1 Introduction

Membrane computing, the research field initiated by Gheorghe Păun in 1998 (Păun 2000), aims to define computational models, called P systems, which are inspired by the behaviour and structure of the living cell. Since its introduction in 1998, the P system model has been intensively studied and developed: many variants of membrane systems have been proposed, a research monograph (Păun 2002) has been published and regular collective volumes are annually edited—a comprehensive bibliography of P systems can be found at The P Systems Web (2008). The most investigated membrane computing topics are related to the computational power of different variants, their capabilities to solve hard problems, like NP-complete ones, decidability, complexity aspects and hierarchies of classes of languages produced by these devices. In the last years there have also been significant developments in using the P systems paradigm to model, simulate and formally verify various systems (Ciobanu et al. 2006). Suitable classes of P systems have been associated with some of these applications and software packages have been developed.

Testing is an essential part of software development and all software applications, irrespective of their use and purpose, are tested before being released. Testing is not a replacement for a formal verification procedure, when the former is also present, but rather a complementary mechanism to increase the confidence in software correctness (Holcombe and Ipate 1998). Although formal verification has been applied to different models based on P systems (Andrei et al. 2007), testing is completely neglected in this context. The main testing strategies involve either (1) knowing the specific function or behaviour a product is meant to deliver (black-box testing) or (2) knowing the internal structure of the product (white-box testing). In black-box testing, the test generation may be based on a formal specification or model, in which case the process could be automated. There is a large class of formal models used in software specification: finite state machines, Petri nets, process algebras, Z, VDM, etc. We can add now P systems as a formal approach (Ciobanu et al. 2006) to specifying various applications in linguistics, graphics and, more recently, biology, especially for defining signalling pathways.

A recent paper, Gheorghe and Ipate (2008) suggests some initial steps toward building a P system testing theory based on rule coverage. In this paper, we propose an approach to P system testing based on finite state machine conformance techniques. Of the many variants of P systems that have been defined, we consider cell-like P systems which use non-cooperative transformation and communication rules (Păun 2002). We will also briefly discuss other classes of P systems that can be used within this framework.

State based languages are established means of modelling computer systems and powerful techniques for testing from finite state machine specifications exist (Lee and Yannakakis 1996). Given a finite state machine specification and an implementation, which is a “black box” for which we can only observe its behaviour, we want to test whether the implementation under test (IUT) conforms to the specification; this is called conformance testing or fault detection and a finite set of sequences that solves this problem is called a test suite.

In the case of a P system specification, it is not generally possible to (dis)prove the equivalent behaviour of the specification and IUT, as this is not decidable. However, the implementation will always be finite (i.e. consisting of a finite sequence of steps) and so it would be possible to model it by a finite state machine; consequently, testing techniques based on this formalism can be used. However, key issues still remain to be addressed: defining a finite state model which correctly approximates the behaviour of the P system and generating appropriate test sequences.

This paper shows that a (minimal) deterministic finite cover automaton (DFCA) (a finite automaton that accepts all words of a given finite language, but can also accept words that are longer than any word in the language) provides the right (finite) approximation for the computation of a P system. Furthermore, based on previous authors’ results on DFCA testing (the W-method for finite cover automata; Ipate 2006, 2008), the paper provides a procedure for generating test sets directly from the P system specification (without explicitly constructing the minimal DFCA model).

The paper is structured as follows. Section 2 provides basic concepts and results to be used later in the paper. Section 3 briefly presents the W-method (for test generation from finite automata) and shows how it can be adapted to DFCA testing (i.e. when there is an upper bound on the length of the strings considered). Section 4 shows how a finite computation of a P system can be approximated by a finite state model while the next section provides the test generation procedure. Finally, conclusions are drawn and further work is outlined in the last section.

2 Preliminaries

Before proceeding, we introduce the notations used in the paper. For an alphabet V = {a 1, …, a p }, V* denotes the set of all strings (sequences) over V. For a string u ∈ V*, |u| denotes the length (number of symbols) of u; in particular |λ| = 0, where λ is the empty string. V n denotes the set of all strings of length n, n ≥ 0, with members in the alphabet V and \(V[n] = \bigcup_{0 \le i \le n}V^i.\) For a string \(u \in V^*, |u|_{a_i}\) denotes the number of a i occurrences in u. For a string u we associate a vector of non-negative integer values \((|u|_{a_1},\ldots,|u|_{a_p}).\) We denote this by Ψ V (u).

2.1 P systems

A basic cell-like P system is defined as a hierarchical arrangement of membranes identifying corresponding regions of the system. With each region there are associated a finite multiset of objects and a finite set of rules; both may be empty. A multiset is either denoted by a string u ∈ V*, where the order is not considered, or by Ψ V (u). The following definition refers to one of the many variants of P systems, namely cell-like P system, which uses non-cooperative transformation and communication rules (Păun 2002). We will call these processing rules. Since now onwards we will refer to this model as simply P system.

Definition 1

A P system is a tuple Π = (V, μ, w 1, …, w n , R 1, …, R n ), where

  • V is a finite set, called alphabet;

  • μ defines the membrane structure; a hierarchical arrangement of n compartments called regions delimited by membranes; these membranes and regions are identified by integers 1 to n;

  • w i , 1 ≤ i ≤ n, represents the initial multiset occurring in region i;

  • R i , 1 ≤ i ≤ n, denotes the set of processing rules applied in region i.

The membrane structure, μ, is denoted by a string of left, [, and right, ], brackets, each with the label of the membrane it points to; μ also describes the position of each membrane in the hierarchy. For instance, a structure of three membranes in which membrane 1 contains membranes 2 and 3 can be described by either [1[2]2[3]3]1 or [1[3]3[2]2]1. The rules in each region have the form a → (a 1t 1)…(a m t m ), where a, a i  ∈ Vt i  ∈ {in, out, here}, 1 ≤ i ≤ m. When such a rule is applied to a symbol a in the current region, the symbol a is replaced by the symbols a i with t i  = here; symbols a i with t i  = out are sent to the outer region or outside the system when the current region is the external compartment and symbols a i with t i  = in are sent into one of the regions contained in the current one, arbitrarily chosen. In the following definitions and examples all the symbols (a i , here) are used as a i . The rules are applied in maximally parallel mode which means that they are used in all the regions in the same time and in each region all the symbols that may be processed, must be.

A configuration of the P system Π, is a tuple c = (u 1, …, u n ), where u i  ∈ V*, is the multiset associated with region i, 1 ≤ i ≤ n. A derivation of a configuration c 1 to c 2 using the maximal parallelism mode is denoted by \(c_1\Longrightarrow c_2.\) In the set of all configurations we will distinguish terminal configurations; c = (u 1, …, u n ) is a terminal configuration if there is no region i such that u i can be further derived.

2.2 Finite automata

Definition 2

A deterministic finite automaton (abbreviated DFA) is a tuple M = (A, Q, q 0, F, h), where:

  • A is the finite input alphabet;

  • Q is the finite set of states;

  • q 0 ∈ Q is the initial state;

  • \(F\,{\subseteq}\,Q\) is the set of final states;

  • \(h: Q \times A \longrightarrow Q \) is the next-state function.

The next-state function h can be extended to a function \(h: Q \times A^* \longrightarrow Q\) defined by:

  • h(q, λ) = q, q ∈ Q;

  • h(q, s a) = h(h(q, s), a), q ∈ Q, s ∈ A*, a ∈ A.

For simplicity the same name h is used for the next-state function and for the extended function.

Given q ∈ Q, the set L q M is defined by \(L^q_M = \{s \in A^* \vert h(q, s) \in F\}.\) When q is the initial state of M, the set is called the language accepted (defined) by M and the simpler notation L M is used.

A state q ∈ Q is called reachable if there exists s ∈ A* such that h(q 0, s) = q. M is called reachable if all states of M are reachable.

Given \(Y \,\subseteq\, A^*,\) two states q 1, q 2 ∈ Q are called Y-equivalent if \(L^{q_1}_M \cap Y = L^{q_2}_M \cap Y.\) Otherwise q 1 and q 2 are called Y-distinguishable. If Y = A* then q 1 and q 2 are simply called equivalent or distinguishable, respectively. Two DFAs are called (Y−) equivalent or (Y−) distinguishable if their initial states are (Y−)equivalent or (Y−) distinguishable, respectively. A DFA M is called reduced if every two distinct states of A are distinguishable.

A DFA M is called minimal if any DFA that accepts L M has at least the same number of states as A. A DFA M is minimal if and only if M is reachable and reduced. Furthermore, the minimal DFA that accepts the same language as a given DFA M is unique (up to a renaming of the state set). These are well-known results; for proofs and other details see for example (Hopcroft et al. 2006).

2.3 Finite cover automata

A deterministic finite cover automaton (DFCA) of a finite language U is a DFA that accepts all sequences in U and possibly other sequences that are longer than any sequence in U. The concept was introduced by Câmpeanu et al. (1998, 2001).

Definition 3

Let M = (A, Q, q 0, F, h) be a DFA, \(U \,\subseteq\, A^*\) a finite language and l the length of the longest sequence(s) in U. Then M is called a deterministic finite cover automaton (DFCA) of U if \(L_M \cap A[l] = U.\)

A minimal DFCA of U is a DFCA of U having the least number of states. Any DFA that accepts U is also a DFCA of U and so the size (number of states) of a minimal DFCA of U cannot exceed the size of the minimal DFA that accepts U. On the other hand, a minimal DFCA of U may have considerably fewer states than the minimal DFA that accepts U (as also shown by examples in this paper).

In the remainder of this section we provide the necessary concepts for characterizing and constructing a minimal DFCA. These are largely from Câmpeanu et al. (1998) and Körner (2003).

Let \(U \,\subseteq\, A^*\) be a finite language, l the length of the longest sequence(s) in U and let M be a DFA; for simplicity, M is assumed to be reachable. For every state q of M, we define level(q) as the length of the shortest input sequences that reach q, i.e.

$$ level(q) = min \{|s| \vert s \in A^*, h(q_0, s) = q\}. $$

Recall that a minimal DFA that accepts U is a DFA in which all states are reachable and pairwise distinguishable. In a DFCA only sequences of length at most l are considered; thus, every states q 1 and q 2 will have to be distinguished by some input sequence of length at most lmax{level(q 1), level(q 2)}. If this is the case, we say that q 1 and q 2 are l-dissimilar. Unlike state equivalence, similarity is not a transitive relation.

Definition 4

Let M = (A, Q, q 0, F, h) be a reachable DFA. States q 1 and q 2 are said to be similar, written \(q_1 \sim q_2\) if q 1 and q 2 are A[j]-equivalent whenever j = lmax{level(q 1), level(q 2)} ≥ 0. Otherwise, q 1 and q 2 are said to be dissimilar, written \(q_1\, \nsim\, q_2.\)

A minimal DFCA of U can be obtained by decomposing the state set of M based on the similarity criterion.

Definition 5

Let M = (A, Q, q 0, F, h) be a reachable DFA. \((Q_i)_{1\le i\le n}\) is called a state similarity decomposition (SSD) of Q if

  • \(\cup_{1 \le i \le n} Q_i = Q\);

  • for every i and j, 1 ≤ i < j ≤ n, \(Q_i \cap Q_j=\emptyset\);

  • for every i, 1 ≤ i ≤ n and every q 1, q 2 ∈ Q i , \(q_1 \sim q_2\);

  • for every i and j, 1 ≤ i < j ≤ n, there exist q 1 ∈ Q i and q 2 ∈ Q j such that \(q_1 \,\nsim\, q_2.\)

For every q ∈ Q we denote by [q] the set Q i of the decomposition such that q ∈ Q i .

In other words, a state similarity decomposition of Q is a partition of Q for which every two elements of the same class are similar and every two distinct classes have at least a pair of dissimilar elements.

Theorem 1

(Körner 2003) Let M = (A, Q, q 0, F, h) be a reachable DFCA of U and let \((Q_i)_{1\le i\le n}\) be a SSD of Q. For every i, choose q i such that \(level(q_i) = min \{level(q) \vert q \in Q_i\}.\) Define M′ = (A, Q′, q 0′, F′, h′) by Q′ = {Q 1, …, Q n }, q 0′ = [q 0], \(F' = \{[q] \vert q \in F\}\) and h′(Q i , a) = [h(q i , a)] for all i, 1 ≤ i ≤ n , and a ∈ A. Then M ′ is a minimal DFCA of U.

As similarity is not an equivalence relation, the SSD may not be unique and, thus, there may be more than one DFCA of the same finite language U (unlike in the case in which the acceptance of the precise language is required). Several algorithms for constructing a minimal DFCA exist (Câmpeanu et al. 1998, 2001, 2002, 2006; Körner 2002, 2003; Păun et al. 2000). The time complexity of these algorithms is polynomial in the number of states n of the original automaton; the best known algorithm (Körner 2002) requires O(n log n) time. Interestingly, García and Jose (2004) note that the minimization of DFCA can be approached as an inference problem, which had been solved several years earlier.

3 The W-method for testing finite cover automata

In this section we present the W-method for generating test suites from finite state specifications. We first give the original form of the method and then we show how it can be adapted for testing based on finite cover automata.

Suppose we have a DFA M. In conformance testing, it is assumed that the IUT can be modelled by an unknown DFA M′ belonging to a known set, called the fault domain, identified by the assumptions which can be made about the implementation (e.g. the DFA model of the implementation may have incorrect transitions—when the next state(s) of one or more transitions is (are) incorrect—missing or extra states). There are a number of more or less realistic assumptions that one can make about the form and size of the implementation model M′ and these, in turn, give rise to different techniques for generating test suites (Lee and Yannakakis 1996). One of the least restrictive assumptions refers to the number of states in M′ and is the basis for the W-method (Chow 1978): the difference between the number of states of the implementation model and that of the specification has to be at most σ, a non-negative integer estimated by the tester.

The W-method involves the selection of two sets of input sequences, a state cover S and a characterization set W defined as follows:

Definition 6

\(S \,\subseteq\, A^*\) is called a state cover of M if λ ∈ S and for every state q ∈ Q there exists s ∈ S that reaches q (i.e. h(q 0, s) = q).

Definition 7

\(W \,\subseteq\, A^*\) is called a characterization set of M if λ ∈ W and every two distinct states of M are W-distinguishable.

It is assumed that the specification M is minimal (if not it can be minimized beforehand) and so a state cover and a characterization set exist. Once S and W have been constructed, a test suite is generated using the formula

$$ U_{\sigma} = S A[\sigma+1] W. $$

Theorem 2

(Chow 1978; Balanescu et al. 2003) For every DFA M′ which has at most σ more states than M, L M  = L M' if and only if \(L_M \cap U_{\sigma} = L_{M'} \cap U_{\sigma}.\)

The idea is that the set \(P = S \cup S A\) (usually called a transition cover of M) ensures that all the states and all the transitions of M are also present in M′ and the set A[σ] W ensures that the destination state of each transition of M′ is also correct. Notice that the latter contains W and also all sets A i W, 1 ≤ i ≤ σ. This ensures that M′ does not contain extra states; if there were up to σ extra states, each of them would be reached by some input sequence of up to length σ from the existing states.

The result above shows that W-method not only provides a rigorous way of obtaining the test suits, but also guarantees the equivalence of the two mechanisms considered.

The problem of conformance testing can also be formulated for bounded sequences: given a DFA specification M and an integer l ≥ 1 (the upper bound), we want to construct a set of sequences of length less than or equal to l that can establish whether the implementation behaves as specified for all sequences in A[l]. If L M contains at least one sequence of length l then M is a DFCA of \(L_M \cap A[l]\) and so the test suite will check whether the IUT model M′ is also a DFCA of \(L_M \cap A[l].\) Recently, it was shown that the underlying idea of the W-method can also be applied in the case of bounded sequences, provided that the sets S and W used in the construction of the test suite contain sequences of minimum length that reach or distinguish the states of M (Ipate 2006, 2008). S and W thus defined are called a proper state cover and strong characterization set, respectively.

Definition 8

\(S \,\subseteq\, A^*\) is called a proper state cover of M if for every state q of M there exists s ∈ S such that h(q 0, s) = q and |s| = level(q).

Definition 9

\(W \,\subseteq\, A^*\) is called a strong characterization set of M if for every two states q 1 and q 2 of M and every j ≥ 0, if q 1 and q 2 are A[j]—distinguishable then q 1 and q 2 are \((W \cap A[j])\)—distinguishable.

Naturally, in the above definition, it is sufficient for q 1 and q 2 to be \((W \cap A[j])\) -distinguishable when j is the length of the shortest sequences that distinguish between q 1 and q 2.

A test suite for the bounded case is generated using the formula

$$ V_{\sigma} = S A[\sigma+1] W \cap A[l]. $$

Theorem 3

(Ipate 2008) for every DFA M which has at most σ more states than M, \(L_M \cap A[l] = L_{M'} \cap A[l]\) if and only if \(L_M \cap V_{\sigma} = L_{M'} \cap V_{\sigma}.\)

4 Modelling P systems using finite automata

In order to apply the W-method (or any other finite state machine based method) to a P system specification, an appropriate DFA model of the specification needs to be defined first. In general, the computation of a P system cannot be fully modelled by a finite automaton and so an approximate DFA model will be sought. The problem will be addressed in two steps. Firstly, the derivation tree of a P system will be represented as a finite automaton. In order to guarantee the finiteness of this process, an upper bound k on the length of any derivation will be set and only computations of maximum k transitions will be considered at a time (otherwise the derivation may continue forever and an infinite number of nodes and arcs will be needed). Secondly, a minimal model, that preserves the required behaviour, will be defined on the basis of the aforementioned derivation tree.

For the sake of clarity, we consider first the derivation tree of a one compartment P system Π = (V, μ, w, R), where μ = [1]1. A configuration of Π can change as a result of the application of one or more rules, in parallel. As only computations of maximum k steps are considered, for every rule r i  ∈ R there will be some N i such that, in any step, r i can be applied at most N i times. Thus, the derivation tree of a P system Π with rules R = {r 1, …, r m } can be described by a DFA Dt k over an alphabet \(A_k \,\subseteq\, \{(r_1^{i_1}\ldots r_m^{i_m}) \vert 0 \le i_1 \le N_1,\ldots,0 \le i_m \le N_m\}\) ; when position i j has the exponent 0 then it will be removed from this notation. Moreover, the minimal alphabet A k will be chosen; that is A k will contain only the transition labels that actually appear in the derivation tree. The states of Dt k correspond to the nodes of the tree. For testing purposes we will consider all the states as final. It is implicitly assumed that a non-final “sink” state q sink that receives all “rejected” transitions, also exists. Consider, for example, \(\Pi_1 =(V, \mu, w_{1}, R_{1})\) defined by \(V = \{s, a, b,c\}, \mu=[_1]_1, w_{1} = s,\,\,R_{1}=\{r_1:s\rightarrow ab, r_2:a\rightarrow c, r_3:b\rightarrow bc, r_4:b\rightarrow c\}.\) The derivation tree of Π1, for k = 4, is as represented in Fig. 1. The terminal configurations (i.e. for which there is no derivation) are in bold (however, these should not be confused with the final states of the DFA—as stated above, all nodes in the tree are considered final states).

Fig. 1
figure 1

Derivation tree for Π1 when k = 4

Full size image

The construction can be generalized for a multiple compartment P system Π = (V, μ, w 1, …, w n , R 1, …, R n ). Again, only computations of maximum k steps are considered. In this case, the derivation tree can be described by a DFA over \(A_k\, \subseteq\, \{(r_{1,1}^{i_{1,1}}\ldots r_{1,m_1}^{i_{1,m_1}},\ldots, r_{n,1}^{i_{n,1}}\ldots r_{n,m_n}^{i_{n,m_n}}) \vert 0 \le i_{j,p} \le N_{j,p}, 1 \le j \le n, 1 \le p \le m_j\},\) where N j,p is the maximum number of times the rule r j,p , from compartment j can be applied in one derivation step. As above, the alphabet A k will contain only the transition labels that appear in the derivation tree. Consider, for example, the two compartment P systems Π2 = (V′, μ′, w1,w2, R1, R2) with V′ = {s, a, b,c}, μ′ = [1[2]2]1 (i.e. region 1 contains 2), \(w'_1 = s, w'_2 = \lambda, R'_1=\{r_1:s\rightarrow sa(b,in), r_2:s\rightarrow ab, r_3:b\rightarrow a, r_4:a\rightarrow c\}, R'_2=\{r_1:b\rightarrow bc, r_2:b\rightarrow c\}\) The derivation tree of Π2 for k = 3 is as represented in Fig. 2. Due to space constraints, in Fig. 2 the derivations from nodes (sac, bc) and (abc, c) (given in italics) are omitted; these nodes are similar (as DFA states) to nodes at higher levels in the hierarchy: \((sac, bc) \sim (sa, b)\) and \((abc, c) \sim (ab, \lambda).\)

Fig. 2
figure 2

Derivation tree for Π2 when k = 3

Full size image

As Dt k is a DFA over A k , one can find the minimal DFA that accepts exactly the language \(L_{Dt_k}\) defined by Dt k . However, as only sequences of at most k transitions are considered, it is irrelevant how the constructed automaton will behave for longer sequences. Consequently, a DFCA of \(L_{Dt_k}\) will be sufficient.

Consider now how Theorem 1 can be applied to obtain a minimal DFCA of \(L_{Dt_k}.\) Let Q k denote the nodes of the derivation tree (thus the state set of Dt k is \(Q_k \cup \{q_{sink}\}\)) and q 0 ∈ Q k the root node. Let ≤ be a total order on Q k such that level(q 1) ≤ level(q 2) whenever q 1 ≤ q 2 and denote q 1 < q 2 if q 1 ≤ q 2 and \(q_1 \neq q_2.\) That is, the node at the superior level is before the node at the inferior level; if the nodes are at the same level then their order can be arbitrarily chosen. Define \(P_k = \{q \in Q_k \vert \neg\exists q' \in Q_k \cdot q' \sim q, q' < q\}, [q] = \{q' \in Q_k \vert q' \sim q \wedge \neg\exists q'' \in P_k \cdot q'' \sim q', q'' < q\}\) for every q ∈ P k (i.e. [q] denotes the set of all states q′ for which q is the minimum state similar to q′) and [q sink ] = {q sink }. Then we have the following result.

Theorem 4

Define M = (A k , Q, [q 0], F, h′) by \(Q = \{[q] \vert q\,\in\,P_k \cup \{q_{sink}\}, F = \{[q] \vert q \in P_k\}\) and h′([q],a) = [h(q, a)] for all \(q \in P_k \cup \{q_{sink}\}\) and a ∈ A k .

Then M is a minimal DFCA of \(L_{Dt_k}.\)

Proof

Let q ∈ Q k , q 1, q 2 ∈ [q]. Since \(q_1 \sim q, q_2 \sim q, level(q_1) \le level(q)\) and \(level(q_2) \le level(q), q_1 \sim q_2.\) Then \(([q])_{q \in P_k \cup \{q_{sink}\}}\) is a SSD of Dt k (the other conditions of Definition 5 follow directly from the definition of [q]). Thus, by Theorem 1, M is a minimal DFCA of \(L_{Dt_k}.\)

Consider, for example, \(L_{Dt_k}\) defined by the derivation tree (of the one compartment P system example Π1 defined earlier) represented in Fig. 1. As the system configurations that label the nodes are pairwise distinct, the set Q k can be defined by these configurations. Then Q = {[s], [ab], [bc 2], [c 2], [q sink ]}, [s] = {s, bc 4, c 4}, [ab] = {ab}, [bc 2] = {bc 2, bc 3}, [c 2] = {c 2, c 3}. A minimal DFCA of the language \(L_{Dt_k}\) is as represented in Fig. 3 (the “sink” state is not explicitly shown).

Fig. 3
figure 3

Minimal DFCA for Π1 when k = 4

Full size image

Not only a minimal DFCA of \(L_{Dt_k}\) may have (significantly) less states than the minimal DFA that accepts \(L_{Dt_k},\) but it also has an important property: at limit, if the entire computation (i.e. for derivation sequences of any length) of a P system can be described by a DFA M, then M is actually a DFCA of L Dt for k sufficiently large. This is formally proven next.

Suppose there exists a DFA M′ over the input alphabet A and there exists n ≥ 1 such that, for every k ≥ n, A k  = A and \(L_{M'} \cap A[k] = L_{Dt_k} \cap A[k].\) Clearly, L M = L M for any DFA M″ that satisfies the above property. We denote by M the minimal DFA that accepts L M' and we say that {Dt k } converges to M.

Theorem 5

Suppose that {Dt k } converges to M. Then there exists m ≥ 1 such that for every k ≥ m, M is the unique (up to a renaming of the state set) minimal DFCA that accepts \(L_{Dt_k}.\)

Proof

Since {Dt k } converges to M there exists n ≥ 1 such that for every k ≥ n, A k  = A and \(L_{M} \cap A[k] = L_{Dt_k} \cap A[k].\) Thus M is a DFCA of \(L_{Dt_k}\) for every k ≥ n. Let n M be the number of states of M. Then, by Theorem 2 (the W-method), there exists a finite set of input sequences \(X \,\subseteq\, A^*\) such that for every DFA M′ over input alphabet A with at most n M states, L M  = L M whenever \(L_{M} \cap X = L_{M'} \cap X.\) Let m be the length of the longest sequence(s) in X. We prove that, for every k ≥ m, M is the unique minimal DFCA of \(L_{Dt_k}.\) Let k ≥ m and let M′′ be a minimal DFCA of \(L_{Dt_k}.\) Then \(L_{M} \cap A[k] = L_{M^{\prime\prime}} \cap A[k]\) and since \(X \,\subseteq\, A[k], L_{M} \cap X = L_{M''} \cap X.\) Thus L M  = L M and since M and M′′ are minimal DFAs, it follows that they are identical (up to a renaming of the state set).

Consider the one compartment P system, Π1 defined above. {Dt k } converges to M, the minimal DFCA, for k = 4, represented in Fig. 3. Take, for instance, the nodes u 1 = bc 2 and u 2 = bc 3 from the derivation tree represented in Fig. 1. As the derivation from u 1 is identical to the derivation from u 2 (i.e. any sequence s ∈ A* (of any length) that can be applied to u 1 can also be applied to u 2 and vice versa) u 1 and u 2 should be represented by the same state of a DFA that models the computation of the P system. This is the case when the DFA model considered is a minimal DFCA of \(L_{Dt_k}\) (since u 2 ∈ [u 1]). On the other hand, u 1 and u 2 will be associated with distinct states in the minimal DFA that accepts \(L_{Dt_k}\) (they are not equivalent states since they appear at different levels in the derivation tree).

5 Generating test sequences from a P system

Suppose we have a P system specification Π and an implementation I of Π. As discussed above, given an upper bound k, the computation of Π can be approximated by a minimal DFCA M of the language \(L_{Dt_k}\) defined by the derivation tree. Then the W-method can be applied to check whether I conforms to Π for transition sequences of length up to k. This involves the selection of a proper state cover S and of a strong characterization set W of M.

In this section, we provide a procedure for constructing these two sets. Furthermore, we do not assume that an explicit representation of M has been actually obtained; this would involve the construction of the (entire) derivation tree Dt k and the application of one of the existing minimization algorithms for DFCAs, whose time complexity is polynomial in the number of states of Dt k . Instead, we show how S and W can be directly derived from Π; it will transpire that, for this purpose, it might not be even necessary to construct the entire derivation tree Dt k .

The construction of W is based on the observation that, whenever two states of Dt k are dissimilar, it is sufficient to arbitrarily select any transition label (from either of them) in order to distinguish between them.

Theorem 6

Let q and q′ be states of Dt k for some k ≥ 1. If \(A_k \cap L_M^{q} \cap L_M^{q'} \neq \emptyset\) then \(q {\sim}q'.\)

Proof

Let c = (u 1, …, u n ) and c′ = (u 1′, …, u n ′) be the configurations corresponding to q and q′, respectively and let \(a \in A_k \cap L_M^{q} \cap L_M^{q'}.\) Then u i  = x i y i and u i ′ =  x i y i ′, x i , y i , y i ′ ∈ V*, such that x i is the multiset of symbols consumed by the rules in a, 1 ≤ i ≤ n. As the rules are applied in maximal parallel mode, the sets of symbols that have not been consumed, y i and y i ′, will not affect the future computation of the system. Thus (u 1, …, u n ) and (u 1′, …, u n ′) will be derived identically. Hence \(q {\sim}q'.\)

A corollary of the above theorem is that, if there are no new transition labels between level i and level i + 1 in the derivation tree, there will be no new dissimilar states at any level j ≥ i + 1 and so the DFCA model will converge.

Corollary 1

If there exists i ≥ 1 such that A i  = A i+1 then {Dt k } converges.

Proof

Let M be a minimal DFCA of Dt i constructed as in Theorem 4 and let k ≥ i + 1. Since the (i + 1)th level of Dt k contains no new transition labels, by Theorem 6, any state at the (i + 1)th level will be similar to some state at a higher level in the tree. From this, it follows that, for any j ≥ i + 1, any state at level j is similar to some state at level j′ ≤ i. Then, by Theorem 4, M is a minimal DFCA of Dt k . Thus {Dt k } converges to M.

In general, a (proper) state cover of a minimal DFA can be obtained by constructing a testing tree in a breadth-first fashion (Chow 1978). Let M be the minimal DFCA of Dt k constructed as in Theorem 4, in which the order of the nodes at the same level in the derivation tree is from left to right. On the basis of Theorem 6 and Corollary 1, we will construct a testing tree T of M, without explicitly constructing M. A proper state cover S and a strong characterization set W of M will then be derived from T.

The algorithm is presented in what follows. Analogously to the derivation tree Dt k , the nodes of T are labelled with configurations of Π and the branches of T are labelled with symbols from A k .

  • The root of T is labelled with the initial configuration of Π. This is the level 0 of T.

  • Suppose we have already built T to a level i < k. Then the (i + 1)th level is built by examining nodes at the ith level from left to right. A node labelled c at the ith level is called a leaf if either c is a terminal configuration (c cannot be derived any further) or c can be derived using a symbol a ∈ A k that already labels some branch of the tree. If the node is not a leaf then a branch is attached for each derivation of c.

The algorithm terminates when either some level i < k contains only leaf nodes or level k has been reached. By definition, all nodes at level k are leaf nodes.

We denote by X the set of all non-leaf nodes of T. We also choose a node y (if it exists) as follows: we denote by Y the set of all leaf nodes which are labelled by terminal configurations of Π and are not at the kth level of the hierarchy; if Y is not empty, y is the node in Y at the highest level (if there are two or more such nodes, one is arbitrarily chosen). Then S and W are constructed as follows:

  • S will contain all partial paths in T that lead to nodes from X; furthermore, if \(Y \neq \emptyset, S\) will also contain the path that leads to y.

  • λ ∈ W and, for each non-leaf node x ∈ X, W will contain the label of one transition that emerges from x.Footnote 1

The testing tree for the one compartment P system Π1 defined earlier and k = 4 is given in Fig. 4. As all configurations at the third level are either terminal configurations or can be derived using symbols from higher level branches, all nodes at the third level are leaves. S 1 = {λ, (r 1), (r 1) (r 2 r 3)} is the set of all partial paths that lead to non-leaf nodes and s 2 = (r 1) (r 2 r 4) is the shortest path that leads to a leaf node which is labelled by a terminal configuration. Thus \(S = S_1 \cup \{s_2\}.\) On the other hand, (r 1), (r 2 r 3) and (r 3), respectively, are labels of transitions from each of the 3 non-leaf nodes. Thus W = {λ, (r 1), (r 2 r 3), (r 3)}. S and W are a proper state cover and a strong characterization set, respectively, of the minimal DFCA represented in Fig. 3.

Fig. 4
figure 4

Test tree for Π1 and k = 4

Full size image

Theorem 7

For every k ≥ 1, there exists M a minimal DFCA of \(L_{Dt_k}\) such that S and W thus constructed are a proper state cover and a strong characterization set of M, respectively.

Proof

Let Q k and Q k ′ be the nodes of Dt k and T, respectively. With slight abuse of notation \(Q_k' \,\subseteq\, Q_k.\) By Theorem 6 and Corollary 1, every node in \(Q_k' \setminus Y\) is similar to some node in X. Furthermore, every node in Y is similar to y and every node at the kth level of T (if this level exists) is similar to the initial node. Let M be the minimal DFCA of Dt k constructed as in Theorem 4 in which the order of the nodes at the same level is from left to right. Then, by construction, S is a proper state cover of M. The fact that W is a strong characterization set of M follows directly from Theorem 6.

6 Conclusions

This paper proposes an approach to P system conformance testing using finite state machine based techniques. The computation of the P system specification is approximated by a DFCA, (constructed on the basis of the derivation tree) and a procedure for generating test sets (for the DFCA model) directly from the P system specification is provided.

Of the many variants of P systems that have been defined, the paper considers cell-like P systems which use non-cooperative transformation and communication rules. The same methodology is applicable either directly to tissue P systems using the same type of rules or with few adequate modifications for other classes of cell-like or tissue P systems relying on other communication rules, like symport/antiport, or using catalysts, promoters/inhibitors and general non-cooperative rules. The semantics regarding the use of these rules, in the current case, maximal parallelism, does not affect the methodology. Further work will concentrate on more complex types of P systems, like those with active membranes or population P systems with bonding rules that involve a dynamic structure of the system. Other approaches, such as mutation based test generation [Nilsson et al. 2006], may also be considered.