With advanced computer technology, systems are getting larger to fulfill more complicated tasks, however, they are also becoming less reliable. Consequently, testing is an indispensable part of system design and implementation; yet it has proved to be a formidable task for complex systems. This motivates the study of testing finite state machines to ensure the correct functioning of systems and to discover aspects of their behavior. A finite state machine contains a finite number of states and produces outputs on state transitions after receiving inputs. Finite state machines are widely used to model systems in diverse areas, including sequential circuits, certain types of programs, and, more recently, communication protocols. In a testing problem we have a machine about which we lack some information; we would like to deduce this information by providing a sequence of inputs to the machine and observing the outputs produced. Because of its practical importance and theoretical intere...

ion Let E; E 0 be PCCS expressions. The inter-model abstraction rule IMARGR is defined by E ff[p] \Gamma\Gamma! i E 0 =) E ff[p= G (E;fffg)] ae \Gamma\Gamma\Gamma\Gamma\Gamma\Gamma! i E 0 This rule uses the generative normalization function to convert generative probabilities to reactive ones, thereby abstracting away from the relative probabilities between different actions. We can now define 'GR ('G (P )) as the reactive transition system that can be inferred from P 's generative transition system via IMARGR . By the same procedure as described at the end of Section 3.1, 'GR can be extended to a mapping 'GR : j GG ! j GR . Write P GR ¸ Q if P; Q 2 Pr are reactive bisimulation equivalent with respect to the transitions derivable from G+IMARGR , i.e. the theory obtained by adding IMARGR to the rules of Figure 7. The equivalence GR ¸ is defined just like R ¸ but using the cPDF ¯GR instead of ¯R . ¯GR is defined by ¯GR (P; ff; S) = X i2I R (=I G ) fj p i j G+ I...

Jones and Plotkin give a general construction for forming a probabilistic powerdomain over any directed-complete partial order [Jon90, JP89]. We apply their technique to the failures/divergences semantic model for Communicating Sequential Processes [Hoa85]. The resulting probabilistic model supports a new binary operator, probabilistic choice, and retains all operators of CSP including its two existing forms of choice. An advantage of using the general construction is that it is easy to see which CSP identities remain true in the probabilistic model. A surprising consequence however is that probabilistic choice distributes through all other operators; such algebraic mobility means that the syntactic position of the choice operator gives little information about when the choice actually must occur. That in turn leads to some interesting interaction between probability and nondeterminism. A simple communications protocol is used to illustrate the probabilistic algebra, and several sugg...

We study the problem of uniquely identifying the initial state of a given finite-state machine from among a set of possible choices, based on the input-output behavior. Equivalently, given a set of machines, the problem is to design a test that distinguishes among them. We consider nondeterministic machines as well as probabilistic machines. In both cases, we show that it is Pspace-complete to decide whether there is a preset distinguishing strategy (i.e. a sequence of inputs fixed in advance), and it is Exptime-complete to decide whether there is an adaptive distinguishing strategy (i.e. when the next input can be chosen based on the outputs observed so far). The probabilistic testing is closely related to probabilistic games, or Markov Decision Processes, with incomplete information. We also provide optimal bounds for deciding whether such games have strategies winning with probability 1. 1 Introduction Finite-state machines have been widely used to model systems in diverse areas o...

. In this paper we study the extension of classical testing theory to a probabilistic process algebra. We consider a generative interpretation of probabilities for a language with two choice operators (one internal and the other external), which are annotated with a probability p 2 (0; 1). We define a testing semantics for our language, and we write P passp T to denote that the process P passes the test T with a probability p. We also give a set of essential tests which has the same strength as the full family of tests. Next we give an alternative characterization of the testing semantics, based on the idea of acceptance sets, and we prove that the new equivalence is equal to the testing equivalence. Finally, we present a fully abstract denotational semantics based on acceptance trees. 1 Introduction During the last years there has been a great activity devoted to the study of time and probabilistic extensions of concurrent processes. These extensions are very adequate for the spe...

This paper deals with testing of nondeterministic software systems. We assume that a model of the nondeterministic system is given by a directed graph with two kind of vertices: states and choice points. Choice points represent the nondeterministic behaviour of the implementation under test (IUT). Edges represent transitions. They have costs and probabilities. Test case generation in this setting amounts to generation of a game strategy. The two players are the testing tool (TT) and the IUT. The game explores the graph. The TT leads the IUT by selecting an edge at the state vertices. At the choice points the control goes to the IUT. A game strategy decides which edge should be taken by the TT in each state. This paper presents three novel algorithms 1) to determine an optimal strategy for the bounded reachability game, where optimality means maximizing the probability to reach any of the given final states from a given start state while at the same time minimizing the costs of traversal; 2) to determine a winning strategy for the bounded reachability game, which guarantees that given final vertices are reached, regardless how the IUT reacts; 3) to determine a fast converging edge covering strategy, which guarantees that the probability to cover all edges quickly converges to 1 if TT follows the strategy.

Abstract. Testing tasks can be viewed (and organized!) as games against nature. We study reachability games in the context of testing. Such games are ubiquitous. A single industrial test suite may involve many instances of a reachability game. Hence the importance of optimal or near optimal strategies for reachability games. One can use linear programming or the value iteration method of Markov decision process theory to find optimal strategies. Both methods have been implemented in an industrial model-based testing tool, Spec Explorer, developed at Microsoft Research. 1

We propose an extension of the asynchronous π-calculus with a notion of random choice. We define an operational semantics which distinguishes between probabilistic choice, made internally by the process, and nondeterministic choice, made externally by an adversary scheduler. This distiction

. In this paper we investigate ways of modelling communicating processes that display both nondeterministic and probabilistic behaviour. We present an operational model for a probabilistic version of CSP, and describe a number of ways of abstracting a denotational semantics from such a model, so as to represent a process by a set of probability functions, one function for each way of resolving the nondeterministic choices. We then prove an interesting--- although disappointing---result, which shows that no such denotational model can be compositional. We end by identifying a problem with the operational model, which is shared by all similar models known to us, and briefly give some indications as to how this problem might be overcome. 1. Introduction In recent years, an important problem in the study of communicating systems has been the modelling of probabilistic behaviour. This is necessary if we are to argue formally about unreliable behaviour (for example that displayed by an unre...

Abstract. When dealing with process calculi and automata which express both nondeterministic and probabilistic behavior, it is customary to introduce the notion of scheduler to resolve the nondeterminism. It has been observed that for certain applications, notably those in security, the scheduler needs to be restricted so not to reveal the outcome of the protocol’s random choices, or otherwise the model of adversary would be too strong even for “obviously correct ” protocols. We propose a process-algebraic framework in which the control on the scheduler can be specified in syntactic terms, and we show how to apply it to solve the problem mentioned above. We also consider the definition of (probabilistic) may and must preorders, and we show that they are precongruences with respect to the restricted schedulers. Furthermore, we show that all the operators of the language, except replication, distribute over probabilistic summation, which is a useful property for verification. 1