Quartz (Averest)

Quartz Module

Namespace: TeachingTools
Assembly: TeachingToolsLib.dll

This module first implements functions and data types for generating an extended finite state machine for a given Quartz program (without module calls). Furthermore, functions to generate verification conditions are provided which are based on induction on the EFSM states and strongly connected components.

Types

Type	Description
FrontSOS	FrontSOS holds the result of a single symbolic rule application of the SOS rules, i.e., of a single macro step of a statement S. The meaning of the components are as follows: rsdStmts is a set of triples (phi,lbls,S') such that statement S' would have to be executed in the next step if now phi holds. S' is thereby resumed from the control flow labels lbls. If statement S instantaneously terminates, rsdStmts is an empty set. surfActs are guarded actions that belong to the surface of S. instantC is the condition for instantaneous execution of S. transfer holds the information to select the right reincarnations of the local variables (see documentation of Transfer). substLVs is the final renaming of the local variables of S. labels is the set of labels that occur in statement S. Note that he disjunction of the path conditions in rsdStmts is the negation of the instant predicate instantC. The enter predicate can also be constructed as a kind of disjunction of the rsdStmts that tells us under which condition phi we enter a residual statement S'.
NodeOfEFSM	NodeOfEFSM holds the data stored for one state of the EFSM generated by function ComputeStateTrans. An EFSM is an array of such nodes, so that every node has its own index in the array. The initial node always has index 0. The contents of the record NodeOfEFSM is as follows: sccIndex is the index of the SCC of this node; this is also the index of the node reached first by the traversal in the same SCC. labels is the set of control flow labels that hold in the node. thisStmt is the Quartz statement associated with the node. rsdStmts is a set of pairs (phi,i) which mean that if condition phi holds now, a transition to EFSM node i will take place. surfActs is the set of guarded actions that are executed in this state. transfer maps each QName of a local variable to its transfer incarnations to determine their reaction to absence. instantC holds iff thisStmt instantaneouly terminats; it is the disjunction of the path conditions in rsdStmts.
VerifCond	VerifCond is a verification condition that refers to a SCC of the EFSM. The SCC is named with its index sccIndex, and isInductStep is true if the verification condition is an induction step, and otherwise false. path is then the path considered for this verification condition, and paths are pairs (s{0},[(phi{0},s{1}),...,(phi{N},s{N+1})]) which are just pair (s{0},[(phi{0},s{1})]) in case of induction steps. Also, the invariant used is mentioned, and most important of all, the finally generated verification condition as the proof Goal.

Functions and values

Function or value	Description
`AddSinkState efsm` Full Usage: `AddSinkState efsm` Parameters: efsm : `NodeOfEFSM[]` Returns: `NodeOfEFSM[]`	As generated by function ComputeStateTrans, an EFSM might have states where the execution CAN be instantaneous, i.e., where the program CAN terminate under some conditions, where under other conditions, there might be further successor states. Function AddSinkState adds a new state with a self-loop as single outgoing transitions such that this new sink state is reached by all the states of the EFSM under their instantC conditions. efsm : `NodeOfEFSM[]` Returns: `NodeOfEFSM[]`
`ComputePathsForVCs efsm` Full Usage: `ComputePathsForVCs efsm` Parameters: efsm : `NodeOfEFSM[]` Returns: `Map<int, Set<int * (BoolExpr * int) list>> * Map<int, Set<int * BoolExpr * int>>`	ComputePathsForVCs is used to compute the paths reaching SCCs and the transitions inside SCCs which are both needed to set up verification conditions for the EFSM. The result is a pair (pathsToSCC,insdSCC) where pathsToSCC is a map where for each SCC index i pathsToSCC[i] is a set of paths leading from other SCCs or the initial state to that SCC. A path is thereby a pair (s{0},[(phi{0},s{1}),...,(phi{N},s{N+1})]). Similarly, insdSCC is a map where insdSCC[i] is the set of transitions that move inside SCC i, where a transition is a triple (s,phi,s'). efsm : `NodeOfEFSM[]` Returns: `Map<int, Set<int * (BoolExpr * int) list>> * Map<int, Set<int * BoolExpr * int>>`
`ComputeStateTrans withCF s` Full Usage: `ComputeStateTrans withCF s` Parameters: withCF : `bool` s : `Stmt` Returns: `NodeOfEFSM[]`	ComputeStateTrans applies FrontTrans during a depth first traversal over the control flow graph (the EFSM) of a given Quartz module. The function also determines indices of the states as the number that was used during the state traversal. Moreover, as done by Tarjan's algorithm, it determines via the sccIndex the index of the root of the first state reached of each state's SCC. This way, it also enumerates the SCCs of the graph. The result is an array of NodeOfEFSM records. withCF : `bool` s : `Stmt` Returns: `NodeOfEFSM[]`
`EFSM2Dot ostr writeStmt writeGAs writeTransfers efsm` Full Usage: `EFSM2Dot ostr writeStmt writeGAs writeTransfers efsm` Parameters: ostr : `TextWriter` writeStmt : `bool` writeGAs : `bool` writeTransfers : `bool` efsm : `NodeOfEFSM[]`	EFSM2Dot writes an EFSM as computed by ComputeStateTrans to a dot-file for viewing the EFSM. Using the parameters writeStmt and writeTransfers, one can determine whether the statements are written in the nodes and whether the transfer actions are written in the nodes. ostr : `TextWriter` writeStmt : `bool` writeGAs : `bool` writeTransfers : `bool` efsm : `NodeOfEFSM[]`
`FrontTrans withCF depth rho strt prmt lbl stmt` Full Usage: `FrontTrans withCF depth rho strt prmt lbl stmt` Parameters: withCF : `bool` depth : `int` rho : `Substitution` strt : `BoolExpr` prmt : `BoolExpr` lbl : `Set<QName>` stmt : `Stmt` Returns: `FrontSOS`	FrontTrans computes for a given Quartz statement stmt the first reaction by means of the SOS rules. It requires the depth of a reincarnation (number of loop nests), a renaming of local variables rho, the condition to start the execution (both control and dataflow) strt, and a condition prmt to indicate a weakly preempted start. If both strt and prmt are true, then we only compute the dataflow actions, since the statement is not entered, and only the surface actions have to be collected. In other words: strtDF:=strt triggers the dataflow, and strtCF:=strt&!prmt triggers the entering of the control flow. To implement the meaning of immediate suspend statements as done by the translation to guarded actions, we furthermore provide an argument lbl that should contain the currently active control flow labels. If the suspension condition should hold, guarded actions will be generated that hold it at the current labels, instead of entering the label of the immediate suspend (which will be done if lbl should be empty). The function finally computes a record of type FrontSOS. withCF : `bool` depth : `int` rho : `Substitution` strt : `BoolExpr` prmt : `BoolExpr` lbl : `Set<QName>` stmt : `Stmt` Returns: `FrontSOS`
`HighlightKeywords s` Full Usage: `HighlightKeywords s` Parameters: s : `string` Returns: `string`	s : `string` Returns: `string`
`ImmediateSuspLabels` Full Usage: `ImmediateSuspLabels` Returns: `Map<QName, Set<QName>> ref`	Returns: `Map<QName, Set<QName>> ref`
`MkVerifConds efsm specL` Full Usage: `MkVerifConds efsm specL` Parameters: efsm : `NodeOfEFSM[]` specL : `seq<BoolExpr * Map<int, BoolExpr>>` Returns: `VerifCond[]`	Generate the verification conditions for an EFSM; it is assumed that the EFSM has no deadend states, i.e., all states have successor states under all conditions. One has to apply function AddSinkState to achieve this in general. efsm : `NodeOfEFSM[]` specL : `seq<BoolExpr * Map<int, BoolExpr>>` Returns: `VerifCond[]`
`ParseInvariantsFromFile decls invFile` Full Usage: `ParseInvariantsFromFile decls invFile` Parameters: decls : `Map<QName, Decl>` invFile : `string` Returns: `(BoolExpr * Map<int, BoolExpr>) list`	Parse invariants from a text file provided by the user. The result is a list of pairs (phi,invM) where phi is a safety property to be proved, and invM is a map that maps SCC indices to the invariants that are to be used for an induction proof for that SCC. decls : `Map<QName, Decl>` invFile : `string` Returns: `(BoolExpr * Map<int, BoolExpr>) list`
`PrintVerifCond vc` Full Usage: `PrintVerifCond vc` Parameters: vc : `VerifCond`	PrintVerifCond prints a verification condition to Console.out vc : `VerifCond`
`QuartzKeywords` Full Usage: `QuartzKeywords` Returns: `string list`	Returns: `string list`
`QuartzTool qscoll` Full Usage: `QuartzTool qscoll` Parameters: qscoll : `NameValueCollection`	QuartzTool is the function to be called from the web page; it expects the following key/value pairs: QuartzModule: should contain a Quartz module withCF: writeStmt: writeTransfers: a value string Quartz module for key qscoll : `NameValueCollection`
`SuspStatementsFrontTrans` Full Usage: `SuspStatementsFrontTrans` Returns: `Map<(int * Substitution * BoolExpr * BoolExpr * Set<QName> * Stmt), FrontSOS> ref`	Function FrontTrans generates new labels for the suspend statements, since these are converted to immediate suspend statements. If the suspend statements occur in a loop body, this may end up in an infinite loop generating always new labels. To avoid this, we remember once made computations of suspend statements and return them with the already existing labels. Returns: `Map<(int * Substitution * BoolExpr * BoolExpr * Set<QName> * Stmt), FrontSOS> ref`
`getCompilationResult qm` Full Usage: `getCompilationResult qm` Parameters: qm : `QModule` Returns: `BoolExpr * BoolExpr * BoolExpr * (BoolExpr * Action) list * (BoolExpr * Action) list * (BoolExpr * Action) list * (BoolExpr * Action) list`	use the Quartz compiler to compile the given module to guarded actions and expand the abbreviations for the compilation context and the guarded actions for printing; the result are the predicates inst,insd,term and the guarded actions for srfcCntr,srfcData,depthCntr,depthData. qm : `QModule` Returns: `BoolExpr * BoolExpr * BoolExpr * (BoolExpr * Action) list * (BoolExpr * Action) list * (BoolExpr * Action) list * (BoolExpr * Action) list`
`printCompileResults (inst, insd, term, srfcCntr, srfcData, depthCntr, depthData)` Full Usage: `printCompileResults (inst, insd, term, srfcCntr, srfcData, depthCntr, depthData)` Parameters: inst : `'a` insd : `'b` term : `'c` srfcCntr : `GrdAction list` srfcData : `GrdAction list` depthCntr : `GrdAction list` depthData : `GrdAction list`	print the compilation results of function getCompilationResult in html inst : `'a` insd : `'b` term : `'c` srfcCntr : `GrdAction list` srfcData : `GrdAction list` depthCntr : `GrdAction list` depthData : `GrdAction list`
`simpBool phi` Full Usage: `simpBool phi` Parameters: phi : `BoolExpr` Returns: `BoolExpr`	simpBool computes a DNF of a given boolean formula. It is used to simplify path conditions of the EFSM to also detect inconsistencies. Nevertheless, some inconsistent path conditions will remain since the overall problem of checking inconsistency is undecidable (and NP-complete for boolean data types). phi : `BoolExpr` Returns: `BoolExpr`