revisiting auxiliary variables
play

Revisiting Auxiliary Variables Stephan Merz joint work with Leslie - PowerPoint PPT Presentation

Jul 04, 2023 •466 likes •990 views

Revisiting Auxiliary Variables Stephan Merz joint work with Leslie Lamport Inria & LORIA, Nancy, France IFIP Working Group 2.2 Bordeaux, September 2017 Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 1 / 24 Specifications

  1. Revisiting Auxiliary Variables Stephan Merz joint work with Leslie Lamport Inria & LORIA, Nancy, France IFIP Working Group 2.2 Bordeaux, September 2017 Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 1 / 24

  2. Specifications of State Machines Standard way of describing algorithms ◮ initial condition, next-state relation express what may happen ◮ fairness / liveness conditions assert what must happen Part of the state may be hidden ◮ do not expose implementation details ◮ delimit observable behavior that should be implemented Concrete syntax: TLA + ∃ ∃ x : Init ∧ � [ Next ] vars ∧ L ∃ ∃ ∃ ∃ Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 2 / 24

  3. Refinement of State Machines From high-level specification to concrete implementation ◮ executions of lower-level state machine coherent with specification ◮ formally: inclusion of set of (observable) state sequences ( ∃ ∃ y : Impl ) ⇒ ( ∃ ∃ ∃ ∃ ∃ ∃ ∃ ∃ ∃ ∃ x : Spec ) Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 3 / 24

  4. Refinement of State Machines From high-level specification to concrete implementation ◮ executions of lower-level state machine coherent with specification ◮ formally: inclusion of set of (observable) state sequences ( ∃ ∃ y : Impl ) ⇒ ( ∃ ∃ ∃ ∃ ∃ ∃ ∃ ∃ ∃ ∃ x : Spec ) Standard proof technique: refinement mapping ◮ reconstruct high-level internal state from low-level state Impl ⇒ Spec { f / x } ◮ pointwise computation of internal state components Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 3 / 24

  5. Example: Compute the Maximum Input Value First specification: store the set of all inputs ∆ Init 1 = inp = {} ∧ lastinp = − ∞ ∧ max = − ∞ = inp ′ = inp ∪ { x } ∧ lastinp ′ = x ∧ max ′ = Max ( inp ′ ) ∆ Input 1 ( x ) ∆ Next 1 = ∃ x ∈ Int : Input 1 ( x ) ∆ = ∃ ∃ ∃ Spec 1 ∃ ∃ ∃ inp , lastinp : Init 1 ∧ � [ Next 1 ] � inp , lastinp , max � Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 4 / 24

  6. Example: Compute the Maximum Input Value First specification: store the set of all inputs ∆ Init 1 = inp = {} ∧ lastinp = − ∞ ∧ max = − ∞ = inp ′ = inp ∪ { x } ∧ lastinp ′ = x ∧ max ′ = Max ( inp ′ ) ∆ Input 1 ( x ) ∆ Next 1 = ∃ x ∈ Int : Input 1 ( x ) ∆ = ∃ ∃ ∃ Spec 1 ∃ ∃ ∃ inp , lastinp : Init 1 ∧ � [ Next 1 ] � inp , lastinp , max � Second specification: store just the maximum value ∆ Init 2 = lastinp = − ∞ ∧ max = − ∞ = lastinp ′ = x ∧ max ′ = IF x > max THEN x ELSE max ∆ Input 2 ( x ) ∆ Next 2 = ∃ x ∈ Int : Input 2 ( x ) ∆ = ∃ ∃ ∃ ∃ ∃ ∃ lastinp : Init 2 ∧ � [ Next 2 ] � lastinp , max � Spec 2 Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 4 / 24

  7. Example: Compute the Maximum Input Value First specification: store the set of all inputs ∆ Init 1 = inp = {} ∧ lastinp = − ∞ ∧ max = − ∞ = inp ′ = inp ∪ { x } ∧ lastinp ′ = x ∧ max ′ = Max ( inp ′ ) ∆ Input 1 ( x ) ∆ Next 1 = ∃ x ∈ Int : Input 1 ( x ) ∆ = ∃ ∃ ∃ Spec 1 ∃ ∃ ∃ inp , lastinp : Init 1 ∧ � [ Next 1 ] � inp , lastinp , max � Second specification: store just the maximum value ∆ Init 2 = lastinp = − ∞ ∧ max = − ∞ = lastinp ′ = x ∧ max ′ = IF x > max THEN x ELSE max ∆ Input 2 ( x ) ∆ Next 2 = ∃ x ∈ Int : Input 2 ( x ) ∆ = ∃ ∃ ∃ ∃ ∃ ∃ lastinp : Init 2 ∧ � [ Next 2 ] � lastinp , max � Spec 2 What is the formal relationship between the two specifications? Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 4 / 24

  8. Proving Refinement The two specifications are equivalent ◮ they generate same externally visible behaviors (variable max ) Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 5 / 24

  9. Proving Refinement The two specifications are equivalent ◮ they generate same externally visible behaviors (variable max ) Spec 1 refines Spec 2 prove invariant max = Max(inp) 1 use identical refinement mapping for variable lastinp 2 Spec 1 ∧ � ( max = Max ( inp )) ⇒ Init 2 ∧ � [ Next 2 ] � lastinp , max � Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 5 / 24

  10. Proving Refinement The two specifications are equivalent ◮ they generate same externally visible behaviors (variable max ) Spec 1 refines Spec 2 prove invariant max = Max(inp) 1 use identical refinement mapping for variable lastinp 2 Spec 1 ∧ � ( max = Max ( inp )) ⇒ Init 2 ∧ � [ Next 2 ] � lastinp , max � Spec 2 refines Spec 1 ◮ holds semantically, but no refinement mapping ◮ cannot compute set of inputs given the maximum value Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 5 / 24

  11. Proving Refinement The two specifications are equivalent ◮ they generate same externally visible behaviors (variable max ) Spec 1 refines Spec 2 prove invariant max = Max(inp) 1 use identical refinement mapping for variable lastinp 2 Spec 1 ∧ � ( max = Max ( inp )) ⇒ Init 2 ∧ � [ Next 2 ] � lastinp , max � Spec 2 refines Spec 1 ◮ holds semantically, but no refinement mapping ◮ cannot compute set of inputs given the maximum value Refinement mappings alone are incomplete Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 5 / 24

  12. Auxiliary Variables Augment implementation, then construct refinement mapping ∃ a : Impl a Impl ≡ ∃ ∃ ∃ ∃ ∃ specific rules justifying auxiliary variables: 1 Impl a ⇒ ∃ ∃ ∃ augmented specification refines high-level: ∃ ∃ ∃ x : Spec 2 Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 6 / 24

  13. Auxiliary Variables Augment implementation, then construct refinement mapping ∃ a : Impl a Impl ≡ ∃ ∃ ∃ ∃ ∃ specific rules justifying auxiliary variables: 1 Impl a ⇒ ∃ ∃ ∃ augmented specification refines high-level: ∃ ∃ ∃ x : Spec 2 Two particular kinds of auxiliary variables ◮ history variables: record information about previous states ◮ prophecy variables: predict information about future states Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 6 / 24

  14. Auxiliary Variables Augment implementation, then construct refinement mapping ∃ a : Impl a Impl ≡ ∃ ∃ ∃ ∃ ∃ specific rules justifying auxiliary variables: 1 Impl a ⇒ ∃ ∃ ∃ augmented specification refines high-level: ∃ ∃ ∃ x : Spec 2 Two particular kinds of auxiliary variables ◮ history variables: record information about previous states ◮ prophecy variables: predict information about future states Classic reference M. Abadi, L. Lamport. The Existence of Refinement Mappings. TCS (1991). ◮ introduces history and prophecy variables ◮ proves completeness under certain conditions ◮ closely related: forward / backward simulations Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 6 / 24

  15. Outline Refinement Mappings 1 History Variables 2 Simple Prophecy Variables 3 Arrays of Auxiliary Variables 4 Stuttering Variables 5 Establishing Completeness 6 Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 7 / 24

  16. Record Information About Past States Update history variable at every transition ∃ h : Spec ∧ h = h 0 ∧ � [ vars ′ � = vars ∧ h ′ = f ( h )] � vars , h � Spec ≡ ∃ ∃ ∃ ∃ ∃ ◮ variable h does not occur in Spec , vars or h 0 ◮ term f ( h ) does not contain h ′ ◮ h 0 is the initial value of the history variable ◮ f represents the update function applied at every observable step Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 8 / 24

  17. Record Information About Past States Update history variable at every transition ∃ h : Spec ∧ h = h 0 ∧ � [ vars ′ � = vars ∧ h ′ = f ( h )] � vars , h � Spec ≡ ∃ ∃ ∃ ∃ ∃ ◮ variable h does not occur in Spec , vars or h 0 ◮ term f ( h ) does not contain h ′ ◮ h 0 is the initial value of the history variable ◮ f represents the update function applied at every observable step Example: step counter ∃ h : Spec ∧ h = 0 ∧ � [ vars ′ � = vars ∧ h ′ = h + 1 ] � vars , h � Spec ≡ ∃ ∃ ∃ ∃ ∃ ◮ similar: record the input values during executions of Spec 2 Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 8 / 24

  18. Parameterized Refinement Mappings Idea: many refinement mappings are better than one introduce parameterized specification equivalent to low-level spec 1 Impl ≡ ∃ β ∈ S : PImpl ( β ) define separate refinement mappings per parameter value 2 ∀ β ∈ S : PImpl ( β ) ⇒ Spec { f ( β ) / x } Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 9 / 24

  19. Parameterized Refinement Mappings Idea: many refinement mappings are better than one introduce parameterized specification equivalent to low-level spec 1 Impl ≡ ∃ β ∈ S : PImpl ( β ) define separate refinement mappings per parameter value 2 ∀ β ∈ S : PImpl ( β ) ⇒ Spec { f ( β ) / x } Example: introduce a downward counter = n = 0 ∧ � [ n ′ = n + 1 ] � n � ∧ ♦� [ n ′ = n ] � n � ∆ Impl = n = 0 ∧ k ∈ N ∧ � [ k > 0 ∧ n ′ = n + 1 ∧ k ′ = k − 1 ] � k , n � ∆ Spec Prove Impl ⇒ ∃ ∃ ∃ ∃ ∃ ∃ k : Spec Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 9 / 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PixelCNN Models with Auxiliary Variables for Natural Image Modeling Alexander Kolesnikov*,

PixelCNN Models with Auxiliary Variables for Natural Image Modeling Alexander Kolesnikov*,

PixelCNN Models with Auxiliary Variables for Natural Image Modeling Alexander Kolesnikov*, Christoph H. Lampert* *IST Austria ICML 2017 PixelCNN Models with Auxiliary Variables 1. What is the task? 2. PixelCNN model (recap of last coffeetalk)

369 views • 13 slides
Beyond Backprop: Online Alternating Minimization with Auxiliary Variables NYU IBM Sadhana

Beyond Backprop: Online Alternating Minimization with Auxiliary Variables NYU IBM Sadhana

Beyond Backprop: Online Alternating Minimization with Auxiliary Variables NYU IBM Sadhana Ronny Mattia Irina Anna Research Benjamin Kumaravel Luss Rigotti Rish Choromanska Cowen Djallel Brian Viatcheslav Paolo MIT Kingsbury

375 views • 11 slides
VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By VFW Auxiliary

VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By VFW Auxiliary

VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By VFW Auxiliary National Headquarters Staff George Martin, Director of Accounting VFW Auxiliary Headquarters Phone (816) 561 8655 406 West 34 th Street Toll Free

1.12k views • 85 slides
On the Complexity of Simulating Auxiliary Input Yi-Hsiu Chen 1 Kai-Min Chung 2 Jyun-Jie Liao 2 1

On the Complexity of Simulating Auxiliary Input Yi-Hsiu Chen 1 Kai-Min Chung 2 Jyun-Jie Liao 2 1

On the Complexity of Simulating Auxiliary Input Yi-Hsiu Chen 1 Kai-Min Chung 2 Jyun-Jie Liao 2 1 Harvard University, Cambridge, USA 2 Academia Sinica, Taipei, Taiwan 1 / 18 Simulating Auxiliary Input [JP14] Consider random variables ( X , Z )

868 views • 62 slides
VFW Auxiliary INVESTMENTS HELD AT VFW AUXILIARY NATIONAL HEADQUARTERS Presented By George

VFW Auxiliary INVESTMENTS HELD AT VFW AUXILIARY NATIONAL HEADQUARTERS Presented By George

VFW Auxiliary INVESTMENTS HELD AT VFW AUXILIARY NATIONAL HEADQUARTERS Presented By George Martin Director of Accounting VFW Auxiliary Headquarters Phone (816) 561 8655 406 West 34 th Street Toll Free (866) 299 1286 10 th Floor Fax

392 views • 8 slides
VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By George Martin

VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By George Martin

VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By George Martin Director of Accounting VFW Auxiliary Headquarters Phone (816) 561 8655 406 West 34 th Street Toll Free (866) 299 1286 10 th Floor Fax (816) 931

461 views • 30 slides
Office of Auxiliary Services Presented by Dr. Gregory A. McCord Chief Auxiliary Services Officer

Office of Auxiliary Services Presented by Dr. Gregory A. McCord Chief Auxiliary Services Officer

Beaufort County School District Office of Auxiliary Services Presented by Dr. Gregory A. McCord Chief Auxiliary Services Officer November 28, 2017 Auxiliary Services..its a team effort!!! Dr. Gregory A. McCord, Chief Auxiliary Services

190 views • 15 slides
Dependency Parse Dependency Tags aux auxiliary auxpass passive auxiliary cop

Dependency Parse Dependency Tags aux auxiliary auxpass passive auxiliary cop

Dependency Parse Dependency Tags aux auxiliary auxpass passive auxiliary cop -- copula conj conjunct cc coordination ref -- referent subj subject nsubj nominal subject nsubjpass

1.18k views • 69 slides
Term Rep placement Deep rep lacement Auxiliary constructor i Auxiliary constructor i module

Term Rep placement Deep rep lacement Auxiliary constructor i Auxiliary constructor i module

Term Rep placement Deep rep lacement Auxiliary constructor i Auxiliary constructor i module Tree-drepl d l T d l imports Tree-syntax Deep replacement: repla ace only occurrences close exports A bottom-up transformer that to the

183 views • 14 slides
Closures & Scoping Variables Parameters Local variables Free variables

Closures & Scoping Variables Parameters Local variables Free variables

CS152 Programming Language Paradigms Prof. Tom Austin, Fall 2016 Closures & Scoping Variables Parameters Local variables Free variables Variables not defined in the current scope e.g. global variables #!/bin/bash Is x

569 views • 13 slides
Y TP YUKAWA INSTITUTE FOR THEORETICAL PHYSICS 1/21 Motivation Introduction Auxiliary Field

Y TP YUKAWA INSTITUTE FOR THEORETICAL PHYSICS 1/21 Motivation Introduction Auxiliary Field

Motivation Introduction Auxiliary Field Quantum Monte Carlo Methods Results Summary Acknowledgments Auxiliary-Field Monte Carlo method for strongly paired fermions Faisal Etminan M. M. Firoozabadi University of Birjand String and Fields

535 views • 21 slides
Standard form of the maximum principle The controlled system of diff. equations dx i dt = f i ( x,

Standard form of the maximum principle The controlled system of diff. equations dx i dt = f i ( x,

I Standard form of the maximum principle The controlled system of diff. equations dx i dt = f i ( x, u ) , x R n , u U, contravariant variables with upper indices, f 1 , . . . , f n covariant auxiliary variables with lower in-

203 views • 7 slides
YCL Week 3 Lets talk about variables! Variables Variables are containers for data. Variables

YCL Week 3 Lets talk about variables! Variables Variables are containers for data. Variables

YCL Week 3 Lets talk about variables! Variables Variables are containers for data. Variables have two parts: a name and a value, which is of a certain data type. A variables value is usually assigned to it using an equal sign. x = 5

171 views • 15 slides
Revisiting Paulsons Theory of the Con- structible Universe with Isar and Sledge-

Revisiting Paulsons Theory of the Con- structible Universe with Isar and Sledge-

Revisiting Paulsons Theory of the Con- structible Universe with Isar and Sledge- hammer Ioanna M. Dimitriou H. and Peter Koepke, University of Bonn, Germany AITP 2016 Obergurgl, Austria, April 3-7, 2016 Revisiting Paulsons

703 views • 33 slides
Using Auxiliary Information Under a Pier Francesco Perri Generic Sampling Design Theoretical

Using Auxiliary Information Under a Pier Francesco Perri Generic Sampling Design Theoretical

19th International Conference on Computational Statistics Giancarlo Diana, Using Auxiliary Information Under a Pier Francesco Perri Generic Sampling Design Theoretical results Auxiliary information A class of estimators The best

842 views • 52 slides
Multimodal Biometrics with Auxiliary Information Quality, Userspecific, Cohort information

Multimodal Biometrics with Auxiliary Information Quality, Userspecific, Cohort information

Multimodal Biometrics with Auxiliary Information Quality, Userspecific, Cohort information and beyond Norman Poh Talk Outline Part I: Bayesian classifiers and decision theory Part II: Sources of auxiliary information Biometric

916 views • 53 slides
Effects Techniques Used in Uncharted 3: Drakes Deception Marshall Robin Graphics/Effects

Effects Techniques Used in Uncharted 3: Drakes Deception Marshall Robin Graphics/Effects

Effects Techniques Used in Uncharted 3: Drakes Deception Marshall Robin Graphics/Effects Programmer, Naughty Dog <mrobin@naughtydog.com> @mrobin604 Monday, March 12, 12 Good afternoon, and welcome to my talk on the effects techniques

1.17k views • 74 slides
A Simple Model of Separation Logic for Higher-order Store Lars Birkedal IT University of

A Simple Model of Separation Logic for Higher-order Store Lars Birkedal IT University of

A Simple Model of Separation Logic for Higher-order Store Lars Birkedal IT University of Copenhagen Joint work with B. Reus, J. Schwinghammer, H. Yang July, 2008 Lars Birkedal (ITU) Sep. Logic for Higher-order Store ICALP 1 / 20

457 views • 20 slides
The Global Ne+lix Pla+orm A Large Scale Java oriented PaaS

The Global Ne+lix Pla+orm A Large Scale Java oriented PaaS

The Global Ne+lix Pla+orm A Large Scale Java oriented PaaS running on AWS October 24th, 2011 Adrian Cockcro6 @adrianco #ne9lixcloud

1.13k views • 75 slides
Navigating for Recovery & Reset Regional Director, Commercial Banking, NatWest Victoria

Navigating for Recovery & Reset Regional Director, Commercial Banking, NatWest Victoria

Ask the experts Your Business Navigating for Recovery & Reset Regional Director, Commercial Banking, NatWest Victoria Kerton Growth outlook in the red for 2020. Recent surge in new cases might further dampen economic mood. Market bakes

281 views • 13 slides
Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17

Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17

Hoare Logic and Model Checking Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Pointers Pointers and state So far, we have been

584 views • 39 slides
Hoare Logic and Model Checking Pointers Kasper Svendsen University of Cambridge CST Part II

Hoare Logic and Model Checking Pointers Kasper Svendsen University of Cambridge CST Part II

Hoare Logic and Model Checking Pointers Kasper Svendsen University of Cambridge CST Part II 2016/17 Acknowledgement: slides heavily based on previous versions by Mike Gordon and Alan Mycroft Pointers and state Pointers and state E ::= N

546 views • 10 slides
Chapter 3 Professor Brendan Morris, SEB 3216, brendan.morris@unlv.edu

Chapter 3 Professor Brendan Morris, SEB 3216, brendan.morris@unlv.edu

Chapter 3 Professor Brendan Morris, SEB 3216, brendan.morris@unlv.edu http://www.ee.unlv.edu/~b1morris/cpe100/ CPE100: Digital Logic Design I Section 1004: Dr. Morris Sequential Logic Design Chapter 3 <1> Chapter 3 :: Topics

990 views • 94 slides
Web Ontology Language (OWL) Need meaning beyond an object-oriented type system RDF (with

Web Ontology Language (OWL) Need meaning beyond an object-oriented type system RDF (with

Web Ontology Language Web Ontology Language (OWL) Need meaning beyond an object-oriented type system RDF (with RDFS) captures the basics, approximating an object-oriented type system OWL provides some of the rest OWL standardizes

320 views • 20 slides

More recommend