Separating Non-Determinisic Finite State Machines with Time-Outs Текст научной статьи по специальности «Математика»

Separating Non-Determinisic Finite State Machines with Time-Outs

Rustam Galimullin, Natalia Shabaldina

Radiophysics department T omsk State University T omsk, Russia nihilkhaos@gmail.com, NataliaMailBox@mail.ru

Abstract— In this paper we consider one of the classical finite state machine (FSM) model modifications - FSM with time-outs (or timed FSM). In this model in addition to the ordinary transitions under inputs there are transitions under time-outs when no input is applying. The behavior of many modern systems includes time-outs, for example, mobile phones, etc. In the past few years some work have been carried out on studying different relations between timed FSMs. Non-separability relation is very attractive for non-deterministic classical FSMs and FSMs with time-outs course for this relation we don’t need «all weather conditions» while testing. In this paper we present and compare two approaches for building a separating sequence for two separable FSMs with time-outs. One of them is using a conversion to classical FSMs, while another one is dealing directly with timed FSMs.

Keywords - finite state mashines with time-outs, non-deterministic finite state machines, non-separability relation, timed input sequence, separating sequence

I. Introduction

Most of the modern discrete systems, such as digital circuits, telecommunication protocols, logical games, etc., can be described as Finite State Machines (FSM). The entry of FSM receives one of the enabled inputs and returns an output. On condition it is necessary to take into account time aspects of discrete system, time function is interposed[1-4]. FSMs with introduced time function are called FSMs with time-outs or timed FSM (TFSM). Provided that input is being handled uniquely, TFSM is named deterministic, otherwise - non-deterministic. To distinguish correct and invalid TFSMs distinguishing sequences are generated. They claim exhaustive search of all TFSM’s reactions to the input sequence, i.e. it is necessary to input every sequence from test suite enough times to observe all outputs of the system. Practical implementation of this assumption is almost impossible, and it’s mostly used to check non-separability relation[5,6]. FSMs are separable[5], if there is an input sequence (called separating sequence), such that the sets of output sequences to this sequence doesn’t intersect. In this paper two different approaches for building separating sequence for FSMs with time-outs are suggested.

II. Preliminaries

Formally, Finite State Machine (FSM) is a quintuple S = (S, I, O, s0, XS), where S is a finite nonempty set of states with initial state s0, I and O - finite non-intersecting sets of inputs and outputs, XS c S x I x S x O - transition relation. If for each pair (s, i) e SxI there is at least one pair (o, s') e

OxS such that (s, i, o, s') e XS, FSM is called comlete. FSM with time-outs is a sextuple S = (S, I, O, s0, XS, AS), where S is a finite nonempty set of states with initial state s0, I and O -finite non-intersecting sets of inputs and outputs, XS C S x I x S x O - transition relation and

AS: S ® S x ( N u{¥}) - time-outs function, that defines time-out for every state. The time reset operation resets the value of the TFSM’s clock to zero at the execution of the transition. If TFSM, being in certain state s1, doesn’t receive input for a certain time t such that (s1, t, s2) e AS, it transfers to the state s2. FSM is called observable, if for each triple (s, i,

o) e SxIxO there is not more, than one state s ’ such that (s, i,

o, s’) e XS. FSM could be considered as FSM with time-outs where for each state s e S AS(s) = (s, ¥). Timed input is a pair <i, t> e I x Z.

Similar to [3], in order to extend transition relation to

timed inputs we add a function timeS: S x Z++ ® S that

allows to determine TFSM’s state when the clock value is equal to t based on the current state. Let’s consider the sequence of time-outs AS(s) = (s1, T1), DS(s1) = (s2, T2), ..., AS(sp-1) = (sp, Tp) such that T1 + T2 + ... + Tp-1 < t, but T1 + T2 + ... + Tp > t. In this case timeS(s, t) = sp-1. If AS(s) = (s, ¥), then timeS(s, t) = s for each t. For each timed input (i, t) we add a transition (s, (i, t), s', o) to 1S, if and only if (timeS(s, t), i, s', o) e 1S.

Sequence of timed inputs is called timed input sequence. Pair a/p, where a = <i1, t1>,..., <ik, tk>, p = o1,...,ok is called timed input/output (I/O) sequence (or timed trace), if Xs defines a sequence of transitions (s0, <i1,t1>, o1, sr1 ), (sr1, <i2,t2>, o2, sr2)..., (srik-1), <ik,tk> ok, srk).

As usual, the TFSM S is connected if for each state s there exists a timed trace that can take the machine from the initial state to state s.

State s' is called (i, t) -successor of state s, if there exists oe O such that (s, (i, t), s', o) e 1S. The set of all (i, t)-successors of state s will be denoted by sucS(s, (i, t)), in case of t = 0 we denote it as sucS(s, i).

An example of TFSM that describes mp3-player behavior is given below:

Figure 1. The TFSM that describes mp3-player behavior

The machine consists of the following states:

Play - the music is playing, player isn’t in energy-saving mode (display’s on);

Play\Energy Saving - the music is playing, but player is in energy-saving mode (display’s off);

Pause - the music is stopped, display’s on;

Hold - the music isn’t playing, player’s off (hold mode).

Inputs and outputs:

i] - player’s controller is used;

12 - play/pause button;

13 - hold button; o] - display’s on;

o2 - display’s off.

Let us observe TFSM’s behavior on timed input sequence a = <i1,5><i2,3><i1,4>. In that case the output sequence is p = o2

o1 o2.

A TFSM S = <S, I, O, s0, 1S> is a submachine of TFSM P = <P, I, O, p0, 1P > if S cP, s0 = p0 and each timed transition (s, <i, t>, o, s') of S is a timed transition of P.

III. Intersection of two timed FSMs

Intersection SO P of two TFSMs S = (S, I, O, s0, XS, AS)

and P = (P, I, O, p0, XP, AP) is the most connected sub-TFSM of Q = (Q, I, O, q0, XQ, Ae), where Q = S x K x P x K, K = {0, ..., k}, k = min(max AS(s)|n, max AP(p)in), initial state — quadruple (s0, 0, p0, 0). Transition relation Xq and time-outs function Aq are defined according to the following rules[3]:

1. Transition relation Xq contains quadruple [(s, k1, p, k2), i, o, (s', 0, p', 0)], if and only if

(s, i, s', o) e XS and (p, i, p’, o) e XP.

2. Time function is defined as Aq((s, k1, p, k2)) = [(s' k'i, p' k’2), k], k = min(As(s)^w - ki, AP(p)iN - k2). State (s', ki , p , k{) = (As(s)^s, 0, AP(p)^P, 0), if As(s)^N = ^ or Ap(p)in = ¥ or (As(s)^n -

k1) = (AP(p)lN - k2). If (AS(s)iN - k1), (AP(p)lN -

k2) e Z+ and (As(s)^n - ki) < (Ap(p)iN - k2), then state (s', ki, p , k2) = (As(s)^s, 0, p, k2 + k). If (As(s)^N -

kiX (Ap(p)iN - k2) e Z+ and (AS(s)iN - k1) > (Ap(p)iN -k2), then state (s', ki, p , k2') = (s, k1 + k, AP(p)^P, 0).

Algorithm 1: Constructing an intersection of two TFSMs

Input: TFSMs S = (S, I, O, s0, XS, AS) and

P = (P, I, O, p0, XP, AP)

Output: TFSM Q = (Q, I, O, q0, Xq, Aq), Q = S n P Step 1: add initial state q0 = (s0, 0, p0, 0) into Q.

Step 2: while set of states of TFSM Q has non-considered states, consider next in turn non-considered state q, step 3. Otherwise, End.

Step 3: for each input i find state q’=(s’, 0, p’, 0) that is i-successor of state q. If the set Q doesn’t include q’ - add q’ into the set Q, add transition [(s, k], p, k2), i, o, (s’, 0, p’, 0)] into Xq if (s, i, s’, o) e XS and (p, i, p’, o) e Xp.

Step 4: if there is a finite delay for state q = (s, k1, p, k2), then:

k:= min(As (s) 4, N - ki, Ap (p) 1N - k2)

If ( AS(s)4( N u {¥}) = ¥ or AP(p)i( n u {¥}) = ¥ or (AS(s)4 N -

ki) = (Ap(p)iN - k2) ), then q’= (As(s), 0, Ap(p), 0);

Else

if (AS(s)4 N - k1) < (Ap(p)i N - k2),

then q' : = (As(s)4s, 0,p, k2 + k);

if (AS(s)4 N - k1) > (Ap(p)i N - k2),

then q’ := (s, k1 + k, AP(p)^P, 0);

Extend function Aq: AQ(q) = (q’, k);

If the set Q doesn’t include q’, then add q’ into Q. Step 2.

The intersection of two TFSMs S and P (Figures 2,3) is presented in Figure 4.

Figure 2. TFSM S

Figure 3. TFSM P

Figure 4. TFSM S n P

IV. Separating sequence for two TF SMs

we suggest algorithm for constructing a separating sequence for two TFSMs.

Algorithm 2: Constructing a separating sequence of two TFSMs

Input: Complete observable TFSMs S = (S, I, O, s0, XS, AS) and P = (P, I, O, p0, XP, AP)

Output: separating sequence for S and P (if exists)

Step 1: construct the intersection of S and P with the help of Algorithm 1. If TFSM S 0 P is complete, S and P couldn’t be separated. End.

Step 2: Derive a truncated successor tree of SO P. The root of the tree is the pair (q0, 0), other nodes - sets of the pairs (q, t), where q is the state of S 0 P. k: = 0;

Edge: = 0;

Qk0: = {(qo, 0)};

Qk: = {Qk0}.

Until

(Rule 1: for the set Qkj e Qk, j ^ 0, there is an input i-sep such that each state q, (q, t) e Qkj, has no i-sep-successors in TFSMSOP or

Rule 2: for each set Qkj e Qk there exists

Qam e Qa, a < k, such that Qkj 3 Qam)

Do:

For each input i construct the set of successors M: =

Y suCq (q^Q, i) x {0} , add M to Qk+1 and add triple

qeQkj

(Qkj, i, M) to the set Edge.

If there exists q, (q, t) e Qkj, such that

(Ag(q))j,(nu {¥}) = ¥, define minimum time-out T and set of successors R for the set Qkj = {(q1, t1),

(q2, t2),... ,(qr, tr)}as follows:

T := i?in{Tu - tu }, Tu = (AQ(qu))KNu {¥});

1<u<r

R := {(q1', tx'), (q2', t2'),. ,(qr', tr'>}, qi = timeQ(qu,

tu + T) and either t= 0 if (Tu = ¥ or Tu = tu + T), or tu'

= tu + T if Tu > tu + T.

Add R to Qk+1 and add triple (Qkj, T, R) to the set Edge.

Step 3: If the tree was terminated according to the Rule 1, then construct the sequence of edges (Q00, g1, Q1 . ),

( Q1j , g2, Q2 h ) ( Q(l-1)

Jl-1

( Q(k-1) h i , gk, Qkjt ) such that Qijt ) e Edge for each l e {1, ..., k} and gl e

{I u N}.

Collect the separating sequence a = <i1, t1> ... <im, tm>: j := 0;

T, := 0;

r := 0;

while (j < k) execute:

If gj e I,

Then ir := gj , tr := T, , r := r+1, T, := 0;

Else Tj := Tj + g, ;

j :=J+1;

m := r;

ir := i-sep , tr := Tj .

If all branches of the tree were terminated according to the Rule 2, then TFSMs S and P are unseparable.

End.

The truncated tree for TFSMs S and P is presented in Figure 5:

Figure 5. Truncated successor tree of S O P So, the separating sequence is a = <i1, 0><i2, 2>.

Algorithm 2 is the modification of the algorithm from [6], of deriving a separating sequence for two untimed FSMs. The modifications are associated with time-outs, because the only way to reach some states is to wait for a while. Thus in Algorithm 2 each node of the tree is not the set of states of the intersection, but the set of pairs <state, time>. For the set in the node we determine the minimal delay and the set of successors under this delay is derived in the same way as when deriving the intersection. we need the edges labeled by delay because for the timed FSMs the separating sequence is timed input sequence, so we need to wait some time before applying another input.

Rule 2 is inherited from [6] and in this case we can’t separate given timed FSMs.

Since Rule 1 is also inherited from algorithm [6], and transitions under time-outs are derived according to the rules that specify the common behavior of timed systems, the sequence a = <i1, t1> . <im, tm> derived according to

Algorithm 2 will be a separating sequence for two timed separable FSMs.

It is known [6], that for given two complete separable untimed FSMs S and P, |S| = n and |P |= m, the length of a shortest separating sequence of S and P is at most 2mn-1, and this estimation is reachable. Since untimed FSM is a particular case of timed FSM the estimation will be the same.

V. CORRELATION BETWEEN F SMS AND TF SMS

To transform TFSM S = (S, I, O, s0, XS, AS) into FSM AS with the same behavior [3] we add to TFSM a special input

1 g I and a special output N g O. FSM

As = (S u St, I u{1}, O u{N}, s0, XA ) is constructed by

adding T - 1 copies of each state s e S with finite time delay T, T > 1. Formally, AS is constructed in the following way:

1) For each s e S, AS(s) = (s', T), 1 < T < ¥, the set St contains each state (s, t), t = 1, ... , T - 1.

2) For each s e S, (s, t) e St and for each pair i/o, i e

I, o e O, ((s, t), i, s', o) e XA , if and only if

(s, i, s', o) e XS.

3) For each s e S such that AS(s) = (s, ¥) there is a transition (s, 1, s, N) in AS.

4) For each s e S such that AS(s) = (s', T), T = 1 there is a transition (s, 1, s’, N) in As.

5) For each s e S such that AS(s) = (s', T), 1 < T < ¥, there are transitions (s, 1, (s, 1), N), ((s, j), 1, (s, j + 1), N), j = 1, ..., T - 2, and transition ((s, T -

1 ), 1, s', N) in As.

Hence, on condition, that timed FSM S includes n states and maximal delay is Tmax, AS can include up to n-Tmax states. Be

more precise, number of states in As is £ n(s), n(s) = 1, if

seS

AS(s) = (s, ¥), and n(s) = T, if AS(s) = (s', T).

Thus, in order to derive a separating sequence for two TFSMs, we transformed TFSMs into FSMs. Intersection of

two FSMs could be constructed with the help of Algorithm 1 without taking into account time-outs. To construct truncated successor tree we use Algorithm 2 without time-outs [6], and then collect the sequence (if exists) with the help of step 3 (Algorithm 2). One can assure that the separating sequence for AS and AP (Figures 6 and 7) will be the same, i.e., a = <i1, 0><i2, 2>.

/2

/2

Figure 6. FSM As

ii/1, i

Figure 7. FSM Ap

Conclusions

In this paper we suggested two approaches to separate TFSMs. The idea of the first approach is that we construct an intersection of two TFSMs and then find separating sequence. The main advantage of this approach is comparative simplicity due to small amount of states in intersection. Disadvantage -weak theoretical basis of complete test suites derivation for TFSMs. The second approach is based on “TFSM to FSM” transformation. As a result of this transformation we have enormous increasing of states in intersection. Thus this way is hardly applicable to TFSMs with great time delays. But theoretical basis for complete test suites derivation is much more stronger for classical FSMs. In the future we’re planning

to compare program implementations of these two approaches in order to find out the range of applicability of each one.

References

[1] R. Alur, C. Courcoubetis, M. Yannakakis. Distinguishing tests for nondeterministic and probabilistic machines // STOC’95, NewYork: ACM, 1995. P.363-372.

[2] M. G. Merayo. Formal Testing from Timed Finite State Machines / // Computer Networks. - 2008. - Vol. 52 №2. - P. 432-460.

[3] M. Zhigulin, S.Maag, A.Cavalli, N.Yevtushenko. FSM-based test derivation strategies for systems with time-outs // Presented to QSIC’2011.

[4] M. Gromov, D. Popov, N. Yevtushenko. Deriving test suites for timed Finite State Machines // Proceedings of IEEE East-West Design & Test Symposium 08, Kharkov: SPD FL Stepanov V.V., 2008. P.339-343.

[5] Starke, P.: Abstract automata, American Elsevier, 3^419 (1972).

[6] N. Spitsyna, K. El-Fakih, N. Yevtushenko Studying the Separability

Relation between Finite State Machines // Software Testing, Verification and Reliability. -2007. - Vol. 17(4). - P. 227-241.