state_machine_checker 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c5b18f97d28a7f774d19289b199b48d59a9cd470924d60c8d24d8c6e7a19276b
+  data.tar.gz: 474ad4475d4363e54430f13988ec0203aa7fad9b1f6810e6cc934077e7fb5a3a
+SHA512:
+  metadata.gz: cf8b01a402b35d8957d4a4ad705ed978ce733c2243c846322cd1c596c534cafb7d7551c245c8f5032bdb3dbbbb62ed4c55e4fdcf63508eb71b71025e41b87315
+  data.tar.gz: abde78b8b55667d400cb842275e746265d4a1af57aca5c0be5e12fba0f84539ed1e3efea011b583dd75bec301b43535b4f9836cfe9f6a9b16541918ac36d5275

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,4 @@
+--format progress
+--warnings
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.6.0
+before_install: gem install bundler -v 1.17.2

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at chrisstadler@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in state_machine_checker.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,67 @@
+PATH
+  remote: .
+  specs:
+    state_machine_checker (0.1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.0)
+    coderay (1.1.2)
+    diff-lcs (1.3)
+    jaro_winkler (1.5.2)
+    method_source (0.9.2)
+    parallel (1.14.0)
+    parser (2.6.0.0)
+      ast (~> 2.4.0)
+    powerpack (0.1.2)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    psych (3.1.0)
+    rainbow (3.0.0)
+    rake (10.5.0)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.0)
+    rubocop (0.65.0)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.5, != 2.5.1.1)
+      powerpack (~> 0.1)
+      psych (>= 3.1.0)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.4.0)
+    ruby-progressbar (1.10.0)
+    standard (0.0.36)
+      rubocop (>= 0.63)
+    state_machines (0.5.0)
+    unicode-display_width (1.4.1)
+    yard (0.9.18)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.17)
+  pry
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  standard (~> 0.0.36)
+  state_machine_checker!
+  state_machines (~> 0.5.0)
+  yard (~> 0.9.18)
+
+BUNDLED WITH
+   1.17.2

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Chris Stadler
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,102 @@
+# State Machine Checker
+
+Verify (as in prove) properties of your state machines.
+
+Given a definition of a state machine and a [CTL
+formula](https://en.wikipedia.org/wiki/Computation_tree_logic) this library
+performs model checking to verify whether the formula is satisfied by the state
+machine.
+
+For example, let's say we have implemented a very simple state machine to
+represent credit card payments:
+
+```rb
+class Payment
+  state_machine initial: :checkout do
+    event :started_processing do
+      transition from: [:checkout], to: :processing
+    end
+
+    event :finished_processing do
+      transition from: [:processing], to: :completed
+    end
+
+    event :processing_failed do
+      transition from: [:processing], to: :failed
+    end
+  end
+end
+```
+
+We might want to verify that every `Payment` eventually completes. This property
+can  be represented as the CTL Formula `AF completed` — for all paths (`A`)
+eventually (`F`) `completed` is true. `state_machine_checker` includes a DSL for
+writing CTL properties and a `rspec` matcher, so we can write a spec to verify
+this property:
+
+```rb
+it "eventually completes" do
+  formula = AF(:completed?)
+  expect { Payment.new }.to satisfy(formula)
+end
+```
+
+This spec will fail and give the following message:
+
+```
+1) Payment eventually completes
+     Failure/Error: expect { Payment.new }.to satisfy(formula)
+
+       Expected state machine for Payment#state to satisfy "AF(completed?)" but it does not.
+       Counterexample: [:started_processing, :processing_failed]
+```
+
+A counterexample is given as a series of events: if `started_processing` is
+followed by `processing_failed` then a `Payment` will be in the `failed` state
+and will never reach `completed`.
+
+For more examples see [payment_spec.rb](https://github.com/CJStadler/state_machine_checker/blob/master/spec/payment_spec.rb).
+
+For a more in depth discussion and implementation details see [the paper](https://github.com/CJStadler/state_machine_checker/blob/master/paper.pdf).
+
+## Limitations
+
+- The state machine must be static — once the definition is parsed no states or
+  transitions should be added or removed.
+- Atoms should only depend on the current state.
+- Only the [state_machines](https://rubygems.org/gems/state_machines) gem is
+  currently supported, but adapters for other state machine gems could be added.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'state_machine_checker'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install state_machine_checker
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/CJStadler/state_machine_checker. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the StateMachineChecker project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/CJStadler/state_machine_checker/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "state_machine_checker"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/state_machine_checker/adapters/state_machines.rb

@@ -0,0 +1,40 @@
+require_relative "../transition"
+
+module StateMachineChecker
+  module Adapters
+    # An adapter for the state_machines gem.
+    class StateMachines
+      # @param [StateMachines::Machine] gem_machine
+      def initialize(gem_machine)
+        @gem_machine = gem_machine
+      end
+
+      def initial_state
+        # StateMachines::Machine#initial_state takes an instance as a parameter,
+        # even when the initial state is set statically. We are assuming that
+        # it is always set statically.
+        # TODO: could get this by `gem_machine.states.find(&:initial)`
+        gem_machine.instance_variable_get(:@initial_state)
+      end
+
+      def transitions
+        gem_machine.events.flat_map { |event|
+          event.branches.flat_map { |branch|
+            branch.state_requirements.flat_map { |state_requirement|
+              froms = state_requirement[:from].values
+              tos = state_requirement[:to].values
+
+              froms.product(tos).map { |from, to|
+                Transition.new(from, to, event.name)
+              }
+            }
+          }
+        }
+      end
+
+      private
+
+      attr_reader :gem_machine
+    end
+  end
+end

data/lib/state_machine_checker/check_result.rb

@@ -0,0 +1,40 @@
+module StateMachineChecker
+  # The results of checking whether a given model satisfies a given formula.
+  class CheckResult
+    # @param [Hash<Symbol, StateResult>] result_hash
+    def initialize(result_hash)
+      @result_hash = result_hash
+    end
+
+    # The result for a particular state.
+    #
+    # @param [Symbol] state
+    # @return [StateResult]
+    def for_state(state)
+      result_hash[state]
+    end
+
+    def to_h
+      result_hash.clone
+    end
+
+    def union(other)
+      map { |state, result| result.or(other.for_state(state)) }
+    end
+
+    def intersection(other)
+      map { |state, result| result.and(other.for_state(state)) }
+    end
+
+    def map(&block)
+      entries = result_hash.map { |state, result|
+        [state, block.yield(state, result)]
+      }
+      CheckResult.new(Hash[entries])
+    end
+
+    private
+
+    attr_reader :result_hash
+  end
+end

data/lib/state_machine_checker/ctl/a_f.rb

@@ -0,0 +1,20 @@
+require_relative "unary_operator"
+require_relative "e_g"
+require_relative "not"
+
+module StateMachineChecker
+  module CTL
+    # The universal eventually operator.
+    class AF < UnaryOperator
+      # @param [LabeledMachine] model
+      # @return [CheckResult]
+      def check(model)
+        Not.new(CTL::EG.new(Not.new(subformula))).check(model)
+      end
+
+      def to_s
+        "AF(#{subformula})"
+      end
+    end
+  end
+end

data/lib/state_machine_checker/ctl/a_g.rb

@@ -0,0 +1,20 @@
+require_relative "unary_operator"
+require_relative "e_f"
+require_relative "not"
+
+module StateMachineChecker
+  module CTL
+    # The universal always operator.
+    class AG < UnaryOperator
+      # @param [LabeledMachine] model
+      # @return [CheckResult]
+      def check(model)
+        Not.new(CTL::EF.new(Not.new(subformula))).check(model)
+      end
+
+      def to_s
+        "AG(#{subformula})"
+      end
+    end
+  end
+end

data/lib/state_machine_checker/ctl/a_u.rb

@@ -0,0 +1,23 @@
+require_relative "binary_formula"
+require_relative "e_g"
+require_relative "e_u"
+require_relative "not"
+
+module StateMachineChecker
+  module CTL
+    # The universal until operator.
+    class AU < BinaryFormula
+      # @param [LabeledMachine] model
+      # @return [CheckResult]
+      def check(model)
+        Not.new(Not.new(subformula2).EU(Not.new(subformula1.or(subformula2)))
+          .or(EG.new(Not.new(subformula2))))
+          .check(model)
+      end
+
+      def to_s
+        "(#{subformula1}) AU (#{subformula2})"
+      end
+    end
+  end
+end

data/lib/state_machine_checker/ctl/a_x.rb

@@ -0,0 +1,20 @@
+require_relative "unary_operator"
+require_relative "e_x"
+require_relative "not"
+
+module StateMachineChecker
+  module CTL
+    # The universal next operator.
+    class AX < UnaryOperator
+      # @param [LabeledMachine] model
+      # @return [CheckResult]
+      def check(model)
+        Not.new(CTL::EX.new(Not.new(subformula))).check(model)
+      end
+
+      def to_s
+        "AX(#{subformula})"
+      end
+    end
+  end
+end

data/lib/state_machine_checker/ctl/and.rb

@@ -0,0 +1,42 @@
+require_relative "formula"
+
+module StateMachineChecker
+  module CTL
+    # The logical conjunction of two or more sub-formulae.
+    class And < Formula
+      # Conjoin several formulae.
+      #
+      # @param [Enumerator<Formula>] subformulae
+      #
+      # @example
+      #   And.new([Atom.new(:even?), Atom.new(:positive?)])
+      def initialize(subformulae)
+        @subformulae = subformulae
+      end
+
+      # Return an enumerator over the atoms of all sub-formulae.
+      #
+      # @return [Enumerator<Atom>]
+      def atoms
+        subformulae.lazy.flat_map(&:atoms)
+      end
+
+      # Check which states of the model are satisfied by all subformulae.
+      #
+      # @param [LabeledMachine] model
+      # @return [CheckResult]
+      def check(model)
+        sub_results = subformulae.lazy.map { |f| f.check(model) }
+        sub_results.reduce(&:intersection)
+      end
+
+      def to_s
+        subformulae.map(&:to_s).join(" ∧ ")
+      end
+
+      private
+
+      attr_reader :subformulae
+    end
+  end
+end

data/lib/state_machine_checker/ctl/api.rb

@@ -0,0 +1,61 @@
+require_relative "and"
+require_relative "atom"
+require_relative "a_x"
+require_relative "a_f"
+require_relative "a_g"
+require_relative "a_u"
+require_relative "e_f"
+require_relative "e_x"
+require_relative "e_g"
+require_relative "e_u"
+require_relative "not"
+require_relative "or"
+require_relative "implication"
+
+module StateMachineChecker
+  module CTL
+    module API
+      def atom(method_name_or_fn)
+        Atom.new(method_name_or_fn)
+      end
+
+      def neg(subformula)
+        Not.new(atom_or_formula(subformula))
+      end
+
+      def EF(subformula) # rubocop:disable Naming/MethodName
+        CTL::EF.new(atom_or_formula(subformula))
+      end
+
+      def EX(subformula) # rubocop:disable Naming/MethodName
+        CTL::EX.new(atom_or_formula(subformula))
+      end
+
+      def EG(subformula) # rubocop:disable Naming/MethodName
+        CTL::EG.new(atom_or_formula(subformula))
+      end
+
+      def AF(subformula) # rubocop:disable Naming/MethodName
+        CTL::AF.new(atom_or_formula(subformula))
+      end
+
+      def AX(subformula) # rubocop:disable Naming/MethodName
+        CTL::AX.new(atom_or_formula(subformula))
+      end
+
+      def AG(subformula) # rubocop:disable Naming/MethodName
+        CTL::AG.new(atom_or_formula(subformula))
+      end
+
+      private
+
+      def atom_or_formula(subformula)
+        if subformula.is_a? Formula
+          subformula
+        else
+          atom(subformula)
+        end
+      end
+    end
+  end
+end

data/lib/state_machine_checker/ctl/atom.rb

@@ -0,0 +1,62 @@
+require_relative "formula"
+require "state_machine_checker/check_result"
+require "state_machine_checker/state_result"
+
+module StateMachineChecker
+  module CTL
+    # An atomic proposition about a single object.
+    class Atom < Formula
+      # @param [Symbol, Proc] method_name_or_fn
+      #
+      # @example
+      #   Atom.new(:shipped?)
+      #   Atom.new(->(x) { x.shipped? })
+      def initialize(method_name_or_fn)
+        @name, @fn = if method_name_or_fn.respond_to?(:call)
+          ["atom##{object_id}", method_name_or_fn]
+        else
+          # Create a function which will send the given method name.
+          [method_name_or_fn.to_s, method_name_or_fn.to_proc]
+        end
+      end
+
+      # Evaluate the atom on the given instance.
+      #
+      # @example
+      #   even_atom = Atom.new(:even?)
+      #   even_atom.apply(6) #=> true
+      #   even_atom.apply(7) #=> false
+      def apply(instance)
+        fn.call(instance)
+      end
+
+      # Returns an enumerator containing only this object, as it is an atom.
+      #
+      # @return [Enumerator<Atom>]
+      def atoms
+        [self]
+      end
+
+      # Check which states of the machine are labeled with this atom.
+      #
+      # @param [LabeledMachine] machine
+      # @return [CheckResult]
+      def check(machine)
+        result = machine.states.each_with_object({}) { |state, h|
+          satisfied = machine.labels_for_state(state).include?(self)
+          h[state] = StateResult.new(satisfied, [])
+        }
+
+        CheckResult.new(result)
+      end
+
+      def to_s
+        name
+      end
+
+      private
+
+      attr_reader :fn, :name
+    end
+  end
+end