Algebraic Trace Theory

Similar documents
Algebraic Trace Theory

EE249 - Fall 2012 Lecture 18: Overview of Concrete Contract Theories. Alberto Sangiovanni-Vincentelli Pierluigi Nuzzo

Causality Interfaces and Compositional Causality Analysis

ACLT: Algebra, Categories, Logic in Topology - Grothendieck's generalized topological spaces (toposes)

Equational Logic. Chapter Syntax Terms and Term Algebras

cse303 ELEMENTS OF THE THEORY OF COMPUTATION Professor Anita Wasilewska

Formal Models of Timed Musical Processes Doctoral Defense

A Brief Introduction to Model Checking

A Brief History of Shared memory C M U

Semantic Foundations for Heterogeneous Systems. Roberto Passerone. Laurea (Politecnico di Torino) 1994 M. S. (University of California, Berkeley) 1997

ICS141: Discrete Mathematics for Computer Science I

Reasoning Under Uncertainty: Introduction to Probability

Sanjit A. Seshia EECS, UC Berkeley

Abstractions and Decision Procedures for Effective Software Model Checking

Outline. We will now investigate the structure of this important set.

Partial model checking via abstract interpretation

The State Explosion Problem

Logic Model Checking

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Logic Synthesis and Verification

GALOIS THEORY : LECTURE 4 LEO GOLDMAKHER

Universal Algebra for Logics

Predicate Logic. Xinyu Feng 11/20/2013. University of Science and Technology of China (USTC)

CSC 7101: Programming Language Structures 1. Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11.

Algebras with finite descriptions

Automata-Theoretic Model Checking of Reactive Systems

a (b + c) = a b + a c

Mathematics Review for Business PhD Students Lecture Notes

Unifying Theories of Programming

One-sided shift spaces over infinite alphabets

Compositional Synthesis with Parametric Reactive Controllers

FREE PRODUCTS AND BRITTON S LEMMA

1. Propositional Calculus

An Institution for Event-B

Towards a Denotational Semantics for Discrete-Event Systems

On the Executability of Interactive Computation. June 23, 2016 Where innovation starts

A Denotational Semantic Theory of Concurrent Systems

Relational Interfaces and Refinement Calculus for Compositional System Reasoning

Orbits of D-maximal sets in E

Stat 451: Solutions to Assignment #1

Linear equations in linear algebra

Real-Time Systems. Lecture 15: The Universality Problem for TBA Dr. Bernd Westphal. Albert-Ludwigs-Universität Freiburg, Germany

DES. 4. Petri Nets. Introduction. Different Classes of Petri Net. Petri net properties. Analysis of Petri net models

COMP2111 Glossary. Kai Engelhardt. Contents. 1 Symbols. 1 Symbols 1. 2 Hoare Logic 3. 3 Refinement Calculus 5. rational numbers Q, real numbers R.

With Question/Answer Animations. Chapter 2

Trace-based Process Algebras for Real-Time Probabilistic Systems

Formal Methods for Java

A Framework for. Security Analysis. with Team Automata

Predicate Logic: Sematics Part 1

Some Remarks on Alternating Temporal Epistemic Logic

Advanced Automata Theory 9 Automatic Structures in General

Operational Semantics

A Domain View of Timed Behaviors

Theorem 4.18 ( Critical Pair Theorem ) A TRS R is locally confluent if and only if all its critical pairs are joinable.

3515ICT: Theory of Computation. Regular languages

1. Propositional Calculus

Π 0 1-presentations of algebras

Introduction to Kleene Algebras

Characterizing the Equational Theory

The Complexity of Computing the Behaviour of Lattice Automata on Infinite Trees

The Journal of Logic and Algebraic Programming

Notes on Monoids and Automata

Bounded Stacks, Bags and Queues

Equational Logic. Chapter 4

Automata-based Verification - III

The non-logical symbols determine a specific F OL language and consists of the following sets. Σ = {Σ n } n<ω

TESTING is one of the most important parts of the

Lecture 9. Model theory. Consistency, independence, completeness, categoricity of axiom systems. Expanded with algebraic view.

Homing and Synchronizing Sequences

arxiv: v2 [cs.dc] 18 Feb 2015

Extension theorems for homomorphisms

Model theory, algebraic dynamics and local fields

Decidable Subsets of CCS

One Year Later. Iliano Cervesato. ITT Industries, NRL Washington, DC. MSR 3.0:

Basic Problems in Multi-View Modeling

Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE

Tutorial on Axiomatic Set Theory. Javier R. Movellan

Regular expressions. Regular expressions. Regular expressions. Regular expressions. Remark (FAs with initial set recognize the regular languages)

Basics of Relation Algebra. Jules Desharnais Département d informatique et de génie logiciel Université Laval, Québec, Canada

Modal Logics. Most applications of modal logic require a refined version of basic modal logic.

Automata Theory. Lecture on Discussion Course of CS120. Runzhe SJTU ACM CLASS

Complete Partial Orders, PCF, and Control

Predicate Logic. Xinyu Feng 09/26/2011. University of Science and Technology of China (USTC)

First-Order Logic. 1 Syntax. Domain of Discourse. FO Vocabulary. Terms

An Algebraic Theory of Interface Automata

Wojciech Penczek. Polish Academy of Sciences, Warsaw, Poland. and. Institute of Informatics, Siedlce, Poland.

Advances in the theory of fixed points in many-valued logics

The algorithmic analysis of hybrid system

AN INTRODUCTION TO SEPARATION LOGIC. 2. Assertions

Lecture 4. Algebra. Section 1:. Signature, algebra in a signature. Isomorphisms, homomorphisms, congruences and quotient algebras.

Lecture Notes: Selected Topics in Discrete Structures. Ulf Nilsson

Theoretical Foundations of the UML

Restricted truth predicates in first-order logic

Probability Measures in Gödel Logic

Axiomatic Semantics. Lecture 9 CS 565 2/12/08

Alternating-Time Temporal Logic

Formal Methods for Java

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

Lecture 2: Axiomatic semantics

18.175: Lecture 2 Extension theorems, random variables, distributions

Transcription:

Algebraic Trace Theory EE249 Roberto Passerone Material from: Jerry R. Burch, Trace Theory for Automatic Verification of Real-Time Concurrent Systems, PhD thesis, CMU, August 1992 October 21, 2002 ee249 1

Outline Introduction Concurrency Algebras Trace Algebras Trace Structure Algebras Conservative Approximations Homomorphisms October 21, 2002 ee249 2

Abstract Algebra x + 3 = 5 ( x + 3 ) + ( -3 ) = 5 + ( -3 ) x + ( 3 + ( -3 ) ) = 2 x + 0 = 2 x = 2 When is it that the solution of a linear equation is unique? October 21, 2002 ee249 3

Uniqueness of Solution Addition is associative There is an identity element There is an inverse for each element No need for commutativity! Axiomatic approach: don t define the objects, define their properties Group = (D, f, id, inv) with the properties above Many possible examples: Integers under addition (Z, +, 0, -) Positive reals under multiplication (R +, x, 1, -1 ) Permutations under functional composition (F,, Id, -1 ) October 21, 2002 ee249 4

Algebraic Approach The properties of the functions must be true in any implementation of the algebra Hence they allow you to prove general facts that are independent of the particular implementation of the algebra For example, uniqueness of solutions for linear equations We will represent models of computation as instances of an algebra and prove general facts The algebra gives as a tradeoff between generality and structure October 21, 2002 ee249 5

Outline Introduction Concurrency Algebras Trace Algebras Trace Structure Algebras Conservative Approximations Homomorphisms October 21, 2002 ee249 6

Objective Create models for agent behaviors Study the relationships between different models October 21, 2002 ee249 7

A Concrete Model Define a domain of agents The set of finite state automata Defines an interface for each agent A set of signal names Defines a mechanism for instantiating agents A signal renaming function Defines a mechanism for combining agents e.g. product machine Defines a mechanism for encapsulating agents Hide local signal names from the interface October 21, 2002 ee249 8

An Abstract Algebraic Model Concurrency Algebra = (D,, proj, rename) Domain of agent (carrier set) Operation of parallel composition on agents Operation of projection on agents encapsulation, scoping Operation of renaming on agents instantiation Note: we don t say what the carrier and the operations are, just that they must exist! But we must provide some properties that we want satisfied October 21, 2002 ee249 9

Concurrency Algebra Let W be a set of signal names A signature γ = ( I, O ) is a pair where I and O are subsets of W We call the set A = I Ο the alphabet of a signature γ Each agent in D has an associated signature γ October 21, 2002 ee249 10

Definition of the functions If O and O are disjoint, then E E is defined and the signature is ( ( I I ) ( O O ), O O ) If I B A, then proj( B )( E ) is defined and its signature is ( I, O B ) If r is a renaming function with domain A, then rename( r )( E ) is defined and its signature is ( r( I ), r( O ) ) (where r is naturally extended to sets) October 21, 2002 ee249 11

Axioms C1. Associativity of composition ( E E ) E = E ( E E ) C2. Commutativity of composition E E = E E C3. Application of renaming functions rename( r )( rename( r )( E ) ) = rename( r r )( E ) October 21, 2002 ee249 12

Axioms C4. Renaming and parallel composition commute rename( r )( E E ) = rename( r A )( E ) rename( r A )( E ) C5. Identity of renaming rename( id A )( E ) = E C6. Application of projections proj( B )( proj( B )( E ) ) = proj( B )( E ) October 21, 2002 ee249 13

Axioms C7. Identity of projection proj( A )( E ) = E C8. Projection and parallel composition commute proj( B )( E E ) = proj( B A )( E ) proj( B A )( E ) C9. Projection and renaming commute proj( r( B ) )( rename( r )( E ) ) = rename( r B )( proj( B )( E ) ) October 21, 2002 ee249 14

Algebra of Agents Model of agents Concurrency Algebra A Concurrency Algebra Set of agents Parallel composition of agents Projection of agents Renaming of agents October 21, 2002 ee249 15

Outline Introduction Concurrency Algebras Trace Algebras Trace Structure Algebras Conservative Approximations Homomorphisms October 21, 2002 ee249 16

Objective of Trace Theory Start from models of individual behaviors Construct models of agents that form a concurrency algebra Construct relationships between models of agents from relationships between individual behaviors Again we use an algebra to define a model of individual behaviors October 21, 2002 ee249 17

Trace and Trace Structure Algebras Model of individual behaviors Model of agents Trace algebra C Trace Algebra Set of traces Projection of traces Renaming of traces Concurrency Algebra A Concurrency Algebra Set of agents Parallel composition of agents Projection of agents Renaming of agents October 21, 2002 ee249 18

What Is a Trace? An element of a set of objects with the following two operations projection renaming Satisfying a set of axioms You must see a pattern here Don t define the objects, define their properties! A trace algebra is a mathematical structure (a set plus the operations) that satisfies the axioms Examples of traces? October 21, 2002 ee249 19

Trace Algebra A trace algebra C c over W is a triple ( B C, proj, rename ) where For every A W, B C ( A ) is the set of traces over A Also use B C to denote all traces proj( B ) and rename( r ) are partial functions from B C to B C October 21, 2002 ee249 20

Axioms of Trace Algebra T1. Definition of projection proj( B )( x ) is defined if there is A such that x B C ( A ) and B A. When defined proj( B )( x ) is an element of B C ( B ) T2. Application of projection proj( B )( proj( B )( x ) ) = proj( B )( x ) T3. Identity of projection If x B C ( A ) then proj( A )( x ) = x October 21, 2002 ee249 21

Axioms of Trace Algebra T5. Definition of renaming rename( r )( x ) is defined iff x B C ( dom( r ) ). When define, rename( R )( x ) is an element of B C ( codom( r ) ) T6. Application of renaming rename( r )( rename( r )( x ) ) = rename( r r )( x ) T7. Identity of renaming If x B C ( A ) then rename( id A )( x ) = x October 21, 2002 ee249 22

Axioms of Trace Algebra T9. Projection and renaming commute proj( r( B ) )( rename( r )( x ) ) = rename( r B )( proj( B )( x ) ) T4. Diamond property Let x B C ( A ) and x B C ( A ) be such that proj( A A )( x ) = proj( A A )( x ). For all A A A there is x B C ( A ) such that x = proj( A )( x ) and x = proj( A )( x ) October 21, 2002 ee249 23

Examples of trace algebras C I = ( B CI, proj I, rename I ) For every A, the set of traces B CI ( A ) of traces over A is A (finite and infinite sequences over A) proj I ( B )( x ) is the sequence formed by removing every symbol a not in B (the sequence shrinks) rename I ( r )( x ) is the sequence formed by applying r to each element of the sequence October 21, 2002 ee249 24

Examples of Trace Algebras The singleton { x o } Here all behaviors are the same. It conveys no information B C ( A ) = 2 A proj( B )( x ) = x B rename( r )( x ) is the natural extension to sets Abstracts time and retains only occurrence information October 21, 2002 ee249 25

Examples of Trace Algebras B C ( A ) = ( 2 A ) ω proj( B )( x ) is intersection with B Events carry a time stamp (Tagged Signal Model) B C ( A ) = { x( t ) x : R + 2 A } Real-valued time stamps Projection is the restriction of the image October 21, 2002 ee249 26

Examples of Trace Algebras Interpret the set of signals A as a set of state variables A state is an assignment σ : A V where V is the set of possible values of the state variables B C ( A ) = ( A V ) ω Sequence of assignment functions Projection is a restriction of the domain of the assignment function October 21, 2002 ee249 27

Outline Introduction Concurrency Algebras Trace Algebras Trace Structure Algebras Conservative Approximations Homomorphisms October 21, 2002 ee249 28

Trace and Trace Structure Algebras Model of individual behaviors A trace structure contains a set of traces Model of agents Trace algebra C Trace Algebra Set of traces Projection of traces Renaming of traces Trace structure algebra A Concurrency Algebra Set of agents Parallel composition of agents Projection of agents Renaming of agents October 21, 2002 ee249 29

Constructing agents We want to go from individual behaviors to models of agents We want the model of agents to be a concurrency algebra Set of agents, with parallel composition, projection and renaming satisfying the axioms Naturally if a trace is an individual behavior, and agent is a set of those behaviors October 21, 2002 ee249 30

Trace Structures A trace structure (or agent) over a trace algebra C is the set of ordered pairs ( γ, P ) where γ is a signature over W (reminder: γ = ( I, O ) ) A is the alphabet of γ P is a subset of B C ( A ) In other words, P is a set of traces over the alphabet A Each trace in P represents a possible behavior of the agent October 21, 2002 ee249 31

Note:, proj An Algebra TS and rename of Trace TS denote operations on trace structures, Structures which are derived from the corresponding operations on Let individual Note: the Τ be a traces operations set of proj trace T and on individual structures rename (agents) T traces proj T and rename T are naturally extended to sets of A Trace tracesstructure Algebra is the 4-tuple ( Τ,, proj TS, rename TS ) where For T = T T : γ = (( I I ) (O O ), O O ) P = { x B C ( A ) : proj T ( A )( x ) P and proj T ( A )( x ) P } proj TS ( B )( T ) = ( ( I, O B ), proj T ( B )( P ) ) rename TS ( r )( T ) = ( ( r( I ), r( O ) ), rename T ( r )( P ) ) October 21, 2002 ee249 32

Example B C ( A ) = A T = ( ( { a, b }, ), { abab } ) T = ( ( { b, c }, ), { bcb } ) T = T T P = { x B C ( A ) : proj( A )( x ) P and proj( A )( x ) P } P = { abacb, abcab } Note: P is maximal such that its projections correspond to the agents that are being composed October 21, 2002 ee249 33

Example B C ( A ) = ( 2 A ) ω T = ( ( { a, b }, ), { <{ a, b }, { a }, { b } > } ) T = ( ( { b, c }, ), { < { b }, { c }, { b } > } ) T = T T P = { < { a, b }, { a, c }, { b } > } Note that under this trace algebra (with time stamps) we don t get non-determinism due to interleaving semantics October 21, 2002 ee249 34

Example B C ( A ) = ( 2 A ) ω (also = N 2 A ) T = ( ( { a, b }, ), { < { a }, { a }, { b } > } ) T = ( ( { a, b }, ), { < { b }, { a }, { b } > } ) T = T T Need P B C ( A ) such that proj( A )( P 1 ) = { a } and proj( A )( P 1 ) = { b } Obviously this isn t possible when projection is defined as set intersection In other words, T and T are incompatible October 21, 2002 ee249 35

Theorem If C is a Trace Algebra, then the Trace Structure Algebra derived from C is a Concurrency Algebra I.e. the operations of parallel composition, projection and renaming satisfy the axioms of concurrency algebra Note: the result is independent of the particular Trace Algebra (models of behaviors) that we start from October 21, 2002 ee249 36

Outline Introduction Concurrency Algebras Trace Algebras Trace Structure Algebras Conservative Approximations Homomorphisms October 21, 2002 ee249 37

Trace and Trace Structure Algebras Trace algebra C Trace structure algebra A Abstract Domain Ψ u Ψ l Ψ inv Trace algebra C Trace structure algebra A Detailed Domain Goal: Study the problem of heterogeneous interaction Formalize the concepts of abstraction and refinement October 21, 2002 ee249 38

Relationships between models Each semantic domain has a refinement order Based on trace containment T 1 T 2 means T 1 is a refinement of T 2 Guiding intuition: T 1 T 2 means T 1 can be substituted for T 2 Abstraction mapping If a function H between agent domains is monotonic, detailed implies abstract: If T 1 T 2 then H(T 1 ) H(T 2 ) Analogy for real numbers r and s: If r s then r s Conservative approximations A pair of functions Ψ = (Ψ l, Ψ u )is a conservative approximation if Ψ u (T 1 ) Ψ l (T 2 ) implies T 1 T 2 Analogy: r s implies r s Abstract implies detailed October 21, 2002 ee249 39

Conservative Approximations if Ψ u ( T impl ) Ψ l ( T spec ) then T impl T spec Intuitively Ψ u ( T impl ) is an upper bound of the implementation (has more behaviors) Intuitively Ψ l ( T spec ) is a lower bound of the specification (has less behaviors) Hence we are being conservative False negatives are possible. False positives are ruled out The verification at the more abstract level should be easier October 21, 2002 ee249 40

Outline Introduction Concurrency Algebras Trace Algebras Trace Structure Algebras Conservative Approximations Homomorphisms October 21, 2002 ee249 41

Constructing Approximations How do we build a conservative approximation? As before, we prefer to work at the level of the individual behavior October 21, 2002 ee249 42

Trace and Trace Structure Algebras Trace algebra C Trace structure algebra A Abstract Domain Homomorphism h Derive Ψ u Ψ l Ψ inv Trace algebra C Trace structure algebra A Detailed Domain Let T spec and T impl be trace structures in A. Then if Ψ u ( T impl ) Ψ l ( T spec ) then T impl T spec October 21, 2002 ee249 43

Homomorphisms on Traces Let C and C be two Trace Algebras A homomorphism h is a function from the traces in C (B C ) to the traces in C (B C ) such that h commutes with the operations of projection and renaming h( proj( B )( x ) ) = proj ( B )( h( x ) ) h( rename( r )( x ) ) = rename ( r )( h( x ) ) The homomorphism h is in general many-toone Hence C is in general more abstract than C October 21, 2002 ee249 44

Commutative Diagram h( x ) apply proj x apply h apply h apply proj x proj( B )( x ) x = h( proj( B )( x ) ) = proj ( B )( h( x ) ) October 21, 2002 ee249 45

Building the Upper Bound Let P be a set of traces, and consider the natural extension to sets h( P ) of h Clearly P h -1 ( h( P ) ) Because h is many-to-one This indeed is an upper bound! Equality holds if h is on-to-one Hence define Ψ u ( T ) = ( γ, h( P ) ) October 21, 2002 ee249 46

Building the Upper Bound h -1 ( h( P ) ) h(p) P October 21, 2002 ee249 47

Building the Lower Bound We want P h -1 ( lb of P ) If x is not in P, then h( x ) should not be in the lower bound of P Hence define Ψ l ( T ) = h( P ) h( B C ( A ) P ) There is a tighter lower bound October 21, 2002 ee249 48

Building the Lower Bound h( P ) - h( B C (A) P ) h -1 ( h( P ) - h( B C (A) P ) ) h( B C (A) P ) B C ( A ) - P October 21, 2002 ee249 49

Theorem The pair of functions just defined forms a conservative approximation if Ψ u ( T impl ) Ψ l ( T spec ) then T impl T spec This is an example of a conservative approximation induced by a homomorphism October 21, 2002 ee249 50

Examples of homomorphisms From B C ( A ) = A to B C ( A ) = 2 A h( x ) = { a a appears in x at least once } Prove that this is a homomorphism Must show it commutes with projection and renaming What do the upper and lower bounds look like? October 21, 2002 ee249 51

Outline Introduction Concurrency Algebras Trace Algebras Trace Structure Algebras Conservative Approximations Homomorphisms Conservative Approximations: inverses October 21, 2002 ee249 52

Approximations: Inverses Apply Ψ u Apply Ψ l Consider T such that Ψ u (T) = Ψ l (T) = T Ψ u Ψ l October 21, 2002 ee249 53

Approximations: Inverses Apply Ψ u Apply Ψ l Consider T such that Ψ u (T) = Ψ l (T) = T Then Ψ inv (T ) = T Ψ u Ψ l October 21, 2002 ee249 54

Approximations: Inverses Apply Ψ u Apply Ψ l Consider T such that Ψ u (T) = Ψ l (T) = T Then Ψ inv (T ) = T Ψ inv Can be used to embed high-level model in low level October 21, 2002 ee249 55

Combining MoCs T 1 T 2 Want to compose T 1 and T 2 from different trace structure algebras Ψ inv T 1 T 2 Construct a third, more detailed trace algebra, with homomorphisms to the other two Construct a third trace structure algebra Construct cons. approximations and their inverses Map T 1 and T 2 to T 1 and T 2 in the third trace structure algebra Compose T 1 and T 2 October 21, 2002 ee249 56

Combining MoCs T 1 T 2 Want to compose T 1 and T 2 from different trace structure algebras T 1 T 2 T Compose T 1 and T 2 Get T Project back to T 1 and T 2 Map back in the abstract domain Find restrictions due to the interaction at the higher level (constraint application) Ψ inv Find greatest possible T 1 and T 2 that still have the same interaction (don t cares, synthesis) October 21, 2002 ee249 57

Key Insight Using this process you can Find restrictions due to the interaction at the higher level (constraint application) Find greatest possible T 1 and T 2 that still have the same interaction (don t cares, synthesis) October 21, 2002 ee249 58

A Sample of Trace Algebras A* ( (A) - { }) * pomsets(a) (A V)* (sf: stutter free) (A V)* ( (A))* ((A V V) (A r E )) tomsets((a V --> V) (A r E )) (sf) (A V) 2 (A V) (A) (A*) A {0, 1, X} ((A V --> V) ( (A r C ) - { }))* (sf) (A x V)* Interleaving semantics Explicit simultaneity Partial order models State based asynchronous time State based synchronous time Event based synchronous time Metric time Non-metric time Pre-post State based discrete time Event based discrete time Discrete time with interleaving Combinational GALS Interleaving with values October 21, 2002 ee249 59

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback