Strength) Formal Methods. Lecture notes in computer science, vol 670. Springer, Berlin Heidelberg New York
Jacky J, Patrick M (1996) Modelling, checking and implementing a control program for a radiation therapy machine. In: Proc. AAS, December
Jacky J, Unger J (1995) Formal development of a graphical user interface for a radiation therapy machine. In: Bowen JP, Hinchey MG (eds) Proc. 9th international conference of Z users, September 1995. Lecture notes in computer science, vol 967. Springer, Berlin Heidelberg New York
Jacky J, Unger J, Patrick M, Reid D, Risler R (1996) Experience with Z developing a control program for a radiation therapy machine. In: Bowen JP (ed) Proc. 10th international conference of Z users, December 1996. Lecture notes in computer science, vol 1212. Springer, Berlin Heidelberg New York, pp 317–328
Jard C, Jéron T () TGV: Theory, principles and algorithms. Int J Softw Tools Technol Transfer In: this special issue
He J, Turner KJ (1999) Protocol-inspired hardware testing. In: Csopaki G, Dibuz S, Tarnay K (eds) Proc. Testing Communicating Systems XII, London, UK, September 1999. Kluwer, Dordrecht, pp 131–147
He J, Turner KJ (1999) Specification and verification of synchronous hardware using Lotos. In: Wu J, Chanson ST, Gao Q (eds) Proc. Formal Methods for Protocol Engineering and Distributed Systems (FORTE XII/PSTV XIX), London, UK, October 1999. Kluwer, Dordrecht, pp 295–312
He J, Turner KJ (2000) Verifying and testing asynchronous circuits using Lotos. In: Bolognesi T, Latella D (eds) Proc. Formal Methods for Distributed System Development (FORTE XIII/PSTV XX), London, UK, October 2000. Kluwer, Dordrecht, pp 267–283
Joyce EJ (1987) Accelerator linked to fifth radiation overdose. Am Med News 1, 49, 50 February
Karzmark CJ (1987) Procedural and operator error aspects of radiation accidents in radiotherapy. Int J Radiat Oncol Biol Phys 13:1599–1602
Leduc G (1992) A framework based on implementation relations for implementing Lotos specifications. Comput Netw ISDN Sys 25(1):23–41
Leveson N, Turner CS (1993) An investigation of the Therac-25 accidents. IEEE Comput 26(7):18–41
Leveson NG (ed) (1995) Safeware: system safety and computers. Addison-Wesley, Reading, MA
McClenaghan A (1992) Experience of using Lotos within the CIM-OSA project. In: Parker KR, Rose GA (eds) Formal Description Techniques IV, Amsterdam, February 1992. North-Holland, Amsterdam, pp 109–116
Milner, AJRG (1989) Communication and concurrency. Addison-Wesley, Reading, MA
Moreira AMD, Clark RG (1994) Complex objects: Aggregates. Technical Report CSM-123, Department of Computing Science and Mathematics, University of Stirling, UK, May 1994
Moundanos D, Abraham A, Hoskote YV (1998) Abstraction techniques for validation coverage analysis and test generation. IEEE Trans Comput 47:2–14
Nicola RD (1987) External equivalences for transition systems. Acta Inf 24:211–237
Pitt DH, Freestone D (1990) The derivation of conformance tests from Lotos specifications. IEEE Trans Softw Eng 16(12):1337–1343
Reade CMP (1992) Process algebra in the specification of graphics standards. Technical Report CSTR-92-1, Department of Computer Science, Brunel University, Middlesex, UK, September 1992
Romijn JMT, Sies O, Moonen JR (1997) A two-level approach to automated conformance testing of VHDL designs. Test Commun Sys 10:432–447
Thomas MH (1994) The story of the Therac-25 in Lotos. High Integrity Sys J 1(1):3–15
Tretmans J (1996) Conformance testing with labelled transition systems: implementation relations and test generation. Comput Netw 29:25–59
Tretmans J (1996) Test generation with inputs, outputs and repetitive quiescence. Softw Concepts Tools 17:103–120
Turner KJ (ed) (1993) Using formal description techniques – an introduction to Estelle, Lotos and SDL. Wiley, New York
Turner KJ (2003) Representing new voice services and their features. In: Amyot D, Logrippo L (eds) Proc. 7th Feature Interactions in Telecommunications and Software Systems. IOS Press, Amsterdam, pp 123–140
Turner KJ, Bing Q (2002) Protocol techniques for testing radiotherapy accelerators. In: Peled DA, Vardi MY (eds) Proc. Formal Techniques for Networked and Distributed Systems (FORTE XV), November 2002. Lecture notes in computer science, vol 2529. Springer, Berlin Heidelberg New York, pp 81–96
Turner KJ, McClenaghan A, Chan C (1996) Specification and animation of reactive systems. In: Atalay V, Halici U, İnan K, Yalabik N, Yazici A (eds) Proc. international symposium on computer and information systems XI, Ankara, Turkey, November 1996. Middle-East Technical University, pp 355–364
Vemuri F, Kalyanaraman R (1995) Generation of design verification tests from behavioral VHDL programs using path enumeration and constraint programming. IEEE Trans Very Large Scale Integr Sys 3:201–214
Vissers CA, Scollo G, van Sinderen, M. (1991) Architecture and specification style in formal descriptions of distributed systems. Theor Comput Sci 89:179–206
Widya I, Sadoun F, van der Heijden, G-J (1991) Specification of a distributed coordination function in Lotos. In: Parker KR, Rose GA (eds) Proc. Formal Description Techniques IV, November 1991. North-Holland, Amsterdam, pp 133–148
Yasumoto K, Kitajima A, Higashino T, Taniguchi K (1998) Hardware synthesis from protocol specifications in Lotos. In: Budkowski S, Najm E, Cavalli A (eds) Proc. Formal Description Techniques XI/Protocol Specification, Testing and Verification XVIII. Chapman-Hall, London
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Turner, K. Test generation for radiotherapy accelerators. Int J Softw Tools Technol Transfer 7, 361–375 (2005). https://doi.org/10.1007/s10009-004-0148-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-004-0148-7