Rewriting Logic: Reachability Models and Coherence - Prof. Jose Meseguer, Study notes of Computer Science

Download Rewriting Logic: Reachability Models and Coherence - Prof. Jose Meseguer and more Study notes Computer Science in PDF only on Docsity!

Program Verification:

Lecture 21

Jos´

e Meseguer

Computer Science Department

University of Illinois at Urbana-Champaign

1

Reachability Models

The models of equational theories are algebras. What arethe models of rewrite theories? There are several answersto this question. The simplest answer, which we shall use inthis course, is that they are

reachability models

.

By definition, given a pair

, φ

, with

a membership

equational signature and

φ

a function specifying frozenness

information for

, then a

, φ

-reachability model is a pair

A

→

A

A

where:

• A

A, ι

A

is a

-algebra, and

A

A

,k

k

∈

K

a

K

-indexed family of binary relations,

with

A

,k

A

2 k

such that:

2

Satisfaction

By definition, a

, φ

-reachability model

A

→

A

A

satisfies

a rewrite theory

R

, E, φ, R

, written

A

→

R

, if

an only if it satisfies each equation

e

E

and each rule in

r

R

, written

A

→

e

, and

A

→

r

, which means:

• A |

E

, and

for each rewrite rule in

R

,

l

X

t

t

′

i

u

i

u

′ i

j

v

j

s

j

l

w

l

w

′ l

with, say

t, t

′

of kind

k

, and

w

l

, w

′ l

of kind

k

l

, and for

each assignment

a

X

A

such that: (i)

i

a

u

i

a

u

′ i

, (ii)

j

a

v

j

s

j

, and (iii)

l

a

w

l

A

,k

l

a

w

′ l

, we have,

a

t

A

,k

a

t

′

4

Soundness and Completeness of Rewriting Logic

The following theorem can be easily proved by induction ofthe depth of a rewriting logic proof and is left as anexercise: Theorem

(Soundness). For each rewrite theory

R

, E, φ, R

and

, φ

-reachability model

A

→

A

A

such that

A

→

R

we have:

R ⊢

X

t

t

′

A

→

X

t

t

′

Rewriting logic is also

complete

(Bruni and Meseguer, Proc.

ICALP’03), that is, we have:

R |

X

t

t

′

R ⊢

X

t

t

′

5

The Initial Model

T

R

The most obvious reachabilty model for a rewrite theory R

, E, φ, R

is the model

T

R

T

Σ

/E

R

, where, by

definition,

[

t

]

R

[

t

′

]

R ⊢

t

t

′

This is indeed a reachability model, and

T

R

R

, because

(exercise) all the requirements are guaranteed by

T

Σ

/E

being

a

, E

-algebra and by the inference rules of rewriting logic.

Using the Soundness Theorem and the initiality theorem formembership equational logic it is then nontrivial butrelatively easy to prove (exercise) that we have:

7

The Initial Model

T

R

(II)

Theorem

. (Initiality Theorem). Assuming that

is

sensible,

T

R

is initial in the class of reachability models that

satisfy

R

. That is, if

A

→

R

, then there is a unique

, φ

-reachability homomorphism

eval

RA

→

T

R

−→ A

→

Therefore, when reasoning about a concurrent systemspecified by a rewrite theory

R

, for example as a system

module in Maude, we will view

T

R

as the

standard model

specified by

R

, that is, as the mathematical model denoted

by the specification

R

. In other words, the initial algebra

semantics of equational logic generalizes in a natural way toan initial reachability model semantics for rewriting logic.

8

Executing Rewrite Theories (II)

The best possible situation is assuming that

E

is a

collection

A

of equational axioms, such as associativity,

commutativity, and identity, for which we have an A

matching algorithm

, so that given a rewrite rule

t

t

′

and terms

u

′

, v

′

it becomes

decidable

whether we can

perform a one-step rewrite

u

v

using

t

t

′

with

u

A

u

′

and

v

A

v

′

. Recall Lecture 5, where (changing

E

there by

R

here) the analogue of the

Equality

inference step was

achieved with the decidable relation

R/A

.

In practice, what may be reasonable to have as equations ina rewrite theory

R

is a disjoint union

E

A

with

A

as above

and

E

ground confluent, sort-decreasing, and terminating

modulo

A

, that is, the usual executability assumptions for

functional modules.

10

Executing Rewrite Theories (III)

The key idea is now the following. Given a rewrite theory R

, E

A, φ, R

with

E

A

having the just-mentioned

executability assumptions we can

simulate it and make it

decidable

by means of the rewrite theory

R

, A, φ,

E

R

,

where, by definition,

E

t

t

′

t

t

′

E

.

In what follows we will assume that both the equations

E

and the rules

R

are

unconditional

, and that for each rule

t

t

′

in

R

,

vars

t

′

vars

t

. The ideas can be generalized

to the conditional case but this requires a somewhat morecomplex transformed theory

R

. The equivalence we want is:

R ⊢

t

t

′

R ⊢

can

E/A

t

can

E/A

t

′

11

Coherence

Assuming

E

confluent (resp. ground confluent),

sort-decreasing and terminating modulo

A

, we say that the

rules

R

are

coherent

(resp. ground coherent) with

E

modulo

A

relative to

φ

if for each

-term

t

(resp. ground

-term

t

) such that

t

1 R

φ

/A

t

′

and

u

can

E/A

t

we have:

t

1

R

φ

/ / /A

!

E/A

t

′

!

E/A

w

u

1

R

φ

/ / /A

u

′

!

= = E/A

13

Coherence (II)

Throughout we will assume that

A

is any combination of

associativity, commutativity, and identity axioms, and that

is preregular modulo

A

. The relation

E/A

is the relation

of rewriting with

E

modulo

A

zero, one, or more steps,

denoted

∗ E/A

in Lecture 5. The symbol “

” indicates a

terminating rewrite. The one-step rewriting relation

1 R

φ

/A

with

R

modulo

A

is the restriction to frozennes conditions

φ

of what would be denoted

R/A

in Lecture 5.

The TCS paper by Viry (TCS 285, 487–517, 2002) gives“critical pair-like” conditions to check coherence. TheMaude Coherence Checker Tool can check coherencemodulo commutativity. A future version will perform suchchecks modulo other axiom combinations

A

.

14

Congruence’

. For each

f

k

1

... k

n

k

in

, with

j

,... , n

φ

f

, with

t

i

T

Σ

X

k

i

,

i

n

, and

with

t

′ j

T

Σ

X

k

j

,

X

t

j

1

t

′ j

X

f

t

1

,... , t

j

,... , t

n

1

f

t

1

,... , t

′ j

,... , t

n

Replacement’

. For each rule in

R

of the form,

l

X

t

t

′

i

u

i

u

′ i

j

v

j

s

j

k

w

k

w

′ k

and finite substitution

θ

X

T

Σ

Y

,

i

Y

θ

u

i

θ

u

′ i

j

Y

θ

v

j

s

j

k

Y

θ

w

k

θ

w

′ k

Y

θ

t

1

θ

t

′

Transitivity’

X

t

1

1

t

2

X

t

2

t

3

X

t

1

t

3

16

More on Rewriting Proofs (II)

The two main lemmas below about this equivalent inferencesystem have somewhat tedious but essentiallyunproblematic proofs by induction, that are left as exercises. Lemma

(Equivalence)

R ⊢

X

t

t

′

R ⊢

′

X

t

t

′

Lemma

(Sequentialization) Wenever we have

R ⊢

′

X

t

t

′

there is an

n

and proofs

R ⊢

′

X

t

i

1

t

′ i

,

i

n

, such that:

E

X

t

t

1

,

E

X

t

′ i

t

i

,

i

n

, and

E

X

t

′ n

t

′

.

17

Semantic Equivalence through Coherence (II)

For

n

we have

can

E/A

t

can

E/A

t

′

and a proof in

R

can be found by

Reflexivity

and

Equality

. Let us assume

that the result holds for

n

and let us prove it for

n

. The

point is then that, by repeated application of

Equality

and

Transitivity

, we can build proofs

R ⊢

′

X

t

t

n

and

R ⊢

′

X

t

n

t

′

, where the first proof can be

sequentialized with

n

1-step rewrites, and the second with

only one 1-step rewrite. By the induction hypothesis wethen have

R ⊢

can

E/A

t

can

E/A

t

n

. So we will be done

by repeatedly using

Transitivity’

if we can show

R ⊢

can

E/A

t

n

can

E/A

t

′

. Note that we have a proof

R

X

′

t

n

1

t

′ n

, which by its very definition makes

no use of

Equality

. Therefore we have a one-step rewrite

t

n

1 R

φ

t

′ n

, and

a fortiori

t

n

1 R

φ

/A

t

′ n

.

19

Semantic Equivalence through Coherence (III)

We also have a proof

E

X

t

′ n

t

′

; therefore

can

E/A

t

′ n

can

E/A

t

′

. The desired proof of

R ⊢

can

E/A

t

n

can

E/A

t

′

then follows by Coherence

(see diagram) by repeated application of

Equality

and

Transitivity

. q.e.d. t

n

1

R

φ

/ / /A

!

E/A

t

′ n

!

E/A

can

E/A

t

′

can

E/A

t

n

1

R

φ

/ / /A

u

′

!

E/A

20