Results 1  10
of
70
Learning assumptions for compositional verification
, 2003
"... Compositional verification is a promising approach to addressing the state explosion problem associated with model checking. One compositional technique advocates proving properties of a system by checking properties of its components in an assumeguarantee style. However, the application of this t ..."
Abstract

Cited by 140 (20 self)
 Add to MetaCart
Compositional verification is a promising approach to addressing the state explosion problem associated with model checking. One compositional technique advocates proving properties of a system by checking properties of its components in an assumeguarantee style. However, the application of this technique is difficult because it involves nontrivial human input. This paper presents a novel framework for performing assumeguarantee reasoning in an incremental and fully automated fashion. To check a component against a property, our approach generates assumptions that the environment needs to satisfy for the property to hold. These assumptions are then discharged on the rest of the system. Assumptions are computed by a learning algorithm. They are initially approximate, but become gradually more precise by means of counterexamples obtained by model checking the component and its environment, alternately. This iterative process may at any stage conclude that the property is either true or false in the system. We have implemented our approach in the LTSA tool and applied it to a NASA system.
Coverage Based TestCase Generation using Model Checkers.
 In International Conference and Workshop on the Engineering of Computer Based Systems,
, 2001
"... ..."
Automated AssumeGuarantee Reasoning for Simulation Conformance
 In Proc. of CAV’05, volume 3576 of LNCS
, 2005
"... Abstract. The applicability of assumeguarantee reasoning in practice has been limited since it requires the right assumptions to be constructed manually. In this article, we address the issue of efficiently automating assumeguarantee reasoning for simulation conformance between finite state system ..."
Abstract

Cited by 29 (9 self)
 Add to MetaCart
(Show Context)
Abstract. The applicability of assumeguarantee reasoning in practice has been limited since it requires the right assumptions to be constructed manually. In this article, we address the issue of efficiently automating assumeguarantee reasoning for simulation conformance between finite state systems and specifications. We focus on a noncircular assumeguarantee proof rule, and show that there is a weakest assumption that can be represented canonically by a deterministic tree automata (DTA). We then present an algorithm L T that learns this DTA automatically in an incremental fashion, in time that is polynomial in the number of states in the equivalent minimal DTA. The algorithm assumes a teacher that can answer membership queries pertaining to the language of the unknown DTA, and can also test a conjecture and provide a counter example if the conjecture is false. We show how the teacher and its interaction with L T are implemented in a model checker. We have implemented this framework in the ComFoRT toolkit and we report encouraging results (up to 41 and 14 times improvement in memory and time consumption respectively) on nontrivial benchmarks.
DomainSpecific Optimization in Automata Learning
 In Proc. 15 th Int. Conf. on Computer Aided Verification
, 2003
"... Automatically generated models may provide the key towards controlling the evolution of complex systems, form the basis for test generation and may be applied as monitors for running applications. ..."
Abstract

Cited by 28 (2 self)
 Add to MetaCart
(Show Context)
Automatically generated models may provide the key towards controlling the evolution of complex systems, form the basis for test generation and may be applied as monitors for running applications.
On the correspondence between conformance testing and regular inference
 of Lecture Notes in Computer Science
, 2005
"... Abstract. Conformance testing for finite state machines and regular inference both aim at identifying the model structure underlying a black box system on the basis of a limited set of observations. Whereas the former technique checks for equivalence with a given conjecture model, the latter techniq ..."
Abstract

Cited by 28 (12 self)
 Add to MetaCart
Abstract. Conformance testing for finite state machines and regular inference both aim at identifying the model structure underlying a black box system on the basis of a limited set of observations. Whereas the former technique checks for equivalence with a given conjecture model, the latter techniques addresses the corresponding synthesis problem by means of techniques adopted from automata learning. In this paper we establish a common framework to investigate the similarities of these techniques by showing how results in one area can be transferred to results in the other and to explain the reasons for their differences. 1
Regular inference for state machines with parameters
 In FASE
, 2006
"... Abstract. Techniques for inferring a regular language, in the form of a finite automaton, from a sufficiently large sample of accepted and nonaccepted input words, have been employed to construct models of software and hardware systems, for use, e.g., in test case generation. We intend to adapt thes ..."
Abstract

Cited by 28 (7 self)
 Add to MetaCart
(Show Context)
Abstract. Techniques for inferring a regular language, in the form of a finite automaton, from a sufficiently large sample of accepted and nonaccepted input words, have been employed to construct models of software and hardware systems, for use, e.g., in test case generation. We intend to adapt these techniques to construct state machine models of entities of communication protocols. The alphabet of such state machines can be very large, since a symbol typically consists of a protocol data unit type with a number of parameters, each of which can assume many values. In typical algorithms for regular inference, the number of needed input words grows with the size of the alphabet and the size of the minimal DFA accepting the language. We therefore modify such an algorithm (Angluin’s algorithm) so that its complexity grows not with the size of the alphabet, but only with the size of a certain symbolic representation of the DFA. The main new idea is to infer, for each state, a partitioning of input symbols into equivalence classes, under the hypothesis that all input symbols in an equivalence class have the same effect on the state machine. Whenever such a hypothesis is disproved, equivalence classes are refined. We show that our modification retains the good properties of Angluin’s original algorithm, but that its complexity grows with the size of our symbolic DFA representation rather than with the size of the alphabet. We have implemented the algorithm; experiments on synthesized examples are consistent with these complexity results. 1
Mutually enhancing test generation and specification inference
 In Proc. 3rd International Workshop on Formal Approaches to Testing of Software, volume 2931 of LNCS
, 2003
"... Abstract. Generating effective tests and inferring likely program specifications are both difficult and costly problems. We propose an approach in which we can mutually enhance the tests and specifications that are generated by iteratively applying each in a feedback loop. In particular, we infer li ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Generating effective tests and inferring likely program specifications are both difficult and costly problems. We propose an approach in which we can mutually enhance the tests and specifications that are generated by iteratively applying each in a feedback loop. In particular, we infer likely specifications from the executions of existing tests and use these specifications to guide automatic test generation. Then the existing tests, as well as the new tests, are used to infer new specifications in the subsequent iteration. The iterative process continues until there is no new test that violates specifications inferred in the previous iteration. Inferred specifications can guide test generation to focus on particular program behavior, reducing the scope of analysis; and newly generated tests can improve the inferred specifications. During each iteration, the generated tests that violate inferred specifications are collected to be inspected. These violating tests are likely to have a high probability of exposing faults or exercising new program behavior. Our hypothesis is that such a feedback loop can mutually enhance test generation and specification inference. 1
Generating models of infinitestate communication protocols using regular inference with abstraction
 22nd IFIP International Conference on Testing Software and Systems
"... The following full text is a preprint version which may differ from the publisher's version. ..."
Abstract

Cited by 24 (9 self)
 Add to MetaCart
The following full text is a preprint version which may differ from the publisher's version.
Regular inference for state machines using domains with equality tests
 In Fundamental Approaches to Software Engineering
, 2008
"... Abstract. Existing algorithms for regular inference (aka automata learning) allows to infer a finite state machine by observing the output that the machine produces in response to a selected sequence of input strings. We generalize regular inference techniques to infer a class of state machines wi ..."
Abstract

Cited by 24 (7 self)
 Add to MetaCart
(Show Context)
Abstract. Existing algorithms for regular inference (aka automata learning) allows to infer a finite state machine by observing the output that the machine produces in response to a selected sequence of input strings. We generalize regular inference techniques to infer a class of state machines with an infinite state space. We consider Mealy machines extended with state variables that can assume values from a potentially unbounded domain. These values can be passed as parameters in input and output symbols, and can be used in tests for equality between state variables and/or message parameters. This is to our knowledge the first extension of regular inference to infinitestate systems. We intend to use these techniques to generate models of communication protocols from observations of their inputoutput behavior. Such protocols often have parameters that represent node adresses, connection identifiers, etc. that have a large domain, and on which test for equality is the only meaningful operation. Our extension consists of two phases. In the first phase we apply an existing inference technique for finitestate Mealy machines to generate a model for the case that the values are taken from a small data domain. In the second phase we transform this finitestate Mealy machine into an infinitestate Mealy machine by folding it into a compact symbolic form. 1