1 / 25

Verification of Graph Transformation Systems

Verification of Graph Transformation Systems. Arman Sheikholeslami armanpts@mail.upb.de. Graph and GTS. Directed Graph is set of vertices. is set of edges. often used to model static characteristics of a system. Graph Transformation System

walda
Download Presentation

Verification of Graph Transformation Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verification of GraphTransformationSystems Arman Sheikholeslami armanpts@mail.upb.de

  2. Graph and GTS • Directed Graph • is set of vertices. • is set of edges. • often used to model static characteristics of a system. • Graph Transformation System • used to model behavior of a dynamic system. • as initial graph. • as a set of transformation rules. Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

  3. Chess Rook Rook A8 A8 B8 B8 Pawn A7 A7 B7 B7 Transformed! • Pawn A6 A6 Transformed! Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

  4. How Transformation works? LHS RHS Pawn Pawn A7 A7 A7 A7 Pawn A6 A6 A6 A6 Pawn A5 A5 G H Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn Find a matching of in . Delete all vertices and edges in s.t. . Add all vertices and edges to s.t. .

  5. Formalization of GTS Pawn A7 LHS LHS RHS RHS G G H H A7 Pawn Pawn Pawn A7 A7 A7 A7 Pawn A6 A6 A6 A6 Pawn Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn • Algebraic approach • Single push-out (SPO) • If node deletion causes dangling edge, node is deleted along with dangled edge. • Double push-out (DPO) • If node deletion causes dangling edge, the rule is not applied. • Not applicable in chess!

  6. Transition System using SPO Pawn Pawn Pawn A7 A7 A7 A7 Pawn Rule X A6 A6 A6 A6 Knight Knight A5 A5 A5 A5 B5 B5 A7 A7 P Rule Z Rule Y A6 A6 P K A5 B5 A5 B5 LHS RHS Rule Z P P A7 A7 Knight A7 A7 P A6 A6 A6 A6 B5 B5 A5 A5 P LHS RHS LHS RHS Rule Y Rule X Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

  7. Verification of GTS Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn • Verification is to determine if behavior of system (semantic) to conform with specifications (properties). • Properties of GTS • conditions and restrains a GTS should satisfy. • Semantic of GTS • producible transition system.

  8. Properties of GTS Pawn A7 Knight hit by Pawn! Unsafe! A6 Knight A5 B5 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn • Which properties of GTS can be verified? • Safety • something bad will never happen. • e.g. a forbidden pattern (sub-graph) is never reached. • Liveness • something good will eventually happen. • e.g. Deadlock-freedom, security

  9. Intuitively… Pawn Pawn Pawn A7 A7 A7 A7 Pawn Rule X Hit pattern, Unsafe! A6 A6 A6 A6 Knight Knight A5 A5 A5 A5 B5 B5 B5 A7 A7 A7 A7 P P Rule Y P P A6 A6 A6 A6 K K A5 A5 B5 B5 Rule Z A5 A5 B5 B5 LHS LHS RHS RHS Rule Y Rule Z P A7 A7 P A6 A6 B5 LHS RHS Rule X Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

  10. Technically… Properties Semantics A Avoid getting hit! B D C E Kripke Structure Temporal Logic LTL:B Model Checker      Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn Chess play Transition System

  11. State space explosion x,y Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn • Problem statement • several variables in a system with range of possible values. • a state assigned to each possible concrete combination of variables. • set of possible states is too large. • This happens in almost every system • That’s why we cannot have a complete verification of large systems e.g. OS.

  12. Infinite State Space LHS RHS G H Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn A worse case of State Space Explosion problem. Occurs when state set of system is endless. Infinite state space is created by application of rules in which LHS can be found in RHS.

  13. Solutions Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn • Under-approximation • An abstraction (subset) of original graph (state set) satisfying less properties. • Bounded Model Checking • Over-approximation • An abstraction (superset) of original graph (state set) satisfying more properties. • Shape Graphs • Inductive Invariance • Applicable to both State Space Explosion and Infinite State Space problems

  14. Bounded Model Checking Only movements of one level are modeled! (K=1) Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn • is the pre-defined absolute bound. • Look for a bad pattern in -bounded execution length. • If no bad pattern found, increment () until a bad pattern is found. • If and no bad pattern found, verification stops. • system is not necessarily safe (under-approx.)

  15. Shape Graphs Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn • To shrink state space by abstraction • information is discarded. • how to retrieve it to create concrete instances? • Local Shape Logic (LSL) • a way to express additional information about nodes and edges in a graph. • Shape graph is an abstract model • concrete instances are built based on shape constraints. • Still more than one precise instance can be produced (over-approx.).

  16. Shape Graphs (example) Rook Rook Rook A8 A8 A8 B8 B8 B8 King Abstraction Cell Queen Pawn Pawn Pawn A7 A7 A7 B7 B7 B7 Rook Pawn Bishop SG Knight A6 A6 A6 • Constraints: • There is exactly one Pawn Reproduction G G • In : Not a valid Instance! Pawn G Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

  17. Inductive Invariance A7 Pawn A7 Pawn Knight A6 Knight A6 A5 B5 A5 B5 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn • Investigate if transition from a safe state to an error state (forbidden pattern) is possible • Apply the rules backwards from forbidden pattern. • if safe state reached, the property is can be violated (it’s NOT Inductive Invariant). • Instead of the whole graph, only borders are investigated (abstraction).

  18. Inductive Invariant (cont.) Bishop C3 D8 D5 E5 Bishop D4 E4 C2 D7 Pawn Bishop D3 E3 C1 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn • If the property is inductive invariant • no rule can be used to reach forbidden pattern from a state is notforbidden pattern. • the system is safe. • If the property is not inductive invariant • the system still might be safe. • forbidden pattern can be reached given any starting graph (over-approx.).

  19. Extensions Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn • What if we need to differentiate elements of graphs from each other? • we need to use attributes to specify differences. • Typed Attributed Graphs (TAG) introduces as extension. • What if time has specific effect on the system? • simple graphs do not care about time! • Timed Graphs introduces as extension (also and extension to TAG).

  20. Typed Attributed GTS A data node indicating color Rook A8 B8 Black Pawn A7 B7 A6 Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn • A graph with vertices and edges having an attribute • where is a graph and data vertices in . • node attribute as data node with an edge from graph node to data node. • edge attribute as data node with an edge from graph edgeto data node.

  21. Timed GTS Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn • Contains 3 rules to perform TGT • Clock Instance Rule • adds clock instances to graph. • by using discrete- or dense-time model (timed automata), passing of time can be expressed. • Invariant Rule • restrict the execution of the rule to a specific time interval. • Timed Graph Transformation Rule • normal graph transformation rule.

  22. Timed GTS (example) 1 Apply Clock Instance rule Apply Invariant rule Rook A8 Rook A8 A8 Apply Transformation rule 3 Rook A7 2 Pawn A7 A7 Pawn Pawn A6 A6 A6 CI CI R P A7 A7 A8 A8 Yes P R A6 A6 A7 A7 No LHS LHS RHS RHS Rule X Rule Y Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

  23. Verification of TGTS Timed GTS FO-TCTL Property 2 1 -Automaton TCTL Property 3 Labeled -Automaton TCTL Model Checker Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn • There are many studies about model checking of TCTL over timed automata. • To reduce model checking TGTS to model checking of timed automata. • to benefit from existing theories and tools. • To do that • produce TS for TGTS (-automaton). • reduce First Order-TCTL to TCTL. • label -automaton with atomic propositions holding in states.

  24. Verification of TGTS (example) Inv: TCTL A8 A8 A8 A8 A8 A8 Rook Rook Rook Rook Rook Rook Timed GTS Labeled -Automaton -Automaton FO-TCTL A7 A7 A7 A7 A7 A7 Pawn Pawn Pawn Pawn Pawn Pawn A6 A6 A6 A6 A6 A6 CI CI CI CI CI CI TCTL Model Checker CI_x CI_x Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

  25. Question?! Seminar Advanced Verification Techniques - Winter term 2012/13 - University of Paderborn

More Related