DOCSLIB.ORG

Alloy: a Language and Tool for Exploring Software Designs

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Alloy: a Language and Tool for Exploring Software Designs Alloy: a language and tool for exploring software designs The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters. Citation Jackson, Daniel. “Alloy: a language and tool for exploring software designs.” Communications of the ACM, 62, 9 (September 2019): 66-76 © 2019 The Author As Published 10.1145/3338843 Publisher Association for Computing Machinery (ACM) Version Original manuscript Citable link https://hdl.handle.net/1721.1/129357 Terms of Use Creative Commons Attribution-Noncommercial-Share Alike Detailed Terms http://creativecommons.org/licenses/by-nc-sa/4.0/ Alloy: A Language and Tool for Exploring Software Designs Daniel Jackson Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology Alloy is a language and a toolkit for ex- to be desired. It’s notoriously incomplete, cally support directly. Also, because they ploring the kinds of structures that arise and burdensome, since you need to write generate mathematical proofs, which can in many software designs. This brief arti- test cases explicitly. And it’s very hard to be checked by tools that are smaller and cle aims to give a flavor of Alloy in action, use code to articulate design without get- simpler than the tool that finds the proof, to summarize how Alloy has been used to ting mired in low level details (such as the you can be confident that the analysis is date, and thereby to give you a sense of choice of data representations). sound. how you might use it in your own soft- An alternative, which has been ex- On the other hand, the combination of ware design work. plored since the 1970s, is to use a design an expressive logic and sound proof has language built not on conventional ma- meant that finding proofs cannot gener- Formal Design Languages chine instructions but on logic. Partiality ally be automated. So theorem provers Software involves structures of many comes for free because, rather than listing usually require considerable effort and sorts: architectures, database schemas, each step of a computation, you write a expertise from the user, often orders of network topologies, ontologies, and so logical constraint saying what’s true after, magnitude greater than the effort of con- on. When you design a software system, and that constraint can say as little or as structing a formal design in the first place. you need to be able to express the struc- much as you please. To analyze such a Moreover, failure to find a proof does not tures that are essential to the design, and language, you use specialized algorithms mean that a proof does not exist, and the- to check that they have the properties you such as model checkers or satisfiability orem provers don’t provide counterexam- expect. solvers (more on these below). This usu- ples that explain concretely why a theo- You can express a structure by sketch- ally requires much less effort than test- rem is not valid. So theorem provers are ing it on a napkin. That’s a good start, but ing, since you only need to express the not so useful when the intended property it’s limited. Informal representations give property you want to check rather than a does not hold—which unfortunately is inconsistent interpretations, and they large collection of cases. And the analy- the common case in design work. can’t be analyzed mechanically. So people sis is much more complete than testing, Model checkers revolutionized design have turned to formal notations that de- because it effectively covers all (or almost analysis by providing exactly the fea- fine structure and behavior precisely and all) test cases that you could have written tures theorem provers lacked. They offer objectively, and that can exploit the pow- by hand. push-button automation, requiring the er of computation. user to give only the design and prop- What Came Before: Theorem Provers By using formality early in develop- erty to be checked. They allow dynam- and Model Checkers ment, you can minimize the costs of am- ic properties to be expressed (through biguity and get feedback on your work by To understand Alloy, it helps to know a temporal logics), and generate counter- running analyses. The most popular ap- bit about the context in which it was de- examples when properties do not hold. proach that advocates this is agile devel- veloped, and the tools that existed at the Model checkers work by exploring the opment, in which the formal representa- time. space of possible states of a system, and tion is code in a traditional programming Theorem provers are mechanical aids if that space is large, they may require language and the analysis is conventional for constructing mathematical proofs. considerable computational resources unit testing. To apply a theorem prover to a software (or may fail to terminate). The so-called As a language for exploring designs, design problem, you formulate some in- “state explosion” problem arises because however, code is imperfect. It’s verbose tended property of the design, and then model checkers are often used to analyze and often indirect, and it doesn’t allow attempt to prove the theorem that the designs involving components that run in partial descriptions in which some details property follows from the design. The- parallel, resulting in an overall state space are left to be resolved later. And testing, orem provers tend to provide very rich that grows exponentially with the number as a way to analyze designs, leaves much logics, so they can usually express any of components. property you might care about, at least Alloy was inspired by the successes and To appear, CACM about states and state transitions—more limitations of model checkers. For designs Draft of February 22, 2019 dynamic properties can require a tempo- involving parallelism and simple state ral logic that theorem provers don’t typi- (comprising boolean variables, bound- ed integers, enumerations and fixed-size Relational logic. Alloy uses the same implicit coercions or overloading to ac- arrays), model checkers were ideal. They logic for describing designs and proper- commodate variants that Alloy unifies.) could easily find subtle synchronization ties. This logic combines the for-all and Alloy was influenced also by modeling bugs that appeared only in rare scenari- exists-some quantifiers of first-order log- languages such as UML. Like the class os that involved long traces with multiple ic with the operators of set theory and re- diagrams of UML, Alloy makes it easy to context switches, and therefore eluded lational calculus. describe a universe of objects as a classi- testing. The idea of modeling software designs fication tree, with each relation defined For hardware designs, model checkers with sets and relations had been pio- over nodes in this tree. Alloy’s dot oper- were often a good match. But for software neered in the Z language [32]. Alloy in- ator was inspired in part by the naviga- designs they were less ideal. Although corporated much of the power of Z, while tional expressions of OCL (the Object some software design problems involve simplifying the logic to make it more Constraint Language [39] of UML), but this kind of synchronization, often the tractable. by defining the dot as relational join, Al- complexity arises from the structure First, Alloy allows only first-order struc- loy dramatically simplifies the semantics of the state itself. Early model checkers tures, ruling out sets of sets and relations of navigation. (such as SMV [9]) had limited expressive- over sets, for example. This changes how Small scope analysis. Even plain first-or- ness in this regard, and did not support designs are modeled, but not what can be der logic (without relational operators) is rich structures such as trees, lists, tables modeled; after all, relational databases not decidable. This means that no algo- and graphs. have flourished despite being first order. rithm can exist that could analyze a soft- Explicit state model checkers, such Second, taking advantage of this re- ware design written in a language like Al- as SPIN [14], and later Java Pathfinder striction, Alloy’s operators are defined in loy completely. So something has to give. [37], allowed designs with rich state to a very general way, so that most expres- You could make the language decidable, be modeled, but, despite providing sup- sions can be written with just a few oper- but that would cripple its expressive pow- port for temporal properties, gave little ators. The key operator is relational join, er and make it unable to express even the help for expressing structural ones. To which in conventional mathematics only most basic properties of structures (al- express reachability (for example that two applies to binary relations, but in Alloy though exciting progress has been made social media users are connected by some works on relations of any arity. By using recently in applying decidable fragments path of friend edges), you would typical- a dot to represent the join operator, Al- of first-order logic to certain problems ly need to code an explicit search, which loy lets you write dereferencing expres- [29]). You could give up on automation, would have to be executed at every point sions as you would in an object oriented and require help from the user, but this at which the property was needed. Also, programming language, but gives these eliminates most of the benefit of an analy- explicit state model checkers have limit- expressions a simple mathematical inter- sis tool; analysis is no longer a reward for ed support for partiality (since the model pretation. So, as in Java, given an employ- constructing a design model, but a major checker would have to conduct a costly ee e, a relation dept that maps employees extra investment beyond modeling.
Load more

Recommended publications
  • Computational Learning Theory: New Models and Algorithms
    Computational Learning Theory: New Models and Algorithms by Robert Hal Sloan S.M. EECS, Massachusetts Institute of Technology (1986) B.S. Mathematics, Yale University (1983) Submitted to the Department- of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY June 1989 @ Robert Hal Sloan, 1989. All rights reserved The author hereby grants to MIT permission to reproduce and to distribute copies of this thesis document in whole or in part. Signature of Author Department of Electrical Engineering and Computer Science May 23, 1989 Certified by Ronald L. Rivest Professor of Computer Science Thesis Supervisor Accepted by Arthur C. Smith Chairman, Departmental Committee on Graduate Students Abstract In the past several years, there has been a surge of interest in computational learning theory-the formal (as opposed to empirical) study of learning algorithms. One major cause for this interest was the model of probably approximately correct learning, or pac learning, introduced by Valiant in 1984. This thesis begins by presenting a new learning algorithm for a particular problem within that model: learning submodules of the free Z-module Zk. We prove that this algorithm achieves probable approximate correctness, and indeed, that it is within a log log factor of optimal in a related, but more stringent model of learning, on-line mistake bounded learning. We then proceed to examine the influence of noisy data on pac learning algorithms in general. Previously it has been shown that it is possible to tolerate large amounts of random classification noise, but only a very small amount of a very malicious sort of noise.
    [Show full text]
  • On Computational Tractability for Rational Verification
    Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence (IJCAI-19) On Computational Tractability for Rational Verification Julian Gutierrez1 , Muhammad Najib1 , Giuseppe Perelli2 , Michael Wooldridge1 1Department of Computer Science, University of Oxford, UK 2Department of Informatics, University of Leicester, UK fjulian.gutierrez, mnajib, [email protected], [email protected] Abstract theoretic (e.g., Nash) equilibrium. Unlike model checking, rational verification is still in its infancy: the main ideas, Rational verification involves checking which formal models, and reasoning techniques underlying rational temporal logic properties hold of a concur- verification are under development, while current tool sup- rent/multiagent system, under the assumption that port is limited and cannot yet handle systems of industrial agents in the system choose strategies in game the- size [Toumi et al., 2015; Gutierrez et al., 2018a]. oretic equilibrium. Rational verification can be un- derstood as a counterpart of model checking for One key difficulty is that rational verification is computa- multiagent systems, but while model checking can tionally much harder than model checking, because checking be done in polynomial time for some temporal logic equilibrium properties requires quantifying over the strategies specification languages such as CTL, and polyno- available to players in the system. Rational verification is also mial space with LTL specifications, rational ver- different from model checking in the kinds of properties that ification is much more intractable: 2EXPTIME- each technique tries to check: while model checking is inter- any complete with LTL specifications, even when using ested in correctness with respect to possible behaviour of explicit-state system representations.
    [Show full text]
  • Downloaded from 128.205.114.91 on Sun, 19 May 2013 20:14:53 PM All Use Subject to JSTOR Terms and Conditions 660 REVIEWS
    Association for Symbolic Logic http://www.jstor.org/stable/2274542 . Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at . http://www.jstor.org/page/info/about/policies/terms.jsp . JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range of content in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new forms of scholarship. For more information about JSTOR, please contact [email protected]. Association for Symbolic Logic is collaborating with JSTOR to digitize, preserve and extend access to The Journal of Symbolic Logic. http://www.jstor.org This content downloaded from 128.205.114.91 on Sun, 19 May 2013 20:14:53 PM All use subject to JSTOR Terms and Conditions 660 REVIEWS The penultimate chapter, Real machines, is the major exposition on Al techniques and programs found in this book. It is here that heuristic search is discussed and classic programs such as SHRDLU and GPS are described. It is here that a sampling of Al material and its flavor as research is presented. Some of the material here is repeated without real analysis. For example, the author repeats the standard textbook mistake on the size of the chess space. On page 178, he states that 10120 is the size of this space, and uses this to suggest that no computer will ever play perfect chess. Actually, an estimate of 1040 is more realistic. If one considers that no chess board can have more than sixteen pieces of each color and there are many configurations that are illegal or equivalent, then the state space is reduced considerably.
    [Show full text]
  • Logics for Concurrency
    Lecture Notes in Computer Science 1043 Edited by G. Goos, J. Hartmanis and J. van Leeuwen Advisory Board: W. Brauer D. Gries J. Stoer Faron Moiler Graham Birtwistle (Eds.) Logics for Concurrency Structure versus Automata ~ Springer Series Editors Gerhard Goos, Karlsruhe University, Germany Juris Hartmanis, Cornetl University, NY, USA Jan van Leeuwen, Utrecht University, The Netherlands Volume Editors Faron Moller Department ofTeleinformatics, Kungl Tekniska H6gskolan Electrum 204, S-164 40 Kista, Sweden Graham Birtwistle School of Computer Studies, University of Leeds Woodhouse Road, Leeds LS2 9JT, United Kingdom Cataloging-in-Publication data applied for Die Deutsche Bibliothek - CIP-Einheitsaufnahme Logics for concurrency : structure versus automata / Faron Moller; Graham Birtwistle (ed.). - Berlin ; Heidelberg ; New York ; Barcelona ; Budapest ; Hong Kong ; London ; Milan ; Paris ; Santa Clara ; Singapore ; Tokyo Springer, 1996 (Lecture notes in computer science ; Voi. 1043) ISBN 3-540-60915-6 NE: Moiler, Faron [Hrsg.]; GT CR Subject Classification (1991): F.3, F.4, El, F.2 ISBN 3-540-60915-6 Springer-Verlag Berlin Heidelberg New York This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer -Verlag. Violations are liable for prosecution under the German Copyright Law. Springer-Verlag Berlin Heidelberg 1996 Printed in Germany Typesetting: Camera-ready by author SPIN 10512588 06/3142 - 5 4 3 2 1 0 Printed on acid-free paper Preface This volume is a result of the VIII TH BANFF HIGHER ORDER WORKSHOP held from August 27th to September 3rd, 1994, at the Banff Centre in Banff, Canada.
    [Show full text]
  • Conversational Concurrency Copyright © 2017 Tony Garnock-Jones
    CONVERSATIONALCONCURRENCY tony garnock-jones Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy College of Computer and Information Science Northeastern University 2017 Tony Garnock-Jones Conversational Concurrency Copyright © 2017 Tony Garnock-Jones This document was typeset on December 31, 2017 at 9:22 using the typographical look-and-feel classicthesis developed by André Miede, available at https://bitbucket.org/amiede/classicthesis/ Abstract Concurrent computations resemble conversations. In a conversation, participants direct ut- terances at others and, as the conversation evolves, exploit the known common context to advance the conversation. Similarly, collaborating software components share knowledge with each other in order to make progress as a group towards a common goal. This dissertation studies concurrency from the perspective of cooperative knowledge-sharing, taking the conversational exchange of knowledge as a central concern in the design of concur- rent programming languages. In doing so, it makes five contributions: 1. It develops the idea of a common dataspace as a medium for knowledge exchange among concurrent components, enabling a new approach to concurrent programming. While dataspaces loosely resemble both “fact spaces” from the world of Linda-style lan- guages and Erlang’s collaborative model, they significantly differ in many details. 2. It offers the first crisp formulation of cooperative, conversational knowledge-exchange as a mathematical model. 3. It describes two faithful implementations of the model for two quite different languages. 4. It proposes a completely novel suite of linguistic constructs for organizing the internal structure of individual actors in a conversational setting. The combination of dataspaces with these constructs is dubbed Syndicate.
    [Show full text]
  • Symposium on Principles of Database Systems Paris, France – June 14-16, 2004
    23ndACM SIGMOD-SIGACT- SIGART Symposium on Principles of Database Systems Paris, France – June 14-16, 2004 http://www.sciences.univ-nantes.fr/irin/SIGMODPODS04/ The symposium invites papers on fundamental aspects of data management. Original research papers on the theory, design, specification, or implementation of data management tools are solicited. Papers emphasizing new topics or foundations of emerging areas are especially welcome. The symposium will be held at the Maison de la Chimie, Paris, in conjunction with the ACM SIGMOD Intl. Conference on Management of Data (SIGMOD’04). Suggested topics include the following (this list is not exhaustive and the order does not reflect priorities): Access Methods & Physical Design Databases & Workflows Real-time Databases Active Databases Deductive Databases & Knowledge Bases Security & Privacy Complexity & Performance Evaluation Distributed Databases Semistructured Data & XML Data Integration & Interoperability Information Processing on the Web Spatial & Temporal Databases Data Mining Logic in Databases Theory of recovery Data Models Multimedia Databases Transaction Management Data Stream Management Object-oriented Databases Views & Warehousing Database Programming Languages Query Languages Web Services & Electronic Commerce Databases & Information Retrieval Query Optimization XML Databases Important Dates: Paper abstracts due: December 1, 2003 (11:59pm PST) Full papers due: December 8, 2003 (11:59pm PST) Notification of acceptance/rejection: February 23, 2004 Camera-ready due: March 22, 2004
    [Show full text]
  • Self-Sorting SSD: Producing Sorted Data Inside Active Ssds
    Foreword This volume contains the papers presentedat the Third Israel Symposium on the Theory of Computing and Systems (ISTCS), held in Tel Aviv, Israel, on January 4-6, 1995. Fifty five papers were submitted in response to the Call for Papers, and twenty seven of them were selected for presentation. The selection was based on originality, quality and relevance to the field. The program committee is pleased with the overall quality of the acceptedpapers and, furthermore, feels that many of the papers not used were also of fine quality. The papers included in this proceedings are preliminary reports on recent research and it is expected that most of these papers will appear in a more complete and polished form in scientific journals. The proceedings also contains one invited paper by Pave1Pevzner and Michael Waterman. The program committee thanks our invited speakers,Robert J. Aumann, Wolfgang Paul, Abe Peled, and Avi Wigderson, for contributing their time and knowledge. We also wish to thank all who submitted papers for consideration, as well as the many colleagues who contributed to the evaluation of the submitted papers. The latter include: Noga Alon Alon Itai Eric Schenk Hagit Attiya Roni Kay Baruch Schieber Yossi Azar Evsey Kosman Assaf Schuster Ayal Bar-David Ami Litman Nir Shavit Reuven Bar-Yehuda Johan Makowsky Richard Statman Shai Ben-David Yishay Mansour Ray Strong Allan Borodin Alain Mayer Eli Upfal Dorit Dor Mike Molloy Moshe Vardi Alon Efrat Yoram Moses Orli Waarts Jack Feldman Dalit Naor Ed Wimmers Nissim Francez Seffl Naor Shmuel Zaks Nita Goyal Noam Nisan Uri Zwick Vassos Hadzilacos Yuri Rabinovich Johan Hastad Giinter Rote The work of the program committee has been facilitated thanks to software developed by Rob Schapire and FOCS/STOC program chairs.
    [Show full text]
  • COMP 516 Research Methods in Computer Science Research Methods in Computer Science Lecture 3: Who Is Who in Computer Science Research
    COMP 516 COMP 516 Research Methods in Computer Science Research Methods in Computer Science Lecture 3: Who is Who in Computer Science Research Dominik Wojtczak Dominik Wojtczak Department of Computer Science University of Liverpool Department of Computer Science University of Liverpool 1 / 24 2 / 24 Prizes and Awards Alan M. Turing (1912-1954) Scientific achievement is often recognised by prizes and awards Conferences often give a best paper award, sometimes also a best “The father of modern computer science” student paper award In 1936 introduced Turing machines, as a thought Example: experiment about limits of mechanical computation ICALP Best Paper Prize (Track A, B, C) (Church-Turing thesis) For the best paper, as judged by the program committee Gives rise to the concept of Turing completeness and Professional organisations also give awards based on varying Turing reducibility criteria In 1939/40, Turing designed an electromechanical machine which Example: helped to break the german Enigma code British Computer Society Roger Needham Award His main contribution was an cryptanalytic machine which used Made annually for a distinguished research contribution in computer logic-based techniques science by a UK based researcher within ten years of their PhD In the 1950 paper ‘Computing machinery and intelligence’ Turing Arguably, the most prestigious award in Computer Science is the introduced an experiment, now called the Turing test A. M. Turing Award 2012 is the Alan Turing year! 3 / 24 4 / 24 Turing Award Turing Award Winners What contribution have the following people made? The A. M. Turing Award is given annually by the Association for Who among them has received the Turing Award? Computing Machinery to an individual selected for contributions of a technical nature made Frances E.
    [Show full text]
  • Adventures in Monotone Complexity and TFNP
    Adventures in Monotone Complexity and TFNP Mika Göös1 Institute for Advanced Study, Princeton, NJ, USA [email protected] Pritish Kamath2 Massachusetts Institute of Technology, Cambridge, MA, USA [email protected] Robert Robere3 Simons Institute, Berkeley, CA, USA [email protected] Dmitry Sokolov4 KTH Royal Institute of Technology, Stockholm, Sweden [email protected] Abstract Separations: We introduce a monotone variant of Xor-Sat and show it has exponential mono- tone circuit complexity. Since Xor-Sat is in NC2, this improves qualitatively on the monotone vs. non-monotone separation of Tardos (1988). We also show that monotone span programs over R can be exponentially more powerful than over finite fields. These results can be interpreted as separating subclasses of TFNP in communication complexity. Characterizations: We show that the communication (resp. query) analogue of PPA (subclass of TFNP) captures span programs over F2 (resp. Nullstellensatz degree over F2). Previously, it was known that communication FP captures formulas (Karchmer–Wigderson, 1988) and that communication PLS captures circuits (Razborov, 1995). 2012 ACM Subject Classification Theory of computation → Communication complexity, The- ory of computation → Circuit complexity, Theory of computation → Proof complexity Keywords and phrases TFNP, Monotone Complexity, Communication Complexity, Proof Com- plexity Digital Object Identifier 10.4230/LIPIcs.ITCS.2019.38 Related Version A full version of the paper is available at [24], https://eccc.weizmann.ac. il/report/2018/163/. Acknowledgements We thank Ankit Garg (who declined a co-authorship) for extensive discus- sions about monotone circuits. We also thank Thomas Watson and anonymous ITCS reviewers for comments. 1 Work done while at Harvard University; supported by the Michael O.
    [Show full text]
  • CRN Equal Access to Financial Aid and a Continued on Page 8 Best Practices Memo
    COMPUTING RESEARCH NEWS A Publication of the Computing Research Association September 2003 Vol. 15/No. 4 Guest Column Title IX and Women in Academics By Senator Ron Wyden in traditionally male-dominated the right thing to do; it is the smart fields such as the hard sciences, math thing to do. This fall the athletic fields of and engineering—disciplines where The numbers reveal a striking America’s elementary and secondary our nation needs competent workers inequity when it comes to gender schools, colleges and universities will now more than ever before. representation in the math, science resound with the voices of girls and We can all agree that fairness and technology fields. A National young women who choose to include implores us to create and enforce Science Foundation study found that sports as part and parcel of their equal opportunity for women in women accounted for only 23 per- educational experience. Those girls math, science and technology. That cent of physical scientists and 10 and young women will not only be is a compelling argument in itself, percent of engineers. The percent- taking physical exercise; they’ll be but it is not the only argument. A ages of women on faculties in these exercising their rights to equal report from the Hart-Rudman areas are even lower, with 14 percent Senator Ron Wyden opportunity under a law known as Commission on National Security to of science faculty members being Title IX. 2025 warned that America’s failure women and a mere 6 percent in Title IX states a simple principle.
    [Show full text]
  • CS256/Spring 2008 — Lecture #11 Zohar Manna
    CS256/Spring 2008 — Lecture #11 Zohar Manna 11-1 Beyond Temporal Logics Temporal logic expresses properties of infinite sequences of states, but there are interesting properties that cannot be expressed, e.g., “p is true only (at most) at even positions.” Questions (foundational/practical): • What other languages can we use to express properties of sequences (⇒ properties of programs)? • How do their expressive powers compare? • How do their computational complexities (for the decision problems) compare? 11-2 ω-languages Σ: nonempty finite set (alphabet) of characters Σ∗: set of all finite strings of characters in Σ finite word w ∈ Σ∗ Σω: set of all infinite strings of characters in Σ ω-word w ∈ Σω (finitary) language: L ⊆ Σ∗ ω-language: L ⊆ Σω 11-3 States Propositional LTL (PLTL) formulas are constructed from the following: • propositions p1,p2,...,pn. • boolean/temporal operators. • a state s ∈{f, t}n i.e., every state s is a truth-value assignment to all n propositional variables. Example: If n = 3, then s : hp1 : t, p2 : f, p3 : ti corresponds to state tft. p1 ↔ p2 denotes the set of states {fff,fft,ttf,ttt} • alphabet Σ = {f, t}n i.e, 2n strings, one string for every state. Note: t, f = formulas (syntax) 11-4 t, f = truth values (semantics) Models of PLTL 7→ ω-languages • A model of PLTL for the language with n propositions σ : s0,s1,s2,... can be viewed as an infinite string s0s1s2 . , i.e., σ ∈ ({f, t}n)ω • A PLTL formula ϕ denotes an ω-language n ω L = {σ | σ Õ ϕ} ⊆ ({f, t} ) Example: If n = 3, then ϕ : ¼ (p1 ↔ p2) denotes the ω-language L(ϕ) = {fff,fft,ttf,ttt}ω 11-5 Other Languages to Talk about Infinite Sequences • ω-regular expressions • ω-automata 11-6 Regular Expressions Syntax: ∗ r ::= ∅ | ε | a | r1r2 | r1 + r2 | r (ε = empty word, a ∈ Σ) Semantics: A regular expression r (on alphabet Σ) denotes a finitary language L(r) ⊆ Σ∗: L(∅) = ∅ L(ε) = {ε} L(a) = {a} L(r1r2) = L(r1) · L(r2) = {xy | x ∈ L(r1), y ∈ L(r2)} L(r1 + r2) = L(r1) ∪ L(r2) ∗ ∗ L(r ) = L(r) = {x1x2 · · · xn | n ≥ 0, x1, x2, .
    [Show full text]
  • 30Th International Symposium on Theoretical Aspects of Computer Science
    30th International Symposium on Theoretical Aspects of Computer Science STACS’13, February 27th to March 2nd, 2013, Kiel, Germany Edited by Natacha Portier Thomas Wilke LIPIcs – Vol. 20 – STACS’13 www.dagstuhl.de/lipics Editors Natacha Portier Thomas Wilke École Normale Supérieure de Lyon Christian-Albrechts-Universität zu Kiel Lyon Kiel [email protected] [email protected] ACM Classification 1998 F.1.1 Models of Computation, F.2.2 Nonnumerical Algorithms and Problems, F.4.1 Mathematical Logic, F.4.3 Formal Languages, G.2.1 Combinatorics, G.2.2 Graph Theory ISBN 978-3-939897-50-7 Published online and open access by Schloss Dagstuhl – Leibniz-Zentrum für Informatik GmbH, Dagstuhl Publishing, Saarbrücken/Wadern, Germany. Online available at http://www.dagstuhl.de/dagpub/978-3-939897-50-7. Publication date February, 2013 Bibliographic information published by the Deutsche Nationalbibliothek The Deutsche Nationalbibliothek lists this publication in the Deutsche Nationalbibliografie; detailed bibliographic data are available in the Internet at http://dnb.d-nb.de. License This work is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported license (CC-BY- ND 3.0): http://creativecommons.org/licenses/by-nd/3.0/legalcode. In brief, this license authorizes each and everybody to share (to copy, distribute and transmit) the work under the following conditions, without impairing or restricting the authors’ moral rights: Attribution: The work must be attributed to its authors. No derivation: It is not allowed to alter or transform this work. The copyright is retained by the corresponding authors. Digital Object Identifier: 10.4230/LIPIcs.STACS.2013.i ISBN 978-3-939897-50-7 ISSN 1868-8969 http://www.dagstuhl.de/lipics iii LIPIcs – Leibniz International Proceedings in Informatics LIPIcs is a series of high-quality conference proceedings across all fields in informatics.
    [Show full text]