220 likes | 372 Views
Generating FSMs from Abstract State Machines. Wolfgang Grieskamp Yuri Gurevich Wolfram Schulte Margus Veanes Foundations of Software Engineering Microsoft Research ISSTA 2002 , Rome, July 22-24. Outline. Background What is an ASM? Why use ASMs? Modeling with ASMs
E N D
Generating FSMs from Abstract State Machines Wolfgang Grieskamp Yuri Gurevich Wolfram Schulte Margus Veanes Foundations of Software Engineering Microsoft Research ISSTA 2002, Rome, July 22-24
Outline • Background • What is an ASM? • Why use ASMs? • Modeling with ASMs • Conformance Testing with ASMs • FSM Generation • Exploration of the FSM • Test Execution • Demo
Abstract State Machines • Introduced by Yuri Gurevich • Deep mathematical theory • World wide user community (academia + industry) • The Idea: • A machine that describes a system on any (but particular) level of abstraction • An operational specification of a system • A very high-level program
Nondeterminsm Parallelism A = [1,3,2] A = [2,1,3] A = [1,2,3] A Sample ASM var A as Seq of Integer Swap()choose i,j in indices(A) where i<j and A(i)>A(j) A(i) := A(j) A(j) := A(i) Sort()step until fixpoint Swap() A = [2,3,1]
ASMs are evolving structures • An ASM is a mathematical machine that represents a system as evolving state • A state is given by the current values of the variables • A step is a transaction (synchronous parallelism) that may update many variables at once • In the sequential case, a program describes one step, a run is a sequence of consecutive steps. • In the distributed case, each agent has a program, a distributed run is a partial order of agents’ steps (asynchronous parallelism)
Why is software error-prone? Some reasons: • Premature coding • Lack of confidence in descriptions • Late feedback from customer • Unforeseen feature interaction • Lack of understanding in maintenance phase
Models solve these problems • Engineering models help you to gain confidence in requirements and designs. • Examples: Architectural, Mechanical, Electrical, etc. • Software models help you understand the behavior of each level of abstraction, examples are: • Steps required to carry out the system’s user scenarios • How features/components interact with each other • The behavior of subsystems like file storage and messaging
Product Idea Models can be used everywhere Are you building the right product? What product are you building? Modeling Validation ASMModel Verification Refinement Are you building the product right ? Implementation C/C++/C#/…
AsmL: A modeling toolkit AsmL is a powerful, ASM-based specification language • Combines mathematical, object-oriented and component-oriented approaches • Fully integrated with the .Net framework • Can be used for documentation • Integrated with MS Word and XML • Can be used for testing • Ongoing Integration with existing testing tools
A guideline for AsmL users • Begin building a model by considering its purpose; this guides abstraction decisions during development • Define model state • Define model transitions • Validate the model early and often to increase confidence that the model is faithful. • Check internal consistency • Check against customer expectations
Outline • Background • What is an ASM? • Why use ASMs? • Modeling with ASMs • Conformance Testing with ASMs • FSM Generation • Exploration of the FSM • Test Execution • Demo
Using AsmL models for conformance testing ASM-Model Provides expected results for Generates PassNo pass User Info Test Cases Test Oracle Are run by Provides actual results for Implementation
The dual role of ASM models Testing harness AsmL Model M Call next action IUT Get state view Pass S Reduce Random generation Is S valid accordingto M? FSM AsmL Model M FSM tool view Fail: witness Test cases view
FSM Generation • Typically ASMs have infinite state space • We introduce indistinguishability properties to group states into equivalence classes called hyperstates • The non-discovery problem • The problem of reaching all hyperstates is in general undecidable • Improvement relations provide a partial solution to this problem • A way to encode domain specific search strategies
FSM generation sample • Generate an FSM from the stack specification. class Stackvar s as Seq of Integer = [] Top() as Integer require s <> [] return first(stack) Pop() require s <> [] stack := rest(stack) Push(x as Integer) s := [x] + s Indistinguishability property: s=[]
[0,0] [] [0,0] Pop() Push(0) Pop() Top() Push(0) Top [0,..] [0] Push(0) Pop Push(0) [] The generated FSM The FSM construction The tree can be pruned,if a hyperstate is reachedthat has “already” been visited []
The algorithm generate() step s = head(frontier) frontier := tail(frontier) stepforeach a in Actions nextStates = explore Fire(s,a) stepforeach t in nextStates transitions(s,a,t) := true ifrelevant(s,a,t) then frontier := frontier + [t] hypers := hypers union {GetHyperstate(t)}
Improvement relations relevant(s as State, a as Action, t as State) as Boolean forall g in goals where improved(bestState(g),t,g) bestState(g) := t return (h.GetHyperstate(t) notin hypers) or (exists g in h.goals() where h.improved(bestState(g),t,g))
Outline • Background • What is an ASM? • Why use ASMs? • Modeling with ASMs • Conformance Testing with ASMs • FSM Generation • Exploration of the FSM • Test Execution • Demo
Demo “Run” the paper
Current Work • Generalized properties (non-Boolean finite valued properties) • Parameter generation for actions with parameters • .Net attribute scheme design for annotating the model with test related meta information
For more information • Check out the public website of AsmL: research.microsoft.com/fse/asml • You can download AsmL 2 • You need VS.NET • You need Office XP for Word integration