generating fsms from abstract state machines
DESCRIPTION
Generating FSMs from Abstract State Machines. Wolfgang Grieskamp Yuri Gurevich Wolfram Schulte Margus Veanes Foundations of Software Engineering Microsoft Research ISSTA 2002 , Rome, July 22-24. Outline. Background What is an ASM? Why use ASMs? Modeling with ASMs - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/1.jpg)
1
Generating FSMs from Abstract State Machines
Wolfgang GrieskampYuri Gurevich
Wolfram SchulteMargus Veanes
Foundations of Software EngineeringMicrosoft Research
ISSTA 2002, Rome, July 22-24
![Page 2: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/2.jpg)
2
Outline
Background What is an ASM? Why use ASMs? Modeling with ASMs
Conformance Testing with ASMs FSM Generation Exploration of the FSM Test Execution
Demo
![Page 3: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/3.jpg)
3
Abstract State Machines
Introduced by Yuri Gurevich
Deep mathematical theory
World wide user community (academia + industry)
The Idea:
• A machine that describes a system on any (but particular) level of abstraction
• An operational specification of a system• A very high-level program
![Page 4: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/4.jpg)
4
A Sample ASM
var A as Seq of Integer
Swap()choose i,j in indices(A) where i<j and A(i)>A(j) A(i) := A(j) A(j) := A(i)
Sort() step until fixpoint Swap()
A = [2,3,1]
A = [1,3,2]
A = [1,2,3]
A = [2,1,3]
Nondeterminsm
Parallelism
![Page 5: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/5.jpg)
5
ASMs are evolving structures
An ASM is a mathematical machine that represents a system as evolving state
A state is given by the current values of the variables
A step is a transaction (synchronous parallelism) that may update many variables at once
In the sequential case, a program describes one step, a run is a sequence of consecutive steps.
In the distributed case, each agent has a program, a distributed run is a partial order of agents’ steps (asynchronous parallelism)
![Page 6: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/6.jpg)
6
Why is software error-prone?
Some reasons: Premature coding Lack of confidence in descriptions Late feedback from customer Unforeseen feature interaction Lack of understanding in maintenance phase
![Page 7: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/7.jpg)
7
Models solve these problems
Engineering models help you to gain confidence in requirements and designs. Examples: Architectural, Mechanical, Electrical, etc.
Software models help you understand the behavior of each level of abstraction, examples are: Steps required to carry out the system’s user scenarios How features/components interact with each other The behavior of subsystems like file storage and messaging
![Page 8: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/8.jpg)
8
Models can be used everywhere
Modeling
Validation
Refinement Verification
ASMModel
Implementation
C/C++/C#/…
Product Idea
Are you building the product right ?
Are you building the right product?
What product are you building?
![Page 9: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/9.jpg)
9
AsmL: A modeling toolkit
AsmL is a powerful, ASM-based specification language
Combines mathematical, object-oriented and component-oriented approaches Fully integrated with the .Net framework
Can be used for documentation Integrated with MS Word and XML
Can be used for testing Ongoing Integration with existing testing tools
![Page 10: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/10.jpg)
10
A guideline for AsmL users
1. Begin building a model by considering its purpose; this guides abstraction decisions during development
1. Define model state2. Define model transitions
2. Validate the model early and often to increase confidence that the model is faithful.
Check internal consistency Check against customer expectations
![Page 11: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/11.jpg)
11
Outline
Background What is an ASM? Why use ASMs? Modeling with ASMs
Conformance Testing with ASMs FSM Generation Exploration of the FSM Test Execution
Demo
![Page 12: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/12.jpg)
12
Using AsmL models for conformance testing
ASM-Model
Implementation
Test OracleTest Cases
Are run by Providesactual results for
PassNo pass
Provides expected results for
Generates
UserInfo
![Page 13: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/13.jpg)
13
AsmL Model M
The dual role of ASM models
Test cases
Random generation
Reduce
FSMtool
IUTCall next action
Get state
AsmL Model M
Testing harness
Is Svalid according
to M?
Fail: witness
Pass Sview
view
view
FSM
![Page 14: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/14.jpg)
14
FSM Generation
Typically ASMs have infinite state space We introduce indistinguishability properties to
group states into equivalence classes called hyperstates The non-discovery problem
The problem of reaching all hyperstates is in general undecidable
Improvement relations provide a partial solution to this problem A way to encode domain specific search strategies
![Page 15: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/15.jpg)
15
FSM generation sample
Generate an FSM from the stack specification.
class Stackvar s as Seq of Integer = []
Top() as Integer require s <> [] return first(stack)
Pop() require s <> [] stack := rest(stack)
Push(x as Integer) s := [x] + s
Indistinguishability property: s=[]
![Page 16: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/16.jpg)
16
The FSM construction
[]
[0]
Push(0)
[]
Pop()Push(0)
[0,0] [0,0]
Top()
The tree can be pruned,if a hyperstate is reachedthat has “already” been visited
[]
[0,..]
Push(0)
Push(0) Pop
Top
The generated FSM
Pop()
![Page 17: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/17.jpg)
17
The algorithm
generate() step s = head(frontier) frontier := tail(frontier) step foreach a in Actions nextStates = explore Fire(s,a) step foreach t in nextStates transitions(s,a,t) := true if relevant(s,a,t) then frontier := frontier + [t] hypers := hypers union {GetHyperstate(t)}
![Page 18: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/18.jpg)
18
Improvement relations
relevant(s as State, a as Action, t as State) as Boolean forall g in goals where improved(bestState(g),t,g) bestState(g) := t return (h.GetHyperstate(t) notin hypers) or (exists g in h.goals() where h.improved(bestState(g),t,g))
![Page 19: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/19.jpg)
19
Outline
Background What is an ASM? Why use ASMs? Modeling with ASMs
Conformance Testing with ASMs FSM Generation Exploration of the FSM Test Execution
Demo
![Page 20: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/20.jpg)
20
Demo
“Run” the paper
![Page 21: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/21.jpg)
21
Current Work
Generalized properties (non-Boolean finite valued properties)
Parameter generation for actions with parameters
.Net attribute scheme design for annotating the model with test related meta information
![Page 22: Generating FSMs from Abstract State Machines](https://reader035.vdocument.in/reader035/viewer/2022062322/56814fc8550346895dbd86d5/html5/thumbnails/22.jpg)
22
For more information
Check out the public website of AsmL: research.microsoft.com/fse/asml You can download AsmL 2
You need VS.NET You need Office XP for Word integration