algebraic trace theory ee249.2 - donald pederson · algebraic trace theory ee249 roberto passerone...

October 21, 2002 ee249 1

Algebraic Trace Theory

EE249Roberto Passerone

Material from: Jerry R. Burch, “Trace Theory for Automatic Verification of Real-Time Concurrent Systems”, PhD thesis, CMU, August 1992

October 21, 2002 ee249 2

Outline

IntroductionConcurrency AlgebrasTrace AlgebrasTrace Structure AlgebrasConservative ApproximationsHomomorphisms

October 21, 2002 ee249 3

Abstract Algebra

x + 3 = 5( x + 3 ) + ( -3 ) = 5 + ( -3 )x + ( 3 + ( -3 ) ) = 2x + 0 = 2x = 2

When is it that the solution of a linear equation is unique?

October 21, 2002 ee249 4

Uniqueness of Solution

“Addition” is associativeThere is an identity elementThere is an inverse for each elementNo need for commutativity!Axiomatic approach: don’t define the objects, define their properties

Group = (D, f, id, inv) with the properties above

Many possible examples:Integers under addition (Z, +, 0, -)Positive reals under multiplication (R+, x, 1, -1)Permutations under functional composition (F, °, Id, -1)

October 21, 2002 ee249 5

Algebraic Approach

The properties of the functions must be true in any implementation of the algebra

Hence they allow you to prove general facts that are independent of the particular implementation of the algebra

For example, uniqueness of solutions for linear equations

We will represent models of computation as instances of an algebra and prove general facts

The algebra gives as a tradeoff between generality and structure

October 21, 2002 ee249 6

Outline


October 21, 2002 ee249 7

Objective

Create models for agent behaviorsStudy the relationships between different models

October 21, 2002 ee249 8

A Concrete Model

Define a domain of agentsThe set of finite state automata

Defines an interface for each agentA set of signal names

Defines a mechanism for instantiating agentsA signal renaming function

Defines a mechanism for combining agentse.g. product machine

Defines a mechanism for encapsulating agentsHide local signal names from the interface

October 21, 2002 ee249 9

An Abstract Algebraic Model

Concurrency Algebra = (D, ||, proj, rename)Domain of agent (carrier set)Operation of parallel composition on agentsOperation of projection on agents

encapsulation, scopingOperation of renaming on agents

instantiation

Note: we don’t say what the carrier and the operations are, just that they must exist!But we must provide some properties that we want satisfied

October 21, 2002 ee249 10

Concurrency Algebra

Let W be a set of signal names

A signature γ = ( I, O ) is a pair where I and O are subsets of W

We call the set A = I ∪ Ο the alphabet of a signature γEach agent in D has an associated signature γ

October 21, 2002 ee249 11

Definition of the functions

If O and O’ are disjoint, then E || E’ is defined and the signature is

( ( I ∪ I’ ) – ( O ∪ O’ ), O ∪ O’ )

If I ⊆ B ⊆ A, then proj( B )( E ) is defined and its signature is ( I, O ∩ B )

If r is a renaming function with domain A, then rename( r )( E ) is defined and its signature is ( r( I ), r( O ) ) (where r is naturally extended to sets)

October 21, 2002 ee249 12

Axioms

C1. Associativity of composition( E || E’ ) || E’’ = E || ( E’ || E’’ )

C2. Commutativity of compositionE || E’ = E’ || E

C3. Application of renaming functionsrename( r )( rename( r’ )( E ) ) = rename( r ° r’ )( E )

October 21, 2002 ee249 13

Axioms

C4. Renaming and parallel composition commute

rename( r )( E || E’ ) = rename( r|A )( E ) || rename( r|A’ )( E’ )

C5. Identity of renamingrename( idA )( E ) = E

C6. Application of projectionsproj( B )( proj( B’ )( E ) ) = proj( B )( E )

October 21, 2002 ee249 14

Axioms

C7. Identity of projectionproj( A )( E ) = E

C8. Projection and parallel composition commute

proj( B )( E || E’ ) = proj( B ∩ A )( E ) || proj( B ∩ A’ )( E’ )

C9. Projection and renaming commuteproj( r( B ) )( rename( r )( E ) ) = rename( r|B )( proj( B )( E ) )

October 21, 2002 ee249 15

Concurrency Algebra• Set of agents• Parallel composition of agents• Projection of agents• Renaming of agents

Algebra of Agents

Concurrency AlgebraA

Model of agents

October 21, 2002 ee249 16

Outline


October 21, 2002 ee249 17

Objective of Trace Theory

Start from models of individual behaviorsConstruct models of agents that form a concurrency algebraConstruct relationships between models of agents from relationships between individual behaviorsAgain we use an algebra to define a model of individual behaviors

October 21, 2002 ee249 18


Trace and Trace Structure Algebras

Concurrency AlgebraA

Model of individual behaviors

Model of agents

Trace algebraC

Trace Algebra• Set of traces• Projection of traces• Renaming of traces

October 21, 2002 ee249 19

What Is a Trace?

An element of a set of objects with the following two operations

projectionrenaming

Satisfying a set of axiomsYou must see a pattern here

Don’t define the objects, define their properties!

A trace algebra is a mathematical structure (a set plus the operations) that satisfies the axiomsExamples of traces?

October 21, 2002 ee249 20

Trace Algebra

A trace algebra Cc over W is a triple ( BC, proj, rename ) where

For every A ⊆ W, BC( A ) is the set of traces over AAlso use BC to denote all tracesproj( B ) and rename( r ) are partial functions from BC to BC

October 21, 2002 ee249 21

Axioms of Trace Algebra

T1. Definition of projectionproj( B )( x ) is defined if there is A such that x ∈ BC( A ) and B ⊆ A. When defined proj( B )( x ) is an element of BC( B )

T2. Application of projectionproj( B )( proj( B’ )( x ) ) = proj( B )( x )

T3. Identity of projectionIf x ∈ BC( A ) then proj( A )( x ) = x

October 21, 2002 ee249 22


T5. Definition of renamingrename( r )( x ) is defined iff x ∈ BC( dom( r ) ). When define, rename( R )( x ) is an element of BC( codom( r ) )

T6. Application of renamingrename( r )( rename( r’ )( x ) ) = rename( r ° r’ )( x )

T7. Identity of renamingIf x ∈ BC( A ) then rename( idA )( x ) = x

October 21, 2002 ee249 23


T9. Projection and renaming commuteproj( r( B ) )( rename( r )( x ) ) = rename( r|B )( proj( B )( x ) )

T4. Diamond propertyLet x ∈ BC( A ) and x’∈BC( A’ ) be such that

proj( A ∩ A’ )( x ) = proj( A ∩ A’ )( x’ ).For all A’’ ⊇ A ∪ A’ there is x’’ ∈ BC( A’’ )

such that x = proj( A )( x’’ ) and x’ = proj( A’ )( x’’ )

October 21, 2002 ee249 24

Examples of trace algebras

CI = ( BCI, projI, renameI )

For every A, the set of traces BCI( A ) of

traces over A is A∞ (finite and infinite sequences over A)projI( B )( x ) is the sequence formed by removing every symbol a not in B (the sequence shrinks)renameI( r )( x ) is the sequence formed by applying r to each element of the sequence

October 21, 2002 ee249 25

Examples of Trace Algebras

The singleton { xo }Here all behaviors are the same. It conveys no information

BC( A ) = 2A

proj( B )( x ) = x ∩ Brename( r )( x ) is the natural extension to setsAbstracts time and retains only occurrence information

October 21, 2002 ee249 26


BC( A ) = ( 2A )ω

proj( B )( x ) is intersection with BEvents carry a time stamp (Tagged Signal Model)

BC( A ) = { x( t ) | x : R+ → 2A }Real-valued time stampsProjection is the restriction of the image

October 21, 2002 ee249 27


Interpret the set of signals A as a set of state variables

A state is an assignment σ : A → V where V is the set of possible values of the state variablesBC( A ) = ( A → V )ω

Sequence of assignment functionsProjection is a restriction of the domain of the assignment function

October 21, 2002 ee249 28

Outline


October 21, 2002 ee249 29



Trace structure algebraA

Model of individual behaviors

Model of agents

Trace algebraC

Trace Algebra• Set of traces• Projection of traces• Renaming of traces

A trace structurecontains a set

of traces

October 21, 2002 ee249 30

Constructing agents

We want to go from individual behaviors to models of agentsWe want the model of agents to be a concurrency algebra

Set of agents, with parallel composition, projection and renaming satisfying the axioms

Naturally if a trace is an individual behavior, and agent is a set of those behaviors

October 21, 2002 ee249 31

Trace Structures

A trace structure (or agent) over a trace algebra C is the set of ordered pairs ( γ, P ) where

γ is a signature over W (reminder: γ = ( I, O ) )A is the alphabet of γP is a subset of BC( A )

In other words, P is a set of traces over the alphabet AEach trace in P represents a possible behavior of the agent

October 21, 2002 ee249 32

Let Τ be a set of trace structures (agents)A Trace Structure Algebra is the 4-tuple ( Τ, ||, projTS, renameTS ) where

For T’’ = T || T’: γ’’ = (( I∪I’ ) – (O ∪ O’), O ∪ O’)P’’ = { x ∈ BC( A’’ ) : projT( A )( x ) ∈ P and projT( A’ )( x ) ∈ P’ }projTS( B )( T ) = ( ( I, O ∩ B ), projT( B )( P ) )renameTS( r )( T ) = ( ( r( I ), r( O ) ), renameT( r )( P ) )

An Algebra of Trace StructuresNote: ||, projTS and renameTS denote operations on trace structures, which are derived from the corresponding operations on individual traces projT and renameTNote: the operations on individual traces projT

and renameT are naturally extended to sets of traces

October 21, 2002 ee249 33

Example

BC( A ) = A∞

T = ( ( { a, b }, ∅ ), { abab } )T’ = ( ( { b, c }, ∅ ), { bcb } )

T’’ = T || T’P’’ = { x ∈ BC( A’’ ) : proj( A )( x ) ∈ P and proj( A’ )( x ) ∈ P’ }P’’ = { abacb, abcab }

Note: P’’ is maximal such that its projections correspond to the agents that are being composed

October 21, 2002 ee249 34

Example

BC( A ) = ( 2A )ω

T = ( ( { a, b }, ∅ ), { <{ a, b }, { a }, { b } > } )T’ = ( ( { b, c }, ∅ ), { < { b }, { c }, { b } > } )

T’’ = T || T’P’’ = { < { a, b }, { a, c }, { b } > }

Note that under this trace algebra (with time stamps) we don’t get non-determinism due to interleaving semantics

October 21, 2002 ee249 35

Example

BC( A ) = ( 2A )ω (also = N → 2A )T = ( ( { a, b }, ∅ ), { < { a }, { a }, { b } > } )T’ = ( ( { a, b }, ∅ ), { < { b }, { a }, { b } > } )

T’’ = T || T’Need P’’ ⊆ BC( A ) such that

proj( A )( P’’1 ) = { a } andproj( A )( P’’1 ) = { b }

Obviously this isn’t possible when projection is defined as set intersection

In other words, T and T’ are “incompatible”

October 21, 2002 ee249 36

Theorem

If C is a Trace Algebra, then the Trace Structure Algebra derived from C is a Concurrency Algebra

I.e. the operations of parallel composition, projection and renaming satisfy the axioms of concurrency algebra

Note: the result is independent of the particular Trace Algebra (models of behaviors) that we start from

October 21, 2002 ee249 37

Outline


October 21, 2002 ee249 38

Trace structure algebraA’

Trace algebraC’

“Abstract” Domain


Trace algebraC

“Detailed” Domain


ΨΨΨΨu ΨΨΨΨlΨΨΨΨinv

Goal: Study the problem of heterogeneous interactionFormalize the concepts of abstraction and refinement

October 21, 2002 ee249 39

Relationships between modelsEach semantic domain has a refinement order

Based on trace containment

T1 ⊆ T2 means T1 is a refinement of T2

Guiding intuition: T1 ⊆ T2 means T1 can be substituted for T2

Abstraction mappingIf a function H between agent domains is monotonic, detailed implies abstract: If T1 ⊆ T2 then H(T1) ⊆ H(T2)

Analogy for real numbers r and s: If r ≤ s then r ≤ s

Conservative approximationsA pair of functions Ψ = (Ψl, Ψu) is a conservative approximation if Ψu(T1) ⊆ Ψl(T2) implies T1 ⊆ T2

Analogy: r ≤ s implies r ≤ s

Abstract implies detailed

October 21, 2002 ee249 40

Conservative Approximations

if Ψu( Timpl ) ⊆ Ψl( Tspec ) then Timpl ⊆ Tspec

Intuitively Ψu( Timpl ) is an upper bound of the implementation (has more behaviors)Intuitively Ψl( Tspec ) is a lower bound of the specification (has less behaviors)Hence we are being conservativeFalse negatives are possible. False positives are ruled outThe verification at the more abstract level should be easier

October 21, 2002 ee249 41

Outline


October 21, 2002 ee249 42

Constructing Approximations

How do we build a conservative approximation?As before, we prefer to work at the level of the individual behavior

October 21, 2002 ee249 43


Trace structure algebraA’


Trace algebraC

Trace algebraC’

Homomorphismh ΨΨΨΨu ΨΨΨΨl

ΨΨΨΨinv

“Abstract” Domain

“Detailed” Domain

Let Tspec and Timpl be trace structures in A. Then

if ΨΨΨΨu( Timpl ) ⊆⊆⊆⊆ ΨΨΨΨl( Tspec ) then Timpl ⊆⊆⊆⊆ Tspec

Derive

October 21, 2002 ee249 44

Homomorphisms on Traces

Let C and C’ be two Trace AlgebrasA homomorphism h is a function from the traces in C (BC) to the traces in C’ (BC’) such that h commutes with the operations of projection and renaming

h( proj( B )( x ) ) = proj’( B )( h( x ) )h( rename( r )( x ) ) = rename’( r )( h( x ) )

The homomorphism h is in general many-to-oneHence C’ is in general more abstract than C

October 21, 2002 ee249 45

Commutative Diagram

x proj( B )( x )apply proj

x’apply proj’h( x )

apply h apply h

x’ = h( proj( B )( x ) ) = proj’( B )( h( x ) )

October 21, 2002 ee249 46

Building the Upper Bound

Let P be a set of traces, and consider the natural extension to sets h( P ) of hClearly P ⊆ h-1( h( P ) )

Because h is many-to-oneThis indeed is an upper bound!Equality holds if h is on-to-one

Hence defineΨu( T ) = ( γ, h( P ) )

October 21, 2002 ee249 47

Building the Upper Bound

P

h(P)

h-1( h( P ) )

October 21, 2002 ee249 48

Building the Lower Bound

We want P ⊇ h-1( lb of P )If x is not in P, then h( x ) should not be in the lower bound of PHence define

Ψl( T ) = h( P ) – h( BC( A ) – P )

There is a tighter lower bound

October 21, 2002 ee249 49

Building the Lower Bound

h( BC(A) – P )

BC( A ) - P

h-1( h( P ) - h( BC(A) – P ) )

h( P ) - h( BC(A) – P )

October 21, 2002 ee249 50

Theorem

The pair of functions just defined forms a conservative approximation

if Ψu( Timpl ) ⊆ Ψl( Tspec ) then Timpl ⊆ Tspec

This is an example of a conservative approximation induced by a homomorphism

October 21, 2002 ee249 51

Examples of homomorphisms

From BC( A ) = A∞ to BC( A ) = 2A

h( x ) = { a | a appears in x at least once }

Prove that this is a homomorphismMust show it commutes with projection and renaming

What do the upper and lower bounds look like?

October 21, 2002 ee249 52

Outline

IntroductionConcurrency AlgebrasTrace AlgebrasTrace Structure AlgebrasConservative ApproximationsHomomorphismsConservative Approximations: inverses

October 21, 2002 ee249 53

Approximations: Inverses

Apply Ψu

ΨΨΨΨu

Consider T such that

Ψu(T) = Ψl(T) = T’

ΨΨΨΨl

Apply Ψl

October 21, 2002 ee249 54


Apply Ψu

ΨΨΨΨu

Then Ψinv(T’) = T


Ψu(T) = Ψl(T) = T’

ΨΨΨΨl

Apply Ψl

October 21, 2002 ee249 55

Can be used to embed

high-level model in low

level


Apply Ψu

ΨΨΨΨinv

Then Ψinv(T’) = T


Ψu(T) = Ψl(T) = T’

Apply Ψl

October 21, 2002 ee249 56

Combining MoCs

Want to compose T1 and T2 from different trace structure algebras

T1 T2

Construct a third, more detailed trace algebra, with homomorphisms to the other twoConstruct a third trace structure algebraConstruct cons. approximations and their inversesMap T1 and T2 to T1’ and T2’ in the third trace structure algebraCompose T1’ and T2’ΨΨΨΨinv

T1’

T2’

October 21, 2002 ee249 57

Combining MoCs

Want to compose T1 and T2 from different trace structure algebras

T1 T2

Compose T1’ and T2’Get T’’Project back to T1’ and T2’Map back in the abstract domain

Find restrictions due to the interaction at the higher level (constraint application)Find greatest possible T1 and T2that still have the same interaction (don’t cares, synthesis)

ΨΨΨΨinv

T1’

T2’T’’

October 21, 2002 ee249 58

Key Insight

Using this process you canFind restrictions due to the interaction at the higher level (constraint application)Find greatest possible T1 and T2 that still have the same interaction (don’t cares, synthesis)

October 21, 2002 ee249 59

A Sample of Trace AlgebrasA*( (A) - {∅})*

pomsets(A)(A → V)* (sf: stutter free)(A → V)*( (A))*

→ ((AV → V) rrrr (AE))tomsets((AV --> V) rrrr (AE)) (sf)(A → V)2

→ (A → V)→ (A)→ (A*)

A → {0, 1, X}((AV --> V) rrrr ( (AC) - {∅}))* (sf)(A x V)*

Interleaving semanticsExplicit simultaneityPartial order modelsState based asynchronous timeState based synchronous timeEvent based synchronous timeMetric timeNon-metric timePre-postState based discrete timeEvent based discrete timeDiscrete time with interleavingCombinationalGALSInterleaving with values

algebraic trace theory ee249.2 - donald pederson · algebraic trace theory ee249 roberto passerone...

Documents