revisiting auxiliary variables
play

Revisiting Auxiliary Variables Stephan Merz joint work with Leslie - PowerPoint PPT Presentation

Jul 04, 2023 •466 likes •990 views

Revisiting Auxiliary Variables Stephan Merz joint work with Leslie Lamport Inria & LORIA, Nancy, France IFIP Working Group 2.2 Bordeaux, September 2017 Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 1 / 24 Specifications

  1. Revisiting Auxiliary Variables Stephan Merz joint work with Leslie Lamport Inria & LORIA, Nancy, France IFIP Working Group 2.2 Bordeaux, September 2017 Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 1 / 24

  2. Specifications of State Machines Standard way of describing algorithms ◮ initial condition, next-state relation express what may happen ◮ fairness / liveness conditions assert what must happen Part of the state may be hidden ◮ do not expose implementation details ◮ delimit observable behavior that should be implemented Concrete syntax: TLA + ∃ ∃ x : Init ∧ � [ Next ] vars ∧ L ∃ ∃ ∃ ∃ Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 2 / 24

  3. Refinement of State Machines From high-level specification to concrete implementation ◮ executions of lower-level state machine coherent with specification ◮ formally: inclusion of set of (observable) state sequences ( ∃ ∃ y : Impl ) ⇒ ( ∃ ∃ ∃ ∃ ∃ ∃ ∃ ∃ ∃ ∃ x : Spec ) Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 3 / 24

  4. Refinement of State Machines From high-level specification to concrete implementation ◮ executions of lower-level state machine coherent with specification ◮ formally: inclusion of set of (observable) state sequences ( ∃ ∃ y : Impl ) ⇒ ( ∃ ∃ ∃ ∃ ∃ ∃ ∃ ∃ ∃ ∃ x : Spec ) Standard proof technique: refinement mapping ◮ reconstruct high-level internal state from low-level state Impl ⇒ Spec { f / x } ◮ pointwise computation of internal state components Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 3 / 24

  5. Example: Compute the Maximum Input Value First specification: store the set of all inputs ∆ Init 1 = inp = {} ∧ lastinp = − ∞ ∧ max = − ∞ = inp ′ = inp ∪ { x } ∧ lastinp ′ = x ∧ max ′ = Max ( inp ′ ) ∆ Input 1 ( x ) ∆ Next 1 = ∃ x ∈ Int : Input 1 ( x ) ∆ = ∃ ∃ ∃ Spec 1 ∃ ∃ ∃ inp , lastinp : Init 1 ∧ � [ Next 1 ] � inp , lastinp , max � Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 4 / 24

  6. Example: Compute the Maximum Input Value First specification: store the set of all inputs ∆ Init 1 = inp = {} ∧ lastinp = − ∞ ∧ max = − ∞ = inp ′ = inp ∪ { x } ∧ lastinp ′ = x ∧ max ′ = Max ( inp ′ ) ∆ Input 1 ( x ) ∆ Next 1 = ∃ x ∈ Int : Input 1 ( x ) ∆ = ∃ ∃ ∃ Spec 1 ∃ ∃ ∃ inp , lastinp : Init 1 ∧ � [ Next 1 ] � inp , lastinp , max � Second specification: store just the maximum value ∆ Init 2 = lastinp = − ∞ ∧ max = − ∞ = lastinp ′ = x ∧ max ′ = IF x > max THEN x ELSE max ∆ Input 2 ( x ) ∆ Next 2 = ∃ x ∈ Int : Input 2 ( x ) ∆ = ∃ ∃ ∃ ∃ ∃ ∃ lastinp : Init 2 ∧ � [ Next 2 ] � lastinp , max � Spec 2 Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 4 / 24

  7. Example: Compute the Maximum Input Value First specification: store the set of all inputs ∆ Init 1 = inp = {} ∧ lastinp = − ∞ ∧ max = − ∞ = inp ′ = inp ∪ { x } ∧ lastinp ′ = x ∧ max ′ = Max ( inp ′ ) ∆ Input 1 ( x ) ∆ Next 1 = ∃ x ∈ Int : Input 1 ( x ) ∆ = ∃ ∃ ∃ Spec 1 ∃ ∃ ∃ inp , lastinp : Init 1 ∧ � [ Next 1 ] � inp , lastinp , max � Second specification: store just the maximum value ∆ Init 2 = lastinp = − ∞ ∧ max = − ∞ = lastinp ′ = x ∧ max ′ = IF x > max THEN x ELSE max ∆ Input 2 ( x ) ∆ Next 2 = ∃ x ∈ Int : Input 2 ( x ) ∆ = ∃ ∃ ∃ ∃ ∃ ∃ lastinp : Init 2 ∧ � [ Next 2 ] � lastinp , max � Spec 2 What is the formal relationship between the two specifications? Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 4 / 24

  8. Proving Refinement The two specifications are equivalent ◮ they generate same externally visible behaviors (variable max ) Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 5 / 24

  9. Proving Refinement The two specifications are equivalent ◮ they generate same externally visible behaviors (variable max ) Spec 1 refines Spec 2 prove invariant max = Max(inp) 1 use identical refinement mapping for variable lastinp 2 Spec 1 ∧ � ( max = Max ( inp )) ⇒ Init 2 ∧ � [ Next 2 ] � lastinp , max � Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 5 / 24

  10. Proving Refinement The two specifications are equivalent ◮ they generate same externally visible behaviors (variable max ) Spec 1 refines Spec 2 prove invariant max = Max(inp) 1 use identical refinement mapping for variable lastinp 2 Spec 1 ∧ � ( max = Max ( inp )) ⇒ Init 2 ∧ � [ Next 2 ] � lastinp , max � Spec 2 refines Spec 1 ◮ holds semantically, but no refinement mapping ◮ cannot compute set of inputs given the maximum value Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 5 / 24

  11. Proving Refinement The two specifications are equivalent ◮ they generate same externally visible behaviors (variable max ) Spec 1 refines Spec 2 prove invariant max = Max(inp) 1 use identical refinement mapping for variable lastinp 2 Spec 1 ∧ � ( max = Max ( inp )) ⇒ Init 2 ∧ � [ Next 2 ] � lastinp , max � Spec 2 refines Spec 1 ◮ holds semantically, but no refinement mapping ◮ cannot compute set of inputs given the maximum value Refinement mappings alone are incomplete Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 5 / 24

  12. Auxiliary Variables Augment implementation, then construct refinement mapping ∃ a : Impl a Impl ≡ ∃ ∃ ∃ ∃ ∃ specific rules justifying auxiliary variables: 1 Impl a ⇒ ∃ ∃ ∃ augmented specification refines high-level: ∃ ∃ ∃ x : Spec 2 Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 6 / 24

  13. Auxiliary Variables Augment implementation, then construct refinement mapping ∃ a : Impl a Impl ≡ ∃ ∃ ∃ ∃ ∃ specific rules justifying auxiliary variables: 1 Impl a ⇒ ∃ ∃ ∃ augmented specification refines high-level: ∃ ∃ ∃ x : Spec 2 Two particular kinds of auxiliary variables ◮ history variables: record information about previous states ◮ prophecy variables: predict information about future states Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 6 / 24

  14. Auxiliary Variables Augment implementation, then construct refinement mapping ∃ a : Impl a Impl ≡ ∃ ∃ ∃ ∃ ∃ specific rules justifying auxiliary variables: 1 Impl a ⇒ ∃ ∃ ∃ augmented specification refines high-level: ∃ ∃ ∃ x : Spec 2 Two particular kinds of auxiliary variables ◮ history variables: record information about previous states ◮ prophecy variables: predict information about future states Classic reference M. Abadi, L. Lamport. The Existence of Refinement Mappings. TCS (1991). ◮ introduces history and prophecy variables ◮ proves completeness under certain conditions ◮ closely related: forward / backward simulations Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 6 / 24

  15. Outline Refinement Mappings 1 History Variables 2 Simple Prophecy Variables 3 Arrays of Auxiliary Variables 4 Stuttering Variables 5 Establishing Completeness 6 Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 7 / 24

  16. Record Information About Past States Update history variable at every transition ∃ h : Spec ∧ h = h 0 ∧ � [ vars ′ � = vars ∧ h ′ = f ( h )] � vars , h � Spec ≡ ∃ ∃ ∃ ∃ ∃ ◮ variable h does not occur in Spec , vars or h 0 ◮ term f ( h ) does not contain h ′ ◮ h 0 is the initial value of the history variable ◮ f represents the update function applied at every observable step Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 8 / 24

  17. Record Information About Past States Update history variable at every transition ∃ h : Spec ∧ h = h 0 ∧ � [ vars ′ � = vars ∧ h ′ = f ( h )] � vars , h � Spec ≡ ∃ ∃ ∃ ∃ ∃ ◮ variable h does not occur in Spec , vars or h 0 ◮ term f ( h ) does not contain h ′ ◮ h 0 is the initial value of the history variable ◮ f represents the update function applied at every observable step Example: step counter ∃ h : Spec ∧ h = 0 ∧ � [ vars ′ � = vars ∧ h ′ = h + 1 ] � vars , h � Spec ≡ ∃ ∃ ∃ ∃ ∃ ◮ similar: record the input values during executions of Spec 2 Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 8 / 24

  18. Parameterized Refinement Mappings Idea: many refinement mappings are better than one introduce parameterized specification equivalent to low-level spec 1 Impl ≡ ∃ β ∈ S : PImpl ( β ) define separate refinement mappings per parameter value 2 ∀ β ∈ S : PImpl ( β ) ⇒ Spec { f ( β ) / x } Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 9 / 24

  19. Parameterized Refinement Mappings Idea: many refinement mappings are better than one introduce parameterized specification equivalent to low-level spec 1 Impl ≡ ∃ β ∈ S : PImpl ( β ) define separate refinement mappings per parameter value 2 ∀ β ∈ S : PImpl ( β ) ⇒ Spec { f ( β ) / x } Example: introduce a downward counter = n = 0 ∧ � [ n ′ = n + 1 ] � n � ∧ ♦� [ n ′ = n ] � n � ∆ Impl = n = 0 ∧ k ∈ N ∧ � [ k > 0 ∧ n ′ = n + 1 ∧ k ′ = k − 1 ] � k , n � ∆ Spec Prove Impl ⇒ ∃ ∃ ∃ ∃ ∃ ∃ k : Spec Stephan Merz Revisiting Auxiliary Variables WG 2.2, 2017-09 9 / 24

Recommend

PixelCNN Models with Auxiliary Variables for Natural Image Modeling Alexander Kolesnikov*,

PixelCNN Models with Auxiliary Variables for Natural Image Modeling Alexander Kolesnikov*,

PixelCNN Models with Auxiliary Variables for Natural Image Modeling Alexander Kolesnikov*, Christoph H. Lampert* *IST Austria ICML 2017 PixelCNN Models with Auxiliary Variables 1. What is the task? 2. PixelCNN model (recap of last coffeetalk)

369 views • 13 slides
Beyond Backprop: Online Alternating Minimization with Auxiliary Variables NYU IBM Sadhana

Beyond Backprop: Online Alternating Minimization with Auxiliary Variables NYU IBM Sadhana

Beyond Backprop: Online Alternating Minimization with Auxiliary Variables NYU IBM Sadhana Ronny Mattia Irina Anna Research Benjamin Kumaravel Luss Rigotti Rish Choromanska Cowen Djallel Brian Viatcheslav Paolo MIT Kingsbury

375 views • 11 slides
VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By VFW Auxiliary

VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By VFW Auxiliary

VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By VFW Auxiliary National Headquarters Staff George Martin, Director of Accounting VFW Auxiliary Headquarters Phone (816) 561 8655 406 West 34 th Street Toll Free

1.12k views • 85 slides
On the Complexity of Simulating Auxiliary Input Yi-Hsiu Chen 1 Kai-Min Chung 2 Jyun-Jie Liao 2 1

On the Complexity of Simulating Auxiliary Input Yi-Hsiu Chen 1 Kai-Min Chung 2 Jyun-Jie Liao 2 1

On the Complexity of Simulating Auxiliary Input Yi-Hsiu Chen 1 Kai-Min Chung 2 Jyun-Jie Liao 2 1 Harvard University, Cambridge, USA 2 Academia Sinica, Taipei, Taiwan 1 / 18 Simulating Auxiliary Input [JP14] Consider random variables ( X , Z )

868 views • 62 slides
VFW Auxiliary INVESTMENTS HELD AT VFW AUXILIARY NATIONAL HEADQUARTERS Presented By George

VFW Auxiliary INVESTMENTS HELD AT VFW AUXILIARY NATIONAL HEADQUARTERS Presented By George

VFW Auxiliary INVESTMENTS HELD AT VFW AUXILIARY NATIONAL HEADQUARTERS Presented By George Martin Director of Accounting VFW Auxiliary Headquarters Phone (816) 561 8655 406 West 34 th Street Toll Free (866) 299 1286 10 th Floor Fax

392 views • 8 slides
VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By George Martin

VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By George Martin

VFW Auxiliary LOCAL AUXILIARY TREASURERS AND TRUSTEES TRAINING Presented By George Martin Director of Accounting VFW Auxiliary Headquarters Phone (816) 561 8655 406 West 34 th Street Toll Free (866) 299 1286 10 th Floor Fax (816) 931

461 views • 30 slides
Office of Auxiliary Services Presented by Dr. Gregory A. McCord Chief Auxiliary Services Officer

Office of Auxiliary Services Presented by Dr. Gregory A. McCord Chief Auxiliary Services Officer

Beaufort County School District Office of Auxiliary Services Presented by Dr. Gregory A. McCord Chief Auxiliary Services Officer November 28, 2017 Auxiliary Services..its a team effort!!! Dr. Gregory A. McCord, Chief Auxiliary Services

190 views • 15 slides
Dependency Parse Dependency Tags aux auxiliary auxpass passive auxiliary cop

Dependency Parse Dependency Tags aux auxiliary auxpass passive auxiliary cop

Dependency Parse Dependency Tags aux auxiliary auxpass passive auxiliary cop -- copula conj conjunct cc coordination ref -- referent subj subject nsubj nominal subject nsubjpass

1.18k views • 69 slides
Term Rep placement Deep rep lacement Auxiliary constructor i Auxiliary constructor i module

Term Rep placement Deep rep lacement Auxiliary constructor i Auxiliary constructor i module

Term Rep placement Deep rep lacement Auxiliary constructor i Auxiliary constructor i module Tree-drepl d l T d l imports Tree-syntax Deep replacement: repla ace only occurrences close exports A bottom-up transformer that to the

183 views • 14 slides
Closures & Scoping Variables Parameters Local variables Free variables

Closures & Scoping Variables Parameters Local variables Free variables

CS152 Programming Language Paradigms Prof. Tom Austin, Fall 2016 Closures & Scoping Variables Parameters Local variables Free variables Variables not defined in the current scope e.g. global variables #!/bin/bash Is x

569 views • 13 slides
Y TP YUKAWA INSTITUTE FOR THEORETICAL PHYSICS 1/21 Motivation Introduction Auxiliary Field

Y TP YUKAWA INSTITUTE FOR THEORETICAL PHYSICS 1/21 Motivation Introduction Auxiliary Field

Motivation Introduction Auxiliary Field Quantum Monte Carlo Methods Results Summary Acknowledgments Auxiliary-Field Monte Carlo method for strongly paired fermions Faisal Etminan M. M. Firoozabadi University of Birjand String and Fields

535 views • 21 slides
Standard form of the maximum principle The controlled system of diff. equations dx i dt = f i ( x,

Standard form of the maximum principle The controlled system of diff. equations dx i dt = f i ( x,

I Standard form of the maximum principle The controlled system of diff. equations dx i dt = f i ( x, u ) , x R n , u U, contravariant variables with upper indices, f 1 , . . . , f n covariant auxiliary variables with lower in-

203 views • 7 slides
YCL Week 3 Lets talk about variables! Variables Variables are containers for data. Variables

YCL Week 3 Lets talk about variables! Variables Variables are containers for data. Variables

YCL Week 3 Lets talk about variables! Variables Variables are containers for data. Variables have two parts: a name and a value, which is of a certain data type. A variables value is usually assigned to it using an equal sign. x = 5

171 views • 15 slides
Revisiting Paulsons Theory of the Con- structible Universe with Isar and Sledge-

Revisiting Paulsons Theory of the Con- structible Universe with Isar and Sledge-

Revisiting Paulsons Theory of the Con- structible Universe with Isar and Sledge- hammer Ioanna M. Dimitriou H. and Peter Koepke, University of Bonn, Germany AITP 2016 Obergurgl, Austria, April 3-7, 2016 Revisiting Paulsons

703 views • 33 slides
Using Auxiliary Information Under a Pier Francesco Perri Generic Sampling Design Theoretical

Using Auxiliary Information Under a Pier Francesco Perri Generic Sampling Design Theoretical

19th International Conference on Computational Statistics Giancarlo Diana, Using Auxiliary Information Under a Pier Francesco Perri Generic Sampling Design Theoretical results Auxiliary information A class of estimators The best

842 views • 52 slides
Multimodal Biometrics with Auxiliary Information Quality, Userspecific, Cohort information

Multimodal Biometrics with Auxiliary Information Quality, Userspecific, Cohort information

Multimodal Biometrics with Auxiliary Information Quality, Userspecific, Cohort information and beyond Norman Poh Talk Outline Part I: Bayesian classifiers and decision theory Part II: Sources of auxiliary information Biometric

916 views • 53 slides
Runtime - Variables Storage and Access of Variables Three types of data memory (variables)

Runtime - Variables Storage and Access of Variables Three types of data memory (variables)

Todays Topic Runtime - Variables Storage and Access of Variables Three types of data memory (variables) Globals , locals , and dynamic/heap (new) Focus on first two for now How does compiler manage allocation of, reading of, and

565 views • 10 slides
REVISITING GENDER AND HOUSEWORK IN Dawn Mannay CONTEMPORARY URBAN SOUTH WALES

REVISITING GENDER AND HOUSEWORK IN Dawn Mannay CONTEMPORARY URBAN SOUTH WALES

WHO SHOULD DO THE DISHES NOW? REVISITING GENDER AND HOUSEWORK IN Dawn Mannay CONTEMPORARY URBAN SOUTH WALES MannayDI@Cardiff.ac.uk REVISITING Jane Pilchers (1994) seminal work Who should do the dishes? Three generations of Welsh women

250 views • 11 slides
Revisiting the Estim ation of the Revisiting the Estim ation of the Marginal Cost of Highw ay

Revisiting the Estim ation of the Revisiting the Estim ation of the Marginal Cost of Highw ay

The 6 th Conference on Applied I nfrastructure Research ( I nfraday) The 6 th Conference on Applied I nfrastructure Research ( I nfraday) Berlin - - October 2 0 0 7 October 2 0 0 7 Berlin Revisiting the Estim ation of the Revisiting the Estim

206 views • 20 slides
Theory and applications 1 Roadmap to Lecture 6 Part 2 1. Revisiting the Reynolds stress

Theory and applications 1 Roadmap to Lecture 6 Part 2 1. Revisiting the Reynolds stress

Turbulence and CFD models: Theory and applications 1 Roadmap to Lecture 6 Part 2 1. Revisiting the Reynolds stress transport equation and the turbulent kinetic energy equation 2. Revisiting the closure problem 3. Two equations models

598 views • 36 slides
Auxiliary Turn Lanes Adam Kirk Kentucky Transportation Center INTRODUCTION SPR Project:

Auxiliary Turn Lanes Adam Kirk Kentucky Transportation Center INTRODUCTION SPR Project:

Auxiliary Turn Lanes Adam Kirk Kentucky Transportation Center INTRODUCTION SPR Project: Criteria for the Design and Justification of Auxiliary Turn lanes Purpose Provide consistent and clear left and right turn-lane warrants

611 views • 45 slides
Revisiting Old Friends: Is CoDel Really Achieving What RED Cannot? Nicolas Kuhn 1 Emmanuel Lochin

Revisiting Old Friends: Is CoDel Really Achieving What RED Cannot? Nicolas Kuhn 1 Emmanuel Lochin

Revisiting Old Friends: Is CoDel Really Achieving What RED Cannot? Nicolas Kuhn 1 Emmanuel Lochin 2 Olivier Mehani 3 1 IMT Telecom Bretagne, France 2 Universit e de Toulouse, France 3 National ICT Australia, Australia 1/21 Revisiting Old

838 views • 40 slides
Control Charts for Variables Terminology Variables refers to quantitative variables, like

Control Charts for Variables Terminology Variables refers to quantitative variables, like

ST 435/535 Statistical Methods for Quality and Productivity Improvement / Statistical Process Control Control Charts for Variables Terminology Variables refers to quantitative variables, like physical dimensions, as opposed to

264 views • 12 slides
CSS CUSTOM PROPERTIES (VARIABLES) What CSS Variables are? CSS variables are entities defined by

CSS CUSTOM PROPERTIES (VARIABLES) What CSS Variables are? CSS variables are entities defined by

CSS CUSTOM PROPERTIES (VARIABLES) What CSS Variables are? CSS variables are entities defined by CSS authors that contain specific values to be reused throughout a document. How to use a variable? --my-variable var(--my-variable); BENEFITS

453 views • 9 slides

More recommend