1 / 31

Abstract State Machines, and lessons of an ASM-based project at Microsoft

Abstract State Machines, and lessons of an ASM-based project at Microsoft. Yuri Gurevich ( Erdos #2 ) Microsoft Research. Modeling. No science without modeling The virtuous cycle Maybe even no life without modeling Physics uses PDEs for modeling. What are the PDEs of computer science? .

yamka
Download Presentation

Abstract State Machines, and lessons of an ASM-based project at Microsoft

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Abstract State Machines,and lessons ofan ASM-based project at Microsoft Yuri Gurevich (Erdos #2) Microsoft Research

  2. Modeling • No science without modeling • The virtuous cycle • Maybe even no life without modeling • Physics uses PDEs for modeling. What are the PDEs of computer science?

  3. Turing’s analysis of computation • Great • Yet limited

  4. Improving on Turing’s analysis • Emile Post • Andrei Kolmogorov“Algorithms compute in steps of bounded complexity.” • Pointer machines • Robin Gandy

  5. Another line of analysis • Recursive functionsSkolem to Gödel • Lambda calculus • Church’s thesis • Comparing the two lines

  6. A Thought Experiment • A perfect machine modelStep-for-step simulationof any algorithm • Uses: software specs, model based testing What would the model look like?

  7. Postulate 1: Sequential Time An algorithm is a transition system. • What are states? • What are transitions?

  8. States • The state is information that, given the program, determines the ensuing computation(s). • More than the values of the variables. • What is the form of states? • Or what is is?

  9. Postulate 2: Abstract State • The states are structuresin the sense of mathematical logic. • Same vocabulary • Transitions preserve the state domain. • Everything is preserved under isomorphism.

  10. What are transitions? • Deterministic or nondeterministic? • More generally,interactive or non-interactive? Let’s consider first the classical case of non-interactive algorithms.

  11. What are transitions? (cont.) • How powerful steps are? Let’s consider first the classical case of “steps of bounded complexity.” • How to bound the complexity?

  12. Locations and updates • Locations  = (f,(a1,..,aj)) Content() = f(a1,..,aj) • Updates (,v) • The update set of state X is (X) = { (,v) : v = Content() in Next(X)  Content() in X }

  13. Postulate 3: Bounded Exploration There is a finite set t1,..,tnof critical terms such that (X) = (Y) if every ValX(ti) = ValY(ti).

  14. Definition A sequential algorithm is an abstract-state bounded-exploration transition system.

  15. Sequential ASMs

  16. Example if b = 0 then d := aelse [do in-parallel] a := b b := a mod b Nullary dynamic functions: a, b, d Static functions: =, 0, mod

  17. Example (cont.) if a(s)=0 then d(s) := b(s) s := s+1 else a(s) := b(s) mod a(s) b(s) := a(s)

  18. Seq Characterization Theorem For any seq algorithm A there is a seq ASM B such thatstates of A are states of B and every NextA(X) = NextB(X). #141

  19. Interaction • The ASM model is relatively straightforward: • External functions • Choice and import operators • The from-the-first-principles analysis is not straightforward.

  20. Nondeterminsm Parallelism A = [1,3,2] A = [2,1,3] A = [1,2,3] In-place one-swap-a-time sorting var A as Seq of Integer = [3,1,2] Swap() choose i,j in Indices(A) where i<j and A(i)>A(j) A(i) := A(j) A(j) := A(i) Sort() step until fixpoint Swap() A = [2,3,1]

  21. Wide steps • Again, the ASM model is relatively straightforward • do-for-all • The from-the-first-principles analysis is not straightforward.

  22. Topological Sorting Example

  23. Distributed algorithms Distributed ASMs were defined long ago, but the axiomatization problem is wide (and maybe forever) open. To simulate, one can interleave (sets of) actions of the computing agents.

  24. Early ASM engines • ASM Workbench • Uni Paderborn, Siemens • ASM Gopher • Uni Ulm, Siemens • XASM • Uni Berlin, Kestrel

  25. AsmL creators In the hiring order: Wolfram Schulte, Margus Veanes, Colin Campbell, Lev Nachmanson, Mike Barnett, Wolfgang Grieskamp, Nikolai Tillmann

  26. FSE propaganda example Product Idea / Informal Spec What product are you building? Are you building the right product? Modeling Validation AsmL Model Refinement Verification Are you building the product right ? Implementation C, C++, C#, ...

  27. Spec Validate Enforce Comprehend Generatetest suites Play scenarios On-the-fly testing Test Lockstep runtimeverification Model check Prove properties

  28. Conformance testing Any client Discrepancies flagged I Test harness I I AsmL model Implementation under test

  29. Spec Explorer • Original purpose • Model based testing • Why model-based testing? • Arguably the largest model-based-testing operation anywhere. • Success of sorts

  30. Probability of success Coburn: (pain of crisis) divided by(pain of adoption) where pain meansperceived pain.

  31. Love triangle

More Related