Download Document

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
Document related concepts
no text concepts found
Transcript 
Abstractions
Eric Feron
Outline
•
•
•
•
•
•
Principles of abstraction
Motivating example
Abstracting variables
Abstracting functions
Abstracting operators
Recommended readings
Principles of abstractions
• We consider software or hardware objects which
are too complicated to describe exactly.
• We approximate them by embedding them into
larger objects, but whose description is simpler.
• If the original objects are subject to
manipulations, we are able to manipulate their
abstractions at comparable computational cost.
• Hopefully we learn something useful.
Example
• Prototype program
[1]
while x> 1000 do
[2]
x:=x+y ;
[3]
od;
[4]
(x,y) in [-b-1;b] integer
b is overflow limit.
Program characteristics:
Program terminates without error iff
(x>0, y0<0).
Execution never terminates iff
(1000< x0<b)(y0=0).
Execution leads to run-time error (by
overflow) iff (x0>1000)(y0>0).
These are desirable characteristics to be
found
Where can the states of a
program go?
[1]
while x> 1000 do
[2]
x:=x+y ;
[3]
od;
[4]
1
if x<1000
if x> 1000
2
4
<x,y> < <x+y,y>
if x>1000
if x<1000
3
(x,y) in I =[-b;b] integer
Representation of program behavior by means of automaton possible but
not really compact.
Reachable states
Reachable states
• Order relation is that of inclusion: A set is smaller
than another if it is included in it
• Forms a complete lattice: Any finite set of sets
has a least upper bound and a greatest lower
bound.
• Reachable set always grows with iterations
• Basic theorem: A sequence of sets that always
grows ends up converging.
• But convergence can take a very long time
Example of complete lattice
Set L of subsets of states in a state-space S:
Partial order is traditional inclusion
H = {H1,H2}  L
H1 U H2 is the least upper bound for H.
H1  H2 is the greatest lower bound for H.
H1
H2
Obviously these exist for any H.
L has an infimum: The empty set
L has a supremum: S.
Problem: Arbitrary sets are often not computer-representable, thus
hard to do computations with them.
(Discrete) Complete Lattices
A
Some element in the set A
Least upper bound
Greatest lower bound
For our purposes, each element
is a set. So A is a set of sets.
Back to our program
Assume
y <0, x>0.
Clearly insufficient to identify
what will happen to program
states
1
if x<1000
if x> 1000
2
4
<x,y>  <x+y,y>
if x>1000
if x<1000
3
Could use abstraction by means
of intervals:
eg: x in [200;2000],
y in [-2 -1]
Can extract "propagation laws"
for intervals rather than
numbers.
Lattice of Intervals
In one dimension
least upper bound (lub)
greatest lower bound (glb)
In two dimensions
Least upper bound
Greatest lower bound
From program on variables to abstracted
program on abstracted variables
1
(X1,Y1)
if x<1000
if x> 1000
1
if x<1000
if x> 1000
4
2
2
(X2,Y2)= (lub((X1[1000;b])
U (X3  [1000;b])),lub(Y1UY3))
<x,y>  <x+y,y>
if x>1000
(X4,Y4)=(lub((X1[-b;1000])
U(X3  [-b;1000])), lub(Y1UY3)
if x>1000
if x<1000
3
4
<x,y>  <x+y,y>
if x<1000
(X3,Y3) = (X2+Y2,Y2)
3
Step 1
1
X1 = [200;2000],
Y1 = [-2 -1]
if x<1000
if x> 1000
(X2,Y2)= (lub((X1[1000;b])
U (X3  [1000;b])),lub(Y1UY3))
X2= ,
2 Y2 = 
4
if x>1000
if x<1000
3
X3= ,
Y3 = 
(X3,Y3) = (X2+Y2,Y2)
x= ,
y=
(X4,Y4)=(lub((X1[-b;1000])
U(X3  [-b;1000])), lub(Y1UY3)
Step 2
1
X1 =[200;2000],
Y1 = [-2 -1]
if x<1000
if x> 1000
(X2,Y2)= (lub((X1[1000;b])
U (X3  [1000;b])),lub(Y1UY3))
if x>1000
2
X2 = [1000;2000]
Y2 = [-2 -1]
<x,y>  <x+y,y>
if x<1000
X3= ,
Y3 = 
3
(X3,Y3) = (X2+Y2,Y2)
4
X4= ,
Y4= 
(X4,Y4)=(lub((X1[-b;1000])
U(X3  [-b;1000])), lub(Y1UY3)
Step 3
1
X1 =[200;2000],
Y1 = [-2 -1]
if x<1000
if x> 1000
(X2,Y2)= (lub((X1[1000;b])
U (X3  [1000;b])),lub(Y1UY3))
if x>1000
2
X2 = [1000;2000]
Y2 = [-2 -1]
<x,y>  <x+y,y>
if x<1000
3
X3= [998,1999],
Y3 = [-2-1]
(X3,Y3) = (X2+Y2,Y2)
4
X4= ,
Y4= 
(X4,Y4)=(lub((X1[-b;1000])
U(X3  [-b;1000])), lub(Y1UY3)
Step 4
1
X1 =[200;2000],
Y1 = [-2 -1]
if x<1000
if x> 1000
(X2,Y2)= (lub((X1[1000;b])
U (X3  [1000;b])),lub(Y1UY3))
if x>1000
2
X2 = [1000;2000]
Y2 = [-2 -1]
<x,y>  <x+y,y>
if x<1000
3
X3= [998,1999],
Y3 = [-2;-1]
4
X4= [200,999],
Y4= [-2;-1]
(X4,Y4)=(lub((X1[-b;1000])
U(X3  [-b;1000])), lub(Y1UY3)
(X3,Y3) = (X2+Y2,Y2)
Any further iteration would not yield any change to the
values of (Xi, Yi)s: We have reached a fixed point.
New initial conditions
Step 1
1
X1 = [1200;2000],
Y1 = [-2 -1]
if x<1000
if x> 1000
(X2,Y2)= (lub((X1[1000;b])
U (X3  [1000;b])),lub(Y1UY3))
X2= ,
2 Y2 = 
4
if x>1000
if x<1000
3
X3= ,
Y3 = 
(X3,Y3) = (X2+Y2,Y2)
x= ,
y=
(X4,Y4)=(lub((X1[-b;1000])
U(X3  [-b;1000])), lub(Y1UY3)
Step 2
1
X1 =[1200;2000],
Y1 = [-2 -1]
if x<1000
if x> 1000
(X2,Y2)= (lub((X1[1000;b])
U (X3  [1000;b])),lub(Y1UY3))
2 X2 = [1200;2000]
4
X4= ,
Y4= 
Y2 = [-2 -1]
if x>1000
<x,y>  <x+y,y>
if x<1000
X3= ,
Y3 = 
3
(X3,Y3) = (X2+Y2,Y2)
(X4,Y4)=(lub((X1[-b;1000])
U(X3  [-b;1000])), lub(Y1UY3)
Step 3
1
X1 =[1200;2000],
Y1 = [-2 -1]
if x<1000
if x> 1000
(X2,Y2)= (lub((X1[1000;b])
U (X3  [1000;b])),lub(Y1UY3))
if x>1000
2
X2 = [1200;2000]
Y2 = [-2 -1]
<x,y>  <x+y,y>
if x<1000
3
X3= [1198,1999],
Y3 = [-2-1]
(X3,Y3) = (X2+Y2,Y2)
4
X4= ,
Y4= 
(X4,Y4)=(lub((X1[-b;1000])
U(X3  [-b;1000])), lub(Y1UY3)
Step 4
1
X1 =[1200;2000],
Y1 = [-2 -1]
if x<1000
if x> 1000
(X2,Y2)= (lub((X1[1000;b])
U (X3  [1000;b])),lub(Y1UY3))
if x>1000
2
X2 = [1200;2000]
Y2 = [-2 -1]
<x,y>  <x+y,y>
if x<1000
3
X3= [1198,1999],
Y3 = [-2-1]
4
X4= ,
Y4= 
(X4,Y4)=(lub((X1[-b;1000])
U(X3  [-b;1000])), lub(Y1UY3)
(X3,Y3) = (X2+Y2,Y2)
We are not finished with iterations.....
Step 5
1
X1 =[1200;2000],
Y1 = [-2 -1]
if x<1000
if x> 1000
(X2,Y2)= (lub((X1[1000;b])
U (X3  [1000;b])),lub(Y1UY3))
if x>1000
2
X2 = [1198;2000]
Y2 = [-2 -1]
<x,y>  <x+y,y>
if x<1000
3
X3= [1198,1999],
Y3 = [-2-1]
(X3,Y3) = (X2+Y2,Y2)
4
X4= ,
Y4= 
(X4,Y4)=(lub((X1[-b;1000])
U(X3  [-b;1000])), lub(Y1UY3)
Step 6
1
X1 =[1200;2000],
Y1 = [-2 -1]
if x<1000
if x> 1000
(X2,Y2)= (lub((X1[1000;b])
U (X3  [1000;b])),lub(Y1UY3))
if x>1000
2
X2 = [1198;2000]
Y2 = [-2 -1]
<x,y>  <x+y,y>
if x<1000
3
X3= [1196,1999],
Y3 = [-2-1]
4
X4= ,
Y4= 
(X4,Y4)=(lub((X1[-b;1000])
U(X3  [-b;1000])), lub(Y1UY3)
(X3,Y3) = (X2+Y2,Y2)
All this is going to take a while to converge towards fixed point...
Some interesting questions
• How can I speed up the convergence of
the computations leading to a fixed point?
• Does the order in which I do the
computation (the sequence of vertices
where reachable sets are computed) have
much importance?
• How do I automatically write the
"abstracted program"?
Abstracting state spaces
further

{Set of all subsets
of signed integer numbers
between -b and b}
+
if x = T then x is any value
if x = + then 0<x<b
if x = 0 then x = 0
if x = - then -b<x<0
if x =  then 
Some Rules:
++-=T
but
+ + + = error
- + - = error
+U-=T
oT=o
0

Effect: Go from
huge state-space decompositions to
finite and simple state-space
decomposition
From program on variables to abstracted
program on abstracted variables
1
(X1,Y1)
if x<1000
if x> 1000
1
if x<1000
if x> 1000
4
2
2
(X2,Y2)=((X3+)U
(X1 +),Y1UY3)
<x,y>  <x+y,y>
if x>1000
(X4,Y4)=(X1UX3,Y1UY3)
if x>1000
if x<1000
3
<x,y>  <x+y,y>
if x<1000
3
(X3,Y3) =(X2+Y2,Y2)
4
Step 1
X1= +,
Y1 = -
1
if x<1000
if x> 1000
(X4,Y4)=(X1UX3,Y1UY3)
(X2,Y2)=((X3+)U
(X1 +),Y1UY3)
2
X2= ,
Y2 = 
if x>1000
X3= ,
Y3 = 
<x,y>  <x+y,y>
if x<1000
3
(X3,Y3) =(X2+Y2,Y2)
4
X4 = ,
Y4 = 
Step 2
X1= +,
Y1 = -
1
if x<1000
if x> 1000
(X4,Y4)=(X1UX3,Y1UY3)
(X2,Y2)=((X3+)U
(X1 +),Y1UY3)
2
X2= +,
Y2 = -
if x>1000
X3= ,
Y3 = 
<x,y>  <x+y,y>
if x<1000
3
(X3,Y3) =(X2+Y2,Y2)
4
X4 = ,
Y4 = 
Step 3
X1= +,
Y1 = -
1
if x<1000
if x> 1000
(X4,Y4)=(X1UX3,Y1UY3)
(X2,Y2)=((X3+)U
(X1 +),Y1UY3)
2
4
X2= +,
Y2 = -
if x>1000
<x,y>  <x+y,y>
if x<1000
X3= T,
Y3 = -
3
(X3,Y3) =(X2+Y2,Y2)
X4 = ,
Y4 = 
Step 4
X1= +,
Y1 = -
1
if x<1000
if x> 1000
(X4,Y4)=(X1UX3,Y1UY3)
(X2,Y2)=((X3+)U
(X1 +),Y1UY3)
2
4
X2= +,
Y2 = -
if x>1000
<x,y>  <x+y,y>
if x<1000
X3= T,
Y3 = -
3
(X3,Y3) =(X2+Y2,Y2)
... and we have reached a fixed point ....
X4 = T,
Y4 = -
Other motivating example
In ideal world (real numbers are reals and multiplies are truly
working as they should, the sequence converges to 1 for any
delta and x0.
But real world is populated by, well, floats, and things become more
hairy. In particular, system may exhibit disgraceful behaviors,
including non convergence to zero (or its vicinity).
Assume we would like to “establish good behavior” of the system over
a range of possible initial conditions and values of delta.
Issue: Exhaustive exploration of state-space is necessary but impossible
in current form. Must work at higher abstract level.
Abstraction of floats
• Float format (figuratively) defined as:
• Geometric distribution:
0
f2
f1
How do we prove things work over this range?
Possibly LOTS of floats between f1 and f2.
Abstraction: Consider the whole real interval between f1 and f2: [f1 f2].
Counterintuitive because reals are not machine representable.
Simple object though – the object itself (the interval) is machine-representable.
Working with abstractions
• Intuitively:
• But
Must have some machine-representable description of where interval could “land”
after “+” operation. Sounds trivial but requires monotonicity properties of ‘+’
operation over floats. In this case it’s OK. So we can write
Associativity counts… and + under floats is not associative
Back to system
Must define interval for xks.
Transition rules for intervals: “Abstracted transitions”
So in this case we can monitor behavior of entire interval by monitoring bounds.
Nonconvergence
:
Nonconvergence
• Would like to “bound” possible behaviors
From observations: Looks like it stays
around 1. Look at behaviors of intervals in
vicinity of 1.
Eg pick
By induction, true for all following iterations: So we know [.95 1.05] is invariant.
Nonconvergence (to 1) maybe, but could that be sufficient level of precision for
practical purposes?? Note analysis is for fixed delta (1e-5) – so far.
Guaranteed convergence to region of
nonconvergence
• Fix delta and a for simplicity
(you make them live in intervals for HW)
Look in more detail at behavior of
Need easy to analyze upper bounds for x+ and lower bounds for xRequires abstraction of float operations (+ and x) themselves!
Abstraction of float operations
Back to problem
Related documents
Heart Note One
Heart Note One
bill nye: blood and circulation
bill nye: blood and circulation
Dub The Heart
Dub The Heart
Further Exercises for the tutorials on logic in CS 3511 1. Find a
Further Exercises for the tutorials on logic in CS 3511 1. Find a
Blood & circulation
Blood & circulation
Heart webquest
Heart webquest
UProperty 1
UProperty 1
The Heart-‐ A parody of The Fox, by Ylvis
The Heart-‐ A parody of The Fox, by Ylvis
Blood & Circulation
Blood & Circulation