1 / 31

Part 7. Phantoms: Legal States That Cannot Be Constructed

Part 7. Phantoms: Legal States That Cannot Be Constructed. Are There Legal States That Can’t Be Built?. State s is a phantom state (or phantom architecture) if It is legal (it satisfies the SoP rules) BUT

dagmar
Download Presentation

Part 7. Phantoms: Legal States That Cannot Be Constructed

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Part 7.Phantoms: Legal States That Cannot Be Constructed

  2. Are There Legal States That Can’t Be Built? • State s is a phantom state (or phantom architecture) if • It is legal (it satisfies the SoP rules) BUT • It cannot be constructed, starting with just a bare containment tree, and repeatedly using rules (productions) to add dependency edges • A ruleset that allows phantoms is called phantomic • Do phantoms exist?

  3. Example: Step-Wise Construction of a State • Example ruleset: • T  S  P o T  P o T o C  T o C • Ruleset has 4 productions: • T D (S) • T D (P T) • T D (P T C) • T D (T C) Start with tree, successively add edges allowed by productions Step 3 Step 2 Step 1 f (2)TD (P T) (4)TD (T C) (1)TD (S) This example ruleset allows no phantoms. Note: Phantoms cannot be constructed in a step-wise manner.

  4. Example Phantom #1: The “Cyclic Export” Ruleset &An “Identic” Phantom • Consider this rule: E C E o E • Rule means: • An E edge can follow a child C edge, or • An E edge can follow two E edges root root Phantom  OK  x x y E y = y E o E y Thus, the state is legal. State has only loop (ID) edges. It is an “identic” state. y y z z C E Phantom doesn’t use the “C” right-hand side

  5. x R P C w R y Example Phantom #2Non-Identic Phantom • Consider this rule: R R o P Ro C • Rule means: An R edge can follow an R then a P edge, or An R edge can follow an R then a C edge w R x = w R o P x w R y = w R o C y So, this is legal The R edges are not ID self loops (not identities) Maybe show multi-recursive phantom??

  6. Some Simple Permission Rules Three simple rulesets: • R  All where All means every edge Every state is legal and constructive. • R  R Every state is legal and they are all phantoms except . • R  All  R All states are constructive. However, if we delete production (R D All) while keeping (R D R), there are phantoms.

  7. x R P y A Multi-Recursive Ruleset with Phantoms Ruleset: R R o P o R This state is a phantom. Follow R then P then R to compute R. So R is legal. But R cannot be constructed from the empty state. Multi-recursive because R depends on itself more than once.

  8. Why Are Most “Serious” Example SoP Rules Constructive? Is there a hidden assumption that causes them to be constructive? Is there an algorithm to check SoP rules for constructivity? No, it is an open question whether such an algorithm exists. But with appropriate restrictions, such an algorithm exists.

  9. Part 8.Abstract Permission Systems (APT)

  10. Abstracting Away From the Graph Basis of SoP • Some properties of SoP rulesets have little to do with the underlying structure of the state graph. • To confirm this, we will now take an abstract approach, which ignores the graph structure. • Any SoP ruleset, with a corresponding tree, can be projected to this abstract form. • Essence of this abstraction is: • Legality simply means prefixpoint of given function f • So, legality properties become properties of pfp’s • States are not necessarily graphs

  11. Fixed Points: Terminology • When x = f(x) • We say x is a fixpoint (fp) or a fixed point of function f • When x  f(x) • We say x is a prefixpoint (pfp) or a pre fixed point of function f • Some authors alternately use the term postfixpoint (post fixed point) instead of prefixpoint

  12. Basis for Abstract Permission Theory Fundamental concepts • E Finite set of elements (Abstraction of set of triples) • f : 2E 2E Permission function (Maps states to states) Derived concepts • Lf (s) =def s  f(s) Legality of state s as prefixpoint • Q =def 2E State space (abstraction of subset of triples) • States s, t, …  Q Abstraction of graphs (states) • s  t Operator on states • f =def { } Empty state, contains no triples Monotonicity not yet assumed

  13. Aside: Alternate Terminology We could use the term “well-formed” instead of “legal”, so instead of Lf(s) or L(s) we would write WFf(s) or WF(s).

  14. How to Map SoP Ruleset R with Tree T to Abstract Form • Def. Element set E consists of every every triple that can be formed with variables v from the ruleset R and with nodes N in tree T. • Def. Permission functionf is defined in terms of state s and rules set R as follows: • f(s) =def (Based on state s, compute the set of triples specified by sums, i.e., those alled by right hand sides of ruleset R)

  15. Piecewise Legality Def. Element e is legal in state s when it is member of f(s): Lf(e) =def e  f(s) Lemma. State s is legal iff all its elements are legal: Lf(s) =  e  s  Lf(e) Proof. We re-write RHS into LHS:  e  s  Lf(e) =  e  s  e  f(s) = s  f(s) = Lf(s) QED Hence, piecewise legality holds abstractly, independent of graph structure and independent of monotonicity.

  16. Three Definitions of LegalityMicroSoft PPT Bug Messes Up Format of this Slide?? Def. State t permits state s when s is a least as large as t and s contains only elements permitted by t: t  s =def t  s  f(t) 3 Legality Definitions 1. Lf (s) = s  f (s) Prefixpoint 2. L (s) =  t  t  s t permits s 3. L*(s) =  * s Constructive We will explore the relationship among these 3 kinds of legality. For most, “serious” example SoP rules: Lf(s) = L(s) = L*(s) If f is monotonic, t  s means you can legally add edges to t to make s

  17. Phantom Architectures An state (an architecture) is a phantom if it is legal, but cannot be constructed. • Constructive (s) =def * s • Phantom (s) =def Lf(s) & not constructive(s) where  is the empty state. A ruleset is constructive if all its legal states are constructive (are not phantoms).

  18. f(s) = t Ì f f f(t) = s = f When f Is Not Monotonic … Example. s = fÌ t, f(s) = t, f(t) = s, so f(t) Ì f(s) Function f not monotonic because not true that s  t  f(s)  f(t) Observe that Lf(t) = false, L(t) = true, L*(t) = true Lemma. Not true that for all f, Lf(t) = L(t) Proof. In example, Lf(t) is false, but L(t) is true Lemma. Not true that for all f, Lf(t) = L*(t) Proof. In example, Lf(t) is false, but L*(t) is true. In fact, in this case L*(t) Lf(t) is false. These results are counter intuitive if you are used to dealing with monotonic systems.

  19. f(s)  f(t)   s  t When f is Monotonic … Lemma A. If f is monotonic and there exists t such that t p s, then s is legal. Proof. The definition of t p s is: t  s  f(t) Since f is monotonic, it follows that f(t)  f(s) Hence, t  s  f(t)  f(s) Hence, s  f(s) So by definion of legality, s is legal. QED Lemma B. If f is monotonic and s is constructive, then s is legal. Proof.If s is constructive, i.e., if fp* s then there exist states s1, s2, … sn such that fp s1 p s2 … p snp s When s = f , s is legal. Otherwise snp s, in which case, by the previous lemma, s is legal. QED Since SoP is monotonic, these results apply.

  20. When f is Monotonic … Theorem. If f is monotonic Lf(s) = L(s) ie (1) s  f (s)  t  t  s  f(t) and (2)  t  t  s  f(t)  s  f (s) Proof. (1) Obvious: Let t be s. (2) Proven in previous lemma. (Follows from monotonicity, and from transitivity of  ) f(s)  f(t)   s   t

  21. SoP Rules are Monotonic, So… Corollary. In SoP systems Lf(s) = L(s) Proof. True because SoP systems are monotonic Non-SoP permission rules are not necessarly monotonic

  22. Does Ruleset R Avoid Phantoms? For a particular f or ruleset R, for all s, does Lf(s) = L*(s)? Is this always true for SoP rulesets? Phantom architecture problem: Give algorithm to decide if ruleset allows phantoms (regardless of size of ruleset or size of tree) A “solution” to the phantom architecture problem is given below

  23. Assume f is Monotonic In the rest of this section on Abstract Permission Theory, we shall assume that f is monotonic. Recall f as defined by any SoP rulesets is monotonic.

  24. Tarski-Knaster Theorem Since f is monotonic, based on  as an ordering operator, the Tarski-Knaster Theorem applies: Theorem. f(f) is a fixpoint. It is a least fixpoint. So, if f is repeatedly applied to empty state f, eventually we find a fixpoint state s = f(f), such that f(s) = s Because s is a least fixpoint, there is no t, t Ì s, such that f(t) =t

  25. fp0 fp1 t s PART0 PART1 Partitioning by Fixpoints Observation. Given monotonic f, the prefixpoints (legal states) are partitioned by f(s) , i.e., PARTi =def { s  f(s) = fpi} where fpi is the i-th fixpoint. So, s and t are in the same partition when f(s) = f(t) …etc… Note: Every prefixpoint s necessarily converges to a fixpoint f(s)

  26. t s min r t s max r Local Minimum and Maximum MicroSoft Problem: Turn “E” (exists) backwards?? Def. locmax(s) =def E r s  r p x and not E t s  s p t locmin(s) =def E t Ê s  s p t and not E r Ì s  r p s Note that these 3 are equivalent: E r s  r p x = E t Ê s  s p t = pfp(s) Lemma. • locmax(s) Û fp(s) • Each partition contains one local max (its fp). • Each partition contains one or more local min’s. Proofs are not hard, but not obvious?? Rename as pfpmax and pfpmin??

  27. fp1 fp0 PART1 PART0 min min min min f The “Shape” of Partitions For monotonic f, there are one or more partitions. Each has a single maximum (fixpoint) and one of more minima.

  28. (1b) f(t)  f(s) (1a) f(s)  f(t) f(t) f(s)  f(s)  f(t)     f(t) f2(s)    f(s)  f(t)     t f(s)   s  t  s Permission Within a Partition For monotonic f, if you follow permission edges (forward or backwards), you stay in the same partition: Def. s p0 t =def s p t or s p-1 t Theorem. If s and t are legal, s p0* t Û f(s) = f(t) Proof. (1) s p t f(s) = f(t) So, s p0* t f(s) = f(t) (2) f(s) = f(t)  s p* f(s) and f(t) p-1 * t  s p0*t Part (2) of proof should be expanded??

  29. Necessary & Sufficient Condition for Phantoms Theorem. For monotonic f, there are phantoms iff there is more than one local minimum. Proof. (1) If there is a local minimum s, besides f, then s is a phantom. (2) Suppose there is no local minimum except f. Then for any legal state s f, there exists t such that t Ì s and such that t p s. So, fp* s and so s not a phantom. Collollary. If there is more than one fixpoint, there are phantoms. If there is more than one partition, there are phantoms. Is proof clear??

  30. Do f and R exist that minimally cause phantoms? Lemma. There exists monotonic function f such that f has exactly one fp and has a phantom. Lemma. There exists monotonic function f defined by SoP ruleset by R tree T such that f has exactly one fp and has a phantom. Proof. These two lemmas will be proven by giving an example that satisfies them… Moral. Even if you know that a ruleset has only one fp, you still don’t know whether it has a phantom.

  31. s1,2 which is fp Ì Ì f f s1 s2 which is phantom Ì Ì f Proving Two Lemmas by Giving an Example Proof. Proof is by giving tree T and ruleset R thatdefine f which has 1 fp and 1 phantom. Let T be a trivial tree, consisting of a single node x. Let R be this ruleset: v1ID È v2,v2v1È v2 Tree T can have only these 2 triples (both are ID triples): V1 = (x v1 x), V2 = (x v2 x) Tree T with ruleset R has only these 4 states: f = {}, s1 = {V1}, s2 = {V2}, s1,2 = {V1, V2} State s2 is a phantom. The only fp is s1,2 . f

More Related