Learning Register Automata Models Falk Howar IPSSE, TU Clausthal, Goslar, Germany Dagstuhl Seminar 16172 Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 1 / 22
Scenario: Verification of Component-based Systems Environment Requirement Component Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 2 / 22
Scenario: Verification of Component-based Systems Environment Requirement Component Env. Comp. Req. � | = Model Model Model Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 2 / 22
Scenario: Verification of Component-based Systems Environment Requirement Component Env. Comp. Req. � | = Model Model Model Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 2 / 22
APIs with Data Parameters public class Stack { private final int capacity = 3; private int size = 0; Internal State private Object elements [] = new Object[capacity ]; public boolean push(Object o) { Data Parameters if (size == capacity) return false; elements[size ++] = o; return true; Assignments } public Object pop () { if (size == 0) Guards return null; return elements[--size ]; } } Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 3 / 22
Challenge: From Finite State to Infinite State Mealy-Machine Model: Only Concrete Values push (1) / true push (1) / true push (1) / true l 0 l 1 l 2 l 3 pop () / 1 pop () / 1 pop () / 1 Uninterpreted Labels push (1) / false pop () / null Symbolic Data Flow What is really needed: � � � push ( p ) | true push ( p ) | true push ( p ) | true � � � x 1 := p x 2 := p x 3 := p l 0 l 1 l 2 l 3 � � � pop () | true pop () | true pop () | true o ( x 1 ) o ( x 1 ) o ( x 3 ) − − − � push ( p ) | true � pop () | true × − null − Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 4 / 22
Outline (1) Learning Basics (2) Learning Register Automata Models (3) Quo Vadis / Future Research Directions Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 5 / 22
Minimally Adequate Teachers SUL MAT due to [Angluin, 1987] Other learning models have fewer assumptions ... Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 6 / 22
Minimally Adequate Teachers push (1) � pop () o (1) ? ∈ L SUL SUL MAT due to [Angluin, 1987] Other learning models have fewer assumptions ... Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 6 / 22
Minimally Adequate Teachers push (1) � pop () o (1) ? ∈ L SUL SUL H MAT due to [Angluin, 1987] Other learning models have fewer assumptions ... Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 6 / 22
Minimally Adequate Teachers SUL H equivalent? MAT due to [Angluin, 1987] Other learning models have fewer assumptions ... Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 6 / 22
Minimally Adequate Teachers Yes: done SUL H equivalent? MAT due to [Angluin, 1987] Other learning models have fewer assumptions ... Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 6 / 22
Minimally Adequate Teachers Yes: done No: counterexample w ∈ ( L H ∪ L SUL ) \ ( L H ∩ L SUL ) SUL H equivalent? MAT due to [Angluin, 1987] Other learning models have fewer assumptions ... Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 6 / 22
Model Generation using State Classifiers Nerode Relation u ≡ L u ′ iff ∀ v ∈ Σ ∗ . uv ∈ L ⇔ u ′ v ∈ L ε q 0 • Access sequences: “Spanning tree” of model. (thick edges) • Suffixes: Partial residuals of words. (triangles) Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 7 / 22
Model Generation using State Classifiers Nerode Relation u ≡ L u ′ iff ∀ v ∈ Σ ∗ . uv ∈ L ⇔ u ′ v ∈ L q 3 push (2) q 2 push (1) ε q 0 • Access sequences: “Spanning tree” of model. (thick edges) • Suffixes: Partial residuals of words. (triangles) Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 7 / 22
Model Generation using State Classifiers Nerode Relation u ≡ L u ′ iff ∀ v ∈ Σ ∗ . uv ∈ L ⇔ u ′ v ∈ L q 3 push (2) q 2 push (1) pop () ε q ? q 0 • Access sequences: “Spanning tree” of model. (thick edges) • Suffixes: Partial residuals of words. (triangles) • Remaining prefixes: Remaining transitions. (blue edges) Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 7 / 22
Model Generation using State Classifiers Nerode Relation u ≡ L u ′ iff ∀ v ∈ Σ ∗ . uv ∈ L ⇔ u ′ v ∈ L q 3 push (2) q 2 push (1) pop () ε q 0 • Access sequences: “Spanning tree” of model. (thick edges) • Suffixes: Partial residuals of words. (triangles) • Remaining prefixes: Remaining transitions. (blue edges) Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 7 / 22
Inferring Models with Data and Memory State Classifier Nerode Relation (1) Identify Locations Multiple Ideas (2) Identify Transition Guards CEGAR, Symbolic Decision Trees, ... (3) Identify Registers (and Assignments) Memorable Data Values [Benedikt et al.] Important but skipped: Analyzing Counterexamples Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 8 / 22
A short history: Learning Models with Data Automata without memory: Fixed set of registers: • • Sets of concrete values as guards [Shahbaz First and most recent value of a parameter et al., 2007] [Aarts et al., 2012] • • Conjunctions of Boolean parameters as First and most recent value of a parameter guards [Berg et al., 2006] [Bollig et al., 2013] • • Inferred Alphabet Abstractions [Howar et al., Last k values [Botinˇ can and Babi´ c, 2013] 2011] • White-box access to class variables [Xiao • Arbitrary Formulas through Symbolic et al., 2013] Execution [Giannakopoulou et al., 2012] • Integer Intervals [Maler and Mens, 2014] Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 9 / 22
Learning Models with Data (contd.) ‘Symbolic Execution vs. Predicate Abstraction’ Extending L ∗ to RAs: Mapper/CEGAR for Multi-Step-Inference: dealing with RAs: • Equality [Howar • State Merging + • Equality and Output et al., 2012b] DAIKON [Lorenzoli [Aarts, 2014] et al., 2008] • Output [Howar et al., • Fresh Output [Aarts • EDSM + WEKA 2012a] et al., 2015] [Walkinshaw et al., • More Relations 2013] [Cassel et al., 2016] • Fresh Output [Cassel et al., 2015] Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 10 / 22
Outline (1) Learning Basics (2) Learning Register Automata Models (3) Quo Vadis / Future Research Directions Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 11 / 22
Data Languages Assume: • an infinite domain D of data values • a finite set of actions push (1) data symbol push (1) � pop () o (1) data word push (1) � pop () o (1) ∈ L set of data words, closed under data language ⇒ permutations on D push (2) � pop () o (2) ∈ L push (3) � pop () o (3) ∈ L . . . Example: L store = { push ( d 1 ) � pop () o ( d 2 ) | d 1 = d 2 } Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 12 / 22
Register Automata • Locations • Registers (e.g., x 1 ) • Transitions with: • Actions with formal parameters • Guards • Assignments to registers push ( p ) | true � | true x 1 := p − l 0 l 1 o ( p ) | x 1 = p pop () | true − − Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 13 / 22
Register Automata • Locations • Registers (e.g., x 1 ) • Transitions with: • Actions with formal parameters • Guards • Assignments to registers � push ( p ) | true � x 1 := p l 0 l 1 � pop () | true o ( x 1 ) − Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 13 / 22
Nerode-like Equivalence Relation push (1) � pop () push (2) � pop () o (2) o (1) Let W be the set of all data words. Equivalence wrt. L Two words u, u ′ ∈ W are equivalent wrt. ≡ L iff there exists a permutation π on D s.t. for all v ∈ W uv ∈ L ⇔ u ′ π ( v ) ∈ L Characterization Theorem: [Cassel et al., 2011] Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 14 / 22
Nerode-like Equivalence Relation π (1) = 2 π (2) = 1 = π ( ) o (2) ... o (1) π ( i ) = i ... Let W be the set of all data words. Equivalence wrt. L Two words u, u ′ ∈ W are equivalent wrt. ≡ L iff there exists a permutation π on D s.t. for all v ∈ W uv ∈ L ⇔ u ′ π ( v ) ∈ L Characterization Theorem: [Cassel et al., 2011] Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 14 / 22
Theories and Symbolic Decision Trees Theory: Symbolic Decision Tree: Data Domain + Set of Relations Symbolic Classifier Examples: Example: SDT for suffix o ( p ) after • N with = , � = push (1) � pop () • R with <, > o ( p ) | x 1 = p • Z with = , succ x 1 o ( p ) | x 1 � = p Falk Howar (TU Clausthal) Learning RAs Dagstuhl Seminar 16172 15 / 22
Recommend
More recommend