computer supported modeling and reasoning
play

Computer Supported Modeling and Reasoning David Basin, Achim D. - PowerPoint PPT Presentation

Jan 25, 2024 •480 likes •1.58k views

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higher-Order Logic Applications: Refinements Burkhart Wolff

  1. Higher-Order Logic Applications: Refinements 1110 Data Refinement Forward Simulation op abs op abs σ ′ σ ′ σabs σabs abs abs ⇒ R R σ ′ σconc σconc conc op conc Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  2. Higher-Order Logic Applications: Refinements 1110 Data Refinement Forward Simulation op abs op abs σ ′ σ ′ σabs σabs abs abs ⇒ R R σ ′ σconc σconc conc op conc σ ′ σabs σabs abs op abs ⇒ R R R σ ′ σ ′ σconc σconc conc conc op conc op conc Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  3. Higher-Order Logic Applications: Refinements 1111 Data Refinement Can we Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  4. Higher-Order Logic Applications: Refinements 1111 Data Refinement Can we • represent refinement in Isabelle ? Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  5. Higher-Order Logic Applications: Refinements 1111 Data Refinement Can we • represent refinement in Isabelle ? • verify and compare refinement notions ? Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  6. Higher-Order Logic Applications: Refinements 1111 Data Refinement Can we • represent refinement in Isabelle ? • verify and compare refinement notions ? • integrate refinement for functions and operations? Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  7. Higher-Order Logic Applications: Refinements 1111 Data Refinement Can we • represent refinement in Isabelle ? • verify and compare refinement notions ? • integrate refinement for functions and operations? YES! In the following, we present a theory of Abstract IOS Specifications and a forward simulation refinement on it. (backward refinement is analogously) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  8. Higher-Order Logic Applications: Refinements 1112 IOS-Forward Simulation An abstract system IOS-step has the type: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  9. Higher-Order Logic Applications: Refinements 1112 IOS-Forward Simulation An abstract system IOS-step has the type: types (’ i , ’o, ’s) ios rel = ”((’i × ’s) × (’o × ’s))set” An Abstract IOS Specification is: (closely related to a Z operation schema): record (’ i ,’ o,’ s) spec = init :: ”’s set” inv :: ”’s set” opn :: ”(’ i , ’o, ’s) ios rel ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  10. Higher-Order Logic Applications: Refinements 1113 IOS-Forward Simulation The generalized abstraction relation on abstract IOS specifications looks as follows: record (’ i ,’ i ’,’ o,’o ’,’ s ,’ s’) abs rel = i :: ”(’ i × ’ i ’) set” o :: ”(’o × ’o’) set” abs :: ”(’s × ’s ’) set” The relation is just a triple of relations on input data, output data and states. Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  11. Higher-Order Logic Applications: Refinements 1114 IOS-Forward Simulation We define a FS-refinement on IOS specifications by its three “proof obligations”: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  12. Higher-Order Logic Applications: Refinements 1114 IOS-Forward Simulation We define a FS-refinement on IOS specifications by its three “proof obligations”: constdefs FS refine :: ” [(’ i ,’ o,’ s) spec, (’ i ,’ i ’,’ o,’o ’,’ s ,’ s’) abs rel , (’ i ’,’ o ’,’ s’) spec] ⇒ bool” A \ < sqsubseteq > R C ≡ FS init A R C ∧ FS corr1 A R C ∧ FS corr2 A R C Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  13. Higher-Order Logic Applications: Refinements 1114 IOS-Forward Simulation We define a FS-refinement on IOS specifications by its three “proof obligations”: constdefs FS refine :: ” [(’ i ,’ o,’ s) spec, (’ i ,’ i ’,’ o,’o ’,’ s ,’ s’) abs rel , (’ i ’,’ o ’,’ s’) spec] ⇒ bool” A \ < sqsubseteq > R C ≡ FS init A R C ∧ FS corr1 A R C ∧ FS corr2 A R C In conceptual notation, we will also write : A ⊑ fs R B for forward simulation (resp. A ⊑ bs R B for backward simulation). Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  14. Higher-Order Logic Applications: Refinements 1115 IOS-Forward Simulation The three conditions are: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  15. Higher-Order Logic Applications: Refinements 1115 IOS-Forward Simulation The three conditions are: • FS init : The set of initial states must be compatible, • FS corr2: When an abstract state transition is possible, then a corresponding concrete state transition must be possible, • FS corr1: When a concrete operation reaches a target state, then the corresponding abstract must exist. Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  16. Higher-Order Logic Applications: Refinements 1115 IOS-Forward Simulation The three conditions are: • FS init : The set of initial states must be compatible, • FS corr2: When an abstract state transition is possible, then a corresponding concrete state transition must be possible, • FS corr1: When a concrete operation reaches a target state, then the corresponding abstract must exist. (Terminology follows [WD96]). Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  17. Higher-Order Logic Applications: Refinements 1116 IOS-Forward Simulation The proof-obligation FS init Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  18. Higher-Order Logic Applications: Refinements 1116 IOS-Forward Simulation The proof-obligation FS init FS init A R C ≡ ∀ cs ∈ (inv C). cs ∈ (init C) − → ∃ as ∈ (inv A). as ∈ (init A) ∧ (as,cs) ∈ abs R Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  19. Higher-Order Logic Applications: Refinements 1116 IOS-Forward Simulation The proof-obligation FS init FS init A R C ≡ ∀ cs ∈ (inv C). cs ∈ (init C) − → ∃ as ∈ (inv A). as ∈ (init A) ∧ (as,cs) ∈ abs R Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  20. Higher-Order Logic Applications: Refinements 1117 IOS-Forward Simulation Recall the diagrams for FS corr2 Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  21. Higher-Order Logic Applications: Refinements 1117 IOS-Forward Simulation Recall the diagrams for FS corr2 op abs op abs σ ′ σ ′ σabs σabs abs abs ⇒ R R σ ′ σconc σconc conc op conc Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  22. Higher-Order Logic Applications: Refinements 1118 IOS-Forward Simulation The formalization for FS corr2 Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  23. Higher-Order Logic Applications: Refinements 1118 IOS-Forward Simulation The formalization for FS corr2 FS corr2 A R C ≡ ∀ as ∈ (inv A). ∀ cs ∈ (inv C). ∀ inp ∈ (Domain(i R)). ∀ inp’ ∈ (Range(i R)). ((inp,as) ∈ Domain (opn A) ∧ (as,cs) ∈ abs R ∧ (inp,inp ’) ∈ i R) − → (inp ’, cs) ∈ Domain(opn C) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  24. Higher-Order Logic Applications: Refinements 1118 IOS-Forward Simulation The formalization for FS corr2 FS corr2 A R C ≡ ∀ as ∈ (inv A). ∀ cs ∈ (inv C). ∀ inp ∈ (Domain(i R)). ∀ inp’ ∈ (Range(i R)). ((inp,as) ∈ Domain (opn A) ∧ (as,cs) ∈ abs R ∧ (inp,inp ’) ∈ i R) − → (inp ’, cs) ∈ Domain(opn C) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  25. Higher-Order Logic Applications: Refinements 1119 IOS-Forward Simulation Recall the diagrams for FS corr1 Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  26. Higher-Order Logic Applications: Refinements 1119 IOS-Forward Simulation Recall the diagrams for FS corr1 σ ′ σabs σabs abs op abs ⇒ R R R σ ′ σ ′ σconc conc σconc conc op conc op conc Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  27. Higher-Order Logic Applications: Refinements 1120 IOS-Forward Simulation Recall the diagrams for FS corr1 Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  28. Higher-Order Logic Applications: Refinements 1120 IOS-Forward Simulation Recall the diagrams for FS corr1 FS corr1 A R C ≡ ∀ as ∈ (inv A). ∀ cs ∈ (inv C). ∀ cs’ ∈ (inv C). ∀ inp ∈ (Domain(i R)). ∀ inp’ ∈ (Range(i R)). ∀ out’ ∈ (Range(o R)). ((inp,as) ∈ Domain(opn A) ∧ (as,cs) ∈ abs R ∧ (inp,inp ’) ∈ i R ∧ ((inp ’, cs ),(out ’, cs ’)) ∈ opn C) − → ( ∃ as’ ∈ (inv A). ∃ out ∈ (Domain(o R)). (as ’, cs ’) ∈ abs R ∧ (out,out’) ∈ o R ∧ ((inp,as ),(out,as ’)) ∈ opn A) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  29. Higher-Order Logic Applications: Refinements 1121 Tayloring IOS-Forward Simulation (1) Tayloring forward simulations for functions : Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  30. Higher-Order Logic Applications: Refinements 1121 Tayloring IOS-Forward Simulation (1) Tayloring forward simulations for functions : Prerequisite: We embed functions as abstract specifications: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  31. Higher-Order Logic Applications: Refinements 1121 Tayloring IOS-Forward Simulation (1) Tayloring forward simulations for functions : Prerequisite: We embed functions as abstract specifications: constdefs fun2op :: ”[’ i set , ’ i ⇒ ’o] ⇒ (’ i ,’ o,unit) spec” ”fun2op precond F ≡ ( | init = { () } , inv = { () } , opn = { (a,b). ∃ x ∈ precond. a=(x,()) ∧ b=(F x,()) }| ) ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  32. Higher-Order Logic Applications: Refinements 1121 Tayloring IOS-Forward Simulation (1) Tayloring forward simulations for functions : Prerequisite: We embed functions as abstract specifications: constdefs fun2op :: ”[’ i set , ’ i ⇒ ’o] ⇒ (’ i ,’ o,unit) spec” ”fun2op precond F ≡ ( | init = { () } , inv = { () } , opn = { (a,b). ∃ x ∈ precond. a=(x,()) ∧ b=(F x,()) }| ) ” procond serves as an additional means to formalize preconditions, under which the refinement is supposed to hold. Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  33. Higher-Order Logic Applications: Refinements 1122 Tayloring IOS-Forward Simulation (1) . . . derive the specialized version FS refine fun : Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  34. Higher-Order Logic Applications: Refinements 1122 Tayloring IOS-Forward Simulation (1) . . . derive the specialized version FS refine fun : [ [ R = ( | i = RI, o = RO, abs = Id | ) ; ∀ inp ∈ pa. A inp ∈ Domain RO; ∀ inp ∈ pa. ∀ inp ’. (inp,inp ’) ∈ RI − → inp’ ∈ pc; ∀ inp ∈ pa. ∀ inp’ ∈ pc. (A inp, C inp’) ∈ RO ] ] = ⇒ (fun2op pa A) \ < sqsubseteq > R (fun2op pc C)” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  35. Higher-Order Logic Applications: Refinements 1122 Tayloring IOS-Forward Simulation (1) . . . derive the specialized version FS refine fun : [ [ R = ( | i = RI, o = RO, abs = Id | ) ; ∀ inp ∈ pa. A inp ∈ Domain RO; ∀ inp ∈ pa. ∀ inp ’. (inp,inp ’) ∈ RI − → inp’ ∈ pc; ∀ inp ∈ pa. ∀ inp’ ∈ pc. (A inp, C inp’) ∈ RO ] ] = ⇒ (fun2op pa A) \ < sqsubseteq > R (fun2op pc C)” Note that the first assumption constrains the structure of the generalized abstraction to default values on dummy states . . . Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  36. Higher-Order Logic Applications: Refinements 1123 Tayloring IOS-Forward Simulation (1) A (standard) example. We assume the usual: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  37. Higher-Order Logic Applications: Refinements 1123 Tayloring IOS-Forward Simulation (1) A (standard) example. We assume the usual: consts insort :: ”[’a :: order , ’a list ] ⇒ ’a list ” is sorted :: ”[’a list ] ⇒ bool” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  38. Higher-Order Logic Applications: Refinements 1123 Tayloring IOS-Forward Simulation (1) A (standard) example. We assume the usual: consts insort :: ”[’a :: order , ’a list ] ⇒ ’a list ” is sorted :: ”[’a list ] ⇒ bool” . . . and set up the refinement relation as: consts data R :: ”(’a :: order set × ’a list )set” set list R :: ”(’a :: order × ’a set ,’ a × ’a list , ’a set ,’ a list , unit , unit) abs rel ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  39. Higher-Order Logic Applications: Refinements 1124 defs data R def: ”data R ≡{ (x,y). x=set y ∧ is sorted y } ” set list R def : ” set list R ≡ ( | i = { (x,y). fst x = fst y ∧ (snd x,snd y) ∈ data R } , o = data R, abs = Id | ) ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  40. Higher-Order Logic Applications: Refinements 1124 defs data R def: ”data R ≡{ (x,y). x=set y ∧ is sorted y } ” set list R def : ” set list R ≡ ( | i = { (x,y). fst x = fst y ∧ (snd x,snd y) ∈ data R } , o = data R, abs = Id | ) ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  41. Higher-Order Logic Applications: Refinements 1125 Tayloring IOS-Forward Simulation (1) A refinement proof is started: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  42. Higher-Order Logic Applications: Refinements 1125 Tayloring IOS-Forward Simulation (1) A refinement proof is started: lemma insert insort refine FS : ”(fun2op { λ (x,S). finite S } ( λ (x,S). insert x S)) \ < sqsubseteq > set list R (fun2op { λ (x,S). is sorted S } ( λ (x,S). insort x S))” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  43. Higher-Order Logic Applications: Refinements 1125 Tayloring IOS-Forward Simulation (1) A refinement proof is started: lemma insert insort refine FS : ”(fun2op { λ (x,S). finite S } ( λ (x,S). insert x S)) \ < sqsubseteq > set list R (fun2op { λ (x,S). is sorted S } ( λ (x,S). insort x S))” . . . and, after applying FS refine fun as introduction rule, we derive the proof obligations: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  44. Higher-Order Logic Applications: Refinements 1125 Tayloring IOS-Forward Simulation (1) A refinement proof is started: lemma insert insort refine FS : ”(fun2op { λ (x,S). finite S } ( λ (x,S). insert x S)) \ < sqsubseteq > set list R (fun2op { λ (x,S). is sorted S } ( λ (x,S). insort x S))” . . . and, after applying FS refine fun as introduction rule, we derive the proof obligations: 1. ∀ a b. finite b − → ( ∃ y. insert a b = set y ∧ is sorted y) 2. ∀ a b. finite b − → ( ∀ aa ba. is sorted ba − → insert a b = set ( insort aa ba) ∧ is sorted ( insort aa ba)) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  45. Higher-Order Logic Applications: Refinements 1126 Tayloring IOS-Forward Simulation (2) . . . derive FS refine opn Z for operations Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  46. Higher-Order Logic Applications: Refinements 1126 Tayloring IOS-Forward Simulation (2) . . . derive FS refine opn Z for operations [ [ R = ( | i = Id, o = Id, abs = Abs | ) ; ∀ cs ∈ (inv C). cs ∈ (init C) − → ∃ as ∈ (inv A). as ∈ (init A) ∧ (as,cs) ∈ Abs; ∀ as ∈ (inv A). ∀ cs ∈ (inv C). ∀ inp ∈ (Domain(i R)). ( pre(opn A)(inp,as) ∧ (as,cs) ∈ (abs R)) − → pre(opn C)(inp,cs ); ∀ as ∈ (inv A). ∀ cs ∈ (inv C). ∀ cs’ ∈ (inv C). ∀ inp. ∀ out. ( pre(opn A)(inp,as) ∧ (as,cs) ∈ Abs ∧ ((inp,cs ),(out,cs ’)) ∈ opn C) − → ∃ as’ ∈ (inv A). (as ’, cs ’) ∈ Abs ∧ ((inp,as ),(out,as ’)) ∈ (opn A)) ] ] = ⇒ A \ < sqsubseteq > R C Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  47. Higher-Order Logic Applications: Refinements 1127 Tayloring IOS-Forward Simulation (2) Do you recognize the pattern? : Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  48. Higher-Order Logic Applications: Refinements 1127 Tayloring IOS-Forward Simulation (2) Do you recognize the pattern? :This represents forward simulation a la [Spi92] and [WD96]): Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  49. Higher-Order Logic Applications: Refinements 1127 Tayloring IOS-Forward Simulation (2) Do you recognize the pattern? :This represents forward simulation a la [Spi92] and [WD96]): ∀ Cstate • Cinit → ( ∃ Astate • Abs ∧ Ainit ) ∀ Astate Cstate Cstate ′ x ? y ! • pre Aop ∧ Abs ∧ Cop → ( ∃ Astate ′ • Abs ′ ∧ Aop ) ∀ Astate Cstate x ? • pre Aop ∧ Abs → pre Cop Note that in this refinement notion, input x ? and output y ! are identical! Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  50. Higher-Order Logic Applications: Refinements 1128 Example: BirthdayBook Refinement A (standard) example: Spivey’s Birthdaybook[Spi92]: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  51. Higher-Order Logic Applications: Refinements 1128 Example: BirthdayBook Refinement A (standard) example: Spivey’s Birthdaybook[Spi92]:The states of the two systems are: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  52. Higher-Order Logic Applications: Refinements 1128 Example: BirthdayBook Refinement A (standard) example: Spivey’s Birthdaybook[Spi92]:The states of the two systems are: record BirthdayBook = birthday :: ”Name ˜= > Date” known :: ”Name set” record BirthdayBook1 = dates :: ”(nat ˜= > Date)” hwm :: nat names :: ”nat ˜= > Name” (The invariant states that known is equal to the domain of birthday). Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  53. Higher-Order Logic Applications: Refinements 1129 Example: BirthdayBook Refinement The two operation schemas are immediately represented as abstract IOS specifications: consts AddBirthday :: ”((Name × Date), unit, BirthdayBook) spec” AddBirthday1:: ”((Name × Date), unit, BirthdayBook1) spec” . . . Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  54. Higher-Order Logic Applications: Refinements 1130 Example: BirthdayBook Refinement The abstraction relation between the underlying states is: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  55. Higher-Order Logic Applications: Refinements 1130 Example: BirthdayBook Refinement The abstraction relation between the underlying states is: constdefs Abs :: ”(BirthdayBook × BirthdayBook1) set” ”Abs ≡ { (x,y ).(( known x) = { n. ∃ i ∈{ 1..(hwm y) } . n = the (names y i) } ) ∧ ( ∀ i ∈{ 1..(hwm y) } . birthday x (the(names y i)) = dates y (the(names y i))) } ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  56. Higher-Order Logic Applications: Refinements 1130 Example: BirthdayBook Refinement The abstraction relation between the underlying states is: constdefs Abs :: ”(BirthdayBook × BirthdayBook1) set” ”Abs ≡ { (x,y ).(( known x) = { n. ∃ i ∈{ 1..(hwm y) } . n = the (names y i) } ) ∧ ( ∀ i ∈{ 1..(hwm y) } . birthday x (the(names y i)) = dates y (the(names y i))) } ” . . . which is generalized to: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  57. Higher-Order Logic Applications: Refinements 1130 Example: BirthdayBook Refinement The abstraction relation between the underlying states is: constdefs Abs :: ”(BirthdayBook × BirthdayBook1) set” ”Abs ≡ { (x,y ).(( known x) = { n. ∃ i ∈{ 1..(hwm y) } . n = the (names y i) } ) ∧ ( ∀ i ∈{ 1..(hwm y) } . birthday x (the(names y i)) = dates y (the(names y i))) } ” . . . which is generalized to: constdefs gen Abs :: ”(’a ,’ a ,’ b,’b,BirthdayBook,BirthdayBook1) abs rel” ”gen Abs ≡ ( | i = Id, o = Id, abs = Abs | ) ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  58. Higher-Order Logic Applications: Refinements 1131 Example: BirthdayBook Refinement The question to be asked: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  59. Higher-Order Logic Applications: Refinements 1131 Example: BirthdayBook Refinement The question to be asked: lemma AddBrithday FS refine : ”AddBirthday \ < sqsubseteq > gen Abs AddBirthday1” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  60. Higher-Order Logic Applications: Refinements 1132 Example: BirthdayBook Refinement Applying FS refine opn Z yields: Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  61. Higher-Order Logic Applications: Refinements 1132 Example: BirthdayBook Refinement Applying FS refine opn Z yields: 1. ∀ cs ∈ spec.inv AddBirthday1. cs ∈ init AddBirthday1 − → ( ∃ as ∈ inv AddBirthday. as ∈ init AddBirthday ∧ (as,cs) ∈ Abs) 2. ∀ as ∈ inv AddBirthday. ∀ cs ∈ inv AddBirthday1. ∀ inp. pre(opn AddBirthday)(inp,as) ∧ (as,cs) ∈ Abs − → pre(opn AddBirthday1)(inp,cs) 3. ∀ as ∈ inv AddBirthday. ∀ cs ∈ inv AddBirthday1. ∀ cs’ ∈ inv AddBirthday1. ∀ inp out. pre(opn AddBirthday)(inp,as) ∧ (as,cs) ∈ Abs ∧ ((inp,cs ),out,cs ’) ∈ opn AddBirthday1 − → ∃ as’ ∈ inv AddBirthday. (as ’, cs ’) ∈ Abs ∧ ((inp,as),out,as’) ∈ opn AddBirthday Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  62. Higher-Order Logic Applications: Refinements 1133 (see [Spi92] and the HOL-Z-disribution [BRW03]!) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  63. Higher-Order Logic Applications: Refinements 1134 Connection to Behavioral Refinement(1) • How do abstract IOS specifications relate to behavioral models? Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  64. Higher-Order Logic Applications: Refinements 1134 Connection to Behavioral Refinement(1) • How do abstract IOS specifications relate to behavioral models? • Can we extend reasoning over refinements of individual system steps to sequences of steps ? Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  65. Higher-Order Logic Applications: Refinements 1134 Connection to Behavioral Refinement(1) • How do abstract IOS specifications relate to behavioral models? • Can we extend reasoning over refinements of individual system steps to sequences of steps ? • How do established notions of behavioral specification relate to forward/backward simulation ? Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  66. Higher-Order Logic Applications: Refinements 1134 Connection to Behavioral Refinement(1) • How do abstract IOS specifications relate to behavioral models? • Can we extend reasoning over refinements of individual system steps to sequences of steps ? • How do established notions of behavioral specification relate to forward/backward simulation ? Partial Answer: abstract IOS specifications generate behavioral notions like Kripke-Structures, (Event) Traces and (Event) Failures. The former talks about states, the latter two over “observable input/output”(=Events) Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  67. Higher-Order Logic Applications: Refinements 1135 Connection to Behavioral Refinement(1) State Projection into Kripke Structures : Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  68. Higher-Order Logic Applications: Refinements 1135 Connection to Behavioral Refinement(1) State Projection into Kripke Structures : types ’s trace = ”nat ⇒ ’s” record ’s kripke = init :: ”’s set” step :: ”(’s × ’s) set” constdefs state projection :: ”(’ i ,’ o,’ s) spec ⇒ ’s kripke” ” state projection A ≡ ( | kripke . init = spec. init A, kripke .step = { (s1,s2). ∃ i ’ o ’.(( i ’, s1 ),(o’, s2)) ∈ spec.opn A }| ) ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  69. Higher-Order Logic Applications: Refinements 1136 Connection to Behavioral Refinement(1) constdefs is trace :: ”[’ s kripke , ’s trace ] = > bool” ” is trace K t ≡ t 0 ∈ kripke . init K ∧ ( ∀ i. (t i , t (Suc i)) ∈ kripke .step K)” traces :: ”’s kripke = > ’s trace set” ”traces K ≡ { t. is trace K t } ” Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  70. Higher-Order Logic Applications: Refinements 1136 Connection to Behavioral Refinement(1) constdefs is trace :: ”[’ s kripke , ’s trace ] = > bool” ” is trace K t ≡ t 0 ∈ kripke . init K ∧ ( ∀ i. (t i , t (Suc i)) ∈ kripke .step K)” traces :: ”’s kripke = > ’s trace set” ”traces K ≡ { t. is trace K t } ” And now, a standard temporal logics K | = φ can be defined on top of the Kripke structure K . Open problem: Under which conditions can a forward refinement allow for system abstractions? [ [ A \ < sqsubseteq > R C; kripke projection A | = phi ] ] = ⇒ kripke projection C | = phi Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

  71. Higher-Order Logic Applications: Refinements 1137 Wolff: HOL Applications: HOL-Z; http://www.infsec.ethz.ch/education/permanent/csmr/ (rev. 16802)

Recommend

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Metatheory I: Syntax David Basin ETH Zurich 8.11.04 Computer

261 views • 23 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higher-Order Logic Application: Denotational Semantics for Functional

999 views • 83 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higher-Order Logic Application: Denotational Semantics for Functional

709 views • 52 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higher-Order Logic Applications: HOL-OCL Achim D. Brucker

873 views • 86 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higher-Order Logic Applications: Refinements Burkhart Wolff

526 views • 41 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Isabelle: Automation by Proof Search Burkhart Wolff Isabelle:

571 views • 46 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higer-Order Logic: Derived Rules David Basin Higer-Order Logic:

534 views • 39 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Motivation and Background David Basin, Burkhart Wolff, and Jan-Georg

1.29k views • 116 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Motivation and Background David Basin, Burkhart Wolff, and Jan-Georg

1.78k views • 158 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Na ve Set Theory David Basin, Burkhart Wolff, and Jan-Georg

897 views • 54 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Introduction David Basin and Burkhart Wolff Introduction 3 What

637 views • 29 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Introduction David Basin and Burkhart Wolff Introduction 3 What

605 views • 36 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Higher-Order Logic: Arithmetic Burkhart Wolff Higher-Order Logic:

372 views • 33 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Isabelle: Term Rewriting Burkhart Wolff Isabelle: Term Rewriting 555

662 views • 32 slides
Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and

Computer Supported Modeling and Reasoning David Basin, Achim D. Brucker, Jan-Georg Smaus, and Burkhart Wolff April 2005 http://www.infsec.ethz.ch/education/permanent/csmr/ Isabelle: Term Rewriting Burkhart Wolff Isabelle: Term Rewriting 555

762 views • 43 slides
Reasoning about reasoning by nested conditioning: Modeling theory of mind with probabilistic

Reasoning about reasoning by nested conditioning: Modeling theory of mind with probabilistic

Reasoning about reasoning by nested conditioning: Modeling theory of mind with probabilistic programs November 8, 2019 Zikun Chen, Alex Chang Main Idea model the flexibility and inherent uncertainty of reasoning about agents with

417 views • 29 slides
Constraint Satisfaction: Modeling and Reformulation with Modeling and Reformulation with

Constraint Satisfaction: Modeling and Reformulation with Modeling and Reformulation with

Constraint Satisfaction: Modeling and Reformulation with Modeling and Reformulation with Application to Geospatial Reasoning Berthe Y. Choueiry Constraint Systems Laboratory y y Department of Computer Science &amp; Engineering University of

643 views • 50 slides
Three Research Areas Reasoning Action Interaction 2 Reasoning Modeling human and

Three Research Areas Reasoning Action Interaction 2 Reasoning Modeling human and

International Networking Christian Freksa www.spatial-cognition.de Three Research Areas Reasoning Action Interaction 2 Reasoning Modeling human and external cognition Spatial assistance for experts and lay people Human

342 views • 6 slides
From Tool Supported Performance Modeling of Regular Algorithms to Modeling of Irregular

From Tool Supported Performance Modeling of Regular Algorithms to Modeling of Irregular

ERLANGEN REGIONAL COMPUTING CENTER [RRZE] From Tool Supported Performance Modeling of Regular Algorithms to Modeling of Irregular Algorithms Julian Hammer Georg Hager Jan Eitzinger Gerhard Wellein Overview 1. Loop Kernels 2. Roofline and

1.11k views • 42 slides
Modeling the Mind with Logic Selmer Bringsjord Rensselaer AI &amp; Reasoning (RAIR) Lab

Modeling the Mind with Logic Selmer Bringsjord Rensselaer AI &amp; Reasoning (RAIR) Lab

Modeling the Mind with Logic Selmer Bringsjord Rensselaer AI &amp; Reasoning (RAIR) Lab Department of Cognitve Science Department of Computer Science Rensselaer Polytechnic Institute (RPI) Troy NY 12180 USA 3.6.09 Arlington VA Sunday, March

730 views • 70 slides
Probabilis)c Reasoning for Assembly-Based 3D Modeling

Probabilis)c Reasoning for Assembly-Based 3D Modeling

Probabilis)c Reasoning for Assembly-Based 3D Modeling Siddhartha Chaudhuri, Evangelos Kalogerakis, Leonidas Guibas, Vladlen Koltun Stanford University

899 views • 67 slides
Modeling Reasoning with Making it uncertainty uncertainty practical Learning queries on

Modeling Reasoning with Making it uncertainty uncertainty practical Learning queries on

Handling Incomplete, Uncertain, Inconsistent Data Important subject: such data is everywhere Key research challenges Tools/techniques we need Neighbors Some more general thoughts Modeling Reasoning with Making it uncertainty

174 views • 5 slides
Visual Analytics Visual Analytics is the science of analytical reasoning supported by interactive

Visual Analytics Visual Analytics is the science of analytical reasoning supported by interactive

Analytical reasoning empowered by visual interaction Visual Analytics Visual Analytics is the science of analytical reasoning supported by interactive visual interfaces. -Illuminating the Path: Research and Development Agenda for Visual

599 views • 22 slides
Computer Simulation Modeling Jonathan Thaler Department of Computer Science 1 / 61 Modeling

Computer Simulation Modeling Jonathan Thaler Department of Computer Science 1 / 61 Modeling

Computer Simulation Modeling Jonathan Thaler Department of Computer Science 1 / 61 Modeling Modeling Modeling is the process of abstraction of a simulation model from the part of the real world it is representing. However, there are an

637 views • 61 slides

More recommend