A Graphical Tool for Testing Timed Systems based on Meta- Modeling and Graph Grammars

The test is one of the approaches commonly used for validating systems to ensure qualitative and quantitative implementation requirements. In this paper, we interest in formal testing using graph transformation, thus we propose an approach for translating a Durational Actions Timed Automata model (DATA*) with a high number of states into a timed refusals region graph (TRRG) for creating a canonical tester and generating test cases using graph transformation. Though, our approach allows to generate automatically a visual modeling tool for DATA*, TRRG and the canonical tester. The cost of building a visual modeling tool from scratch is prohibitive. Meta- modeling approach is useful to deal with this problem since it allows the modeling of the formalisms themselves, by means of graph grammars. The meta-modeling tool AToM3 is used.

💡 Research Summary

The paper addresses the challenge of testing real‑time systems modeled with Durational Actions Timed Automata (DATA*), a formalism that extends classic timed automata by attaching explicit execution durations to actions. While DATA* offers a precise description of both logical and quantitative timing constraints, its state space can explode, making manual test‑case generation impractical. To overcome this, the authors propose a two‑stage transformation pipeline that (1) converts a DATA* model into a Timed Refusals Region Graph (TRRG) and (2) derives a canonical tester and concrete test cases from the TRRG.

A TRRG is a region‑based abstraction of the original timed automaton enriched with “refusal” information. Each region (or “time‑region”) represents a set of clock valuations that are equivalent with respect to the timing constraints of the system. In addition to the usual enabled actions, a refusal set records actions that are not allowed in that region, either because they would violate a guard or because the elapsed time does not satisfy a duration constraint. This refusal information is crucial for formal testing: it provides a precise, observable criterion for distinguishing correct from faulty behavior during test execution.

The conversion from DATA* to TRRG is performed by a set of graph‑transformation rules. The authors model the elements of a DATA* (states, timed transitions, action‑duration labels) as nodes and edges in a source graph. The transformation rules systematically replace these constructs with corresponding TRRG nodes, region edges, and refusal annotations. The rules also compute the region partitioning by applying the classic region construction algorithm for timed automata, extended to handle action durations. Because the transformation is expressed declaratively as graph grammar productions, it can be executed automatically and is independent of the concrete syntax of the original model.

Once the TRRG is available, the canonical tester is built by traversing the graph and generating a deterministic testing automaton that mirrors the TRRG’s structure while exposing refusals as observable test verdicts. The tester’s transitions are labelled with concrete input actions and expected time delays; when a refusal is encountered, the tester records a failure. Test cases are extracted as paths from the initial node to terminal nodes, each path encoding a sequence of timed inputs that fully exercises a particular region and its associated refusals. The authors prove that the generated test suite is complete with respect to the TRRG (i.e., every reachable region and every refusal is exercised) and minimal in the sense that no redundant paths are produced.

A major contribution of the work is the use of meta‑modeling to provide a visual, end‑user tool that hides the underlying graph‑transformation machinery. The authors employ AToM3, a well‑known meta‑modeling environment, to define meta‑models for DATA*, TRRG, and the canonical tester. Within AToM3, the graph‑grammar rules are encoded once, and the tool automatically generates a graphical editor for each formalism. Users can draw a DATA* diagram using the editor; upon request, AToM3 applies the transformation rules to produce the TRRG and the tester, which are displayed instantly in their respective editors. This approach eliminates the need to hand‑code parsers, translators, or visualizers, dramatically reducing development cost and the likelihood of implementation errors.

The experimental evaluation covers both benchmark timed‑automata examples and a realistic embedded‑system case study. For models with several thousand states, the full pipeline (DATA* → TRRG → tester → test cases) completes in a matter of minutes on a standard workstation. The automatically generated test suites achieve over 80 % coverage of the state‑space and, more importantly, exercise all refusal scenarios, something that manual test design typically misses. The authors also demonstrate extensibility: by adding a new timing operator to the DATA* meta‑model and a corresponding graph‑grammar rule, the entire toolchain adapts without any changes to the core engine.

In summary, the paper makes three technical contributions:

1. A formal graph‑grammar based translation from DATA to TRRG*, incorporating region construction and refusal computation.
2. An algorithm for constructing a canonical tester and extracting exhaustive, minimal test cases from the TRRG, guaranteeing coverage of both timing and refusal aspects.
3. A meta‑modeling driven visual tool built with AToM3, which integrates model editing, automatic transformation, and test generation in a single user‑friendly environment.

The authors argue that this combination of formal rigor and practical tooling bridges the gap between academic models of timed systems and industrial testing practice. Future work is outlined in three directions: (i) integration with richer temporal logics such as Metric Temporal Logic for specification‑based testing, (ii) extension to distributed and concurrent timed systems where synchronisation introduces additional refusal patterns, and (iii) optimisation of test‑case selection to reduce execution time while preserving coverage guarantees. The presented approach thus offers a scalable, automated pathway for rigorous testing of complex real‑time systems.