SlideShare a Scribd company logo

MSc_thesis

Download as PPTX, PDF
Nokib Uddin
Nokib Uddin
1 of 37
Computational Tree Logic Is Equivalent To Failure Trace Testing Student: A. F. M. Nokib Uddin Supervisor: Dr. Stefan D. Bruda MSc Thesis Presentation Dept. of Computer Science 17/24/2015
2 Contents  Introduction  Preliminaries  Previous Works  CTL is Equivalent To Failure Trace Testing  Conclusion  References 7/24/2015
3 Introduction Computing systems are already present in our everyday life, from entertainment systems at home, to telephone networks and the Internet, to health case, transportation, and energy infrastructure. Ensuring the correct behavior of software and hardware has been one of the goals of Computer Science since the dawn of computing. In many cases no failure is accepted. 7/24/2015
4 Introduction Example of failure of Computing Systems: Lockheed Martin F-35 Joint Strike Fighter: The plane is expected to cost $1.5 trillion over its useful life, of which about $400 billion has already been spent. Toyota Motor Corp. is recalling about 295,000 Lexus and Toyota brand vehicles globally, mostly in the United States, because various safety systems including stability control and anti-lock brakes could become inoperative. 7/24/2015
5 Introduction Verification is the process of checking that a system meets specifications and that it fulfills its intended purpose. There are four kinds of methods of verification:  Testing (or Simulation)  Deductive Verification  Model based Testing  Model Checking 7/24/2015
6 Introduction  It was shown earlier [3] that CTL and failure trace testing are equivalent; that is, for any failure trace test there exists a CTL formula equivalent to it, and the other way around. Both conversions are constructive and algorithmic.  The proof of the conversion from CTL formulae to failure trace tests (and implicitly the associated algorithm) is however incorrect.  We now provide a correct proof for the existence of a conversion from CTL formulae to failure trace tests. 7/24/2015
7 Preliminaries Kripke structure: Formally, A Kripke Structure K is a 5-tuple (S; S0; AP; →; L), where: 1. S is a set of states. 2. S0 is the set of initial states: S0 ⊆ S. 3. AP is a set of atomic propositions. 4. → is a total transition relation: →⊆ S × S. 5. L is a state labelling: L: S → 2AP. Note that, the shorthand notation s → t is used for stating that (s; t) ∈ →. Labeled Transition System(LTS): An LTS is a tuple M = (S, A, →, s0) where, S is a countable, non-empty set of states, s0 ∈ S is the initial state and A is a countable set of actions. The actions in A are called visible (or observable), by contrast with the special, unobservable action τ ∉ A (also called internal action). The relation →⊆ S × (A ∪ {τ}) × S is the transition relation; we use p a→ q instead of (p, a, q) ∈ →. A transition p a→ q means that state p becomes state q after performing the action a. 7/24/2015
8 Preliminaries Computation Tree logic (CTL): In CTL, the temporal operators X, F, G, U, R must be immediately preceded by one of the path quantifiers A or E. f = ⊤ | ⊥ | a | ¬f | f1 ∧ f2 | f1 ∨ f2 | AX f | AF f | AG f | A f1 U f2 | A f1 R f2 | EX f | EF f | EG f | E f1 U f2 | E f1 R f2 The truth value of a CTL formula is defined in terms of Kripke structures. The notation K, s ⊨ f means that in a Kripke structure K, formula f is true in state s. The notation K, π ⊨ f means that in a Kripke structure K, formula f is true along the path π. The meaning of ⊨ is defined inductively. Where, f and g are state formulae unless stated otherwise. 7/24/2015
9 Preliminaries CTL formulae is defined over Kripke structure: State formulae 1. K, s ⊨⊤ is true and K, s ⊨ ⊥ is false for any state s in any Kripke structure K. 2. K, s ⊨ a, a ∈ AP iff a ∈ L(s). 3. K, s ⊨¬f iff ¬(K, s ⊨ f ). 4. K, s ⊨ f ∧ g iff K, s ⊨ f and K, s ⊨g. 5. K, s ⊨ f ∨ g iff K, s ⊨ f or K, s ⊨g. 6. K, s ⊨ E f for some path formula f iff there is a path π = s → s1 → s2 → · · · → si such that K, π ⊨f. 7. K, s ⊨ A f for some path formula f iff K, π ⊨ f for all paths π = s → s1 → s2 → · · · → si. 7/24/2015
10 Preliminaries Path formulae: We use πi to denote the i-th state of a path π (with the first state being state 0, or π0). The definition of ⊨for path formulae is: 1. K, π ⊨ X f iff k, π1⊨f . 2. K, π ⊨ f U g iff there exists j ≥ 0 such that K, πj ⊨ g and K, πk ⊨g for all k ≥ j, and for all i < j K, πi ⊨ f . 3. K, π ⊨f R g iff for all j ≥ 0, if K, πi ⊭ f for every i < j then K, πj ⊨ g 7/24/2015
11 Preliminaries Failure Trace Testing: A failure trace f is a string of the form f = A0a1A1a2 . . . Anan, n≥ 0, with ai ∈ A* (sequences of actions) and Ai ⊆ A (sets of refusals). Let p be a process such that p ∈⇒p0 a1⇒p1 a2⇒…………….. an⇒ pn; f = A0a1A1a2 . . . Anan is then a failure trace of p whenever the following two conditions hold: a. If ¬ (pi τ→), then Ai ⊆ (A init(pi)); for a stable state the failure trace refuses any set of events that cannot be performed in that state (including the empty set). b. If pi τ→ then then Ai = ∅; whenever pi is not a stable state it refuses an empty set of events by definition. Systems and tests can be concisely described using the testing language TLOTOS. The syntax of TLOTOS is then defined as follows: t=stop | a;t1 | i;t1 | θ;t1 | pass | t1 □ t2 | ∑ T 1. inaction (stop): no rules. 2. action prefix: a; t1 a→ t1 and i; t1 τ→ t1 7/24/2015
12 Preliminaries 3. deadlock detection: θ; t1 θ→ t1 4. successful termination: pass γ→ stop 5. choice: with g ∈ A ∪ { γ, θ, τ}, 6. generalized choice: with g ∈ A ∪ { γ, θ, τ}, Failure trace tests are defined in TLOTOS using the special actions γ which signals the successful completion of a test, and which θ is the deadlock detection label. 7/24/2015
13 Previous Works EQUIVALENCE BETWEEN KRIPKE STRUCTURES AND LTS: Definition 1: Given a Kripke structure K and a set of states Q of K, the pair K, Q is equivalent to a process p, written K, Q ≃ p (or p ≃ K, Q), iff for any CTL* formula f K, Q ⊨ f iff p ⊨ f . Proposition 1:There exists an algorithmic function 𝕂 which converts a labeled transition system p into a Kripke structure K and a set of states Q such that p ≃ (K, Q). Specifically, for any labeled transition system p = (S, A, →, s0), its equivalent Kripke structure K is defined as K = (S’, Q, R’, L’) where: 1. S’ = {(s, x): s ∈ S, x ⊆ init(s)}. 2. Q = {(s0, x) ∈ S’}. 3. R’ contains exactly all the transitions ((s, N), (t, O)) such that (s, N), (t, O) ∈ S’, and (a) for any n∈N, s n⇒t (b) for some q∈ S and for any o∈O, t o⇒q, and (c) if N =∅ ; then O =∅ ; and t = s (these loops ensure that the relation R’ is complete). 4. L’ : S’ → 2AP such that L’(s, x) = x, where AP = A. 7/24/2015
14 Previous Works Equivalence between Kripke structure and LTS Each state of the Kripke structure (b) is labeled with the LTS state it came from, and the set of propositions that hold in that Kripke state. Fig.1: A conversion of an LTS (a) to an equivalent Kripke structure (b) 7/24/2015
15 Previous Works From Failure Trace Test to CTL formulae: Let 𝒫 be the set of all processes, 𝒯 the set of all tests, and ℱ the set of all CTL formulae. Proposition 2: There exists a function ℂ: 𝒯→ℱ such that p may t iff 𝕂(p)⊨ℂ (t) for any p∈ 𝒫. Proof Sketch: The function ℂ is defined inductively. The basis is naturally defined as follows: 1. ℂ (pass)=⊤ 2. ℂ (stop)=⊥ The inductive constructs are then defined as follows: 1. ℂ (i;t)= ℂ (t) 2. ℂ (a;t)= a ∧ EX ℂ (t) 3. ℂ (∑Ƭ)=Vt∈Ƭ ℂ (t), where Vt∈Ƭ={t1,…..tn} t is the usual short hand for t1 ∨……..∨ tn 4. ℂ (∑Ƭ □ θ,t) = (ℂ (t1) ∨ ℂ (t2) ∨ ……. ℂ (tn)) ∨ (¬ (ℂ (t1) ∧ ℂ (t2) ∧…….. ℂ (tn) ) ∧ ℂ (t), where Ƭ={t1,t2,……..tn}. Several constructs were not considered since they can be expressed using the above constructs. 7/24/2015
16 Previous Works Fig. 2: Two Coffee machines b1 and b2. Example 1: HOW TO TELL LOGICALLY THAT YOUR COFFEE MACHINE IS WORKING b1 = coin; (tea □ bang; coffee) □ coin; (coffee □ bang; tea) b2 = coin; (tea □ bang; tea) □ coin; (coffee □ bang; coffee) 7/24/2015
17 Previous Works One failure trace test that differentiate these two machines is t = coin; (coffee; pass □ θ; bang; coffee; pass) The conversion of the failure trace test t into a CTL formula as per Proposition yields: ℂ (t) = coin ∧ EX (coffee ∨ ¬ coffee ∧ bang ∧ EX coffee) 7/24/2015
18 CTL is equivalent to Failure Trace Testing Theorem 1: For every failure trace test there exists an equivalent CTL formula and the other way around. Furthermore a failure trace test can be algorithmically converted into its equivalent CTL formula and the other way around. Now, Let 𝒫 be the set of all processes, 𝒯 the set of all tests, and ℱ the set of all CTL formulae. Lemma 1: For any test t ∈ 𝒯 there exists a test ¬t ∈ 𝒯 such that p may t iff ¬ (p may ¬ t) for any p∈ 𝒫. Proof: We first force all the success states to become deadlock states by eliminating the outgoing action γ from t completely. If the action that leads to a state thus converted is θ then this action is removed as well. Finally, we add to all the states having their outgoing transitions θ or γ eliminated in the previous steps one outgoing transition labeled θ followed by one outgoing transition labeled γ. 7/24/2015
19 CTL is equivalent to Failure Trace Testing Lemma 2: For any two tests t1, t2 ∈ 𝒯 there exists a test t1 ∨ t2 ∈ 𝒯 such that p may (t1 ∨ t2) iff (p may t1) ∨ (p may t2) for any p∈ 𝒫. For the induction step we consider without loss of generality that t1 and t2 have the following structure: t1 =∑ {b1; t1 (b1) : b1 ∈ B1} □ θ; tN1 t2 =∑ {b2; t2 (b2) : b2 ∈ B2} □ θ; tN2 We then construct t1 ∨ t2 under the inductive assumption that the disjunction between any of the “inner” tests t1(b1), tN1 , t2(b2), and tN2 is known. We have: ∑ {b1; t1 (b1): b1 ∈ B1} □ θ; tN1 ∨ ∑ {b2; t2 (b2) : b2 ∈ B2} □ θ; tN2 = ∑ {b; (t1 (b) ∨ t2 (b)) : b ∈ B1 ∩ B2} □ ∑ {b; (t1 (b) ∨ [tN2]b) : b ∈ B1 B2} □ ∑ {b; (t2 (b) ∨ [tN1]b) : b ∈ B2 B1} □ θ; ( tN1 ∨ tN2 ) 7/24/2015
20 CTL is equivalent to Failure Trace Testing Where [t]b is the test t restricted to performing b as its first action and so is inductively constructed as follows: 1. If t = stop then [t]b = stop. 2. If t = pass then [t]b = pass. 3. If t = b; t’ then [t]b = t’. 4. If t = a; t’ with a ≠ b then [t]b = stop. 5. If t = i; t’ then [t]b = [t’]b 6. If t = t’ □ t” such that neither t’ nor t” contain θ in their topmost choice then [t]b =[t’]b □ [t”]b. 7. If t = b; t’ □ θ; t” then [t]b = t’. 8. If t = a; t’□ θ; t” with a≠ b then [t]b = [t”]b. 7/24/2015
21 CTL is equivalent to Failure Trace Testing Example 2: A disjunction of Test: Consider the construction t1 ∨ t2, where: t1 = (bang; tea; pass) □ (coin; (coffee; stop □ θ; pass)) t2 = (coin; pass) □ (nudge; stop) □ (θ; (bang; water; pass □ turn; stop)) We have B1 = {coin, bang} and B2 = {coin, nudge} So, B1 ∩ B2 = {coin}, B1 B2 = {bang}, and B2 B1 = {nudge}. We further note that, t1 (coin) = coffee; stop □ θ; pass, t1(bang) =tea; pass, tN1 = stop, t2(coin) = pass, t2(nudge) = stop, and tN2 =bang; water; pass □ turn; stop 7/24/2015
22 CTL is equivalent to Failure Trace Testing Step 1: Therefore we have: t1 ∨ t2 = (coin; (t1(coin) ∨ t2(coin))) □ (bang; (t1(bang) ∨ [tN2]bang)) □ (nudge; (t2(nudge) ∨ [tN1]nudge)) □ θ; (tN1 ∨ tN2) = (coin; pass) □ (bang; (t1(bang) ∨ [tN2]bang)) □ (nudge; stop) □ (θ; (bang; water; pass □ turn; stop)) Step 2: t1 ∨ t2 = (coin; pass) □ (bang; ((tea; pass) □ (water; pass))) □ (nudge; stop) □ (θ; (bang; water; pass □ turn; stop)) 7/24/2015
23 CTL is equivalent to Failure Trace Testing Specification: 1. If a coin is inserted then the test succeeds. Indeed, this case from t2 supersedes the corresponding special case from t1: the success of the test implies that the machine is allowed to do anything afterward, including not dispensing coffee. 2. We get either tea or water after hitting the machine. Getting tea comes from t1 and getting water from t2 (where the bang event comes from the θ branch). 3. If we nudge the machine then the test fails immediately; this comes directly from t2. 4. In all the other cases the test behaves like the θ branch of t2. This behavior makes sense since there is no such a branch in t1. 7/24/2015
24 CTL is equivalent to Failure Trace Testing Corollary 1: For any tests t1, t2 ∈ 𝒯 there exists a test t1 ∧ t2 ∈ 𝒯 such that p may (t1 ∧ t2) iff (p may t1) ∧ (p may t2) for any p∈ 𝒫. Proof. Immediate from Lemmata 1 and 2, using the De Morgan rule a ∧ b = ¬ (¬a ∨¬b). We are now ready to show that any CTL formula can be converted into an equivalent failure trace test. Theorem 2: There exists a function 𝕋: ℱ→ 𝒯 such that 𝕂 (p) ⊨ f iff p may 𝕋(f) for any p∈ 𝒫. 7/24/2015
25 CTL is equivalent to Failure Trace Testing Proof: The proof is done by structural induction over CTL formulae. As before, the function 𝕋 will also be defined inductively in the process. We have naturally 𝕋 (⊤) = pass and 𝕋 (⊥) = stop. To complete the basis we have 𝕋 (a) = a; pass, which is an immediate consequence of the definition of 𝕂. We therefore have negation of test: 𝕋(¬f ) = ¬𝕋 ( f ) Disjunction of tests: 𝕋(f1 ∨ f2 )= 𝕋(f1) ∨ 𝕋(f2) Conjunction of tests: 𝕋(f1 ∧ f2 )= 𝕋(f1) ∧ 𝕋(f2) 7/24/2015
26 CTL is equivalent to Failure Trace Testing Temporal Operators: EX f We have 𝕋 (EX f ) = ∑ {a; 𝕋( f ) : a ∈A}. When applied to some process p the resulting test performs any action a ∈A and then (in the nest state p’ such that p a→ p’) gives control to 𝕋 (f). 𝕋(f) will always test the next state (since there is no θ in the top choice), and there is no restriction as to what particular next state p’ is expected (since any action of p is accepted by the test). EF f We then have 𝕋(EF f) = t’ such that t’ = 𝕋( f ) □ (∑ (a; t’ : a ∈ A)). It specifies that at any given time the system under test has a choice to either pass 𝕋(f) or perform some (any) action and then pass t’ anew. Repeating this description recursively we conclude that to be successful the system under test can pass 𝕋(f), or perform an action and then pass 𝕋(f ), or perform two actions and then pass 𝕋(f) and so on. 7/24/2015
27 CTL is equivalent to Failure Trace Testing Fig. 3: Test equivalent to CTL formula EF f (a) and its unfolded version (b). 7/24/2015
28 CTL is equivalent to Failure Trace Testing EG f We have 𝕋 (EG f ) = 𝕋 ( f ) ∧ (𝕋 (EX f’) □ θ; pass), with f’ = f ∧ EX f’. Suppose that p may (EG f ). This implies that p may 𝕋 ( f ). This also imply that p may 𝕋 (EX f’) but only unless p = stop; indeed, the θ choice appears in conjunction with a multiple choice that offers all the possible alternatives (see the conversion for EX above) and so can only be taken if no other action is available. E f1 U f2 Finally we have 𝕋 (E f1 U f2) = ((f1) ∧ (𝕋 (EX f’) □ θ; pass)) □ i; (𝕋( f2) ∧ (𝕋 (EX f”) □ θ; pass)), with f’ = f1 ∧ EX f’ and f’’ = f2 ∧ EX f”. Thus we complete the proof and the conversion between CTL formulae and sequential tests. Indeed, note that EX, EF, EG, and EU is a minimal set of temporal operators for CTL, so all the remaining CTL constructs can be rewritten using only the constructs discussed above. 7/24/2015
29 CTL is equivalent to Failure Trace Testing Example 3 HOW TO TEST THAT YOUR COFFEE MACHINE IS WORKING: b1 = coin; (tea □ bang; coffee) □ coin; (coffee □ bang; tea) b2 = coin; (tea □ bang; tea) □ coin; (coffee □ bang; coffee) CTL formula was found to differentiate between the two machines: Φ = coin ∧ EX (coffee ∨ ¬ coffee ∧ bang ∧ EX coffee) The process of converting the formula Φ to a test suite 𝕋(Φ) then goes as follows: Let, C = {coin, tea, bang, coffee} be the set of all actions. 7/24/2015
30 CTL is equivalent to Failure Trace Testing Step 1: We convert first, bang ∧ EX coffee = ¬ (¬ bang ∨ ¬EX coffee). We have, 𝕋 (¬bang) = bang; stop □ θ; pass. On the other hand, 𝕋 (EX coffee) = ∑ {a; coffee; pass: a ∈C} and so, 𝕋 (¬EX coffee) = ∑ {a; coffee; stop □ θ; pass : a ∈ C} □ θ; pass = ∑ {a; coffee; stop □ θ; pass :a ∈ C} 𝕋 (¬ (bang ∧ EX coffee)) = bang; (coffee; stop□ θ; pass) □ θ; pass Negating this test yields: 𝕋 (bang ∧ EX coffee) = bang; coffee; pass 7/24/2015
31 CTL is equivalent to Failure Trace Testing Step 2: We move to, ¬coffee ∧ bang ∧ EX coffee = ¬ (coffee ∨ ¬ (bang ∧ EX coffee)). Therefore 𝕋 (coffee ∨ ¬ (bang ∧ EX coffee)) = coffee; pass □ bang; (coffee; stop □ θ; pass) □ θ; pass Negating this test yields: 𝕋 (¬coffee ∧ bang ∧ EX coffee) = coffee; stop □ bang; coffee; pass Step 3: The conversion of coffee ∨ ¬coffee ∧ bang ∧ EX coffee combines in a disjunction the test coffee; pass and the test from previous step. 𝕋 (coffee ∨ ¬coffee ∧ bang ∧ EX coffee) = coffee; pass □ bang; coffee; pass 7/24/2015
32 CTL is equivalent to Failure Trace Testing Step 4: Let, Φ’ = coffee ∨ ¬ coffee ∧ bang ∧ EX coffee We have 𝕋(EX Φ’) = ∑ {a; 𝕋 (Φ’) : a ∈ C} and therefore 𝕋(EX Φ’) = ∑ {a; (coffee; pass □ bang; coffee; pass) : a ∈ C} We will actually need in what follows the negation of this formula, which is the following: 𝕋(¬EX Φ’) =∑{a; (coffee; stop □ bang; (coffee; stop □ θ; pass) □ θ; pass) : a ∈ C} □ θ; pass 7/24/2015
33 CTL is equivalent to Failure Trace Testing Fig. 4: Conversion of Tests 𝕋(EX Φ’) (a) into it’s negation ¬𝕋(EX Φ’) (b). 7/24/2015
34 CTL is equivalent to Failure Trace Testing Step 5: Top formulae, Φ = coin ∧ EX Φ’ = ¬ (¬coin ∨ ¬EX Φ’) Therefore we obtain, 𝕋(¬coin ∨ ¬EX Φ’) = coin; (coffee; stop □ bang; (coffee; stop □ θ; pass) □ θ; pass) □ θ; pass Negating the above expression results in the test equivalent to the original formula: 𝕋 (Φ) = coin; (coffee; pass □ bang; coffee; pass) Recall now that the test we started from in Example 1 was slightly different, namely: t = coin; (coffee; pass □ θ; bang; coffee; pass) We argue however that these two tests are in this case equivalent. 7/24/2015
35 Conclusion We provide a correct proof for the existence of a conversion from CTL formulae to failure trace testing. Our revised proof continues to be constructive and so the conversion continues to be algorithmic. We also offer intuitive support for our proof by providing worked examples related to the examples used earlier works [4]. Our corrected proof completes an algorithmic solution that allows the free mix of logic and algebraic specifications for any system, thus offering increased flexibility and convenience in system specification for formal verification. 7/24/2015
36 References [1] S. SCHNEIDER, Concurrent and Real-time Systems: The CSP Approach, John Wiley & Sons, 2000. . [2] S. D. BRUDA AND C. DAI, A testing theory for real-time systems, International Journal of Computers, 4 (2010), pp. 97–106. [3] S. D. BRUDA AND Z. ZHANG, Model checking is refinement: Computation tree logic is equivalent to failure trace testing, Tech. Rep. 2009-002, Bishop’s University, Department of Computer Science, Aug. 2009. [4] S. D. BRUDA AND Z. ZHANG, Refinement is model checking: From failure trace tests to computation tree logic, in Proceedings of the 13th IASTED International Conference on Software Engineering and Applications (SEA 09), Cambridge, MA, Nov. 2009. [5] M. BROY, B. JONSSON, J.-P. KATOEN, M. LEUCKER, AND A. PRETSCHNER, eds., Model- Based Testing of Reactive Systems: Advanced Lectures, vol. 3472 of Lecture Notes in Computer Science, Springer, 2005. And More ………….. 7/24/2015
37 ? 7/24/2015

Recommended

qlp
qlpqlp
qlpRei Mizuta
 
1984 koditschek natural motion for robot arms
1984 koditschek natural motion for robot arms1984 koditschek natural motion for robot arms
1984 koditschek natural motion for robot armsAddie Pa
 
Automata
AutomataAutomata
AutomataJena Catherine Bel D
 
Theory of Computation Unit 4
Theory of Computation Unit 4Theory of Computation Unit 4
Theory of Computation Unit 4Jena Catherine Bel D
 
NFA DFA Equivalence theorem
NFA DFA Equivalence theorem NFA DFA Equivalence theorem
NFA DFA Equivalence theorem niveditJain
 
Nfa egs
Nfa egsNfa egs
Nfa egsankitamakin
 
Automata Theory - Turing machine
Automata Theory - Turing machineAutomata Theory - Turing machine
Automata Theory - Turing machineAkila Krishnamoorthy
 
Bag of Pursuits and Neural Gas for Improved Sparse Codin
Bag of Pursuits and Neural Gas for Improved Sparse CodinBag of Pursuits and Neural Gas for Improved Sparse Codin
Bag of Pursuits and Neural Gas for Improved Sparse CodinKarlos Svoboda
 

Recommended

qlp
qlpqlp
qlpRei Mizuta
 
1984 koditschek natural motion for robot arms
1984 koditschek natural motion for robot arms1984 koditschek natural motion for robot arms
1984 koditschek natural motion for robot armsAddie Pa
 
Automata
AutomataAutomata
AutomataJena Catherine Bel D
 
Theory of Computation Unit 4
Theory of Computation Unit 4Theory of Computation Unit 4
Theory of Computation Unit 4Jena Catherine Bel D
 
NFA DFA Equivalence theorem
NFA DFA Equivalence theorem NFA DFA Equivalence theorem
NFA DFA Equivalence theorem niveditJain
 
Nfa egs
Nfa egsNfa egs
Nfa egsankitamakin
 
Automata Theory - Turing machine
Automata Theory - Turing machineAutomata Theory - Turing machine
Automata Theory - Turing machineAkila Krishnamoorthy
 
Bag of Pursuits and Neural Gas for Improved Sparse Codin
Bag of Pursuits and Neural Gas for Improved Sparse CodinBag of Pursuits and Neural Gas for Improved Sparse Codin
Bag of Pursuits and Neural Gas for Improved Sparse CodinKarlos Svoboda
 
NFA Converted to DFA , Minimization of DFA , Transition Diagram
NFA Converted to DFA , Minimization of DFA , Transition DiagramNFA Converted to DFA , Minimization of DFA , Transition Diagram
NFA Converted to DFA , Minimization of DFA , Transition DiagramAbdullah Jan
 
DFA Minimization
DFA MinimizationDFA Minimization
DFA Minimizationguest5873b2d
 
Fuzzing and Verifying RAT Refutations with Deletion Information
Fuzzing and Verifying RAT Refutations with Deletion InformationFuzzing and Verifying RAT Refutations with Deletion Information
Fuzzing and Verifying RAT Refutations with Deletion InformationTobias Philipp
 
Nfa to-dfa
Nfa to-dfaNfa to-dfa
Nfa to-dfarsivashankari
 
Push down automata
Push down automataPush down automata
Push down automataRatnakar Mikkili
 
Dfa h11
Dfa h11Dfa h11
Dfa h11Rajendran
 
Automata theory - Push Down Automata (PDA)
Automata theory - Push Down Automata (PDA)Automata theory - Push Down Automata (PDA)
Automata theory - Push Down Automata (PDA)Akila Krishnamoorthy
 
PDA (pushdown automaton)
PDA (pushdown automaton)PDA (pushdown automaton)
PDA (pushdown automaton)Захір Райхан
 
PUSH DOWN AUTOMATA VS TURING MACHINE
PUSH DOWN AUTOMATA VS TURING MACHINEPUSH DOWN AUTOMATA VS TURING MACHINE
PUSH DOWN AUTOMATA VS TURING MACHINEAbhishek Shivhare
 
push down automata
push down automatapush down automata
push down automataChristopher Chizoba
 
Time series forecasting with ARIMA
Time series forecasting with ARIMATime series forecasting with ARIMA
Time series forecasting with ARIMAYury Kashnitsky
 
Formal Languages and Automata Theory Unit 1
Formal Languages and Automata Theory Unit 1Formal Languages and Automata Theory Unit 1
Formal Languages and Automata Theory Unit 1Srimatre K
 
Automata theory
Automata theoryAutomata theory
Automata theoryPardeep Vats
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Finite automata
Finite automataFinite automata
Finite automataRajesh Yaramadi
 
Nfa vs dfa
Nfa vs dfaNfa vs dfa
Nfa vs dfaraosir123
 
透明な真理観を巡って
透明な真理観を巡って透明な真理観を巡って
透明な真理観を巡ってShunsuke Yatabe
 
Aho corasick-lecture
Aho corasick-lectureAho corasick-lecture
Aho corasick-lecturePekkaKilpelinen2
 
Finite automata
Finite automataFinite automata
Finite automataSutee Sudprasert
 
Toc(df avs nfa)avishek130650107020
Toc(df avs nfa)avishek130650107020Toc(df avs nfa)avishek130650107020
Toc(df avs nfa)avishek130650107020Avishek Sarkar
 
Rtai
RtaiRtai
Rtaisagar chaturvedi
 
Solvency II - CIC Reflection
Solvency II - CIC ReflectionSolvency II - CIC Reflection
Solvency II - CIC ReflectionThu-Phuong DO
 

More Related Content

What's hot

NFA Converted to DFA , Minimization of DFA , Transition Diagram
NFA Converted to DFA , Minimization of DFA , Transition DiagramNFA Converted to DFA , Minimization of DFA , Transition Diagram
NFA Converted to DFA , Minimization of DFA , Transition DiagramAbdullah Jan
 
Fuzzing and Verifying RAT Refutations with Deletion Information
Fuzzing and Verifying RAT Refutations with Deletion InformationFuzzing and Verifying RAT Refutations with Deletion Information
Fuzzing and Verifying RAT Refutations with Deletion InformationTobias Philipp
 
Automata theory - Push Down Automata (PDA)
Automata theory - Push Down Automata (PDA)Automata theory - Push Down Automata (PDA)
Automata theory - Push Down Automata (PDA)Akila Krishnamoorthy
 
PUSH DOWN AUTOMATA VS TURING MACHINE
PUSH DOWN AUTOMATA VS TURING MACHINEPUSH DOWN AUTOMATA VS TURING MACHINE
PUSH DOWN AUTOMATA VS TURING MACHINEAbhishek Shivhare
 
Time series forecasting with ARIMA
Time series forecasting with ARIMATime series forecasting with ARIMA
Time series forecasting with ARIMAYury Kashnitsky
 
Formal Languages and Automata Theory Unit 1
Formal Languages and Automata Theory Unit 1Formal Languages and Automata Theory Unit 1
Formal Languages and Automata Theory Unit 1Srimatre K
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
透明な真理観を巡って
透明な真理観を巡って透明な真理観を巡って
透明な真理観を巡ってShunsuke Yatabe
 
Toc(df avs nfa)avishek130650107020
Toc(df avs nfa)avishek130650107020Toc(df avs nfa)avishek130650107020
Toc(df avs nfa)avishek130650107020Avishek Sarkar
 

What's hot (20)

NFA Converted to DFA , Minimization of DFA , Transition Diagram
NFA Converted to DFA , Minimization of DFA , Transition DiagramNFA Converted to DFA , Minimization of DFA , Transition Diagram
NFA Converted to DFA , Minimization of DFA , Transition Diagram
 
DFA Minimization
DFA MinimizationDFA Minimization
DFA Minimization
 
Fuzzing and Verifying RAT Refutations with Deletion Information
Fuzzing and Verifying RAT Refutations with Deletion InformationFuzzing and Verifying RAT Refutations with Deletion Information
Fuzzing and Verifying RAT Refutations with Deletion Information
 
Nfa to-dfa
Nfa to-dfaNfa to-dfa
Nfa to-dfa
 
Push down automata
Push down automataPush down automata
Push down automata
 
Dfa h11
Dfa h11Dfa h11
Dfa h11
 
Automata theory - Push Down Automata (PDA)
Automata theory - Push Down Automata (PDA)Automata theory - Push Down Automata (PDA)
Automata theory - Push Down Automata (PDA)
 
PDA (pushdown automaton)
PDA (pushdown automaton)PDA (pushdown automaton)
PDA (pushdown automaton)
 
PUSH DOWN AUTOMATA VS TURING MACHINE
PUSH DOWN AUTOMATA VS TURING MACHINEPUSH DOWN AUTOMATA VS TURING MACHINE
PUSH DOWN AUTOMATA VS TURING MACHINE
 
push down automata
push down automatapush down automata
push down automata
 
Time series forecasting with ARIMA
Time series forecasting with ARIMATime series forecasting with ARIMA
Time series forecasting with ARIMA
 
Formal Languages and Automata Theory Unit 1
Formal Languages and Automata Theory Unit 1Formal Languages and Automata Theory Unit 1
Formal Languages and Automata Theory Unit 1
 
Automata theory
Automata theoryAutomata theory
Automata theory
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Finite automata
Finite automataFinite automata
Finite automata
 
Nfa vs dfa
Nfa vs dfaNfa vs dfa
Nfa vs dfa
 
透明な真理観を巡って
透明な真理観を巡って透明な真理観を巡って
透明な真理観を巡って
 
Aho corasick-lecture
Aho corasick-lectureAho corasick-lecture
Aho corasick-lecture
 
Finite automata
Finite automataFinite automata
Finite automata
 
Toc(df avs nfa)avishek130650107020
Toc(df avs nfa)avishek130650107020Toc(df avs nfa)avishek130650107020
Toc(df avs nfa)avishek130650107020
 

Viewers also liked

Solvency II - CIC Reflection
Solvency II - CIC ReflectionSolvency II - CIC Reflection
Solvency II - CIC ReflectionThu-Phuong DO
 
05.晨遊德國烏帕塔城市.購物.晚餐.到杜塞道夫機場領回行李(.2016.05.22)
05.晨遊德國烏帕塔城市.購物.晚餐.到杜塞道夫機場領回行李(.2016.05.22)05.晨遊德國烏帕塔城市.購物.晚餐.到杜塞道夫機場領回行李(.2016.05.22)
05.晨遊德國烏帕塔城市.購物.晚餐.到杜塞道夫機場領回行李(.2016.05.22)溫秀嬌
 
11.歐洲旅行19天.結語.景點滿意度統計表
11.歐洲旅行19天.結語.景點滿意度統計表11.歐洲旅行19天.結語.景點滿意度統計表
11.歐洲旅行19天.結語.景點滿意度統計表溫秀嬌
 
USER STUDY FOR EXPLORATION OF USERS NEEDS
USER STUDY FOR EXPLORATION OF USERS NEEDS USER STUDY FOR EXPLORATION OF USERS NEEDS
USER STUDY FOR EXPLORATION OF USERS NEEDS IAEME Publication
 
A REVIEW ON LOAD BALANCING IN CLOUD USING ENHANCED GENETIC ALGORITHM
A REVIEW ON LOAD BALANCING IN CLOUD USING ENHANCED GENETIC ALGORITHM A REVIEW ON LOAD BALANCING IN CLOUD USING ENHANCED GENETIC ALGORITHM
A REVIEW ON LOAD BALANCING IN CLOUD USING ENHANCED GENETIC ALGORITHM IAEME Publication
 
RESOURCE SHARING: A LIBRARY PERCEPTIVE
RESOURCE SHARING: A LIBRARY PERCEPTIVE RESOURCE SHARING: A LIBRARY PERCEPTIVE
RESOURCE SHARING: A LIBRARY PERCEPTIVE IAEME Publication
 
Implementing Merge Sort
Implementing Merge SortImplementing Merge Sort
Implementing Merge Sortsmita gupta
 
Merge sort code in C explained
Merge sort code in C explained Merge sort code in C explained
Merge sort code in C explained Mohit Tare
 

Viewers also liked (20)

Rtai
RtaiRtai
Rtai
 
Solvency II - CIC Reflection
Solvency II - CIC ReflectionSolvency II - CIC Reflection
Solvency II - CIC Reflection
 
Bab iii matematika
Bab iii matematikaBab iii matematika
Bab iii matematika
 
Cuento para el blog
Cuento para el blogCuento para el blog
Cuento para el blog
 
Ch12 Tree
Ch12 TreeCh12 Tree
Ch12 Tree
 
05.晨遊德國烏帕塔城市.購物.晚餐.到杜塞道夫機場領回行李(.2016.05.22)
05.晨遊德國烏帕塔城市.購物.晚餐.到杜塞道夫機場領回行李(.2016.05.22)05.晨遊德國烏帕塔城市.購物.晚餐.到杜塞道夫機場領回行李(.2016.05.22)
05.晨遊德國烏帕塔城市.購物.晚餐.到杜塞道夫機場領回行李(.2016.05.22)
 
11.歐洲旅行19天.結語.景點滿意度統計表
11.歐洲旅行19天.結語.景點滿意度統計表11.歐洲旅行19天.結語.景點滿意度統計表
11.歐洲旅行19天.結語.景點滿意度統計表
 
Merge sort
Merge sortMerge sort
Merge sort
 
05 dc1
05 dc105 dc1
05 dc1
 
Data mining
Data miningData mining
Data mining
 
USER STUDY FOR EXPLORATION OF USERS NEEDS
USER STUDY FOR EXPLORATION OF USERS NEEDS USER STUDY FOR EXPLORATION OF USERS NEEDS
USER STUDY FOR EXPLORATION OF USERS NEEDS
 
A REVIEW ON LOAD BALANCING IN CLOUD USING ENHANCED GENETIC ALGORITHM
A REVIEW ON LOAD BALANCING IN CLOUD USING ENHANCED GENETIC ALGORITHM A REVIEW ON LOAD BALANCING IN CLOUD USING ENHANCED GENETIC ALGORITHM
A REVIEW ON LOAD BALANCING IN CLOUD USING ENHANCED GENETIC ALGORITHM
 
Computational Logic
Computational LogicComputational Logic
Computational Logic
 
Professional code of ethics
Professional code of ethicsProfessional code of ethics
Professional code of ethics
 
RESOURCE SHARING: A LIBRARY PERCEPTIVE
RESOURCE SHARING: A LIBRARY PERCEPTIVE RESOURCE SHARING: A LIBRARY PERCEPTIVE
RESOURCE SHARING: A LIBRARY PERCEPTIVE
 
Merge sort
Merge sortMerge sort
Merge sort
 
Merge sort
Merge sortMerge sort
Merge sort
 
Merge sort
Merge sortMerge sort
Merge sort
 
Implementing Merge Sort
Implementing Merge SortImplementing Merge Sort
Implementing Merge Sort
 
Merge sort code in C explained
Merge sort code in C explained Merge sort code in C explained
Merge sort code in C explained
 

Similar to MSc_thesis

A Mathematical Review to Estimate the Fate of a Drug Following Open Two Compa...
A Mathematical Review to Estimate the Fate of a Drug Following Open Two Compa...A Mathematical Review to Estimate the Fate of a Drug Following Open Two Compa...
A Mathematical Review to Estimate the Fate of a Drug Following Open Two Compa...BRNSS Publication Hub
 
Laser 1-background
Laser 1-backgroundLaser 1-background
Laser 1-backgroundCarlo Ghezzi
 
Nondeterministic Finite Automata AFN.pdf
Nondeterministic Finite Automata AFN.pdfNondeterministic Finite Automata AFN.pdf
Nondeterministic Finite Automata AFN.pdfSergioUlisesRojasAla
 
EENG519FinalProjectReport
EENG519FinalProjectReportEENG519FinalProjectReport
EENG519FinalProjectReportDaniel K
 
lecture 10 formal methods in software enginnering.pptx
lecture 10 formal methods in software enginnering.pptxlecture 10 formal methods in software enginnering.pptx
lecture 10 formal methods in software enginnering.pptxSohaibAlviWebster
 
System overflow blocking-transients-for-queues-with-batch-arrivals-using-a-fa...
System overflow blocking-transients-for-queues-with-batch-arrivals-using-a-fa...System overflow blocking-transients-for-queues-with-batch-arrivals-using-a-fa...
System overflow blocking-transients-for-queues-with-batch-arrivals-using-a-fa...Cemal Ardil
 
Symbolic Execution as DPLL Modulo Theories
Symbolic Execution as DPLL Modulo TheoriesSymbolic Execution as DPLL Modulo Theories
Symbolic Execution as DPLL Modulo TheoriesQuoc-Sang Phan
 
Score-driven models for forecasting - Blasques F., Koopman S.J., Lucas A.. Ju...
Score-driven models for forecasting - Blasques F., Koopman S.J., Lucas A.. Ju...Score-driven models for forecasting - Blasques F., Koopman S.J., Lucas A.. Ju...
Score-driven models for forecasting - Blasques F., Koopman S.J., Lucas A.. Ju...SYRTO Project
 
SLAM of Multi-Robot System Considering Its Network Topology
SLAM of Multi-Robot System Considering Its Network TopologySLAM of Multi-Robot System Considering Its Network Topology
SLAM of Multi-Robot System Considering Its Network Topologytoukaigi
 
Bayesian Inference and Uncertainty Quantification for Inverse Problems
Bayesian Inference and Uncertainty Quantification for Inverse ProblemsBayesian Inference and Uncertainty Quantification for Inverse Problems
Bayesian Inference and Uncertainty Quantification for Inverse ProblemsMatt Moores
 
10 modtab
10 modtab10 modtab
10 modtabHanibei
 
TMPA-2015: Implementing the MetaVCG Approach in the C-light System
TMPA-2015: Implementing the MetaVCG Approach in the C-light SystemTMPA-2015: Implementing the MetaVCG Approach in the C-light System
TMPA-2015: Implementing the MetaVCG Approach in the C-light SystemIosif Itkin
 
Iterative methods with special structures
Iterative methods with special structuresIterative methods with special structures
Iterative methods with special structuresDavid Gleich
 
Approximate Bayesian Computation with Quasi-Likelihoods
Approximate Bayesian Computation with Quasi-LikelihoodsApproximate Bayesian Computation with Quasi-Likelihoods
Approximate Bayesian Computation with Quasi-LikelihoodsStefano Cabras
 
Quantum Annealing for Dirichlet Process Mixture Models with Applications to N...
Quantum Annealing for Dirichlet Process Mixture Models with Applications to N...Quantum Annealing for Dirichlet Process Mixture Models with Applications to N...
Quantum Annealing for Dirichlet Process Mixture Models with Applications to N...Shu Tanaka
 

Similar to MSc_thesis (20)

ATPG of reversible circuits
ATPG of reversible circuitsATPG of reversible circuits
ATPG of reversible circuits
 
20320140501020
2032014050102020320140501020
20320140501020
 
Quantified NTL
Quantified NTLQuantified NTL
Quantified NTL
 
A Mathematical Review to Estimate the Fate of a Drug Following Open Two Compa...
A Mathematical Review to Estimate the Fate of a Drug Following Open Two Compa...A Mathematical Review to Estimate the Fate of a Drug Following Open Two Compa...
A Mathematical Review to Estimate the Fate of a Drug Following Open Two Compa...
 
Laser 1-background
Laser 1-backgroundLaser 1-background
Laser 1-background
 
Nondeterministic Finite Automata AFN.pdf
Nondeterministic Finite Automata AFN.pdfNondeterministic Finite Automata AFN.pdf
Nondeterministic Finite Automata AFN.pdf
 
EENG519FinalProjectReport
EENG519FinalProjectReportEENG519FinalProjectReport
EENG519FinalProjectReport
 
lecture 10 formal methods in software enginnering.pptx
lecture 10 formal methods in software enginnering.pptxlecture 10 formal methods in software enginnering.pptx
lecture 10 formal methods in software enginnering.pptx
 
System overflow blocking-transients-for-queues-with-batch-arrivals-using-a-fa...
System overflow blocking-transients-for-queues-with-batch-arrivals-using-a-fa...System overflow blocking-transients-for-queues-with-batch-arrivals-using-a-fa...
System overflow blocking-transients-for-queues-with-batch-arrivals-using-a-fa...
 
Symbolic Execution as DPLL Modulo Theories
Symbolic Execution as DPLL Modulo TheoriesSymbolic Execution as DPLL Modulo Theories
Symbolic Execution as DPLL Modulo Theories
 
Score-driven models for forecasting - Blasques F., Koopman S.J., Lucas A.. Ju...
Score-driven models for forecasting - Blasques F., Koopman S.J., Lucas A.. Ju...Score-driven models for forecasting - Blasques F., Koopman S.J., Lucas A.. Ju...
Score-driven models for forecasting - Blasques F., Koopman S.J., Lucas A.. Ju...
 
SLAM of Multi-Robot System Considering Its Network Topology
SLAM of Multi-Robot System Considering Its Network TopologySLAM of Multi-Robot System Considering Its Network Topology
SLAM of Multi-Robot System Considering Its Network Topology
 
Solving heat conduction equation (parabolic pde)
Solving heat conduction equation (parabolic pde)Solving heat conduction equation (parabolic pde)
Solving heat conduction equation (parabolic pde)
 
Bayesian Inference and Uncertainty Quantification for Inverse Problems
Bayesian Inference and Uncertainty Quantification for Inverse ProblemsBayesian Inference and Uncertainty Quantification for Inverse Problems
Bayesian Inference and Uncertainty Quantification for Inverse Problems
 
10 modtab
10 modtab10 modtab
10 modtab
 
PhDretreat2011
PhDretreat2011PhDretreat2011
PhDretreat2011
 
TMPA-2015: Implementing the MetaVCG Approach in the C-light System
TMPA-2015: Implementing the MetaVCG Approach in the C-light SystemTMPA-2015: Implementing the MetaVCG Approach in the C-light System
TMPA-2015: Implementing the MetaVCG Approach in the C-light System
 
Iterative methods with special structures
Iterative methods with special structuresIterative methods with special structures
Iterative methods with special structures
 
Approximate Bayesian Computation with Quasi-Likelihoods
Approximate Bayesian Computation with Quasi-LikelihoodsApproximate Bayesian Computation with Quasi-Likelihoods
Approximate Bayesian Computation with Quasi-Likelihoods
 
Quantum Annealing for Dirichlet Process Mixture Models with Applications to N...
Quantum Annealing for Dirichlet Process Mixture Models with Applications to N...Quantum Annealing for Dirichlet Process Mixture Models with Applications to N...
Quantum Annealing for Dirichlet Process Mixture Models with Applications to N...
 

MSc_thesis

  • 1. Computational Tree Logic Is Equivalent To Failure Trace Testing Student: A. F. M. Nokib Uddin Supervisor: Dr. Stefan D. Bruda MSc Thesis Presentation Dept. of Computer Science 17/24/2015
  • 2. 2 Contents  Introduction  Preliminaries  Previous Works  CTL is Equivalent To Failure Trace Testing  Conclusion  References 7/24/2015
  • 3. 3 Introduction Computing systems are already present in our everyday life, from entertainment systems at home, to telephone networks and the Internet, to health case, transportation, and energy infrastructure. Ensuring the correct behavior of software and hardware has been one of the goals of Computer Science since the dawn of computing. In many cases no failure is accepted. 7/24/2015
  • 4. 4 Introduction Example of failure of Computing Systems: Lockheed Martin F-35 Joint Strike Fighter: The plane is expected to cost $1.5 trillion over its useful life, of which about $400 billion has already been spent. Toyota Motor Corp. is recalling about 295,000 Lexus and Toyota brand vehicles globally, mostly in the United States, because various safety systems including stability control and anti-lock brakes could become inoperative. 7/24/2015
  • 5. 5 Introduction Verification is the process of checking that a system meets specifications and that it fulfills its intended purpose. There are four kinds of methods of verification:  Testing (or Simulation)  Deductive Verification  Model based Testing  Model Checking 7/24/2015
  • 6. 6 Introduction  It was shown earlier [3] that CTL and failure trace testing are equivalent; that is, for any failure trace test there exists a CTL formula equivalent to it, and the other way around. Both conversions are constructive and algorithmic.  The proof of the conversion from CTL formulae to failure trace tests (and implicitly the associated algorithm) is however incorrect.  We now provide a correct proof for the existence of a conversion from CTL formulae to failure trace tests. 7/24/2015
  • 7. 7 Preliminaries Kripke structure: Formally, A Kripke Structure K is a 5-tuple (S; S0; AP; →; L), where: 1. S is a set of states. 2. S0 is the set of initial states: S0 ⊆ S. 3. AP is a set of atomic propositions. 4. → is a total transition relation: →⊆ S × S. 5. L is a state labelling: L: S → 2AP. Note that, the shorthand notation s → t is used for stating that (s; t) ∈ →. Labeled Transition System(LTS): An LTS is a tuple M = (S, A, →, s0) where, S is a countable, non-empty set of states, s0 ∈ S is the initial state and A is a countable set of actions. The actions in A are called visible (or observable), by contrast with the special, unobservable action τ ∉ A (also called internal action). The relation →⊆ S × (A ∪ {τ}) × S is the transition relation; we use p a→ q instead of (p, a, q) ∈ →. A transition p a→ q means that state p becomes state q after performing the action a. 7/24/2015
  • 8. 8 Preliminaries Computation Tree logic (CTL): In CTL, the temporal operators X, F, G, U, R must be immediately preceded by one of the path quantifiers A or E. f = ⊤ | ⊥ | a | ¬f | f1 ∧ f2 | f1 ∨ f2 | AX f | AF f | AG f | A f1 U f2 | A f1 R f2 | EX f | EF f | EG f | E f1 U f2 | E f1 R f2 The truth value of a CTL formula is defined in terms of Kripke structures. The notation K, s ⊨ f means that in a Kripke structure K, formula f is true in state s. The notation K, π ⊨ f means that in a Kripke structure K, formula f is true along the path π. The meaning of ⊨ is defined inductively. Where, f and g are state formulae unless stated otherwise. 7/24/2015
  • 9. 9 Preliminaries CTL formulae is defined over Kripke structure: State formulae 1. K, s ⊨⊤ is true and K, s ⊨ ⊥ is false for any state s in any Kripke structure K. 2. K, s ⊨ a, a ∈ AP iff a ∈ L(s). 3. K, s ⊨¬f iff ¬(K, s ⊨ f ). 4. K, s ⊨ f ∧ g iff K, s ⊨ f and K, s ⊨g. 5. K, s ⊨ f ∨ g iff K, s ⊨ f or K, s ⊨g. 6. K, s ⊨ E f for some path formula f iff there is a path π = s → s1 → s2 → · · · → si such that K, π ⊨f. 7. K, s ⊨ A f for some path formula f iff K, π ⊨ f for all paths π = s → s1 → s2 → · · · → si. 7/24/2015
  • 10. 10 Preliminaries Path formulae: We use πi to denote the i-th state of a path π (with the first state being state 0, or π0). The definition of ⊨for path formulae is: 1. K, π ⊨ X f iff k, π1⊨f . 2. K, π ⊨ f U g iff there exists j ≥ 0 such that K, πj ⊨ g and K, πk ⊨g for all k ≥ j, and for all i < j K, πi ⊨ f . 3. K, π ⊨f R g iff for all j ≥ 0, if K, πi ⊭ f for every i < j then K, πj ⊨ g 7/24/2015
  • 11. 11 Preliminaries Failure Trace Testing: A failure trace f is a string of the form f = A0a1A1a2 . . . Anan, n≥ 0, with ai ∈ A* (sequences of actions) and Ai ⊆ A (sets of refusals). Let p be a process such that p ∈⇒p0 a1⇒p1 a2⇒…………….. an⇒ pn; f = A0a1A1a2 . . . Anan is then a failure trace of p whenever the following two conditions hold: a. If ¬ (pi τ→), then Ai ⊆ (A init(pi)); for a stable state the failure trace refuses any set of events that cannot be performed in that state (including the empty set). b. If pi τ→ then then Ai = ∅; whenever pi is not a stable state it refuses an empty set of events by definition. Systems and tests can be concisely described using the testing language TLOTOS. The syntax of TLOTOS is then defined as follows: t=stop | a;t1 | i;t1 | θ;t1 | pass | t1 □ t2 | ∑ T 1. inaction (stop): no rules. 2. action prefix: a; t1 a→ t1 and i; t1 τ→ t1 7/24/2015
  • 12. 12 Preliminaries 3. deadlock detection: θ; t1 θ→ t1 4. successful termination: pass γ→ stop 5. choice: with g ∈ A ∪ { γ, θ, τ}, 6. generalized choice: with g ∈ A ∪ { γ, θ, τ}, Failure trace tests are defined in TLOTOS using the special actions γ which signals the successful completion of a test, and which θ is the deadlock detection label. 7/24/2015
  • 13. 13 Previous Works EQUIVALENCE BETWEEN KRIPKE STRUCTURES AND LTS: Definition 1: Given a Kripke structure K and a set of states Q of K, the pair K, Q is equivalent to a process p, written K, Q ≃ p (or p ≃ K, Q), iff for any CTL* formula f K, Q ⊨ f iff p ⊨ f . Proposition 1:There exists an algorithmic function 𝕂 which converts a labeled transition system p into a Kripke structure K and a set of states Q such that p ≃ (K, Q). Specifically, for any labeled transition system p = (S, A, →, s0), its equivalent Kripke structure K is defined as K = (S’, Q, R’, L’) where: 1. S’ = {(s, x): s ∈ S, x ⊆ init(s)}. 2. Q = {(s0, x) ∈ S’}. 3. R’ contains exactly all the transitions ((s, N), (t, O)) such that (s, N), (t, O) ∈ S’, and (a) for any n∈N, s n⇒t (b) for some q∈ S and for any o∈O, t o⇒q, and (c) if N =∅ ; then O =∅ ; and t = s (these loops ensure that the relation R’ is complete). 4. L’ : S’ → 2AP such that L’(s, x) = x, where AP = A. 7/24/2015
  • 14. 14 Previous Works Equivalence between Kripke structure and LTS Each state of the Kripke structure (b) is labeled with the LTS state it came from, and the set of propositions that hold in that Kripke state. Fig.1: A conversion of an LTS (a) to an equivalent Kripke structure (b) 7/24/2015
  • 15. 15 Previous Works From Failure Trace Test to CTL formulae: Let 𝒫 be the set of all processes, 𝒯 the set of all tests, and ℱ the set of all CTL formulae. Proposition 2: There exists a function ℂ: 𝒯→ℱ such that p may t iff 𝕂(p)⊨ℂ (t) for any p∈ 𝒫. Proof Sketch: The function ℂ is defined inductively. The basis is naturally defined as follows: 1. ℂ (pass)=⊤ 2. ℂ (stop)=⊥ The inductive constructs are then defined as follows: 1. ℂ (i;t)= ℂ (t) 2. ℂ (a;t)= a ∧ EX ℂ (t) 3. ℂ (∑Ƭ)=Vt∈Ƭ ℂ (t), where Vt∈Ƭ={t1,…..tn} t is the usual short hand for t1 ∨……..∨ tn 4. ℂ (∑Ƭ □ θ,t) = (ℂ (t1) ∨ ℂ (t2) ∨ ……. ℂ (tn)) ∨ (¬ (ℂ (t1) ∧ ℂ (t2) ∧…….. ℂ (tn) ) ∧ ℂ (t), where Ƭ={t1,t2,……..tn}. Several constructs were not considered since they can be expressed using the above constructs. 7/24/2015
  • 16. 16 Previous Works Fig. 2: Two Coffee machines b1 and b2. Example 1: HOW TO TELL LOGICALLY THAT YOUR COFFEE MACHINE IS WORKING b1 = coin; (tea □ bang; coffee) □ coin; (coffee □ bang; tea) b2 = coin; (tea □ bang; tea) □ coin; (coffee □ bang; coffee) 7/24/2015
  • 17. 17 Previous Works One failure trace test that differentiate these two machines is t = coin; (coffee; pass □ θ; bang; coffee; pass) The conversion of the failure trace test t into a CTL formula as per Proposition yields: ℂ (t) = coin ∧ EX (coffee ∨ ¬ coffee ∧ bang ∧ EX coffee) 7/24/2015
  • 18. 18 CTL is equivalent to Failure Trace Testing Theorem 1: For every failure trace test there exists an equivalent CTL formula and the other way around. Furthermore a failure trace test can be algorithmically converted into its equivalent CTL formula and the other way around. Now, Let 𝒫 be the set of all processes, 𝒯 the set of all tests, and ℱ the set of all CTL formulae. Lemma 1: For any test t ∈ 𝒯 there exists a test ¬t ∈ 𝒯 such that p may t iff ¬ (p may ¬ t) for any p∈ 𝒫. Proof: We first force all the success states to become deadlock states by eliminating the outgoing action γ from t completely. If the action that leads to a state thus converted is θ then this action is removed as well. Finally, we add to all the states having their outgoing transitions θ or γ eliminated in the previous steps one outgoing transition labeled θ followed by one outgoing transition labeled γ. 7/24/2015
  • 19. 19 CTL is equivalent to Failure Trace Testing Lemma 2: For any two tests t1, t2 ∈ 𝒯 there exists a test t1 ∨ t2 ∈ 𝒯 such that p may (t1 ∨ t2) iff (p may t1) ∨ (p may t2) for any p∈ 𝒫. For the induction step we consider without loss of generality that t1 and t2 have the following structure: t1 =∑ {b1; t1 (b1) : b1 ∈ B1} □ θ; tN1 t2 =∑ {b2; t2 (b2) : b2 ∈ B2} □ θ; tN2 We then construct t1 ∨ t2 under the inductive assumption that the disjunction between any of the “inner” tests t1(b1), tN1 , t2(b2), and tN2 is known. We have: ∑ {b1; t1 (b1): b1 ∈ B1} □ θ; tN1 ∨ ∑ {b2; t2 (b2) : b2 ∈ B2} □ θ; tN2 = ∑ {b; (t1 (b) ∨ t2 (b)) : b ∈ B1 ∩ B2} □ ∑ {b; (t1 (b) ∨ [tN2]b) : b ∈ B1 B2} □ ∑ {b; (t2 (b) ∨ [tN1]b) : b ∈ B2 B1} □ θ; ( tN1 ∨ tN2 ) 7/24/2015
  • 20. 20 CTL is equivalent to Failure Trace Testing Where [t]b is the test t restricted to performing b as its first action and so is inductively constructed as follows: 1. If t = stop then [t]b = stop. 2. If t = pass then [t]b = pass. 3. If t = b; t’ then [t]b = t’. 4. If t = a; t’ with a ≠ b then [t]b = stop. 5. If t = i; t’ then [t]b = [t’]b 6. If t = t’ □ t” such that neither t’ nor t” contain θ in their topmost choice then [t]b =[t’]b □ [t”]b. 7. If t = b; t’ □ θ; t” then [t]b = t’. 8. If t = a; t’□ θ; t” with a≠ b then [t]b = [t”]b. 7/24/2015
  • 21. 21 CTL is equivalent to Failure Trace Testing Example 2: A disjunction of Test: Consider the construction t1 ∨ t2, where: t1 = (bang; tea; pass) □ (coin; (coffee; stop □ θ; pass)) t2 = (coin; pass) □ (nudge; stop) □ (θ; (bang; water; pass □ turn; stop)) We have B1 = {coin, bang} and B2 = {coin, nudge} So, B1 ∩ B2 = {coin}, B1 B2 = {bang}, and B2 B1 = {nudge}. We further note that, t1 (coin) = coffee; stop □ θ; pass, t1(bang) =tea; pass, tN1 = stop, t2(coin) = pass, t2(nudge) = stop, and tN2 =bang; water; pass □ turn; stop 7/24/2015
  • 22. 22 CTL is equivalent to Failure Trace Testing Step 1: Therefore we have: t1 ∨ t2 = (coin; (t1(coin) ∨ t2(coin))) □ (bang; (t1(bang) ∨ [tN2]bang)) □ (nudge; (t2(nudge) ∨ [tN1]nudge)) □ θ; (tN1 ∨ tN2) = (coin; pass) □ (bang; (t1(bang) ∨ [tN2]bang)) □ (nudge; stop) □ (θ; (bang; water; pass □ turn; stop)) Step 2: t1 ∨ t2 = (coin; pass) □ (bang; ((tea; pass) □ (water; pass))) □ (nudge; stop) □ (θ; (bang; water; pass □ turn; stop)) 7/24/2015
  • 23. 23 CTL is equivalent to Failure Trace Testing Specification: 1. If a coin is inserted then the test succeeds. Indeed, this case from t2 supersedes the corresponding special case from t1: the success of the test implies that the machine is allowed to do anything afterward, including not dispensing coffee. 2. We get either tea or water after hitting the machine. Getting tea comes from t1 and getting water from t2 (where the bang event comes from the θ branch). 3. If we nudge the machine then the test fails immediately; this comes directly from t2. 4. In all the other cases the test behaves like the θ branch of t2. This behavior makes sense since there is no such a branch in t1. 7/24/2015
  • 24. 24 CTL is equivalent to Failure Trace Testing Corollary 1: For any tests t1, t2 ∈ 𝒯 there exists a test t1 ∧ t2 ∈ 𝒯 such that p may (t1 ∧ t2) iff (p may t1) ∧ (p may t2) for any p∈ 𝒫. Proof. Immediate from Lemmata 1 and 2, using the De Morgan rule a ∧ b = ¬ (¬a ∨¬b). We are now ready to show that any CTL formula can be converted into an equivalent failure trace test. Theorem 2: There exists a function 𝕋: ℱ→ 𝒯 such that 𝕂 (p) ⊨ f iff p may 𝕋(f) for any p∈ 𝒫. 7/24/2015
  • 25. 25 CTL is equivalent to Failure Trace Testing Proof: The proof is done by structural induction over CTL formulae. As before, the function 𝕋 will also be defined inductively in the process. We have naturally 𝕋 (⊤) = pass and 𝕋 (⊥) = stop. To complete the basis we have 𝕋 (a) = a; pass, which is an immediate consequence of the definition of 𝕂. We therefore have negation of test: 𝕋(¬f ) = ¬𝕋 ( f ) Disjunction of tests: 𝕋(f1 ∨ f2 )= 𝕋(f1) ∨ 𝕋(f2) Conjunction of tests: 𝕋(f1 ∧ f2 )= 𝕋(f1) ∧ 𝕋(f2) 7/24/2015
  • 26. 26 CTL is equivalent to Failure Trace Testing Temporal Operators: EX f We have 𝕋 (EX f ) = ∑ {a; 𝕋( f ) : a ∈A}. When applied to some process p the resulting test performs any action a ∈A and then (in the nest state p’ such that p a→ p’) gives control to 𝕋 (f). 𝕋(f) will always test the next state (since there is no θ in the top choice), and there is no restriction as to what particular next state p’ is expected (since any action of p is accepted by the test). EF f We then have 𝕋(EF f) = t’ such that t’ = 𝕋( f ) □ (∑ (a; t’ : a ∈ A)). It specifies that at any given time the system under test has a choice to either pass 𝕋(f) or perform some (any) action and then pass t’ anew. Repeating this description recursively we conclude that to be successful the system under test can pass 𝕋(f), or perform an action and then pass 𝕋(f ), or perform two actions and then pass 𝕋(f) and so on. 7/24/2015
  • 27. 27 CTL is equivalent to Failure Trace Testing Fig. 3: Test equivalent to CTL formula EF f (a) and its unfolded version (b). 7/24/2015
  • 28. 28 CTL is equivalent to Failure Trace Testing EG f We have 𝕋 (EG f ) = 𝕋 ( f ) ∧ (𝕋 (EX f’) □ θ; pass), with f’ = f ∧ EX f’. Suppose that p may (EG f ). This implies that p may 𝕋 ( f ). This also imply that p may 𝕋 (EX f’) but only unless p = stop; indeed, the θ choice appears in conjunction with a multiple choice that offers all the possible alternatives (see the conversion for EX above) and so can only be taken if no other action is available. E f1 U f2 Finally we have 𝕋 (E f1 U f2) = ((f1) ∧ (𝕋 (EX f’) □ θ; pass)) □ i; (𝕋( f2) ∧ (𝕋 (EX f”) □ θ; pass)), with f’ = f1 ∧ EX f’ and f’’ = f2 ∧ EX f”. Thus we complete the proof and the conversion between CTL formulae and sequential tests. Indeed, note that EX, EF, EG, and EU is a minimal set of temporal operators for CTL, so all the remaining CTL constructs can be rewritten using only the constructs discussed above. 7/24/2015
  • 29. 29 CTL is equivalent to Failure Trace Testing Example 3 HOW TO TEST THAT YOUR COFFEE MACHINE IS WORKING: b1 = coin; (tea □ bang; coffee) □ coin; (coffee □ bang; tea) b2 = coin; (tea □ bang; tea) □ coin; (coffee □ bang; coffee) CTL formula was found to differentiate between the two machines: Φ = coin ∧ EX (coffee ∨ ¬ coffee ∧ bang ∧ EX coffee) The process of converting the formula Φ to a test suite 𝕋(Φ) then goes as follows: Let, C = {coin, tea, bang, coffee} be the set of all actions. 7/24/2015
  • 30. 30 CTL is equivalent to Failure Trace Testing Step 1: We convert first, bang ∧ EX coffee = ¬ (¬ bang ∨ ¬EX coffee). We have, 𝕋 (¬bang) = bang; stop □ θ; pass. On the other hand, 𝕋 (EX coffee) = ∑ {a; coffee; pass: a ∈C} and so, 𝕋 (¬EX coffee) = ∑ {a; coffee; stop □ θ; pass : a ∈ C} □ θ; pass = ∑ {a; coffee; stop □ θ; pass :a ∈ C} 𝕋 (¬ (bang ∧ EX coffee)) = bang; (coffee; stop□ θ; pass) □ θ; pass Negating this test yields: 𝕋 (bang ∧ EX coffee) = bang; coffee; pass 7/24/2015
  • 31. 31 CTL is equivalent to Failure Trace Testing Step 2: We move to, ¬coffee ∧ bang ∧ EX coffee = ¬ (coffee ∨ ¬ (bang ∧ EX coffee)). Therefore 𝕋 (coffee ∨ ¬ (bang ∧ EX coffee)) = coffee; pass □ bang; (coffee; stop □ θ; pass) □ θ; pass Negating this test yields: 𝕋 (¬coffee ∧ bang ∧ EX coffee) = coffee; stop □ bang; coffee; pass Step 3: The conversion of coffee ∨ ¬coffee ∧ bang ∧ EX coffee combines in a disjunction the test coffee; pass and the test from previous step. 𝕋 (coffee ∨ ¬coffee ∧ bang ∧ EX coffee) = coffee; pass □ bang; coffee; pass 7/24/2015
  • 32. 32 CTL is equivalent to Failure Trace Testing Step 4: Let, Φ’ = coffee ∨ ¬ coffee ∧ bang ∧ EX coffee We have 𝕋(EX Φ’) = ∑ {a; 𝕋 (Φ’) : a ∈ C} and therefore 𝕋(EX Φ’) = ∑ {a; (coffee; pass □ bang; coffee; pass) : a ∈ C} We will actually need in what follows the negation of this formula, which is the following: 𝕋(¬EX Φ’) =∑{a; (coffee; stop □ bang; (coffee; stop □ θ; pass) □ θ; pass) : a ∈ C} □ θ; pass 7/24/2015
  • 33. 33 CTL is equivalent to Failure Trace Testing Fig. 4: Conversion of Tests 𝕋(EX Φ’) (a) into it’s negation ¬𝕋(EX Φ’) (b). 7/24/2015
  • 34. 34 CTL is equivalent to Failure Trace Testing Step 5: Top formulae, Φ = coin ∧ EX Φ’ = ¬ (¬coin ∨ ¬EX Φ’) Therefore we obtain, 𝕋(¬coin ∨ ¬EX Φ’) = coin; (coffee; stop □ bang; (coffee; stop □ θ; pass) □ θ; pass) □ θ; pass Negating the above expression results in the test equivalent to the original formula: 𝕋 (Φ) = coin; (coffee; pass □ bang; coffee; pass) Recall now that the test we started from in Example 1 was slightly different, namely: t = coin; (coffee; pass □ θ; bang; coffee; pass) We argue however that these two tests are in this case equivalent. 7/24/2015
  • 35. 35 Conclusion We provide a correct proof for the existence of a conversion from CTL formulae to failure trace testing. Our revised proof continues to be constructive and so the conversion continues to be algorithmic. We also offer intuitive support for our proof by providing worked examples related to the examples used earlier works [4]. Our corrected proof completes an algorithmic solution that allows the free mix of logic and algebraic specifications for any system, thus offering increased flexibility and convenience in system specification for formal verification. 7/24/2015
  • 36. 36 References [1] S. SCHNEIDER, Concurrent and Real-time Systems: The CSP Approach, John Wiley & Sons, 2000. . [2] S. D. BRUDA AND C. DAI, A testing theory for real-time systems, International Journal of Computers, 4 (2010), pp. 97–106. [3] S. D. BRUDA AND Z. ZHANG, Model checking is refinement: Computation tree logic is equivalent to failure trace testing, Tech. Rep. 2009-002, Bishop’s University, Department of Computer Science, Aug. 2009. [4] S. D. BRUDA AND Z. ZHANG, Refinement is model checking: From failure trace tests to computation tree logic, in Proceedings of the 13th IASTED International Conference on Software Engineering and Applications (SEA 09), Cambridge, MA, Nov. 2009. [5] M. BROY, B. JONSSON, J.-P. KATOEN, M. LEUCKER, AND A. PRETSCHNER, eds., Model- Based Testing of Reactive Systems: Advanced Lectures, vol. 3472 of Lecture Notes in Computer Science, Springer, 2005. And More ………….. 7/24/2015