Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Invariant Analysis for Multi-agent Graph Transformation Systems Using k-Induction

  • Conference paper
  • First Online:
Graph Transformation (ICGT 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13349))

Included in the following conference series:

Abstract

The analysis of behavioral models such as Graph Transformation Systems (GTSs) is of central importance in model-driven engineering. However, GTSs often result in intractably large or even infinite state spaces and may be equipped with multiple or even infinitely many start graphs. To mitigate these problems, static analysis techniques based on finite symbolic representations of sets of states or paths thereof have been devised. We focus on the technique of k-induction for establishing invariants specified using graph conditions. To this end, k-induction generates symbolic paths backwards from a symbolic state representing a violation of a candidate invariant to gather information on how that violation could have been reached possibly obtaining contradictions to assumed invariants. However, GTSs where multiple agents regularly perform actions independently from each other cannot be analyzed using this technique as of now as the independence among backward steps may prevent the gathering of relevant knowledge altogether.

In this paper, we extend k-induction to GTSs with multiple agents thereby supporting a wide range of additional GTSs. As a running example, we consider an unbounded number of shuttles driving on a large-scale track topology, which adjust their velocity to speed limits to avoid derailing. As central contribution, we develop pruning techniques based on causality and independence among backward steps and verify that k-induction remains sound under this adaptation as well as terminates in cases where it did not terminate before.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Approaches such as CEGAR [4] also aim at minimizing symbolic state spaces.

  2. 2.

    Intuitively, GTSs have no built-in support for different agents as opposed to other non-flat formalisms (such as e.g. process calculi) where a multi-agent system is lazily constructed using a parallel composition operation where interaction steps between agents are then resolved at runtime. For such different formalisms, causality is much easier to analyze but it is one of the many strengths of GTSs that agents can interact in complex patterns not restricted by the formalism at hand.

  3. 3.

    The computational trade-off between pruning costs and costs for continued analysis of retained paths will play out differently for each example but, due to the usually exponential number of paths of a certain length, already the rather simple pruning technique based on assumed invariants was highly successful in [6, 19] where it was also required to establish a definite judgement at all.

  4. 4.

    To ease the presentation, we omit further assumed invariants excluding graphs with duplicate next edges or tracks with more than two successor/predecessor tracks.

  5. 5.

    Note that our approach extends to the usage of general match morphisms.

  6. 6.

    The candidate invariant \(\phi _{\mathsf {CI}}\) could also be violated because (a) it is not satisfied by all start graphs (which is excluded since \(\phi _{\mathsf {SC}} \,{\wedge }\,\phi _{\mathsf {CI}} \) captures the start graphs of the GTS), (b) a slow shuttle becomes a fast shuttle between a warning and a construction site (for which no rule exists in the GTS), and (c) a pair of a warning and a construction site could wrap a fast shuttle at runtime (for which no rule exists in the GTS).

  7. 7.

    The considered GT steps must preserve the matched graph elements and thereby explain how one match is propagated over a GT step resulting in the other match.

  8. 8.

    Similarly to the requirement on matches, which must essentially match the same graph elements, the extension monos must extend the graphs with the same graph elements up to the propagation along the considered symbolic steps.

  9. 9.

    For concrete GT steps, we rely on [10, Theorem 4.7] to obtain a construction procedure for the operation \(\mathsf {linearize}\). Also, this construction procedure extends to the case of symbolic steps as the additional GCs in symbolic states are extended precisely by the application conditions of the two involved rules in exchanged order only.

  10. 10.

    A symbolic state \((G,\phi )\) satisfies the start state condition \(\phi _{\mathsf {SC}} \) (or analogously an assumed invariant \(\phi _{\mathsf {AI}}\)) iff \(\phi \wedge \phi _{\mathsf {SC}} \) is satisfiable. The model generation procedure from [20] implemented in the tool AutoGraph [18] can be used to check GCs for satisfiability (if it returns unknown, the problem must be delegated to the user for \(\phi _{\mathsf {SC}} \) and satisfiability may be assumed for \(\phi _{\mathsf {AI}}\)). If \(\phi \wedge \lnot \phi _{\mathsf {SC}} \) (or, analogously, \(\phi \wedge \lnot \phi _{\mathsf {AI}} \)) is also satisfiable, not every concretization of paths \((G,\phi )\cdot \pi \) will be a violation. This source of overapproximation can be eliminated using splitting of states as in [19].

  11. 11.

    Note that, due to linearization, \(R_p\) may already contain some of the steps derived here. By implicitly comparing steps derived here to those in \(R_p\), we ensure to not derive isomorphic copies of steps. Also, two distinct parallel independent steps do not need to be linearized if not both steps are already contained in \(R_p\).

  12. 12.

    Two nodes \(n_1\) and \(n_2\) of a graph G are in a common weakly connected component (given by a set of nodes of G) of G iff there is a sequence of the edges of G from \(n_1\) to \(n_2\) where edges may be traversed in either direction.

  13. 13.

    Parallel independent backward steps are always performed by different agents.

  14. 14.

    This pruning technique can be refined by attributing agents to steps to then determine prunable states with greater precision complicating forward propagation.

References

  1. Augur 2. Universität Duisburg-Essen (2008). http://www.ti.inf.unidue.de/en/research/tools/augur2

  2. Becker, B., Giese, H.: On safe service-oriented real-time coordination for autonomous vehicles. In: 11th IEEE International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC 2008), 5–7 May 2008, Orlando, Florida, USA. pp. 203–210. IEEE Computer Society (2008). ISBN: 978-0-7695-3132-8. https://doi.org/10.1109/ISORC.2008.13, http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=4519543

  3. Berezin, S., Campos, S., Clarke, E.M.: Compositional reasoning in model checking. In: de Roever, W.-P., Langmaack, H., Pnueli, A. (eds.) COMPOS 1997. LNCS, vol. 1536, pp. 81–102. Springer, Heidelberg (1998). https://doi.org/10.1007/3-540-49213-5_4

    Chapter  Google Scholar 

  4. Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 154–169. Springer, Heidelberg (2000). https://doi.org/10.1007/10722167_15

    Chapter  Google Scholar 

  5. Courcelle, C.: The expression of graph properties and graph transformations in monadic second-order logic. In: Rozenberg, G. (ed.) Handbook of Graph Grammars and Computing by Graph Transformations, Volume 1: Foundations. World Scientific, pp. 313–400 (1997). ISBN: 9810228848

    Google Scholar 

  6. Dyck, J.: Verification of graph transformation systems with k-inductive invariants. Ph.D. thesis. University of Potsdam, Hasso Plattner Institute, Potsdam, Germany (2020). https://doi.org/10.25932/publishup-44274

  7. Dyck, J., Giese, H.: k-inductive invariant checking for graph transformation systems. In: de Lara, J., Plump, D. (eds.) ICGT 2017. LNCS, vol. 10373, pp. 142–158. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61470-0_9

    Chapter  MATH  Google Scholar 

  8. Ehrig, H., Ehrig, K., Prange, U., Taentzer, G.: Fundamentals of Algebraic Graph Transformation. Springer-Verlag, Berlin (2006). https://doi.org/10.1007/3-540-31188-2

  9. Ehrig, H., Ermel, C., Golas, U., Hermann, F.: Graph and model transformation - general framework and applications. Monogr. Theoret. Comput. Sci. An EATCS Series. Springer Berlin, Heidelberg (2015). ISBN: 978-3-662-47979-7. https://doi.org/10.1007/978-3-662-47980-3

  10. Ehrig, H., Golas, U., Habel, A., Lambers, L., Orejas. F.: \(\cal{M}\)-adhesive transformation systems with nested application conditions. Part 1: parallelism, concurrency and amalgamation. Math. Struct. Comput. Sci. 24(4) (2014). https://doi.org/10.1017/S0960129512000357

  11. EMF Henshin. The Eclipse Foundation (2013). http://www.eclipse.org/modeling/emft/henshin

  12. Graphs for Object-Oriented Verification (GROOVE). University of Twente (2011). http://groove.cs.utwente.nl

  13. Maximova, M., Giese, H., Krause, C.: Probabilistic timed graph transformation systems. J. Log. Algebr. Meth. Program. 101, 110–131 (2018). https://doi.org/10.1016/j.jlamp.2018.09.003

    Article  MathSciNet  MATH  Google Scholar 

  14. Maximova, M., Schneider, S., Giese, H.: Compositional analysis of probabilistic timed graph transformation systems. In: FASE 2021. LNCS, vol. 12649, pp. 196–217. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-71500-7_10

    Chapter  Google Scholar 

  15. Nielsen, M., Plotkin, G.D., Winskel, G.: Petri nets, event structures and domains, Part I. Theor. Comput. Sci. 13, 85–108 (1981). https://doi.org/10.1016/0304-3975(81)90112-2

    Article  MATH  Google Scholar 

  16. Pennemann, K.-H.: Development of correct graph transformation systems. URN: urn:nbn:de:gbv:715-oops-9483. Ph.D. thesis. University of Oldenburg, Germany (2009). http://oops.uni-oldenburg.de/884/

  17. Poskitt, C.M., Plump, D.: Verifying monadic second-order properties of graph programs. In: Giese, H., König, B. (eds.) ICGT 2014. LNCS, vol. 8571, pp. 33–48. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-09108-2_3

    Chapter  MATH  Google Scholar 

  18. Schneider, S.: AutoGraph. https://github.com/schneider-sven/AutoGraph

  19. Schneider, S., Dyck, J., Giese, H.: Formal verification of invariants for attributed graph transformation systems based on nested attributed graph conditions. In: Gadducci, F., Kehrer, T. (eds.) ICGT 2020. LNCS, vol. 12150, pp. 257–275. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51372-6_15

    Chapter  Google Scholar 

  20. Schneider, S., Lambers, L., Orejas, F.: Automated reasoning for attributed graph properties. Int. J. Softw. Tools Technol. Transfer 20(6), 705–737 (2018). https://doi.org/10.1007/s10009-018-0496-3

    Article  Google Scholar 

  21. Schneider, S., Maximova, M., Giese, H.: Invariant analysis for multi-agent graph transformation systems using k-induction. Tech. rep. 143. Hasso Plattner Institute, University of Potsdam (2022)

    Google Scholar 

  22. Smith, E.: On net systems generated by process foldings. In: Rozenberg, G. (ed.) ICATPN 1990. LNCS, vol. 524, pp. 253–276. Springer, Heidelberg (1991). https://doi.org/10.1007/BFb0019978

    Chapter  Google Scholar 

  23. Smith, E.: On the border of causality: contact and confusion. Theor. Comput. Sci. 153(1&2), 245–270 (1996). https://doi.org/10.1016/0304-3975(95)00123-9

  24. Steenken, D.: Verification of infinite-state graph transformation systems via abstraction. Ph.D. thesis. University of Paderborn (2015). http://nbn-resolving.de/urn:nbn:de:hbz:466:2-15768

Download references

Author information

Authors and Affiliations

  1. Hasso Plattner Institute, University of Potsdam, Potsdam, Germany

    Sven Schneider, Maria Maximova & Holger Giese

Authors
  1. Sven Schneider
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maria Maximova
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Holger Giese
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sven Schneider .

Editor information

Editors and Affiliations

  1. Université Paris Cité, Paris, France

    Nicolas Behr

  2. Computer Science and Engineering, Chalmers | Gothenburg University, Gothenburg, Sweden

    Daniel Strüber

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Schneider, S., Maximova, M., Giese, H. (2022). Invariant Analysis for Multi-agent Graph Transformation Systems Using k-Induction. In: Behr, N., Strüber, D. (eds) Graph Transformation. ICGT 2022. Lecture Notes in Computer Science, vol 13349. Springer, Cham. https://doi.org/10.1007/978-3-031-09843-7_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-09843-7_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-09842-0

  • Online ISBN: 978-3-031-09843-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation