Environment Restriction Slicing of EFSMs Kelly Androutsopoulos CREST (Center for Research in...
-
Upload
harold-webster -
Category
Documents
-
view
214 -
download
1
Transcript of Environment Restriction Slicing of EFSMs Kelly Androutsopoulos CREST (Center for Research in...
Environment Restriction Slicing of EFSMs
Kelly AndroutsopoulosCREST (Center for Research in Evolution, Search and Testing)
University College of London
Email: [email protected]
Joint work with: David Binkley, David Clark, Nicolas Gold, Mark Harman, Kevin Lano and Zheng Li
Extended Finite State Machines (EFSMs)
• Widely used to model for e.g. embedded systems, safety critical systems, discrete-event control devices
StimuliSyste
m
Environment
Responses
Reuse with Restricted Operational Environment
1) Example: Car Air Conditioning System• ‘Basic model’ car air conditioning system and
‘luxurious model’ that contains climate control functionality.
2) Example: Vending Machine • Allows a user to insert coins and vends tea with the
option of large cups, small cups, sugar and double sugar. Assume deploying this model in an environment where the sugar button is disabled.
Aid Property Verification
• State space > 3000
• Assume we want to prove property P: – The feed belt motor is off
if there is a blank on the elevating rotary table.
• P affects only 4 events.
• Model can be reduced by ERS to 4 states and 8 transitions.
Deposit belt
Robot
Feed belt
Elevating Rotary table
Production Cell
ERS definitions
• Definition (Slicing Criterion): – An ignore set I which is a set of events that no longer
occur in the new environment.
• Definition (Event Sequence Set Filter):– Sequence-set filter function
• Definition (Environment Restriction Slice): – A slice of an EFSM M=(S,T,A,Si) for ignore set I is a
reduced EFSM M’ that is semantically indistinguishable from M on all event sequences from fi(A*,I), where A* is all possible event sequences in the environment.
€
fi(X,I) = {E ∈X | E ∩ I =∅}
Weak Semantic Requirement – Stutter-free Event Sequences
• Stuttering event sequence:– a,a,b
• Stutter-free event sequence:– a, b
S1
S2
a
b
ERS Algorithms
1) Slicing algorithm basicSlice
2) Constant propagation algorithm
3) R-merge equivalent states algorithm
4) G-merge equivalent states algorithm
basicSlice Algorithm (A1)
• Slicing criterion: Ignore set I
• Algorithm:– Deletes all transitions whose trigger event corresponds
to events in I.– Then, removes all states and transitions that are no
longer reachable from an initial state.
Constant Propagation Algorithm (A2)
• A simple flow insensitive constant propagation algorithm in which variables are mapped to values in a flat lattice.
• Algorithm:– Variables that appear as event parameters are assigned the
value (non-constant).
– All variables are initialised to T (uninitialised).
– Assignments in actions in labels of transitions are considered. If RHS evaluates to a constant, then the value of LHS variable is replaced by the meet of the constant and the variable’s present value. Otherwise, the value is replaced by .
€
⊥
€
⊥
R-merge Equivalent States Algorithm
• Extends an algorithm by Ilie and Yu for NFA minimisation.
• Algorithm:– Repeatedly merges pairs of R-equivalent states until no further
merging is possible.
• Definition (R-equivalent states): – States s1 and s2 are R-equivalent if, for every transition t from
s1, there is a corresponding transition (with the same label) from s2 leading to the same target as t and vice versa.
G-merging Equivalent States Algorithm
• More aggressive merge and only preserves weak semantic requirement.
• Algorithm:– It identifies groups of states (≥ 2) that can be merged
into a single state.– A group ss of states can be merged if:
• All transitions in the group have no actions, and• The set of internal triggering events is disjoint from the set of
exiting triggering events.
Empirical Results:
Experimental Models
EFSM Model S T Event
ATM 9 23 12
Cashier 12 21 16
CruiseControl 5 17 10
FuelPump 13 25 16
PrintToken 11 89 11
VendingMachine 8 37 13
DoorController 6 12 11
INRES protocol 8 18 8
TCP 12 57 6
TCSbin 24 65 39
Total 108 364 142
Empirical Results:
Average Slice Size when Ignoring n Events
States Transitions
n=1 n=2 n=4 n=1 n=2 n=4
A1 85.3% 78.8% 49.3% 77.5% 70.3% 33.5%
A2 80.5% 77.2% 47.1% 71.3% 67.1% 31.1%
A3 78.6% 74.6% 45.2% 69.2% 64.1% 30.3%
A4 71.2% 70.7% 41.1% 66.1% 63.2% 29.8%
Empirical Results: All slice sizes for algorithms A1-A4 using all possible ignore set containing all but one (n-1) events.
Conclusions
• Defined four algorithms
• Proved the correctness of:– A1, A2, and A3 wrt a strong semantic requirement– A4 wrt a weak semantic requirement
• Tradeoff between precision/performance– For ignore sets of size one, A1 and A2 execution time is
extremely fast, while A3 and A4 not so. (We know A3 – PSPACE complexity).
– For larger ignore sets, the execution time drops.