MoTDeReL: Model-based testing through deep reinforcement learning for software systems specified through graph transformation

Model-based test suite generation for graph transformation system using model simulation and search-based techniques

With rising complexity of today's software and hardware systems and the hypothesized increase in autonomous, intelligent, and self-* systems, developing correct systems remains an important challenge. Testing, although an important part of the development and maintainance process, cannot usually establish the definite correctness of a software or hardware system - especially when systems have arbitrarily large or infinite state spaces or an infinite number of initial states. This is where formal verification comes in: given a representation of the system in question in a formal framework, verification approaches and tools can be used to establish the system's adherence to its similarly formalized specification, and to complement testing. One such formal framework is the field of graphs and graph transformation systems. Both are powerful formalisms with well-established foundations and ongoing research that can be used to describe complex hardware or software systems with varying degrees of abstraction. Since their inception in the 1970s, graph transformation systems have continuously evolved; related research spans extensions of expressive power, graph algorithms, and their implementation, application scenarios, or verification approaches, to name just a few topics. This thesis focuses on a verification approach for graph transformation systems called k-inductive invariant checking, which is an extension of previous work on 1-inductive invariant checking. Instead of exhaustively computing a system's state space, which is a common approach in model checking, 1-inductive invariant checking symbolically analyzes graph transformation rules - i.e. system behavior - in order to draw conclusions with respect to the validity of graph constraints in the system's state space. The approach is based on an inductive argument: if a system's initial state satisfies a graph constraint and if all rules preserve that constraint's validity, we can conclude the constraint's validity in the system's entire state space - without having to compute it. However, inductive invariant checking also comes with a specific drawback: the locality of graph transformation rules leads to a lack of context information during the symbolic analysis of potential rule applications. This thesis argues that this lack of context can be partly addressed by using k-induction instead of 1-induction. A k-inductive invariant is a graph constraint whose validity in a path of k-1 rule applications implies its validity after any subsequent rule application - as opposed to a 1-inductive invariant where only one rule application is taken into account. Considering a path of transformations then accumulates more context of the graph rules' applications. As such, this thesis extends existing research and implementation on 1-inductive invariant checking for graph transformation systems to k-induction. In addition, it proposes a technique to perform the base case of the inductive argument in a symbolic fashion, which allows verification of systems with an infinite set of initial states. Both k-inductive invariant checking and its base case are described in formal terms. Based on that, this thesis formulates theorems and constructions to apply this general verification approach for typed graph transformation systems and nested graph constraints - and to formally prove the approach's correctness. Since unrestricted graph constraints may lead to non-termination or impracticably high execution times given a hypothetical implementation, this thesis also presents a restricted verification approach, which limits the form of graph transformation systems and graph constraints. It is formalized, proven correct, and its procedures terminate by construction. This restricted approach has been implemented in an automated tool and has been evaluated with respect to its applicability to test cases, its performance, and its degree of completeness.

In this paper we present several graph transformation systems modeling three dimensional h-adaptive Finite Element Method (3D h-FEM) algorithms with tetrahedral finite elements. In our approach a computational mesh is represented by a composite graph and mesh operations are expressed by the graph transformation rules. Each graph transformation system is responsible for different kind of operations. In particular, there is a graph transformation system expressing generation of an initial mesh, generating element matrices and elimination trees for interfacing with direct solver algorithm, a graph transformation system deciding which elements have to be further refined, as well as a graph transformation system responsible for execution of mesh refinements. These graph transformation systems are tested using a graph transformation tool (called GRAGRA), which provides a graphical environment for defining graphs, graph transformation rules and graph transformation systems. In this paper we illustrate the concepts by using an exemplary derivation for a three dimensional projection problem, based on a set of graph transformation rules.

In this work we show that the reachability problem for graph transformation systems is in the complexity class XP when parameterized with respect to the depth of derivations and the cutwidth of the source graph. More precisely, we show that for any set \(\mathcal {R}\) of graph transformation rules, one can determine in time \(f(c,d)\cdot |G|\cdot |H|^{g(c,d)}\) whether a graph G of cutwidth c can be transformed into a graph H in depth at most d by the application of graph transformation rules from \(\mathcal {R}\). In particular, our algorithm runs in polynomial time when c and d are constants. On the other hand, we show that the problem becomes NP-hard if we allow \(c=O(|G|)\) and \(d=5\). In the case in which all transformation rules are monotone we get an algorithm running in time \(f(c,d)\cdot |G|^{O(c)}\cdot |H|\). To prove our main theorems we will establish an interesting connection between graph transformation systems and regular slice languages. More precisely, we show that if \(\mathcal {A}\) is a slice automaton representing a set \({\mathcal {L}}_{{\mathcal {G}}}(\mathcal {A})\) of graphs, then one can construct in time linear in \(|\mathcal {A}|\) a slice automaton \(\mathcal {N}(\mathcal {A})\) representing the set of all graphs that can be obtained from graphs in \({\mathcal {L}}_{{\mathcal {G}}}(\mathcal {A})\) by the application of one layer of transformation rules in \(\mathcal {R}\).

Joint Optimization and Reachability Analysis in Graph Transformation Systems with Time

Model checking is increasingly popular for hardware and, more recently, software verification. In this paper we describe two different approaches to extend the benefits of model checking to systems whose behavior is specified by graph transformation systems. One approach is to encode the graphs into the fixed state vectors and the transformation rules into guarded commands that modify these state vectors appropriately to enjoy all the benefits of the years of experience incorporated in existing model checking tools. The other approach is to simulate the graph production rules directly and build the state space directly from the resultant graphs and derivations. This avoids the preprocessing phase, and makes additional abstraction techniques available to handle symmetries and dynamic allocation.In this paper we compare these approaches on the basis of three case studies elaborated in both of them, and we evaluate the results. Our conclusion is that the first approach outperforms the second if the dynamic and/or symmetric nature of the problem under analysis is limited, while the second shows its superiority for inherently dynamic and symmetric problems.Keywordslogic properties of graphs and transformationsanalysis of transformation systemssemantics of visual techniquesmodel checking

Barcelona, Spain, October 7-8, 2002: Graph-Based Tools (GraBaTs 2002)

Model-based testing in practice: An experience report from the web applications domain

The Unified Modelling Language (UML) is intended to express complex ideas in an intuitive and easily understood way. It is important because it is widely used in software engineering and other disciplines. Although an official definition document exists, there is much debate over the precise meaning of UML models. In response, the academic community have put forward many different proposals for formalising UML, but it is not at all obvious how to decide between them. Indeed, given that UML practitioners are inclined to reject formalisms as non-intuitive, it is not even obvious that the definition should be “formal” at all. Rather than searching for yet another formalisation of UML, our main aim is to determine what would constitute a good definition of UML. The first chapter sets the UML definition problem in a broad context, relating it to work in logic and the philosophy of science. More specific conclusions about the nature of model driven development are reached in the beginning of Chapter 2. We then develop criteria for a definition of UML. Applying these criteria to the existing definition, we find that it is lacking in clarity. We then set out to test the precision of the definition. The test is to take an apparently inconsistent model, and determine whether it really is inconsistent according to the definition. Many people have proposed that UML models are graphs, but few have justified this choice using the official definition of UML. We begin Chapter 3 by arguing from the official definition that UML models are graphs and that instantiation is a graph homomorphism into an interpretation functor. The official definition of UML defines the semantics against its abstract syntax, which is in turn defined by a UML model. Chapters 3 and 4 prepare for our test by resolving this apparent circularity. The result is a semantics for the metamodel fragment of the language. In Chapter 5, we find, contrary to popular belief, that the official definition does provide sufficient semantics to classify the example model as inconsistent. Moreover, the sustained study of the semantics in Chapters 3 to 5 confirms our initial argument that the semantic domain is graphs. The Actions are the building blocks of UML’s prescriptive dynamics. We see that they can be naturally defined as graph transformation rules. Sequence diagrams are the main example of descriptive dynamics, but we find that their official semantics are broken. The “recorded history” approach should be replaced, we suggest, by a graph-oriented dynamic logic. Chapter 6 presents our early work on dynamic logic for UML sequence diagrams and further explores the proposed semantic repairs. In Chapter 7, guided by the criteria developed in Chapter 2, we critically survey the UML formalisation literature and conclude that an existing body of graph transformation based work known as “dynamic metamodelling” is very close to what is required. The final chapter draws together our conclusions. It proposes a category theoretic construction to merge models of the syntax and semantic domain, yielding a type graph for the graph transformation system which defines the dynamic semantics of the language. Finally, it outlines the further work required to realise a satisfactory definition of UML.

In this paper, we address the refinement of abstract architectural models into more platform-specific representations. For each level of abstraction, we employ an architectural style covering structural restrictions on component configurations as well as supported communication and reconfiguration operations. Architectural styles are formalized as graph transformation systems with graph transformation rules defining the available operations. Architectural models are given as graphs to which one can directly apply the transformation rules in order to simulate operations and their effects.In addition to previous work, we include process descriptions into our architectural models in order to control the communication and reconfiguration behavior of the components. The execution semantics of these processes is also covered by graph transformation systems.We propose a notion of refinement which requires the preservation of both structure and behavior at the lower level of abstraction. Based on formal refinement relationships between abstract and platform-specific styles, we can use model checking techniques to verify that abstract scenarios can also be realized in the platform-specific architecture.KeywordsSoftware ArchitectureTransformation RuleGraph TransformationType GraphGraph GrammarThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This paper shows how integrated UML models combining class, object, use-case, collaboration and state diagrams can be animated in a domain-specific layout. The presented approach is based on graph transformation, i.e., UML model diagrams are translated to a graph transformation system and the behavior of the integrated model is simulated by applications of graph transformation rules. For model validation, users may prefer to see the behavior of selected model aspects as scenarios presented in the layout of the application domain. We propose to integrate animation views with the model's graph transformation system. A prototypical validation system has been implemented recently supporting the automatic translation of a UML model into a graph transformation system, and the interactive execution and simulation of the model behavior. We sketch the tool interconnection to GenGED, a visual language environment which allows to enrich graph transformation systems for model simulation by features for animation.

When testing component-based or service-oriented applications we cannot always rely on coverage criteria based on source code. Instead, we have to express our requirements for testing at the interface level. Specifying interfaces by graph transformation rules, so-called visual contracts, we define model-based coverage criteria exploiting the well-known relations of causal dependency and conflict on transformation rules. To this end we establish an observational semantics for graph transformation systems with rule signatures formalising a notion of test execution, and define dependency graphs to provide a structure on which coverage can be analysed.

A structural approach to graph transformation based on symmetric Petri nets

Graph Transformation Systems (GTSs) provide visual and explicit semantics for dynamically evolving multi-process systems such as network programs and communication protocols. Existing symmetry reduction techniques that generate a reduced, bisimilar model for alleviating state explosion in model checking are not applicable to dynamic models such as those given by GTSs. We develop symmetry reduction techniques applicable to evolving GTS models and the programs that generate them. We also provide an on-the-fly algorithm for generating a symmetry-reduced quotient model directly from a set of graph transformation rules. The generated quotient model is GTS-bisimilar to the model under verification and may be exponentially smaller than that model. Thus, analysis of the system model can be performed by checking the smaller GTS-bisimilar model.

On translating UML models into graph transformation systems