CC BY
48
[2, 3, 6, 8]. Как было показано выше (см. рис. 1), для вычисления одного множества коэффициентов необходимо выполнить n • 2n _1 операций EXOR.
Таким образом, для нахождения 2n множеств коэффициентов требуется выполнить M = n • 2n _1 операций. Для вычисления необходимо иметь память емкостью 3 • 2n бит (2n х 1) — для записи таблицы истинности функции, и 2 • (2n х 1) — для хранения текущего минимального множества Л; и вычисления последующего множества коэффициентов разложения Л;+1 .
В предложенном алгоритме таблица истинности используется только при вычислении множества коэффициентов Л0, определяющих ПНФ с переменными без отрицаний. Для этого необходимо выполнить n • 2n _1 операций EXOR и иметь память емкостью (2n х 1) бит.
Для вычисления остальных (2n -1) множеств коэффициентов ПНФ необходимо выполнить (2n -1) • 2(n_1) операций. Таким образом, для нахождения всех 2n множеств коэффициентов разложения необходимо выполнить M' = 22n_1 + (n -1 • 2(n_1) операций EXOR двухбитовых чисел и иметь память емкостью 2 х (2n х 1) бит.
Проведенный анализ позволяет сделать вывод о том, что предложенный алгоритм позволяет приблизительно в n раз сократить число операций сложения и требует для реализации объем памяти на 2n бит меньше.
5. Заключение
Научная новизна. Проведен анализ и дано теоретическое обобщение существующих методов синтеза легкотестируемых схем в базисе ПНФ, предложен новый метод нахождения минимальных ПНФ, который в отличие от существующих позволяет сократить число операций суммирования и объем памяти, требуемый для вычисления.
УДК 519.713.4 “
ADAPTIVE TEST GENERATION FOR NONDETERMINISTIC NETWORKS
PETRENKO A, VETROVA M, YEVTUSHENKO N.
In this paper, we discuss transition coverage testing that is test purpose based testing. We introduce the notion of a test as a tree FSM, define preset and adaptive tests for a non-deterministic specification and demonstrate that adaptive tests achieve the above test purpose more effectively. We illustrate our approach for a so-called monolithic representation of a non-deterministic FSM.
1. Introduction
Non-deterministic networks have recently been considered in various areas oflogic synthesis [ 1] and are usually used as a joint compact representation of deterministic behaviors. In this case, a system specification
Практическая значимость. На основе предложенного метода разработан алгоритм синтеза комбинационных схем, реализующих минимальную ПНФ заданной функции с фиксированной полярностью переменных. Разработана процедура вычисления коэффициентов ПНФ функции n переменных и поиска ее минимальных форм, которая позволяет приблизительно в n раз сократить число операций сложения по mod 2 и требует для программной реализации меньший объем памяти.
Литература: 1. Поспелов ДА. Логические методы анализа и синтеза схем. М.: Энергия, 1974. 386 с. 2. Papakonftantinou G. Minimization of modulo —2 sum of products // IEEE Trans. Comput. 1979. — c — 28, №2. Р.163-167. 3. Reddy S.M. Easily testable realizations for logic functions // IEEE Trans.Comput. 1972. №11. Р.1183-1186. 4. Saluja R.K., Reddy S.M. Fault detecting test sets for reed- Muller canonic networks // IEEE Trans. Comput-1975.-c-24-№10-p/995-998. 5. PageE. W. Minimally testable Reed- Muller canonical forms functions // IEEE Trans. Comput. 1980. №8. Р.746-750. 6. Saluga K.K, Ong E.H. Minimization of Reed- Muller canonic expansion functions // IEEE Trans.Comput.1979. №7.Р.535-537. 7. Sasao T.AND-EXOR Expressions and their optimization Kluver Academic Publishers.1993. 8. Wu X, Chen X, Hurst S.L. Mapping of Reed- Muller coefficients and the minimization of XOR switching functions // IEEE Trans. Proc. E., Comput. Digital Techniguos.1982— u.129. № 1. Р.15-20. 9. Falkowski B.JA Comment on “Generalised Reed- Muller forms as a tool to detect symmetries” // IEEE Trans. on Comput. 2003. Vol.52, № 7. Р.975-976.
Поступила в редколлегию 12.05.2005
Рецензент: д-р техн. наук, проф. Дербунович Л.В.
Бережная Марина Анатольевна, канд. техн. наук, доцент кафедры ТАПР ХНУРЭ. Научные интересы: САПР. Адрес: Украина, 61166, Харьков, пр. Ленина, 14,тел. 702-14-86.
Рыжикова Марина Георгиевна, соискатель кафедры ТАПР ХНУРЭ. Научные интересы: САПР. Адрес: Украина, 61166, Харьков, пр. Ленина, 14, тел. 702-14-86.
Татаренко Дмитрий, аспирант кафедры АУТС НТУ «ХПИ». Научные интересы: САПР. Адрес: Украина, 61166, Харьков, ул. Фрунзе, 21, тел.707-60-24.
is non-deterministic while each implementation is deterministic. Testing is needed to determine whether the behavior of a given implementation is contained in that of the specification.
The problem of testing a non-deterministic network can be formulated as testing against a non-deterministic specification Finite State Machine (FSM) w.r.t. the containment (reduction) relation when each implementation is assumed to be a deterministic FSM. A number of methods have been elaborated for generating tests from a non-deterministic FSM [2, 3, 4, 5]. Some of these methods are based on test purposes and return tests with unknown fault coverage; other methods derive tests with the guaranteed fault coverage w.r.t. an appropriate fault model. The main difference of test generation from a non- deterministic specification FS M compared to deterministic ones is that tests depend not only on the specification, but also on an Implementation Under Test (IUT), as testing becomes an adaptive
РИ, 2005, № 3
109
process of alternating between test execution and test generation, taking into account responses already produced by an IUT.
In this paper, we focus on transition coverage testing that is test purpose based testing (as opposed to fault coverage). Our test purpose is to cover transitions in deterministic submachines of the specification FSM. Our motivation is that transition covering tests are known to be of a high quality at least in the case of deterministic specifications. We introduce the notion of a test as a tree FSM, define preset and adaptive tests for a non-deterministic specification and demonstrate that adaptive tests achieve the above test purpose more effectively. We illustrate our approach for a so-called monolithic representation of a non-deterministic FSM, where the transition relation describes transitions between states of the FSM. At the same time, similar to deterministic FSM, the partitioned representation of the transition relation can be used when the relation involves not states and inputs but internal and input variables [6]. To our knowledge, this problem is solved only for deterministic specification FSMs.
This paper is organized as follows. Section 2 contains basic definitions, Section 3 presents our definition of tests. The proposed method for testing on-the-fly is in Section 4. Conclusions are given in Section 5.
2. General Definitions
Given alphabet Z, let 2Z denote the set of all subsets of Z. A Finite State Machine (FSM) A is a 5-tuple (S, I, O, h, s0), where S is a finite set of states with the initial state s0, I and O are finite non-empty sets of inputs and outputs, respectively, which satisfy the condition I n O=0; h is a behavior function h: s x I ^ 2SxO . In this paper, we consider only observable machines; an FSM a is observable if the underlying automaton AX = (S,I x O,5,s0), where 5(s, ao)=s' iff (s',o) є h(s,a) is deterministic. FSM A is completely specified (a complete FSM) if h(s,a)=0 for all (s,a) є S x I; otherwise, FSM A is partially specified (a partial FSM); FSM A is deterministic if |h(s,a)| < 1 for all (s,a) є S x I; otherwise, FSM a is non-deterministic. We denote a transition (s,a,b,s'), where h(s,a)=(s',b).
A word a of the underlying automaton AX at state s is a trace of A at state s ; TrA (s) denotes the set of all traces of A at state s and TrA denotes the set of traces of A at the initial state. Given sequence a є (I x O)*, the input projection of a, denoted a^Z, is a sequence obtained from a by erasing symbols in O . An input sequence p є I* is a defined input sequence at state s of A if there exists a є TrA(s) such that P=a^Z. Given a trace p є TrA(s), s -after- p denotes the state reached by A when it executes the trace p from state s . If s is the initial state s0 then instead of s0 -after- p we write A -after- p .
FSM B=(SB, I, O, hB, s0) is a submachine of A=(S, I, O, h, s0) if SB c S and hB(s,a) c h(s,a) for each (s,a) є SB x I.
We denote Qa the set of defined input sequences of a in the initial state.
Given two FSM A and B, FSM B is a reduction of FSM A, A < B , if TrB c TrA . FSM B is a quasireduction of FSM A, A<B , if GB з Qa and (P є TrB |Pn = a} c(P є TrA |Pn = a} for all a eQA . FSM b is not a reduction of FSM a , written B £ A, if (P є TrB |PrI = a} £(P є TrA |PrI = a} for some a efiA nQB; we use the notation B £ a A when we need to refer to the input sequence a which detects that B is not a reduction of A. For complete FSM the quasireduction and the reduction relations coincide.
The reduction relation captures the notion of trace inclusion or containment (preorder) relation. Given two complete machines B and A , FSM B is a reduction of FSM A if and only if for each input sequence a , the set of output responses of the B to a is a subset of that of the FSM A . If FSM в produces an output sequence in response to some input sequence that the A cannot, then B is not a reduction of A .
3. FSM Tests
In this paper, we assume that a specification FSM A from which we generate tests is a complete observable, but not necessarily deterministic, machine, while any implementation FSM is a complete deterministic machine. In this case, the reduction relation is used to declare a verdict on conformance of an IUT.
Given input I and output O alphabets, a test и Uis an FSM U=(T,I,O,k,e), where
— t is a finite prefix-closed subset of (I x O)*,
— If axz є T then k(a,x)-(axz,z).
— Each completed trace a of the test, i.e., such that a (I u O)* n T=0 , is a verdict state, labeled either pass or fail, i.e., a pass- or fail-state (trace).
The tester produces the verdict fail whenever the implementation FSM executes an input/output sequence that is a fail-trace of the test. If the implementation FSM does not execute fail-races of the test then the verdict pass is produced. Any test of A can be obtained by unwinding the graph of A into a tree, while skipping some inputs and outputs of A . The tree structure of a test is fully determined by the set of its traces. A test may have transitions with different inputs from a same state, we assume, therefore, that a reliable reset operation is available in any implementation.
Let 3(A) be a set of complete deterministic (implementation) machines over the input alphabet of A, called a fault domain. FSM B є 3(A) is a conforming implementation machine of A if A < B .
110
РИ, 2005, № 3
Given a test U=(T,I,O,X,e) and an implementation FSM B є 3(A),
— the test U execution (observation) on в is the FSM B n U=(Q,I,O,p,q0);
— a state (s,t) є Q is a fail-state, if t is a verdict fail state.
— в fails U , if B n U has a fail-state.
— в passes U , if B n U has no fail-states.
Given a test U and a fault domain 3(A),
— U is sound in 3(A) for the FSM A and reduction relation, if each A < B , B є 3(A), passes U .
— U is complete in 3(A) for FSM a and reduction relation, if each B £ A, B є 3(A), fails U .
— U is exhaustive in 3(A) for FSM A and reduction relation, if it is sound and complete in 3(A).
A test may have transitions with different outputs from a state under the same input. We call a test U a preset test if for each two of its traces a and p , I = p^I, the
test U has a trace ay if and only if the test has a trace pk , (Pk)^ = (ay)^I. In this case, an output produced by an IUT does not decide which next input to apply in the preset test U .
If the above property does not hold for a test, in other words, if a next move (input to the IUT) of the tester depends on an output of the IUT, the test has to be adaptively executed by the tester. In other words, in such a scenario, the tester adapts itself to the behavior of the implementation FSM. For this reason, we refer to such test as an adaptive test. The tree of an adaptive test can be derived in advance before test execution begins; however, usually only a part of thus obtained test may be obtained if a test is generated on-the-fly, by alternating test generation and test execution steps until some testing criterion is met. Thus, adaptive testing usually reduces computations in test generation.
4. Testing for Covering Transitions in a Specification FSM
In the case when a specification FSM is deterministic (so is any implementation FSM), a (preset) test that covers all the transitions in the specification is a transition tour of the specification FSM. It can be determined using standard graph algorithms. The problem becomes, however, much more complicated when a specification FSM is non-deterministic, while any implementation FSM is known to be deterministic. In this case, covering all the transitions of the specification FSM while testing a given implementation FSM is impossible, as the latter may only “implement” at most one transition out of all transitions sharing the same starting state and input action. Thus, in this testing scenario, the transition covering criterion has to be rephrased as follows. A test should cover transitions of deterministic submachine of the specification FSM.
A naive, straightforward approach for determining such transition coverage of the specification FSM involves the explicit enumeration of all its submachines and can
hardly constitute a satisfactory solution, since the number of submachines can be huge even for small specifications. Moreover, all these tests will never be used for testing a given implementation FSM since it is deterministic. The tester needs only such a test that is relevant to a given (though, unknown) implementation FSM. We propose a method for deriving a test providing transition coverage on-the-fly during the process of testing an implementation at hand.
Method: On-the-fly test generation for transition coverage in a non-deterministic specification FSM while testing a deterministic implementation FSM B .
Stepl. Assign M:=A , T={e} , P:=e .
Step2. Repeat the following until for a current trace p there exists an input a such that the transition from state M -after- p with input a is not colored in m :
— apply P^a to the FSM b and observe the output b in state в -after- p in response to the input a;
— if the FSM m does not have the trace P(ab) then add this trace to the test as a fail-trace, produce the verdict fail and END; otherwise, delete from the FSM M each transition (M -after- p , a, b', s'), where b' Ф b and color in the FSM M the transition ( m -after- p , a, b , s'); add the trace P(ab) to the set T; and assign P:=P(ab).
If for each input a the transition from state M -after-P under input a is colored in the FSM m then:
— if each trace of the set t takes FSM m only to a state from which all transitions are colored then each completed trace of a test is a pass-trace, produce the verdict pass and END. Otherwise, select the shortest trace y in t that takes FSM m to a state from which there exists an uncolored transition;
— assign P:=y and repeat Step 2.
In the case of a deterministic specification FSM, the method produces a test that covers each and every transition of the specification FSM.
We claim that the proposed method delivers a test covers all transitions in the initially connected deterministic submachine of A . Recall that the initially connected part of an FSM is the submachine obtained by removing states (and their transitions) that are not reachable from the initial state.
Theorem. Let t be the test derived by the above method. If the tested implementation FSM is equivalent to a deterministic submachine of A then it passes the test, i.e., T is sound. If the verdict pass is produced then T covers all transitions of some initially connected deterministic submachine of A .
Example. Consider the specification FSM a in Figure 1 and its deterministic submachine в (Figure 2). The
FSM A has two internal variables and thus, four states 00, 01, 10 and 11 with 00 as the initial state, two input variables and a single output variable. By direct inspection,
РИ, 2005, № 3
111
one can assure that the specification FSM has 210=1024 deterministic submachines.
Fig. 2. The deterministic submachine B
The test derived by the above method for the implementation FSM в is shown in Figure 3, where all final states are pass-states. Total length of a test is 14 counting a reset. The specification FSM has a submachine with four states whose transition graph is not Euler. Thus, its transition coverage has at least two sequences. Then the total length of each preset test derived in advance, is not less than 18.
11/0 11/0 10/1 10/0
Fig. 3. An adaptive test for the implementation FSM B. 5. Conclusions
In the paper, we considered the problem of testing nondeterministic networks as non-deterministic FSMs. We introduced the notions of preset and adaptive tests for a non-deterministic FSM when testing is used to determine whether the behavior of an implementation at hand, that is a deterministic FSM, is contained in that of the specification. A method for deriving an adaptive test covering all the transitions of a submachine of the specification FSM is proposed. A transition cover of the specification FSM is known to be a high quality test
when the specification FSM is deterministic. For example, such a test is known to capture all output faults and almost all single stuck-at- and permutation faults [7]. However, we notice that a transition cover of a nondeterministic specification FSM does not guarantee detection of all output faults even in deterministic submachines of the specification FSM. The reason is an output fault may become latent, as in a nondeterministic FSM, there may exist a transition to another state with the same erroneous output. Additional research is needed to evaluate the fault coverage of transition covering tests for non-deterministic specifications and to elaborate methods for detecting stuck-at-, permutation and other traditional fault models when testing deterministic circuits against a nondeterministic specification network.
References: 1. Mishchenko A., Brayton R. A theory of NonDeterministic Networks // Proc. Intl. Conference on Computer-Aided Design. San Jose, California, 2003. P. 709-717. 2. Alur R., Courcoubetis C., Yannakakis M. Distinguishing Tests for Non-deterministic and Probabilistic Machines // Proceedings of the ACM Symposium on Theory of Computing, 1995. P. 363-372. 3. Tripathy P., Naik K. Generation of Adaptive Test Cases from Nondeterministic Protocol Models Using UIO Sequences // Proc. ofthe 5th. IFIP International Workshop on Protocol Test Systems. Montreal, Canada, 1992. P. 166179. 4. Petrenko A., Yevtushenko N., Bochmann G. v. Testing Deterministic Implementations Against their Nondeterministic Specifications // Proceedings of the IFIP Ninth International Workshop on Testing of Communicating Systems. Germany, 1996, P. 125-140. 5. Hierons R. M. Using Candidates to test a Deterministic Implementation against a Non-deterministic Finite State Machine // The Computer Journal, 2003. 46, 3. P. 307-318.
6. Mishchenko A., Brayton R., Jiang R., Villa T., Yevtushenko N. Efficient Solution of Language Equations Using Partitioned Representations // Proc. Design and Test in Europe. Munich, Germany, 2005. P. 412-417. 7 .Koufareva I. Using Non-determinisic Finite State Machines for Testing Discrete Event Systems. Ph.D. thesis. Tomsk State University, 2000.
Поступила в редколлегию 16.06.2005
Рецензент: д-р техн. наук, проф. Хаханов В.И.
Петренко Александр Федорович. д-р техн.наук, руководитель группы, ведущий научный сотрудник CRIM, Монреаль, Канада. Научные интересы: формальные методы. Теория автоматов. Тестирование.
Ветрова Мария Викторовна. канд.техн. наук, доцент каф. ИТИДиС Томского государственного университета. Научные интересы: синтез контроллеров, оптимизация цифровых схем, синтез проверяющих тестов. Адрес: Россия, Томск, 634050, пр. Ленина, 36, (3822) 4139-84.
Евтушенко Нина Владимировна. д-р техн.наук,, проф., зав.каф. ИТИДиС Томского государственного университета. Теория автоматов, оптимизация цифровых схем, синтез проверяющих тестов, тестирование протоколов вычислительных сетей, верификация цифровых схем. Адрес: Россия, Томск, 634050, пр. Ленина, 36, (3822) 41-39-84.
112
РИ, 2005, № 3
