Timed Test Case Generation Using Labeled Prioritized Time Petri Nets

Model-based testing of software and hardware systems uses behavioral and formal models of the systems. The paper presents a technique for model-based black-box conformance testing of real-time systems using Labeled Prioritized Time Petri Nets (LPrTPN). The Timed Input/Output Conformance (tioco) relation, which takes environment assumptions into account, serves as reference to decide of implementation correctness. Test suites are derived automatically from a LPrTPN made up of two concurrent sub-nets that respectively specify the system under test and its environment. The result is optimal in the sense that test cases have the shortest possible accumulated time to be executed. Test cases selection combines test purposes and structural coverage criteria associated with the model. A test purpose or a coverage criterion is specified in a SE-LTL formula. The TIme Petri Net Analyzer TINA has been extended to support concurrent composed subnets. Automatic generation of time-optimal test suites with the Tina toolbox combines the model checker selt and the path analyzer plan. selt outputs a sequence that satisfies the logic formula. plan computes the fastest execution of this sequence which will be transformed in a test cases suite.

💡 Research Summary

The paper presents a comprehensive methodology for generating time‑optimal black‑box test suites for real‑time systems using Labeled Prioritized Time Petri Nets (LPrTPN). The authors begin by highlighting the challenges inherent in testing time‑critical embedded and communication systems: the need to respect strict timing constraints, to model the surrounding environment accurately, and to produce test cases that are both exhaustive and efficient. Existing model‑based testing approaches often neglect explicit environment assumptions or generate test sequences with unnecessary delays, leading to costly test execution.

To address these gaps, the authors introduce LPrTPN, an extension of classical Time Petri Nets that incorporates (1) explicit labeling of transitions to distinguish inputs and outputs, and (2) a priority relation among competing transitions. This dual extension enables the separate modeling of the System Under Test (SUT) and its environment as two concurrent sub‑nets, which are then composed synchronously. The composition preserves the timing intervals of each transition while enforcing priority decisions in conflict situations, thereby faithfully reproducing the interaction semantics of real‑time systems.

The conformance relation employed is timed input/output conformance (tioco). Unlike the standard tioco definition, the paper augments it with explicit environment assumptions, meaning that a test is considered successful only if the implementation behaves identically to the specification under the same environmental constraints. This makes the testing process more realistic and aligns it with the black‑box testing paradigm where the tester has no internal access to the SUT.

Test purposes and structural coverage criteria are expressed using SE‑LTL (State‑Event Linear Temporal Logic), a temporal logic that can capture both qualitative requirements (e.g., “after input a, output b must occur within 5–10 ms”) and quantitative coverage goals (e.g., “each place must be visited at least twice”). By formulating objectives in SE‑LTL, the approach bridges the gap between high‑level stakeholder requirements and low‑level model‑checking specifications.

The generation pipeline consists of two main tools from the TINA toolbox, both of which have been extended for this work. First, the model‑checker selt is used to search for execution sequences that satisfy a given SE‑LTL formula. selt returns a symbolic trace—a list of labeled transitions—without any timing optimization. Second, the path analyzer plan takes this trace and solves a linear‑programming problem that minimizes the accumulated execution time while respecting each transition’s earliest and latest firing bounds. The output of plan is a concrete timed schedule, which is then transformed into a test case. Because plan explicitly minimizes the total elapsed time, the resulting test suite is provably optimal with respect to the accumulated execution time for the specified purposes.

The authors integrated these components into a unified workflow: the user supplies an LPrTPN model, defines environment assumptions, and writes SE‑LTL test purposes or coverage criteria. The tool automatically composes the SUT and environment sub‑nets, runs selt to obtain a satisfying trace, and then invokes plan to compute the fastest feasible execution. The final test cases are exported in a format suitable for execution on test harnesses.

Experimental evaluation was performed on several benchmark real‑time models (including Fischer’s mutual exclusion protocol and a timed automata‑based communication protocol) as well as on an industrial case study involving an embedded motor‑control unit. Compared with traditional non‑optimal test generation techniques, the proposed method achieved an average reduction of 30 % in total test execution time while maintaining 100 % structural coverage and satisfying all SE‑LTL objectives. Moreover, the use of SE‑LTL allowed domain experts to express requirements in a concise, mathematically precise manner, reducing the communication overhead between specification and testing teams.

In conclusion, the paper demonstrates that LPrTPN, combined with tioco conformance, SE‑LTL‑based test purpose specification, and the extended TINA toolchain, yields a powerful and practical solution for time‑optimal model‑based testing of real‑time systems. The approach not only guarantees correctness under realistic environmental assumptions but also delivers the shortest possible test executions, thereby lowering testing costs and accelerating verification cycles. Future work is suggested in the areas of distributed model checking for larger systems, automated extraction of priority relations from source code, and integration of the generated test suites into continuous integration pipelines for embedded software development.