Ph.D

Group : Verification of Algorithms, Languages and Systems

*Model-Based Testing of Operating System-level Security Mechanisms*
Starts on 01/10/2012

Advisor : WOLFF, Burkhart

**Funding :**
**Affiliation :** Université Paris-Saclay

**Laboratory :** LRI

**Defended** on 30/03/2016, committee :

**Research activities :**
- Formalisation of (Specification and Programming) Languages in Proof Assistants

- Formal Model-Based Testing

**Abstract :**
Formal methods can be understood as the art of applying mathematical reasoning

to the modeling, analysis and verification of computer systems. Three main

verification approaches can be distinguished: verification based on deductive proofs,

model checking and model-based testing.

Model-based testing, in particular in its radical form of theorem proving-based testing

[BW13],

bridges seamlessly the gap between the theory, the formal model, and the implementation

of a system. Actually,

theorem proving based testing techniques offer a possibility to directly interact

with "real" systems: via different

formal properties, tests can be derived and executed on the system under test.

Suitably supported, the entire process can fully automated.

The purpose of this thesis is to create a model-based sequence testing environment

for both sequential and concurrent programs. First a generic testing theory based

on monads is presented, which is independent of any concrete program or computer

system. It turns out that it is still expressive enough to cover all common system

behaviours and testing concepts. In particular, we consider here: sequential executions,

concurrent executions, synchronised executions, executions with abort.

On the conceptual side, it brings notions like test refinements,

abstract test cases, concrete test cases,

test oracles, test scenarios, test data, test drivers, conformance relations and

coverage criteria into one theoretical and practical framework.

In this framework, both behavioural refinement rules and symbolic execution

rules are developed for the generic case and then refined and used for specific

complex systems. As an application, we will instantiate our framework by an existing

sequential model of a microprocessor called VAMP developed during the Verisoft-Project.

For the concurrent case, we will use our framework to model and test the IPC API of a

real industrial operating system called PikeOS.

Our framework is implemented in Isabelle/HOL. Thus, our approach directly benefits

from the existing models, tools, and formal proofs in this system.