computer supported modeling and reasoning
play

Computer Supported Modeling and Reasoning David Basin, Achim D. - PowerPoint PPT Presentation

Jan 25, 2024 •480 likes •1.58k views

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higher-Order Logic Applications: Refinements Burkhart Wolff

  1. Higher-Order Logic Applications: Refinements 1110 Data Refinement Forward Simulation op abs op abs σ ′ σ ′ σabs σabs abs abs ⇒ R R σ ′ σconc σconc conc op conc Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  2. Higher-Order Logic Applications: Refinements 1110 Data Refinement Forward Simulation op abs op abs σ ′ σ ′ σabs σabs abs abs ⇒ R R σ ′ σconc σconc conc op conc σ ′ σabs σabs abs op abs ⇒ R R R σ ′ σ ′ σconc σconc conc conc op conc op conc Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  3. Higher-Order Logic Applications: Refinements 1111 Data Refinement Can we Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  4. Higher-Order Logic Applications: Refinements 1111 Data Refinement Can we • represent refinement in Isabelle ? Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  5. Higher-Order Logic Applications: Refinements 1111 Data Refinement Can we • represent refinement in Isabelle ? • verify and compare refinement notions ? Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  6. Higher-Order Logic Applications: Refinements 1111 Data Refinement Can we • represent refinement in Isabelle ? • verify and compare refinement notions ? • integrate refinement for functions and operations? Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  7. Higher-Order Logic Applications: Refinements 1111 Data Refinement Can we • represent refinement in Isabelle ? • verify and compare refinement notions ? • integrate refinement for functions and operations? YES! In the following, we present a theory of Abstract IOS Specifications and a forward simulation refinement on it. (backward refinement is analogously) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  8. Higher-Order Logic Applications: Refinements 1112 IOS-Forward Simulation An abstract system IOS-step has the type: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  9. Higher-Order Logic Applications: Refinements 1112 IOS-Forward Simulation An abstract system IOS-step has the type: types (’ i , ’o, ’s) ios rel = ”((’i × ’s) × (’o × ’s))set” An Abstract IOS Specification is: (closely related to a Z operation schema): record (’ i ,’ o,’ s) spec = init :: ”’s set” inv :: ”’s set” opn :: ”(’ i , ’o, ’s) ios rel ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  10. Higher-Order Logic Applications: Refinements 1113 IOS-Forward Simulation The generalized abstraction relation on abstract IOS specifications looks as follows: record (’ i ,’ i ’,’ o,’o ’,’ s ,’ s’) abs rel = i :: ”(’ i × ’ i ’) set” o :: ”(’o × ’o’) set” abs :: ”(’s × ’s ’) set” The relation is just a triple of relations on input data, output data and states. Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  11. Higher-Order Logic Applications: Refinements 1114 IOS-Forward Simulation We define a FS-refinement on IOS specifications by its three “proof obligations”: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  12. Higher-Order Logic Applications: Refinements 1114 IOS-Forward Simulation We define a FS-refinement on IOS specifications by its three “proof obligations”: constdefs FS refine :: ” [(’ i ,’ o,’ s) spec, (’ i ,’ i ’,’ o,’o ’,’ s ,’ s’) abs rel , (’ i ’,’ o ’,’ s’) spec] ⇒ bool” A \ < sqsubseteq > R C ≡ FS init A R C ∧ FS corr1 A R C ∧ FS corr2 A R C Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  13. Higher-Order Logic Applications: Refinements 1114 IOS-Forward Simulation We define a FS-refinement on IOS specifications by its three “proof obligations”: constdefs FS refine :: ” [(’ i ,’ o,’ s) spec, (’ i ,’ i ’,’ o,’o ’,’ s ,’ s’) abs rel , (’ i ’,’ o ’,’ s’) spec] ⇒ bool” A \ < sqsubseteq > R C ≡ FS init A R C ∧ FS corr1 A R C ∧ FS corr2 A R C In conceptual notation, we will also write : A ⊑ fs R B for forward simulation (resp. A ⊑ bs R B for backward simulation). Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  14. Higher-Order Logic Applications: Refinements 1115 IOS-Forward Simulation The three conditions are: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  15. Higher-Order Logic Applications: Refinements 1115 IOS-Forward Simulation The three conditions are: • FS init : The set of initial states must be compatible, • FS corr2: When an abstract state transition is possible, then a corresponding concrete state transition must be possible, • FS corr1: When a concrete operation reaches a target state, then the corresponding abstract must exist. Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  16. Higher-Order Logic Applications: Refinements 1115 IOS-Forward Simulation The three conditions are: • FS init : The set of initial states must be compatible, • FS corr2: When an abstract state transition is possible, then a corresponding concrete state transition must be possible, • FS corr1: When a concrete operation reaches a target state, then the corresponding abstract must exist. (Terminology follows [WD96]). Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  17. Higher-Order Logic Applications: Refinements 1116 IOS-Forward Simulation The proof-obligation FS init Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  18. Higher-Order Logic Applications: Refinements 1116 IOS-Forward Simulation The proof-obligation FS init FS init A R C ≡ ∀ cs ∈ (inv C). cs ∈ (init C) − → ∃ as ∈ (inv A). as ∈ (init A) ∧ (as,cs) ∈ abs R Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  19. Higher-Order Logic Applications: Refinements 1116 IOS-Forward Simulation The proof-obligation FS init FS init A R C ≡ ∀ cs ∈ (inv C). cs ∈ (init C) − → ∃ as ∈ (inv A). as ∈ (init A) ∧ (as,cs) ∈ abs R Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  20. Higher-Order Logic Applications: Refinements 1117 IOS-Forward Simulation Recall the diagrams for FS corr2 Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  21. Higher-Order Logic Applications: Refinements 1117 IOS-Forward Simulation Recall the diagrams for FS corr2 op abs op abs σ ′ σ ′ σabs σabs abs abs ⇒ R R σ ′ σconc σconc conc op conc Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  22. Higher-Order Logic Applications: Refinements 1118 IOS-Forward Simulation The formalization for FS corr2 Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  23. Higher-Order Logic Applications: Refinements 1118 IOS-Forward Simulation The formalization for FS corr2 FS corr2 A R C ≡ ∀ as ∈ (inv A). ∀ cs ∈ (inv C). ∀ inp ∈ (Domain(i R)). ∀ inp’ ∈ (Range(i R)). ((inp,as) ∈ Domain (opn A) ∧ (as,cs) ∈ abs R ∧ (inp,inp ’) ∈ i R) − → (inp ’, cs) ∈ Domain(opn C) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  24. Higher-Order Logic Applications: Refinements 1118 IOS-Forward Simulation The formalization for FS corr2 FS corr2 A R C ≡ ∀ as ∈ (inv A). ∀ cs ∈ (inv C). ∀ inp ∈ (Domain(i R)). ∀ inp’ ∈ (Range(i R)). ((inp,as) ∈ Domain (opn A) ∧ (as,cs) ∈ abs R ∧ (inp,inp ’) ∈ i R) − → (inp ’, cs) ∈ Domain(opn C) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  25. Higher-Order Logic Applications: Refinements 1119 IOS-Forward Simulation Recall the diagrams for FS corr1 Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  26. Higher-Order Logic Applications: Refinements 1119 IOS-Forward Simulation Recall the diagrams for FS corr1 σ ′ σabs σabs abs op abs ⇒ R R R σ ′ σ ′ σconc conc σconc conc op conc op conc Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  27. Higher-Order Logic Applications: Refinements 1120 IOS-Forward Simulation Recall the diagrams for FS corr1 Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  28. Higher-Order Logic Applications: Refinements 1120 IOS-Forward Simulation Recall the diagrams for FS corr1 FS corr1 A R C ≡ ∀ as ∈ (inv A). ∀ cs ∈ (inv C). ∀ cs’ ∈ (inv C). ∀ inp ∈ (Domain(i R)). ∀ inp’ ∈ (Range(i R)). ∀ out’ ∈ (Range(o R)). ((inp,as) ∈ Domain(opn A) ∧ (as,cs) ∈ abs R ∧ (inp,inp ’) ∈ i R ∧ ((inp ’, cs ),(out ’, cs ’)) ∈ opn C) − → ( ∃ as’ ∈ (inv A). ∃ out ∈ (Domain(o R)). (as ’, cs ’) ∈ abs R ∧ (out,out’) ∈ o R ∧ ((inp,as ),(out,as ’)) ∈ opn A) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  29. Higher-Order Logic Applications: Refinements 1121 Tayloring IOS-Forward Simulation (1) Tayloring forward simulations for functions : Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  30. Higher-Order Logic Applications: Refinements 1121 Tayloring IOS-Forward Simulation (1) Tayloring forward simulations for functions : Prerequisite: We embed functions as abstract specifications: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  31. Higher-Order Logic Applications: Refinements 1121 Tayloring IOS-Forward Simulation (1) Tayloring forward simulations for functions : Prerequisite: We embed functions as abstract specifications: constdefs fun2op :: ”[’ i set , ’ i ⇒ ’o] ⇒ (’ i ,’ o,unit) spec” ”fun2op precond F ≡ ( | init = { () } , inv = { () } , opn = { (a,b). ∃ x ∈ precond. a=(x,()) ∧ b=(F x,()) }| ) ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  32. Higher-Order Logic Applications: Refinements 1121 Tayloring IOS-Forward Simulation (1) Tayloring forward simulations for functions : Prerequisite: We embed functions as abstract specifications: constdefs fun2op :: ”[’ i set , ’ i ⇒ ’o] ⇒ (’ i ,’ o,unit) spec” ”fun2op precond F ≡ ( | init = { () } , inv = { () } , opn = { (a,b). ∃ x ∈ precond. a=(x,()) ∧ b=(F x,()) }| ) ” procond serves as an additional means to formalize preconditions, under which the refinement is supposed to hold. Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  33. Higher-Order Logic Applications: Refinements 1122 Tayloring IOS-Forward Simulation (1) . . . derive the specialized version FS refine fun : Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  34. Higher-Order Logic Applications: Refinements 1122 Tayloring IOS-Forward Simulation (1) . . . derive the specialized version FS refine fun : [ [ R = ( | i = RI, o = RO, abs = Id | ) ; ∀ inp ∈ pa. A inp ∈ Domain RO; ∀ inp ∈ pa. ∀ inp ’. (inp,inp ’) ∈ RI − → inp’ ∈ pc; ∀ inp ∈ pa. ∀ inp’ ∈ pc. (A inp, C inp’) ∈ RO ] ] = ⇒ (fun2op pa A) \ < sqsubseteq > R (fun2op pc C)” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  35. Higher-Order Logic Applications: Refinements 1122 Tayloring IOS-Forward Simulation (1) . . . derive the specialized version FS refine fun : [ [ R = ( | i = RI, o = RO, abs = Id | ) ; ∀ inp ∈ pa. A inp ∈ Domain RO; ∀ inp ∈ pa. ∀ inp ’. (inp,inp ’) ∈ RI − → inp’ ∈ pc; ∀ inp ∈ pa. ∀ inp’ ∈ pc. (A inp, C inp’) ∈ RO ] ] = ⇒ (fun2op pa A) \ < sqsubseteq > R (fun2op pc C)” Note that the first assumption constrains the structure of the generalized abstraction to default values on dummy states . . . Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  36. Higher-Order Logic Applications: Refinements 1123 Tayloring IOS-Forward Simulation (1) A (standard) example. We assume the usual: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  37. Higher-Order Logic Applications: Refinements 1123 Tayloring IOS-Forward Simulation (1) A (standard) example. We assume the usual: consts insort :: ”[’a :: order , ’a list ] ⇒ ’a list ” is sorted :: ”[’a list ] ⇒ bool” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  38. Higher-Order Logic Applications: Refinements 1123 Tayloring IOS-Forward Simulation (1) A (standard) example. We assume the usual: consts insort :: ”[’a :: order , ’a list ] ⇒ ’a list ” is sorted :: ”[’a list ] ⇒ bool” . . . and set up the refinement relation as: consts data R :: ”(’a :: order set × ’a list )set” set list R :: ”(’a :: order × ’a set ,’ a × ’a list , ’a set ,’ a list , unit , unit) abs rel ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  39. Higher-Order Logic Applications: Refinements 1124 defs data R def: ”data R ≡{ (x,y). x=set y ∧ is sorted y } ” set list R def : ” set list R ≡ ( | i = { (x,y). fst x = fst y ∧ (snd x,snd y) ∈ data R } , o = data R, abs = Id | ) ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  40. Higher-Order Logic Applications: Refinements 1124 defs data R def: ”data R ≡{ (x,y). x=set y ∧ is sorted y } ” set list R def : ” set list R ≡ ( | i = { (x,y). fst x = fst y ∧ (snd x,snd y) ∈ data R } , o = data R, abs = Id | ) ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  41. Higher-Order Logic Applications: Refinements 1125 Tayloring IOS-Forward Simulation (1) A refinement proof is started: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  42. Higher-Order Logic Applications: Refinements 1125 Tayloring IOS-Forward Simulation (1) A refinement proof is started: lemma insert insort refine FS : ”(fun2op { λ (x,S). finite S } ( λ (x,S). insert x S)) \ < sqsubseteq > set list R (fun2op { λ (x,S). is sorted S } ( λ (x,S). insort x S))” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  43. Higher-Order Logic Applications: Refinements 1125 Tayloring IOS-Forward Simulation (1) A refinement proof is started: lemma insert insort refine FS : ”(fun2op { λ (x,S). finite S } ( λ (x,S). insert x S)) \ < sqsubseteq > set list R (fun2op { λ (x,S). is sorted S } ( λ (x,S). insort x S))” . . . and, after applying FS refine fun as introduction rule, we derive the proof obligations: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  44. Higher-Order Logic Applications: Refinements 1125 Tayloring IOS-Forward Simulation (1) A refinement proof is started: lemma insert insort refine FS : ”(fun2op { λ (x,S). finite S } ( λ (x,S). insert x S)) \ < sqsubseteq > set list R (fun2op { λ (x,S). is sorted S } ( λ (x,S). insort x S))” . . . and, after applying FS refine fun as introduction rule, we derive the proof obligations: 1. ∀ a b. finite b − → ( ∃ y. insert a b = set y ∧ is sorted y) 2. ∀ a b. finite b − → ( ∀ aa ba. is sorted ba − → insert a b = set ( insort aa ba) ∧ is sorted ( insort aa ba)) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  45. Higher-Order Logic Applications: Refinements 1126 Tayloring IOS-Forward Simulation (2) . . . derive FS refine opn Z for operations Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  46. Higher-Order Logic Applications: Refinements 1126 Tayloring IOS-Forward Simulation (2) . . . derive FS refine opn Z for operations [ [ R = ( | i = Id, o = Id, abs = Abs | ) ; ∀ cs ∈ (inv C). cs ∈ (init C) − → ∃ as ∈ (inv A). as ∈ (init A) ∧ (as,cs) ∈ Abs; ∀ as ∈ (inv A). ∀ cs ∈ (inv C). ∀ inp ∈ (Domain(i R)). ( pre(opn A)(inp,as) ∧ (as,cs) ∈ (abs R)) − → pre(opn C)(inp,cs ); ∀ as ∈ (inv A). ∀ cs ∈ (inv C). ∀ cs’ ∈ (inv C). ∀ inp. ∀ out. ( pre(opn A)(inp,as) ∧ (as,cs) ∈ Abs ∧ ((inp,cs ),(out,cs ’)) ∈ opn C) − → ∃ as’ ∈ (inv A). (as ’, cs ’) ∈ Abs ∧ ((inp,as ),(out,as ’)) ∈ (opn A)) ] ] = ⇒ A \ < sqsubseteq > R C Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  47. Higher-Order Logic Applications: Refinements 1127 Tayloring IOS-Forward Simulation (2) Do you recognize the pattern? : Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  48. Higher-Order Logic Applications: Refinements 1127 Tayloring IOS-Forward Simulation (2) Do you recognize the pattern? :This represents forward simulation a la [Spi92] and [WD96]): Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  49. Higher-Order Logic Applications: Refinements 1127 Tayloring IOS-Forward Simulation (2) Do you recognize the pattern? :This represents forward simulation a la [Spi92] and [WD96]): ∀ Cstate • Cinit → ( ∃ Astate • Abs ∧ Ainit ) ∀ Astate Cstate Cstate ′ x ? y ! • pre Aop ∧ Abs ∧ Cop → ( ∃ Astate ′ • Abs ′ ∧ Aop ) ∀ Astate Cstate x ? • pre Aop ∧ Abs → pre Cop Note that in this refinement notion, input x ? and output y ! are identical! Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  50. Higher-Order Logic Applications: Refinements 1128 Example: BirthdayBook Refinement A (standard) example: Spivey’s Birthdaybook[Spi92]: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  51. Higher-Order Logic Applications: Refinements 1128 Example: BirthdayBook Refinement A (standard) example: Spivey’s Birthdaybook[Spi92]:The states of the two systems are: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  52. Higher-Order Logic Applications: Refinements 1128 Example: BirthdayBook Refinement A (standard) example: Spivey’s Birthdaybook[Spi92]:The states of the two systems are: record BirthdayBook = birthday :: ”Name ˜= > Date” known :: ”Name set” record BirthdayBook1 = dates :: ”(nat ˜= > Date)” hwm :: nat names :: ”nat ˜= > Name” (The invariant states that known is equal to the domain of birthday). Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  53. Higher-Order Logic Applications: Refinements 1129 Example: BirthdayBook Refinement The two operation schemas are immediately represented as abstract IOS specifications: consts AddBirthday :: ”((Name × Date), unit, BirthdayBook) spec” AddBirthday1:: ”((Name × Date), unit, BirthdayBook1) spec” . . . Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  54. Higher-Order Logic Applications: Refinements 1130 Example: BirthdayBook Refinement The abstraction relation between the underlying states is: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  55. Higher-Order Logic Applications: Refinements 1130 Example: BirthdayBook Refinement The abstraction relation between the underlying states is: constdefs Abs :: ”(BirthdayBook × BirthdayBook1) set” ”Abs ≡ { (x,y ).(( known x) = { n. ∃ i ∈{ 1..(hwm y) } . n = the (names y i) } ) ∧ ( ∀ i ∈{ 1..(hwm y) } . birthday x (the(names y i)) = dates y (the(names y i))) } ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  56. Higher-Order Logic Applications: Refinements 1130 Example: BirthdayBook Refinement The abstraction relation between the underlying states is: constdefs Abs :: ”(BirthdayBook × BirthdayBook1) set” ”Abs ≡ { (x,y ).(( known x) = { n. ∃ i ∈{ 1..(hwm y) } . n = the (names y i) } ) ∧ ( ∀ i ∈{ 1..(hwm y) } . birthday x (the(names y i)) = dates y (the(names y i))) } ” . . . which is generalized to: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  57. Higher-Order Logic Applications: Refinements 1130 Example: BirthdayBook Refinement The abstraction relation between the underlying states is: constdefs Abs :: ”(BirthdayBook × BirthdayBook1) set” ”Abs ≡ { (x,y ).(( known x) = { n. ∃ i ∈{ 1..(hwm y) } . n = the (names y i) } ) ∧ ( ∀ i ∈{ 1..(hwm y) } . birthday x (the(names y i)) = dates y (the(names y i))) } ” . . . which is generalized to: constdefs gen Abs :: ”(’a ,’ a ,’ b,’b,BirthdayBook,BirthdayBook1) abs rel” ”gen Abs ≡ ( | i = Id, o = Id, abs = Abs | ) ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  58. Higher-Order Logic Applications: Refinements 1131 Example: BirthdayBook Refinement The question to be asked: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  59. Higher-Order Logic Applications: Refinements 1131 Example: BirthdayBook Refinement The question to be asked: lemma AddBrithday FS refine : ”AddBirthday \ < sqsubseteq > gen Abs AddBirthday1” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  60. Higher-Order Logic Applications: Refinements 1132 Example: BirthdayBook Refinement Applying FS refine opn Z yields: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  61. Higher-Order Logic Applications: Refinements 1132 Example: BirthdayBook Refinement Applying FS refine opn Z yields: 1. ∀ cs ∈ spec.inv AddBirthday1. cs ∈ init AddBirthday1 − → ( ∃ as ∈ inv AddBirthday. as ∈ init AddBirthday ∧ (as,cs) ∈ Abs) 2. ∀ as ∈ inv AddBirthday. ∀ cs ∈ inv AddBirthday1. ∀ inp. pre(opn AddBirthday)(inp,as) ∧ (as,cs) ∈ Abs − → pre(opn AddBirthday1)(inp,cs) 3. ∀ as ∈ inv AddBirthday. ∀ cs ∈ inv AddBirthday1. ∀ cs’ ∈ inv AddBirthday1. ∀ inp out. pre(opn AddBirthday)(inp,as) ∧ (as,cs) ∈ Abs ∧ ((inp,cs ),out,cs ’) ∈ opn AddBirthday1 − → ∃ as’ ∈ inv AddBirthday. (as ’, cs ’) ∈ Abs ∧ ((inp,as),out,as’) ∈ opn AddBirthday Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  62. Higher-Order Logic Applications: Refinements 1133 (see [Spi92] and the HOL-Z-disribution [BRW03]!) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  63. Higher-Order Logic Applications: Refinements 1134 Connection to Behavioral Refinement(1) • How do abstract IOS specifications relate to behavioral models? Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  64. Higher-Order Logic Applications: Refinements 1134 Connection to Behavioral Refinement(1) • How do abstract IOS specifications relate to behavioral models? • Can we extend reasoning over refinements of individual system steps to sequences of steps ? Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  65. Higher-Order Logic Applications: Refinements 1134 Connection to Behavioral Refinement(1) • How do abstract IOS specifications relate to behavioral models? • Can we extend reasoning over refinements of individual system steps to sequences of steps ? • How do established notions of behavioral specification relate to forward/backward simulation ? Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  66. Higher-Order Logic Applications: Refinements 1134 Connection to Behavioral Refinement(1) • How do abstract IOS specifications relate to behavioral models? • Can we extend reasoning over refinements of individual system steps to sequences of steps ? • How do established notions of behavioral specification relate to forward/backward simulation ? Partial Answer: abstract IOS specifications generate behavioral notions like Kripke-Structures, (Event) Traces and (Event) Failures. The former talks about states, the latter two over “observable input/output”(=Events) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  67. Higher-Order Logic Applications: Refinements 1135 Connection to Behavioral Refinement(1) State Projection into Kripke Structures : Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  68. Higher-Order Logic Applications: Refinements 1135 Connection to Behavioral Refinement(1) State Projection into Kripke Structures : types ’s trace = ”nat ⇒ ’s” record ’s kripke = init :: ”’s set” step :: ”(’s × ’s) set” constdefs state projection :: ”(’ i ,’ o,’ s) spec ⇒ ’s kripke” ” state projection A ≡ ( | kripke . init = spec. init A, kripke .step = { (s1,s2). ∃ i ’ o ’.(( i ’, s1 ),(o’, s2)) ∈ spec.opn A }| ) ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  69. Higher-Order Logic Applications: Refinements 1136 Connection to Behavioral Refinement(1) constdefs is trace :: ”[’ s kripke , ’s trace ] = > bool” ” is trace K t ≡ t 0 ∈ kripke . init K ∧ ( ∀ i. (t i , t (Suc i)) ∈ kripke .step K)” traces :: ”’s kripke = > ’s trace set” ”traces K ≡ { t. is trace K t } ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  70. Higher-Order Logic Applications: Refinements 1136 Connection to Behavioral Refinement(1) constdefs is trace :: ”[’ s kripke , ’s trace ] = > bool” ” is trace K t ≡ t 0 ∈ kripke . init K ∧ ( ∀ i. (t i , t (Suc i)) ∈ kripke .step K)” traces :: ”’s kripke = > ’s trace set” ”traces K ≡ { t. is trace K t } ” And now, a standard temporal logics K | = φ can be defined on top of the Kripke structure K . Open problem: Under which conditions can a forward refinement allow for system abstractions? [ [ A \ < sqsubseteq > R C; kripke projection A | = phi ] ] = ⇒ kripke projection C | = phi Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  71. Higher-Order Logic Applications: Refinements 1137 Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Metatheory I: Syntax David Basin ETH Zurich 8.11.04 Computer

261 views • 23 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higher-Order Logic Application: Denotational Semantics for Functional

999 views • 83 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higher-Order Logic Application: Denotational Semantics for Functional

709 views • 52 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higher-Order Logic Applications: HOL-OCL Achim D. Brucker

873 views • 86 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higher-Order Logic Applications: Refinements Burkhart Wolff

526 views • 41 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Isabelle: Automation by Proof Search Burkhart Wolff Isabelle:

571 views • 46 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higer-Order Logic: Derived Rules David Basin Higer-Order Logic:

534 views • 39 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Motivation and Background David Basin, Burkhart Wolff, and Jan-Georg

1.29k views • 116 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Motivation and Background David Basin, Burkhart Wolff, and Jan-Georg

1.78k views • 158 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Na ve Set Theory David Basin, Burkhart Wolff, and Jan-Georg

897 views • 54 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Introduction David Basin and Burkhart Wolff Introduction 3 What

637 views • 29 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Introduction David Basin and Burkhart Wolff Introduction 3 What

605 views • 36 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higher-Order Logic: Arithmetic Burkhart Wolff Higher-Order Logic:

372 views • 33 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Isabelle: Term Rewriting Burkhart Wolff Isabelle: Term Rewriting 555

662 views • 32 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Isabelle: Term Rewriting Burkhart Wolff Isabelle: Term Rewriting 555

762 views • 43 slides
Reasoning about reasoning by nested conditioning: Modeling theory of mind with probabilistic

Reasoning about reasoning by nested conditioning: Modeling theory of mind with probabilistic

Reasoning about reasoning by nested conditioning: Modeling theory of mind with probabilistic programs November 8, 2019 Zikun Chen, Alex Chang Main Idea model the flexibility and inherent uncertainty of reasoning about agents with

417 views • 29 slides
Languages &amp; Paradigms What s a Language? It s a form of expression To communicate

Languages &amp; Paradigms What s a Language? It s a form of expression To communicate

Languages &amp; Paradigms What s a Language? It s a form of expression To communicate your intent To program a computer 2 What Makes a Program? Language Syntax + Semantics + Algorithms 3 What Makes a Program? Language Syntax +

419 views • 11 slides
Fundamentals Syntax The symbols used to write a program Semantics The actions

Fundamentals Syntax The symbols used to write a program Semantics The actions

CS 242 Syntax and Semantics of Programs Fundamentals Syntax The symbols used to write a program Semantics The actions that occur when a program is executed John Mitchell Programming language implementation Syntax

234 views • 9 slides
Paradigms following: 1. Model of computation 2. Concepts (Primitives of the programming

Paradigms following: 1. Model of computation 2. Concepts (Primitives of the programming

Programming paradigm: An abstract concept that covers the Paradigms following: 1. Model of computation 2. Concepts (Primitives of the programming language) 3. Tools (data structures and algorithms) 4. The &quot;human mindset&quot;

501 views • 13 slides
Proving Equivalence Between Imperative and MapReduce Implementations Using Program

Proving Equivalence Between Imperative and MapReduce Implementations Using Program

Proving Equivalence Between Imperative and MapReduce Implementations Using Program Transformations VPT 2018 Thessaloniki 20 April 2018 Bernhard Beckert, Timo Bingman, Moritz Kiefer, Peter Sanders, Mattias Ulbrich , Alexander Weigl www.kit.edu

968 views • 60 slides
Ada and C++ in Education Ray Toal Loyola Marymount University Los Angeles November 10, 1994

Ada and C++ in Education Ray Toal Loyola Marymount University Los Angeles November 10, 1994

Ada and C++ in Education Ray Toal Loyola Marymount University Los Angeles November 10, 1994 Outline Introductory Remarks The Software Engineer The University Programming Languages Ada before C++ OO? Language Usage

606 views • 18 slides
General issues with the implementation of theory models in generators A. Nikolakopoulos , N.

General issues with the implementation of theory models in generators A. Nikolakopoulos , N.

General issues with the implementation of theory models in generators A. Nikolakopoulos , N. Jachowicz, K. Niewczas, J. T. Sobczyk , R. Gonzalez-Jimenez, J.M. Udias 1 NuSTEC workshop, Pittsburgh USA A. Nikolakopoulos Outline I. Nucleon

670 views • 53 slides
Implementation, evaluation and analysis of Block index for ADIOS Tzuhsien Wu, Jerry Chou

Implementation, evaluation and analysis of Block index for ADIOS Tzuhsien Wu, Jerry Chou

Implementation, evaluation and analysis of Block index for ADIOS Tzuhsien Wu, Jerry Chou National Tsing Hua University, Taiwan Norbert Podhorszki, Yuan Tian Oak Ridge National Laboratory, USA Junmin Gu, Kesheng Wu Lawrence Berkeley National

526 views • 9 slides
CSEE 4823 Advanced Logic Design Handout: Lecture #2 9/8/16 Prof. Steven M. Nowick

CSEE 4823 Advanced Logic Design Handout: Lecture #2 9/8/16 Prof. Steven M. Nowick

CSEE 4823 Advanced Logic Design Handout: Lecture #2 9/8/16 Prof. Steven M. Nowick nowick@cs.columbia.edu Department of Computer Science (and Elect. Eng.) Columbia University New York, NY, USA Combinational Logic: Basic Definitions + 2-Level

540 views • 10 slides

More recommend