Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Graph-Transformation Verification using Monadic 2 nd -Order Logic Kazuhiro Inaba with S. Hidaka, Z. Hu, H. Kato (National Institute of Informatics, Japan)

Published byShannon Franklin Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Graph-Transformation Verification using Monadic 2 nd -Order Logic Kazuhiro Inaba with S. Hidaka, Z. Hu, H. Kato (National Institute of Informatics, Japan)"— Presentation transcript:

1 1 Graph-Transformation Verification using Monadic 2 nd -Order Logic Kazuhiro Inaba with S. Hidaka, Z. Hu, H. Kato (National Institute of Informatics, Japan) and K. Nakano (University of Electro-Communications) PPDP 2011, Odense Graph MSO Verify

2 2 Graph Transformation GRoundTram ( www.biglab.org )www.biglab.org

3 3 Two Languages Involved Transformation: UnQL / UnCAL [Buneman&Fernandez&Suciu, 2000] select {result: $x} where { _*: $x}, {name: John} in $x Transformation: UnQL / UnCAL [Buneman&Fernandez&Suciu, 2000] select {result: $x} where { _*: $x}, {name: John} in $x Schema: KM3 [ATLAS Group] class INPUT { reference SNS: SNSDB; … } Schema: KM3 [ATLAS Group] class INPUT { reference SNS: SNSDB; … } class OUTPUT { reference result*: MEM; }

4 4 Today’s Topic: Static Check Given – A graph transformation f – Input schema S I – Output schema S o Statically verify that “there’s no type error”, i.e., “for any graph g conforming to S I, f(g) always conforms to S o.”

5 5 Example : SNS-Members Extract all members using the screen-name “John”. SNS membernameJohn member nameMary member nameJohn friend info ・・・・・・ ・・・・・・ ・・・・・・ select {result: $x} where {SNS: {member: $x}}, {name: John} in $x ・・・・・・

6 6 Example Extract all members using the screen-name “John”. SNS membernameJohn member nameMary member nameJohn friend info ・・・・・・ ・・・・・・ ・・・・・・ select {result: $x} where {SNS: {member: $x}}, {name: John} in $x result ・・・・・・

7 7 ・・・・・・ Example Lazy programmer may write … SNS membernameJohn member nameMary member nameJohn friend info ・・・・・・ ・・・・・・ ・・・・・・ select {result: $x} where { _*: $x}, {name: John} in $x result

8 8 Example In fact, the graph contained “group” data, too! SNS membernameJohn member nameMary member nameJohn friend info ・・・・・・ ・・・・・・ ・・・・・・ ・・・・・・ name “Fan Club of XXX” group name “Java Programmer” group member

9 9 Example What happens if there’s {group: {name: John, …}} SNS membernameJohn member nameMary member nameJohn friend info ・・・・・・ ・・・・・・ ・・・・・・ ・・・・・・ name “Fan Club of XXX” group name “Java Programmer” group member select {result: $x} where { _*: $x}, {name: John} in $x BUGGY !

10 10 What We Provide Programmers specify their intention about the structure of input/output. // Input Schema supplied by the SNS provider class INPUT{ reference SNS: SNSDB; } class SNSDB{ reference member*: MEM; reference group*: GRP; } class MEM{ reference friend*: MEM; reference name: STRING; } class GRP{ reference name: STRING; reference member*: MEM; } // Input Schema supplied by the SNS provider class INPUT{ reference SNS: SNSDB; } class SNSDB{ reference member*: MEM; reference group*: GRP; } class MEM{ reference friend*: MEM; reference name: STRING; } class GRP{ reference name: STRING; reference member*: MEM; } class OUTPUT { reference result*: MEM; }

11 11 What We Provide Then, our system automatically verify it! class INPUT{ reference SNS: SNSDB; } class OUTPUT { reference result*: MEM; } select {result: $x} where {SNS: {member: $x}}, {name: John} in $x “OK!” ※ Our checker is SOUND. If it says OK, then the program never goes wrong.

12 12 What We Provide Then, our system automatically verify it! class INPUT{ reference SNS: SNSDB; } class OUTPUT { reference result*: MEM; } “BUG!” select {result: $x} where { _*: $x}, {name: John} in $x SNS group name John ※ Our checker provides a COUNTER-EXAMPLE.

13 13 Outline of the Rest of the Talk How We Implemented This Verification – Monadic 2 nd -Order Logic (MSO) – Schema to MSO – Transformations to MSO – Decide MSO: from Graphs to Trees

14 14 Overall Picture UnQL / UnCAL [Buneman, et.al. 00] UnQL / UnCAL [Buneman, et.al. 00] MSO Definable Transduction [Courcelle 94] MSO Definable Transduction [Courcelle 94] KM3 Schema [ATLAS Group] KM3 Schema [ATLAS Group] MSO Logic Nice Properties MONA : MSO Solver [Møller, et.al. 95-] MONA : MSO Solver [Møller, et.al. 95-] This Work Bwd Inference

15 15 Monadic 2 nd -Order Logic MSO is a usual 1 st order logic on graphs … … extended with (primitives) edge foo (x, e, y) start(x) (connectives) ¬ P P&Q P ∨ Q ∀ x.P(x) ∃ x.P(x) (set-quantifiers) ∀ set S. P(S) ∃ set S.P(S) (set-primitives) x ∈ S S ⊆ T

16 16 Schema to MSO Straightforward class OUTPUT { reference result*: MEM; } class MEM{ reference friend*: MEM; reference name: STRING; } class OUTPUT { reference result*: MEM; } class MEM{ reference friend*: MEM; reference name: STRING; } ∃ set OUTPUT. ∃ set MEM. ( ∀ x. start(x)  x ∈ OUTPUT) ∧ ( ∀ x ∈ OUTPUT. ∀ e. ∀ u. edge(x,e,u)  edge result (x,e,u) & u ∈ MEM) ∧ … ∃ set OUTPUT. ∃ set MEM. ( ∀ x. start(x)  x ∈ OUTPUT) ∧ ( ∀ x ∈ OUTPUT. ∀ e. ∀ u. edge(x,e,u)  edge result (x,e,u) & u ∈ MEM) ∧ …

17 17 Transformation to MSO Q: What do we mean by “representing transformations in MSO”? A: We convert UnQL’s functional core language into a (kind of) logic program in MSO. edge[OUT] b (v, e, u) ⇔ ∃ v’ e’ u’. edge a (v’,e’,u’) & v=v’ & e=e’ & u=e’ edge[OUT] d (v, e, u) ⇔ ∃ v’ e’ u’. ¬ edge a (v’,e’,u’) & v=v’ & e=e’ & u=u’ … edge[OUT] b (v, e, u) ⇔ ∃ v’ e’ u’. edge a (v’,e’,u’) & v=v’ & e=e’ & u=e’ edge[OUT] d (v, e, u) ⇔ ∃ v’ e’ u’. ¬ edge a (v’,e’,u’) & v=v’ & e=e’ & u=u’ … select {result: $x} where { _*: $x}, {name: John} in $x

18 18 Transformation Language “Core UnCAL” – Internal Representation of “UnQL”  E ::= {L 1 :E 1, L 2 :E 2, …, L n :E n } | if L=L then E else E | $G | & | rec(λ($L,$G). E)(E) | … L ::= (label constant) | $L E ::= {L 1 :E 1, L 2 :E 2, …, L n :E n } | if L=L then E else E | $G | & | rec(λ($L,$G). E)(E) | … L ::= (label constant) | $L select {result: $x} where { _*: $x}, {name: John} in $x

19 19 rec Semantics of rec in UnCAL rec(λ($L,$G). if $L = a then {b: {c: &}} else {d: $G} )($input_graph) rec(λ($L,$G). if $L = a then {b: {c: &}} else {d: $G} )($input_graph) 12 a z if $L = a then {b: {c: &}} else {d: $G} b 12 d 12 c z a 12 12 Decompose to a set of edges! b 12 c d 12 a z Glue them!

20 20 More Precise, MSO-Representable “Finite-Copy” Semantics if $L = a then {b: {c: &}} else {d: $G} b 12 c a 12 12 Copy as needed! Glue them! 12 b c Transform to what we want! edge[112] b (v, e, u) ⇔ ∃ v’ e’ u’. edge a (v’,e’,u’) & v=v’ & e=e’ & u=e’ edge[231] c (v, e, u) ⇔ ∃ v’ e’ u’. edge a (v’,e’,u’) & v=e’ & e=e’ & u=u’ edge[112] b (v, e, u) ⇔ ∃ v’ e’ u’. edge a (v’,e’,u’) & v=v’ & e=e’ & u=e’ edge[231] c (v, e, u) ⇔ ∃ v’ e’ u’. edge a (v’,e’,u’) & v=e’ & e=e’ & u=u’

21 21 “Finite-Copy” Semantics if $L = a then {b: {c: &}} else {d: $G} d 12 z 12 Glue them! 2 Copy as needed! 2 d Transform to what we want! edge[110] d (v, e, u) ⇔ ∃ v’ e’ u’. ¬ edge a (v’,e’,u’) & v=v’ & e=e’ & u=u’

22 22 Transformation to MSO Theorem: Nest-free UnCAL is representable by finite-copying MSO transduction. ((Transformation = Definition of the output-graph in terms of the input graph)) edge[112] b (v, e, u) ⇔ ∃ v’ e’ u’. edge a (v’,e’,u’) & v=v’ & e=e’ & u=e’ edge[231] c (v, e, u) ⇔ ∃ v’ e’ u’. edge a (v’,e’,u’) & v=e’ & e=e’ & u=u’ edge[110] d (v, e, u) ⇔ ∃ v’ e’ u’. ¬ edge a (v’,e’,u’) & v=v’ & e=e’ & u=u’ edge[112] b (v, e, u) ⇔ ∃ v’ e’ u’. edge a (v’,e’,u’) & v=v’ & e=e’ & u=e’ edge[231] c (v, e, u) ⇔ ∃ v’ e’ u’. edge a (v’,e’,u’) & v=e’ & e=e’ & u=u’ edge[110] d (v, e, u) ⇔ ∃ v’ e’ u’. ¬ edge a (v’,e’,u’) & v=v’ & e=e’ & u=u’ rec(λ($L,$G). if $L = a then {b: {c: &}} else {d: $G} )($input_db) rec(λ($L,$G). if $L = a then {b: {c: &}} else {d: $G} )($input_db)

23 23 “Backward” Inference [Courcelle 1994] ∃ e. edge c (_, e, _) Output Schema Transformation rec(λ($L,$G). if $L = a then {b: {c: &}} else {d: $G} )($input_db) rec(λ($L,$G). if $L = a then {b: {c: &}} else {d: $G} )($input_db) edge[112] b (v, e, u) ⇔ ∃ v’ e’ u’. … edge[231] c (v, e, u) ⇔ ∃ v’ e’ u’. edge a (v’,e’,u’) & … & e=e’ edge[110] d (v, e, u) ⇔ ∃ v’ e’ u’. … edge[112] b (v, e, u) ⇔ ∃ v’ e’ u’. … edge[231] c (v, e, u) ⇔ ∃ v’ e’ u’. edge a (v’,e’,u’) & … & e=e’ edge[110] d (v, e, u) ⇔ ∃ v’ e’ u’. … ∃ e. edge[_0_] c (_, e, _) ∨ edge[_1_] c (_, e, _) ∨ edge[_2_] c (_, e, _) ∨ edge[_3_] c (_, e, _) ∃ e. edge a (_, e, _) InputSchema ∃ e. false ∨ false ∨ false ∨ ∃ v’ e’ u’. edge a (v’,e’,u’) & … & e=e’ ⇒

24 24 rec Nested rec rec Nested rec (arising from “cross product”) cannot be encoded into finite-copy semantics Currently we ask programmer to add annotation  rec(λ($L1,$G1). rec(λ($L2,$G2). {pair: {first: $G1, second: $G2}} )($db) rec(λ($L1,$G1). rec(λ($L2,$G2). {pair: {first: $G1, second: $G2}} )($db) select {p: {f: $G1, s:$G2}} where {_: $G1} in $db, {_ : $G2} in $db select {p: {f: $G1, s:$G2}} where {_: $G1} in $db, {_ : $G2} in $db rec(λ($L1,$G1). rec(λ($L2,$G2). {pair: {first: ($G1 :: MEM), second: $G2}} … rec(λ($L1,$G1). rec(λ($L2,$G2). {pair: {first: ($G1 :: MEM), second: $G2}} …

25 25 Remark: Why MSO It is expressive power is needed. – Schemas can encode runs of automata, which is basically equivalent to MSO. – Transformation also requires MSO power, for tracking edge-erasing. It can be made decidable! rec – In contrast to, e.g., FO+TC k that can capture nested recs without annotation.

26 26 Two Nice Props of UnCAL [Buneman et al. 2000] UnCAL is … a UnCAL Transformation b ・・ ・ ∞ aaa Unfolding bcb Bisimulation-generic ・・ ・ ∞ a Cut bc Compact c aa ・・・・・・ b c b c ・・・・・・

27 27 MSO Validation Now we have a MSO Formula on Graphs. MONA MSO Solver [Møller, et.al. 95-] can decide validness of MSO on Finite Trees. ! MSO (even 1 st -Order Logic) on Graphs is undecidable [Trakhtenbrot 1950]. Theorem: If MSO formula is Bisimulation-Generic and Compact, it is valid on graphs iff on finite trees.

28 28 Conclusion Static verification of graph transformations via MSO Future work : – Complete checking w/o annotations. – Support for full UnCAL (with data value comparison). – Use MSO-Transduction semantics for checking other properties. – Comprehensive experiments on performance. class OUTPUT { reference result*: MEM; } select {result: $x} where { _*: $x}, {name: John} in $x class INPUT { reference SNS: SNSDB; } MSO “YES”/“NO”+

Download ppt "1 Graph-Transformation Verification using Monadic 2 nd -Order Logic Kazuhiro Inaba with S. Hidaka, Z. Hu, H. Kato (National Institute of Informatics, Japan)"

Similar presentations

Software Model Checking for Confidentiality Rajeev Alur University of Pennsylvania Joint work with Pavol Cerny.

Software Model Checking for Confidentiality Rajeev Alur University of Pennsylvania Joint work with Pavol Cerny.
An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.

An Abstract Interpretation Framework for Refactoring P. Cousot, NYU, ENS, CNRS, INRIA R. Cousot, ENS, CNRS, INRIA F. Logozzo, M. Barnett, Microsoft Research.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.

Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.
Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.

Gennaro Parlato (LIAFA, Paris, France) Joint work with P. Madhusudan Xiaokang Qie University of Illinois at Urbana-Champaign.
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.

Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.
1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.

1 How to transform an analyzer into a verifier. 2 OUTLINE OF THE LECTURE a verification technique which combines abstract interpretation and Park’s fixpoint.
The Big Picture Chapter 3. We want to examine a given computational problem and see how difficult it is. Then we need to compare problems Problems appear.

The Big Picture Chapter 3. We want to examine a given computational problem and see how difficult it is. Then we need to compare problems Problems appear.
Program Representations. Representing programs Goals.

Program Representations. Representing programs Goals.
Kazuhiro Inaba National Institute of Informatics, Japan 4 th DIKU-IST Workshop, 2011 Modal-μ Definable Graph Transduction.

Kazuhiro Inaba National Institute of Informatics, Japan 4 th DIKU-IST Workshop, 2011 Modal-μ Definable Graph Transduction.
Compiler Construction

Compiler Construction
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Expert System Human expert level performance Limited application area Large component of task specific knowledge Knowledge based system Task specific knowledge.

Expert System Human expert level performance Limited application area Large component of task specific knowledge Knowledge based system Task specific knowledge.
1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
1 Lecture 4 Topics –Problem solving Subroutine Theme –REC language class The class of solvable problems Closure properties.

1 Lecture 4 Topics –Problem solving Subroutine Theme –REC language class The class of solvable problems Closure properties.
Common Sub-expression Elim Want to compute when an expression is available in a var Domain:

Common Sub-expression Elim Want to compute when an expression is available in a var Domain:
Penn ESE 535 Spring 2009 -- DeHon 1 ESE535: Electronic Design Automation Day 13: March 4, 2009 FSM Equivalence Checking.

Penn ESE 535 Spring DeHon 1 ESE535: Electronic Design Automation Day 13: March 4, 2009 FSM Equivalence Checking.
Direction of analysis Although constraints are not directional, flow functions are All flow functions we have seen so far are in the forward direction.

Direction of analysis Although constraints are not directional, flow functions are All flow functions we have seen so far are in the forward direction.

Similar presentations

Ads by Google