Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
Loading in …5
×

# Verification of Data-Aware Processes at ESSLLI 2017 3/6 - Verification Logics

47 views

Published on

Advanced course in logic and computation at ESSLLI 2017, by Calvanese and Montali, summarizing the main technical results obtained in our 6-year research on the verification of data-aware processes. Part 3/6: verification logics.

Published in: Science
• Full Name
Comment goes here.

Are you sure you want to Yes No
Your message goes here
• Be the first to comment

• Be the first to like this

### Verification of Data-Aware Processes at ESSLLI 2017 3/6 - Verification Logics

1. 1. Veriﬁcation of Data-Aware Processes Veriﬁcation Logics Diego Calvanese, Marco Montali Research Centre for Knowledge and Data (KRDB) Free University of Bozen-Bolzano, Italy KRDB 1 29th European Summer School in Logic, Language, and Information (ESSLLI 2017) Toulouse, France – 17–28 July 2017
2. 2. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Outline 1 Veriﬁcation Logics 2 First-order µ-Calculus 3 History and Persistence-Preserving µ-Calculus 4 First-order Linear Temporal Logics Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (1/18)
3. 3. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Veriﬁcation logics Temporal/dynamic logics expressing (un)desired properties about the dynamic system of interest. Branching-time logics are directly interpreted over the transition system. Notable examples: CTL, µ-calculus Linear-time logics are interpreted over the runs represented by the transition system. A property holds over the transition system if it is true in every run. Notable example: LTL We consider in particular LTL and µ-calculus (µL) as two representative veriﬁcation logics. Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (2/18)
4. 4. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL The veriﬁcation logic µL Remember that µL: Is equipped with two local temporal operators to move over one ( − ) or all ([−]) successors of the current state. Employs ﬁxpoint constructs to express sophisticated properties deﬁned via induction or co-induction. Subsumes virtually all propositional temporal/dynamic logics, such as PDL, LTL, CTL, CTL*. Note: The encoding into µL of linear-time properties incurs in an exponential blow-up. Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (3/18)
5. 5. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Veriﬁcation logics for DCDSs Propositional temporal logics do not suﬃce! We need ﬁrst-order temporal logics: To inspect data: FO queries To capture system dynamics: temporal modalities To track the evolution of objects: FO quantiﬁcation across states Example: It is always the case that every order is eventually either cancelled or paid. G(∀x.Order(x) → F(State(x, cancelled) ∨ State(x, paid))) Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (4/18)
6. 6. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Outline 1 Veriﬁcation Logics 2 First-order µ-Calculus 3 History and Persistence-Preserving µ-Calculus 4 First-order Linear Temporal Logics Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (5/18)
7. 7. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL First-order µ-calculi for DCDSs We employ variants of ﬁrst-order µ-calculus (µLFO): Φ ::= Q | ¬Φ | Φ1 ∧ Φ2 | ∃x.Φ | − Φ | Z | µZ.Φ Extends the propositional µ-calculus µL with ﬁrst-order quantiﬁcation. The ﬁrst-order quantiﬁers range over all objects in the transition system (and not only over those in the current state or in the current run). PDLLTL CTL µL µLFO We also adopt the standard abbreviations, including: [−]Φ for ¬ − ¬Φ νZ.Φ for ¬µZ.Φ[Z/¬Z] Example ∀x.Student(x) → µZ.((∃y.Graduate(x, y)) ∨ − Z) For each student x (in the current state), there exists an evolution that eventually leads to the graduation of x (with some ﬁnal mark y). Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (6/18)
8. 8. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Semantics of µLFO µLFO formulae: interpreted over RTS Υ = ∆, R, S, s0, db, ⇒ , using valuations: v: individual variable valuation mapping each individual variable x to a value in ∆. V : predicate variable valuation, parameterized by v, and mapping each predicate variable Z to a subset V (v, Z) of S. Evaluation of a µLFO formula Φ over Υ: given by an extension function (Φ)Υ (v,V ) mapping Φ to the set of states in S where Φ holds. (ϕ)Υ (v,V ) = {s | s ∈ S and db(s), v |= ϕ} (¬Φ)Υ (v,V ) = S (Φ)Υ (v,V ) (Φ1 ∧ Φ2)Υ (v,V ) = (Φ1)Υ (v,V ) ∩ (Φ2)Υ (v,V ) (∃x.Φ)Υ (v,V ) = {s ∈ S | ∃d ∈ ∆.s ∈ (Φ)Υ (v,V )[x/d]} ( − Φ)Υ (v,V ) = {s ∈ S | ∃s ∈ S.s ⇒ s and s ∈ (Φ)Υ (v,V )} (Z)Υ (v,V ) = V (v, Z) (µZ.Φ)Υ (v,V ) = {E ⊆ S | (Φ)Υ (v,V )[Z/E] ⊆ E} stands for (v , V ), where v is as v except that v (x) = d stands for (v, V ), where V is as V except that V (v, Z) = E Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (7/18)
9. 9. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Model checking µLFO When the µLFO formula Φ is closed, (Φ)Υ (v,V ) does not depend on the valuations v and V , and we simply denote it as (Φ)Υ . Model checking an RTS Input: an RTS Υ = ∆, R, S, s0, db, ⇒ a closed µLFO formula Φ Output: yes, iﬀ s0 ∈ (Φ)Υ In this case, we write Υ |= Φ. Model checking a DCDS Input: a DCDS X a closed µLFO formula Φ Output: yes, iﬀ ΥX |= Φ In this case, we write X |= Φ. Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (8/18)
10. 10. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Outline 1 Veriﬁcation Logics 2 First-order µ-Calculus 3 History and Persistence-Preserving µ-Calculus 4 First-order Linear Temporal Logics Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (9/18)
11. 11. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL History-preserving µ-calculus (µLA) Active-domain quantiﬁcation: restricted to those individuals present in the current database. ∃x.Φ ∃x.live(x) ∧ Φ ∀x.Φ ∀x.live(x) → Φ where live(x) states that x is present in the current active domain (easily expressible in FO). PDLLTL CTL µL µLA µLFO Note: µLA is a syntactic restriction of µLFO. Example νW.(∀x.live(x) ∧ Student(x) → µZ.(∃y.live(y) ∧ Graduate(x, y) ∨ − Z) ∧ [−]W) Along every path, it is always true, for each student x, that there exists an evolution eventually leading to a graduation of the student (with some ﬁnal mark y). Note: No guarantee that all such students graduate within the same run. Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (10/18)
12. 12. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Persistence-preserving µ-calculus (µLP ) In some cases, objects maintain their identity only if they persist in the active domain (cf. business artifacts and their IDs). . . . StudId : 123 . . . StudId : 123 . . .dismiss(123) newStud() ID() = 123 µLP restricts µLA to quantiﬁcation over persisting objects only, i.e., objects that continue to be live. ∃x.Φ ∃x.live(x) ∧ Φ ∀x.Φ ∀x.live(x) → Φ − Φ(x) live(x) ∧ − Φ(x) (strong persistence) live(x) → − Φ(x) (weak persistence) [−]Φ(x) live(x) ∧ [−]Φ(x) (strong persistence) live(x) → [−]Φ(x) (weak persistence) PDLLTL CTL µL µLP µLA µLFO Note: µLP is a syntactic restriction of µLA. Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (11/18)
13. 13. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Strong vs. weak persistence Strong persistence: property falsiﬁed by an object that disappears νW.(∀x.live(x) ∧ Student(x) → µZ.(∃y.live(y) ∧ Graduate(x, y) ∨ (live(x) ∧ − Z)) ∧ [−]W) Along every path, it is always true, for each student x, that there exists an evolution in which x persists in the database until she eventually graduates. Weak persistence: property veriﬁed by an object that disappears νW.(∀x.live(x) ∧ Student(x) → µZ.(∃y.live(y) ∧ Graduate(x, y) ∨ (live(x) → − Z)) ∧ [−]W) Along every path, it is always true, for each student x, that there exists an evolution in which either x does not persist, or she eventually graduates. Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (12/18)
14. 14. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Outline 1 Veriﬁcation Logics 2 First-order µ-Calculus 3 History and Persistence-Preserving µ-Calculus 4 First-order Linear Temporal Logics Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (13/18)
15. 15. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL First-order linear temporal logics for DCDSs LTL-FO extends propositional LTL with the possibility of querying the system states using ﬁrst-order formulas with quantiﬁcation across: Φ ::= ϕ | ¬Φ | Φ1 ∧ Φ2 | ∃x.Φ | X Φ | Φ1 U Φ2 We also adopt the standard abbreviations, including: F Φ for true U Φ (Φ holds in the future) G Φ for ¬ F ¬Φ (Φ holds globally) Example ∀x.Student(x) → F ∃y.Graduate(x, y) For each student x (in the current state), x will graduate sometimes in the future (with some ﬁnal mark y). Note: all encountered students graduate within the same run. Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (14/18)
16. 16. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Semantics of LTL-FO Formulae of LTL-FOA are interpreted over the inﬁnite runs of a given serial RTS Υ = R, S, s0, db, ⇒ . Serial RTS: every state has at least one successor state. An (inﬁnite) run τ over Υ is an inﬁnite sequence s0s1 · · · of states in S, where the ﬁrst state of the sequence corresponds to the initial state of Υ, and for every i ∈ N, it is true that si ⇒ si+1. Given j ∈ N, by τ(j) we denote the j-th state sj of τ. We inductively deﬁne when τ satisﬁes an LTL-FOA formula Φ at position i under v, written τ, i, v |=ltl Φ τ, i, v |=ltl ϕ if db(τ(i)), v |= ϕ τ, i, v |=ltl ¬Φ if it is not the case that τ, i, v |=ltl Φ τ, i, v |=ltl Φ1 ∧ Φ2 if τ, i, v |=ltl Φ1 and τ, i, v |=ltl Φ2 τ, i, v |=ltl ∃x.Φ if there exists d ∈ ∆ such that τ, i, v[x/d] |=ltl Φ τ, i, v |=ltl X Φ if τ, i + 1, v |=ltl Φ τ, i, v |=ltl Φ1 U Φ2 if there exists k ≥ i such that τ, k, v |=ltl Φ2 and for every j, if i ≤ j < k then τ, j, v |=ltl Φ1 Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (15/18)
17. 17. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL Model checking LTL-FO When the LTL-FO formula Φ is closed, the satisfaction relation does not depend on the valuation v, and we simply denote satisfaction as τ, i |=ltl Φ. LTL model checking an RTS Input: an RTS Υ = ∆, R, S, s0, db, ⇒ a closed LTL-FO formula Φ Output: yes, iﬀ for every run τ over Υ, τ, 0 |=ltl Φ. In this case, we write Υ |=ltl Φ. LTL Model checking a DCDS Input: a DCDS X a closed LTL-FO formula Φ Output: yes, iﬀ ΥX |=ltl Φ. In this case, we write X |=ltl Φ. Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (16/18)
18. 18. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL First-order LTL with restricted quantiﬁcation History-preserving quantiﬁcation: LTL-FOA FO quantiﬁcation ranges over current active domain only: ∃x.Φ ∃x.live(x) ∧ Φ ∀x.Φ ∀x.live(x) → Φ Example: ∀x.live(x) ∧ Customer(x) → F Gold(x) Persistence-preserving quantiﬁcation: LTL-FOP FO quantiﬁcation ranges over persisting individuals only. ∃x.Φ ∃x.live(x) ∧ Φ ∀x.Φ ∀x.live(x) → Φ X Φ(x) live(x) ∧ X Φ(x) (strong persistence) live(x) → X Φ(x) (weak persistence) Φ1 U Φ2(x) (live(x) ∧ Φ1) U Φ2(x) (s.p.) (live(x) ∧ Φ1) U(live(x) → Φ2(x)) (w.p.) Example: ∀x.(live(x) ∧ Gold(x)) → ¬(live(x) U ¬Gold(x)) LTL LTL-FO LTL-FOA LTL-FOP Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (17/18)
19. 19. Logics First-order µ-Calculus Restricted µ-calculi First-order LTL LTL with persistence-preserving quantiﬁcation – Example Consider: ∀x.Gold(x) → G Gold(x) ∀x.Gold(x) → ¬ F ¬Gold(x) ∀x.Gold(x) → ¬(true U ¬Gold(x)) With strong persistence: ∀x.live(x) → (Gold(x) → ¬(live(x) U ¬Gold(x))) ∀x.(live(x) ∧ Gold(x)) → ¬(live(x) U ¬Gold(x)) With weak persistence: ∀x.live(x) → (Gold(x) → ¬(live(x) U(live(x) → ¬Gold(x)))) ∀x.(live(x) ∧ Gold(x)) → ¬(live(x) U(live(x) → ¬Gold(x))) Calvanese, Montali (FUB) Veriﬁcation of Data-Aware Processes ESSLLI 2017 – 24–28/07/2017 (18/18)