Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Inferring Models With Rule-Based Expert Systems (SoICT'14)

William Durand
December 05, 2014

Inferring Models With Rule-Based Expert Systems (SoICT'14)

Many works related to software engineering rely upon formal models, e.g., to perform model-checking or automatic test case generation. Nonetheless, producing such models is usually tedious and error-prone. Model inference is a research field helping in producing models by generating partial models from documentation or execution traces (observed action sequences). This paper presents a new model generation method combining model inference and expert systems. It appears that an engineer is able to recognize the functional behaviors of an application from its traces by applying deduction rules. We propose a framework, applied to Web applications, simulating this reasoning mechanism, with inference rules organized into layers. Each yields partial IOSTSs (Input Output Symbolic Transition Systems), which become more and more abstract and understandable.

Online slides: http://slides.williamdurand.fr/soict14/
Sources: https://github.com/willdurand-slides/soict14

William Durand

December 05, 2014
Tweet

More Decks by William Durand

Other Decks in Research

Transcript

  1. Inferring Models With
    Rule-Based Expert Systems
    William Durand, Sébastien Salva — December 5, 2014 / SoICT'14

    View full-size slide

  2. Background @ Michelin

    View full-size slide

  3. 100+ applications running in production
    Not (fully) covered by tests
    Documentation most likely outdated
    MUST be maintained for ~20 years!

    View full-size slide

  4. The only way to ensure stability while fixing a bug
    is to learn how the application behaves.

    View full-size slide

  5. A first classic solution to express these behaviours is to
    model
    them, e.g. with
    I
    nput
    O
    utput
    S
    ymbolic
    T
    ransition
    S
    ystems.
    But writing such models is an
    heavy task
    and
    error prone
    .
    vNot suitable for Michelin applications.

    View full-size slide

  6. Hence the need for a
    model inference approach
    .
    v If models don't exist (or are too
    complicated to write), let's build them!

    View full-size slide

  7. Model Inference

    View full-size slide

  8. Inference is the act or process of reaching a conclusion
    about something from known facts or evidence.

    View full-size slide

  9. A (human) domain expert can deduce the meaning of an
    application execution by reading its traces.
    ì What about doing the same, programmatically?

    View full-size slide

  10. An expert system is a computer system that
    emulates the decision-making ability of a human expert.

    View full-size slide

  11. Model Inference Framework

    View full-size slide

  12. Model Generator Layers

    View full-size slide

  13. Hypotheses On The Rules
    A rule can only be applied a limited number of times on the
    same knowledge base
    The inference rules are Modus Ponens (soundness)
    Facts are Horn clauses
    Modus Ponens + Horn clauses Ű completeness

    View full-size slide

  14. Proof Of Concept
    Working with Web Applications

    View full-size slide

  15. Layer 1: Trace Filtering
    1. Cleaning-up the trace set given as input, removing noise
    2. Transforming "raw" traces into structured traces
    p HTTP requests and responses related to assets
    (CSS files, JavaScript files, images) are meaningless.

    View full-size slide

  16. Structured HTTP Traces
    Let t = req1, resp1, ..., reqn, respn be a raw
    HTTP trace composed of an alternate sequence of HTTP request
    reqi and HTTP response respi. The structured HTTP trace
    σ
    of t is the sequence (a1(p), θ1)...(an(p), θn) where:
    ai is the HTTP verb used to perform the request in reqi,
    p is the parameter set {URI, request, response},
    θi is a valuation p → Dp which assigns a value to each
    variables of p.
    θ
    is deduced from the values extracted from
    reqi and respi.
    The
    resulting trace set
    derived from raw traces is denoted ST.

    View full-size slide

  17. Example
    GET("https://github.com/", req0, resp0)
    GET("https://github.com/login", ...)
    POST("https://github.com/session", ...)
    GET("https://github.com/", ...)
    GET("https://github.com/willdurand", ...)
    GET("https://github.com/willdurand/Geocoder", ...)
    POST("https://github.com/logout", ...)
    GET("https://github.com/", ...)

    View full-size slide

  18. Layer 2: IOSTS Transformation
    1. Translating a structured trace set ST into a run set SR
    2. Deriving a first IOSTS tree δ1 from SR
    … The model is
    not
    extrapolated:
    traces(δ1) = ST

    View full-size slide

  19. Layers 3-N: IOSTS Abstraction
    Composed of rules that emulate the ability of a human expert
    to
    simplify transitions
    , to
    analyze transition syntax
    in order
    to deduce more meaningful information related to the
    targeted application, and to
    construct more abstract models
    .
    Each layer takes an
    IOSTS given by the direct lower one
    .
    It represents the current
    base of facts
    .

    View full-size slide

  20. Layer 3
    Layer 3 contains low level, generic rules that
    can be reused against different applications.
    rule "Identify Login Page"
    when
    $t: Transition(
    Action == GET,
    Guard.response.content contains('login-form')
    )
    then
    modify ($t) { Assign.add("isLoginPage := true") }
    end

    View full-size slide

  21. Layer 3 - Example

    View full-size slide

  22. Layer 4
    Layer 4 allows to infer a more abstract model
    composed of more expressive actions.
    rule "Identify Authentication"
    when
    $t1: Transition(Action == GET, Assign contains "isLoginPage:= true",
    $t1final := Lfinal)
    $t2: Transition(Action == PostRedirection, Linit == $t1lfinal,
    $t2linit := Linit)
    not Transition(Linit == $t2linit)
    then
    insert(new Transition("Authentication",
    Guard($t1.Guard,$t2.Guard), Assign($t1.Assign, $t2.Assign),
    $t1.Linit, $t2.Lfinal
    ))
    retract($t1)
    retract($t2)
    end

    View full-size slide

  23. Layer 4 - Example

    View full-size slide

  24. Cons
    Writing (and maintaining) rules is harder than expected
    Preserving traces(M) = ST leads to rather large models

    View full-size slide

  25. Pros
    Original approach to derive IOSTS models
    It Works™

    View full-size slide

  26. Current Status
    Working on an implementation for Michelin's industrial systems.

    View full-size slide

  27. Future Work
    Generating test cases for regression testing.

    View full-size slide

  28. Thank You.
    Questions?

    View full-size slide