ebook img

Graph Abstraction and Abstract Graph Transformation PDF

52 Pages·2007·0.6 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Graph Abstraction and Abstract Graph Transformation

View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Universiteit Twente Repository Graph Abstraction and Abstract Graph Transformation IovkaBoneva1 ArendRensink1 MarcosE.Kurba´n3 Jo¨rgBauer2 1 FormalMethodsandToolsGroup,EWI-INF,UniversityofTwente POBox217,7500AE,Enschede,TheNetherlands {bonevai,rensink}@cs.utwente.nl 2 InformaticsandMathematicalModelling,TechnicalUniversityofDenmark, Building322,DK-2800KongensLyngby,Denmark Email:[email protected] 3 FormermemberofFormalMethodsandToolsGroup,EWI-INF,UniversityofTwente Abstract Manyimportantsystemslikeconcurrentheap-manipulatingprograms,communicationnetworks, ordistributedalgorithmsarehardtoverifyduetotheirinherentdynamicsandunboundedness. Graphsare an intuitiverepresentation of statesof thesesystems, wheretransitions can be conveniently described by graphtransformationrules. Wepresentaframeworkfortheabstractionofgraphssupportingabstractgraphtransformation.Theabstrac- tionmethodnaturallygeneralisespreviousapproachestoabstractgraphtransformation.Thesetofpossible abstractgraphsisfinite.Thishasthepleasantconsequenceofgeneratingafinitetransitionsystemforany startgraphandanyfinitesetoftransformationrules.Moreover,abstractionpreservesasimplelogicforex- pressingpropertiesongraphnodes.Theprecisionoftheabstractioncanbeadjustedaccordingtoproperties expressedinthislogictobeverified. Contents 1 Introduction .................................................................... 4 1.1 GraphTransformations forSystemAnalysis..................................... 4 1.2 Contributions............................................................... 4 2 GraphsandGraphTransformations................................................. 5 3 GraphAbstraction ............................................................... 7 3.1 Multiplicities............................................................... 8 3.2 ShapesandShaping ......................................................... 8 3.3 Abstraction Morphism andIsomorphism ofShapes............................... 12 3.4 Neighbourhood Shapes ...................................................... 14 4 CanonicalShapes ............................................................... 17 4.1 Canonical Names ........................................................... 18 4.2 Canonical Representation ofNeighbourhood Shapes.............................. 18 4.3 Canonical Shapes ........................................................... 19 5 ShapeTransformations ........................................................... 21 5.1 Transformations ofShapes ................................................... 21 5.2 Properties ofShapeTransformations ........................................... 23 5.3 UsingShapeTransformations ................................................. 26 6 Materialisation andNormalisation.................................................. 27 6.1 DefinitionoftheSetofMaterialisations ........................................ 27 6.2 EffectiveConstruction ofM.................................................. 29 6.3 Normalisation .............................................................. 30 6.4 BacktotheConstruction oftheAbstractLabelledTransitionSystem ................ 30 7 AModalLogicforGraphsandShapes.............................................. 31 7.1 SyntaxoftheLogic ......................................................... 31 7.2 Satisfaction onGraphsandShapes............................................. 32 7.3 Preservation byAbstraction Morphism ......................................... 32 7.4 Preservation andReflectionforNeighbourhood Shaping........................... 34 7.5 Relationship betweentheLogicandNeighbourhood Shaping ...................... 34 8 RelatedWork ................................................................... 35 9 ConclusionandFurtherDirections ................................................. 36 Bibliography ...................................................................... 37 Appendices........................................................................ 39 A ProofofProposition 12........................................................... 39 B ProofofLemma23 ............................................................. 39 B.1 ProofoftheStatement1 ..................................................... 40 B.2 ProofofStatement2......................................................... 41 B.3 ProofsofLemma57andCorollary58.......................................... 41 C ProofofLemma24 .............................................................. 44 D ProofofLemma29 .............................................................. 45 E ProofofProposition 51........................................................... 46 E.1 Preservation................................................................ 48 E.2 Reflection ................................................................. 49 E.3 Preservation andreflection.................................................... 49 F ProofofLemma45 .............................................................. 50 G ProofofLemma55 .............................................................. 51 3 1 Introduction Graphsconstituteanimportantmeansofrepresentationofthestateofasystem.Interestingqualitiesof agivenstate havenatural graph-theoretic counterparts. Specially ifthesystem inquestion isonethat manipulatesthememory“heap”.Also,theirinherentgraphicalrepresentation makesthemthe“lingua franca”ofsoftwareengineering, theyaregoodtoconveyideasbackandforthbetweendifferentcom- munitiessuchasformalverificationandspecification, softwareengineering andevenendusers.Ifwe add the concept of graph transformation for modelling transitions between system states, we form a frameworkthatwillallowpeopletotalkaboutboththestatesofasystemandhowitevolvesintime. ThispaperpresentsworkcarriedoutinthecontextoftheGROOVE projectthatseekstodevelop suchaframeworkforsoftwareverification:statesofasoftwaresystemarerepresented bygraphsand statements of a programming language are given the semantics of graph transformation rules. As an example,onFigure1isdepictedapossiblegraphrepresentationofalist.Addinganewelementtothe list consists increating anew node labelled Cell withpossibly associated Object-node, and inserting itinthedesiredplaceinthelist.Removinganelementfromthelistandmanyotherlistoperationscan alsobeseenasgraphtransformations. 1.1 GraphTransformationsforSystemAnalysis A graph transformation rule p : L → R is given by its name p and a couple of graphs L,R, often called left-hand side andright-hand side, respectively. Performing agraph transformation onagraph G using the rule p can be seen as finding a subgraph of G that is isomorphic to L and replacing it with R. Systems and system behaviour can be modelled by graphs and graph transformations. Let G be a graph representing an initial state of a system (e.g.the list on Figure 1) and let P be a set 0 of transformation rules encoding all possible transitions of the system (e.g.operations on lists). It is possibletoexploreallpossibleaccessibleconfigurationsandevolutionsofthesystemgivenbyG and 0 P. This is done by applying all possible transformations from P to the start graph G and repeating 0 ititerativelytoallgraphsresultingfromthesetransformations. Thisgivesrisetoalabelledtransitions system whose states are graphs and whose transitions are applications ofgraph transformation rules. One can then verify properties, e.g.temporal properties, on the system using the transition system. The GROOVE tool [10] allows to construct (final portions of) such transition systems and verify temporalproperties usingCTLlogic. Problemsdoarisewhenapproachingthistask.Onesuchproblemisthepossibleinfinitebehaviour of a system which in most cases makes it impossible to study the whole behaviour of the system. Another problem isspace: evenforafinite statespace, each state canbequite big torepresent ifone does it naively. A usual way to circumvent these two problems is abstraction. In Section 8 we will describe severalrelatedapproaches thatexist. 1.2 Contributions Inpreviousworksomeoftheauthorshaveproposedabstractiontechniquesinwhichgraphnodeswith similarincomingandoutgoingedges[9]orsimilardirectneighbours[2]aresummarisedintoasingle one. Such abstract graphs have sometimes been called shapes [14,9] and we borrow here the same vocabulary. The number of possible such shapes is bounded. This, combined with a suitable notion of graph transformations for abstract graphs [11], guarantees a finite number of states of a transition system. Asafirstcontribution ofthepaper weintroduce afamily ofneighbourhood shapes as apartof a generalabstraction mechanismthatsubsumesprevious works.Fortheabstraction, nodesaregrouped 4 Figure1.Graphrepresentation ofalistwithfourelements.EachCellcontainsapointertotheObject storedintoitviaaVal-edge,andpossibly apointertothenextcellviaaNext-edge. if they have similar neighbourhood up to some “radius” i, parameter of the abstraction. This allows ustohaveabstractions withdifferentprecisions. Additionally, thenumberofpossible neighbourhood shapes isbounded. Moreover, wedefinegraph transformations forour neighbourhood shapes, which allowstoover-approximate systembehaviour whilekeeping afinitestatespace. Our second contribution is a logic that goes hand-in-hand with our abstraction method. That is, given a formula describing a property we are interested in, our abstraction method will guarantee that a) if the formula holds for the original graph, then it holds for the abstracted graph (we call this property preservation); and b) if the formula holds for the abstracted graph, then it holds for the original onetoo(wecallthisreflection). Finally,alltheseingredients canbecombinedfordefiningafullyautomaticmethodwhich,given an initial graph, a set of graph transformation rules and a set of logic properties on the reachable graphs we are interested in, will construct a finite state abstract labelled transition system on which theseproperties canbeverified. Thepresentpaperisstructuredasfollows.Section2introducesgraphsandgraphtransformations. Section 3 introduces the general abstraction mechanism as well as so called neighbourhood shapes. In Section 4 are defined canonical shapes, which are a family of shapes including neighbourhood shapes that enjoy the good property of having a unique representation. Then in Sections 5 and 6 we definetransformationsonshapesanddescribehowitcanbeusedforapproximatingsystembehaviour into finite labelled transition systems. In Section 7 we introduce a modal logic that is preserved and reflected by the neighbourhood shaping mechanism. Section 8 describes some related work. Finally, weconclude inSection9. 2 Graphs and GraphTransformations Weare interested in finite graphs whose edges and nodes are labelled from a finite set of labels Lab. Formally,wedonotassociate labels withthenodesofthegraph, weuseinstead specialedges whose target is a particular object ⊥ not in the set of nodes of the graph. This in particular allows to have nodes with multiple labels, which shows to be very useful for modelling with graphs. Moreover, we authorise multiple parallel edges,iethere can be several different edges having the same source and targetnodesandthesamelabel. Definition1 (graph). AgraphGisatuple(N ,E ,src ,tgt ,lab )where G G G G G – N isafinitesetofnodes, G – E isafinitesetofedgesdisjoint fromN , G G – src : E → N andtgt : E → N ∪{⊥}with⊥ 6∈ (N ∪E )aremappings associating G G G G G G G G witheachedgeitssourceandtargetnodes, respectively, and – lab :E → Labislabelling mapfortheedgesofthegraph. ◭ G G 5 The mapping lab is extended on nodes to designate the set of labels of a node,ielab (v) = {a ∈ G G Lab | ∃e ∈ E : src (e) = v,tgt (e) = ⊥,lab (e) = a}. 1 We will denote as v(cid:3)a and v(cid:1)a the G G G G G G setofa-outgoing edges anda-incoming edgesofthenodev,respectively. Thatis,v(cid:3)a = {e ∈ E | G G src (e) = v,lab (e) = a} and symmetrically for v(cid:1)a . For a set of nodes V, V(cid:3)a (resp. V(cid:1)a ) is G G G G G theextensionof(cid:3)a (resp.(cid:1)a )onsets.Finally,forX,Y setsofnodesornodes,wedenoteX(cid:3)(cid:3)a Y G G G the set of edges labelled a and going from X to Y,ieX (cid:3)(cid:3)a Y = X (cid:3)a ∩Y(cid:1)a. When the graph G G G Gisclearfromthecontext, wemayomitthesubscript GinN ,E ,src ,tgt ,lab ,(cid:3)a ,(cid:1)a ,and G G G G G G G (cid:3)(cid:3)a . G Definition2 (graphmorphism). IfGandH aregraphs,agraphmorphismf :G → H isafunction fromN ∪E ∪{⊥}toN ∪E ∪{⊥}suchthat G G H H – f preserves ⊥,ief(⊥)= ⊥,f−1(⊥) = {⊥}, – f mapsnodestonodesandedgestoedges,ief(N ) ⊆ N ,f(E ) ⊆ E , G H G H – f iscompatiblewithsourceandtargetmappings,iesrc ◦f = f◦src ,andtgt ◦f = f◦tgt , H G H G and – f preserves labels, f ◦lab = lab . ◭ G H A morphism f is called injective (resp. surjective, resp. bijective) if it defines an injective (resp. surjective, resp.bijective) map.Abijectivemorphism isalsocalledanisomorphism. Forthesakeofclarity,inthesequelofthepaperweignorethenode⊥andsimplytalkaboutnode labels. Itiseasytoseethatalltheproofscanbeadaptedtothisformaldefinitionusingthe⊥node. BackgroundonGraphTransformations Let’s start with some notations for functions. For a set A, we denote id the identity function on A. A For two functions f,g, we denote f ∪ g their union, that is, f ∪g is the function whose domain is theunionofthedomainsoff andg andwhoseco-domainistheunionoftheco-domains off andg. Theunionoffunctions isdefinedonlyifforanyxbelonging bothtothedomainsoff andg,f andg agreeontheirvalueforx. Definition3 (Production Rule). A graph production rule P is a pair of graphs (L,R), called left- handsideandright-handsiderespectively.AproductionrulecanbeviewedasthesinglegraphL∪R. Inthiscasewedistinguish thefollowingsets: – Ndel = N rN andEnew = E rE aretheelementstobedeleted; P L R P L R – Nnew = N rN andEnew = E rE aretheelementstobecreated; P R L P R L – Nuse = N ∩N andEnew = E ∩E aretheelementsthatremainunchanged. P R L P R L Thesubscript P isomittedwhenclearfromthecontext. Definition4 (GraphTransformation). LetGbeagraphandP = (L,R)beaproductionrulesuch thatGandP aredisjoint.AmatchingmforP intoGisaninjectivemorphismm : L → Gsatisfying the so called dangling edges application condition : for any edge e of G, if src(e) ∈ m(Ndel) or tgt(e) ∈ m(Ndel),thene∈ m(Edel). IfmisamatchingforP intoG,thenthetransformation ofGaccording toP andmisthegraph H definedasfollows(withm′ :P → Gthemorphismm∪id ): Nnew∪Enew – N = (N rm(Ndel))∪Nnew; H G 1NotethatlabG(e)isalabelforanedgee,andlabG(v)isasetoflabelsforanodev. 6 Figure2. Example of a production rule P = (L,R) and its application to a graph G via matching m : L → G. The rule morphism p is indicated by the dotted lines. For the sake of readability, the matching m : L → Gisindicated byhighlighting itsimagem(L)inG.ThehostgraphGrepresents a list with two elements with some additional object in the environment. The application of the rule resultsinaddinganewelementattheheadofthelist. – E = (E rm(Edel))∪Enew; H G – src = src ∪m′◦src restricted toE ; H G P H – tgt = tgt ∪m′◦tgt restricted toE ; H G P H – lab = lab ∪lab restricted toE . H G P H P,m We write G −→ H to designate that m is a matching for P in G and H is the graph resulting fromthetransformation. ◭ The dangling edges application condition is standard in so called double push-out approach for graph transformation. It ensures that performing a transformation does not introduce dangling edges (edgeswithoutsourceortargetnode). OnFigure2isdepicted aproduction ruleaimingtoaddanelementinheadofalist,aswellasan exampleapplication ofthisrule. 3 Graph Abstraction Itthissectionabstractgraphsarecalledshapes.Thename“shape”comesfromworkinshapeanalysis [14],whereabstractgraphsareusedtorepresentpointerstructures.Anynodeandanyedgeofagiven shapemayrepresent severalnodes/edges ofsomeconcrete graph. Wewantittocarryinformation on the number of summarised nodes/edges. For defining interesting abstractions, it seems necessary for this multiplicity information to be approximate: think for instance about abstracting a list indepen- dently of its length. In Section 3.1 we introduce the notion of multiplicity for handling approximate information on cardinals of sets. Then, in Section 3.2 we define the shapes that we consider, as well astheabstractionmechanismcalledshaping.Itisessentiallyamorphismfromagraphtoashapethat satisfiessomeconditions. 7 Shapes may be more or less abstract. In particular, a shape may be abstracted to another shape. This yields a sub-shape relation between shapes. We define sub-shaping in Section 3.3. In the same section, we also define isomorphism of shapes and show that isomorphic shapes represent the same setsofconcretegraphs. Finally, in Section 3.4 we define a particular family of shapes called neighbourhood shapes. Neighbourhood shapesrepresent numerous advantages thatwillbestudiedintherestofthepaper. 3.1 Multiplicities A multiplicity is an approximation of the cardinal of a (finite) set. Intuitively, all sets having strictly morethanµelements,forsomefixednaturalµ,areconsidered havingthesamecardinal. Thisnotion ofmultiplicity wasalsousedin[9]. Definition5 (multiplicity). For any natural number µ > 0, let M be the set {0,1,2,...,µ,ω} µ whereω isdistinctfromallnaturalnumbers. Themultiplicity withprecision µisthefunctionassoci- atingwitheachfinitesetU thevalue|U| inM defined by: µ µ Card(U) ifCard(U) ≤ µ, |U| = µ (ω otherwise. Thevalue |U| iscalled theµ-multiplicity ofU,orsimply themultiplicity ofU ifµisclear from the µ context. ElementsofM arecalledmultiplicities. WewriteM+ forthesetM r{0}. ◭ µ µ µ Weextend the usual ordering ≥ over elements of M by defining ω ≥ λfor any λin M . Sum can µ µ also be extended over multiplicities on the expected way: let I be a finite index set and the (λ ) i i∈I be elements of M . Then µ λ , the µ-sum of the (λ ) , is A where the (A ) are µ i∈I i i i∈I i∈I i µ i i∈I pairwisedisjointsetssuchthat|A | =λ foranyiinI. P i µ i (cid:12)S (cid:12) In the sequel of the paper, we consider two naturals ν,µ. Whe(cid:12)never the(cid:12)ir value is not specified, they may have any positive value. ν-multiplicity will be used for giving the multiplicity of sets of nodes,andµ-multiplicity forgivingthemultiplicity ofsetsofedges.Inparticular, thesetwonumbers willbeparametersofgraphabstractions. 3.2 ShapesandShaping A shape is a graph together with a node multiplicity function that indicates, for each node of the shape, how many nodes it summarises. Moreover, the set of nodes is partitioned into groups. Edges with same source node, and ending into nodes in the same group (or, respectively, edges with the sametarget node, andstarting innodesinthesamegroup) cannot bedistinguished. Onlythenumber ofsuchedgesisindicated withthehelpoftheedgemultiplicity functions oftheshape. Westartbygivingaflavourofwhatashapeis,inthefollowingexample. Example6 (Shape). On Figure 3 are depicted three shapes as well as values for µ and ν for these shapes.WitheachnodeofeachshapeisassociatedamultiplicityfromM+,indicating thenumberof ν concrete graph nodes it represents; this is called the node multiplicity. The dotted rectangles are de- limitinggroupsofnodes.Bydefinition, thisgrouping canbearbitrary;inpractise itwouldbedefined bysomecommoncharacteristic (e.g.nodes withsamelabel, nodes withsimilarneighbourhood, etc). All edges have associated multiplicity information (from M ) in their end points. Sometimes, this µ multiplicityissharedbyseveraledges,indicatedbythegreyarcrelatingthem.Thesearetheso-called 8 (a) µ=1,ν =1 (b) µ=1,ν =3 (c) µ=1,ν =1 Figure3.Examplesofshapes. outgoing edges multiplicity, when associated to source of the edge, and incoming edges multiplicity when associated to the target. Edge multiplicity intuitively indicate how many of the depicted edges should be there in a concrete graph. One can notice that edges related in one of their end points all have their other end point in the same group of nodes, and all have the same label. Actually, this is the condition for relating edges. To be even more precise, according to the formal definition, edge multiplicities areassociated withatriplecomposed ofanode, alabelandagroup ofnodes. Thiswill beexplainedinDefinition7. Letusnowexplainhowoneshouldinterprettheseexampleshapes. (a). The shape on Figure 3(a) represents a set of bipartite concrete graphs in which a-nodes are con- nected to b-nodes by c-edges. Each of these graphs has at least two (here ω on nodes or edges standsfor“twoormore”,asν = 1)a-nodesandatleastthree(ωplusone)b-nodes.Moreover,ev- erya-nodehasatleasttwo(ieω)outgoingc-edgesgoingtob-nodes.Allb-nodesexceptonehave only one incoming edge; the remaining b-node has at least two incoming edges. See Figure 4(a) forsomeexampleconcretegraphs. (b). The shape on Figure 3(b) represents a set of concrete graphs having three a-nodes connected to each-others andformingcyclesofb-edges. SeeFigure4(b)forsomeexampleconcrete graphs. (c). TheshapeonFigure3(c)representsasetoflist-likeconcretegraphshavingCell-nodesconnected bynext-edges.Eachofthesegraphshasatleastoneacyclicconnectedcomponentoflengthfouror morewithseveral(possiblyzero)cyclicconnectedcomponentsofarbitrarylength.SeeFigure4(c) forsomeexampleconcretegraphs. ◭ Before giving the formal definition of a shape, let us fix some notations. Let A be a set and ∼ ⊆ A×Abeanequivalence relation overA.Forx ∈ A,wedenote [x] theequivalence classofx ∼ induced by ∼,ie[x] = {y ∈ A | y ∼ x}. We denote A/∼ the set of equivalence classes in A,ie ∼ A/∼={[x] |x∈ A}.Moreover,if∼and∼′aretwoequivalencerelationsoverA,wewrite∼ ⊆ ∼′ ∼ whenever for all x,y ∈ A, x ∼ y implies x ∼′ y. Note that if ∼ ⊆ ∼′, then any equivalence class for∼isincluded intotheequivalence classfor∼′,thatis,forallx ∈ A,[x] ⊆ [x] .Thismeansin ∼ ∼′ particular thatanyequivalence classfor∼′ canbeobtainedasanunionofequivalence classesfor∼. Formally,ashapeisdefinedasfollows: Definition7 (shape). AshapeS isastructure(G ,≃ ,mult ,mult ,mult )where S S n,S out,S in,S – G = (N ,E ,src ,tgt ,lab )isagraph; S S S S S S – ≃ ⊆ N ×N isanequivalence relationonN calledthegrouping relationofS; S S S S – mult :N → M+ isanodes’multiplicity function; n,S S ν – mult : N ×Lab×N /≃ → M isanoutgoing edgesmultiplicity function and out,S S S S µ 9 (a) (b) (c) Figure4.Exampleconcretegraphsthatcanbeabstracted totheshapesonFigure3. – mult : N ×Lab×N /≃ → M isanincomingedgesmultiplicity function. in,S S S S µ Moreover,foranynodev ∈ N ,anylabela ∈ Labandanyequivalence classofnodesC ∈N /≃ , S S S we require that mult (v,a,C) = 0 if, and only if, v (cid:3)(cid:3)a C = ∅, and mult (v,a,C) = 0 if, andonlyif,C (cid:3)(cid:3)a vou=t,S∅. GS in,S ◭ GS As already mentioned, a shape is a representation of a set of concrete graphs. In this sense, it is an abstract graph. The fact that some concrete graph is abstracted to a given shape is determined by the presence of so called shaping morphism, which is a morphism from the graph to the shape that compliestosomeadditional constraints. Wesaythenthatthegraphisaconcretisation oftheshape. Definition8 (shaping morphism, concretisation). Let G be a graph and S be a shape. A shap- ing morphism, or shaping, of G into S is a graph morphism s : G → G such that the following S conditions aremet: – forallw ∈ N ,mult (w) = s−1(w) ; S n,S ν – forallw ∈ N ,foralla ∈ Lab,forallC ∈N /≃ ,andforallv ∈ s−1(w), S S S (cid:12) (cid:12) (cid:12) (cid:12) mult (w,a,C) = v(cid:3)(cid:3)a(s−1(C)) out,S G µ and (cid:12) (cid:12) (cid:12) (cid:12) mult (w,a,C) = (s−1(C))(cid:3)(cid:3)av . in,S G µ IfGisagraph and S isashape suchthat there exist(cid:12)s ashaping s : G(cid:12) → S,then wesay that Gis a (cid:12) (cid:12) concretisation ofS.Thesetofconcretisations ofashapeS isdenoted Concr(S). ◭ Example9. The list structure from Figure 1 isa concretisation for the shape shown in Figure 5. The corresponding shaping maps the List-node of the graph to the List-node of the shape, the right-most Cell-nodeandtheright-mostObject-nodefromthegrapharemappedtothecorresponding right-most nodesfrom theshape. Theremaining Cell-nodesandObject-nodesfrom thegrapharemappedtothe left-hand sidesuchnodesoftheshape. 10

Description:
We present a framework for the abstraction of graphs supporting abstract graph transformation. The abstraction method naturally generalises previous
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.