Data-flow reactive systems (DFRSs) form a class of embedded systems whose inputs and outputs are always available as signals. Input signals can be seen as data provided by sensors, whereas the output data are provided to system actuators. In previous works, verifying well-formedness properties of DFRS models was accomplished in a programmatic way, with no formal guarantees, and test cases were generated by translating these models into other notations. Here, we use Coq as a single framework to specify, validate and verify DFRS models. Moreover, the specification of DFRSs in Coq is automatically derived from controlled natural-language requirements, and well-formedness properties are formally verified with no user intervention. System validation is supported by bounded exploration of models; general and domain-specific system property verification is supported by the development of proof scripts, and test generation is achieved with the aid of the QuickChick tool. Considering examples from the literature, but also from the aerospace (Embraer) and the automotive (Mercedes) industries, our automatic testing strategy was evaluated in terms of performance and the ability to detect defects generated by mutation. Within seconds, test cases were generated automatically from the requirements, achieving an average mutation score of about 75%.

数据流反应系统（DFRS）构成了一类嵌入式系统，其输入和输出始终可用作信号。输入信号可以看作是传感器提供的数据，而输出数据则提供给系统执行器。在以前的工作中，以程序方式验证DFRS模型的良好格式属性是没有正式保证的，并且通过将这些模型转换为其他符号来生成测试用例。在这里，我们使用Coq作为单个框架来指定，验证和验证DFRS模型。此外，Coq中的DFRS规范是从受控的自然语言要求中自动得出的，并且在没有用户干预的情况下正式验证了格式正确的属性。通过模型的有限探索来支持系统验证；证明脚本的开发支持常规的和特定于领域的系统属性验证，并借助QuickChick工具实现测试生成。考虑文献中的示例，以及航空航天（Embraer）和汽车（Mercedes）行业的示例，我们根据性能和检测由突变产生的缺陷的能力对我们的自动测试策略进行了评估。几秒钟之内，测试用例就自动从需求中生成，平均突变得分达到约75％。我们根据性能和检测突变产生的缺陷的能力对自动测试策略进行了评估。在几秒钟内，测试用例就自动从需求中生成，平均突变得分达到约75％。我们根据性能和检测突变产生的缺陷的能力对自动测试策略进行了评估。几秒钟之内，测试用例就自动从需求中生成，平均突变得分达到约75％。