Download - Games for Static Ambient Logic Giorgio Ghelli joint work with Anuj Dawar and Philippa Gardner.

Games for Static Ambient

Logic

Giorgio Ghellijoint work with

Anuj Dawar and Philippa Gardner

A Game-Based Proof of Adjunct Elimination

in SL(H)

Giorgio Ghellijoint work with

Anuj Dawar and Philippa Gardner

April 2004 Giorgio Ghelli - Games for a Spatial Logic 3

Spatial logics Bunched Implication (Pym, O’Hearn, LICS’99, BSL’99, CSL’99):

[HE, F] [H, E-F] and [HE, F] [H, EF] Separation Logics (O’Hearn, Reynolds, Yang, Calcagno, MPCS’99,

POPL’01, CSL’01, LICS’02): Properties of Heaps, Hoare Triples {emp x=2} x=cons(1,2) {2 ,57 1,2}

Ambient Logic (Cardelli, Gordon, Caires, DBPL’99, POPL’00): Talking about the evolution of mobile ambients P \ mQ(n)n[0]

Spatial (Static) Ambient Logic (and Graph Logic) (Cardelli, Gordon, Gardner, Ghelli, DBPL’99, ESOP’01, ICALP’02):

Talking about trees and graphs P \ .Paper[.Author[Cardelli]]


Applications TQL:

from $DB |= .Paper[ Author[G] | Title[$t] ]select PaperByG[ $t ]

from $DB |= not .Paper[not .Title[True]] Andnot exists $X. ( Paper[Title[$X]] | Paper[Title[$X]] )

select TitleIsAKey


Applications XMLSchema-like Types

m[φ]*: 0 m[φ] m[φ]|m[φ] …. $DB \ Paper[ Author[T]*

| (Journal[T] Conference[T])

| (Year[T] 0) ]*

Types and constraints can be used to rewrite queries


Quantifying over names Quantifying over public names:

x. .paper[.author[x]] | .paper[.author[x]]

Quantifying over hidden names Hidden names:

(x)(paper[id[x]|…] | paper[cites[x]|…] ] There is a dangling pointer in F:

F Hx. (.paper.cites[x] .paper.id[x])


Adjuncts Mixin types:

F \ φ ψ G \ φ F | G \ ψ

Adjunct property: φ ξ [ ψ 45 φ [ ξ ψ φ | ξ [ ψ 45 φ [ ξ f ψ


Power of the Adjunct Without adjunct:

Model-checking with PSPACE (T, φ T \ φ?) Validity undecidable (φ T. T \ φ?)

With adjuncts: Model-checking the adjunct decides validity:

0 \ True φ F \ True F|0 \ φ forall F. F \ φ

Hence, model-checking is undecidable Wow, is powerful


Lozes result (July 2003) Lozes, adjunct elimination:

Consider L(0,|,[],H,) (actually, L(H,©, ,…)) For any sentence φ of L(0,|,[],H,) an

equivalent ψ exists which uses no adjunct (φ ~ ψ def forall T. T \ φ T \ ψ)

Ghelli and Conforti: Model-checking of L(0,|,[],H,) is undecidable Model-checking of L(0,|,[],H) is decidable

As a consequence: Adjuncts elimination cannot be computable!


Let’s play games Rules of the game:

Two boards (big, quite similar) and a rank (bag of moves)

Spoiler wants to prove them different, Duplicators says they are similar enough


How spoiler wins a game The rank: 2 | moves, one 0 move The boards (T,U)

n1[] | n2[] | n3[] | n4[] vs. n1[] | n2[] | n3[]

The game n1[] | n2[] | n3[] | n4[] vs. n1[] | n2[] | n3[]

n1 n2 n3 n4 n1 n2 n3n3 n4n3


Spoiler loses a game The rank: k split (|) moves, j m[] moves,

one 0 move The boards (T,U)

m1[]|…|m2**(k)[] m1[]|…|m2**(k)+1[] The invariant:

Either T = U, or they differ by one and are bigger than 2**(k+j)


The H move The boards:

(m) m[m[]] vs. (n1,n2) n2[n1[]]

H move Spo: xq, {q/m} Dup: {q/n2}

q[q[]] vs. (n1) q[n1[]]

x[] move: q[] vs. (n1) n1[]

x[] move: Spoiler wins


The adjunct move Spoiler adds T’ to one board (say, T) Duplicator adds U’ to the other board U Spoiler chooses whether to go on with:

T’ vs. U’ T|T’ vs. U|U’

Adjunct elimination proof in one sentence Why should Spoiler play the useless adjunct

move?


To sum up Given a formula in L(0,|,[],H,), there is no

computable way of getting rid of But, given a strategy in Games(0,|,[],H,),

getting rid of is extremely easy Now we know why! Oh, by the way, you cannot eliminate

from L(0,|,[],,)…