Logical Foundations of Multiset Rewriting Iliano Cervesato - PowerPoint PPT Presentation

Logical Foundations of Multiset Rewriting Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC http://www.cs.stanford.edu/~iliano TACL Seminar, CS Department, Princeton University October 17, 2003

Outline Motivations • Propositional multiset rewriting •  Interpretation in linear logic  Interpretation as linear logic Logical extension •  First-order multiset rewriting  ω -multisets Applications •  Specification of security protocols  A bridge to process algebra MSR 3.0 1

Motivations Multiset rewriting (a.k.a. Petri nets)  Fundamental model of distributed computing Competitor: Process Algebras   Basis for security protocol spec. languages MSR family  … several others   Many extensions, more or less ad hoc Shallow relations to logic •  Simple encodings  No deep insight MSR 3.0 2

This Work Show that multiset rewriting has • deeper relations to logic  Interpretation as logic, rather than  Interpretation in logic Explain and rationalize extensions • Better specification languages • Bridge to process algebra • MSR 3.0 3

Multiset Rewriting Multiset: set with repetitions allowed • a ::= • | a, a  Commutative monoid “,” is operation  “ • ” is identity  (“,” is commutative, associative, with “ • ” as unit) Rewrite rule: • a b →  Monoidal rewriting MSR 3.0 4

Semantics of Multiset Rewriting Base step: s s’  R • a, s b, s  R, (a → b) Reachability Infinity • • s 0  *R s n s 0  *R  Iteration of   Limit of _  * _ R  R&T closure of  MSR 3.0 5

Linear Logic Logic with formulas as resources Formulas • A ::= a | A ⊗ A | 1 | A ⎯ο A | … Judgment (DILL / LV sequent) • Γ ; Δ --> A Linear context Unrestricted context - subject to exchange, - subject to weakening and contraction exchange only - behaves like context in traditional logic MSR 3.0 6

Some Rules Γ ; Δ , A, B --> C Γ ; Δ 1 --> A Γ ; Δ 2 --> B Γ ; Δ , A ⊗ B --> C Γ ; Δ 1 , Δ 2 --> A ⊗ B Γ ; Δ --> C Γ ; Δ , 1 --> C Γ ; ⋅ --> 1 Γ ; Δ 1 --> A Γ ; Δ 2 , B --> C Γ ; Δ , A --> B Γ ; Δ 1 , Δ 2 , A ⎯ο B --> C Γ ; Δ --> A ⎯ο B Γ , A; Δ , A --> C Γ ; A --> A Γ , A; Δ --> C MSR 3.0 7

LL Interpretation of MSR Several possibilities •  “Conjunctive” encoding Objective • R ; s 0 s n  * ; Δ --> A Γ  Reachability mapped to derivability MSR 3.0 8

Encoding R • s n •  →  ⎯ο  ,  ⊗  1  • s 0 •  ,  ,  •  • … or like s n MSR 3.0 9

Encoding R • s n •  [a → b] = [a] ⎯ο [b]  [a] = a  [ • ] = 1 s 0  [a , b] = [a] ⊗ [b] •  [[a]] = a  [[ • ]] = • or [ • ]  [[a , b]] = [[a]] , [[b]] or [a , b] Well defined because ( Δ s, “,”, “ • ”) is a commutative monoid  (As, ⊗ , 1) is a commutative monoid  / --> MSR 3.0 10

Property s 0 s n iff [R] ; [[s 0 ]] --> [s n ]  * R  For appropriate inverse encodings Γ ; A --> B iff [A]  * [ Γ ] [B] Encoding of MSR in LL MSR 3.0 11

End of the Story ? Yes ----- NO! • • Frominterpretation of MSR in logic • to interpretation of MSR as logic Multiset rewriting semantics = left • sequent rules First, a few rough edges to smooth • MSR 3.0 12

Context vs. Formulas (1) Either go against tradition of logic • (As, ⊗ , 1) is a congruence w.r.t. derivability   Identify contexts and formulas Whenever formula is expected  – Turn , into ⊗ – Turn • into 1 Consistent with categorical semantics of  logic Has to be done with extreme care  MSR 3.0 13

Context vs. Formulas (2) … or go against tradition of rewriting •  Distinguish states and multisets state constructors: , and •  mset constructors: ⊗ and 1   Additional transition rules s, a ⊗ b  R s, a, b  s, 1 s  R  This research is compatible with both •  We will lean towards (2) MSR 3.0 14

Rewriting View of Derivations  * Γ ’’’; C --> C Γ ’’; Δ ’’ --> C Γ ’; Δ ’ --> C Step up:  •  Left rules  Step across:  * • Axiom  Γ ; Δ --> C Right rules not • used MSR 3.0 15

Rewriting Semantics as Left Rules s s  *R Γ ; A --> A Γ ; Δ , A, B --> C s, a ⊗ b s, a, b  R Γ ; Δ , A ⊗ B --> C Γ ; Δ --> C s, 1 s  R Γ ; Δ , 1 --> C Γ , A ⎯ο B; Δ , B --> C s, a  R, (a → b) s, b Γ , A ⎯ο B; A, Δ --> C Not quite, but not too far off   Admissible rule Γ , A; Δ , A --> C Γ ; Δ 1 --> A Γ ; Δ 2 , B --> C + Γ , A; Δ --> C Γ ; Δ 1 , Δ 2 , A ⎯ο B --> C MSR 3.0 16

Questions Can we make the correspondence precise? •  Yes Does it extend to other connectives? •  Yes … to a large extent What are the implications? •  Logical explanation of multiset rewriting Not just interpretation  Now MSR is logic   Guideline to design rewrite systems Can we do this with other logics?   Derivations do not need to be finite Goal is important only for reachability  MSR 3.0 17

First Proof of Concept First-Order Multiset Rewriting (MSR 1.0) •  Multiset elements are F0 atomic formulas  Rules have the form ∀ x 1 …x n . a( x ) → ∃ y 1 …y k . b( x , y )  Semantics (  * ) Σ ; a( t ), s Σ , y ; b( t , y ), s  R, (a( x ) → ∃ y . b( x , y )) if Σ |- t  Encoding is simple extension of prop. case MSR 3.0 18

Semantics from Left Rules Updated judgment forms •  Σ ; s Σ ; s  R  Γ ; Δ --> Σ C Semantics (  ** ) • … … Σ ; s, ∀ x.a  R Σ ; s, [t/x]a Γ ; Δ , [t/x]A --> Σ C Σ |- t Γ ; Δ , ∀ x.A --> Σ C if Σ |- t Γ ; Δ , A --> Σ ,x C Σ ; s, ∃ x.a  R Σ ,x ; s, a Γ ; Δ , ∃ x.A --> Σ C MSR 3.0 19

Comparing Semantics Lemma If a (b), then a (b)  *  ** • R R And viceversa •  Careful with non-observable steps MSR 3.0 20

Second Proof of Concept Minimal ω -multiset rewriting •  Language ::= a | • | ω , ω | ω → ω ω No distinction between atoms and formulas   Semantics (v.1) s, (a → b), a  s, b   Check against left rule for ⎯ο --> A , B --> C Δ 1 Δ 2 , Δ 2 , A ⎯ο B --> C Δ 1  Semantics (v.2) s 1 , s 2 , (a → b)  s 2 , b if s 1 a  *  Step depends on reachability!  MSR 3.0 21

Comparing Semantics Lemma • a (b) iff a (b)  *v.1  *v.2 (  ) Trivial by reflexivity ( ⇐ ) Recursively turn every step s 1 , s 2 , (a → b)  v.2 s 2 , b if s 1 a  *  v.2 into s 1 , s 2 , (a → b) a, s 2 , (a → b)  v.1 s 2 , b  *  v.1 However •  Do all extensions support transformation? Use v.1 when adequate, v.2 other times   Seems to be an instance of cut elimination (see later)  MSR 3.0 22

Adding Persistent Multisets Language • ::= a | • | ω , ω | ω → ω | ∀ x. ω | ∃ x. ω | ! ω ω Judgment •  Σ ; p ; s Σ ; p ; s  Semantics from left rules • … … Γ , A; Δ --> Σ C Σ ; p ; s, !a  Σ ; p, a ; s Γ ; Δ , !A --> Σ C Γ , A; Δ , A --> Σ C Σ ; p, a ; s Σ ; p, a ; s, a  Γ , A; Δ --> Σ C MSR 3.0 23

A Word of Caution !(a ⊗ b) ≠ !a ⊗ !b a and b can be a and b can be used used only together independently corresponds to “,” in Δ , but not in Γ • ⊗  Distinguish ⊗ and “,” in ω MSR  Consider only sublanguages  Use different symbol “,,” in p p is multiset of multisets, not multiset  MSR 3.0 24

Additive Conjunction and Unit Language • ::= … | ω & ω | T ω Semantics from left rules • … … Σ ; p ; s, a 1 & a 2 Σ ; p ; s, a i Γ ; Δ , A i --> Σ C  Γ ; Δ , A 1 & A 2 --> Σ C Non-deterministic choice • Usually written + (no T-transition) (no left rule) Absence of any choice MSR 3.0 25

Additive Disjunction and Unit Language • ::= … | ω ⊕ ω | 0 ω Semantics from left rules • Σ ; p ; s, 0  * s n Γ ; Δ , 0 --> Σ C  Inconsistency?  Forced reachability? MSR 3.0 26

Γ ; Δ , A --> Σ C Γ ; Δ , B --> Σ C The case of ⊕ Γ ; Δ , A ⊕ B --> Σ C Σ ; p ; s, a (c)  * Σ ; p ; s, a ⊕ b  Σ ; p ; s, b  * (c) The 2 computations shall be synchronized •  If one “ends”, the other “ends” in the same way Breakpoint, or final state   If one diverges, the other shall diverge Flavor of •  Confluence  Bisimulation? MSR 3.0 27

Multiplicative Disjunction and Unit Language: • ::= … | ω ℘ ω | ⊥ ω Semantics from left rules • Σ ; p ;  * ⊥ • Γ ; ⊥ --> Σ •  Abort?  Deadlock? MSR 3.0 28

Γ ; Δ 1 , A --> Σ Γ ; Δ 2 , B --> Σ Ψ 1 Ψ 2 The Case of ℘ Γ ; Δ 1 , Δ 2 , A ℘ B --> Σ , Ψ 2 Ψ 1 Σ ; p ; s 1 , a Σ ; p ; s 1 , s 2 , a ℘ b  Σ ; p ; s 2 , b Start of completely independent • computations involving a and b MSR 3.0 29