Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Verification of Data-Aware Processes at ESSLLI 2017 3/6 - Verification Logics

55 views

Published on

Advanced course in logic and computation at ESSLLI 2017, by Calvanese and Montali, summarizing the main technical results obtained in our 6-year research on the verification of data-aware processes. Part 3/6: verification logics.

Published in: Science
  • Be the first to comment

  • Be the first to like this

Verification of Data-Aware Processes at ESSLLI 2017 3/6 - Verification Logics

  1. 1. Verification of Data-Aware Processes Verification Logics Diego Calvanese, Marco Montali Research Centre for Knowledge and Data (KRDB) Free University of Bozen-Bolzano, Italy KRDB 1 29th European Summer School in Logic, Language, and Information (ESSLLI 2017) Toulouse, France – 17–28 July 2017
  2. 2. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Outline 1 Verification Logics 2 First-order µ-Calculus 3 History and Persistence-Preserving µ-Calculus 4 First-order Linear Temporal Logics Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (1/18)
  3. 3. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Verification logics Temporal/dynamic logics expressing (un)desired properties about the dynamic system of interest. Branching-time logics are directly interpreted over the transition system. Notable examples: CTL, µ-calculus Linear-time logics are interpreted over the runs represented by the transition system. A property holds over the transition system if it is true in every run. Notable example: LTL We consider in particular LTL and µ-calculus (µL) as two representative verification logics. Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (2/18)
  4. 4. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL The verification logic µL Remember that µL: Is equipped with two local temporal operators to move over one ( − ) or all ([−]) successors of the current state. Employs fixpoint constructs to express sophisticated properties defined via induction or co-induction. Subsumes virtually all propositional temporal/dynamic logics, such as PDL, LTL, CTL, CTL*. Note: The encoding into µL of linear-time properties incurs in an exponential blow-up. Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (3/18)
  5. 5. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Verification logics for DCDSs Propositional temporal logics do not suffice! We need first-order temporal logics: To inspect data: FO queries To capture system dynamics: temporal modalities To track the evolution of objects: FO quantification across states Example: It is always the case that every order is eventually either cancelled or paid. G(∀x.Order(x) → F(State(x, cancelled) ∨ State(x, paid))) Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (4/18)
  6. 6. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Outline 1 Verification Logics 2 First-order µ-Calculus 3 History and Persistence-Preserving µ-Calculus 4 First-order Linear Temporal Logics Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (5/18)
  7. 7. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL First-order µ-calculi for DCDSs We employ variants of first-order µ-calculus (µLFO): Φ ::= Q | ¬Φ | Φ1 ∧ Φ2 | ∃x.Φ | − Φ | Z | µZ.Φ Extends the propositional µ-calculus µL with first-order quantification. The first-order quantifiers range over all objects in the transition system (and not only over those in the current state or in the current run). PDLLTL CTL µL µLFO We also adopt the standard abbreviations, including: [−]Φ for ¬ − ¬Φ νZ.Φ for ¬µZ.Φ[Z/¬Z] Example ∀x.Student(x) → µZ.((∃y.Graduate(x, y)) ∨ − Z) For each student x (in the current state), there exists an evolution that eventually leads to the graduation of x (with some final mark y). Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (6/18)
  8. 8. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Semantics of µLFO µLFO formulae: interpreted over RTS Υ = ∆, R, S, s0, db, ⇒ , using valuations: v: individual variable valuation mapping each individual variable x to a value in ∆. V : predicate variable valuation, parameterized by v, and mapping each predicate variable Z to a subset V (v, Z) of S. Evaluation of a µLFO formula Φ over Υ: given by an extension function (Φ)Υ (v,V ) mapping Φ to the set of states in S where Φ holds. (ϕ)Υ (v,V ) = {s | s ∈ S and db(s), v |= ϕ} (¬Φ)Υ (v,V ) = S (Φ)Υ (v,V ) (Φ1 ∧ Φ2)Υ (v,V ) = (Φ1)Υ (v,V ) ∩ (Φ2)Υ (v,V ) (∃x.Φ)Υ (v,V ) = {s ∈ S | ∃d ∈ ∆.s ∈ (Φ)Υ (v,V )[x/d]} ( − Φ)Υ (v,V ) = {s ∈ S | ∃s ∈ S.s ⇒ s and s ∈ (Φ)Υ (v,V )} (Z)Υ (v,V ) = V (v, Z) (µZ.Φ)Υ (v,V ) = {E ⊆ S | (Φ)Υ (v,V )[Z/E] ⊆ E} stands for (v , V ), where v is as v except that v (x) = d stands for (v, V ), where V is as V except that V (v, Z) = E Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (7/18)
  9. 9. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Model checking µLFO When the µLFO formula Φ is closed, (Φ)Υ (v,V ) does not depend on the valuations v and V , and we simply denote it as (Φ)Υ . Model checking an RTS Input: an RTS Υ = ∆, R, S, s0, db, ⇒ a closed µLFO formula Φ Output: yes, iff s0 ∈ (Φ)Υ In this case, we write Υ |= Φ. Model checking a DCDS Input: a DCDS X a closed µLFO formula Φ Output: yes, iff ΥX |= Φ In this case, we write X |= Φ. Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (8/18)
  10. 10. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Outline 1 Verification Logics 2 First-order µ-Calculus 3 History and Persistence-Preserving µ-Calculus 4 First-order Linear Temporal Logics Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (9/18)
  11. 11. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL History-preserving µ-calculus (µLA) Active-domain quantification: restricted to those individuals present in the current database. ∃x.Φ ∃x.live(x) ∧ Φ ∀x.Φ ∀x.live(x) → Φ where live(x) states that x is present in the current active domain (easily expressible in FO). PDLLTL CTL µL µLA µLFO Note: µLA is a syntactic restriction of µLFO. Example νW.(∀x.live(x) ∧ Student(x) → µZ.(∃y.live(y) ∧ Graduate(x, y) ∨ − Z) ∧ [−]W) Along every path, it is always true, for each student x, that there exists an evolution eventually leading to a graduation of the student (with some final mark y). Note: No guarantee that all such students graduate within the same run. Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (10/18)
  12. 12. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Persistence-preserving µ-calculus (µLP ) In some cases, objects maintain their identity only if they persist in the active domain (cf. business artifacts and their IDs). . . . StudId : 123 . . . StudId : 123 . . .dismiss(123) newStud() ID() = 123 µLP restricts µLA to quantification over persisting objects only, i.e., objects that continue to be live. ∃x.Φ ∃x.live(x) ∧ Φ ∀x.Φ ∀x.live(x) → Φ − Φ(x) live(x) ∧ − Φ(x) (strong persistence) live(x) → − Φ(x) (weak persistence) [−]Φ(x) live(x) ∧ [−]Φ(x) (strong persistence) live(x) → [−]Φ(x) (weak persistence) PDLLTL CTL µL µLP µLA µLFO Note: µLP is a syntactic restriction of µLA. Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (11/18)
  13. 13. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Strong vs. weak persistence Strong persistence: property falsified by an object that disappears νW.(∀x.live(x) ∧ Student(x) → µZ.(∃y.live(y) ∧ Graduate(x, y) ∨ (live(x) ∧ − Z)) ∧ [−]W) Along every path, it is always true, for each student x, that there exists an evolution in which x persists in the database until she eventually graduates. Weak persistence: property verified by an object that disappears νW.(∀x.live(x) ∧ Student(x) → µZ.(∃y.live(y) ∧ Graduate(x, y) ∨ (live(x) → − Z)) ∧ [−]W) Along every path, it is always true, for each student x, that there exists an evolution in which either x does not persist, or she eventually graduates. Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (12/18)
  14. 14. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Outline 1 Verification Logics 2 First-order µ-Calculus 3 History and Persistence-Preserving µ-Calculus 4 First-order Linear Temporal Logics Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (13/18)
  15. 15. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL First-order linear temporal logics for DCDSs LTL-FO extends propositional LTL with the possibility of querying the system states using first-order formulas with quantification across: Φ ::= ϕ | ¬Φ | Φ1 ∧ Φ2 | ∃x.Φ | X Φ | Φ1 U Φ2 We also adopt the standard abbreviations, including: F Φ for true U Φ (Φ holds in the future) G Φ for ¬ F ¬Φ (Φ holds globally) Example ∀x.Student(x) → F ∃y.Graduate(x, y) For each student x (in the current state), x will graduate sometimes in the future (with some final mark y). Note: all encountered students graduate within the same run. Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (14/18)
  16. 16. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Semantics of LTL-FO Formulae of LTL-FOA are interpreted over the infinite runs of a given serial RTS Υ = R, S, s0, db, ⇒ . Serial RTS: every state has at least one successor state. An (infinite) run τ over Υ is an infinite sequence s0s1 · · · of states in S, where the first state of the sequence corresponds to the initial state of Υ, and for every i ∈ N, it is true that si ⇒ si+1. Given j ∈ N, by τ(j) we denote the j-th state sj of τ. We inductively define when τ satisfies an LTL-FOA formula Φ at position i under v, written τ, i, v |=ltl Φ τ, i, v |=ltl ϕ if db(τ(i)), v |= ϕ τ, i, v |=ltl ¬Φ if it is not the case that τ, i, v |=ltl Φ τ, i, v |=ltl Φ1 ∧ Φ2 if τ, i, v |=ltl Φ1 and τ, i, v |=ltl Φ2 τ, i, v |=ltl ∃x.Φ if there exists d ∈ ∆ such that τ, i, v[x/d] |=ltl Φ τ, i, v |=ltl X Φ if τ, i + 1, v |=ltl Φ τ, i, v |=ltl Φ1 U Φ2 if there exists k ≥ i such that τ, k, v |=ltl Φ2 and for every j, if i ≤ j < k then τ, j, v |=ltl Φ1 Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (15/18)
  17. 17. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Model checking LTL-FO When the LTL-FO formula Φ is closed, the satisfaction relation does not depend on the valuation v, and we simply denote satisfaction as τ, i |=ltl Φ. LTL model checking an RTS Input: an RTS Υ = ∆, R, S, s0, db, ⇒ a closed LTL-FO formula Φ Output: yes, iff for every run τ over Υ, τ, 0 |=ltl Φ. In this case, we write Υ |=ltl Φ. LTL Model checking a DCDS Input: a DCDS X a closed LTL-FO formula Φ Output: yes, iff ΥX |=ltl Φ. In this case, we write X |=ltl Φ. Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (16/18)
  18. 18. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL First-order LTL with restricted quantification History-preserving quantification: LTL-FOA FO quantification ranges over current active domain only: ∃x.Φ ∃x.live(x) ∧ Φ ∀x.Φ ∀x.live(x) → Φ Example: ∀x.live(x) ∧ Customer(x) → F Gold(x) Persistence-preserving quantification: LTL-FOP FO quantification ranges over persisting individuals only. ∃x.Φ ∃x.live(x) ∧ Φ ∀x.Φ ∀x.live(x) → Φ X Φ(x) live(x) ∧ X Φ(x) (strong persistence) live(x) → X Φ(x) (weak persistence) Φ1 U Φ2(x) (live(x) ∧ Φ1) U Φ2(x) (s.p.) (live(x) ∧ Φ1) U(live(x) → Φ2(x)) (w.p.) Example: ∀x.(live(x) ∧ Gold(x)) → ¬(live(x) U ¬Gold(x)) LTL LTL-FO LTL-FOA LTL-FOP Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (17/18)
  19. 19. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL LTL with persistence-preserving quantification – Example Consider: ∀x.Gold(x) → G Gold(x) ∀x.Gold(x) → ¬ F ¬Gold(x) ∀x.Gold(x) → ¬(true U ¬Gold(x)) With strong persistence: ∀x.live(x) → (Gold(x) → ¬(live(x) U ¬Gold(x))) ∀x.(live(x) ∧ Gold(x)) → ¬(live(x) U ¬Gold(x)) With weak persistence: ∀x.live(x) → (Gold(x) → ¬(live(x) U(live(x) → ¬Gold(x)))) ∀x.(live(x) ∧ Gold(x)) → ¬(live(x) U(live(x) → ¬Gold(x))) Calvanese, Montali (FUB) Verification of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (18/18)

×