Volker Fortströer

 How improve quality control for reactive systems?  Availability of a specification of system behavior ◦ Rarely precise & reliable because of last minute changes etc.  But a specification of the system is needed to test and to verify the behavior  Automatically generated and maintained reference models can help to get precise system specification 2Volker Fortströer – Learning by Testing

 Model generation from source code is possible but not practicable ◦ hardware systems, closed source components  An automated method is needed to generate a model of a (reactive) system Volker Fortströer - Learning by Testing3

 Reactive systems  Regular languages  Finite-state automaton  Learning an automaton  Angluins Algorithm L*  Optimizations to L* 4Volker Fortströer - Learning by Testing

 Systems which creates output on different input and may change internal states ◦ i.e.: telecommunication systems  Preconditions: ◦ The system responses have to be deterministic ◦ The same input results in the same end state (output) ◦ All input is accepted regardless of the system’s internal state  Conclusion: such a system can be seen as an input/output automaton  This automaton can be learned through algorithms by creating a deterministic automaton 5Volker Fortströer - Learning by Testing

 A deterministic finite-state automaton (DFA) over Σ is a structure A = (Q, δ, q 0, F ). ◦ Q: non-empty finite set of states ◦ q 0 є Q: initial state ◦ F ⊆ Q: set of final states ◦ δ: Q х Σ → Q is the transition function  Run of A: execution of A with input w ◦ w: a 1 … a n є Σ* ◦ Acceptance of w if A stops in a state q є F ◦ The set of accepted words build a regular language 6Volker Fortströer - Learning by Testing

 Let L be a language over the alphabet Σ.  L ⊆ Σ* is called regular iff. either ◦ L is generated by a regular grammar or ◦ L is accepted by a finite automaton or ◦ L can be described trough a regular expression 7Volker Fortströer - Learning by Testing

 Algorithm L* invented by Angluin (87) ◦ determining an initially unknown regular language L ◦ Two information sources are needed to learn the regular language L:  Membership Oracle (MO) checks if a sequence w is in L  Equivalence Oracle (EO) checks if an acceptor for L is equivalent to the unknown L ◦ Construct a equivalent minimal DFA which accepts L 8Volker Fortströer - Learning by Testing

 Basic idea behind L*: ◦ Systematically explore feasible strings using the MO ◦ Construct the transition table ◦ maintain during exploration  A set S of state-access strings  A set E of explored states  A function T for mapping (S ∪ S ∙ A) ∙ E → {0,1}  T is kept in the observation table (OT)  A is the input-alphabet 9Volker Fortströer - Learning by Testing

◦ Gradually build a DFA M (hypothesis) ◦ If M seems to be stable make an equivalence query  If answer is correct then we have found an equivalent DFA  Otherwise we get a counterexample (which can be used for refining DFA M) 10Volker Fortströer - Learning by Testing

 Assume a reactive system like a telecommunication system  One switch and some phones  Phone actions (input): ◦ on-hook (↑) ◦ off-hook (↓) ◦ perform a call (→)  Switch actions (output): ◦ initiated ◦ cleared ◦ hookswitch (signal received) Volker Fortströer - Learning by Testing11

 different (simple) scenarios: ◦ S1: 1 physical device A A I = {A↑, A↓} A O = {initiated A, cleared A, [hookswitch A ]} ◦ S2: 2 physical device A, B A I = {A↑, A↓, B↑, B↓} A O = {initiated A,B, cleared A,B, [hookswitch A,B ]}  depending on input through devices the switch produces output corresponding to its internal states  ⇒ I/O-Automaton Volker Fortströer - Learning by Testing12

 An input / output automaton over Σ is a structure S = (Σ, A I, A O, →, s 0 ). ◦ Σ: non-empty finite set of states ◦ A I : finite set of input actions ◦ A O : finite set of output responses ◦ →: transition relation → ⊆ Σ х A I х A O * х Σ ◦ s 0 є Σ: initial state  An input / output automaton can be transformed in a deterministic finite-state automaton ◦ Divide input words into single symbols ◦ Create auxiliary-states for transitions Volker Fortströer - Learning by Testing13

 Represent a I/O-automaton as a DFA ◦ Because a large input alphabet results in inefficient runtime of L*  Membership Oracle: ◦ This queries can be answered by the system itself ◦ Problems:  Interface to the system is needed for invoking the input und capturing the response  Expensive in time because of timeouts 14Volker Fortströer - Learning by Testing

 Equivalence Oracle: ◦ Learning a black-box system ⇒ one can never be sure that the whole system behavior was learned ◦ Using an approximation:  Checking consistency within a fixed look ahead from all states Volker Fortströer - Learning by Testing15

 Performing an oracle query takes relatively much time ◦ L* has to wait for response of tested system  An obviously improvement is reducing the number of queries  Some queries can be answered with the result of other queries ◦ i.e.: counterexample of EQ  Other queries can be filtered because of the properties of the learned language 16Volker Fortströer - Learning by Testing

 If every state is an accepting state the corresponding language is prefix-closed ◦ All prefixes v of every word w in language L are member of L  Filter 1 (positive prefix): ∃σ 2 ∈ A*. T(σ 1 ;σ 2 ) = 1 ⇒ MO(σ 1 ) = true  Filter 2 (negative prefix): ∃σ 2 ∈ prefix(σ 1 ). T(σ 2 ) = 0 ⇒ MO(σ 1 ) = false 17Volker Fortströer - Learning by Testing

 Every input produces always the same output  Filter 3 (Input Determinism): ∃x ∈ A O, y ∈ A, σ 2, σ 3 ∈ A*. σ 1 = σ 2 ;x;σ 3 ∧ T(σ 2 ;y;σ 3 ) = 1 ∧ x ≠ y ⇒ MO(σ 1 ) = false  Filter 4 (Output Completion): ∃a ∈ A I, x ∈ A O. σ 2 ;x ∈ prefix(σ 1 ) ∧ T(σ 2 ;a) = 1 ⇒ MO(σ 1 ) = false 18Volker Fortströer - Learning by Testing

 Reactive systems exhibit often a high degree of parallelism  Sometimes different components of one type are interchangeable ◦ i.e.: a device A behaves like device B ◦ Independence: actions of device A and B can be performed in different order ◦ Symmetry: an action performed by A can also be performed by B 19Volker Fortströer - Learning by Testing

 A membership query for σ 1 is true if an equivalent σ 2 is already in OT  Let C po,sym be the set of all equivalent sequences up to the given partial order and symmetry  Filter 5 (Partial Order): ∃σ 2 ∈ C po,sym (σ 1 ). T(σ 2 ) = 1 ⇒ MO(σ 1 ) = true Volker Fortströer - Learning by Testing20

 The latter filter depends strongly on the concrete application domain, but there exist an pattern for realization: 1. An expert specifies an independence relation 2. Abstraction by replacing concrete identifiers with generic place holders 3. σ is inspected if it contains independent subparts 4. All re-orderings are computed 5. Generic place holders are replaced again by concrete identifiers Volker Fortströer - Learning by Testing21

 remember the two scenarios S 1, S 2  Number of Membership Queries:  relatively great effect  other scenario with 80 states has a total factor of after applying the filters Volker Fortströer - Learning by Testing22 Statesno filter 1 & 2Factor3 & 4Factor5 total Factor S1S S2S

 Thanks for your attention!  References: ◦ Hardi Hungar, Oliver Niese, Bernhard Steffen: Domain-Specific Optimization in Automata Learning. CAV 2003: ◦ Therese Berg, Bengt Jonsson, Martin Leucker, and Mayank Saksena (SVV 2003), Mumbai (India): Insights to Angluin's learning. Electr. Notes Theor. Comput. Sci. 118: 3-18 (2005). Volker Fortströer - Learning by Testing23