Abstract State Machines, and lessons of an ASM-based project at Microsoft Yuri Gurevich (Erdos #2) Microsoft Research
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Abstract State Machines,and lessons of
an ASM-based project at Microsoft
Yuri Gurevich (Erdos #2)Microsoft Research
Modeling
No science without modeling The virtuous cycle Maybe even no life without modeling
Physics uses PDEs for modeling.
What are the PDEs of computer science?
2
Turing’s analysis of computation
GreatYet limited
3
Improving on Turing’s analysis
Emile PostAndrei Kolmogorov“Algorithms compute in steps of bounded complexity.”
Pointer machinesRobin Gandy
4
Another line of analysis
Recursive functionsSkolem to Gödel
Lambda calculusChurch’s thesisComparing the two lines
5
6
A Thought Experiment
A perfect machine modelStep-for-step simulationof any algorithm
Uses: software specs, model based testing
What would the model look like?
Postulate 1: Sequential Time
An algorithm is a transition system.
What are states?What are transitions?
7
8
States
The state is information that, given the program, determines the ensuing computation(s). More than the values of the
variables.
What is the form of states? Or what is is?
9
Postulate 2: Abstract State
The states are structuresin the sense of mathematical logic. Same vocabulary Transitions preserve the state domain. Everything is preserved under
isomorphism.
What are transitions?
Deterministic or nondeterministic?More generally,interactive or non-interactive?
Let’s consider first the classical case of non-interactive algorithms.
10
What are transitions? (cont.)
How powerful steps are?Let’s consider first the classical case
of “steps of bounded complexity.”How to bound the complexity?
11
12
Locations and updates
Locations = (f,(a1,..,aj))
Content() = f(a1,..,aj)
Updates (,v)The update set of state X is
(X) = { (,v) : v = Content() in Next(X) Content() in X }
13
Postulate 3: Bounded Exploration
There is a finite set t1,..,tn of critical terms such that
(X) = (Y) if every ValX(ti) = ValY(ti).
14
Definition
A sequential algorithm is an abstract-state bounded-exploration transition system.
15
Sequential ASMs
Syntax Semantics = ?
f(t1,..,tj):= t0 {(,a0)} where =(f,(a1,..,aj)) and each ai = Val(ti)
do in parallel R1 … Rk
(R1) … (Rk)
if t then R1 else R2
if Val(t) = true then (R1) else (R2)
16
Example
if b = 0 then d := aelse
[do in-parallel]a := bb := a mod b
Nullary dynamic functions: a, b, dStatic functions: =, 0,
mod
17
Example (cont.)
if a(s)=0 then
d(s) := b(s)
s := s+1
else
a(s) := b(s) mod a(s) b(s) := a(s)
18
Seq Characterization Theorem
For any seq algorithm A there is a seq ASM B such that
states of A are states of B and every NextA(X) = NextB(X).
#141
Interaction
The ASM model is relatively straightforward: External functions Choice and import operators
The from-the-first-principles analysis is not straightforward.
19
20
In-place one-swap-a-time sorting
var A as Seq of Integer = [3,1,2]
Swap() choose i,j in Indices(A) where i<j and A(i)>A(j) A(i) := A(j) A(j) := A(i)
Sort() step until fixpoint Swap()
A = [2,3,1]
A = [1,3,2]
A = [1,2,3]
A = [2,1,3]
Nondeterminsm
Parallelism
21
Wide stepsAgain, the ASM model is relatively straightforward do-for-all
The from-the-first-principles analysis is not straightforward.
Topological Sorting Example
22
23
Distributed algorithms
Distributed ASMs were defined long ago, but the axiomatization problem is wide (and maybe forever) open.To simulate, one can interleave (sets of) actions of the computing agents.
24
Early ASM engines
ASM Workbench Uni Paderborn, Siemens
ASM Gopher Uni Ulm, Siemens
XASM Uni Berlin, Kestrel
25
AsmL creators
In the hiring order: Wolfram Schulte, Margus Veanes, Colin Campbell, Lev Nachmanson, Mike Barnett, Wolfgang Grieskamp, Nikolai Tillmann
26
Modeling
Validation
Refinement Verification
AsmL Model
Implementation
C, C++, C#, ...
Product Idea / Informal Spec
Are you building the product right ?
Are you building the
right product?
What product are you building?
FSE propaganda example
27
Spec
Validate Enforce
Comprehend
Play scenarios
Test
Model check
Prove properties
Generatetest suites
Lockstep runtimeverification
On-the-fly testing
28
Conformance testing
I
AsmLmodel
Test harness
I
Implementationunder test
Discrepancies flagged
Anyclient
I
Spec Explorer
Original purposeModel based testing Why model-based testing? Arguably the largest model-based-
testing operation anywhere. Success of sorts
29
Probability of success
Coburn:
(pain of crisis)divided by(pain of adoption)
where pain meansperceived pain.
30
Love triangle
31
Related Documents
