Generating FSMs from Abstract State Machines

1
Generating FSMs from Abstract State Machines

• Wolfgang Grieskamp
• Yuri Gurevich
• Wolfram Schulte
• Margus Veanes
• Foundations of Software Engineering
• Microsoft Research
• ISSTA 2002, Rome, July 22-24

2
Outline

• Background
• What is an ASM?
• Why use ASMs?
• Modeling with ASMs
• Conformance Testing with ASMs
• FSM Generation
• Exploration of the FSM
• Test Execution
• Demo

3
Abstract State Machines

• Introduced by Yuri Gurevich
• Deep mathematical theory
• World wide user community (academia industry)
• The Idea
• A machine that describes a system on any (but
  particular) level of abstraction
• An operational specification of a system
• A very high-level program

4
A Sample ASM

• var A as Seq of Integer
• Swap()choose i,j in indices(A) where iltj and
  A(i)gtA(j) A(i) A(j) A(j) A(i)
• Sort() step until fixpoint Swap()

A 2,3,1
5
ASMs are evolving structures

• An ASM is a mathematical machine that represents
  a system as evolving state
• A state is given by the current values of the
  variables
• A step is a transaction (synchronous parallelism)
  that may update many variables at once
• In the sequential case, a program describes one
  step, a run is a sequence of consecutive steps.
• In the distributed case, each agent has a
  program, a distributed run is a partial order of
  agents steps (asynchronous parallelism)

6
Why is software error-prone?

• Some reasons
• Premature coding
• Lack of confidence in descriptions
• Late feedback from customer
• Unforeseen feature interaction
• Lack of understanding in maintenance phase

7
Models solve these problems

• Engineering models help you to gain confidence in
  requirements and designs.
• Examples Architectural, Mechanical, Electrical,
  etc.
• Software models help you understand the behavior
  of each level of abstraction, examples are
• Steps required to carry out the systems user
  scenarios
• How features/components interact with each other
• The behavior of subsystems like file storage and
  messaging

8
Models can be used everywhere
Are you building the right product?
What product are you building?
Modeling
Validation
ASMModel
Verification
Refinement
Are you building the product right ?
Implementation C/C/C/
9
AsmL A modeling toolkit

• AsmL is a powerful, ASM-based specification
  language
• Combines mathematical, object-oriented and
  component-oriented approaches
• Fully integrated with the .Net framework
• Can be used for documentation
• Integrated with MS Word and XML
• Can be used for testing
• Ongoing Integration with existing testing tools

10
A guideline for AsmL users

• Begin building a model by considering its
  purpose this guides abstraction decisions during
  development
• Define model state
• Define model transitions
• Validate the model early and often to increase
  confidence that the model is faithful.
• Check internal consistency
• Check against customer expectations

11
Outline

• Background
• What is an ASM?
• Why use ASMs?
• Modeling with ASMs
• Conformance Testing with ASMs
• FSM Generation
• Exploration of the FSM
• Test Execution
• Demo

12
Using AsmL models for conformance testing
ASM-Model
Provides expected results for
Generates
PassNo pass
User Info
Test Oracle
Test Cases
Are run by
Provides actual results for
Implementation
13
The dual role of ASM models
Testing harness
AsmL Model M
IUT
Call next action
Get state
view
Pass
S
Reduce
Random generation
Is S valid accordingto M?
FSM
AsmL Model M
FSM tool
view
Fail witness
Test cases
view
14
FSM Generation

• Typically ASMs have infinite state space
• We introduce indistinguishability properties to
  group states into equivalence classes called
  hyperstates
• The non-discovery problem
• The problem of reaching all hyperstates is in
  general undecidable
• Improvement relations provide a partial solution
  to this problem
• A way to encode domain specific search strategies

15
FSM generation sample

• Generate an FSM from the stack specification.
• class Stackvar s as Seq of Integer
• Top() as Integer require s ltgt return
  first(stack)
• Pop() require s ltgt stack rest(stack)
• Push(x as Integer) s x s
• Indistinguishability property s

16
The FSM construction
The tree can be pruned,if a hyperstate is
reachedthat has already been visited

17
The algorithm

• generate()
• step
• s head(frontier)
• frontier tail(frontier)
• step foreach a in Actions
• nextStates explore Fire(s,a)
• step foreach t in nextStates
• transitions(s,a,t) true
• if relevant(s,a,t) then
• frontier frontier t
• hypers hypers union
• GetHyperstate(t)

18
Improvement relations

• relevant(s as State,
• a as Action,
• t as State) as Boolean
• forall g in goals where
• improved(bestState(g),t,g)
• bestState(g) t
• return
• (h.GetHyperstate(t) notin hypers) or
• (exists g in h.goals() where
• h.improved(bestState(g),t,g))

19
Outline

• Background
• What is an ASM?
• Why use ASMs?
• Modeling with ASMs
• Conformance Testing with ASMs
• FSM Generation
• Exploration of the FSM
• Test Execution
• Demo

20
Demo

• Run the paper

21
Current Work

• Generalized properties (non-Boolean finite valued
  properties)
• Parameter generation for actions with parameters
• .Net attribute scheme design for annotating the
  model with test related meta information

22
For more information

• Check out the public website of AsmL
  research.microsoft.com/fse/asml
• You can download AsmL 2
• You need VS.NET
• You need Office XP for Word integration