State identification sequences from the splitting tree
Introduction
Software testing takes a significant amount of time, so effective testing methods can improve the quality of software, the cost of development and the cost of execution as well. Testing methods for finite-state machines are known for their capability of both finding subtle defects and for theoretical guarantees of fault-finding. The downside of these methods is the amount of testing that has to be completed before any of the claimed guarantees can be attained. A significant contribution to the amount of testing is the number and length of what is known as separating sequences. These are the sequences of inputs derived from a finite-state model of a specification that are intended to identify states entered by an implementation during testing. For instance, clicking on a link on a web page to submit an order should place such an order and empty a basket, so that attempting to submit the same form twice would not result in a duplicate order. Knowing whether a basket is indeed empty might not be visible on a ‘thank you for your order’ page so for most web sites a tester has to navigate back on the main page to check the contents of the basket and possibly check the list of orders to observe that an order has indeed been recorded as placed. This is important: verification that a correct state has been entered requires interaction with a system under test with effects not immediately visible. Construction of sequences that efficiently verify states is the subject of this paper. The intention is to make it possible to construct efficient sequences to separate any chosen subset of states in a specification, because usually it is known which states may or may not be entered at the end of a sequence of commands.
The algorithm proposed is an extension to an existing algorithm that aims to build a splitting tree (ST) for finite-state machines (FSM) possessing what is known as an adaptive distinguishing sequence (ADS). An ADS is in fact a set of sequences with common prefixes. It is best represented with a tree where nodes are named with inputs and branches carrying outputs. States are identified by walking through this tree starting from the root: inputs are submitted to a system under test and depending on outputs observed, a branch is taken. An input corresponding to the entered node is sent to a system under test next and an output determines the next node. Every leaf of this tree is associated with a state in a model which is uniquely identified by the sequence of inputs/outputs from the root of the tree to the leaf. Such sequences from root to leaf are called state verifying sequences (SVS).
The existing algorithm is limited to a specific range of FSMs where an ADS can be constructed. Where it cannot be built, one has to use more than a single sequence to identify states. Most existing testing methods support multiple sequences to identify states, although they are obviously more efficient where an ADS is available.
The extension to the original algorithm presented in this paper builds a small number of sequences to separate states if an ADS does not exist and produces an ADS where it does. It can be used both for identification of individual states and for separation of a group of states (where a tester knows that only some states may be entered by the implementation but does not know which exactly). The described method also permits harmonized state identifiers (HSI) to be constructed which lead to test sequences shorter than those constructed using traditional testing methods [1], [2]. This dramatically improves the efficiency of testing methods relying on HSI sequences.
Section 2 defines used terms and Section 3 summarizes the related work. Section 4 sketches the benefits of our extension. Section 5 introduces the structure of splitting tree and what a valid input means. Algorithms for the construction of separating sequences, HSIs and IADSs from the splitting tree are proposed in Section 6. Section 7 proposes our extension that is then described on a running example in 8 Running example, 9 Experiments describes experiments on randomly-generated machines and the paper is concluded in Section 10.
Section snippets
Preliminaries
This section defines the type of finite-state machines, state identification sequences and testing considered in this paper.
Related work
Separating sequences were initially introduced to form a characterizing set (CSet) that uniquely identifies any state. The easiest way to construct such a set of sequences was to group the separating sequences of all state pairs. Probably, the first algorithm that constructs separating sequences of all state pairs was based on the minimization algorithm [6, Algorithm 4.1]. More than 50 years later, the algorithm designing the shortest separating sequences (SSS) of all state pairs without the
Motivation example
The previous section mentioned four existing methods constructing harmonized state identifiers (HSI). These methods are compared with the approach based on our new extension ST-IADS on the Mealy machine defined in Fig. 1. The machine has no ADS and so some HSIs need to contain more than one sequence. Table 1 shows the comparison of the constructed HSIs. The splitting tree in Fig. 2 is created by both the ST-MSS and the new ST-IADS methods. They follow different construction procedures but for
Splitting tree for incomplete adaptive distinguishing sequences
The splitting tree (ST) was originally described in detail in [9]; a very similar structure without sequences inside nodes can also be found in [6]. An algorithm separating states builds an ST which can then be turned to IADS in order to easily separate states during testing. The description below introduces both an ST and IADS built from ST.
State identification sequences from ST-IADS
A splitting tree that is complete can be a basis for the construction of separating sequences of all state pairs, characterizing sets or harmonized state identifiers as described in [8]. This section proposes an alternative design approach that does not just collect particular sequences of ST nodes as the ST-MSS algorithm does. The new approach simply follows the chosen separating sequence and extends it by another one that separates the reached states. This is repeated until no states can be
ST-IADS construction algorithm
This section proposes the extension to the existing algorithm [9] such that the existing algorithm building a splitting tree with valid separating sequences is not disrupted by the extension. It means that the extension is not employed if the given machine has an adaptive distinguishing sequence (ADS) and so a splitting tree with only valid sequences is constructed. As the extension allows one to construct incomplete adaptive distinguishing sequences (IADS), it is referenced as the ST-IADS
Running example
The ST-IADS algorithm is described in this section how it builds the splitting tree showed in Fig. 2 for the Mealy machine M defined in Fig. 1. Examples describing just the ST-ADS algorithm can be found in [7], [9].
The algorithm starts with the root r0 of ST that contains all states A–E. As M does not have state outputs, r0 is the only node in partition (line 6 of Algorithm 5). The root is then popped from partition and analysed. The analysis of all three input symbols is captured in Fig. 5
Experiments
Our new extension was used to construct harmonized state identifiers from the splitting tree and then these HSIs was used in the HSI- and SPY- methods to show the improvement. Altogether 8 testing methods were compared on randomly-generated machines. The results of experiments are described in this section. Our implementation of each method used for experimental evaluation is described in [15] and available in FSMlib v3.1 1.
The FSMlib contains
Conclusion
This paper describes the new ST-IADS algorithm that allows one to construct a splitting tree for any deterministic finite-state machine. With this tree, separating sequences for any subset of states, incomplete adaptive distinguishing sequences and harmonized state identifiers (HSI) can be easily derived from them. If the machine has an adaptive distinguishing sequence (ADS), the algorithm will return it. In the absence of an ADS, a number of incomplete adaptive distinguishing sequences (IADSs)
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
CRediT authorship contribution statement
Michal Soucha: Conceptualization, Software, Investigation, Formal analysis, Writing - original draft. Kirill Bogdanov: Supervision, Writing - review & editing.
References (15)
Checking Experiments with Protocol Machines
Proceedings of the IFIP TC6/WG6. 1 Fourth International Workshop on Protocol Test Systems IV
(1991)- et al.
On reducing test length for FSMs with extra states, software testing
Verif. Reliab.
(2012) - et al.
Incomplete distinguishing sequences for finite state machines
Comput. J.
(2015) Failure diagnosis of automata
Cybern. Syst. Anal.
(1973)Testing software design modeled by finite-state machines, software engineering
IEEE Trans.
(1978)Introduction to the Theory of Finite-state Machines
(1962)Finite-state Machine State Identification Sequences
Bachelor’s thesis
(2014)
Cited by (2)
An Experimental Evaluation of Conformance Testing Techniques in Active Automata Learning
2023, Proceedings - ACM/IEEE 26th International Conference on Model Driven Engineering Languages and Systems, MODELS 2023GPU acceleration of finite state machine input execution: Improving scale and performance
2022, Software Testing Verification and Reliability