Skip to main content
SpringerLink
Log in

Test generation for radiotherapy accelerators

  • Special section on high-level test of complex systems
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

System specification with Lotos (Language Of Temporal Ordering Specification) is briefly introduced. To make test generation practicable, specifications are annotated with event constraints using PCL (Parameter Constraint Language) as a means of stating test purposes. Automated test generation can then use the principle of input-output conformance to check whether an implementation agrees with its specification. Test suites are generated by a transition tour that either visits every transition at least once (for infinite behaviour) or follows every path (for finite behaviour). The approach is applied to a case study in which tests are generated for radiotherapy accelerators used in cancer treatment. A typical specification and set of test purposes yields 256 test cases that can be executed manually or automatically. The goal is to determine situations in which an accelerator does not behave in conformity with its specification.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Blair G, Blair L, Bowman H, Chetwynd A (1998) Formal Specification of Distributed Multimedia Systems. UCL Press, London

  2. Bolognesi T, Brinksma E (1988) Introduction to the ISO specification language Lotos. Comput Netw 14(1):25–59

    Google Scholar 

  3. Brinksma E (1988) A theory for the derivation of tests. In: Aggarwal S, Sabnani KK (eds) Proc. Protocol Specification, Testing and Verification VIII, June 1988. North-Holland, Amsterdam

  4. Calder M, Shankland CE (2001) A symbolic semantics and bisimulation for full Lotos. In: Kim M, Chin B, Kang S, Lee D (eds) Proc. Formal Techniques for Networked and Distributed Systems (FORTE XIV), September 2001. Kluwer, London, pp 184–200

  5. Chehaibar G, Garavel H, Mounier L, Tawbi N, Zulian F (1996) Specification and verification of the PowerScale bus arbitration protocol: an industrial experiment with Lotos. Technical Report 2958, INRIA, 78153 Le Chesnay Cedex, France

    Google Scholar 

  6. Clark RG (1991) The development of concurrent Ada systems from Lotos specifications. In: Mitchell RJ, Simpson D (eds) Ada into the 90’s. Woodhead Publishing, Cambrdige, UK, pp 115–129

  7. Clarke D, Jéron T, Rusu V, Zinovieva E (2002) STG: A symbolic test generation tool. In: Proc. Tools and Algorithms for the Construction and Analysis of Systems (TACAS). Lecture notes in computer science, vol 2280. Springer, Berlin Heidelberg New York

  8. De Nicola R, Hennessy MCB (1984) Testing equivalences for processes. Theor Comput Sci 34:83–133

    Article  Google Scholar 

  9. Eertink H, Wolz D (1992) Symbolic execution of Lotos specifications. In: Diaz M, Groz R (eds) Proc. Formal Description Techniques V. October 1992. North-Holland, Amsterdam, pp 295–310

  10. Ehrig H, Mahr B (1985) Fundamentals of algebraic specification 1, EATCS Monographs on Theoretical Computer Science, vol 6. Springer, Berlin Heidelberg New York

  11. Faci M, Logrippo LMS, Stepien B (1997) Structural models for specifying telephone systems. Comput Netw 29(4):501–528

    Google Scholar 

  12. Fernández J-C, Garavel H, Kerbrat A, Mateescu R, Mounier L, Sighireanu M (1996) CADP (CaesarAldébaran Development Package): A protocol validation and verification toolbox. In: Alur R, Henzinger TA (eds) Proc. 8th conference on computer-aided verification, August 1996. Lecture notes in computer science, vol 1102. Springer, Berlin Heidelberg New York, pp 437–440

  13. Fernandez JC, Jard C, Jéron T, Viho C (1996) Using on-the-fly verification techniques for the generation of test suites. In: Alur R, Henzinger TA (eds) Proc. Computer Aided Verification’96. Lecture notes in computer science, vol 1102. Springer, Berlin Heidelberg New York, pp 348–359

  14. Gaudel M-C, James PR (1999) Testing algebraic data types and processes: a unifying theory. Formal Aspects Comput 10(5):436–451

    Article  Google Scholar 

  15. Gibson JP (1993) A Lotos-based approach to neural network specification. Technical Report CSM-112, Department of Computing Science and Mathematics, University of Stirling, UK, May 1993

  16. Greene D, Williams PC (1997) Linear Accelerators for Radiation Therapy. IOP Publishing, Bristol, UK

  17. Ho RC, Yang CH, Horowitz MA, Dill DL (1995) Architecture validation for processors. In: Proc. 22nd annual international symposium on computer architecture

  18. Hoare CAR (1985) Communicating sequential processes. Prentice-Hall, Englewood Cliffs, NJ

  19. IEEE (1993) VHSIC Hardware Design Language. IEEE 1076. IEEE Press, New York

  20. IEEE (1995) IEEE Standard Hardware Design Language based on the Verilog Hardware Description Language. IEEE 1364. IEEE Press, New York

  21. ISO/IEC (1989) Information Processing Systems – Open Systems Interconnection – Lotos – a formal description technique based on the temporal ordering of observational behaviour. ISO/IEC 8807. International Organization for Standardization, Geneva

  22. ISO/IEC (1991) Information Processing Systems – Open Systems Interconnection – Conformance Testing Methodology and Framework. ISO/IEC 9646. International Organization for Standardization, Geneva

  23. ISO/IEC (1997) Information Technology – Framework: Formal Methods in Conformance Testing. ISO/IEC 13245-1. International Organization for Standardization, Geneva

  24. ISO/IEC (2001) Information Processing Systems – Open Systems Interconnection – Enhanced Lotos – a formal description technique based on the temporal ordering of observational behaviour. ISO/IEC 15437. International Organization for Standardization, Geneva

  25. ITU (1996) Information Processing Systems – Open Systems Interconnection – Conformance Testing Methodology and Framework. ITU X.290. International Telecommunications Union, Geneva

  26. Jacky J (1993) Specifying a safety-critical control system in Z. In: Woodcock JCP, Larsen PG (eds) Proc. Formal Methods Europe ’93: (Industrial-Strength) Formal Methods. Lecture notes in computer science, vol 670. Springer, Berlin Heidelberg New York

  27. Jacky J, Patrick M (1996) Modelling, checking and implementing a control program for a radiation therapy machine. In: Proc. AAS, December

  28. Jacky J, Unger J (1995) Formal development of a graphical user interface for a radiation therapy machine. In: Bowen JP, Hinchey MG (eds) Proc. 9th international conference of Z users, September 1995. Lecture notes in computer science, vol 967. Springer, Berlin Heidelberg New York

  29. Jacky J, Unger J, Patrick M, Reid D, Risler R (1996) Experience with Z developing a control program for a radiation therapy machine. In: Bowen JP (ed) Proc. 10th international conference of Z users, December 1996. Lecture notes in computer science, vol 1212. Springer, Berlin Heidelberg New York, pp 317–328

  30. Jard C, Jéron T () TGV: Theory, principles and algorithms. Int J Softw Tools Technol Transfer In: this special issue

  31. He J, Turner KJ (1999) Protocol-inspired hardware testing. In: Csopaki G, Dibuz S, Tarnay K (eds) Proc. Testing Communicating Systems XII, London, UK, September 1999. Kluwer, Dordrecht, pp 131–147

  32. He J, Turner KJ (1999) Specification and verification of synchronous hardware using Lotos. In: Wu J, Chanson ST, Gao Q (eds) Proc. Formal Methods for Protocol Engineering and Distributed Systems (FORTE XII/PSTV XIX), London, UK, October 1999. Kluwer, Dordrecht, pp 295–312

  33. He J, Turner KJ (2000) Verifying and testing asynchronous circuits using Lotos. In: Bolognesi T, Latella D (eds) Proc. Formal Methods for Distributed System Development (FORTE XIII/PSTV XX), London, UK, October 2000. Kluwer, Dordrecht, pp 267–283

  34. Joyce EJ (1987) Accelerator linked to fifth radiation overdose. Am Med News 1, 49, 50 February

  35. Karzmark CJ (1987) Procedural and operator error aspects of radiation accidents in radiotherapy. Int J Radiat Oncol Biol Phys 13:1599–1602

    Article  Google Scholar 

  36. Leduc G (1992) A framework based on implementation relations for implementing Lotos specifications. Comput Netw ISDN Sys 25(1):23–41

    Article  Google Scholar 

  37. Leveson N, Turner CS (1993) An investigation of the Therac-25 accidents. IEEE Comput 26(7):18–41

    Article  Google Scholar 

  38. Leveson NG (ed) (1995) Safeware: system safety and computers. Addison-Wesley, Reading, MA

  39. McClenaghan A (1992) Experience of using Lotos within the CIM-OSA project. In: Parker KR, Rose GA (eds) Formal Description Techniques IV, Amsterdam, February 1992. North-Holland, Amsterdam, pp 109–116

  40. Milner, AJRG (1989) Communication and concurrency. Addison-Wesley, Reading, MA

  41. Moreira AMD, Clark RG (1994) Complex objects: Aggregates. Technical Report CSM-123, Department of Computing Science and Mathematics, University of Stirling, UK, May 1994

    Google Scholar 

  42. Moundanos D, Abraham A, Hoskote YV (1998) Abstraction techniques for validation coverage analysis and test generation. IEEE Trans Comput 47:2–14

    Article  Google Scholar 

  43. Nicola RD (1987) External equivalences for transition systems. Acta Inf 24:211–237

    Article  Google Scholar 

  44. Pitt DH, Freestone D (1990) The derivation of conformance tests from Lotos specifications. IEEE Trans Softw Eng 16(12):1337–1343

    Article  Google Scholar 

  45. Reade CMP (1992) Process algebra in the specification of graphics standards. Technical Report CSTR-92-1, Department of Computer Science, Brunel University, Middlesex, UK, September 1992

  46. Romijn JMT, Sies O, Moonen JR (1997) A two-level approach to automated conformance testing of VHDL designs. Test Commun Sys 10:432–447

    Google Scholar 

  47. Thomas MH (1994) The story of the Therac-25 in Lotos. High Integrity Sys J 1(1):3–15

    Google Scholar 

  48. Tretmans J (1996) Conformance testing with labelled transition systems: implementation relations and test generation. Comput Netw 29:25–59

    Google Scholar 

  49. Tretmans J (1996) Test generation with inputs, outputs and repetitive quiescence. Softw Concepts Tools 17:103–120

    Google Scholar 

  50. Turner KJ (ed) (1993) Using formal description techniques – an introduction to Estelle, Lotos and SDL. Wiley, New York

  51. Turner KJ (2003) Representing new voice services and their features. In: Amyot D, Logrippo L (eds) Proc. 7th Feature Interactions in Telecommunications and Software Systems. IOS Press, Amsterdam, pp 123–140

  52. Turner KJ, Bing Q (2002) Protocol techniques for testing radiotherapy accelerators. In: Peled DA, Vardi MY (eds) Proc. Formal Techniques for Networked and Distributed Systems (FORTE XV), November 2002. Lecture notes in computer science, vol 2529. Springer, Berlin Heidelberg New York, pp 81–96

  53. Turner KJ, McClenaghan A, Chan C (1996) Specification and animation of reactive systems. In: Atalay V, Halici U, İnan K, Yalabik N, Yazici A (eds) Proc. international symposium on computer and information systems XI, Ankara, Turkey, November 1996. Middle-East Technical University, pp 355–364

  54. Vemuri F, Kalyanaraman R (1995) Generation of design verification tests from behavioral VHDL programs using path enumeration and constraint programming. IEEE Trans Very Large Scale Integr Sys 3:201–214

    Article  Google Scholar 

  55. Vissers CA, Scollo G, van Sinderen, M. (1991) Architecture and specification style in formal descriptions of distributed systems. Theor Comput Sci 89:179–206

    Article  Google Scholar 

  56. Widya I, Sadoun F, van der Heijden, G-J (1991) Specification of a distributed coordination function in Lotos. In: Parker KR, Rose GA (eds) Proc. Formal Description Techniques IV, November 1991. North-Holland, Amsterdam, pp 133–148

  57. Yasumoto K, Kitajima A, Higashino T, Taniguchi K (1998) Hardware synthesis from protocol specifications in Lotos. In: Budkowski S, Najm E, Cavalli A (eds) Proc. Formal Description Techniques XI/Protocol Specification, Testing and Verification XVIII. Chapman-Hall, London

Download references

Author information

Authors and Affiliations

  1. Computing Science and Mathematics, University of Stirling, Scotland, FK9 4LA, UK

    Kenneth J. Turner

Authors
  1. Kenneth J. Turner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kenneth J. Turner.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Turner, K. Test generation for radiotherapy accelerators. Int J Softw Tools Technol Transfer 7, 361–375 (2005). https://doi.org/10.1007/s10009-004-0148-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-004-0148-7

Keywords

Search

Navigation