History Dependent Automata: a Co-Algebraic definition, a Partitioning Algorithm and its Implementation

Size: px

Start display at page:

Download "History Dependent Automata: a Co-Algebraic definition, a Partitioning Algorithm and its Implementation"

Tobias Ray
5 years ago
Views:

1 COMETA - Udine, p.1/29 History Dependent Automata: a Co-Algebraic definition, a Partitioning Algorithm and its Implementation Roberto Raggi & Emilio Tuosto joint work with Gianluigi Ferrari, Ugo Montanari and Marco Pistore

2 Plan of the talk COMETA - Udine, p.2/29

3 COMETA - Udine, p.2/29 Plan of the talk Motivations

4 COMETA - Udine, p.2/29 Plan of the talk Motivations HD approach

5 COMETA - Udine, p.2/29 Plan of the talk Motivations HD approach Co-algebraic definition of HD

6 COMETA - Udine, p.2/29 Plan of the talk Motivations HD approach Co-algebraic definition of HD HD-automata for -agents

7 COMETA - Udine, p.2/29 Plan of the talk Motivations HD approach Co-algebraic definition of HD HD-automata for -agents The partitioning algorithm

8 COMETA - Udine, p.2/29 Plan of the talk Motivations HD approach Co-algebraic definition of HD HD-automata for -agents The partitioning algorithm Principal data structures

9 COMETA - Udine, p.2/29 Plan of the talk Motivations HD approach Co-algebraic definition of HD HD-automata for -agents The partitioning algorithm Principal data structures The main cicle

10 COMETA - Udine, p.2/29 Plan of the talk Motivations HD approach Co-algebraic definition of HD HD-automata for -agents The partitioning algorithm Principal data structures The main cicle An eample

11 COMETA - Udine, p.2/29 Plan of the talk Motivations HD approach Co-algebraic definition of HD HD-automata for -agents The partitioning algorithm Principal data structures The main cicle An eample Final considerations

12 COMETA - Udine, p.3/29 Motivations CAV98: -spec of Handover protocol Using HAL: states and Transitions Verification takes 15 min. -spec -automaton Finite state automaton

13 COMETA - Udine, p.4/29 The approach HD as a model for name passing Calculi [Montanari & Pistore] Specifically designed for verification purposes Dynamic name allocation Garbage collection of non-active names Name symmetries Finite state representation of finite control Verification Techniues for HD-automata -agents Semantic Minimization via Partition Refinement

14 COMETA - Udine, p.5/29 HD: graphically s lab d σ

15 Basic Definitions Notation Transition System COMETA - Udine, p.6/29

16 Basic Definitions Notation Transition System co-algebraically: COMETA - Udine, p.6/29

17 Basic Definitions Notation Transition System co-algebraically: (step of a) bundle COMETA - Udine, p.6/29

18 Basic Definitions Notation Transition System co-algebraically: Set (step of a) bundle collection of bundles COMETA - Udine, p.6/29

19 COMETA - Udine, p.6/29 Basic Definitions Transition System Notation co-algebraically: (step of a) bundle Set collection of bundles HD-automata are co-algebras defined on top of a permutation algebra [MFCS2000]

20 COMETA - Udine, p.6/29 Basic Definitions Transition System Notation co-algebraically: (step of a) bundle Set collection of bundles HD-automata are co-algebras defined on top of a permutation algebra [MFCS2000] is a HD-automata and is minimal

21 Some notations Fun collection of arrows Set collection of sets Set Set Fun composition of where COMETA - Udine, p.7/29

22 A functor for transition systems Fun s.t. Fun we define Let COMETA - Udine, p.8/29

23 COMETA - Udine, p.9/29 HD definitions: Named Sets NSet Set where

24 HD definitions: Named Sets be a -agent Let NSet Set, a total order where COMETA - Udine, p.9/29

25 HD definitions: Named Functions NFun NSet NSet COMETA - Udine, p.10/29

26 HD definitions: Named Functions Properties: NFun NSet NSet composition is trivially defined COMETA - Udine, p.10/29

27 HD definitions: Named Functions Properties: NFun NSet NSet composition is trivially defined lab d s σ COMETA - Udine, p.10/29

28 HD definitions: Named Functions Properties: NFun NSet NSet composition is trivially defined lab d s σ COMETA - Udine, p.10/29

29 COMETA - Udine, p.11/29 HD-automata for -agents

30 COMETA - Udine, p.11/29 HD-automata for -agents NSet Bundle

31 COMETA - Udine, p.11/29 HD-automata for -agents NSet Bundle -calculus label

32 COMETA - Udine, p.11/29 HD-automata for -agents NSet Bundle observable names of the transition

33 COMETA - Udine, p.11/29 HD-automata for -agents NSet Bundle meaning of the names of

34 COMETA - Udine, p.11/29 HD-automata for -agents NSet Bundle destination state

35 HD-automata for -agents NSet Bundle TAU OUT OUT G = id, ech(, ) COMETA - Udine, p.11/29

36 HD-automata for -agents NSet Bundle TAU OUT OUT G = id, ech(, ) COMETA - Udine, p.11/29

37 HD-automata and name creation COMETA - Udine, p.12/29

38 HD-automata and name creation u w v OUT IN BIN * IN IN y OUT COMETA - Udine, p.12/29

39 HD-automata and name creation w u v OUT BIN * IN IN IN OUT y COMETA - Udine, p.12/29

40 HD-automata and name creation w u v OUT BIN * IN IN IN OUT y COMETA - Udine, p.12/29

41 Bundle normalization COMETA - Udine, p.13/29

42 Bundle normalization compute the redundant transitions COMETA - Udine, p.13/29

43 Bundle normalization compute the redundant transitions compute the active names of a bundle COMETA - Udine, p.13/29

44 Bundle normalization compute the redundant transitions compute the active names of a bundle remove dominated transitions COMETA - Udine, p.13/29

45 Bundle normalization compute the redundant transitions compute the active names of a bundle remove dominated transitions select the canonical bundle according to the order relation COMETA - Udine, p.13/29

46 COMETA - Udine, p.14/29 The functor on NSet is an endo-functor on NSet: normalized number of names of iff group of

47 COMETA - Udine, p.15/29 The functor on NFun...while on named functions:

48 The functor on NFun...while on named functions: A transition system over NSet and -actions is a named function such that COMETA - Udine, p.15/29

49 HD-automata as -coalgebras be a -agent Let, COMETA - Udine, p.16/29

50 HD-automata as -coalgebras be a -agent Let, COMETA - Udine, p.16/29

51 HD-automata as -coalgebras be a -agent Let,, where COMETA - Udine, p.16/29

52 Partition Refinement Algorithm : Initial approimation,, COMETA - Udine, p.17/29

53 Partition Refinement Algorithm Initial approimation :,, COMETA - Udine, p.17/29

54 Partition Refinement Algorithm : Initial approimation,, Theorem If is a finite HD, The isomorphism yields the minimal realization of up to strong early bisimilarity COMETA - Udine, p.17/29

55 Partition Refinement Algorithm (2) At each step: a block is splitted: and new names may be introduced COMETA - Udine, p.18/29

56 Partition Refinement Algorithm (2) and At each step: a block is splitted: new names may be introduced The iteration step: COMETA - Udine, p.18/29

57 States, labels & arrows type state = Star State of lab σ s d group names id type label = Tau of BIn of BOut of In of Out of type arrow = Arrow of lab COMETA - Udine, p.19/29 dest source

58 Bundle & Automata bundle : with the same source type automaton = HDAutoma of arrows states start COMETA - Udine, p.20/29

59 Blocks block norm states Bundle state label arrow automaton COMETA - Udine, p.21/29

60 Blocks states block norm Bundle At the end of each iteration, blocks represent the states of the -th approimation of the minimal automaton while state label arrow automaton their norm components are the arrows of the approimation COMETA - Udine, p.21/29

61 Blocks (2) type blocks = Block of states : state list norm : arrow list active_names : list group : list list : ( state ( : ( state ( ) list list) ) list) COMETA - Udine, p.22/29

62 Blocks (2) type blocks = Block of states : state list norm : arrow list active_names : list group : list list : ( state ( : ( state ( ) list list) ) list) θ COMETA - Udine, p.22/29

63 Initially... All the states are (considered) bisimilar No norm, group or is given [ Block(states, [ ], [ ], [ ], (fun [ [ ] ]), (fun [ ])) ] COMETA - Udine, p.23/29

64 Generic step ;... ; ;... ; COMETA - Udine, p.24/29

65 Generic step ;... ; ;... ; split COMETA - Udine, p.24/29

66 Generic step ;... ; ;... ; split (, ( ( );... ;, ;... ;, ) ) COMETA - Udine, p.24/29

67 Splitting: a closer look BIN 2;s [*/y] IN y s BIN s [*/y] 2 θ Tau s3 3 Tau 3;s3 COMETA - Udine, p.25/29

68 Splitting: a closer look BIN 2;s [*/y] IN y σ BIN σ [*/y] Tau σ3 3 3 Tau 3;s3 let bundle hd = List.sort compare (List.filter (funh (Arrow.source h) = ) (arrows hd)) COMETA - Udine, p.25/29

69 Splitting: a closer look BIN 2;s [*/y] IN y σ BIN σ [*/y] Tau σ3 3 3 Tau 3;s3 List.map bundle COMETA - Udine, p.25/29

70 Splitting: a closer look θ2;σ[*/y] BIN 1 θ2 σ y IN 2 BIN σ [*/y] Tau σ3 3 θ3 Tau θ3;σ3 let red bl =... let bl_in = List.filter covered_inbl in list_diff bl bl_in COMETA - Udine, p.25/29

71 Splitting: a closer look BIN θ2;σ[*/y] IN y σ BIN σ [*/y] 1 2 θ2 θ Tau σ3 3 θ3 Tau θ3;σ3 let an = active_names_bundle (red bundle) in let remove_in ar = match ar with Arrow(_,_,In(_,_)) not (List.mem (obj ar) an) _ false in list_diff bundle (List.filter remove_in bundle) COMETA - Udine, p.25/29

72 Splitting: a closer look 1 θ2 2 3 θ3 θ2;σ[*/y] BIN σ y IN BIN σ [*/y] COMETA - Udine, p.25/29 Tau σ3 θ Tau θ3;σ3 bundle _

73 Termination...informally, when is isomorph to ;... ; ;... ; COMETA - Udine, p.26/29

74 Termination...informally, when is isomorph to ;... ; ;... ; (, ( ( );... ;, ;... ;, ) ) COMETA - Udine, p.26/29

75 Termination...informally, when is isomorph to ;... ; ;... ; (, ( ( );... ;, ;... ;, ) ) COMETA - Udine, p.26/29

76 Termination...informally, when is isomorph to ;... ; ;... ; (, ( ( );... ;, ;... ;, ) ) no further names are added COMETA - Udine, p.26/29

77 An eample COMETA - Udine, p.27/29

78 An eample +(!y.r(, y, z), y!.r(, y, z)) S(#0, #1, #2) S(#0, #1, #0) S(#0, #1, #1) #1?#1!y y! #0?#2 #1?#2 #0?(#3) #1?(#3) #1?#0 #0?(#2) #0?(#2) #1!#0 #0!#1 #1?(#2) #0?#0 #1?#1 #0?#0 #1?#0 #0?#1 #0?#1 #0!#1 #1!#0 #0!#1 #0?#0 #1?(#2) #1?#0 #1?#1 #1!#0 #0?#1 R(#0, #1, #0) R(#0, #1, #2) R(#0, #1, #1) COMETA - Udine, p.27/29

79 Minimal representation state b0 2 [ [1 ; 2 ] ; [2 ; 1 ] ] state b1 2 [ [1 ; 2 ] ; [2 ; 1 ] ] b0 b1 out[1 ; 2 ] [1 ; 2 ] b0 b1 out[1 ; 2 ] [2 ; 1 ] b0 b1 out[2 ; 1 ] [1 ; 2 ] b0 b1 out[2 ; 1 ] [2 ; 1 ] b1 b0 bin[1 ] [1 ; 2 ] b1 b0 bin[1 ] [2 ; 1 ] b1 b0 bin[2 ] [2 ; 1 ] b1 b0 bin[2 ] [1 ; 2 ] b1 b0 in[1 ; 1 ] [1 ; 2 ] b1 b0 in[1 ; 1 ] [2 ; 1 ] b1 b0 in[1 ; 2 ] [1 ; 2 ] b1 b0 in[1 ; 2 ] [2 ; 1 ] b1 b0 in[2 ; 1 ] [1 ; 2 ] b1 b0 in[2 ; 1 ] [2 ; 1 ] b1 b0 in[2 ; 2 ] [1 ; 2 ] b1 b0 in[2 ; 2 ] [2 ; 1 ] COMETA - Udine, p.28/29

80 Final remarks Handhover benchmarks are encouraging Etend to open bisimilarity asynchronous -calculus comple terms: application to verification of security protocols More eperimental results Optimization: handling of permutations Integrations (HAL and Mobility workbench) Ocaml compiler Tool re-engineering (on-going work) COMETA - Udine, p.29/29

From Co-algebraic Specifications to Implementation: The Mihda toolkit

From Co-algebraic Specifications to Implementation: The Mihda toolkit Gianluigi Ferrari, Ugo Montanari, Roberto Raggi, and Emilio Tuosto Dipartimento di Informatica, Universit di Pisa, Italy. {giangi,ugo,raggi,etuosto}@di.unipi.it