G. von Bochmann

Test selection based on communicating nondeterministic finite-state machines using a generalized Wp-method

Presents a method of generating test sequences for concurrent programs and communication protocols that are modeled as communicating nondeterministic finite-state machines (CNFSMs). A conformance relation, called trace-equivalence, is defined within this model, serving as a guide to test generation. A test generation method for a single nondeterministic finite-state machine (NFSM) is developed, which is an improved and generalized version of the Wp-method that generates test sequences only for deterministic finite-state machines. It is applicable to both nondeterministic and deterministic finite-state machines. When applied to deterministic finite-state machines, it yields usually smaller test suites with full fault coverage than the existing methods that also provide full fault coverage, provided that the number of states in implementation NFSMs are bounded by a known integer. For a system of CNFSMs, the test sequences are generated in the following manner: a system of CNFSMs is first reduced into a single NFSM by reachability analysis; then the test sequences are generated from the resulting NFSM using the generalized Wp-method. >

Deriving protocol specifications from service specifications

The service concept has acquired an increasing level of recognition by protocol designers. Being an architectural concept, the service concept influences the methodology applied to service and protocol definition. Since the protocol is seen as the logical implementation of the service, one can ask the question whether it is possible to formally derive the specification of a protocol providing a given service. This paper addresses this question and presents an algorithm for deriving a protocol specification from a given service specification. It is assumed that services are described by expressions including operators for sequence, parallelism and alternatives and primitive service interactions. The expression defining the service is the basis for the protocol derivation process. The presented algorithm fully automates the derivation process. Future work focuses on the inclusion of parameters and the optimization of traffic between protocol entities. Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specfic permission.

New results on deriving protocol specifications from service specifications

Previous papers describe an algorithm for deriving a specification of protocol entities from a given service specification. A service specification defines a particular ordering for the execution of service primitives at the different service access points using operators for sequential, parallel and alternative executions. The derived protocol entities ensure the correct ordering by exchanging appropriate synchronization messages, between one another through the underlying communication medium. This paper presents several new results which represent important improvements to the above protocol derivation approach. First the language restriction to finite behaviors is removed by allowing for the definition of procedures which can be called recursively. Secondly, a new derivation algorithm has been developed which is much simpler than the previous one. Third, the resulting protocol specifications are much more optimized than those obtained previously.

Test result analysis and diagnostics for finite state machines

An algorithm that localizes the faulty transition in a deterministic finite state machine (FSM) once the fault has been detected is presented. The diagnostic algorithm generates, if necessary, additional diagnostic test cases which depend on the observed symptom and which permit the location of the detected fault. The algorithm guarantees the diagnosis of any single fault in an FSM. An application example, explaining the functioning of the algorithm, is provided.<<ETX>>

Performance evaluation for distributed system components

The performance evaluation of hardware and software system components is based on statistics that are long views on the behavior of these components. Since system resources may have unexpected behavior, relevant current information becomes useful in the management process of these systems, especially for data gathering, reconfiguration, and fault detection activities. Actually, there are few criteria to property evaluate the current availability of component services within distributed systems. Hence, the management system can not realistically select the most suitable decision for configuration. In this paper, we present a proposal for a continuous evaluation of component behaviour related to state changes. This model is further extended by considering different categories of events concerning the degradation of the operational state or usage state. Our proposals are based on the possibility of computing at the component level, the current availability of this component by continuous evaluation. we introduce a several current availability features and propose formula to compute them. Other events concerning a managed object are classified as warning, critical or outstanding, which leads to a more accurate operational view on a component. Several counter-based events are thresholded to improve predictable reconfiguration decisions concerning the usability of a component. The main goal is to offer to the management system current relevant information which can be used within management policies the flexible polling frequency tuned with respect to the current evaluation, or particular aspects related to dynamic tests within distributed systems. Implementation issues with respect to the standard recommendations within distributed systems are presented. Finally we describe how the reconfiguration management systems can use these features in order to monitor, predict, improve the existing configuration, or accommodate the polling frequency according to several simple criteria.

A quality of service negotiation procedure for distributed multimedia presentational applications

Most current approaches in designing and implementing distributed multimedia (MM) presentational applications have concentrated on the performance of the continuous media file servers in terms of seek-time overhead and real-time disk scheduling; particularly, the quality of service (QoS) negotiation mechanisms they provide are used in a rather static manner, i.e. these mechanisms are restricted to the evaluation of the capacity of certain system components. In contrast to those approaches, we propose a general QoS negotiation framework that supports the dynamic choice of a configuration of system components to support the QoS requirements of the user of a specific application: we consider different possible system configurations and select an optimal one to provide the appropriate QoS support. We document the design and implementation of a QoS negotiation procedure for distributed MM presentational applications, such as news-on-demand. The negotiation procedure described is an instantiation of the general framework for QoS negotiation. Our proposal differs in many respect with the negotiation functions provided by existing approaches: (1) the negotiation process uses an optimization approach to find a configuration of system components which supports the user requirements, (2) the negotiation process supports the negotiation of a MM document and not only a single monomedia object, (3) the QoS negotiation takes into account the cost to the user; (4) the negotiation process may be used to support automatic adaptation to react to QoS degradations, without intervention by the user/application.

A test generation tool for specifications in the form of state machines

This paper describes a software tool, TAG (test automatic generation), that automatically generates test cases for an FSM specification. It implements the so-called transition identification approach for test derivation, and may output test cases in the form of an SDL skeleton. The description focuses on the functions of the tool and the methods implemented in the tool, especially, the heuristic solution to the minimization of state identification sequences.

Protocol synthesis using basic Lotos and global variables

In Kant et al. (1992), a method of protocol synthesis, using basic LOTOS (BL) as a specification language, is proposed. In the present paper, we generalize this method. We propose an extended basic LOTOS (EBL) to specify the service and the protocol. With EBL, events are associated with enabling conditions and transformation functions that depend on global variables. Next, we propose a method to synthesize protocols using EBL as a specification language. This method is inspired by the concept of transactions.

Validation of distributed algorithms and protocols

The use of formal description techniques allows the partial automation of the design, the validation, and the implementation of communication protocols and distributed algorithms. In this paper, we present a methodology for validation of distributed algorithms and protocols, and our experiences of using the Estelle language, and a simulation and validation tool, called Veda, to simulate and validate complex distributed algorithms for the distributed implementation of multi-rendezvous. Some design errors in published distributed rendezvous algorithms were found. We obtain from these experiences heuristic guidelines for trouble shooting of distributed algorithms.

Diagnosis of single transition faults in communicating finite state machines

The authors propose a generalized diagnostic algorithm for the case where more than one fault (output or transfer) may be present in one of the transitions of a deterministic system represented by a set of communicating finite state machines (CFSMs). Such an algorithm localizes the faulty transition in the distributed system once the fault has been detected. It generates, if necessary, additional diagnostic test cases which depend on the observed symptoms and which permit the location of the detected faults. The algorithm guarantees the correct diagnosis of any single or double fault (output and/or transfer) in at most one of the transitions of a deterministic system which is represented by a set of communicating FSMs. A simple example is used to demonstrate the functioning of the different steps of the proposed diagnostic algorithm.<<ETX>>