Borders of Decidability in Verification of Data-Centric Dynamic Systems Babak Bagheri Hariri, Diego Calvanese, Marco Montali 1 , Alin Deutsch 2 , Giuseppe De Giacomo 3 KRDB Research Centre for Knowledge and Data Free University of Bozen - Bolzano Knowledge Representation and Reasoning (KRR) Meraka Institute - CSIR, Pretoria, South Africa March, 2013 Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 1 / 34
111
Embed
Borders of Decidability in Verification of Data-Centric Dynamic Systems
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Borders of Decidability in Verification ofData-Centric Dynamic Systems
Babak Bagheri Hariri, Diego Calvanese, Marco Montali1,Alin Deutsch2, Giuseppe De Giacomo3
KRDB Research Centre for Knowledge and DataFree University of Bozen - Bolzano
Knowledge Representation and Reasoning (KRR)Meraka Institute - CSIR, Pretoria, South Africa
March, 2013
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 1 / 34
Why Formal Verification?Errors in computerized systems can be costly.
Pentium chip (1994) Toyota Prius(2010) Ariane 5 (1996)Bug found in FPU. Intel of-fers to replace faulty chips.Estimated loss: 475m $
Software “glitch” found inanti-lock braking system.185,000 cars recalled.
Why verify?“Testing can only show the presence of errors,not their absence.” [Edsger W. Dijkstra]
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 2 / 34
Model Checking
System Specification
Design/Develop
Finite State Model
Temporal Properties¬EF fail
Model Checkere.g. NuSMV, Spin Verified
The finite state requirement is severe and restrictiveSpecially for settings that capture data and dynamics simultaneously,(e.g. Artifact-Centric Business Process Systems).
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 3 / 34
Model Checking
System Specification
Design/Develop
Finite State Model
Temporal Properties¬EF fail
Model Checkere.g. NuSMV, Spin Verified
The finite state requirement is severe and restrictiveSpecially for settings that capture data and dynamics simultaneously,(e.g. Artifact-Centric Business Process Systems).
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 3 / 34
A Concrete Example!
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 4 / 34
A much more Crucial Example!
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 5 / 34
A much more Crucial Example!
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 5 / 34
A much more Crucial Example!
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 5 / 34
Traditional Process Modeling• Structural modeling of the domain of interest:
D: Verification is decidable;U: Verification is undecidable;N: There is no finite representation.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 15 / 34
Results on DCDSsU
nres
tric
ted
DCD
Ss(T
urin
gco
mpl
ete)
Stat
e-bo
unde
dD
CDSs
Run-
boun
ded
DCD
Ss
Fini
te-s
tate
DCD
Ss
GR+-acyclic DCDSs
GR-acyclic DCDSs
Weak-acyclic DCDSs
Finite-range DCDSs
Unrestricted
State-bounded Run-bounded Finite-state
µLFO U
U N D
µLA U
U D D
µLP U
D D D
µL U
D D D
D: Verification is decidable;U: Verification is undecidable;N: There is no finite representation.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 15 / 34
Results on DCDSsU
nres
tric
ted
DCD
Ss(T
urin
gco
mpl
ete)
Stat
e-bo
unde
dD
CDSs
Run-
boun
ded
DCD
Ss
Fini
te-s
tate
DCD
Ss
GR+-acyclic DCDSs
GR-acyclic DCDSs
Weak-acyclic DCDSs
Finite-range DCDSs
Unrestricted
State-bounded Run-bounded
Finite-stateµLFO U
U N
DµLA U
U D
DµLP U
D D
DµL U
D D
DD: Verification is decidable;U: Verification is undecidable;N: There is no finite representation.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 15 / 34
Results on DCDSsU
nres
tric
ted
DCD
Ss(T
urin
gco
mpl
ete)
Stat
e-bo
unde
dD
CDSs
Run-
boun
ded
DCD
Ss
Fini
te-s
tate
DCD
Ss
GR+-acyclic DCDSs
GR-acyclic DCDSs
Weak-acyclic DCDSs
Finite-range DCDSs
Unrestricted
State-bounded Run-bounded
Finite-stateµLFO U
U N
DµLA U
U D
DµLP U
D D
DµL U
D D
DD: Verification is decidable;U: Verification is undecidable;N: There is no finite representation.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 15 / 34
Results on DCDSsU
nres
tric
ted
DCD
Ss(T
urin
gco
mpl
ete)
Stat
e-bo
unde
dD
CDSs
Run-
boun
ded
DCD
Ss
Fini
te-s
tate
DCD
Ss
GR+-acyclic DCDSs
GR-acyclic DCDSs
Weak-acyclic DCDSs
Finite-range DCDSs
Unrestricted
State-bounded
Run-bounded Finite-stateµLFO U
U
N DµLA U
U
D DµLP U
D
D DµL U
D
D DD: Verification is decidable;U: Verification is undecidable;N: There is no finite representation.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 15 / 34
Results on DCDSsU
nres
tric
ted
DCD
Ss(T
urin
gco
mpl
ete)
Stat
e-bo
unde
dD
CDSs
Run-
boun
ded
DCD
Ss
Fini
te-s
tate
DCD
Ss
GR+-acyclic DCDSs
GR-acyclic DCDSs
Weak-acyclic DCDSs
Finite-range DCDSs
Unrestricted
State-bounded
Run-bounded Finite-stateµLFO U
U
N DµLA U
U
D DµLP U
D
D DµL U
D
D DD: Verification is decidable;U: Verification is undecidable;N: There is no finite representation.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 15 / 34
Results on DCDSsU
nres
tric
ted
DCD
Ss(T
urin
gco
mpl
ete)
Stat
e-bo
unde
dD
CDSs
Run-
boun
ded
DCD
Ss
Fini
te-s
tate
DCD
Ss
GR+-acyclic DCDSs
GR-acyclic DCDSs
Weak-acyclic DCDSs
Finite-range DCDSs
Unrestricted State-bounded Run-bounded Finite-stateµLFO U U N DµLA U U D DµLP U D D D
µL U D D DD: Verification is decidable;U: Verification is undecidable;N: There is no finite representation.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 15 / 34
Results on DCDSsU
nres
tric
ted
DCD
Ss(T
urin
gco
mpl
ete)
Stat
e-bo
unde
dD
CDSs
Run-
boun
ded
DCD
Ss
Fini
te-s
tate
DCD
Ss
GR+-acyclic DCDSs
GR-acyclic DCDSs
Weak-acyclic DCDSs
Finite-range DCDSs
Unrestricted State-bounded Run-bounded Finite-stateµLFO U U N DµLA U U D DµLP U D D D
µL U D D DD: Verification is decidable;U: Verification is undecidable;N: There is no finite representation.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 15 / 34
Results on DCDSsU
nres
tric
ted
DCD
Ss(T
urin
gco
mpl
ete)
Stat
e-bo
unde
dD
CDSs
Run-
boun
ded
DCD
Ss
Fini
te-s
tate
DCD
SsGR+-acyclic DCDSs
GR-acyclic DCDSs
Weak-acyclic DCDSs
Finite-range DCDSs
Unrestricted State-bounded Run-bounded Finite-stateµLFO U U N DµLA U U D DµLP U D D D
µL U D D DD: Verification is decidable;U: Verification is undecidable;N: There is no finite representation.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 15 / 34
Towards the Decidability ResultsSources of infinity in DCDSs:
• Infinite branching;• Infinite runs.
P(a) P(a)
P(b)
. . .
. . .
. . .
. . .
To prove decidability of model checking for a given restriction andverification formalism:
• we use bisimulation as a tool;• show the restricted DCDSs have a finite-state bisimilar transition
system.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 16 / 34
BisimulationStates sA and sB of transition systems A and B are bisimilar :
1 If sA and sB are isomorphic;2 If there exists a state sA1 of A such that sA ⇒A sA1 , then there exists
a state sB1 of B such that sB ⇒B sB1 , and sA1 and sB1 are bisimilar;3 the other direction!
A and B are bisimilar, if their initial states are bisimilar.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 17 / 34
BisimulationStates sA and sB of transition systems A and B are bisimilar :
1 If sA and sB are isomorphic;2 If there exists a state sA1 of A such that sA ⇒A sA1 , then there exists
a state sB1 of B such that sB ⇒B sB1 , and sA1 and sB1 are bisimilar;3 the other direction!
A and B are bisimilar, if their initial states are bisimilar.
A B
sA sB
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 17 / 34
BisimulationStates sA and sB of transition systems A and B are bisimilar :
1 If sA and sB are isomorphic;
2 If there exists a state sA1 of A such that sA ⇒A sA1 , then there existsa state sB1 of B such that sB ⇒B sB1 , and sA1 and sB1 are bisimilar;
3 the other direction!
A and B are bisimilar, if their initial states are bisimilar.
A B
sA sB
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 17 / 34
BisimulationStates sA and sB of transition systems A and B are bisimilar :
1 If sA and sB are isomorphic;2 If there exists a state sA1 of A such that sA ⇒A sA1 ,
then there existsa state sB1 of B such that sB ⇒B sB1 , and sA1 and sB1 are bisimilar;
3 the other direction!
A and B are bisimilar, if their initial states are bisimilar.
A B
sA sB
sA1
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 17 / 34
BisimulationStates sA and sB of transition systems A and B are bisimilar :
1 If sA and sB are isomorphic;2 If there exists a state sA1 of A such that sA ⇒A sA1 , then there exists
a state sB1 of B such that sB ⇒B sB1 ,
and sA1 and sB1 are bisimilar;3 the other direction!
A and B are bisimilar, if their initial states are bisimilar.
A B
sA sB
sA1 sB1
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 17 / 34
BisimulationStates sA and sB of transition systems A and B are bisimilar :
1 If sA and sB are isomorphic;2 If there exists a state sA1 of A such that sA ⇒A sA1 , then there exists
a state sB1 of B such that sB ⇒B sB1 , and sA1 and sB1 are bisimilar;
3 the other direction!
A and B are bisimilar, if their initial states are bisimilar.
A B
sA sB
sA1 sB1
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 17 / 34
BisimulationStates sA and sB of transition systems A and B are bisimilar :
1 If sA and sB are isomorphic;2 If there exists a state sA1 of A such that sA ⇒A sA1 , then there exists
a state sB1 of B such that sB ⇒B sB1 , and sA1 and sB1 are bisimilar;3 the other direction!
A and B are bisimilar, if their initial states are bisimilar.
A B
sA sB
sA1 sB1
sB2sA2
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 17 / 34
BisimulationStates sA and sB of transition systems A and B are bisimilar :
1 If sA and sB are isomorphic;2 If there exists a state sA1 of A such that sA ⇒A sA1 , then there exists
a state sB1 of B such that sB ⇒B sB1 , and sA1 and sB1 are bisimilar;3 the other direction!
A and B are bisimilar, if their initial states are bisimilar.
A B
sA sB
sA1 sB1
sB2sA2
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 17 / 34
BisimulationStates sA and sB of transition systems A and B are bisimilar :
1 If sA and sB are isomorphic;2 If there exists a state sA1 of A such that sA ⇒A sA1 , then there exists
a state sB1 of B such that sB ⇒B sB1 , and sA1 and sB1 are bisimilar;3 the other direction!
A and B are bisimilar, if their initial states are bisimilar.
µL invariance property of bisimulation:Bisimilar transition systems satisfy the same set of µL properties.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 17 / 34
Verification Formalisms (continue)
History PreservingBisimulation Invariant Languages
Persistence PreservingBisimulation Invariant Languages
Bisimulation Invariant Languages
L
CTL
µL
LPµLP
LAµLA
µLFOP
ropositionalTem
poralLogicsFirst
Order
TemporalLogics
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 18 / 34
Verification Formalisms (continue)
History PreservingBisimulation Invariant Languages
Persistence PreservingBisimulation Invariant Languages
Bisimulation Invariant Languages
L
CTL
µL
LPµLP
LAµLA
µLFOP
ropositionalTem
poralLogicsFirst
Order
TemporalLogics
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 18 / 34
Verification Formalisms (continue)
History PreservingBisimulation Invariant Languages
Persistence PreservingBisimulation Invariant Languages
Bisimulation Invariant Languages
L
CTL
µL
LPµLP
LAµLA
µLFOP
ropositionalTem
poralLogicsFirst
Order
TemporalLogics
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 18 / 34
Decidability Results for Run-bounded Systems:TheoremVerification of µLA over run-bounded DCDSs is decidable and can bereduced to model checking of propositional µ-calculus over a finitetransition system.
Idea: use isomorphic types instead ofactual values.
Remember: runs are bounded!
...
...
...
...
. . .
a-bisimilar
non a-bisimilar
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 19 / 34
Decidability Results for Run-bounded Systems:TheoremVerification of µLA over run-bounded DCDSs is decidable and can bereduced to model checking of propositional µ-calculus over a finitetransition system.
Idea: use isomorphic types instead ofactual values.
Remember: runs are bounded!
...
...
...
...
. . .
a-bisimilar
non a-bisimilar
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 19 / 34
Decidability Results for Run-bounded Systems:TheoremVerification of µLA over run-bounded DCDSs is decidable and can bereduced to model checking of propositional µ-calculus over a finitetransition system.
Idea: use isomorphic types instead ofactual values.
Remember: runs are bounded!
...
...
...
...
. . .
a-bisimilar
non a-bisimilar
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 19 / 34
History Preserving Bisimulation{P(x) P(x) ∧ Q(f (x), g(x))Q(a, a) ∧ P(x) R(x),
I0 = {P(a), Q(a, a)}
P(a) Q(a,a)
f(a) 7→b g(a)7→b
P(a) R(a) Q(b,b)
f(a) 7→a g(a) 7→a
P(a) R(a) Q(a,a)
f(a) 7→c g(a) 7→c
P(a) R(a) Q(c,c)
f(a) 7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→c g(a) 7→c
P(a) Q(c,c)
. . .
P(a) Q(a,a)
f(a) 7→b g(a) 7→a
P(a) R(a) Q(b,a)
f(a) 7→a g(a) 7→b
P(a) R(a) Q(a,b)
f(a) 7→a g(a)7→a
P(a) R(a) Q(a,a)
f(a)7→b g(a) 7→b
P(a) R(a) Q(b,b)
f(a)7→b g(a) 7→c
P(a) R(a) Q(b,c)
f(a)7→a g(a)7→b
P(a) Q(a,b)
f(a)7→b g(a)7→a
P(a) Q(b,a)
f(a)7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→b g(a) 7→c
P(a) Q(b,c)
Two transition systems are historypreserving bisimilar.
Consequently, satisfy the same setof µLA properties.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 20 / 34
History Preserving Bisimulation
P(a) Q(a,a)
f(a) 7→b g(a)7→b
P(a) R(a) Q(b,b)
f(a) 7→a g(a) 7→a
P(a) R(a) Q(a,a)
f(a) 7→c g(a) 7→c
P(a) R(a) Q(c,c)
f(a) 7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→c g(a) 7→c
P(a) Q(c,c)
. . .
P(a) Q(a,a)
f(a) 7→b g(a) 7→a
P(a) R(a) Q(b,a)
f(a) 7→a g(a) 7→b
P(a) R(a) Q(a,b)
f(a) 7→a g(a)7→a
P(a) R(a) Q(a,a)
f(a)7→b g(a) 7→b
P(a) R(a) Q(b,b)
f(a)7→b g(a) 7→c
P(a) R(a) Q(b,c)
f(a)7→a g(a)7→b
P(a) Q(a,b)
f(a)7→b g(a)7→a
P(a) Q(b,a)
f(a)7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→b g(a) 7→c
P(a) Q(b,c)
Two transition systems are historypreserving bisimilar.
Consequently, satisfy the same setof µLA properties.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 20 / 34
History Preserving Bisimulation
P(a) Q(a,a)
f(a) 7→b g(a)7→b
P(a) R(a) Q(b,b)
f(a) 7→a g(a) 7→a
P(a) R(a) Q(a,a)
f(a) 7→c g(a) 7→c
P(a) R(a) Q(c,c)
f(a) 7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→c g(a) 7→c
P(a) Q(c,c)
. . .
P(a) Q(a,a)
f(a) 7→b g(a) 7→a
P(a) R(a) Q(b,a)
f(a) 7→a g(a) 7→b
P(a) R(a) Q(a,b)
f(a) 7→a g(a)7→a
P(a) R(a) Q(a,a)
f(a)7→b g(a) 7→b
P(a) R(a) Q(b,b)
f(a)7→b g(a) 7→c
P(a) R(a) Q(b,c)
f(a)7→a g(a)7→b
P(a) Q(a,b)
f(a)7→b g(a)7→a
P(a) Q(b,a)
f(a)7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→b g(a) 7→c
P(a) Q(b,c)
Two transition systems are historypreserving bisimilar.
Consequently, satisfy the same setof µLA properties.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 20 / 34
History Preserving Bisimulation
P(a) Q(a,a)
f(a) 7→b g(a)7→b
P(a) R(a) Q(b,b)
f(a) 7→a g(a) 7→a
P(a) R(a) Q(a,a)
f(a) 7→c g(a) 7→c
P(a) R(a) Q(c,c)
f(a) 7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→c g(a) 7→c
P(a) Q(c,c)
. . .
P(a) Q(a,a)
f(a) 7→b g(a) 7→a
P(a) R(a) Q(b,a)
f(a) 7→a g(a) 7→b
P(a) R(a) Q(a,b)
f(a) 7→a g(a)7→a
P(a) R(a) Q(a,a)
f(a)7→b g(a) 7→b
P(a) R(a) Q(b,b)
f(a)7→b g(a) 7→c
P(a) R(a) Q(b,c)
f(a)7→a g(a)7→b
P(a) Q(a,b)
f(a)7→b g(a)7→a
P(a) Q(b,a)
f(a)7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→b g(a) 7→c
P(a) Q(b,c)
Two transition systems are historypreserving bisimilar.
Consequently, satisfy the same setof µLA properties.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 20 / 34
History Preserving Bisimulation
P(a) Q(a,a)
f(a) 7→b g(a)7→b
P(a) R(a) Q(b,b)
f(a) 7→a g(a) 7→a
P(a) R(a) Q(a,a)
f(a) 7→c g(a) 7→c
P(a) R(a) Q(c,c)
f(a) 7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→c g(a) 7→c
P(a) Q(c,c)
. . .
P(a) Q(a,a)
f(a) 7→b g(a) 7→a
P(a) R(a) Q(b,a)
f(a) 7→a g(a) 7→b
P(a) R(a) Q(a,b)
f(a) 7→a g(a)7→a
P(a) R(a) Q(a,a)
f(a)7→b g(a) 7→b
P(a) R(a) Q(b,b)
f(a)7→b g(a) 7→c
P(a) R(a) Q(b,c)
f(a)7→a g(a)7→b
P(a) Q(a,b)
f(a)7→b g(a)7→a
P(a) Q(b,a)
f(a)7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→b g(a) 7→c
P(a) Q(b,c)
Two transition systems are historypreserving bisimilar.
Consequently, satisfy the same setof µLA properties.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 20 / 34
History Preserving Bisimulation
P(a) Q(a,a)
f(a) 7→b g(a)7→b
P(a) R(a) Q(b,b)
f(a) 7→a g(a) 7→a
P(a) R(a) Q(a,a)
f(a) 7→c g(a) 7→c
P(a) R(a) Q(c,c)
f(a) 7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→c g(a) 7→c
P(a) Q(c,c)
. . .
P(a) Q(a,a)
f(a) 7→b g(a) 7→a
P(a) R(a) Q(b,a)
f(a) 7→a g(a) 7→b
P(a) R(a) Q(a,b)
f(a) 7→a g(a)7→a
P(a) R(a) Q(a,a)
f(a)7→b g(a) 7→b
P(a) R(a) Q(b,b)
f(a)7→b g(a) 7→c
P(a) R(a) Q(b,c)
f(a)7→a g(a)7→b
P(a) Q(a,b)
f(a)7→b g(a)7→a
P(a) Q(b,a)
f(a)7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→b g(a) 7→c
P(a) Q(b,c)
Two transition systems are historypreserving bisimilar.
Consequently, satisfy the same setof µLA properties.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 20 / 34
History Preserving Bisimulation
P(a) Q(a,a)
f(a) 7→b g(a)7→b
P(a) R(a) Q(b,b)
f(a) 7→a g(a) 7→a
P(a) R(a) Q(a,a)
f(a) 7→c g(a) 7→c
P(a) R(a) Q(c,c)
f(a) 7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→c g(a) 7→c
P(a) Q(c,c)
. . .
P(a) Q(a,a)
f(a) 7→b g(a) 7→a
P(a) R(a) Q(b,a)
f(a) 7→a g(a) 7→b
P(a) R(a) Q(a,b)
f(a) 7→a g(a)7→a
P(a) R(a) Q(a,a)
f(a)7→b g(a) 7→b
P(a) R(a) Q(b,b)
f(a)7→b g(a) 7→c
P(a) R(a) Q(b,c)
f(a)7→a g(a)7→b
P(a) Q(a,b)
f(a)7→b g(a)7→a
P(a) Q(b,a)
f(a)7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→b g(a) 7→c
P(a) Q(b,c)
Two transition systems are historypreserving bisimilar.
Consequently, satisfy the same setof µLA properties.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 20 / 34
History Preserving Bisimulation
P(a) Q(a,a)
f(a) 7→b g(a)7→b
P(a) R(a) Q(b,b)
f(a) 7→a g(a) 7→a
P(a) R(a) Q(a,a)
f(a) 7→c g(a) 7→c
P(a) R(a) Q(c,c)
f(a) 7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→c g(a) 7→c
P(a) Q(c,c)
. . .
P(a) Q(a,a)
f(a) 7→b g(a) 7→a
P(a) R(a) Q(b,a)
f(a) 7→a g(a) 7→b
P(a) R(a) Q(a,b)
f(a) 7→a g(a)7→a
P(a) R(a) Q(a,a)
f(a)7→b g(a) 7→b
P(a) R(a) Q(b,b)
f(a)7→b g(a) 7→c
P(a) R(a) Q(b,c)
f(a)7→a g(a)7→b
P(a) Q(a,b)
f(a)7→b g(a)7→a
P(a) Q(b,a)
f(a)7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→b g(a) 7→c
P(a) Q(b,c)
Two transition systems are historypreserving bisimilar.
Consequently, satisfy the same setof µLA properties.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 20 / 34
History Preserving Bisimulation
P(a) Q(a,a)
f(a) 7→b g(a)7→b
P(a) R(a) Q(b,b)
f(a) 7→a g(a) 7→a
P(a) R(a) Q(a,a)
f(a) 7→c g(a) 7→c
P(a) R(a) Q(c,c)
f(a) 7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→c g(a) 7→c
P(a) Q(c,c)
. . .
P(a) Q(a,a)
f(a) 7→b g(a) 7→a
P(a) R(a) Q(b,a)
f(a) 7→a g(a) 7→b
P(a) R(a) Q(a,b)
f(a) 7→a g(a)7→a
P(a) R(a) Q(a,a)
f(a)7→b g(a) 7→b
P(a) R(a) Q(b,b)
f(a)7→b g(a) 7→c
P(a) R(a) Q(b,c)
f(a)7→a g(a)7→b
P(a) Q(a,b)
f(a)7→b g(a)7→a
P(a) Q(b,a)
f(a)7→b g(a)7→b
P(a) Q(b,b)
f(a) 7→b g(a) 7→c
P(a) Q(b,c)
Two transition systems are historypreserving bisimilar.Consequently, satisfy the same setof µLA properties.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 20 / 34
Undecidability Results for State-bounded Systems
TheoremVerification of µLA over state-bounded DCDSs is undecidable.
Idea: the logic can arbitrarily quantify over the infinitely many valuesencountered during a single run, and start comparing them.
Technical proof: satisfiability of LTL with freeze quantifiers can be encodedas a model checking problem of µLA formulae over state-bounded DCDSs.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 21 / 34
Decidability Results for State-bounded SystemsTheoremVerification of µLP over state-bounded DCDSs is decidable and can bereduced to model checking of propositional µ-calculus over a finitetransition system.
2 Finite abstraction along the runs:I µLP looses track of previous values that do
not exist anymore.I New values can be replaced with old,
non-persisting ones.I This eventually leads to recycle the old values
without generating new ones.
......
......
......
......
. . .
p-bisimilar
non p-bisimilar
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 22 / 34
Decidability Results for State-bounded SystemsTheoremVerification of µLP over state-bounded DCDSs is decidable and can bereduced to model checking of propositional µ-calculus over a finitetransition system.
Steps:1 Prune infinite branching (isomorphic types).2 Finite abstraction along the runs:
I µLP looses track of previous values that donot exist anymore.
I New values can be replaced with old,non-persisting ones.
I This eventually leads to recycle the old valueswithout generating new ones.
......
......
......
......
. . .
p-bisimilar
non p-bisimilar
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 22 / 34
Decidability Results for State-bounded SystemsTheoremVerification of µLP over state-bounded DCDSs is decidable and can bereduced to model checking of propositional µ-calculus over a finitetransition system.
Steps:1 Prune infinite branching (isomorphic types).2 Finite abstraction along the runs:
I µLP looses track of previous values that donot exist anymore.
I New values can be replaced with old,non-persisting ones.
I This eventually leads to recycle the old valueswithout generating new ones.
......
......
......
......
. . .
p-bisimilar
non p-bisimilar
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 22 / 34
Decidability Results for State-bounded SystemsTheoremVerification of µLP over state-bounded DCDSs is decidable and can bereduced to model checking of propositional µ-calculus over a finitetransition system.
Steps:1 Prune infinite branching (isomorphic types).2 Finite abstraction along the runs:
I µLP looses track of previous values that donot exist anymore.
I New values can be replaced with old,non-persisting ones.
I This eventually leads to recycle the old valueswithout generating new ones.
......
...
...
...
. . .
p-bisimilar
non p-bisimilar
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 22 / 34
Weak-acyclicity
I0 = {P(a)}
α :{
P(x) R(x),R(x) P(f (x))
P(a)
R(a)
f (a) 7→ b
P(b)
f (a) 7→ b
R(b)
f (a) 7→ bf (b) 7→ c
P(c)
f (a) 7→ bf (b) 7→ c
R(c)
. . .
I0 = {P(a)}
α :
P(x) P(x),P(x) R(f (x))R(x) S(f (x))
P(a)
f (a) 7→ b
P(a),R(b)
f (a) 7→ bf (b) 7→ c
P(a),R(b), S(c)
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 23 / 34
Weak-acyclicity
I0 = {P(a)}
α :{
P(x) R(x),R(x) P(f (x))
P(a)
R(a)
f (a) 7→ b
P(b)
f (a) 7→ b
R(b)
f (a) 7→ bf (b) 7→ c
P(c)
f (a) 7→ bf (b) 7→ c
R(c)
. . .
I0 = {P(a)}
α :
P(x) P(x),P(x) R(f (x))R(x) S(f (x))
P(a)
f (a) 7→ b
P(a),R(b)
f (a) 7→ bf (b) 7→ c
P(a),R(b), S(c)
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 23 / 34
Weak-acyclicity
I0 = {P(a)}
α :{
P(x) R(x),R(x) P(f (x))
P(a)
R(a)
f (a) 7→ b
P(b)
f (a) 7→ b
R(b)
f (a) 7→ bf (b) 7→ c
P(c)
f (a) 7→ bf (b) 7→ c
R(c)
. . .
I0 = {P(a)}
α :
P(x) P(x),P(x) R(f (x))R(x) S(f (x))
P(a)
f (a) 7→ b
P(a),R(b)
f (a) 7→ bf (b) 7→ c
P(a),R(b), S(c)
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 23 / 34
Weak-acyclicity
I0 = {P(a)}
α :{
P(x) R(x),R(x) P(f (x))
P(a)
R(a)
f (a) 7→ b
P(b)
f (a) 7→ b
R(b)
f (a) 7→ bf (b) 7→ c
P(c)
f (a) 7→ bf (b) 7→ c
R(c)
. . .
I0 = {P(a)}
α :
P(x) P(x),P(x) R(f (x))R(x) S(f (x))
P(a)
f (a) 7→ b
P(a),R(b)
f (a) 7→ bf (b) 7→ c
P(a),R(b), S(c)
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 23 / 34
Weak-acyclicity
I0 = {P(a)}
α :{
P(x) R(x),R(x) P(f (x))
P(a)
R(a)
f (a) 7→ b
P(b)
f (a) 7→ b
R(b)
f (a) 7→ bf (b) 7→ c
P(c)
f (a) 7→ bf (b) 7→ c
R(c)
. . .
I0 = {P(a)}
α :
P(x) P(x),P(x) R(f (x))R(x) S(f (x))
P(a)
f (a) 7→ b
P(a),R(b)
f (a) 7→ bf (b) 7→ c
P(a),R(b), S(c)
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 23 / 34
Weak-acyclicity
I0 = {P(a)}
α :{
P(x) R(x),R(x) P(f (x))
P(a)
R(a)
f (a) 7→ b
P(b)
f (a) 7→ b
R(b)
f (a) 7→ bf (b) 7→ c
P(c)
f (a) 7→ bf (b) 7→ c
R(c)
. . .
I0 = {P(a)}
α :
P(x) P(x),P(x) R(f (x))R(x) S(f (x))
P(a)
f (a) 7→ b
P(a),R(b)
f (a) 7→ bf (b) 7→ c
P(a),R(b), S(c)
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 23 / 34
Weak-acyclicity
I0 = {P(a)}
α :{
P(x) R(x),R(x) P(f (x))
P(a)
R(a)
f (a) 7→ b
P(b)
f (a) 7→ b
R(b)
f (a) 7→ bf (b) 7→ c
P(c)
f (a) 7→ bf (b) 7→ c
R(c)
. . .
I0 = {P(a)}
α :
P(x) P(x),P(x) R(f (x))R(x) S(f (x))
P(a)
f (a) 7→ b
P(a),R(b)
f (a) 7→ bf (b) 7→ c
P(a),R(b), S(c)
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 23 / 34
Weak-acyclicity
I0 = {P(a)}
α :{
P(x) R(x),R(x) P(f (x))
P(a)
R(a)
f (a) 7→ b
P(b)
f (a) 7→ b
R(b)
f (a) 7→ bf (b) 7→ c
P(c)
f (a) 7→ bf (b) 7→ c
R(c)
. . .
I0 = {P(a)}
α :
P(x) P(x),P(x) R(f (x))R(x) S(f (x))
P(a)
f (a) 7→ b
P(a),R(b)
f (a) 7→ bf (b) 7→ c
P(a),R(b), S(c)
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 23 / 34
Weak-acyclicity
I0 = {P(a)}
α :{
P(x) R(x),R(x) P(f (x))
P(a)
R(a)
f (a) 7→ b
P(b)
f (a) 7→ b
R(b)
f (a) 7→ bf (b) 7→ c
P(c)
f (a) 7→ bf (b) 7→ c
R(c)
. . .
I0 = {P(a)}
α :
P(x) P(x),P(x) R(f (x))R(x) S(f (x))
P(a)
f (a) 7→ b
P(a),R(b)
f (a) 7→ bf (b) 7→ c
P(a),R(b), S(c)
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 23 / 34
Weak-acyclicity
I0 = {P(a)}
α :{
P(x) R(x),R(x) P(f (x))
P(a)
R(a)
f (a) 7→ b
P(b)
f (a) 7→ b
R(b)
f (a) 7→ bf (b) 7→ c
P(c)
f (a) 7→ bf (b) 7→ c
R(c)
. . .
I0 = {P(a)}
α :
P(x) P(x),P(x) R(f (x))R(x) S(f (x))
P(a)
f (a) 7→ b
P(a),R(b)
f (a) 7→ bf (b) 7→ c
P(a),R(b), S(c)
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 23 / 34
Weak-acyclicity
I0 = {P(a)}
α :{
P(x) R(x),R(x) P(f (x))
P(a)
R(a)
f (a) 7→ b
P(b)
f (a) 7→ b
R(b)
f (a) 7→ bf (b) 7→ c
P(c)
f (a) 7→ bf (b) 7→ c
R(c)
. . .
I0 = {P(a)}
α :
P(x) P(x),P(x) R(f (x))R(x) S(f (x))
P(a)
f (a) 7→ b
P(a),R(b)
f (a) 7→ bf (b) 7→ c
P(a),R(b), S(c)
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 23 / 34
Weak-acyclicity
I0 = {P(a)}
α :{
P(x) R(x),R(x) P(f (x))
P(a)
R(a)
f (a) 7→ b
P(b)
f (a) 7→ b
R(b)
f (a) 7→ bf (b) 7→ c
P(c)
f (a) 7→ bf (b) 7→ c
R(c)
. . .
I0 = {P(a)}
α :
P(x) P(x),P(x) R(f (x))R(x) S(f (x))
P(a)
f (a) 7→ b
P(a),R(b)
f (a) 7→ bf (b) 7→ c
P(a),R(b), S(c)
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 23 / 34
Weak-acyclicity
I0 = {P(a)}
α :{
P(x) R(x),R(x) P(f (x))
P R*
I0 = {P(a)}
α :
P(x) P(x),P(x) R(f (x))R(x) S(f (x))
PR
S
* *
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 23 / 34
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 24 / 34
Knowledge and Action Bases (KAB)
Ontology
T
A
Process KAB
T
A
• To better capture the semantics of the domain of interestat conceptual level
• To take into account the incomplete information
Data Layer: Description logic KB• Data schema: (DL-Lite-A)TBox• Data instance: (DL-Lite-A) ABox
µLFO µLA µLP µLunrestricted U ← U ← U ← U D: decidable
weak-acyclicity ? D → D → D U: undecidable
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 25 / 34
Separation Principle and Semantic Layer
The evolution of the artifact system occurs at the artifact layer.• Processes are defined over the database schemas of the artifacts.
The semantic layer can be added on top of the artifact layer to:• Understand the artifact system in terms of concepts and relationships
relevant for the domain of interest.I Unified view of the whole system.I Interconnection of different artifacts that share information, though
with different representation.I Specification of queries as well as static and dynamic constraint at the
conceptual level.• Verify and monitor whether the artifact system satisfies dynamic
constraints specified over the semantic layer.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 26 / 34
Semantically-governed Artifact-Centric ModelsSemantic layer: I-HUB’s conceptual schema (TBox) composed of semanticconstraints that define the “data boundaries” of the artifact system.
TBox
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 27 / 34
Semantically-governed Artifact-Centric ModelsReal data are concretely maintained at the artifact layer.Snapshot: database instances of artifacts.
Da
Db
Dc
Artifact System Snapshot
TBox
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 28 / 34
Semantically-governed Artifact-Centric ModelsEach snapshot is conceptualized in the ontology, in terms of an ABox.Mappings define how to obtain the virtual ABox from the data sources.
Da
Db
Dc
Artifact System Snapshot
Mappings
Semantic Layer Snapshot
TBox
ABox1
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 29 / 34
Semantically-governed A3MThe system evolves using actions executed over the artifact layer.Semantic layer used to understand the evolution at the conceptual level.
Da
Db
Dc
Artifact System Snapshot
D'a
D'b
D'c
Artifact System Snapshot
Actionexecution
Mappings Mappings
Semantic Layer Snapshot
TBox
ABox1
TBox
Semantic Layer Snapshot
ABox2
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 30 / 34
Semantically-governed A3MSemantic governance: semantic layer used to regulate the actions’execution at the artifact layer.
Da
Db
Dc
Artifact System Snapshot
D'a
D'b
D'c
Artifact System Snapshot
Actionexecution
Mappings Mappings
Semantic Layer Snapshot
TBox
ABox1
TBox
Semantic Layer Snapshot
ABox2
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 31 / 34
Next steps• Relaxation of syntactic restrictions for state-boundedness.• Investigating the connection to other infinite-state formalisms.
I Petri nets;I LTL with freeze quantifier;I Well-structured transition systems.
• Investigate the connection to more classic notations in BPM.I BPMNs;I Petri Nets.
• Investigating the fragments with lower complexities.• Develop a fully-fledged model checker for DCDSs.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 32 / 34
PublicationsJournal Articles
• Babak Bagheri Hariri, Diego Calvanese, Marco Montali, Giuseppe De Giacomo, Riccardo De Masellis, and Paolo Felli.“Description logic Knowledge and Action Bases”. Journal of Artificial Intelligence Research (JAIR), 2012. To appear.
Conference Papers• Babak Bagheri Hariri, Diego Calvanese, Marco Montali, Giuseppe De Giacomo, and Alin Deutsch. “Verification of
relational data-centric dynamic systems with external services”. In Proc. of the 32nd ACM SIGACT SIGMOD SIGARTSymp. on Principles of Database Systems (PODS 2013), 2013. To appear
• Babak Bagheri Hariri, Diego Calvanese, Marco Montali, Giuseppe De Giacomo, Riccardo De Masellis, and Paolo Felli.“Verification of description logic Knowledge and Action Bases”. In Proc. of the 20th European Conf. on ArtificialIntelligence (ECAI 2012), volume 242 of Frontiers in Artificial Intelligence and Applications, pages 103-108, 2012.
• Babak Bagheri Hariri, Diego Calvanese, Giuseppe De Giacomo, Riccardo De Masellis, and Paolo Felli. “Foundations ofrelational artifacts verification”. In Proc. of the 9th Int. Conference on Business Process Management (BPM 2011),volume 6896 of Lecture Notes in Computer Science, pages 379-395. Springer, 2011.
Workshop Papers• Babak Bagheri Hariri, Diego Calvanese, Giuseppe De Giacomo, and Riccardo De Masellis. ‘’Verification of
conjunctive-query based semantic artifacts”. In Proc. of the 24th Int. Workshop on Description Logics (DL 2011),volume 745 of CEUR Electronic Workshop Proceedings, pages 48-58, 2011.
Technical Reports• D. Calvanese, G. De Giacomo, B. Bagheri Hariri, R. De Masellis, D. Lembo, M. Montali,. “Techniques and Tools for
KAB to Manage Action Linkage with Artifact Layer”. ACSI Project Deliverable D2.4.1, 2012.• Babak Bagheri Hariri, Diego Calvanese, Giuseppe De Giacomo, Alin Deutsch, and Marco Montali. “Verification of
relational data-centric dynamic systems with external services”. CoRR Technical Report, March 2012.
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 33 / 34
Thanks!
Questions, Comments, Suggestions ?
a i S C
Babak Bagheri Hariri Borders of Decidability in Verification of DCDSs March, 2013 34 / 34