OF SPECIFYING PR TRIGGERS AND...en t-Condition-Action (ECA) Rules. Chitta Baral 2 Specifying and...
26
SPECIFYING AND VERIFYING CORRECTNESS OF TRIGGERS USING DECLARATIVE LOGIC PROGRAMMING – A FIRST STEP Chitta Baral Department of Computer Science & Engg Arizona State University Tempe, Arizona, USA [email protected] http://www.public.asu.edu/∼cbaral/ (joint work with Mutsumi Nakamura) October 15, 2001
Transcript of OF SPECIFYING PR TRIGGERS AND...en t-Condition-Action (ECA) Rules. Chitta Baral 2 Specifying and...
SPEC
IFY
IN
GA
ND
VER
IFY
IN
GC
OR
REC
TN
ESS
OF
TR
IG
GER
SU
SIN
GD
EC
LA
RAT
IV
ELO
GIC
PR
OG
RA
MM
IN
G–
AFIR
ST
ST
EP
Chitta
Baral
Dep
artmen
tof
Com
puter
Scien
ce&
Engg
Arizon
aState
University
Tem
pe,
Arizon
a,U
SA
chitta@
asu.ed
uhttp
://ww
w.p
ublic.asu
.edu/∼
cbaral/
(joint
work
with
Mutsu
miN
akamura)
Octob
er15,
2001
INT
RO
DU
CT
ION
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Intro
duction
Triggers
and
activedatab
ases
•R
elational
datab
ases:a
bunch
oftab
les(relation
alin
stances)
•E
MP
Em
pId
Em
pN
ame
Dep
tNam
e27
John
Accou
nting
31M
aryA
dm
inistration
42Peter
Services
51D
oug
Accou
nting
......
...
•D
EP
TD
eptN
ame
Man
agerIdA
ccountin
g27
Service
34...
...
•Triggers:
Event-C
ondition
-Action
(EC
A)
Rules.
Chitta
Baral
2
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Intro
duction
–C
ertainupdates
toth
edatab
asetrigger
addition
alupdates
asdictated
byth
eE
CA
rules.
–A
nE
CA
rule
∗E
vent:D
eletionof
atu
ple
inth
eE
MP
table
∗C
ondition
:T
he
Em
pId
inth
attu
ple
appears
asa
Man
agerIdin
the
DE
PT
table.
∗A
ction:
Rem
oveall
such
tuples
inth
eD
EP
Ttab
le.
Chitta
Baral
3
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Intro
duction
Current
status:
DB
systems
that
have
triggersan
dth
eirusage
•A
vailable
inm
ostrecent
datab
asesystem
s:IB
MD
B2/V
2,O
racle,etc.
•B
ut
rarelyused
.
–Too
dan
gerous:
autom
aticallych
anges
other
tables.
–W
hat
isth
epurp
oseof
aset
oftriggers?
–H
owdo
we
stateth
epurp
ose?In
what
langau
ge?
–W
hat
does
itm
eanth
ata
setof
triggersis
not
dan
gerous?
–C
orrect!C
orrectw
ithresp
ectto
whar?
–N
eedto
be
able
tosp
ecifyth
epurp
ose.
–N
eedto
be
able
toform
ulate
the
notio
nofcorrectn
essofa
setof
triggers
with
respect
toa
specifi
cation.
–N
eedto
be
able
toverify
the
correctness.
Chitta
Baral
4
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Intro
duction
–It
wou
ldbe
greatif
certaintriggers
could
be
autom
aticallygen
eratedfrom
the
specification
.
Chitta
Baral
5
SE
MA
NT
ICS,SP
EC
IFIC
AT
ION
,A
ND
CO
RR
EC
TN
ESS
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Sem
antics,
Specifi
cation,an
dC
orrectness
Evolu
tionof
adatab
asedue
toupdates
and
triggers
•U
pdates
and
actions:
Insert
atu
ple,
delete
atu
ple,
mod
ifyor
update
atu
ple.
•Sem
antics:A
function
ΨT
fromstates
and
actionsequ
ences
toa
sequen
ceof
states.
•Ψ
T(σ
,α)
isth
esequ
ence
ofdatab
asestates
recordin
ghow
the
datab
asew
ould
evolvew
hen
asequ
ence
ofaction
sα
isexecu
tedin
σin
presen
ceof
the
setof
triggersT
.
•N
otations:
–σ
α :den
otesth
elast
stateof
the
evolution
givenby
Ψ(σ
,α).
–σ
(α1 ,α
2 ) :den
otesth
elast
stateof
the
evolution
givenby
Ψ(σ
α1 ,α
2 )
–W
esim
ilarlydefin
eσ
(α1 ,...,α
i )
–σ
α ,σ(α
1 ,α2 ) ,...
isa
sequen
ceof
quiescen
tstates.
Chitta
Baral
7
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Sem
antics,
Specifi
cation,an
dC
orrectness
Specification
ideas
•Fou
rkin
ds:
stateinvarian
cecon
straints;state
mainten
ance
constraints
(orqu
iescentstate
constraints);
trajectory
invariance
constraints;
and
trajectory
mainten
ance
constraints.
•Invarian
cevs
mainten
ance:
Invariance
constraints
areab
out
allstates
ofth
edatab
ase,w
hile
the
mainten
ance
constraints
focus
only
onth
equ
iescentstates.
•A
state
constra
intγ
son
adatab
asesch
eme
R,is
afu
nction
that
associatesw
itheach
datab
aser
ofR
aboolean
value
γs (r).
Adatab
aser
ofR
issaid
tosa
tisfyγ
sif
γs (r)
istru
e.
•A
trajecto
ryco
nstra
intγ
ton
adatab
asesch
eme
R,is
afu
nction
that
associatesw
itheach
datab
asesequ
ence
Υof
Ra
boolean
value
γt (Υ
).A
datab
asesequ
ence
Υof
Ris
saidto
satisfy
γtif
γt (Υ
)is
true.
Chitta
Baral
8
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Sem
antics,
Specifi
cation,an
dC
orrectness
•T
he
specification
inou
rexam
ple:
“For
anytu
ple
tin
the
DE
PT
table,
there
must
be
atu
ple
t′in
the
EM
Ptab
lesu
chth
att.M
anager
Id
=T′.E
mpId”
istru
ein
allqu
iescentstates.
(atra
jectorym
aintenan
cecon
straint)
Chitta
Baral
9
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Sem
antics,
Specifi
cation,an
dC
orrectness
Defin
itionof
correctness
Let
Γsi
be
aset
ofstate
invariantcon
straints,Γ
smbe
aset
ofstate
mainten
ance
constraints,
Γti
be
aset
oftra
jectoryinvariant
constraints,
Γtm
be
aset
oftra
jectorym
aintenan
cecon
straints,A
be
aset
ofexogen
ous
actions,
and
Tbe
aset
ofE
CA
rules.
We
sayT
iscorrect
with
respect
toΓ
si ∪Γ
sm∪
Γti ∪
Γtm
and
A,if
forall
datab
asestates
σw
here
the
constraints
inΓ
sian
dΓ
smhold
,an
daction
sequen
cesα
1 ,...,αn
consistin
gof
exogenou
saction
sfrom
A,
•all
the
statesin
the
sequen
cesΨ
(σ,α
1 ),Ψ
(σα
1 ,α2 ),
...,Ψ
(σ(α
1 ,...,αn−
1 ) ,αn )
satisfyth
econ
straintsin
Γsi ;
•all
the
statesσ
α1 ,...,σ
(α1 ,...,α
n)satisfy
the
constraints
inΓ
sm;
•th
etra
jectoryob
tained
bycon
catenatin
gΨ
(σ,α
1 )w
ithΨ
(σα
1 ,α2 ),
...,Ψ
(σ(α
1 ,...,αn−
1 ) ,αn )
satisfyth
econ
straintsin
Γti ;
and
•th
etra
jectoryσ,σ
α1 ,...,σ
(α1 ,...,α
n)satisfies
the
constraints
inΓ
tm.
Chitta
Baral
10
USIN
GD
LP
FO
RSP
EC
IFIC
AT
ION
,SIM
ULA
TIO
NA
ND
VE
RIF
ICA
TIO
N
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
Declarative
Logic
Program
min
g(D
LP
)
•A
DLP
isa
collectionof
rules
ofth
eform
a0←
a1 ,...,a
m,not
am
+1 ,...,
not
an
where
ai ’s
areatom
s.
•Intu
itivem
eanin
g:if
a1...a
mare
true
and
am
+1...a
ncan
be
assum
edto
be
falseth
ena
0m
ust
be
true.
•Sem
antics:G
ivenin
terms
ofan
swer
sets.
Chitta
Baral
12
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
An
illustration
:th
edatab
asesch
ema
and
the
specification
•T
he
schem
a
purch
ase(p
urch
aseid
,client,a
mount).
paym
ent(p
aym
entid
,client,a
mount).
acco
unt(clien
t,cred
it,statu
s).
The
underlin
edattrib
utes
areth
eprim
arykeys
and
the
attribute
clientin
the
relationspurch
ase
and
paym
ent
isa
foreignkey
with
respect
toth
erelation
acco
unt.
The
relationpurch
ase
records
the
purch
asehistory
ofclients
and
the
relationpaym
ent
records
the
paym
enthistory
ofclients.
The
relationacco
unt
storesth
eavailab
lecred
itfor
eachclient
and
their
credit
status.
•A
llowab
leexogen
ous
actions:
addition
oftu
ples
toth
epurch
ase
and
paym
ent
relations
forexistin
gclients.
Chitta
Baral
13
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
•State
mainten
ance
constraints:
1.For
eachclient
cw
hich
appears
ina
tuple
ain
the
relationacco
unt:
ifa.cr
edit
<3K
then
a.sta
tus
=ba
d,an
dif
a.cr
edit≥
3Kth
ena.sta
tus
=good.
2.For
eachclient
cw
hich
appears
ina
tuple
ain
the
relationacco
unt:
a.cr
edit
is5K
minu
sth
esu
mof
allth
epurch
aseam
ounts
forc
plu
sth
esu
mof
allth
epaym
entam
ounts
forc.
Chitta
Baral
14
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
•Triggers:
–Trigger
1:W
hen
atu
ple
pis
added
toth
epurch
ase
relation,th
enth
etu
ple
ain
the
relationacco
unt
such
that
p.clien
t=
a.clien
tis
updated
soth
atth
eupdated
a.cr
edit
has
the
value
obtain
edby
subtractin
gp.a
mount
fromth
eold
a.cr
edit.
–Trigger
2:W
hen
atu
ple
ain
the
relationacco
unt
isupdated
such
that
a.cr
edit
isless
than
3Kth
ena
isfu
rther
updated
such
that
a.sta
tus
has
the
value
“bad
”.
–Trigger
3:W
hen
atu
ple
p′is
added
toth
epaym
ent
relation,th
enth
etu
ple
ain
the
relationacco
unt
such
that
p′.clien
t=
a.clien
tis
updated
soth
atth
eupdated
a.cr
edit
has
the
value
obtain
edby
addin
gp′.a
mount
toth
eold
a.cr
edit.
–Trigger
4:W
hen
atu
ple
ain
the
relationacco
unt
isupdated
such
that
a.cr
edit
ism
oreth
anor
equal
to3K
then
ais
furth
erupdated
such
that
a.sta
tus
has
the
value
“good”.
Chitta
Baral
15
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
Agen
eralm
ethod
ologyan
dan
illustration
•Step
1:R
epresentin
gth
ein
itialstate
(Πin )
hold
s(purch
ase(1,a
,3),1).hold
s(purch
ase(2,b,5),1).
hold
s(paym
ent(1,a
,1),1).hold
s(paym
ent(2,b,1),1).
hold
s(acco
unt(a
,3,good),1).
hold
s(acco
unt(b,1,ba
d),1).
hold
s(acco
unt(c,5,g
ood),1).
Chitta
Baral
16
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
•Step
1’:E
num
erating
the
possib
lein
itialstates
(Πen
um
in
hold
s(purch
ase(X
,Y,Z
),1)←
iddom
(X),cn
am
edom
(Y),a
mount(Z
),not
nhold
s(purch
ase(X
,Y,Z
),1).n
hold
s(purch
ase(X
,Y,Z
),1)←
iddom
(X),cn
am
edom
(Y),a
mount(Z
),not
hold
s(purch
ase(X
,Y,Z
),1).hold
s(paym
ent(X
,Y,Z
),1)←
iddom
(X),cn
am
edom
(Y),a
mount(Z
),not
nhold
s(paym
ent(X
,Y,Z
),1).n
hold
s(paym
ent(X
,Y,Z
),1)←
iddom
(X),cn
am
edom
(Y),a
mount(Z
),not
hold
s(paym
ent(X
,Y,Z
),1).hold
s(acco
unt(X
,Y,Z
),1)←
cnam
edom
(X),a
mount(Y
),statu
s(Z),
not
nhold
s(acco
unt(X
,Y,Z
).
Chitta
Baral
17
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
nhold
s(acco
unt(X
,Y,Z
),1)←
cnam
edom
(X),a
mount(Y
),statu
s(Z),
not
hold
s(acco
unt(X
,Y,Z
).
←m
ain
tco
nstr(C
),vio
lated
(C,1).
•Step
2:A
ctionoccu
rrence
inth
ein
itialstate
(Πocc ):
occu
rs(in
s,purch
ase(5,c,5),1).
•Step
2’:E
num
erating
the
initial
exogenou
saction
s(Π
enum
occ
)
not
initia
lly(X
,Y)←
initia
lly(U
,V),U6=
X.
not
initia
lly(X
,Y)←
initia
lly(U
,V),
not
sam
e(Y,V
).in
itially
(X,Y
)←
possible(X
,Y),
not
not
initia
lly(X
,Y).
sam
e(purch
ase(X
,Y,Z
),purch
ase(X
,Y,Z
))←
iddom
(X),cn
am
edom
(Y),a
mount(Z
).sa
me(p
aym
ent(X
,Y,Z
),paym
ent(X
,Y,Z
))←
iddom
(X),cn
am
edom
(Y),a
mount(Z
).sa
me(a
ccount(X
,Y,Z
),acco
unt(X
,Y,Z
))←
cnam
edom
(X),a
mount(Y
),statu
s(Z).
Chitta
Baral
18
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
occu
rs(X
,Y,1)←
initia
lly(X
,Y).
•Step
3:E
ffect
ofaction
san
din
ertia(Π
ef )
hold
s(F,T
+1)←
occu
rs(in
s,F,T
),execu
table(in
s,F,T
).hold
s(G,T
+1)←
occu
rs(u
pd,F
,G,T
),execu
table(u
pd,F
,G,T
).
ab(F
,T+
1)←
occu
rs(d
el,F,T
),execu
table(d
el,F,T
).ab(F
,T+
1)←
occu
rs(u
pd,F
,G,T
),execu
table(u
pd,F
,G,T
).
hold
s(F,T
+1)←
hold
s(F,T
),occu
rred
(T),
not
ab(F
,T+
1).
•Step
4:E
xecutab
ility(Π
ex )
execu
table(in
s,purch
ase(X
,Y,W
),T)←
.ex
ecuta
ble(del,p
urch
ase(X
,Y,W
),T)←
hold
s(purch
ase(X
,Y,W
),T).
execu
table(in
s,paym
ent(X
,Y,Z
),T)←
.ex
ecuta
ble(del,p
aym
ent(X
,Y,Z
),T)←
hold
s(paym
ent(X
,Y,Z
),T).
execu
table(in
s,acco
unt(X
,Y,Z
),T)←
.ex
ecuta
ble(del,a
ccount(X
,Y,Z
),T)←
hold
s(acco
unt(X
,Y,Z
),T).
Chitta
Baral
19
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
execu
table(u
pd,a
ccount(X
,Y,Z
),acco
unt(X
,Y,Z
2),T)←
hold
s(acco
unt(X
,Y,Z
),T).
execu
table(u
pd,a
ccount(X
,Y,Z
),acco
unt(X
,Y2,Z
),T)←
hold
s(acco
unt(X
,Y,Z
),T).
•Step
5:Trigers
(Πtr )
occu
rs(d
el,acco
unt(Y
,B,S
),T+
1)←
hold
s(acco
unt(Y
,B,S
),T),
occu
rs(in
s,purch
ase(X
,Y,W
),T).
occu
rs(in
s,acco
unt(Y
,B−
W,S
),T+
1)←
hold
s(acco
unt(Y
,B,S
),T),
occu
rs(in
s,purch
ase(X
,Y,W
),T).
occu
rs(d
el,acco
unt(X
,Y,S
),T+
1)←
Y<
3,S=
good,
occu
rs(in
s,acco
unt(X
,Y,S
),T).
occu
rs(in
s,acco
unt(X
,Y,ba
d),T
+1)←
Y<
3,S=
good,
occu
rs(in
s,acco
unt(X
,Y,S
),T).
Chitta
Baral
20
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
occu
rs(d
el,acco
unt(Y
,B,S
),T+
1)←
hold
s(acco
unt(Y
,B,S
),T),
occu
rs(in
s,paym
ent(X
,Y,W
),T).
occu
rs(in
s,acco
unt(Y
,B+
W,S
),T+
1)←
hold
s(acco
unt(Y
,B,S
),T),
occu
rs(in
s,paym
ent(X
,Y,W
),T).
occu
rs(d
el,acco
unt(X
,Y,S
),T+
1)←
Y≥
3,S=
bad,
occu
rs(in
s,acco
unt(X
,Y,S
),T).
occu
rs(in
s,acco
unt(X
,Y,g
ood),T
+1)←
Y≥
3,S=
bad,
occu
rs(in
s,acco
unt(X
,Y,S
),T).
•Step
6:
Identifyin
gqu
iescentstates
(Πqu )
occu
rred
(T)←
occu
rs(in
s,F,T
).occu
rred
(T)←
occu
rs(d
el,F,T
).occu
rred
(T)←
occu
rs(u
pd,F
,G,T
).occu
rs
after(T
)←
occu
rred
(TT
),T<
TT
.quiescen
t(T+
1)←
occu
rred
(T),
not
occu
rs
after(T
).
Chitta
Baral
21
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
•Step
7:D
efinin
gdom
ains
(Πdom
)
flu
ent(p
urch
ase(X
,Y,W
))←
iddom
(X),cn
am
edom
(Y),a
mount(W
).flu
ent(p
aym
ent(X
,Y,Z
))←
iddom
(X),cn
am
edom
(Y),a
mount(Z
).flu
ent(a
ccount(X
,Y,Z
))←
cnam
edom
(X),a
mount(Y
),statu
s(Z).
•Step
8:Specification
(Πco
ns )
paym
ent
tota
l(C,S
um
,T)←
time(T
),cnam
edom
(C),
Sum
[hold
s(paym
ent(X
,C,Y
),T)
:id
dom
(X)
:am
ount(Y
)]Sum
.
purch
ase
tota
l(C,S
um
,T)←
time(T
),cnam
edom
(C),
Sum
[hold
s(purch
ase(X
,C,Y
),T)
:id
dom
(X)
:am
ount(Y
)]Sum
.
Chitta
Baral
22
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
vio
lated
(c2,T)←
cnam
edom
(C),p
aym
ent
tota
l(C,S
um
1,T),
purch
ase
tota
l(C,S
um
2,T),h
old
s(acco
unt(C
,Cr,S
tatu
s),T),
Cr6=
5−
Sum
2+
Sum
1.
vio
lated
(c1,T)←
cnam
edom
(C),
hold
s(acco
unt(C
,Cr,g
ood),T
),Cr
<3.
vio
lated
(c1,T)←
cnam
edom
(C),
hold
s(acco
unt(C
,Cr,ba
d),T
),Cr≥
3.
not
correct←
main
tco
nstr(X
),quiescen
t(T),v
iola
ted(X
,T).
correct←
not
not
correct.
weig
ht
hold
s(paym
ent(X
,C,Y
),T)
=Y
.w
eight
hold
s(purch
ase(X
,C,Y
),T)
=Y
.
•T
heorem
1:Π
in∪
Πef∪
Πocc∪
Πex∪
Πtr∪
Πqu∪
Πdom∪
Πco
ns|=
smodels
correct
•T
heorem
2:Π
enum
in∪
Πef∪
Πen
um
occ∪
Πex∪
Πtr∪
Πqu∪
Πdom∪
Πco
ns|=
smodels
correct
Chitta
Baral
23
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
Next
Step
s:som
ein
the
pap
er
•M
oregen
eralcon
straints;tem
poral
constru
cts.
•V
arious
execution
mod
els.(d
eferred,im
med
iate)
•In
ferring
events.
•M
orecom
plicated
triggers.
•A
utom
aticgen
erationof
triggers.(b
eforetriggers;
aftertriggers.)
Chitta
Baral
24
Specif
yin
gand
verif
yin
gcorrectness
of
trig
gers
Usin
gD
LP
forsp
ecification
,sim
ulation
and
verification
Con
clusion
•A
ctiveru
les(triggers)
arenecessary
inupdatin
gdatab
asesas
operators
do
not
necessarily
know
abou
tth
einterrelation
ship
associatedw
itha
datab
ase.
•B
ut
they
may
me
dan
gerous
unless
we
make
sure
that
they
arein
some
sense
“correct”.
•W
ediscu
ssedhow
tosep
cifyth
epurp
oseof
aset
oftriggers;
and
what
itm
eans
bya
setof
triggersto
be
correctw
ithresp
ectto
asp
ecification.
•W
esh
owed
how
touse
declarative
logicprogram
min
gin
simulatin
gtriggers
and
verifying
their
correctness.
•E
xhau
stiveverification
may
takea
long
time,
sow
em
aydo
selectiveverification
.
Chitta
Baral
25
