Techniques for abstracting IF specifications 22032002

1
Techniques for abstracting IF specifications22/03
/2002

• Yves-Marie Quemener

2
References

• Common work
• Techniques for abstracting SDL specifications
• Sergei Boroday, Alexandre Petrenko, Roland Groz,
  Yves-Marie Quemener
• Centre de Recherche en Informatique de Montreal
  France Telecom RD
• Submitted at SDL and MSC 2002
• External research contract funded by FT, pursued
  in Advance

3
General context

• Presented in Liege during the meeting of October
  2001
• Test generation by mutant elimination
• Given a specification in Communicating Extended
  Finite State Machine language (SDL gt IF)
• Fault model a (set of) mutant(s) of the spec
• Wanted a discriminating sequence, which applied
  to the implementation would necessarily detect
  the mutant(s)

4
Problems

• State explosion exhaustive parallel simulation
  of the spec and the mutant(s)
• Representing a set of mutants
• Solution abstractions would enable to suppress
  unnecessary details
• Necessarily, conservative abstractions the
  observable behaviour of the abstracted spec must
  include the original one
• If not, the discriminating sequence could kill
  correct behaviour

5
Variable abstraction (I)

• Dependency analysis
• a directly depends on b iff
• a b OR
• Call proc(,b,) AND Def proc(,a,)
• Second condition not pertinent with IF, no
  procedures

6
Variable abstraction (II)

• Transitive closure of the dependency relation
• If v has to be deleted, the set v has to be
  deleted
• Deletion
• Suppress assignments
• Non-deterministic decisions

7
Graphical example
8
Problems

• Dependency through message-passing
• Not studied
• Suppressing outputs parameters
• Legal in SDL to suppress message parameters, but
  not in IF gt impossible abstraction
• Arrays gt no precise study of the variable
  dependencies, suppress all the array

9
Tool

• A tool has been produced for SDL, a similar one
  for IF
• Four modules
• IF API
• Variable dependency
• Choice by the user of suppressed variables,
  marking of the abstract syntax tree with
  suppressed or changed tags
• Pretty printing for taking into account the tags

10
Results for the SDL tool

• Case study of an ISDN service
• Exhaustive simulation possible after removing all
  removable variables

11
State abstraction

• For Extended Finite State Machine
• Fusing several states into one state gt reduces
  potential number of configurations
• Transitions of the fused state all the
  transitions of the fusing states

12
State abstraction in SDL

• Because of the graphical syntax, it amounts to
  replacing state names for OG SDL (/ official
  SDL)
• Will that be correct IF syntax?

Merged states (in OG SDL)
Merged states in valid SDL
13
Problems with SDL semantics (I)

• Implicit inputs
• Necessary to
• explicit

14
Problems with SDL semantics (II)

• SAVE and asterisk states (not in IF)
• Priority inputs gt conflicts (not in IF)

15
SDL tool

• Same case study with ISDN service
• Sometimes state abstraction increases state space
  (and is not efficient in general)
• Because it adds a lot of non-determinism (you
  suppress control)
• Not sure to produce one for IF

16
Conclusion

• Working on variable abstraction tool
• Something this autumn