Proving Transformation Functions Abdessamad Imine, Pascal Molli, - - PowerPoint PPT Presentation

▶

Sep 05, 2022 228 likes •712 views

Proving Transformation Functions Abdessamad Imine, Pascal Molli, Grald Oster, Michal Rusinowitch Project ECOO & CASSIS LORIA INRIA Lorraine Context RT Groupware Algorithm requires properties on Transformation Functions:

SLIDE 1

Proving Transformation Functions

Abdessamad Imine, Pascal Molli, Gérald Oster, Michaël Rusinowitch Project ECOO & CASSIS LORIA – INRIA Lorraine

SLIDE 2

Context

RT Groupware Algorithm requires

properties on Transformation Functions:

) , ( ) , (

2 1 2 1 2 1

T

)) , ( ( )) , ( (

2 1 2 , 3 1 2 1 , 3

T

C1: C2:

SLIDE 3

Problem

Proving C1 and C2 is not obvious For a String Object (insert, delete):

For C2: 123 cases

For a (simple) XML object (6op)

For C2: 6*6*6 =216 base cases + all

combination of preconditions…

How to develop SAFE transformation

function for complex objects ??

SLIDE 4

Approach : Automatic proof…

Use an Automatic Theorem Prover to

prove C1, C2 on transformation functions… (SPIKE in our case)

Allow to handle more complex typed

bjects

Discover quickly erroneous executions…

SLIDE 5

Our XML Object…

CN(int n, String tn) : int nn DN(int n) : void CA(int n, String a) DA(int n String a) CHA(int n, String a, String v);

SLIDE 6

Example of use… (CRC Card)

Root : 1 Class : 2 Responsability : 3 Collaboration : 4

Description: Model in MVC Description: Contain data to be displayed Description: Controller, Views

CN(1,"Class")->2 CA(2,"Description") CHA(2,"Description","Model in MVC") CN(2,"Responsibility")->3 CA(3,"Description") CHA(3,"Description","Contain data to be displayed") CN(2,"Collaborations")->4 CA(4,"Description") CHA(3,"Description","Controller, Views")

SLIDE 7

Example of SPIKE Feedback

T(CHA(n1,a1,v1),CHA(n2,a2,v2)):- if n1=n2 ^ a1=a2 ^ v1=v2 return noop if n1=n2 ^ a1=a2 ^ v1<>v2 return CHA(n1,a1,max(v1,v2)) else return CHA(n1,a1,v1)

SLIDE 8

C2 violated…

Problematic scenario:

CHA(n,a,v3) CHA(n,a,v2) CHA(n,a,v1) S3 S2 S1

With max(v1,v2)=max(v2,v3)…

SLIDE 9

SLIDE 10

Corrected transformation functions…

T(CHA(n1,a1,v1),CHA(n2,a2,v2)):- if n1=n2 ^ a1=a2 return CHA(n1,a1,max(v1,v2)) else return CHA(n1,a1,v1)

k for C2…

SLIDE 11

Another example…

T(CA(n1,a1),DA(n2,a2)) :- return CA(n1,a1) T(CA(n1,a1),CHA(n2,a2,v2)) :- if n1=n2 ^ a1=a2 return noop else return CA(n1,a1) T(DA(n1,a1),CA(n2,a2)) :- if n1=n2 ^ a1=a2 return noop else return DA(n1,a1) T(DA(n1,a1),CHA(n2,a2,v2)) :- return DA(n1,a1) T(CHA(n1,a1,v1),CA(n2,a2)):- return CHA(n1,a1,v1) T(CHA(n1,a1,v1),DA(n2,a2)):- if n1=n2 ^ a1=a2 return noop else return CHA(n1,a1,v1)

SLIDE 12

C2 violated !

DA(n,a) CHA(n,a,v) CA(n,a) S3 S2 S1

n and a are linked variables…

SLIDE 13

SLIDE 14

Correcting transformation functions…

T(CA(n1,a1),DA(n2,a2)) : if n1=n2 ^ a1=a2 return noop else return CA(n1,a1) T(DA(n1,a1),CA(n2,a2)) :- return DA(n1,a1)

T(CA(n1,a1),DA(n2,a2)) :- return CA(n1,a1) T(DA(n1,a1),CA(n2,a2)) :- if n1=n2 ^ a1=a2 return noop else return DA(n1,a1)

New… Old…

SLIDE 15

Writing SPIKE specifications…

C1 based on equivalence

Requires to specify state, more difficult…

C2 based on syntactic equality

Only needs definition of operations !!

C2 very easy to prove, C1 requires

more work…

SLIDE 16

Proving C2...

SPIKE Formalism… Our definition Childof(n1,n2)=true -> T(CN(n1,tn1),DN(n2)) = Nop Childof(n1,n2)=false -> T(CN(n1,tn1),DN(n2)) = CN(n1,tn1) T(CN(n1,tn1),DN(n2)):- if (n1 childof n2) return noop else return CN(n1,tn1) T(CN(n1,tn1),CN(n2,tn2))=CN(n1,tn1) T(CN(n1,tn1),CN(n2,tn2)):- return CN(n1,tn1)

SLIDE 17

Proving C2…

specification : convergence use : nats ; sorts: Op Tag Node Att SetAtt Val State; constructors : CN__: Node Tag -> Op; DN_: Node -> Op; CA__: Node Att -> Op; DA__: Node Att -> Op; CHA___: Node Att Val -> Op; Nop : -> Op; defined functions : Childof__: Node Node -> Bool;

SLIDE 18

Proving C2… (end…)

conjectures: %C2 T(T(i,k),T(j,k)) = T(T(i,j),T(k,j));

SLIDE 19

Proving C1

Requires to specify unordered Trees… A little more technical…

axioms: Eqn(n1,n2)=true => Del(Create(St,n1),n2)=Del(St,n2); Eqn(n1,n2)=false, Childof(n1,n2)=true => Del(Create(St,n1),n2)=Del(St,n2); Eqn(n1,n2)=false, Childof(n1,n2)=false => Del(Create(St,n1),n2)=Create(Del(St,n2),n1); …

SLIDE 20

SLIDE 21

User desktop

The switching mode part

User and project names

SLIDE 22

XML Tree Reception queue Log of operations

SLIDE 23

User : Seb User : Pol

SLIDE 24

SLIDE 25

SLIDE 26

Commit Broadcast

Then, when Pol wants to publish his card, he has to Commit his work. At that moment, the local operations are broadcasted to the other sites.

SLIDE 27

Update Integration

SLIDE 28

Update

Same state

SLIDE 29

Seb and Pol work in parallel in Multi-Synchronous mode.

SLIDE 30

SLIDE 31

SLIDE 32

SLIDE 33

SLIDE 34

SLIDE 35

SLIDE 36

SLIDE 37

SLIDE 38

User Pol want to switch to synchronous mode

SLIDE 39

Pol switch to synchronous mode

SLIDE 40

Broadcast

SLIDE 41

Seb switch to synchronous mode

SLIDE 42

Integration

SLIDE 43

Integration Broadcast

SLIDE 44

Both workspaces are merged

Seb Pol

Color Color

SLIDE 45

Synchronous mode Synchronous mode

SLIDE 46

SLIDE 47

Conclusion – Perspectives…

Allow to develop safe transformation

Functions…

For more complex typed object… Find quickly bad scenario… Writing specifications not very hard… Plan to build an IDE for developping