The Relational Database Engine: An Efficient Validator of T emporal - PowerPoint PPT Presentation

The Relational Database Engine: An Efficient Validator of T emporal Properties on Event T races Jason Vallet, Aouatef Mrad, Sylvain Hallé*, Éric Beaudet Université du Québec à Chicoutimi Novum Solutions CANADA CANADA Fonds de recherche sur la nature NSERC et les technologies CRSNG Sylvain Hallé

How high is this building? How high is this building? ? Sylvain Hallé

How high is this building? Sylvain Hallé

How high is this building? h = 4.9 t 2 Sylvain Hallé

How high is this building? h T = 2π 9.8 Sylvain Hallé

How high is this building? c 2 h = T Sylvain Hallé

How high is this building? p g M ( ( R L p = p 1 - L h 0 T 0 Sylvain Hallé

How high is this building? How high is this building? Answer derived from indirect measurements No single "best" solution Sylvain Hallé Sylvain Hallé

T race validation ? τ ⊧ φ A sequence of satisfies Some assertion events on that sequence Web server log Algos FSM Execution trace Tools LTL . . . . . . Sylvain Hallé Sylvain Hallé

> T < r o t a r e t I

hasNext > T < r o t a r e t I next

A call to next must be preceded by a call to hasNext hasNext > T < r o t a r e t I next

A B

No CartCreate request can occur before a LoginResponse message A B

Login

Three successive login attempts should trigger an alarm Login

Receive order

Ready? Receive order

Yes Ready? Receive order

Yes Ready? No Receive order Ship File order

A received order must eventually be shipped Yes Ready? No Receive order Ship File order

Let be a set of event symbols. A A trace m is a mapping from ℕ to the set of events : . . . 0 1 2 3 4 ℕ c a a b b A

X next ¬ → ∧ G globally + + A F eventually ¬ → ∧ U until Ground Boolean Temporal terms connectives operators = Linear Temporal Logic

Let be the set of all possible LTL formulas. Φ ℕ The function ℒ : Φ → 2 labels each state with a set of LTL formulas . . . 0 1 2 3 4 ℕ c a a b b A

Let be the set of all possible LTL formulas. Φ ℕ The function ℒ : Φ → 2 labels each state with a set of LTL formulas b b b ℒ G (a → b) G (a → b) c b ∨ c ∧ ∧ ∧ ∨ b a a a . . . 0 1 2 3 4 ℕ c a a b b A Example: ℒ (a ∧ b) = {0,1,4,...}

⇔ m ( i ) = a i ∈ ℒ (a) i ∈ ℒ (¬ φ ) ⇔ i ∉ ℒ ( φ ) i ∈ ℒ ( φ∧ψ ) ⇔ i ∈ ℒ ( φ ) and i ∈ ℒ ( ψ ) i ∈ ℒ ( φ∨ψ ) ⇔ i ∈ ℒ ( φ ) or i ∈ ℒ ( ψ ) i ∈ ℒ ( X φ ) ⇔ i +1 ∈ ℒ ( φ ) i ∈ ℒ ( G φ ) ⇔ j ∈ ℒ ( φ ) for all j ≥ i i ∈ ℒ ( F φ ) ⇔ j ∈ ℒ ( φ ) for some j ≥ i i ∈ ℒ ( φ U ψ ) ⇔ j ∈ ℒ ( ψ ) for some j ≥ i and k ∈ ℒ ( φ ) for all j ≥ k ≥ i

Theorem i ∈ ℒ ( φ ) exactly when the trace m ( i ), m ( i +1), ... satisfies φ φ φ ψ ψ σ σ . . . 0 1 2 3 4

Theorem i ∈ ℒ ( φ ) exactly when the trace m ( i ), m ( i +1), ... satisfies φ φ φ ψ ψ σ σ . . . 0 1 2 3 4 Therefore... 0 ∈ ℒ ( φ ) ⇔ m ⊧ φ

A call to next must be followed by a call to hasNext No CartCreate request can occur before a LoginResponse message A received order must eventually be shipped Three successive login attempts should trigger an alarm

A call to next must be followed by a call to hasNext G (next → X hasNext) No CartCreate request can occur before a LoginResponse message A received order must eventually be shipped Three successive login attempts should trigger an alarm

A call to next must be followed by a call to hasNext G (next → X hasNext) No CartCreate request can occur before a LoginResponse message ¬ CartCreate U hasNext A received order must eventually be shipped Three successive login attempts should trigger an alarm

A call to next must be followed by a call to hasNext G (next → X hasNext) No CartCreate request can occur before a LoginResponse message ¬ CartCreate U hasNext A received order must eventually be shipped G (receive → F ship) Three successive login attempts should trigger an alarm

A call to next must be followed by a call to hasNext G (next → X hasNext) No CartCreate request can occur before a LoginResponse message ¬ CartCreate U hasNext A received order must eventually be shipped G (receive → F ship) Three successive login attempts should trigger an alarm G ¬(fail ∧ ( X (fail ∧ X fail)))

Four types of traces τ : a mapping from ℕ to events in E = { e ₀ , e ₁ , ...} 1 2 3 4 Multi-valued Single-valued Fixed schema Atomic e ᵢ : P ᵢ → 2 V e ᵢ : P ᵢ → V e ᵢ : P → V e ᵢ = a Parameters Values <event> <event> p q r <p>13</p> <p>13</p> 13 8 6 <q>8</q> <q>8</q> 12 4 10 <q>6</q> <r>6</r> 9 2 8 </event> </event> Sylvain Hallé

Specification languages φ : an expression in some specification language Linear Temporal Logic (LTL) G p ₀ ≠ 0 First-order Linear Temporal Logic (LTL-FO+) F ( ∀ x ∈ /event/ p ₀ : x = 0) Regular expressions ^a+b.*b?c$ SQL SELECT * FROM events WHERE p0=0... Sylvain Hallé

Software and algorithms ⊧ : an algorithm to evaluate satisfiability 〈 T , L 〉 for inputs in format T against assertions in language L BeepBeep, Monid, Logscope, MySQL, ProM, NuSMV , Spin, SEQ.OPEN, . . . Sylvain Hallé

Saxon BeepBeep NuSMV Spin MySQL Maude MonPoly Islands? 〈 LTL, single-valued 〉 〈 SQL, fixed schema 〉 〈 LTL-FO+, multi-valued 〉 〈 LTL, atomic 〉 〈 XQuery, multi-valued 〉 〈 MFOTL, single-valued 〉 Sylvain Hallé

BabelT race XML Application Reader CSV τ XES φ T ranslator Launcher File T/F Sylvain Hallé

T ransduction ( τ ', φ ') ∈ 〈 T ' , L ' 〉 ( τ , φ ) ∈ 〈 T , L 〉 T ransduc er ⇔ ⊧ 〈 T , L 〉 ⊧ 〈 T ' , L ' 〉 τ φ τ' φ' Transduction preserves logical equivalence Chaining transducers allows an application to verify a property on a trace expressed in a different format/language pair Sylvain Hallé

* Spin ⊆ ⊆ * ⊆ MonPoly Maude MySQL NuSMV BeepBeep Saxon Islands? 〈 LTL, single-valued 〉 〈 SQL, fixed schema 〉 〈 LTL-FO+, multi-valued 〉 〈 LTL-FO+, single-valued 〉 〈 LTL, atomic 〉 〈 XQuery, multi-valued 〉 〈 MFOTL, single-valued 〉 Sylvain Hallé

* Spin ⊆ ⊆ * ⊆ MonPoly Maude MySQL NuSMV BeepBeep Saxon Islands? 〈 LTL, single-valued 〉 〈 SQL, fixed schema 〉 〈 LTL-FO+, multi-valued 〉 〈 LTL-FO+, single-valued 〉 〈 LTL, atomic 〉 〈 XQuery, multi-valued 〉 〈 MFOTL, single-valued 〉 Sylvain Hallé

* Spin ⊆ ⊆ * ⊆ MonPoly Maude MySQL NuSMV BeepBeep Saxon Islands? 〈 LTL, single-valued 〉 〈 SQL, fixed schema 〉 〈 LTL-FO+, multi-valued 〉 〈 LTL-FO+, single-valued 〉 〈 LTL, atomic 〉 〈 XQuery, multi-valued 〉 〈 MFOTL, single-valued 〉 Sylvain Hallé

* Spin ⊆ ⊆ * ⊆ MonPoly Maude MySQL NuSMV BeepBeep Saxon Islands? 〈 LTL, single-valued 〉 〈 SQL, fixed schema 〉 〈 LTL-FO+, multi-valued 〉 〈 LTL-FO+, single-valued 〉 〈 LTL, atomic 〉 〈 XQuery, multi-valued 〉 〈 MFOTL, single-valued 〉 Sylvain Hallé

* Spin ⊆ ⊆ * ⊆ MonPoly Maude MySQL NuSMV BeepBeep Saxon Islands? 〈 LTL, single-valued 〉 〈 SQL, fixed schema 〉 〈 LTL-FO+, multi-valued 〉 〈 LTL-FO+, single-valued 〉 〈 LTL, atomic 〉 〈 XQuery, multi-valued 〉 〈 MFOTL, single-valued 〉 Sylvain Hallé

* Spin ⊆ ⊆ * ⊆ MonPoly Maude MySQL NuSMV BeepBeep Saxon Islands? 〈 LTL, single-valued 〉 〈 SQL, fixed schema 〉 〈 LTL-FO+, multi-valued 〉 〈 LTL-FO+, single-valued 〉 〈 LTL, atomic 〉 〈 XQuery, multi-valued 〉 〈 MFOTL, single-valued 〉 Sylvain Hallé

Format of an event trace Sequential number Event attributes n Action SessionId CartId ItemId 0 CartCreate 1234 null null 1 CartCreateResponse 1234 45603 null 2 CartAdd 1234 45603 005-40958 3 CartClear 1234 45603 null Event Sylvain Hallé

From LTL to SQL Recursive function ω LTL formula SQL query φ Evaluate n T : i ∈ T 0 if and only if 2 i τ ⊧ φ ... Sylvain Hallé

From LTL to SQL Base case: assertions of the form x=y ω ( x = y ) ≡ SELECT n FROM T WHERE x = y ℓ Create a table containing event numbers n that satisfy the assertion Sylvain Hallé

From LTL to SQL Boolean connectives: combine tables computed at a previous step ω ( ϕ ∨ ψ ) ≡ ω + 1 ( ϕ ) UNION ω + 1 ( ψ ) ℓ ℓ ℓ ω ( ϕ ∧ ψ ) ≡ ω + 1 ( ϕ ) INTERSECT ω + 1 ( ψ ) ℓ ℓ ℓ ω (¬ ϕ ) ≡ T MINUS ω + 1 ( ϕ ) ℓ ℓ Sylvain Hallé

From LTL to SQL X φ : put n -1 in the output table if n is in the table computed for φ ω ( X ϕ ) ≡ SELECT n − 1 FROM ω + 1 ( ϕ ) ℓ ℓ Sylvain Hallé