Inferring Models With Rule-Based Expert Systems (SoICT'14)

Transcript

1. Inferring Models With
   Rule-Based Expert Systems
   William Durand, Sébastien Salva — December 5, 2014 / SoICT'14
   

   View Slide

2. View Slide

3. Background @ Michelin
   

   View Slide

4. 100+ applications running in production
   Not (fully) covered by tests
   Documentation most likely outdated
   MUST be maintained for ~20 years!
   

   View Slide

5. The only way to ensure stability while fixing a bug
   is to learn how the application behaves.
   

   View Slide

6. A first classic solution to express these behaviours is to
   model
   them, e.g. with
   I
   nput
   O
   utput
   S
   ymbolic
   T
   ransition
   S
   ystems.
   But writing such models is an
   heavy task
   and
   error prone
   .
   vNot suitable for Michelin applications.
   

   View Slide

7. Hence the need for a
   model inference approach
   .
   v If models don't exist (or are too
   complicated to write), let's build them!
   

   View Slide

8. Model Inference
   

   View Slide

9. Inference is the act or process of reaching a conclusion
   about something from known facts or evidence.
   

   View Slide

10. A (human) domain expert can deduce the meaning of an
    application execution by reading its traces.
    ì What about doing the same, programmatically?
    

    View Slide

11. An expert system is a computer system that
    emulates the decision-making ability of a human expert.
    

    View Slide

12. Model Inference Framework
    

    View Slide

13. Model Generator Layers
    

    View Slide

14. Hypotheses On The Rules
    A rule can only be applied a limited number of times on the
    same knowledge base
    The inference rules are Modus Ponens (soundness)
    Facts are Horn clauses
    Modus Ponens + Horn clauses Ű completeness
    

    View Slide

15. Proof Of Concept
    Working with Web Applications
    

    View Slide

16. Layer 1: Trace Filtering
    1. Cleaning-up the trace set given as input, removing noise
    2. Transforming "raw" traces into structured traces
    p HTTP requests and responses related to assets
    (CSS files, JavaScript files, images) are meaningless.
    

    View Slide

17. Structured HTTP Traces
    Let t = req1, resp1, ..., reqn, respn be a raw
    HTTP trace composed of an alternate sequence of HTTP request
    reqi and HTTP response respi. The structured HTTP trace
    σ
    of t is the sequence (a1(p), θ1)...(an(p), θn) where:
    ai is the HTTP verb used to perform the request in reqi,
    p is the parameter set {URI, request, response},
    θi is a valuation p → Dp which assigns a value to each
    variables of p.
    θ
    is deduced from the values extracted from
    reqi and respi.
    The
    resulting trace set
    derived from raw traces is denoted ST.
    

    View Slide

18. Example
    GET("https://github.com/", req0, resp0)
    GET("https://github.com/login", ...)
    POST("https://github.com/session", ...)
    GET("https://github.com/", ...)
    GET("https://github.com/willdurand", ...)
    GET("https://github.com/willdurand/Geocoder", ...)
    POST("https://github.com/logout", ...)
    GET("https://github.com/", ...)
    

    View Slide

19. Layer 2: IOSTS Transformation
    1. Translating a structured trace set ST into a run set SR
    2. Deriving a first IOSTS tree δ1 from SR
    … The model is
    not
    extrapolated:
    traces(δ1) = ST
    

    View Slide

20. Example
    

    View Slide

21. Layers 3-N: IOSTS Abstraction
    Composed of rules that emulate the ability of a human expert
    to
    simplify transitions
    , to
    analyze transition syntax
    in order
    to deduce more meaningful information related to the
    targeted application, and to
    construct more abstract models
    .
    Each layer takes an
    IOSTS given by the direct lower one
    .
    It represents the current
    base of facts
    .
    

    View Slide

22. Layer 3
    Layer 3 contains low level, generic rules that
    can be reused against different applications.
    rule "Identify Login Page"
    when
    $t: Transition(
    Action == GET,
    Guard.response.content contains('login-form')
    )
    then
    modify ($t) { Assign.add("isLoginPage := true") }
    end
    

    View Slide

23. Layer 3 - Example
    

    View Slide

24. Layer 4
    Layer 4 allows to infer a more abstract model
    composed of more expressive actions.
    rule "Identify Authentication"
    when
    $t1: Transition(Action == GET, Assign contains "isLoginPage:= true",
    $t1final := Lfinal)
    $t2: Transition(Action == PostRedirection, Linit == $t1lfinal,
    $t2linit := Linit)
    not Transition(Linit == $t2linit)
    then
    insert(new Transition("Authentication",
    Guard($t1.Guard,$t2.Guard), Assign($t1.Assign, $t2.Assign),
    $t1.Linit, $t2.Lfinal
    ))
    retract($t1)
    retract($t2)
    end
    

    View Slide

25. Layer 4 - Example
    

    View Slide

26. Need More?
    

    View Slide

27. Conclusion
    

    View Slide

28. Cons
    Writing (and maintaining) rules is harder than expected
    Preserving traces(M) = ST leads to rather large models
    

    View Slide

29. Pros
    Original approach to derive IOSTS models
    It Works™
    

    View Slide

30. Current Status
    Working on an implementation for Michelin's industrial systems.
    

    View Slide

31. Future Work
    Generating test cases for regression testing.
    

    View Slide

32. Thank You.
    Questions?
    

    View Slide