A Bounded Incrementl Test Genertion Algorithm for Finite Stte Mchines Zoltán Pp 1, Mhdevn Surmnim 2, Gáor Kovács 3, Gáor Árpád Németh3 1 Ericsson Telecomm. Hungry, H-1117 Budpest, Irinyi J. u. 4-20, Hungry zoltn.pp@ericsson.com 2 Computer Science Deprtment, University of Nersk t Omh Omh, NE 68182, USA msurmnim@mil.unomh.edu 3 Deprtment of Telecommunictions nd Medi Informtics ETIK, Budpest University of Technology nd Economics, Mgyr tudósok körútj 2, H-1117, Budpest, HUNGARY kovcsg@tmit.me.hu, rurik@gmil.com Astrct. We propose ounded incrementl lgorithm to generte test cses for deterministic finite stte mchine models. Our pproch, in contrst to the trditionl view, is sed on the oservtion tht system specifictions re in most cses modified incrementlly in prctice s requirements evolve. We utilize n existing test set ville for previous version of the system to efficiently generte tests for the current modified system. We use widely ccepted frmework to evlute the complexity of the proposed incrementl lgorithm, nd show tht it is function of the size of the chnge in the specifiction rther thn the size of the specifiction itself. Thus, the method is very efficient in the cse of smll chnges, nd never performs worse thn the relevnt trditionl lgorithm the HIS-method. We lso demonstrte our lgorithm through n exmple. Keywords: conformnce testing, finite stte mchine, test genertion lgorithms, incrementl lgorithms 1 Introduction Lrge, complex systems continuously evolve to incorporte new fetures nd new requirements. In ech evolution step in ddition to chnging the specifiction of the system nd producing corresponding implementtion it my lso e necessry to modify the testing infrstructure. Mnul modifiction is n d hoc nd error prone process tht should e voided, nd utomtic specifictionsed test genertion methods should e pplied. Although testing theory is especilly well developed for finite stte mchine (FSM)-sed system specifictions, existing lgorithms hndle chnging specifictions quite inefficiently. Most reserch hs een focusing on the nlysis of rigid, unchnging descriptions. Virtully ll proposed methods rely solely on
given specifiction mchine to generte tests. These pproches re therefore incple of utilizing ny uxiliry informtion, such s existing tests creted for the previous version of the given system. All test sequences hve to e creted from scrtch in ech evolution step, no mtter how smll the chnge hs een. In this pper we develop novel, ounded incrementl lgorithm to utomticlly re-generte tests in response to chnges to system specifiction. In its essence the lgorithm mintins two sets incrementlly; prefix-closed stte cover set responsile for reching ll sttes of the finite stte mchine, nd seprting fmily of sequences pplied to verify the next stte of trnsitions. The complexity of the lgorithm is evluted sed on the ounded incrementl model of computtion of Rmlingm nd Reps [1]. It is shown tht the time complexity of the proposed lgorithm depends on the size of the chnge to the specifiction rther thn the size of the specifiction itself. Furthermore, it is never worse thn the complexity of the most trditionl lgorithm the HIS-method [2] [3] [4]. This reserch uilds on our erlier work in [5] where we hve developed frmework to nlyze the effects of chnges on tests sed on the notion of consistency etween tests nd protocol descriptions. In the current pper, we hve extended our focus to the test genertion prolem, which is mjor step oth in terms of complexity nd prcticl importnce. The rest of the pper is orgnized s follows. A rief overview of our ssumptions nd nottions is given in Section 2. In Section 3, we descrie some relevnt FSM test genertion lgorithms nd the HIS-Method in prticulr. Section 4 descries the model of incrementl computtion. In Section 5 we introduce the incrementl lgorithm for mintining checking sequence cross chnges, provide thorough nlysis of its complexity nd demonstrte it through n exmple. Sections 6 nd 7 descrie relted work nd conclusions, respectively. 2 Finite Stte Mchines Finite stte mchines hve een widely used for decdes to model systems in vrious res. These include sequentil circuits [6], some types of progrms [7] (in lexicl nlysis, pttern mtching etc.), nd communiction protocols [8]. Severl specifiction lnguges, such s SDL [9] nd ESTELLE [10], re extensions of the FSM formlism. A finite stte mchine M is qudruple M = (I,O,S,T) where I is the finite set of input symols, O is the finite set of output symols, S is the finite set of sttes, nd T S I O S is the finite set of (stte) trnsitions. Ech trnsition t T is 4-tuple t = (s j,i,o,s k ) consisting of strt stte s j S, input symol i I, output symol o O nd next stte s k S. An FSM cn e represented y stte trnsition grph, directed edgeleled grph whose vertices re leled s the sttes of the mchine nd whose edges correspond to the stte trnsitions. Ech edge is leled with the input nd output ssocited with the trnsition.
FSM M is sid to e deterministic if for ech strt stte input pir (s,i) there is t most one trnsition in T. In the cse of deterministic FSMs oth the output nd the next stte of trnsition my e given s function of the strt stte nd the input of the trnsition. These functions re referred to s the next stte function δ: S I S nd the output function λ: S I O. Thus trnsition of deterministic mchine my e given s t = (s j,i,λ(s j,i),δ(s j,i)). For given set of symols A, A is used to denote the set of ll finite sequences (words) over A. Let K A e set of sequences over A. The prefix closure of K, written Pref(K), includes ll the prefixes of ll sequences in K. The set K is prefix-closed if Pref(K) = K. We extend the next stte function δ nd output function λ from input symols to finite input sequences I s follows: For stte s 1, n input sequence x = i 1,...,i k tkes the mchine successively to sttes s j+1 = δ(s j,i j ),j = 1,...,k with the finl stte δ(s 1,x) = s k+1, nd produces n output sequence λ(s 1,x) = o 1,...,o k, where o j = λ(s j,i j ),j = 1,...,k. The input/output sequence i 1 o 1 i 2 o 2...i k o k is then clled trce of M. FSM M is sid to e strongly connected if, for ech pir of sttes (s j,s l ), there exists n input sequence which tkes M from s j to s l. If there is t lest one trnsition t T for ll strt stte input pirs, the FSM is sid to e completely specified (or completely defined); otherwise, M is sid to e prtilly specified or simply prtil FSM. We sy tht mchine M hs reset cpility if there is n initil stte s 0 S nd n input symol r I tht tkes the mchine from ny stte ck to s 0. Tht is, r I : s j S : δ(s j,r) = s 0. The reset is relile if it is gurnteed to work properly in ny implementtion mchine M I, i.e., δ I (s I j,r) = si 0 for ll sttes s I j SI, nd s I 0 is the initil stte of M I ; otherwise it is unrelile. Finite stte mchines my contin redundnt sttes. Stte minimiztion is trnsformtion into n equivlent stte mchine to remove redundnt sttes. Two sttes re equivlent written s j = sl iff for ll input sequences x I, λ(s j,x) = λ(s l,x). Two sttes, s j nd s l re distinguishle (inequivlent), iff x I, λ(s j,x) λ(s l,x). Such n input sequence x is clled seprting sequence of the two inequivlent sttes. A FSM M is reduced (minimized), if no two sttes re equivlent, tht is, ech pir of sttes (s j, s l ) re distinguishle. For the rest of the pper, we focus on strongly connected, completely specified nd reduced deterministic mchines with relile reset cpility. We will denote the numer of sttes nd inputs y n = S nd p = I, respectively. 4 2.1 Representing Chnges to FSMs Although the FSM modeling technique hs een used extensively in vrious fields, impct of chnges on FSM models nd their effects on test sets hve only een studied recently following the oservtion tht system specifictions re in most cses modified incrementlly in prctice s requirements evolve. (See some of our erlier ppers [11] [12] [5]). 4 Therefore, T = p n.
A consistent pproch for representing chnges to FSM systems hs een proposed in [12]. Atomic chnges to finite stte mchine M re represented y the mens of edit opertors ω M : T T. 5 An edit opertor turns FSM M = (I,O,S,T) into FSM M = (I,O,S,T ) with the sme input nd output sets. We use the term sme sttes written s j = s j for sttes tht re leled like in different mchines. Oviously, these sttes re not necessrily equivlent, written s j = s j. For deterministic finite stte mchines two types of edit opertors hve een proposed sed on widely ccepted fult models. A next stte chnge opertor is ω n (s j,i,o x,s k ) = (s j,i,o x,s l ), where δ(s j,i) = s k s l = δ (s j,i). An output chnge opertor is ω o (s j,i,o x,s k ) = (s j,i,o y,s k ), where λ(s j,i) = o x o y = λ (s j,i). It hs een shown in [12], tht with some ssumptions the set of deterministic finite stte mchines with given numer of sttes is closed under the edit opertions defined ove. Furthermore, for ny two deterministic FSMs M 1 nd M 2 there is lwys sequence of edit opertions chnging M 1 to M 2, i.e., to mchine isomorphic to M 2. 3 FSM Test Genertion nd the HIS-Method Given completely specified deterministic FSM M with n sttes, n input sequence x tht distinguishes M from ll other mchines with n sttes is clled checking sequence of M. Any implementtion mchine Impl with t most n sttes not equivlent to M produces n output different from M on checking sequence x. Severl lgorithms hve een proposed to generte checking sequences for mchines with relile reset cpility [13] [14], including the W-method [15], the Wp-method [16] nd the HIS-method [2] [3] [4]. They ll shre the sme fundmentl structure consisting of two stges: Tests derived for the first stte identifiction stge check tht ech stte presented in the specifiction lso exists in the implementtion. Tests for the second trnsition testing stge check ll remining trnsitions of the implementtion for correct output nd ending stte s defined y the specifiction. The methods, however, use different pproches to identify stte during the first stge, nd to check the ending stte of the trnsitions in the second stge. In the following we concentrte on the HIS-method s it is the most generl pproch of the three. The HIS-method derives fmily of hrmonized identifiers [4], lso referred to s seprting fmily of sequences [3]. A seprting fmily of sequences of FSM M is collection of n sets Z i,i = 1,...,n of sequences (one set for ech stte) stisfying the following two conditions: For every pir of sttes s i,s j : (I) there is n input sequence x tht seprtes them, i.e., x I, λ(s i,x) λ(s j,x); (II) x is prefix of some sequence in Z i nd some sequence in Z j. Z i is clled the seprting set of stte s i. The HIS-method uses pproprite memers of the seprting fmily in oth stges of the lgorithm to check sttes of the implementtion. 5 ω(t) is used insted of ω M (t) if M cn e omitted without cusing confusion.
3.1 The HIS-Method Consider FSM M with S = n sttes, nd implementtion Impl with t most n sttes. Let Z = {Z 1,...,Z n } e seprting fmily of sequences of FSM M. Such fmily my e constructed for reduced FSM the following wy: For ny pir of sttes s i, s j we generte sequence z ij tht seprtes them using for exmple minimiztion method [17]. Then define the seprting sets s Z i = {z ij },j = 1...n. The stte identifiction stge of the HIS-method requires prefix-closed stte cover set Q = {q 1,...,q n } of FSM M, nd genertes test sequences r q i Z i, i = 1...n sed on it, where r is the relile reset symol nd is the string conctention opertor. A Q set my e creted y constructing spnning tree 6 of the stte trnsition grph of the specifiction mchine M from the initil stte s 0. Such spnning tree is presented on Figure 1() in Section 5.1. A prefixclosed stte cover set Q is the conctention of the input symols on ll prtil pths of the spnning tree, i.e., sequences of input symols on ll consecutive rnches from the root of the tree to stte. If Impl psses the first stge of the lgorithm for ll sttes, then we know tht Impl is similr to M, furthermore this portion of the test lso verifies ll the trnsitions of the spnning tree. The second, trnsition testing stge is used to check non-tree trnsitions. Tht is, for ech trnsition (s j,i,o,s k ) not in the spnning tree the following test sequences re generted: r q j i Z k. The resulting sequence is checking sequence, strting t the initil stte (first reset input is pplied) nd consisting of no more thn pn 2 test sequences of length less thn 2n interposed with reset [3]. Thus the totl complexity of the lgorithm is O(pn 3 ), where p = I nd n = S. 4 Incrementl Computtion Model A tch lgorithm for given prolem is n lgorithm cple of computing the solution of the prolem f(x ) the output on some input x. Virtully ll trditionl FSM-sed conformnce test genertion lgorithms [13] [14] re such tch lgorithms. Their input is the specifiction of system in form of n FSM model nd the output is checking sequence tht is (under some ssumptions) cple of determining if n implementtion conforms to the specifiction FSM. An incrementl lgorithm intends to solve given prolem y computing n output f(x ) just s tch lgorithm. Incrementl computtion, however, ssumes tht the sme prolem hs een solved previously on slightly different input x providing output f(x), nd tht the input hs undergone some chnges since, resulting in the current input x + dx = x. An incrementl lgorithm tkes the input x nd the output f(x) of the previous computtion, long with 6 A spnning tree of FSM M rooted from the initil stte is n cyclic sugrph ( prtil FSM) of its stte trnsition grph composed of ll the rechle vertices (sttes) nd some of the edges (trnsitions) of M such tht there is exctly one pth from the initil stte s 0 to ny other stte.
the chnge in the input dx. From tht it computes the new output f(x + dx), where x + dx denotes the modified input. A tch lgorithm cn e used s n incrementl lgorithm, furthermore, in cse of fundmentl chnge (tke x = null input for exmple) the tch lgorithm will e the most efficient incrementl lgorithm. 4.1 Evluting the Complexity of n Incrementl Algorithm The complexity of n lgorithm is commonly evluted using symptotic worstcse nlysis; y expressing the mximum cost of the computtion s function of the size of the input. While this pproch is dequte for most tch lgorithms, worst-cse nlysis is often not very informtive for incrementl lgorithms. Thus, lterntive wys hve een proposed in the literture to express the complexity of incrementl lgorithms. The most widely ccepted pproch hs een proposed in [1]. Insted of nlyzing the complexity of incrementl lgorithms in terms of the size of the entire current input, the uthors suggest the use of n dptive prmeter cpturing the extent of the chnges in the input nd output. The prmeter or CHANGED represents the size of the MODIFIED prt of the input nd the size of the AFFECTED prt of the previous output. Thus represents the miniml mount of work necessry to clculte the new output. The complexity of incrementl lgorithm is nlyzed in terms of, which is not known priori, ut clculted during the updte process. This pproch will e used in this pper to evlute the complexity of the presented lgorithm nd to compre it to existing tch nd incrementl methods. 5 Incrementl Test Genertion Method This section presents novel incrementl test genertion lgorithm. The lgorithm in contrst to trditionl (tch) test genertion methods is cple of mintining checking sequence cross chnges in the specifiction, thus voiding the need of regenerting checking sequence from scrtch t ech stge of n incrementl development. We focus on the following prolem: Consider system specifiction given s reduced, completely specified nd deterministic FSM M. There exists complete checking sequence for M cple of detecting ny fult in n implementtion Impl, which hs the sme input I nd output O lphet s M nd hs no more sttes thn M. The specifiction is modified to M y unit chnge, i.e., y pplying single output or next stte chnge opertor. The prolem is to crete complete checking sequence for the new specifiction M if such exists. We concentrte on systems with relile reset cpility, nd we ssume the HIS-Method s reference point in creting n incrementl lgorithm nd evluting its performnce. The HIS-method is essentilly the superposition of two completely independent lgorithms. One is used to uild set of input
sequences responsile for reching ll sttes of the finite stte mchine ( prefixclosed stte cover set). The other is pplied to crete set of input sequences to verify the next stte of the trnsition ( seprting fmily of sequences). Our incrementl test genertion method likewise involves two completely utonomous incrementl lgorithms. Note tht these lgorithms my lso e pplied independently for vrious purposes. They could e used to detect undesirle effects of plnned modifiction during development, such s susets of sttes ecoming equivlent or unrechle. It hs to e emphsized tht given chnge to the specifiction FSM my ffect the two lgorithms differently. Therefore two seprte prmeters (see Section 4.1) hve to e used to cpture the extent in which the chnges ffect the two lgorithms. 5.1 Incrementl Algorithm for Mintining Prefix-closed Stte Cover Set Given specifiction FSM M, prefix-closed stte cover set Q of M nd chnge ω(s m,i,o,s j ) to FSM M turning it to M our purpose is to crete new vlid prefix-closed stte cover set Q for M. The prolem cn e reduced to mintining spnning tree of the stte trnsition grph of the specifiction mchine rooted from the initil stte s 0 (see Section 3.1). Assuming the spnning tree ST of FSM M representing the Q set i.e., input sequences on ll prtil pths of ST re in Q we intend to produce new vlid spnning tree ST of FSM M. Let us cll trnsition n ST-trnsition iff it is in ST. A sutree of ST rooted from stte s i s 0 is proper sutree of the spnning tree ST nd will e referred to s ST si. Given the chnge ω(s m,i,o,s j ) we will refer to stte s m of FSM M s modified stte, since trnsition originting from stte s m of FSM M is modified y the chnge. In this pper we focus on unit chnges; t ech incrementl step there is single modified stte, i.e., the crdinlity of the set of modified sttes MODIFIED revited s MOD is one: MOD = 1. A stte s i of FSM M is ffected y the chnge with respect to the Q set iff for input sequence q i Q corresponding to stte s i : δ(s 0,q i ) δ (s 0,q i ). Such stte is sid to e q-ffected stte. 7 The lgorithm identifies the set of q-ffected sttes AFFECTED Q revited s AFF Q, where 0 AFF Q n. If AFF Q is not n empty set AFF Q > 0 then ST must e dpted to M. We define the set CHANGED Q S to e MOD AFF Q nd denote CHANGED Q s Q. The set CHANGED Q will e used s mesure of the 7 Other definitions of q-ffected stte could e used depending on the ssumed testing lgorithm. A more relxed definition could e for exmple the following: A stte s i of FSM M is ffected y the chnge with respect to the Q set iff there exists no pth from s 0 to s i in ST fter the chnge. This definition should e ssumed in cse the sme set (for exmple distinguishing sequence or W-set) is used to check ech ending stte.
size of the chnge to the specifiction, nd the complexity of the incrementl lgorithm will e expressed s function of prmeter Q, where 1 Q n. The input of the lgorithm is the originl mchine M, the chnge opertor nd the spnning tree ST of M. It provides M, the new spnning tree ST of M nd the set of unrechle sttes s output. The lgorithm consists of two phses nd hndles output nd next stte chnges seprtely in the first phse. The first phse mrks ll q-ffected sttes of FSM M then collects them in the set AFF Q. If AFF Q = 0 then ST is vlid spnning tree of M nd the lgorithm termintes, otherwise the second phse completes the spnning tree for ll q-ffected sttes. Phse 1 Output Chnge Tke output chnge ω o (s m,i,o x,s j ) = (s m,i,o y,s j ),o x o y. Crete FSM M y pplying the chnge opertor. Initilize AFF Q s n empty set, nd the spnning tree ST of M s ST := ST. As n output chnge opertor is pplied to FSM M, it only chnges n edge lel of the stte trnsition grph of FSM M, ut does not ffect its structure. Tht is, δ(s m,i) = δ (s m,i), nd the chnge does not ffect ny sttes with respect to the Q set. AFF Q is not extended. Phse 1 Next Stte Chnge Tke next stte chnge ω n (s m,i,o x,s j ) = (s m,i,o x,s k ),s j s k. Crete FSM M y pplying the chnge opertor. Initilize AFF Q s n empty set, nd the spnning tree ST of M s ST := ST. (s m,i,o,s j ) ST: If the trnsition upon input i t stte s m is not n STtrnsition then ny chnge to it cn not ffect the spnning tree of FSM M. AFF Q is not extended. (s m,i,o,s j ) ST: If the trnsition upon input i t stte s m is n STtrnsition then the chnge ffects the spnning tree. The q-ffected sttes re identified wlking the ST s sutree. All sttes of ST j s (including s j ) j re mrked s q-ffected sttes. The AFF Q set cn e determined using simple redth-first serch of the ST s sutree with worst cse complexity j of AFF Q. Phse 2: Determining spnning tree of M Phse 2 of the lgorithm tkes the set AFF Q from Phse 1 nd completes the spnning tree for ech memer of AFF Q to crete spnning tree ST of M. If AFF Q = 0 (there re no q-ffected sttes) then ST is spnning tree of M. Return ST nd the lgorithm termintes. If AFF Q > 0 then we pply the following method: All trnsitions of ST leding to q-ffected sttes re removed from ST long with the modified trnsition (s m,i,o,s k ). Then we extend ST s follows. For ll s x in AFF Q we strt checking the trnsitions leding to s x in M until either trnsition originting from n unffected stte is found or there re no more inound trnsitions left. If trnsition (s i,i,o,s x) such tht s i AFF Q is found then: (I) ST := ST (s i,i,o,s x), (II) AFF Q := AFF Q \ {s x}, (III) if there is trnsition (s x,i,o,s y) where s y AFF Q then repet Steps I-III on s y. The lgorithm stops fter ll s x in AFF Q hs een checked, then return ST nd AFF Q ; the lgorithm termintes. At the end of the lst turn ST will e
spnning tree of M, nd ny s z remining in AFF Q is unrechle from s 0 in M. Q-set exmple. Tke FSM M on Figure 1() where old edges represent the spnning tree nd the doule circle denotes the initil stte. /x s2 /x /x /x /x /x /x s2 /x /x /x /x s0 /x s1 /y s3 s0 s1 /y s3 /x /x () FSM M with its spnning tree ST () Modified FSM M with the updted spnning tree ST Fig. 1. Exmple for mintining the premle Initilly let ST = ST nd AFF Q =. The modifiction ω n (s 0,,x,s 1 ) = (s 0,,x,s 0) is next stte chnge. As trnsition (s 0,,x,s 1 ) is in ST, we need to determine the set of q-ffected sttes y wlking the ST s sutree. 1 We get AFF Q = {s 1,s 3}. In Phse 2 trnsitions leding to q-ffected sttes (s 0,,x,s 1) nd (s 1,,y,s 3) re removed from ST. Then one of the sttes sy s 1 is selected from AFF Q. Trnsition (s 2,,x,s 1) is identified, which is link originting from not ffected stte s 2. We dd it to ST nd remove s 1 from AFF Q. We then check trnsitions originting from s 1 nd find (s 1,,y,s 3) tht leds to q-ffected stte. We dd (s 1,,y,s 3) to ST nd remove s 3 from AFF Q. Now, AFF Q =, so the lgorithm termintes nd returns ST, see Figure 1(). Theorem 1. The incrementl lgorithm for mintining spnning tree descried ove hs time complexity of O(p Q ), where 1 Q n. Proof. Phse 1 of the lgorithm hs worst cse complexity of O( AFF Q ). Phse 2 of the lgorithm first serches pth from the unffected sttes of M to the q-ffected sttes. There re exctly p AFF Q trnsitions originting from the q-ffected sttes. Therefore there cn e t most p AFF Q steps tht do not provide pth from unffected sttes of M to the q-ffected sttes summrized over ll ckwrd check turns of Phse 2. Thus there re no more thn (p + 1) AFF Q ckwrd check turns. If link is found from n unffected stte to n ffected stte s x then the lgorithm dds ll sttes of AFF Q rechle from s x vi ffected sttes. Agin, there cn e t most p AFF Q such steps summrized over ll forwrd check turns of Phse 2. As ny of the p AFF Q trnsitions re processed t most twice y the lgorithm, less thn 2 (p + 1) AFF Q O(p AFF Q ) steps re necessry
to complete Phse 2. The totl complexity of the lgorithm is O(p AFF Q ) O(p Q ) The new set Q of M contins AFF Q modified sequences: Input sequences of ST leding from s 0 to s i for ll s i in AFF Q. 5.2 Incrementl Algorithm for Mintining Seprting Fmily of Sequences We re gin given the specifiction FSM M, nd the chnge ω(s m,i,o,s j ) turning M to M. We lso hve seprting fmily of sequences of FSM M ( seprting set for ech stte): Z = {Z 1,...,Z n } Z i = {z ij },j = 1...n, where z ij is seprting sequence of sttes s i, s j of FSM M. Our ojective is to crete new seprting fmily of sequences Z for M. Note tht we consider somewht structured seprting fmily of sequences s discussed lter. This, however, does not restrict the generlity of the pproch s ech incrementl step genertes seprting fmily ccording the ssumed structure. Informlly speking, to mintin seprting fmily of sequences we hve to identify ll seprting sequences ffected y the chnge. Then for ll such stte pirs new seprting sequence hs to e generted. Notice tht this is prolem over stte pirs rther thn sttes. Therefore we introduce n uxiliry directed grph A M with n(n+1)/2 nodes, one for ech unordered pir (s j,s k ) of sttes of M including identicl stte pirs (s j,s j ). There is directed edge from (s j,s k ) to (s l,s m ) leled with input symol i iff δ(s j,i) = s l nd δ(s k,i) = s m in M. The uxiliry directed grph A M is used to represent nd mintin seprting sequences of FSM M. The grph is updted y our lgorithm t ech incrementl step. We define seprting stte pir s n unordered pir of sttes (s x,s y ) such tht λ(s x,i) λ(s y,i) for some i I. A mchine M is miniml iff there is pth from ech non-identicl stte pir (s j,s k ),j k to seprting stte pir in its uxiliry directed grph A M. The input lels long the route conctented y the input distinguishing the seprting stte pir form seprting sequence of sttes s j nd s k. We mke the following ssumptions on the seprting sequences of FSM M: (I) Ech seprting stte pir (s x,s y ) hs single seprting input i λ(s x,i) λ(s y,i) ssocited to it. If given pir hs multiple such inputs, then the input to e ssocited is chosen rndomly. (II)The set of seprting sequences of FSM M is prefix-closed. Then seprting sequences of FSM M form n cyclic sugrph of the uxiliry directed grph A M, such tht there is exctly one pth from ech stte pir (s x,s y ),x y to seprting stte pir. Tht is, seprting sequences form forest over the non-identicl stte pirs of A M, such tht ech tree hs seprting stte pir s root nd ll edges of the given tree re directed towrd the root see Figure 2() elow for exmple. Let us refer to this forest ( sugrph of A M ) s SF. We cll n edge of A M n SF-edge iff it is in SF. A sutree of SF hving stte pir (s i,s j ) s root is proper sutree of the forest SF nd
will e referred to s SF si,s j. Note tht y wlking such tree (or its sutree) we lwys ssume tht it is explored opposing edge directions from the root (or n inner node) towrd leves. Thus the prolem of deriving the seprting fmily of sequences for FSM M cn e reduced to mintining seprting stte pirs, their ssocited seprting input nd forest SF over non-identicl stte pirs of A M cross chnges. Given the chnge ω(s m,i,o,s j ) turning M to M ll stte pirs tht include stte s m re modified to construct the uxiliry directed grph A M of FSM M. Accordingly ll unordered stte pirs of A M involving s m re referred to s z-modified stte pirs. As result of the unit chnge ssumption the crdinlity of the set of z-modified stte pirs MODIFIED Z revited s MOD Z is n: MOD Z = n. 8 The lgorithm derives the set of stte pirs ffected y the chnge. Such stte pirs re sid to e z-ffected. The set of z-ffected stte pirs is referred to s AFFECTED Z revited s AFF Z, where 0 AFF Z n(n 1)/2. We define the set CHANGED Z S S s MOD Z AFF Z. The complexity of the incrementl lgorithm will e expressed s function of prmeter CHANGED Z referred to s Z, where n Z n(n 1)/2. The input of the lgorithm is the uxiliry directed grph A M of FSM M, the chnge opertor nd the forest SF of A M representing seprting sequences of M. The output is A M, the new forest SF of A M nd set contining pirs of equivlent sttes. The lgorithm consists of two phses nd hndles output nd next stte chnges seprtely in the first phse. Phse 1 Output Chnge Tke output chnge ω o (s m,i,o x,s k ) = (s m,i, o y,s k ),o x o y. Initilize AFF Z s n empty set, A M := A M nd SF := SF. For stte pirs s i S : (s m,s i ) pply the chnge to AM nd: If stte pir (s m,s i ) is new seprting stte pir then mrk it nd ssocite i s seprting input. If i hs een the seprting input of seprting stte pir (s m,s i ) in A M ut λ (s m,i) = λ (s i,i) = o y then ll stte pirs of the tree with (s m,s i ) root including (s m,s i ) re dded to AFF Z (mrked s z-ffected). These sttes cn e identified y wlking the given tree from the root. If there is nother input i 1 λ (s m,i 1 ) λ (s i,i 1) then (s m,s i ) remins seprting stte pir with i 1 ssocited s seprting input. Stte pir (s m,s i ) is removed from AFF Z. If i I : λ (s m,i) = λ (s i,i) then (s m,s i ) is no longer seprting stte pir, thus the seprting stte pir mrking is removed from (s m,s i ). Do nothing otherwise. 9 Phse 1 Next Stte Chnge Tke next stte chnge ω n (s m,i,o x,s k ) = (s m,i,o x,s l ),s k s l. Initilize AFF Z s n empty set, A M := A M nd SF := SF. For stte pirs s i S : (s m,s i ) pply the chnge to AM nd: 8 Pirs s i, s i of identicl sttes re lso modified here. 9 One could ssume different definitions for ffected stte pirs s design choice.
If the edge of A M mrked y input i t stte pir (s m,s i ) is n SF-edge then the modifiction ffects the given tree of the spnning forest. All stte pirs of the SF s sutree re z-ffected sttes (including (s m,s m,s i )). Thus i the SF s sutree is explored using simple redth-first serch, ll stte m,s i pirs re dded to AFF Z (mrked s z-ffected). Do nothing otherwise. Phse 2 Phse 2 of the lgorithm tkes the set AFF Z from Phse 1 nd updtes the forest SF for ech memer of AFF Z. If AFF Z = 0 then SF is vlid forest over A M representing seprting sequence for ech non-identicl stte pir of M. Return SF nd the lgorithm termintes. If AFF Z > 0 then the following method is pplied: All edges of SF originting from z-ffected stte pirs re removed from SF. Then we extend SF s follows. We exmine ll edges of A M originting from z-ffected stte pir nd construct sugrph of A M denoted s A M AFF the following wy: (I) For ech z-ffected stte pir there is corresponding node in A M AFF. (II) For ech edge etween z-ffected stte pirs there is n edge in A M AFF. (III) If there is n edge originting from z-ffected stte pir leding to not ffected stte pir then we mrk the given z-ffected stte pir t the hed of the edge. Next we explore A M AFF opposing edge directions from mrked stte pirs using redth-first serch to crete spnning forest over A M AFF with mrked stte s root nodes. All stte pirs covered y the spnning forest re removed from AFF Z. Finlly SF is expnded simply ppending the spnning forest of A M AFF. Ech tree of the forest of AM AFF is linked to SF y n edge leding to not ffected stte pir from its mrked root node. Return SF nd AFF Z ; the lgorithm termintes. At the end of the lgorithm AFF Z contins ny pirs of equivlent sttes for which no seprting sequence exists. Ech prtil pth of SF represents seprting sequence of M : Given pth from node (s i,s j ) to seprting stte pir (s x,s y) the input lels long the route conctented y the seprting input of s x,s y form seprting sequence z ij of sttes s i nd s j. The seprting fmily of sequences of FSM M is given s Z = {Z 1,...,Z n} Z i = {z ij },j = 1...n. Z set exmple. The uxiliry grph A M of M is presented on Figure 2(). Bold edges represent the forest SF of M, seprting stte pirs re shown in old ellipses, seprting inputs re represented y igger sized edge lels, while the dotted edges etween identicl stte pirs re mintined ut hve no importnce for the lgorithm. Initilly AFF Z = nd let SF = SF. Edges leled with input originting from stte pirs (s 0,s 0), (s 0,s 1), (s 0,s 2), (s 0,s 3) re modified to crete A M. (s 0,s 1) is seprting stte pir nd is therefore not ffected. The - leled edge originting from stte pir (s 0,s 2 ) is not in SF thus (s 0,s 2) is not ffected either. (s 0,s 0) is irrelevnt. Therefore only stte pir (s 0,s 3) is z- ffected: AFF Z = {(s 0,s 3)}. In Phse 2 the -leled edge originting from (s 0,s 3) is removed from SF. Then edges originting from (s 0,s 3) re checked
s1, s2 s0, s1 s0, s3 s0, s2 s1, s1 s2, s2 s1, s2 s0, s1 s0, s3 s0, s2 s1, s1 s2, s2 s2, s3 s1, s3 s3, s3 s0, s0 s2, s3 s1, s3 s3, s3 s0, s0 () The uxiliry grph A M of FSM M () The updted uxiliry grph A M FSM M of Fig. 2. Auxiliry grphs nd n edge (s 0,s 3),(s 0,s 2) leding to non-ffected stte pir is found. The given edge is dded to SF nd (s 0,s 3) is removed from AFF Z. Now, AFF Z =, thus the lgorithm termintes nd returns SF, see Figure 2(). All seprting sequences re unchnged except the one of sttes s 0 s 3, which is chnged from to. Theorem 2. The incrementl lgorithm for mintining seprting fmily of sequences descried ove hs time complexity of O(p Z ), where n Z n 2. Proof. Regrdless of chnge opertor type Phse 1 of the lgorithm involves MOD Z modifiction steps nd O( AFF Z ) steps to identify ffected stte pirs. Phse 2 of the lgorithm first cretes sugrph in p AFF Z steps nd then cretes spnning forest over it with O(p AFF Z ) complexity. Thus the totl complexity of the lgorithm is O(p Z ). 5.3 Totl Complexity of the Incrementl Testing Our lgorithm just s the originl HIS-method derives ctul test sequences in two stges y conctenting sequences from the sets Q nd Z i. Ech test sequence prt of the checking sequence is either sequence r q i z ij (stge 1) or sequence r q i i z xy (stge 2). A test sequence must e regenerted fter chnge if either the q-sequence, or the z-sequence of the given test sequence is modified y our incrementl lgorithms ove. Tht is, test sequence r q i... z ij of M is modified iff s i AFF Q or (s i,s j ) AFF Z. Such sequences re identified using links etween the sets Q, Z i,i = 1...n nd test sequences. The numer of modified test sequences is less or equl thn p n 2, i.e., in worst cse the numer of test cses to e generted is equivlent to those generted y tch lgorithm. The resulting test set is complete test set of M tht is no different
thn one generted using the tch HIS-method. It consists of the sme set of test sequences generted using vlid Q nd Z sets of M. Note tht the conctention opertion is from the complexity point of view quite expensive step. Conctention, however, only hs to e performed s prt of the testing procedure itself. If no ctul testing is needed fter chnge to the specifiction then we should only very efficiently mintin the sets Q nd Z ccording to ech modifiction nd do the conctention just s necessry. 6 Relted Work Nerly ll test genertion pproches in the FSM test genertion literture propose tch lgorithms, i.e., they focus on uilding test sets for system from scrtch without utilizing ny informtion from tests creted for previous versions of the given system. One of the few exceptions the most relevnt reserch hs een the work of El-Fkih t l. [18]. Similrly to our pproch, the uthors ssume specifiction in form of complete deterministic FSM M, which is modified to new specifiction M. The prolem in oth cses is to generte checking sequence to test if n implementtion Impl conforms to M. Our pproch, however, involves some fundmentl improvements on El-Fkih s method. The most importnt re: 1. El-Fkih s lgorithm does not intend to crete complete test set for the modified specifiction M, insted it my e used to generte tests tht would only test the prts of the new implementtion tht correspond to the modified prts of the specifiction [18]. This necessittes the following quite restrictive ssumption: the prts of the system implementtion tht correspond to the unmodified prts of the specifiction hve not een chnged [18]. Thus, it is presumed tht no ccidentl or intentionl (mlicious) chnges re introduced to supposedly unmodified prts of the implementtion. Such fults could remin undetected s the test set generted y the lgorithm is not complete. Note tht the ssumption ove is unvoidle s not even the union of the existing test set of M nd the incrementl test set generted y the lgorithm provide complete test set for M. Our lgorithm, on the other hnd, mintins complete test set cross the chnges to the specifiction. The lgorithm modifies the existing test set of M to crete complete test set for M if such exists cple of detecting ny fult in Impl. 2. El-Fkih s lgorithm is not ounded incrementl lgorithm in the sense tht it uses trditionl tch lgorithms to crete stte cover set nd seprting fmily of sequences for given FSM upon ech modifiction. Therefore its complexity is the function of the size of the input FSM, not the extent of the chnge. Our method in turn is ounded incrementl lgorithm, its complexity is dependent on the extent of the chnge. It identifies how the modifiction ffects the existing test set of the originl specifiction mchine M. New tests
re only generted for the ffected prt nd the clcultion is independent of the unffected prt. The complexity of our lgorithm is no worse thn the complexity of the corresponding tch lgorithm. 7 Conclusion We hve presented ounded incrementl lgorithm to generte test cses for deterministic finite stte mchine models. Our pproch ssumes chnging specifiction nd utilizes n existing test set of the previous version to efficiently mintin complete test set cross the chnges to the specifiction. For ech updte of the system complete test set is generted with the sme fult detection cpility s tht of trditionl tch lgorithm. The complexity of the lgorithm is evluted sed on the ounded incrementl model of computtion of Rmlingm nd Reps [1]. The time complexity of the proposed lgorithm is shown to e ounded; it is function of the size of the chnge to the specifiction rther thn the size of the specifiction itself. It is never worse thn the complexity of the relevnt trditionl lgorithm the HIS-method. Furthermore, the two utonomous incrementl lgorithms uilding up the incrementl test genertion method my lso e pplied independently for vrious purposes during development. In the future we pln to further experiment with the presented lgorithm to gin sufficient performnce dt for prcticl nlysis. Our current focus hs een on time complexity ut the pproch leves spce for fine-tuning nd optimiztions in severl spects tht will hve to e studied. The reserch reported here is regrded s first step in developing efficient incrementl testing lgorithms. We pln to investigte if this pproch cn e extended to different prolems nd models. References 1. Rmlingm, G., Reps, T.: On the computtionl complexity of dynmic grph prolems. Theoreticl Computer Science 158(1-2) (1996) 233 277 2. Snni, K., Dhur, A.: A protocol test genertion procedure. Computer Networks nd ISDN Systems 15(4) (1988) 285 297 3. Ynnkkis, M., Lee, D.: Testing finite stte mchines: fult detection. In: Selected ppers of the 23rd nnul ACM symposium on Theory of computing. (1995) 209 227 4. Petrenko, A., Yevtushenko, N., Leedev, A., Ds, A.: Nondeterministic stte mchines in protocol conformnce testing. In: Proceedings of the IFIP TC6/WG6.1 Sixth Interntionl Workshop on Protocol Test systems VI. (1994) 363 378 5. Surmnim, M., Pp, Z.: Anlyzing the impct of protocol chnges on tests. In: Proceedings of the IFIP Interntionl Conference on Testing Communicting Systems, TestCom. (2006) 197 212 6. Friedmn, A.D., Menon, P.R.: Fult Detection in Digitl Circuits. Prentice-Hll (1971)
7. Aho, A.V., Sethi, R., Ullmn, J.D.: Compilers: Principles, Techniques, nd Tools. Addison-Wesley (1986) 8. Holzmnn, G.J.: Design nd Vlidtion of Protocols. Prentice-Hll (1990) 9. ITU-T: Recommendtion Z.100: Specifiction nd description lnguge (2000) 10. TC97/SC21, I.: Estelle forml description technique sed on n extended stte trnsition model. interntionl stndrd 9074 (1988) 11. Surmnim, M., Chundi, P.: An pproch to preserve protocol consistency nd executility cross updtes. In: Proceedings of Forml Methods nd Softwre Engineering, 6th Interntionl Conference on Forml Engineering Methods, ICFEM. (2004) 341 356 12. Pp, Z., Csopki, G., Diuz, S.: On the theory of ptching. In: Proceedings of the 3rd IEEE Interntionl Conference on Softwre Engineering nd Forml Methods, SEFM. (2005) 263 271 13. Lee, D., Yinnkkis, M.: Principles nd methods of testing finite stte mchines survey. Proceedings of the IEEE 84(8) (1996) 1090 1123 14. Bochmnn, G.V., Petrenko, A.: Protocol testing: review of methods nd relevnce for softwre testing. In: ISSTA 94: Proceedings of the 1994 ACM SIGSOFT interntionl symposium on Softwre testing nd nlysis, New York, NY, USA, ACM Press (1994) 109 124 15. Chow, T.: Testing softwre design modelled y finite-stte mchines. IEEE Trnsctions on Softwre Engineering 4(3) (1978) 178 187 16. Fujiwr, S., v. Bochmnn, G., Khendec, F., Amlou, M., Ghedmsi, A.: Test selection sed on finite stte model. IEEE Trnsctions on Softwre Engenieering 17 (1991) 591 603 17. Kohvi, Z.: Switching nd Finite Automt Theory. McGrw-Hill, New York (1978) 18. El-Fkih, K., Yevtushenko, N., von Bochmnn, G.: FSM-sed incrementl conformnce testing methods. IEEE Trnsctions on Softwre Engineering 30(7) (2004) 425 436