Relations as Executable Specifications
•
0 likes•413 views
This document discusses using relations and relational calculus to specify programs in a more natural way. It proposes enhancing data types with invariants to tame non-determinism and partiality in relational specifications. This allows inferring checkable domain and range predicates for relations to optimize execution. Bidirectional transformations are also specified relationally to maximize updatability.
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Relations as Executable Specifications
Similar to Relations as Executable Specifications (20)
Recently uploaded
Recently uploaded (20)
Relations as Executable Specifications
- 1. Relations as Executable Specifications Taming Partiality and Non-determinism Using Invariants Nuno Macedo Hugo Pacheco Alcino Cunha HASLab — High Assurance Software Laboratory INESC TEC & Universidade do Minho, Braga, Portugal RAMiCS 13 September 20, 2012, Cambridge
- 2. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Introduction • Relational calculus provides a more natural way to specify programs; • Many programs are partial and non-deterministic; • A point-free (PF) version has been used in a variety of computer science areas; • Such specifications are not amenable for execution. Nuno Macedo, Hugo Pacheco, Alcino Cunha 2 / 21
- 3. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Motivating Example (id id)◦ ◦ (head◦ length◦ ) : Nat → [Nat] • Calculates a list with length n and the same n at its head; • Not total nor functional; • Very inefficient given a naive semantics; • head◦ could be generating all lists by increasing length and never reach n. (id4id) (id4id) Nuno Macedo, Hugo Pacheco, Alcino Cunha head 4length (head 4length ) 3 / 21
- 4. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Motivating Example • We can predict the behavior of partial expressions by calculating the exact domain and range; • They can also be used to narrow non-deterministic executions. ●{(l, l0 ) 2 [Nat] ⇥ [Nat]|head l = length l0 ^ l = l0 } (id4id) ●{l 2 [Nat]|head l = length l} Nuno Macedo, Hugo Pacheco, Alcino Cunha (id4id) head 4length (head 4length ) ●{n 2 Nat|n 6= 0} 4 / 21
- 5. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Taming Partiality and Non-determinism • We propose a PF relational framework where data-types are enhanced with invariants; • The simplicity of the PF calculus allows us to develop practical type-inference and type-checking algorithms; • Those invariants can then used to run the specifications more efficiently; • Bidirectional transformations are our application scenario. Nuno Macedo, Hugo Pacheco, Alcino Cunha 5 / 21
- 6. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions PF Relational Calculus Identity Top Bottom Converse Composition Intersection Union Split Projections Either Injections Constants Conditional id : A → A :A→B ⊥:A→B ·◦ : (A → B) → (B → A) · ◦ · : (B → C ) → (A → B) → (A → C ) · ∩ · : (A → B) → (A → B) → (A → B) · ∪ · : (A → B) → (A → B) → (A → B) · · : (A → B) → (A → C ) → (A → B × C ) π1 : A × B → A and π2 : A × B → B · · : (B → A) → (C → A) → (B + C → A) i1 : A → (A + B) and i2 : B → (A + B) ! : A → 1 and · : B → (A → B) · ? :(A → A) → (A → A + A) • The simple equational rules are harnessed in a strategic rewrite system that simplifies expressions. Nuno Macedo, Hugo Pacheco, Alcino Cunha 6 / 21
- 7. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Membership Semantics a id a a R◦ b b S ◦R a b R ∩S a b R ∪S a (b, c) R S a a π1 (a, b) b π2 (a, b) a R S (Left b) a R S (Right c) (Left a ) i1 a (Left a ) i2 b (Right b ) i1 a (Right b ) i2 b b a b ⊥ a 1 ! a b b a Nuno Macedo, Hugo Pacheco, Alcino Cunha =a≡a =b R a = ∃ c. b S c =b R a∧b =b R a∨b =b R a∧c =a≡a =b≡b =a R b =a S c =a≡b = False = False =a≡b = True = False = True =b≡b ∧c R a S a S a S a 7 / 21
- 8. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Execution Semantics | id | | R◦ | |S ◦R| |R ∩S| |R ∪S| |R S| | π1 | | π2 | |R S| |R S| | i1 | | i2 | | | |⊥| |!| |b| a b a a a a (a, b) (a, b) (Left b) (Right c) a b a a a a Nuno Macedo, Hugo Pacheco, Alcino Cunha = {a} = {a | a ← A, a R ◦ b } = {b | c ← | R | a, b ← | S | c } = {b | b ← | R | a, b S a} = |R| a ∪ |S| a = {(b, c) | b ← | R | a, c ← | S | a} = {a} = {b } = |R| b = |S| c = {Left a} = {Right b } =B = {} = {1} = {b } 8 / 21
- 9. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Predicates as Coreflexives • Domain δR and range ρR are predicates that can be defined as coreflexives; • Coreflexives Φ : A → A are relations smaller than the identity; • If a satisfies the predicate Φ then a Φ a; • For pairs A × B related by R : A → B, the invariant is lifted as [R] : A × B → A × B; • Invariants on coproducts are simply the coproduct Φ + Ψ; • R : Φ → Ψ denotes δR = Φ and ρR = Ψ. Nuno Macedo, Hugo Pacheco, Alcino Cunha 9 / 21
- 10. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Inferring Checkable Invariants • Domain and range can be directly computed as δR = R ◦ ◦ R ∩ id and ρR = R ◦ R ◦ ∩ id; • May result in inefficient membership tests (due to composition); • By expanding the definition, we define an equivalent definition with most compositions removed; • Others will fall in the special case b (f ◦ ◦ R ◦ g ) a ≡ (f b) R (g a); • The rewriting system further simplifies the formula and issues a warning if problematic expressions remain. Nuno Macedo, Hugo Pacheco, Alcino Cunha 10 / 21
- 11. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Example (id id)◦ ◦ (head◦ length◦ ) : Nat → [Nat] ρ((id id)◦ ◦ (head◦ length◦ )) ={Range definition} ρ((id id)◦ ◦ ρ(head◦ length◦ )) ={Range definition} ρ((id id)◦ ◦ [length◦ ◦ head]) ={Range definition} δ([length◦ ◦ head] ◦ (id id)) ={Domain definition, Simplifications : PF Laws} (head◦ ◦ length) ∩ id (id id)◦ ◦(length◦ head◦ ):inN ◦(⊥+id)◦outN → (head◦ ◦length)∩id Nuno Macedo, Hugo Pacheco, Alcino Cunha 11 / 21
- 12. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Optimizing Non-deterministic Executions • After determining the domain and range, they can be propagated down to primitives, • This reduces the generation of irrelevant intermediate values; | id : Φ → Ψ | a = | Ψ | a | π1 : [U ] → Ψ | (a, b) = | Ψ | a | R ◦ S : Φ → Ψ | a = {b | c ← | S : Φ → δR | a, b ← | R : ρS → Ψ | c } | R ∩ S : Φ → Ψ | a = {b | b ← | R : Φ ∩ δS → ρ(Ψ ◦ S ◦ a) | a} Nuno Macedo, Hugo Pacheco, Alcino Cunha 12 / 21
- 13. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Recursive Relations with Invariants • We support the well-know recursion patterns of catamorphisms (folds) and anamorphisms (unfolds); • Execution is not problematic, as it is performed by unfolding their definitions; • However, there is no known normal form for invariants over recursive types; • The rewrite system tries to simplify the generic domain/range expression. Nuno Macedo, Hugo Pacheco, Alcino Cunha 13 / 21
- 14. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Recursive Relations: Example unzip : [A × B ] → [A] × [B ] ρunzip ={Range definition} (unzip ◦ unzip◦ ) ∩ id ={Simplifications : unzip is functional, Liftify : range of unzip is a product} ◦ [π2 ◦ unzip ◦ unzip◦ ◦ π1 ] ={Catamorphism fusion : π1 ◦ g = nil (cons ◦ (π1 × id)) ◦ F π1 } [( |nil (cons ◦ (π1 × id))| ◦ ( ) |nil (cons ◦ (π2 × id))| ◦ ] ) ={Definitions : map} [(map π1 ) ◦ (map π2 )◦ ] ={Simplifications : map converse, map fusion (see below )} ◦ [map (π1 ◦ π2 )] ={Simplifications : PF Laws} [map ] unzip : id → [map Nuno Macedo, Hugo Pacheco, Alcino Cunha ] 14 / 21
- 15. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Bidirectional Transformations • Bidirectional transformations are transformations between data-structures that may be applied in both directions; • Defining the transformations individually is expensive and error-prone; • BXs should be inferred a single specification; • We propose a solution using the relational calculus. Nuno Macedo, Hugo Pacheco, Alcino Cunha 15 / 21
- 16. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Bidirectional Transformations • Lenses are one of the most famous BX frameworks; • A lens S V between sources S and more abstract views V consists of transformations Get : S → V and Put : V × S → S; • It is said to be well-behaved if: • Get ◦ Put ⊆ π1 (acceptability); • Put ◦ (Get id) ⊆ id (stability); • Usually there are multiple valid Puts, but existing frameworks are deterministic. Nuno Macedo, Hugo Pacheco, Alcino Cunha 16 / 21
- 17. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Bidirectional Transformations • In principle, it is possible to lift any functional expression to a well-behaved lens; • Existing frameworks either: • Have maximum updatability but disregard some operators; • Refine the type-system to allow operators with smaller updatability; • Support any operator but disregard updatability; ? ? ? • We refine the type-system and guarantee maximum updatability. Nuno Macedo, Hugo Pacheco, Alcino Cunha 17 / 21
- 18. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Generic Non-deterministic Lenses • Using relational calculus we can define a generic Put that is the largest relation that satisfies the properties; • A transformation get : A → B can be lifted to a well-behaved non-deterministic lens get : δget Put = (π2 ρget, with (get◦ ◦ π1 )) ◦ [get◦ ] ? • Emerges naturally from the lens laws: • [get◦ ] ? (v , s) tests if v was changed, returning either the original s (acceptability), or any source s such that s = get v (stability); • Maximum updatability: δPut = ρget × δget. Nuno Macedo, Hugo Pacheco, Alcino Cunha 18 / 21
- 19. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Generic Non-deterministic Lenses • Type-checking over δget and ρget directly could be undecidable and due to the central role of the converse, Put can not be directly executed; • Both these issues can be addressed by the optimizations already presented; • Forward transformations are functional so problematic cases are very limited: • Regarding type-checking, only particular ranges of splits are possibly undecidable; • The backward transformation can be efficiently executed; • Recursive expressions are also supported as they preserve the functionality of their algebras. Nuno Macedo, Hugo Pacheco, Alcino Cunha 19 / 21
- 20. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Generic Non-deterministic Lenses: Example π1 id : id ◦ [π1 ] ◦ • The range is [π1 ] : A × (A × B) → A × (A × B), so Put only takes views (a, (b, c)) where a ≡ b; ◦ id)◦ will run, and π1 could generate all pairs until reaching (a, c); • When the view is updated, (π1 • With our optimization, the output of π1 is restricted to have c in the second element. Nuno Macedo, Hugo Pacheco, Alcino Cunha 20 / 21
- 21. Introduction Relational Calculus Optimizations Recursion Bidirectional Transformations Conclusions Conclusions • We have presented mechanisms for the efficient execution PF relational expressions over data-types with invariants; • Regarding BX, we identify an open problem in the composition of lenses; • By modeling lenses in this framework we were able to implement an expressive PF BX language with maximum updatability; • Researching possible normal forms for invariants over recursive types; • Exploring mechanisms for a better control of the non-determinism through user-defined quality measures. Nuno Macedo, Hugo Pacheco, Alcino Cunha 21 / 21