trigger querying
DESCRIPTION
Trigger Querying. Orna Kupferman Yoad Lustig. ?. Motivation. Model exploration. In model exploration, the objective is to explore and understand the model. Contrast this with model checking, in which the objective is to verify that the model satisfies the specification. - PowerPoint PPT PresentationTRANSCRIPT
Trigger Querying
Orna Kupferman
Yoad Lustig
Motivation
Model exploration
In model exploration, the objective is to explore and understand the model.
Contrast this with model checking, in which the objective is to verify that the model satisfies the specification.
Model exploration was formalized as a problem by Chan (CAV 2000) who introduced query checking.
Query Checking
Query checking is based on CTL. In CTL model checking we get a Kripke
structure M and a formula, say AG[ p ], and ask whether M ² AG[ p ].
In query checking, a Boolean subformula is replaced by “?”, and one may ask M ²AG[?].
The solution is the “strongest” Boolean expression that can replace the “?”.
Query Checking - shortcoming
In query checking we search for a Boolean expression (that can replace the “?”).
A Boolean expression is evaluated at a state, and therefore refers to one point in time.
No temporal dynamics. The user is usually interested in scenarios. Example: what scenarios lead to the calling
of the function.
Triggers semantics
We use the temporal operator triggers (a.k.a. suffix implication) to describe scenarios.
M ² r triggers means:for every computation of M and index i,If [1..i]2 L(r) then i2 L().
1..i] i
i
Triggers semantics - example
In this model – Does M ² p¢q triggers next p– ALL computations inducing p¢q must be considered.
– Does M ² p¢p triggers next q
p q
p
q
q
p
p,q
?
?
Trigger Querying - Definition
In the trigger query M ² ? triggers we ask which words trigger orwhat is { u2* | M ² u triggers
The solution is the set of scenarios that trigger
The solution is guaranteed to be a regular set, and can be represented as a regular expression or a DFA.
Trigger querying: do all paths that induce a word
Trigger Querying technical characterization
are followed by ? does (w) µ []M?
w
[]M
q1
q8
q5
q4
q2
q7q0
q7 q5
q4
q2
q1 q3
q7
q8
q1
[]M : states from which all paths satisfy .
(w) : states a computation inducing w might end in.
(w)
Trigger Querying branching-time view
M ² u triggers iff (u) µ [M. In other words, the query is about states
(rather than infinite words / computations).
M ² w triggers is equivalent to M ² A[ w triggers and to M ² A[ w triggers A[
Solving Trigger Querying
The problem of identifying the set [M is the well studied problem of global model checking.
The problem of computing (u) is easily solvable by a type of subset construction on the states of M.
Construct a DFA AM, with state space 2Q, such that AM visits state (u) after reading u, and the accepting states of AM are sets contained in [M.
Complexity of Trigger Querying
Computing both [M and AM can be done in PSPACE.
For [M, the dependency on || is polyspace, but the dependency on |M| (structure complexity) is only polytime.
For AM, however, the dependency on M is also polyspace. Unfortunately, this is unavoidable.
Trigger querying: do all paths that induce a word
NFA complementation: do all runs on a word end in some set?
Complexity of Trigger Querying- lower bound idea.
are followed by ?end in some set?
w
[]M
Variants of trigger querying
Partial trigger querying. Relevant trigger querying. Constrained trigger querying. Observable trigger querying. Search for necessary conditions.
Partial Trigger Querying
Motivation: trying to overcome high complexity demands.
In partial trigger querying, we search for a subset of the solution to M ² ? triggers that is not empty unless so is the solution.
Simplest case: find a single word, of length bounded by a unary parameter, that trigger . This case is NP hard.
Relevant Trigger Querying
M ² r triggers means: 8 computation 8 i≥0 If [1..i]2 L(r) then i2 L().
Words that are not a prefix of any computation are solutions to M ² r triggers .
In relevant trigger querying we do not accept such vacuous solutions.
Technical solution: remove ; from AM’s set of accepting states.
1..i] i
Constrained Trigger Querying
Sometimes a user would like to have a dialog with the query-checking tool.
Example:– What are the solutions in which the signal x
is initially 0? Solutions in which x is initially 0 but then turns to 1?
In constrained trigger querying the user provides a query as well as a constraint; the solution set is intersected with the constraint.
Observable trigger querying
Sometimes a user would like to see solutions that refer only to a subset of “observable” signals.
Examples: – A user that doesn’t want to hear about internal
signals used in the implementation.– A user that want to know if there is a way to
control input signal x that will force the system to behave in some way.
When M ² r triggers , the language of r can be seen as a sufficient reason for
If a word from L(r) “happens” then will inevitably “happen”.
What about necessary conditions? Informally: what “event” always precedes ?
Necessary conditions
Necessary conditions (cont’)
8 computation 8 i≥0 If i2 L() then [1..i]2 L(r) .
No unique solution. In fact, * is always a solution.
A solution r1 is stronger than r2 iff L(r1)µ L(r2). A unique stronger solution exists.
1..i] i
Necessary conditions - technical
Similar technical details:– Set G = { s | Ms ² : }.– Necessary condition is { u2* | (u)Å G ; }.
The complexity is polynomial space in ||, but only nondeterministic logspace in |M|.
Queries?
A query A trigger(fish)