- Email: [email protected]
Synchronizable test sequence generation using UIO sequences
Synchronizabletest sequence generation using UIO sequences Hasan Ural and Zhiping Wang
This study addresses the synchronization problem that arises during the application of a predetermined test sequence in
some protocol test architectures that utilize remote testers. This problem can usually be solved by coordinating the actions of the remote testers using a test management protocol, a ferry protocol with inter-process communication, or a telephone/terminal connection. However,these solutions either require an additional communication channel or an additional protocol for coordination between the testers. Such requirements can be eliminated by constructing a synchronizable test sequence such that the corresponding sequence of transitions causes no synchronization problem. A heuristic we develop in this study constructs a synchronizable test sequence from a given strongly biconnected digraph representing a deterministic and minimal FSM using synchronizable UIO sequences for each state of the given FSM.
Keywords: test sequence generation, synchronization, protocol conformance testing The specification of a communication protocol is a set of rules which defines all possible interactions among the entities of a communication system. The implementation of a communication protocol must be tested for conformance to its specification. The objective of protocol conformance testing is to establish whether a protocol implementation under test (I) conforms to the protocol specification 1.2. A common feature of various test architectures proposed for protocol conformance testing is that I is tested as a black box. In some of these architectures, such as that shown in Figure 1, the lower interface and the upper interface of I are controlled and observed indirectly by the lower tester (L) and directly by the upper tester (U), respectively. During testing, L and U coordinate in applying a (usually pre-determined) Department of Computer Science, University of Ottawa, Ottawa, Ontario KIN 6N5, Canada Paper received." 17 April 1992: revised paper received." 28 August 1992
sequence of stimuli (i.e. a test sequence) to I, and observing (indirectly or directly) the responses (output) of I to the applied stimuli (input). Due to the black box nature of protocol conformance testing, test sequences are generated from the protocol specifications. Various formal methods 3-1° have been proposed for generating test sequences from a deterministic FSM ll which models the control portion of a protocol. The typical aim of these methods is to generate a test sequence which checks whether each transition specified in the FSM is correctly implemented by I, i.e. for each transition, I generates the expected response and transfers to the expected state upon receiving the stimulus. In general, such a sequence starts and terminates at a specific state (i.e. start state) of the given FSM. During the application of a predetermined test sequence in the test architecture shown in Figure 1, U and L are bound to synchronize with each other only through their interactions with I. However, this requirement may lead to a synchronization problem when L (or U) is expected to send an input to I after I sends an output to U (or L) but L (or U) is unable to determine whether I sent that output. Synchronization between U and L can be achieved by any suitable test management protocol coordinating the actions of the testers =, by a ferry protocol with inter-process communication 1, Upper Tester U
Lower Tester L
Figure 1
~
npleTentation
'l
Testarchitecture
0 1 4 0 - 3 6 6 4 / 9 3 / 0 1 0 6 5 3 - 0 9 © 1993 Butterworth-Heinemann Ltd computer communications volume 16 number 10 october 1993
653
Synchronizable test sequence generation: H Ural and Z Wang
or through manual coordination (by use of a telephone or terminal connection) 2. However, these solutions either require an additional communication channel or an additional protocol for coordination between U and L. Such requirements can be eliminated by constructing a synchronizable test sequence such that the corresponding sequence of transitions cause no synchronization problem. It was shown that, in the general case, an FSM represented by a strongly connected digraph D = (V, E) with a specified vertex v0 contains a synchronizable test sequence if and only i f D is strongly biconnected ~2. A heuristic we develop in this study constructs a synchronizable test sequence from a given strongly biconnected digraph representing a deterministic and minimal FSM using synchronizable UIO sequences for each state of the given FSM. The remainder of the paper is organized as follows. First, the FSM model, postman and rural postman tour algorithms are briefly reviewed; the synchronization problem is formally defined, and the condition for the existence of a synchronizable test sequence is presented. Then, a heuristic for generating a synchronizable test sequence using UIO sequences is proposed, and an example is given to illustrate the proposed heuristic. Finally, conclusions are given.
PRELIMINARIES FSM and its graph representation A finite state machine ( F S M ) M with finite sets of states {so, s, . . . . . s,} = SM, inputs ti,, i2 . . . . . . iq} = IM, and outputs {ol, o2 . . . . . . or} = OM can be represented by a digraph D = (V. E), where Vis the set of vertices, each representing a state of the FSM, and E is the set of directed edges, each representing a transition of the FSM. State So is the start state of the FSM. The total number of transitions in a given FSM is denoted by m. A state transition from sj to sk in the FSM M is denoted by tjk = (Sj, sk;i/o) and corresponds to an edge from vi to vk in D, i.e. ejk = (vj, v~; i/o), where i is an input symbol, 0 is an output symbol, and i/o is the label of the transition or the edge. For edge eik= (vi, vk; i/o), vj is the head ofejk (denoted by head(ejk)); vk is the tail ofejk (denoted by tail(eik)). The cost of an edge is the number of labels associated with the edge. Apath P in a digraph D = (V, E) is a finite non-null sequence of (not necessarily distinct) consecutive edges: P = (vl, v2), (v2, v3). . . . . (vk - l, vk). In a digraph with no multiple edges between any pair of vertices, a path is determined by the sequence v i, v2 . . . . . vk of its vertices, and thus can be specified as P = v I , v2..... vk. The length of a path is the number of edges included in the path. The cost of a path is the sum of costs of the edges in the path. We also define, for a path P = i,j, ....
654
p, q, first___edge (P) = (i, j) and last__edge (P) = (p, q). For each vertex v in a digraph D = (V, E), in-degree of v, di(v), is defined as I{(u, v): (u, v) CE}I and out-degree of v, d0(v), is defined as I{(v, w): (v, w) CEIl. A digraph D = (V, E) is symmetric if d i ( v ) = d0(v), V v C V. A digraph D = (V, E) is strongly connected if for every pair of vertices i~i and vj C V, there exists a path from vi to vj. A digraph D = (V, E) is weakly connected if the underlying undirected graph is connected 13. A subgraph D' ( V', E') of D = ( V, E) is a spanning subgraph of D if E' C_E and V ' = V. The edge-induced spanning subgraph D[Ec] o f D = (V, E) for some subsetEc C_E is the subgraph of D whose vertex set is Vand whose edge set is Ec 13. A tour in a digraph D = (V, E) is a path in D which starts and ends at the same vertex. An Euler tour (path) in a digraph D = (V, E) is a tour (path) which traverses every edge in E exactly once. A strongly connected digraph D = (V, E) contains an Euler tour if and only if D is symmetric t4. A postman tour (PT) in a digraph D = (14, E) is a tour which includes each edge in E at least once. A Chinese postman tour (CPT) in a digraph D = (V, E) is a minimum-cost PT of D 12"14. 15. A rural postman tour (RPT) of a digraph D = (V, E) over a set Ec C E is a tour traversing every edge in Ec at least once. A rural Chinese postman tour (RCPT) ofD = (V, E) over a set E c C_E is a minimum-cost tour traversing every edge in Ec at least once. Given a strongly connected D = (V, E), if D is symmetric then finding a CPT in D is equivalent to finding an Euler tour in D, which can be solved by an O(m) algorithm 16. If D is not symmetric, we can construct a minimum-cost symmetric augmentation D* of D 14 by replicating edges of D such that D* is symmetric and the replicated edges are minimized. An Euler tour in D* is then a CPT in D. The minimum-cost symmetric augmentation D* of D for a tour is achieved by minimizing ]~Ne subject to Are > 0 and Are is an integer, V e C E , and E(Ne: k = head(e))-F,(Ne: k = tail(e)) = di(k) - do(k), k C V. The minimum-cost symmetric augmentation for a tour can be solved by a min-cost max-flow algorithm 3' 14. 17 with a complexity of O(mn log n) 3. Computing an R C P T is NP-complete in the most general case ~8. Nevertheless, i f D is strongly connected and the edge-induced spanning subgraph D[Ec] of D is weakly connected, then any minimum-cost rural symmetric augmentation D* of DIEc] for a tour is strongly connected 3. D* = (V*, E*) is a minimum-cost rural symmetric augmentation (RSA) o f D [Ec] for a tour if D* is symmetric, V* C_ V, and E* contains every edge in Ec at least once, and every edge in E - E c zero or more times such that the total cost of edges in E* is minimized. Then, an RSA D* of D has an Euler tour which is an R C P T o f D overEc. IfD[Ec] is not weakly connected, edges from E can be added to Ec to obtain Ec A such that D[Ec A] is weakly connected. An Euler
computer communications volume 16 number 10 october 1993
Synchronizable test sequence generation: H Ural and Z Wang
tour of the R S A D * of D[Ec A] is then an R P T o f D over Ec, but not necessarily an RCPT. The complexity o f obtaining an R P T or R C P T o f a strongly connected digraph D = (V, E) is b o u n d e d by the complexity o f c o m p u t i n g an RSA D* of D[Ec] or an RSA D* o f D[EcA], which can be solved with the complexity o f O(mn log n) 3.
Synchronization problem Formally, the synchronization problem is defined as follows. Let each transition tij of I be one of the following types, i.e. type(to) = :I receives an input from L and does not send any output (i.e. output is null) R ID :I receives an input from U and does not send any output (i.e. output is null) RXLs IL :I receives an input from L and sends an output to L RILs m :I receives an input from L and sends an output to U R1Us IL :I receives an input from U and sends an output to L R I U s IU :I receives an Input from U and sends an output to U R ILsIL'U :I receives an input from L and sends an output to L and U RIUs IUL :I receives an input from U and sends an output to U and L R IL
Then, considering two consecutive transitions of I, one o f the testers, say L (or U), faces a synchronization problem if L (or U) did not take part in the first transition and if the second transition requires that it sends a stimulus to 119. For example, a synchronization problem will occur ifRILS IL is to be followed by R IU. Two consecutive transitions t 6 and tjk of I form a synchronizable pair of transitions if tjk can follow t,:i without generating a synchronization problem. For example, R I L s IU forms a synchronizable pair of transitions when followed by any other transition o f I. For a transition tij of an FSM, each transition tjk that forms a synchronizable pair o f transitions with tij is called an eligible successor o f tij. A transition sequence is synchronizable if for every two consecutive transitions in the sequence, the second transition is an eligible successor o f the first one. A synchronizable input sequence for state s is an input sequence in response to which the FSM at state s produces a synchronizable transition sequence. A test sequence for an FSM is a sequence o f inputs that checks whether each transition o f the F S M is correctly implemented by a given implementation o f the FSM. A synchronizable test sequence for an FSM is then both a synchronizable input sequence for the start state of the FSM and a test sequence.
Existence of a correctly-ordered postman tour We call a digraph D = (V, E) order-specified if for each edge e = (i,j) in E we specify a subset of the outgoing edges of v e r t e x j as eligible successor edges for e. Note that for this definition we allow multiple edges to have distinct labels. We say a path of an order-specified digraph D is correctly-ordered (CO) if for every consecutive pair of edges (i,j) and (j, k) in the path, (j, k) has been specified as an eligible successor of (/,j). The concepts of the CO tour, the CO postman tour (COPT), the CO Euler tour, the CO Chinese postman tour (COCPT), CO rural postman tour (CORPT) and CO rural Chinese postman tour ( C O R C P T ) are similarly defined. Accordingly, given an order-specified digraph D = (V. E) representing an FSM, a synchronizable test sequence corresponds to a C O P T which starts at a specified state (i.e. start state So) of D: a m i n i m u m length synchronizable test sequence corresponds to a C O C P T which starts at state so. Given a digraph D, there exists a PT of D if and only if D is strongly connected ~4. By contrast, an order-specified digraph D may not contain a COPT, even if D is strongly connected in a COS (i.e. if for every pair of vertices vi and vJ, there exists a CO path from vi to vi) ~2. However, an analogous necessary and sufficient condition has been developed by Boyd and Ural n to determine the existence of a C O P T for an order-specified digraph D = (V, E) with a specified vertex v0. This condition, which is given as T h e o r e m 2.1 below, is based on the following definition: an order-specified digraph D = (V, E) with a specified vertex v0 is called strongly biconnected if for any two edges (i.j) and (p. q) CE. there is a CO tour in D which starts at v0 and contains (i,j) and (p, q).
Theorem 2.1 la An order-specified digraph D = (V, E) with a specified vertex Vo contains a COPT if and only if D is strongly biconnected. For example, it can be verified that the digraph D shown in Figure 2 satisfies the conditions of T h e o r e m 2.1, hence D is strongly biconnected. We call a given order-specified digraph D with specified vertex v0 robustly biconnected if any edge in D is reachable from any other edge in a COS. Obviously, if D is robustly biconnected then D is strongly biconnected.
Synchronizable UIO sequences In an FSM, a unique input~output (UIO) sequence 7 for a state of the FSM is an I/O behaviour that is not exhibited by any other state of the FSM. The UIO sequences are used to check whether the FSM reaches the expected state after the execution of each transition. An I/O sequence is said to be a synchronizable unique
computer communications volume 16 number 10 october 1993
655
Synchronizable test sequence generation: H Ural and Z Wang
length f are computed from those of length (f - 1), only those synchronizable successive transitions are considered. SuIOL(v) for each state v is similarly computed.
PROPOSED METHOD Overview of the proposed method Figure 2
Strongly biconnected digraph D. Edge types and order specifications, el = (0, 1), type (el) C R IvSlt, Eligible Successor: e2, e3; e2 = (1, 0), type (e2) CRIUSiL, Eligible Successor: el. es; e3 = (1,2), type (e3) @ RILsIL. Eligible Successor: e4; e4 = (2, 0), type (e4) E
RILs IL,
Eligible Successor: es; e5 = (0, 2), type (es) CRI'S IL, Eligible Successor: e 4
input/outputsequence (SUIO) for a state of the FSM if(i) it is a synchronizable transition sequence in the FSM and (ii) the I/O behaviour is unique (i.e. not exhibited by any other state of the FSM). Even though an SUIO is itself synchronizable, synchronization problems can still arise when a certain type of transition is followed by the application of an SUIO. For example, if an SUIO for state v is initiated by the upper tester (i.e. the first input symbol is from the upper tester), any transition to state v with type R IL or RILs IL preceding the application of the SUIO will cause a synchronization problem. To solve such a problem, we need two SUIOs for each state vj, denoted by SUIOU(vj) and SuIOL(vj). SUIOU(vj) is initiated by the upper tester (i.e. the first input symbol is from the upper tester) and SuIOL(vj) is initiated by the lower tester. Any transition which transfers the FSM to the expected state vj can then be checked by applying either SUIOU(vi) or SuIOL(vj). In order for an FSM to have an SUIO U, the FSM should not contain indistinguishable states with respect to upper tester. Two states vi and vj in an FSM are indistinguishable with respect to upper tester if: (i)
(ii)
any synchronizable input sequence initiated by the upper tester for state vi is also a synchronizable input sequence for state vj, and vice versa, the FSM produces identical output sequences from either state in response to any synchronizable input sequence initiated by the upper tester.
Indistinguishability with respect to lower tester is similarly defined. An FSM is called strongly distinguishable if it contains no indistinguishable states with respect to either the upper or the lower tester. Obviously, a strongly distinguishable FSM is also minimal. Sabnani and Dahbura 7 gave procedures to compute a minimum length UIO sequence or unique signature for each state. These procedures can also be used to compute SUIOU(v) for each state v except that initially only those transitions initiated by the upper tester are computed and that when the input/output sequences of
656
In the rest of the paper, we assume that a given FSM is deterministic, minimal, strongly distinguishable, robustly biconnected, and possesses two synchronizable unique input/output sequences or unique signatures for each state vj, SUIOU(vj) a n d SuIOL(vj). Note that an FSM is said to be deterministic if for each input symbol i CIM there is at most one transition defined at each state of the FSM and is said to be minimal if it contains no equivalent states. Let an order-specified digraph D = (V, E) with a specified vertex v0 represent the given FSM. In the proposed method, a synchronizable test sequence is generated from D = (V, E) as follows: 1. The digraph D is converted into a duplex digraph D'. 2. Test subsequences are constructed from the SUIO sequences. 3. A digraph D Ais created by adding edges (representing these test subsequences) to D'. 4. The RPT algorithm is employed to construct an RPT in digraph D A over the set of edges representing the test subsequences. Then, the RPT is a synchronizable test sequence for the given FSM.
Duplex digraph Chen et al. 2° describe a procedure for constructing a duplex digraph D' = (V', E') from a digraph D = (V, E) by the following two steps: 1. For a vertex u in 1I, a pair of vertices u u and u L in V' are created. 2. For an edge (u, v) in E, an edge is created in E' which is (U L, vL), if type((u, v)) = RILs IL, or (u L, vV), if type((u, v)) = RILSltJ, or (u v, vL), if type((u, v)) = RIuS lL, or (u t;, vU), if type((u, v)) = R I U s IU.
For example, the conversion of D in Figure 2 into the duplex digraph D' by the above two steps is shown in Figure 3. A CPT in D', if it exists, is then a minimum length synchronizable test sequence for the FSM represented by D. However, a duplex digraph constructed by this procedure suffers two deficiencies. First, a PT (and hence a CPT) in D' does not, in general, exist even when
computer communications volume 16 number 10 october 1993
Synchronizable test sequence generation: H Ural and Z Wang
Co) ® Figure 3
Duplex digraph of D in Figure2
there is a synchronizable test sequence. For example in
Figure 3, T = 0,1,0,1,2,0,2,0, is a C O P T in D, and hence a synchronizable test sequence, but no PT exists in the duplex digraph D' in Figure 3. Second, some types of transitions are not considered, i.e. the conversion of edges of types R IU, R IL, RIUs 1U'L and RILsIL'U is not given. The duplex digraph we define below overcomes the above deficiencies. Our procedure differs from the original duplex digraph construction procedure in two aspects: 1. We create either an edge or a pair of edges in D' for each edge e in D according to the type of e, i.e. type(e). 2. We consider all types of edges, i.e. any edge e with type(e) C {R IU, RIUs IU, R IL, RILs IL, RIUs IL, RILsIU,
The existence o f a C O P T in D = (V, E) starting from v0, or, equivalently, a strongly biconnected digraph D = (K E) with a specified vertex v0, ensures that, for each vertex v C V - {v0}, if LeaveU[v] = O then Arrive U[v] = O, and if Leave L [v] = O then Arrive L[v] = O. Note that, in the above cases, ArriveU'L[v] may or may not be empty. We create a duplex digraph D' = (V', E'), where V' = V v U V L U H and E' = Ec L) F, from a strongly biconnected digraph D = (V, E) with a specified vertex v0 as follows: (a) For each vertex v in V, there are two sets of edges leaving v: LeaveD[v] and LeaveL[v]. We create a vertex vU in VU ifLeaveUlv] 4: O and a vertex V L in VL if LeaveL[v] 4: O. In addition, for vertex v0, if LeaveU[v0] = O but ArriveU[v0] 4= O, we create vertex v0U in vU; similarly, if LeaveL[v0] = O but ArriveL[v0] ~ O, we create vertex v0L in V L. (b) For each edge (u, v) C Arrive UIvI (that implies (u, v) C LeaveU [u]), we create a directed edge, in E o from u u to vU. Similarly, for each edge (u, v) C Arrive L[v], we create a directed edge, in Ec, from u L to v L. (c) For each edge (u, v)CArriveU'Llv], one of the following is performed: (i)
RIU s IU,L, RILsIL,U}. As stated earlier, an FSM is represented by digraph D = (V, E), where each edge corresponds to a state transition a n d each transition is initiated by one of the two testers, upper or lower tester. Hence for each vertex v in D = (K E) (or state v in the corresponding FSM), there are two lists of edges leaving v: the upper leaving list (LeaveV[v]) and the lower leaving list (LeaveL[v]). LeaveU[v] contains the edges corresponding to the transitions initiated at state v by the upper tester, and LeaveL[v] contains the edges corresponding to the transitions initiated at state v by the lower tester. That is, LeaveU[v] = {eCE: where head(e) = v a n d type(e) CtR IU, RIUs IL, RIUs IU, RIUsIU'L}} a n d LeaveL[v] = { e C E : where h e a d ( e ) = v and type(e) C{R IL, RILsIU, RILs IL, RILsIL'U}}. We also define, for each vertex v in D = (V, E), ArriveUlv] = {eCE: tail(e) = v and type(e) CtR IU, RIUsIU}}, ArriveL[v] = {e C E : tail(e) = v and type(e) C{R IL, RILsIL}} and ArriveU'Llv] = {e C E : tail(e) = v and type(e) C{RIuS IL, RILs IU, RIUs IU'L, RILsIL'U}}. Recalling the definitions of LeaveU[v] and LeaveL[v], we know that edges in LeaveU[v] are eligible successors of edges in ArriveU[v] and ArriveU'L[v], edges in LeaveL[v] are eligible successors of edges in ArriveL[v] and ArriveU'L[v]. Furthermore, edges in LeavetJ[v] are the only eligible successors of edges in ArriveU[v], a n d edges in LeaveL[v] are the only eligible successors of edges in ArriveL[v].
(ii)
(iii)
In the case that vertex vU exists but vertex vL does not, we create a directed edge, in Ec, fromuUtovU, if(u, v) C LeaveU[u]; if(u, v) C LeaveL[u], we create a directed edge, in Ec, from U L to vU. In the case that vertex v L exists but vertex vU does not, we create a directed edge, in Ec, from u U to v L, if(u, v) C LeaveU[u]; if(u, v) C LeaveL[u], we create a directed edge, in Ec, from u L to vL. In the case that both v v and v L exist, we have two subcases: If(u, v) C LeaveV[ul, we create, in 11, a vertex U,.v, a directed edge (u U, U,.v) in Ec, and two directed edges (Uu.v, v U) and (Uu,v, v L) in F. We call (u U, U,.v) theparent edge of (Uu,v, vU) and (Uu,v, vL). We call (Uu,v, v u) and (U u,v, v L) the chiM edges of (u U, U,.v). (Uu.v, vU) and (Uu,v, vL) are called twins. Similarly if(u, v) C LeaveL[u], we create, in H, a vertex L,,v, a directed edge (u L L,.v) in Ec, and two directed edges (Lu,v, vv) and (Lu.v, vL) in F. Parent edges, child edges and twin edges are similarly defined.
(d) Each edge in Ec is given cost one and each edge in F is given cost zero. Note that vertex v0 is treated differently in (a). As we have just indicated, for each v C V - {%}, if Leave U[v] = O then ArriveD[v] = O. In this case, we do not want to create vertex vU. Otherwise, either vv would become isolated or any path entering vU would have no way out. Hence vertex vU is created only when LeaveU[v] 4: O. Similarly, vertex v L is created only when Leave L[v]¢ O. However, vertex v0 is different from other vertices such
computer communications volume 16 number 10 october 1993
657
Synchronizable test sequence generation: H Ural and Z Wang
that we can have Arrive t;lvo] 4= O while Leave U[v0] = O. In this case, we need to create vertex v0u in D' in order for edges in ArriverS[v0] to be preserved in D', as described in (b). A similar argument applies to the case when LeaveL[v0] = O but ArriveL[v0] =g O. We call an edge e in D' an inherent edge ife is neither a parent edge nor a child edge.
Case 1: e' is an inherent edge, then xk C V U (J V L. Let elast be the edge in E corresponding to the last transition of the sequence il/01@SUIO(xk), where SUIO(xk) stands for either SuIOU(vq U) if xk - - VqU or SuIOL(vqL) ifxk = VqL. Let (Xs,Xt; ik/ oh) C E c be the inherent or parent edge corresponding to elast.We create an edge (xj,xt; il/oj@SUIO(xk)) in L c and assign Length(SUIO(xk)) + 1 as the cost of the edge, where Length(SUIO(xk)) stands for the length of SUIO(xk). Case 2: e' is a parent edge, then xk CH, i.e. Xk = Up, q or xk = Lp.q. Then e' has two child edges (x k , VqU) and (x k, v qL). Let euqast and eL-lastbe the edges in E corresponding to the last transitions of the sequences i l/ol @SUIOV(vqU) and il/o 1@SuIOL(vqL), respectively. Let (Xs,Xt : ih/Oh ), (X u , X v ; ik /Ok ) C Ec be the inherent edge or the parent edge corresponding to eu.last and eL-~ast, respectively.
Characteristics of the duplex digraph The proofs for the following lemmas are given by Ural and Wang 21.
If an order-specified digraph D = (V, E) with a specified vertex Vo is strongly biconnected, then there exists a path P in the corresponding duplex digraph D ' = ( V ' , E'), where V' = V U tO V L U H and E' = Ec tO F, which visits every vertex in V' and contains every edge in E c and at least one edgefor each pair of twins.
Lemma 3.1
If an order-specified digraph D with a specified vertex vo is robustly biconnected, then the duplex digraph D' = (V', E') is strongly connected.
Lemma 3.2
IfXk = Up.q, we create a vertex Xp, q in Z; an edge (xj, Xp.q; il/ol) in L c ; an edge (Xp,q ,Xt ; SUIO V (v qV) ) in L; and an edge (Xp.q, x~,; SuIOL(vqL)) in L. Assign one as the cost of edge (xj, Xp.q; il/ol) and Length(SUIOV(vqt:)) and Length(SUIOL(vqL)) as the costs of edges (Xp q, xt; SuIOU(vqU)) and (Xp.q, x~; SUIOL(vqL)), respectively.
Details of the proposed method A COPT T in digraph D = (V, E) is obtained by using a graph traversal technique 3 to construct an RPT T* of a strongly connected digraph D ~ = (V~, E ~) over edges Lc. The COPT Tis then a synchronizable test sequence for the FSM represented by D which checks both output and transfer functions of the FSM. The following steps describe the method: Step 1:
Step 2:
Construct the duplex digraph D' = (V', E') from digraph D = (V, E) by the method described above with v0U o r V0L as the start state, where V ' = VU t o V L t O H a n d E ' = E CtoF. Let each edge e' in Ec have the label of the edge e in E which gives rise to e' and each child edge in F has the label of 'null/null'. Each edge in Ec is given cost one and each edge in F is given cost zero. Construct a digraph D A = (V A, EA), such that V A= V ' U Z = V U u v L t A H U Z and E A=
E' U L c U L = E c U F U L c U L, whereZ, L c
Step 3:
and L are constructed as follows: For each edge e = (vp, Vq : it/o 1) C E, let e' = be the corresponding inherent or parent edge. We have the following two cases:
(xj, x k : i l / o l ) C E c
658
computer communications volume 16 number 10 october 1993
Ifxk = Lp.q we create a vertex Yp.q in _ Z; an edge (x., J YP,q ; i l / o l ) i n Lc; an edge (Yp.q,Xt; SUIOU(vqU)) in L; and an edge (Yp.q, xv; SUIOL(vqL)) in L. Assign one as the cost of edge (xj, Yp.q; ij/ol) and Length(SUIOtJ(vqU)) and Length(SUIOL(vqL)) as the costs of edges (Ypq, xt; SuIOU(vqU)) and (Yp.q, x~; SUIOL(vqL)), respectively. Since D' is strongly connected, due to the manner D A is obtained, D A will be strongly connected. The edge-induced subgraph D[Lc] might not be a spanning subgraph of D A, since some vertex in H might not be incident at any edge in Lc. We create a digraph D ~ = (V ~, E~) from D A= (V A, E A) by removing those vertices which are not incident at any edge in L c as follows:
Synchronizable test sequence generation: H Ural and Z Wang (1)
Every vertex in VA which is incident at some edge in L c is included in V~; (2) Every edge in E A with both head vertex and tail vertex in V ~ is included in E~. (3) F o r each vertex x in VA but not in V ~, we know that v CH. There are a pair o f two child edges (x,y; null/null) and (x, z; null/null) incident at x and they are the only edges leaving vertex x. For each incoming edge (w,x; label), we create two edges (w,y; label) and (w,z; label) in E ~ and assign the cost o f edge (w,x; label) as the costs o f these two edges. T h e n D~
a/B
a/B
Figure4 Robustly biconnected D representing a strongly distinguishable FSM. Edge types and order specifications: e~ = (0. I; a/B), type (el) = RtUSIk. Eligible Successor: e2. e3:e2 = (1.0: a/A). type (e2)=RttJSlu, Eligible Successor: e~: e3=(1.2: b/B). type (e3) = RILS Ik, Eligible Successor: e4:e4 = (2.2: b/A), type (e4)= R~LSlU, Eligible Successor: e4, es; es = (2, 0; a/B), type (es) = RmS IL, Eligible Successor:e~. er: e6 = (0.2; b/C), type (e~,)= RILs~k,Eligible Successor: e4
is also strongly connected,
E~ D_Lc and D[Lc] is a spanning sub-
Step 4:
Step 5:
graph o f D ~. Thus finding a test sequence which includes every edge in Lc at least once for the digraph D ~ = (V ~, E ~) is reduced to finding an R P T o f D ~ over L c 3. IfD[Lc] is not weakly connected, edges from E ~ are added to Lc to obtain Lc* until D [Lc* ] is weakly connected. Construct an RSA D* o f D ~ over Lc* and find an Euler tour T* in D*, which is an R P T T* of D~ over Lc*, where each edge in T* is represented by the label o f the edge. Removing the label o f 'null/null' in T* will give rise to a synchronizable test sequence T in D which checks output and transfer functions. Note that if D[Lc] is itself weakly connected, T* is also an R C P T in D ~ o v e r L c and T is then a minimum-length synchronizable test sequence.
Figure 5 Duplex digraph D' = (V',E') of D in Figure4. Unlabelled edges have "null/null' labels. Edges in Ec are bold faced a/B,a/A
Given SUIO v and SUIO L sequences for an FSM represented by D = (V, E), it can be verified that the complexity o f constructing a synchronizable test sequence for the FSM is O(n(m + n) log(m + n)).
~
EXAMPLE Consider the digraph D in Figure 4. It can be verified that the digraph D in Figure 4 is robustly biconnected a n d strongly distinguishable. We have SUIOU(0)= a/B,a/A; SUIOU(1) = a/A; SUIOU(2) = a/B,a/B; SuIOL(0) = b/C; SuIOL(1) = b/B; SuIOL(2) = b/A. The duplex digraph D' = (V', E ' ) of D is shown in Figure 5. A digraph D A = (V A, E A) shown in Figure 6 is constructed from D' = (V', E ' ) in Figure 5 such that VA = V' to {Xo.I, X2.0, Y2.2} and E A = E' tO Lc, where L c = {(0 u, Xo,1; a/B), (0 L, L2,2; b/C@b/A), (1 u, 0u; a/A@a/B,a/A), (1 L L2.2; b/B@b/A), (2U, X2,o; a/B), (2 L, Y2.2; b/A)}. Edges in L c are bold faced in Figure 6.
b/B@b/A
Figure 6 Digraph D~ obtained from D' in Figure 5. Bold faced edges are edges in Ec
D[Lc] is not a spanning subgraph o f D A since vertices Uo, ~and U2, 0 a r e not incident to any edge in Lc. Thus, we create a digraph D - = (V ~, E ~) by the procedure in step 3. The digraph D ~ = (l/~, E ~) is shown in Figure 7. Since D[Lc] is not weakly connected, we add edges (0 u, l L; a/B), (X0.1,2L; b/B) and (2 u, 0L; a/B) to L c to obtain Lc*, which is shown in Figure 8. An RSA D* of D A is shown in Figure 9.
computer communications volume 16 number 10 october 1993
659
Synchronizable test sequence generation: H Ural and Z Wang a/A@a/B,a/A
CONCLUSIONS
a/B,a/A
a/B
a/B a/B,a/B
Figure 7
Digraph D~ obtained from D Ain Figure 6 a/A@a/B,a/A
a/B
Figure 8
-~
a/B
Edge-induced spanning subgraph D[Lc*] a/B,a/A
a/A@a/B,a/A --
We have studied the p r o b l e m o f generating a sync h r o n i z a b l e test sequence from a protocol specification modelled as a deterministic a n d m i n i m a l FSM. By defining an order-specified digraph to represent the given FSM, we are able to rephrase the p r o b l e m as finding a correctly-ordered p o s t m a n tour in the digraph such that the c o r r e s p o n d i n g sequence o f transitions cause no s y n c h r o n i z a t i o n problem. We have presented a heuristic which constructs a sync h r o n i z a b l e test sequence from the given strongly b i c o n n e c t e d order-specified digraph using synchronizable U I O sequences for each state o f the c o r r e s p o n d i n g FSM. This heuristic provides a n elegant solution to the synchronization p r o b l e m that arises during the application of a p r e d e t e r m i n e d test sequence in some protocol test architectures that utilize remote testers. This p r o b l e m is usually solved in practice by coordinating the actions o f the remote testers using a test m a n a g e m e n t protocol, a ferry protocol with inter-process c o m m u n i c a t i o n , or a t e l e p h o n e / t e r m i n a l connection. However, these solutions either require an additional c o m m u n i c a t i o n c h a n n e l or an additional protocol for coordination between the testers. T h e solution provided by this heuristic eliminates such requirements since the resulting s y n c h r o n i z a b l e test sequence c o r r e s p o n d s to a sequence o f transitions that cause no s y n c h r o n i z a tion p r o b l e m a n d thus no loss o f c o o r d i n a t i o n between remote testers during its execution.
.~_
~ . ~
/ ACKNOWLEDGEMENTS T h e authors wish to acknowledge m a n y useful discussions with Sylvia Boyd. This work was supported in part by the T e l e c o m m u n i c a t i o n s Research Institute o f O n t a r i o a n d N a t u r a l Sciences a n d Engineering Research Council of C a n a d a .
Figure 9
RSA D* of D~ in Figure 7. Dashed edges are replicates
REFERENCES An Euler tour starting at 0 U in D* o f Figure 9 is:
1
a/B null/null
2
b/B b/A a/B,a/B a/Ata/B,a/A a/B b/B(ab/A a/B b/C@b/A null/null a/B a/B.a/A
By removing the null/null label, we obtain the following sequence: a/B b/C.b/A
b/B b/A a/B,a/B a/Ka/B,a/A a/B a/B.a/A
a/B b/B,b/A
a/B
Hence a s y n c h r o n i z a b l e test sequence for the F S M represented by digraph D in Figure 4 is: a(ab b(aaa a(aaa aObb aObb a0aa
660
3
4 5 6
ISO TC97/SC21, 0S1 conformance testing methodology and framework - Part 1-5, ISO 2nd DP9646-1 revised text (edited by D. Rayner), Vancouver, Canada (December 1987) Rayner, D 'OSI conformance testing', Comput. Networks&ISDN Syst., Vol 14 (1987) pp 79-98 Aho.A V, Dahbura, A T, Lee, D and Uyar, M U 'An optimization technique for protocol conformance test sequence generation based on UIO sequences and rural Chinese postman tours', IEEE Trans. Commun., Vo139No 11 (1991)pp 1604-1615 Chow, T S 'Testing software designs modeled by finite-state machines', IEEE Trans. Softw. Eng., Vol 4 No 3 (1978) pp 178-187 Gonenc, G "A method for the design of fault detection experiments', IEEE Trans. Comput., Vol 19 (1970) pp 551-558 Miller, R E and Paul, S 'Generating minimal length test
computer communications volume 16 number 10 october 1993
Synchronizable test sequence generation: H Ural and Z Wang
7 8
9 10
11 12
sequences for conformance testing of communication protocols'.IEEE INFOCOM, Vol 2 (1991) Sabnani, K and Dahbura, A T 'A protocol test generation procedure', Comput. Networks and ISDN Syst., Vol 15 (1988) pp 285-297 Shen, Y N, Lombardi, F and Dahbura, A T 'Protocol conformance testing using multiple UIO sequences', in Protocol Specification, Testing and Verification, IX (E Brinksma, G Scollo and C A Vissers, Editors), Elsevier, Amsterdam (1989) pp 131-143 Sidhu, D and Leung, T-K 'Formal methods for protocol testing: A detailed study', IEEE Trans. Softw. Eng., Vol 15 No 4 (1989) pp 413--426 Uyar, M U and Dahbura, A T 'Optimal test sequence generation for protocols: the Chinese postman algorithm applied to Q931', Proc. IEEE Global Telecommun. Conf. (1986) pp 68-72 Gill, A 'Introduction to the Theory of Finite-state Machines', McGraw-Hill, New York, 1962 Boyd, S C and Ural, H 'The synchronization problem in protocol testing and its complexity', lnfo. Proc. Letters, Vol 40 No 3 (November 1991) pp 131-136
13 14 15 16 17 18 19 20 21
Bondy, J A and Murty, U S R Graph Theory with Application, Elsevier, New York (1976) Edmonds, J and Johnson, E L 'Matching, Euler tours and the Chinese postman',MathematicalProg., Vol 5 (1973) pp 88-124 Kuan, M-K 'Graphic programming using odd or even points', Chinese Math., Vol 1 (1962) pp 273-277 Even, S Graph Algorithms, Computer Science Press, Maryland (1979) Tarjan, R E Data Structures and Network Algorithms, Society for Industrial and Applied Mathematics (1983) Lenstra, J K and Rinnooy Kan, A H G 'On general routing problems', Networks, Vol 6 (1976) pp 273-280 Sarikaya, B and Bochmann, G.v "Synchronization and specification issues in protocol testing', IEEE Trans. Commun., Vol 32 (1984) pp 389-395 Chen, W H, Lu, C S, Chen, L and Wang, J T "Synchronizable protocol test sequence generation via the duplex technique', IEEE INFOCOM'90, Vol 2 (1990) pp 561-563 Ural, H and Wang, Z Synchronizable test sequence generation using UIO sequences, Technical Report, TR-92-16, Department of Computer Science, University of Ottawa (April 1992)
computer communications volume 16 number 10 october 1993
661
This study addresses the synchronization problem that arises during the application of a predetermined test sequence in
some protocol test architectures that utilize remote testers. This problem can usually be solved by coordinating the actions of the remote testers using a test management protocol, a ferry protocol with inter-process communication, or a telephone/terminal connection. However,these solutions either require an additional communication channel or an additional protocol for coordination between the testers. Such requirements can be eliminated by constructing a synchronizable test sequence such that the corresponding sequence of transitions causes no synchronization problem. A heuristic we develop in this study constructs a synchronizable test sequence from a given strongly biconnected digraph representing a deterministic and minimal FSM using synchronizable UIO sequences for each state of the given FSM.
Keywords: test sequence generation, synchronization, protocol conformance testing The specification of a communication protocol is a set of rules which defines all possible interactions among the entities of a communication system. The implementation of a communication protocol must be tested for conformance to its specification. The objective of protocol conformance testing is to establish whether a protocol implementation under test (I) conforms to the protocol specification 1.2. A common feature of various test architectures proposed for protocol conformance testing is that I is tested as a black box. In some of these architectures, such as that shown in Figure 1, the lower interface and the upper interface of I are controlled and observed indirectly by the lower tester (L) and directly by the upper tester (U), respectively. During testing, L and U coordinate in applying a (usually pre-determined) Department of Computer Science, University of Ottawa, Ottawa, Ontario KIN 6N5, Canada Paper received." 17 April 1992: revised paper received." 28 August 1992
sequence of stimuli (i.e. a test sequence) to I, and observing (indirectly or directly) the responses (output) of I to the applied stimuli (input). Due to the black box nature of protocol conformance testing, test sequences are generated from the protocol specifications. Various formal methods 3-1° have been proposed for generating test sequences from a deterministic FSM ll which models the control portion of a protocol. The typical aim of these methods is to generate a test sequence which checks whether each transition specified in the FSM is correctly implemented by I, i.e. for each transition, I generates the expected response and transfers to the expected state upon receiving the stimulus. In general, such a sequence starts and terminates at a specific state (i.e. start state) of the given FSM. During the application of a predetermined test sequence in the test architecture shown in Figure 1, U and L are bound to synchronize with each other only through their interactions with I. However, this requirement may lead to a synchronization problem when L (or U) is expected to send an input to I after I sends an output to U (or L) but L (or U) is unable to determine whether I sent that output. Synchronization between U and L can be achieved by any suitable test management protocol coordinating the actions of the testers =, by a ferry protocol with inter-process communication 1, Upper Tester U
Lower Tester L
Figure 1
~
npleTentation
'l
Testarchitecture
0 1 4 0 - 3 6 6 4 / 9 3 / 0 1 0 6 5 3 - 0 9 © 1993 Butterworth-Heinemann Ltd computer communications volume 16 number 10 october 1993
653
Synchronizable test sequence generation: H Ural and Z Wang
or through manual coordination (by use of a telephone or terminal connection) 2. However, these solutions either require an additional communication channel or an additional protocol for coordination between U and L. Such requirements can be eliminated by constructing a synchronizable test sequence such that the corresponding sequence of transitions cause no synchronization problem. It was shown that, in the general case, an FSM represented by a strongly connected digraph D = (V, E) with a specified vertex v0 contains a synchronizable test sequence if and only i f D is strongly biconnected ~2. A heuristic we develop in this study constructs a synchronizable test sequence from a given strongly biconnected digraph representing a deterministic and minimal FSM using synchronizable UIO sequences for each state of the given FSM. The remainder of the paper is organized as follows. First, the FSM model, postman and rural postman tour algorithms are briefly reviewed; the synchronization problem is formally defined, and the condition for the existence of a synchronizable test sequence is presented. Then, a heuristic for generating a synchronizable test sequence using UIO sequences is proposed, and an example is given to illustrate the proposed heuristic. Finally, conclusions are given.
PRELIMINARIES FSM and its graph representation A finite state machine ( F S M ) M with finite sets of states {so, s, . . . . . s,} = SM, inputs ti,, i2 . . . . . . iq} = IM, and outputs {ol, o2 . . . . . . or} = OM can be represented by a digraph D = (V. E), where Vis the set of vertices, each representing a state of the FSM, and E is the set of directed edges, each representing a transition of the FSM. State So is the start state of the FSM. The total number of transitions in a given FSM is denoted by m. A state transition from sj to sk in the FSM M is denoted by tjk = (Sj, sk;i/o) and corresponds to an edge from vi to vk in D, i.e. ejk = (vj, v~; i/o), where i is an input symbol, 0 is an output symbol, and i/o is the label of the transition or the edge. For edge eik= (vi, vk; i/o), vj is the head ofejk (denoted by head(ejk)); vk is the tail ofejk (denoted by tail(eik)). The cost of an edge is the number of labels associated with the edge. Apath P in a digraph D = (V, E) is a finite non-null sequence of (not necessarily distinct) consecutive edges: P = (vl, v2), (v2, v3). . . . . (vk - l, vk). In a digraph with no multiple edges between any pair of vertices, a path is determined by the sequence v i, v2 . . . . . vk of its vertices, and thus can be specified as P = v I , v2..... vk. The length of a path is the number of edges included in the path. The cost of a path is the sum of costs of the edges in the path. We also define, for a path P = i,j, ....
654
p, q, first___edge (P) = (i, j) and last__edge (P) = (p, q). For each vertex v in a digraph D = (V, E), in-degree of v, di(v), is defined as I{(u, v): (u, v) CE}I and out-degree of v, d0(v), is defined as I{(v, w): (v, w) CEIl. A digraph D = (V, E) is symmetric if d i ( v ) = d0(v), V v C V. A digraph D = (V, E) is strongly connected if for every pair of vertices i~i and vj C V, there exists a path from vi to vj. A digraph D = (V, E) is weakly connected if the underlying undirected graph is connected 13. A subgraph D' ( V', E') of D = ( V, E) is a spanning subgraph of D if E' C_E and V ' = V. The edge-induced spanning subgraph D[Ec] o f D = (V, E) for some subsetEc C_E is the subgraph of D whose vertex set is Vand whose edge set is Ec 13. A tour in a digraph D = (V, E) is a path in D which starts and ends at the same vertex. An Euler tour (path) in a digraph D = (V, E) is a tour (path) which traverses every edge in E exactly once. A strongly connected digraph D = (V, E) contains an Euler tour if and only if D is symmetric t4. A postman tour (PT) in a digraph D = (14, E) is a tour which includes each edge in E at least once. A Chinese postman tour (CPT) in a digraph D = (V, E) is a minimum-cost PT of D 12"14. 15. A rural postman tour (RPT) of a digraph D = (V, E) over a set Ec C E is a tour traversing every edge in Ec at least once. A rural Chinese postman tour (RCPT) ofD = (V, E) over a set E c C_E is a minimum-cost tour traversing every edge in Ec at least once. Given a strongly connected D = (V, E), if D is symmetric then finding a CPT in D is equivalent to finding an Euler tour in D, which can be solved by an O(m) algorithm 16. If D is not symmetric, we can construct a minimum-cost symmetric augmentation D* of D 14 by replicating edges of D such that D* is symmetric and the replicated edges are minimized. An Euler tour in D* is then a CPT in D. The minimum-cost symmetric augmentation D* of D for a tour is achieved by minimizing ]~Ne subject to Are > 0 and Are is an integer, V e C E , and E(Ne: k = head(e))-F,(Ne: k = tail(e)) = di(k) - do(k), k C V. The minimum-cost symmetric augmentation for a tour can be solved by a min-cost max-flow algorithm 3' 14. 17 with a complexity of O(mn log n) 3. Computing an R C P T is NP-complete in the most general case ~8. Nevertheless, i f D is strongly connected and the edge-induced spanning subgraph D[Ec] of D is weakly connected, then any minimum-cost rural symmetric augmentation D* of DIEc] for a tour is strongly connected 3. D* = (V*, E*) is a minimum-cost rural symmetric augmentation (RSA) o f D [Ec] for a tour if D* is symmetric, V* C_ V, and E* contains every edge in Ec at least once, and every edge in E - E c zero or more times such that the total cost of edges in E* is minimized. Then, an RSA D* of D has an Euler tour which is an R C P T o f D overEc. IfD[Ec] is not weakly connected, edges from E can be added to Ec to obtain Ec A such that D[Ec A] is weakly connected. An Euler
computer communications volume 16 number 10 october 1993
Synchronizable test sequence generation: H Ural and Z Wang
tour of the R S A D * of D[Ec A] is then an R P T o f D over Ec, but not necessarily an RCPT. The complexity o f obtaining an R P T or R C P T o f a strongly connected digraph D = (V, E) is b o u n d e d by the complexity o f c o m p u t i n g an RSA D* of D[Ec] or an RSA D* o f D[EcA], which can be solved with the complexity o f O(mn log n) 3.
Synchronization problem Formally, the synchronization problem is defined as follows. Let each transition tij of I be one of the following types, i.e. type(to) = :I receives an input from L and does not send any output (i.e. output is null) R ID :I receives an input from U and does not send any output (i.e. output is null) RXLs IL :I receives an input from L and sends an output to L RILs m :I receives an input from L and sends an output to U R1Us IL :I receives an input from U and sends an output to L R I U s IU :I receives an Input from U and sends an output to U R ILsIL'U :I receives an input from L and sends an output to L and U RIUs IUL :I receives an input from U and sends an output to U and L R IL
Then, considering two consecutive transitions of I, one o f the testers, say L (or U), faces a synchronization problem if L (or U) did not take part in the first transition and if the second transition requires that it sends a stimulus to 119. For example, a synchronization problem will occur ifRILS IL is to be followed by R IU. Two consecutive transitions t 6 and tjk of I form a synchronizable pair of transitions if tjk can follow t,:i without generating a synchronization problem. For example, R I L s IU forms a synchronizable pair of transitions when followed by any other transition o f I. For a transition tij of an FSM, each transition tjk that forms a synchronizable pair o f transitions with tij is called an eligible successor o f tij. A transition sequence is synchronizable if for every two consecutive transitions in the sequence, the second transition is an eligible successor o f the first one. A synchronizable input sequence for state s is an input sequence in response to which the FSM at state s produces a synchronizable transition sequence. A test sequence for an FSM is a sequence o f inputs that checks whether each transition o f the F S M is correctly implemented by a given implementation o f the FSM. A synchronizable test sequence for an FSM is then both a synchronizable input sequence for the start state of the FSM and a test sequence.
Existence of a correctly-ordered postman tour We call a digraph D = (V, E) order-specified if for each edge e = (i,j) in E we specify a subset of the outgoing edges of v e r t e x j as eligible successor edges for e. Note that for this definition we allow multiple edges to have distinct labels. We say a path of an order-specified digraph D is correctly-ordered (CO) if for every consecutive pair of edges (i,j) and (j, k) in the path, (j, k) has been specified as an eligible successor of (/,j). The concepts of the CO tour, the CO postman tour (COPT), the CO Euler tour, the CO Chinese postman tour (COCPT), CO rural postman tour (CORPT) and CO rural Chinese postman tour ( C O R C P T ) are similarly defined. Accordingly, given an order-specified digraph D = (V. E) representing an FSM, a synchronizable test sequence corresponds to a C O P T which starts at a specified state (i.e. start state So) of D: a m i n i m u m length synchronizable test sequence corresponds to a C O C P T which starts at state so. Given a digraph D, there exists a PT of D if and only if D is strongly connected ~4. By contrast, an order-specified digraph D may not contain a COPT, even if D is strongly connected in a COS (i.e. if for every pair of vertices vi and vJ, there exists a CO path from vi to vi) ~2. However, an analogous necessary and sufficient condition has been developed by Boyd and Ural n to determine the existence of a C O P T for an order-specified digraph D = (V, E) with a specified vertex v0. This condition, which is given as T h e o r e m 2.1 below, is based on the following definition: an order-specified digraph D = (V, E) with a specified vertex v0 is called strongly biconnected if for any two edges (i.j) and (p. q) CE. there is a CO tour in D which starts at v0 and contains (i,j) and (p, q).
Theorem 2.1 la An order-specified digraph D = (V, E) with a specified vertex Vo contains a COPT if and only if D is strongly biconnected. For example, it can be verified that the digraph D shown in Figure 2 satisfies the conditions of T h e o r e m 2.1, hence D is strongly biconnected. We call a given order-specified digraph D with specified vertex v0 robustly biconnected if any edge in D is reachable from any other edge in a COS. Obviously, if D is robustly biconnected then D is strongly biconnected.
Synchronizable UIO sequences In an FSM, a unique input~output (UIO) sequence 7 for a state of the FSM is an I/O behaviour that is not exhibited by any other state of the FSM. The UIO sequences are used to check whether the FSM reaches the expected state after the execution of each transition. An I/O sequence is said to be a synchronizable unique
computer communications volume 16 number 10 october 1993
655
Synchronizable test sequence generation: H Ural and Z Wang
length f are computed from those of length (f - 1), only those synchronizable successive transitions are considered. SuIOL(v) for each state v is similarly computed.
PROPOSED METHOD Overview of the proposed method Figure 2
Strongly biconnected digraph D. Edge types and order specifications, el = (0, 1), type (el) C R IvSlt, Eligible Successor: e2, e3; e2 = (1, 0), type (e2) CRIUSiL, Eligible Successor: el. es; e3 = (1,2), type (e3) @ RILsIL. Eligible Successor: e4; e4 = (2, 0), type (e4) E
RILs IL,
Eligible Successor: es; e5 = (0, 2), type (es) CRI'S IL, Eligible Successor: e 4
input/outputsequence (SUIO) for a state of the FSM if(i) it is a synchronizable transition sequence in the FSM and (ii) the I/O behaviour is unique (i.e. not exhibited by any other state of the FSM). Even though an SUIO is itself synchronizable, synchronization problems can still arise when a certain type of transition is followed by the application of an SUIO. For example, if an SUIO for state v is initiated by the upper tester (i.e. the first input symbol is from the upper tester), any transition to state v with type R IL or RILs IL preceding the application of the SUIO will cause a synchronization problem. To solve such a problem, we need two SUIOs for each state vj, denoted by SUIOU(vj) and SuIOL(vj). SUIOU(vj) is initiated by the upper tester (i.e. the first input symbol is from the upper tester) and SuIOL(vj) is initiated by the lower tester. Any transition which transfers the FSM to the expected state vj can then be checked by applying either SUIOU(vi) or SuIOL(vj). In order for an FSM to have an SUIO U, the FSM should not contain indistinguishable states with respect to upper tester. Two states vi and vj in an FSM are indistinguishable with respect to upper tester if: (i)
(ii)
any synchronizable input sequence initiated by the upper tester for state vi is also a synchronizable input sequence for state vj, and vice versa, the FSM produces identical output sequences from either state in response to any synchronizable input sequence initiated by the upper tester.
Indistinguishability with respect to lower tester is similarly defined. An FSM is called strongly distinguishable if it contains no indistinguishable states with respect to either the upper or the lower tester. Obviously, a strongly distinguishable FSM is also minimal. Sabnani and Dahbura 7 gave procedures to compute a minimum length UIO sequence or unique signature for each state. These procedures can also be used to compute SUIOU(v) for each state v except that initially only those transitions initiated by the upper tester are computed and that when the input/output sequences of
656
In the rest of the paper, we assume that a given FSM is deterministic, minimal, strongly distinguishable, robustly biconnected, and possesses two synchronizable unique input/output sequences or unique signatures for each state vj, SUIOU(vj) a n d SuIOL(vj). Note that an FSM is said to be deterministic if for each input symbol i CIM there is at most one transition defined at each state of the FSM and is said to be minimal if it contains no equivalent states. Let an order-specified digraph D = (V, E) with a specified vertex v0 represent the given FSM. In the proposed method, a synchronizable test sequence is generated from D = (V, E) as follows: 1. The digraph D is converted into a duplex digraph D'. 2. Test subsequences are constructed from the SUIO sequences. 3. A digraph D Ais created by adding edges (representing these test subsequences) to D'. 4. The RPT algorithm is employed to construct an RPT in digraph D A over the set of edges representing the test subsequences. Then, the RPT is a synchronizable test sequence for the given FSM.
Duplex digraph Chen et al. 2° describe a procedure for constructing a duplex digraph D' = (V', E') from a digraph D = (V, E) by the following two steps: 1. For a vertex u in 1I, a pair of vertices u u and u L in V' are created. 2. For an edge (u, v) in E, an edge is created in E' which is (U L, vL), if type((u, v)) = RILs IL, or (u L, vV), if type((u, v)) = RILSltJ, or (u v, vL), if type((u, v)) = RIuS lL, or (u t;, vU), if type((u, v)) = R I U s IU.
For example, the conversion of D in Figure 2 into the duplex digraph D' by the above two steps is shown in Figure 3. A CPT in D', if it exists, is then a minimum length synchronizable test sequence for the FSM represented by D. However, a duplex digraph constructed by this procedure suffers two deficiencies. First, a PT (and hence a CPT) in D' does not, in general, exist even when
computer communications volume 16 number 10 october 1993
Synchronizable test sequence generation: H Ural and Z Wang
Co) ® Figure 3
Duplex digraph of D in Figure2
there is a synchronizable test sequence. For example in
Figure 3, T = 0,1,0,1,2,0,2,0, is a C O P T in D, and hence a synchronizable test sequence, but no PT exists in the duplex digraph D' in Figure 3. Second, some types of transitions are not considered, i.e. the conversion of edges of types R IU, R IL, RIUs 1U'L and RILsIL'U is not given. The duplex digraph we define below overcomes the above deficiencies. Our procedure differs from the original duplex digraph construction procedure in two aspects: 1. We create either an edge or a pair of edges in D' for each edge e in D according to the type of e, i.e. type(e). 2. We consider all types of edges, i.e. any edge e with type(e) C {R IU, RIUs IU, R IL, RILs IL, RIUs IL, RILsIU,
The existence o f a C O P T in D = (V, E) starting from v0, or, equivalently, a strongly biconnected digraph D = (K E) with a specified vertex v0, ensures that, for each vertex v C V - {v0}, if LeaveU[v] = O then Arrive U[v] = O, and if Leave L [v] = O then Arrive L[v] = O. Note that, in the above cases, ArriveU'L[v] may or may not be empty. We create a duplex digraph D' = (V', E'), where V' = V v U V L U H and E' = Ec L) F, from a strongly biconnected digraph D = (V, E) with a specified vertex v0 as follows: (a) For each vertex v in V, there are two sets of edges leaving v: LeaveD[v] and LeaveL[v]. We create a vertex vU in VU ifLeaveUlv] 4: O and a vertex V L in VL if LeaveL[v] 4: O. In addition, for vertex v0, if LeaveU[v0] = O but ArriveU[v0] 4= O, we create vertex v0U in vU; similarly, if LeaveL[v0] = O but ArriveL[v0] ~ O, we create vertex v0L in V L. (b) For each edge (u, v) C Arrive UIvI (that implies (u, v) C LeaveU [u]), we create a directed edge, in E o from u u to vU. Similarly, for each edge (u, v) C Arrive L[v], we create a directed edge, in Ec, from u L to v L. (c) For each edge (u, v)CArriveU'Llv], one of the following is performed: (i)
RIU s IU,L, RILsIL,U}. As stated earlier, an FSM is represented by digraph D = (V, E), where each edge corresponds to a state transition a n d each transition is initiated by one of the two testers, upper or lower tester. Hence for each vertex v in D = (K E) (or state v in the corresponding FSM), there are two lists of edges leaving v: the upper leaving list (LeaveV[v]) and the lower leaving list (LeaveL[v]). LeaveU[v] contains the edges corresponding to the transitions initiated at state v by the upper tester, and LeaveL[v] contains the edges corresponding to the transitions initiated at state v by the lower tester. That is, LeaveU[v] = {eCE: where head(e) = v a n d type(e) CtR IU, RIUs IL, RIUs IU, RIUsIU'L}} a n d LeaveL[v] = { e C E : where h e a d ( e ) = v and type(e) C{R IL, RILsIU, RILs IL, RILsIL'U}}. We also define, for each vertex v in D = (V, E), ArriveUlv] = {eCE: tail(e) = v and type(e) CtR IU, RIUsIU}}, ArriveL[v] = {e C E : tail(e) = v and type(e) C{R IL, RILsIL}} and ArriveU'Llv] = {e C E : tail(e) = v and type(e) C{RIuS IL, RILs IU, RIUs IU'L, RILsIL'U}}. Recalling the definitions of LeaveU[v] and LeaveL[v], we know that edges in LeaveU[v] are eligible successors of edges in ArriveU[v] and ArriveU'L[v], edges in LeaveL[v] are eligible successors of edges in ArriveL[v] and ArriveU'L[v]. Furthermore, edges in LeavetJ[v] are the only eligible successors of edges in ArriveU[v], a n d edges in LeaveL[v] are the only eligible successors of edges in ArriveL[v].
(ii)
(iii)
In the case that vertex vU exists but vertex vL does not, we create a directed edge, in Ec, fromuUtovU, if(u, v) C LeaveU[u]; if(u, v) C LeaveL[u], we create a directed edge, in Ec, from U L to vU. In the case that vertex v L exists but vertex vU does not, we create a directed edge, in Ec, from u U to v L, if(u, v) C LeaveU[u]; if(u, v) C LeaveL[u], we create a directed edge, in Ec, from u L to vL. In the case that both v v and v L exist, we have two subcases: If(u, v) C LeaveV[ul, we create, in 11, a vertex U,.v, a directed edge (u U, U,.v) in Ec, and two directed edges (Uu.v, v U) and (Uu,v, v L) in F. We call (u U, U,.v) theparent edge of (Uu,v, vU) and (Uu,v, vL). We call (Uu,v, v u) and (U u,v, v L) the chiM edges of (u U, U,.v). (Uu.v, vU) and (Uu,v, vL) are called twins. Similarly if(u, v) C LeaveL[u], we create, in H, a vertex L,,v, a directed edge (u L L,.v) in Ec, and two directed edges (Lu,v, vv) and (Lu.v, vL) in F. Parent edges, child edges and twin edges are similarly defined.
(d) Each edge in Ec is given cost one and each edge in F is given cost zero. Note that vertex v0 is treated differently in (a). As we have just indicated, for each v C V - {%}, if Leave U[v] = O then ArriveD[v] = O. In this case, we do not want to create vertex vU. Otherwise, either vv would become isolated or any path entering vU would have no way out. Hence vertex vU is created only when LeaveU[v] 4: O. Similarly, vertex v L is created only when Leave L[v]¢ O. However, vertex v0 is different from other vertices such
computer communications volume 16 number 10 october 1993
657
Synchronizable test sequence generation: H Ural and Z Wang
that we can have Arrive t;lvo] 4= O while Leave U[v0] = O. In this case, we need to create vertex v0u in D' in order for edges in ArriverS[v0] to be preserved in D', as described in (b). A similar argument applies to the case when LeaveL[v0] = O but ArriveL[v0] =g O. We call an edge e in D' an inherent edge ife is neither a parent edge nor a child edge.
Case 1: e' is an inherent edge, then xk C V U (J V L. Let elast be the edge in E corresponding to the last transition of the sequence il/01@SUIO(xk), where SUIO(xk) stands for either SuIOU(vq U) if xk - - VqU or SuIOL(vqL) ifxk = VqL. Let (Xs,Xt; ik/ oh) C E c be the inherent or parent edge corresponding to elast.We create an edge (xj,xt; il/oj@SUIO(xk)) in L c and assign Length(SUIO(xk)) + 1 as the cost of the edge, where Length(SUIO(xk)) stands for the length of SUIO(xk). Case 2: e' is a parent edge, then xk CH, i.e. Xk = Up, q or xk = Lp.q. Then e' has two child edges (x k , VqU) and (x k, v qL). Let euqast and eL-lastbe the edges in E corresponding to the last transitions of the sequences i l/ol @SUIOV(vqU) and il/o 1@SuIOL(vqL), respectively. Let (Xs,Xt : ih/Oh ), (X u , X v ; ik /Ok ) C Ec be the inherent edge or the parent edge corresponding to eu.last and eL-~ast, respectively.
Characteristics of the duplex digraph The proofs for the following lemmas are given by Ural and Wang 21.
If an order-specified digraph D = (V, E) with a specified vertex Vo is strongly biconnected, then there exists a path P in the corresponding duplex digraph D ' = ( V ' , E'), where V' = V U tO V L U H and E' = Ec tO F, which visits every vertex in V' and contains every edge in E c and at least one edgefor each pair of twins.
Lemma 3.1
If an order-specified digraph D with a specified vertex vo is robustly biconnected, then the duplex digraph D' = (V', E') is strongly connected.
Lemma 3.2
IfXk = Up.q, we create a vertex Xp, q in Z; an edge (xj, Xp.q; il/ol) in L c ; an edge (Xp,q ,Xt ; SUIO V (v qV) ) in L; and an edge (Xp.q, x~,; SuIOL(vqL)) in L. Assign one as the cost of edge (xj, Xp.q; il/ol) and Length(SUIOV(vqt:)) and Length(SUIOL(vqL)) as the costs of edges (Xp q, xt; SuIOU(vqU)) and (Xp.q, x~; SUIOL(vqL)), respectively.
Details of the proposed method A COPT T in digraph D = (V, E) is obtained by using a graph traversal technique 3 to construct an RPT T* of a strongly connected digraph D ~ = (V~, E ~) over edges Lc. The COPT Tis then a synchronizable test sequence for the FSM represented by D which checks both output and transfer functions of the FSM. The following steps describe the method: Step 1:
Step 2:
Construct the duplex digraph D' = (V', E') from digraph D = (V, E) by the method described above with v0U o r V0L as the start state, where V ' = VU t o V L t O H a n d E ' = E CtoF. Let each edge e' in Ec have the label of the edge e in E which gives rise to e' and each child edge in F has the label of 'null/null'. Each edge in Ec is given cost one and each edge in F is given cost zero. Construct a digraph D A = (V A, EA), such that V A= V ' U Z = V U u v L t A H U Z and E A=
E' U L c U L = E c U F U L c U L, whereZ, L c
Step 3:
and L are constructed as follows: For each edge e = (vp, Vq : it/o 1) C E, let e' = be the corresponding inherent or parent edge. We have the following two cases:
(xj, x k : i l / o l ) C E c
658
computer communications volume 16 number 10 october 1993
Ifxk = Lp.q we create a vertex Yp.q in _ Z; an edge (x., J YP,q ; i l / o l ) i n Lc; an edge (Yp.q,Xt; SUIOU(vqU)) in L; and an edge (Yp.q, xv; SUIOL(vqL)) in L. Assign one as the cost of edge (xj, Yp.q; ij/ol) and Length(SUIOtJ(vqU)) and Length(SUIOL(vqL)) as the costs of edges (Ypq, xt; SuIOU(vqU)) and (Yp.q, x~; SUIOL(vqL)), respectively. Since D' is strongly connected, due to the manner D A is obtained, D A will be strongly connected. The edge-induced subgraph D[Lc] might not be a spanning subgraph of D A, since some vertex in H might not be incident at any edge in Lc. We create a digraph D ~ = (V ~, E~) from D A= (V A, E A) by removing those vertices which are not incident at any edge in L c as follows:
Synchronizable test sequence generation: H Ural and Z Wang (1)
Every vertex in VA which is incident at some edge in L c is included in V~; (2) Every edge in E A with both head vertex and tail vertex in V ~ is included in E~. (3) F o r each vertex x in VA but not in V ~, we know that v CH. There are a pair o f two child edges (x,y; null/null) and (x, z; null/null) incident at x and they are the only edges leaving vertex x. For each incoming edge (w,x; label), we create two edges (w,y; label) and (w,z; label) in E ~ and assign the cost o f edge (w,x; label) as the costs o f these two edges. T h e n D~
a/B
a/B
Figure4 Robustly biconnected D representing a strongly distinguishable FSM. Edge types and order specifications: e~ = (0. I; a/B), type (el) = RtUSIk. Eligible Successor: e2. e3:e2 = (1.0: a/A). type (e2)=RttJSlu, Eligible Successor: e~: e3=(1.2: b/B). type (e3) = RILS Ik, Eligible Successor: e4:e4 = (2.2: b/A), type (e4)= R~LSlU, Eligible Successor: e4, es; es = (2, 0; a/B), type (es) = RmS IL, Eligible Successor:e~. er: e6 = (0.2; b/C), type (e~,)= RILs~k,Eligible Successor: e4
is also strongly connected,
E~ D_Lc and D[Lc] is a spanning sub-
Step 4:
Step 5:
graph o f D ~. Thus finding a test sequence which includes every edge in Lc at least once for the digraph D ~ = (V ~, E ~) is reduced to finding an R P T o f D ~ over L c 3. IfD[Lc] is not weakly connected, edges from E ~ are added to Lc to obtain Lc* until D [Lc* ] is weakly connected. Construct an RSA D* o f D ~ over Lc* and find an Euler tour T* in D*, which is an R P T T* of D~ over Lc*, where each edge in T* is represented by the label o f the edge. Removing the label o f 'null/null' in T* will give rise to a synchronizable test sequence T in D which checks output and transfer functions. Note that if D[Lc] is itself weakly connected, T* is also an R C P T in D ~ o v e r L c and T is then a minimum-length synchronizable test sequence.
Figure 5 Duplex digraph D' = (V',E') of D in Figure4. Unlabelled edges have "null/null' labels. Edges in Ec are bold faced a/B,a/A
Given SUIO v and SUIO L sequences for an FSM represented by D = (V, E), it can be verified that the complexity o f constructing a synchronizable test sequence for the FSM is O(n(m + n) log(m + n)).
~
EXAMPLE Consider the digraph D in Figure 4. It can be verified that the digraph D in Figure 4 is robustly biconnected a n d strongly distinguishable. We have SUIOU(0)= a/B,a/A; SUIOU(1) = a/A; SUIOU(2) = a/B,a/B; SuIOL(0) = b/C; SuIOL(1) = b/B; SuIOL(2) = b/A. The duplex digraph D' = (V', E ' ) of D is shown in Figure 5. A digraph D A = (V A, E A) shown in Figure 6 is constructed from D' = (V', E ' ) in Figure 5 such that VA = V' to {Xo.I, X2.0, Y2.2} and E A = E' tO Lc, where L c = {(0 u, Xo,1; a/B), (0 L, L2,2; b/C@b/A), (1 u, 0u; a/A@a/B,a/A), (1 L L2.2; b/B@b/A), (2U, X2,o; a/B), (2 L, Y2.2; b/A)}. Edges in L c are bold faced in Figure 6.
b/B@b/A
Figure 6 Digraph D~ obtained from D' in Figure 5. Bold faced edges are edges in Ec
D[Lc] is not a spanning subgraph o f D A since vertices Uo, ~and U2, 0 a r e not incident to any edge in Lc. Thus, we create a digraph D - = (V ~, E ~) by the procedure in step 3. The digraph D ~ = (l/~, E ~) is shown in Figure 7. Since D[Lc] is not weakly connected, we add edges (0 u, l L; a/B), (X0.1,2L; b/B) and (2 u, 0L; a/B) to L c to obtain Lc*, which is shown in Figure 8. An RSA D* of D A is shown in Figure 9.
computer communications volume 16 number 10 october 1993
659
Synchronizable test sequence generation: H Ural and Z Wang a/A@a/B,a/A
CONCLUSIONS
a/B,a/A
a/B
a/B a/B,a/B
Figure 7
Digraph D~ obtained from D Ain Figure 6 a/A@a/B,a/A
a/B
Figure 8
-~
a/B
Edge-induced spanning subgraph D[Lc*] a/B,a/A
a/A@a/B,a/A --
We have studied the p r o b l e m o f generating a sync h r o n i z a b l e test sequence from a protocol specification modelled as a deterministic a n d m i n i m a l FSM. By defining an order-specified digraph to represent the given FSM, we are able to rephrase the p r o b l e m as finding a correctly-ordered p o s t m a n tour in the digraph such that the c o r r e s p o n d i n g sequence o f transitions cause no s y n c h r o n i z a t i o n problem. We have presented a heuristic which constructs a sync h r o n i z a b l e test sequence from the given strongly b i c o n n e c t e d order-specified digraph using synchronizable U I O sequences for each state o f the c o r r e s p o n d i n g FSM. This heuristic provides a n elegant solution to the synchronization p r o b l e m that arises during the application of a p r e d e t e r m i n e d test sequence in some protocol test architectures that utilize remote testers. This p r o b l e m is usually solved in practice by coordinating the actions o f the remote testers using a test m a n a g e m e n t protocol, a ferry protocol with inter-process c o m m u n i c a t i o n , or a t e l e p h o n e / t e r m i n a l connection. However, these solutions either require an additional c o m m u n i c a t i o n c h a n n e l or an additional protocol for coordination between the testers. T h e solution provided by this heuristic eliminates such requirements since the resulting s y n c h r o n i z a b l e test sequence c o r r e s p o n d s to a sequence o f transitions that cause no s y n c h r o n i z a tion p r o b l e m a n d thus no loss o f c o o r d i n a t i o n between remote testers during its execution.
.~_
~ . ~
/ ACKNOWLEDGEMENTS T h e authors wish to acknowledge m a n y useful discussions with Sylvia Boyd. This work was supported in part by the T e l e c o m m u n i c a t i o n s Research Institute o f O n t a r i o a n d N a t u r a l Sciences a n d Engineering Research Council of C a n a d a .
Figure 9
RSA D* of D~ in Figure 7. Dashed edges are replicates
REFERENCES An Euler tour starting at 0 U in D* o f Figure 9 is:
1
a/B null/null
2
b/B b/A a/B,a/B a/Ata/B,a/A a/B b/B(ab/A a/B b/C@b/A null/null a/B a/B.a/A
By removing the null/null label, we obtain the following sequence: a/B b/C.b/A
b/B b/A a/B,a/B a/Ka/B,a/A a/B a/B.a/A
a/B b/B,b/A
a/B
Hence a s y n c h r o n i z a b l e test sequence for the F S M represented by digraph D in Figure 4 is: a(ab b(aaa a(aaa aObb aObb a0aa
660
3
4 5 6
ISO TC97/SC21, 0S1 conformance testing methodology and framework - Part 1-5, ISO 2nd DP9646-1 revised text (edited by D. Rayner), Vancouver, Canada (December 1987) Rayner, D 'OSI conformance testing', Comput. Networks&ISDN Syst., Vol 14 (1987) pp 79-98 Aho.A V, Dahbura, A T, Lee, D and Uyar, M U 'An optimization technique for protocol conformance test sequence generation based on UIO sequences and rural Chinese postman tours', IEEE Trans. Commun., Vo139No 11 (1991)pp 1604-1615 Chow, T S 'Testing software designs modeled by finite-state machines', IEEE Trans. Softw. Eng., Vol 4 No 3 (1978) pp 178-187 Gonenc, G "A method for the design of fault detection experiments', IEEE Trans. Comput., Vol 19 (1970) pp 551-558 Miller, R E and Paul, S 'Generating minimal length test
computer communications volume 16 number 10 october 1993
Synchronizable test sequence generation: H Ural and Z Wang
7 8
9 10
11 12
sequences for conformance testing of communication protocols'.IEEE INFOCOM, Vol 2 (1991) Sabnani, K and Dahbura, A T 'A protocol test generation procedure', Comput. Networks and ISDN Syst., Vol 15 (1988) pp 285-297 Shen, Y N, Lombardi, F and Dahbura, A T 'Protocol conformance testing using multiple UIO sequences', in Protocol Specification, Testing and Verification, IX (E Brinksma, G Scollo and C A Vissers, Editors), Elsevier, Amsterdam (1989) pp 131-143 Sidhu, D and Leung, T-K 'Formal methods for protocol testing: A detailed study', IEEE Trans. Softw. Eng., Vol 15 No 4 (1989) pp 413--426 Uyar, M U and Dahbura, A T 'Optimal test sequence generation for protocols: the Chinese postman algorithm applied to Q931', Proc. IEEE Global Telecommun. Conf. (1986) pp 68-72 Gill, A 'Introduction to the Theory of Finite-state Machines', McGraw-Hill, New York, 1962 Boyd, S C and Ural, H 'The synchronization problem in protocol testing and its complexity', lnfo. Proc. Letters, Vol 40 No 3 (November 1991) pp 131-136
13 14 15 16 17 18 19 20 21
Bondy, J A and Murty, U S R Graph Theory with Application, Elsevier, New York (1976) Edmonds, J and Johnson, E L 'Matching, Euler tours and the Chinese postman',MathematicalProg., Vol 5 (1973) pp 88-124 Kuan, M-K 'Graphic programming using odd or even points', Chinese Math., Vol 1 (1962) pp 273-277 Even, S Graph Algorithms, Computer Science Press, Maryland (1979) Tarjan, R E Data Structures and Network Algorithms, Society for Industrial and Applied Mathematics (1983) Lenstra, J K and Rinnooy Kan, A H G 'On general routing problems', Networks, Vol 6 (1976) pp 273-280 Sarikaya, B and Bochmann, G.v "Synchronization and specification issues in protocol testing', IEEE Trans. Commun., Vol 32 (1984) pp 389-395 Chen, W H, Lu, C S, Chen, L and Wang, J T "Synchronizable protocol test sequence generation via the duplex technique', IEEE INFOCOM'90, Vol 2 (1990) pp 561-563 Ural, H and Wang, Z Synchronizable test sequence generation using UIO sequences, Technical Report, TR-92-16, Department of Computer Science, University of Ottawa (April 1992)
computer communications volume 16 number 10 october 1993
661