View
182
Download
3
Category
Preview:
Citation preview
Relations as Executable SpecificationsTaming Partiality and Non-determinism Using Invariants
Nuno Macedo Hugo Pacheco Alcino Cunha
HASLab — High Assurance Software LaboratoryINESC TEC & Universidade do Minho, Braga, Portugal
RAMiCS 13September 20, 2012, Cambridge
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Introduction
• Relational calculus provides a more natural way to specifyprograms;
• Many programs are partial and non-deterministic;
• A point-free (PF) version has been used in a variety ofcomputer science areas;
• Such specifications are not amenable for execution.
Nuno Macedo, Hugo Pacheco, Alcino Cunha 2 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Motivating Example
(id M id)◦ ◦ (head◦ M length◦) : Nat→ [Nat]
• Calculates a list with length n and the same n at its head;
• Not total nor functional;
• Very inefficient given a naive semantics;
• head◦ could be generating all lists by increasing length andnever reach n.
(id4id)�
(id4id)� � (head�4length�)
head�4length�
Nuno Macedo, Hugo Pacheco, Alcino Cunha 3 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Motivating Example
• We can predict the behavior of partial expressions bycalculating the exact domain and range;
• They can also be used to narrow non-deterministic executions.
(id4id)�
(id4id)� � (head�4length�)
head�4length�
{(l, l0) 2 [Nat]⇥ [Nat]|head l = length l0 ^ l = l0}●
{n 2 Nat|n 6= 0}●{l 2 [Nat]|head l = length l}●
Nuno Macedo, Hugo Pacheco, Alcino Cunha 4 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Taming Partiality and Non-determinism
• We propose a PF relational framework where data-types areenhanced with invariants;
• The simplicity of the PF calculus allows us to developpractical type-inference and type-checking algorithms;
• Those invariants can then used to run the specifications moreefficiently;
• Bidirectional transformations are our application scenario.
Nuno Macedo, Hugo Pacheco, Alcino Cunha 5 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
PF Relational Calculus
Identity id : A→ ATop > : A→ B
Bottom ⊥ : A→ BConverse ·◦ : (A→ B)→ (B → A)
Composition · ◦ · : (B → C )→ (A→ B)→ (A→ C )Intersection · ∩ · : (A→ B)→ (A→ B)→ (A→ B)
Union · ∪ · : (A→ B)→ (A→ B)→ (A→ B)Split · M · : (A→ B)→ (A→ C )→ (A→ B × C )
Projections π1 : A× B → A and π2 : A× B → BEither · O · : (B → A)→ (C → A)→ (B + C → A)
Injections i1 : A→ (A + B) and i2 : B → (A + B)Constants ! : A→ 1 and · : B → (A→ B)
Conditional · ? :(A→ A)→ (A→ A + A)
• The simple equational rules are harnessed in a strategicrewrite system that simplifies expressions.
Nuno Macedo, Hugo Pacheco, Alcino Cunha 6 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Membership Semantics
a′ JidK a = a ≡ a′
a JR◦K b = b JRK ab JS ◦ RK a = ∃ c. b JSK c ∧ c JRK ab JR ∩ SK a = b JRK a ∧ b JSK ab JR ∪ SK a = b JRK a ∨ b JSK a(b, c) JR M SK a = b JRK a ∧ c JSK aa′ Jπ1K (a, b) = a ≡ a′
b′ Jπ2K (a, b) = b ≡ b′
a JR O SK (Left b) = a JRK ba JR O SK (Right c) = a JSK c(Left a′) Ji1K a = a ≡ b(Left a′) Ji2K b = False(Right b′) Ji1K a = False(Right b′) Ji2K b = a ≡ bb J>K a = Trueb J⊥K a = False1 J!K a = Trueb′ JbK a = b ≡ b′
Nuno Macedo, Hugo Pacheco, Alcino Cunha 7 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Execution Semantics
J|||| id ||||K a = {a}J||||R◦ ||||K b = {a | a← A, a JR◦K b}J||||S ◦ R ||||K a = {b | c ← J||||R ||||K a, b ← J||||S ||||K c }J||||R ∩ S ||||K a = {b | b ← J||||R ||||K a, b JSK a}J||||R ∪ S ||||K a = J||||R ||||K a ∪ J||||S ||||K aJ||||R M S ||||K a = {(b, c) | b ← J||||R ||||K a, c ← J||||S ||||K a}J||||π1 ||||K (a, b) = {a}J||||π2 ||||K (a, b) = {b}J||||R O S ||||K (Left b) = J||||R ||||K bJ||||R O S ||||K (Right c) = J||||S ||||K cJ|||| i1 ||||K a = {Left a}J|||| i2 ||||K b = {Right b}J|||| > ||||K a = BJ|||| ⊥ ||||K a = { }J|||| ! ||||K a = {1}J|||| b ||||K a = {b}
Nuno Macedo, Hugo Pacheco, Alcino Cunha 8 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Predicates as Coreflexives
• Domain δR and range ρR are predicates that can be definedas coreflexives;
• Coreflexives Φ : A→ A are relations smaller than the identity;
• If a satisfies the predicate Φ then a JΦK a;
• For pairs A×B related by R : A→ B, the invariant is lifted as[R] : A× B → A× B;
• Invariants on coproducts are simply the coproduct Φ + Ψ;
• R : Φ→ Ψ denotes δR = Φ and ρR = Ψ.
Nuno Macedo, Hugo Pacheco, Alcino Cunha 9 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Inferring Checkable Invariants
• Domain and range can be directly computed asδR = R◦ ◦ R ∩ id and ρR = R ◦ R◦ ∩ id;
• May result in inefficient membership tests (due tocomposition);
• By expanding the definition, we define an equivalent definitionwith most compositions removed;
• Others will fall in the special caseb (f ◦ ◦ R ◦ g) a ≡ (f b) R (g a);
• The rewriting system further simplifies the formula and issuesa warning if problematic expressions remain.
Nuno Macedo, Hugo Pacheco, Alcino Cunha 10 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Example
(id M id)◦ ◦ (head◦ M length◦) : Nat→ [Nat]
ρ((id M id)◦ ◦ (head◦ M length◦))={Range definition}
ρ((id M id)◦ ◦ ρ(head◦ M length◦))={Range definition}
ρ((id M id)◦ ◦ [length◦ ◦ head])={Range definition}
δ([length◦ ◦ head] ◦ (id M id))={Domain definition, Simplifications : PF Laws}
(head◦ ◦ length) ∩ id
(idMid)◦◦(length◦Mhead◦):inN◦(⊥+id)◦outN → (head◦◦length)∩id
Nuno Macedo, Hugo Pacheco, Alcino Cunha 11 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Optimizing Non-deterministic Executions
• After determining the domain and range, they can bepropagated down to primitives,
• This reduces the generation of irrelevant intermediate values;
J|||| id : Φ→ Ψ ||||K a = J||||Ψ ||||K a
J||||π1 : [U ]→ Ψ ||||K (a, b) = J||||Ψ ||||K a
J||||R ◦ S : Φ→ Ψ ||||K a = {b | c ← J||||S : Φ→ δR ||||K a,b ← J||||R : ρS → Ψ ||||K c }
J||||R ∩ S : Φ→ Ψ ||||K a = {b | b ← J||||R : Φ ∩ δS → ρ(Ψ ◦ S ◦ a) ||||K a}
Nuno Macedo, Hugo Pacheco, Alcino Cunha 12 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Recursive Relations with Invariants
• We support the well-know recursion patterns ofcatamorphisms (folds) and anamorphisms (unfolds);
• Execution is not problematic, as it is performed by unfoldingtheir definitions;
• However, there is no known normal form for invariants overrecursive types;
• The rewrite system tries to simplify the generic domain/rangeexpression.
Nuno Macedo, Hugo Pacheco, Alcino Cunha 13 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Recursive Relations: Example
unzip : [A× B ]→ [A]× [B ]
ρunzip={Range definition}
(unzip ◦ unzip◦) ∩ id={Simplifications : unzip is functional , Liftify : range of unzip is a product}
[π2 ◦ unzip ◦ unzip◦ ◦ π◦1 ]={Catamorphism fusion : π1 ◦ g = nil O (cons ◦ (π1 × id)) ◦ F π1}
[(|nil O (cons ◦ (π1 × id))|) ◦ (|nil O (cons ◦ (π2 × id))|)◦]={Definitions : map}
[(map π1) ◦ (map π2)◦]
={Simplifications : map converse,map fusion (see below)}[map (π1 ◦ π◦2 )]={Simplifications : PF Laws}
[map >]
unzip : id→ [map >]
Nuno Macedo, Hugo Pacheco, Alcino Cunha 14 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Bidirectional Transformations
• Bidirectional transformations are transformations betweendata-structures that may be applied in both directions;
• Defining the transformations individually is expensive anderror-prone;
• BXs should be inferred a single specification;
• We propose a solution using the relational calculus.
Nuno Macedo, Hugo Pacheco, Alcino Cunha 15 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Bidirectional Transformations
• Lenses are one of the most famous BX frameworks;
• A lens S Q V between sources S and more abstract views Vconsists of transformations Get : S → V and Put : V × S → S ;
• It is said to be well-behaved if:• Get ◦ Put ⊆ π1 (acceptability);• Put ◦ (Get M id) ⊆ id (stability);
• Usually there are multiple valid Puts, but existing frameworksare deterministic.
Nuno Macedo, Hugo Pacheco, Alcino Cunha 16 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Bidirectional Transformations
• In principle, it is possible to lift any functional expression to awell-behaved lens;
• Existing frameworks either:• Have maximum updatability but
disregard some operators;• Refine the type-system to allow
operators with smaller updatability;• Support any operator but disregard
updatability;
• We refine the type-system andguarantee maximum updatability.
? ? ?
Nuno Macedo, Hugo Pacheco, Alcino Cunha 17 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Generic Non-deterministic Lenses
• Using relational calculus we can define a generic Put that isthe largest relation that satisfies the properties;
• A transformation get : A→ B can be lifted to a well-behavednon-deterministic lens bgetc : δget Q ρget, with
Put = (π2 O (get◦ ◦ π1)) ◦ [get◦] ?
• Emerges naturally from the lens laws:• [get◦] ? (v , s) tests if v was changed, returning either the
original s (acceptability), or any source s ′ such that s ′ = get v(stability);
• Maximum updatability: δPut = ρget× δget.
Nuno Macedo, Hugo Pacheco, Alcino Cunha 18 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Generic Non-deterministic Lenses
• Type-checking over δget and ρget directly could beundecidable and due to the central role of the converse, Putcan not be directly executed;
• Both these issues can be addressed by the optimizationsalready presented;
• Forward transformations are functional so problematic casesare very limited:• Regarding type-checking, only particular ranges of splits are
possibly undecidable;• The backward transformation can be efficiently executed;
• Recursive expressions are also supported as they preserve thefunctionality of their algebras.
Nuno Macedo, Hugo Pacheco, Alcino Cunha 19 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Generic Non-deterministic Lenses: Example
bπ1 M idc : id Q [π◦1]
• The range is [π◦1] : A× (A× B)→ A× (A× B), so Put onlytakes views (a, (b, c)) where a ≡ b;
• When the view is updated, (π1 M id)◦ will run, and π◦1 couldgenerate all pairs until reaching (a, c);
• With our optimization, the output of π1 is restricted to have cin the second element.
Nuno Macedo, Hugo Pacheco, Alcino Cunha 20 / 21
Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions
Conclusions
• We have presented mechanisms for the efficient execution PFrelational expressions over data-types with invariants;
• Regarding BX, we identify an open problem in thecomposition of lenses;
• By modeling lenses in this framework we were able toimplement an expressive PF BX language with maximumupdatability;
• Researching possible normal forms for invariants over recursivetypes;
• Exploring mechanisms for a better control of thenon-determinism through user-defined quality measures.
Nuno Macedo, Hugo Pacheco, Alcino Cunha 21 / 21
Recommended