Difference between revisions of "Extending the Proof Obligation Generator(How to extend Rodin Tutorial)"

From Event-B
Jump to navigationJump to search
imported>Pascal
imported>Pascal
Line 6: Line 6:
 
The question here is "'''What needs to be mathematically proved with these newly added elements in hands?'''".
 
The question here is "'''What needs to be mathematically proved with these newly added elements in hands?'''".
  
We will study here the case of the ''BFN'' proof obligation, which is described in the paper. This PO overrides the FIN proof obligation. Thus, we will see in this section how to:
+
We will study here the case of the ''BFN'' proof obligation, which is described in the paper. This PO overrides the ''FIN'' PO. Thus, we will see in this section how to:
* Remove the FIN PO, which is generated by default.
+
* Remove the ''FIN'' PO, which is generated by default.
 
* Add our new ''BFN'' PO.
 
* Add our new ''BFN'' PO.
  

Revision as of 16:12, 7 September 2010

In this part

We will see how to create proof obligations (PO) for the machines relatively to our extensions for Probabilistic Reasoning and after having statically checked these machines. The latter operation is the first part of the proof obligation generation as the proof obligation generator (POG) takes statically checked files as input. One will notice that the provided architecture for static checking is really similar to the one for proof obligation generation. Thus, it can be useful for the reader to understand well the previous part of this tutorial, as we will not repeat all the ideas shared by the both processes. The question here is "What needs to be mathematically proved with these newly added elements in hands?".

We will study here the case of the BFN proof obligation, which is described in the paper. This PO overrides the FIN PO. Thus, we will see in this section how to:

  • Remove the FIN PO, which is generated by default.
  • Add our new BFN PO.

Principles

1. To extend the POG in order to add some POs that have to be discharged, define a proof obligation processor module using the extension point org.eventb.core.pogModuleTypes.
2. Then, set up a configuration involving these modules and giving them a hierarchy. This is done exactly the same way as for creating a static checker configuration.
3. Finally, add this POG configuration to the default one, so the proof obligation generation can be performed.

We will here show how to generate one PO. We will add the PO named BFN to ensure that the Bound is a natural number or is finite. It will be generated once for all for the machine taken into account. Moreover, this PO overrides the default FIN PO which is generated if a convergent event (with the associated variant) is present in the model. If a probabilistic event is in the machine, we want to create our BFN PO, thus we have to remove the FIN PO.

In step 1, we will explain how to create our PO BFN using information in the state repository, we will add it in step 2, and then in step 3 we will create a filter to remove the PO FIN if our machine contains a probabilistic event.

Step 1 : Adding POG modules

As we know that the POG takes its input from the static checker, the presence of a statically checked bound (ISCBound) in the statically checked model, means that one aims to prove the probabilistic convergence of this model. Thus, this information shall be shared throught our hierachy of POG modules, as it triggers the operations they could perform.

We will anticipate using this information (stored in a IPOGState) to create the BFN proof obligation :

From the extension point org.eventb.core.pogModuleTypes, create a processorModule extension to implement our first PO generation process using a POG processor :
As for a static checker module,
1. give the module an id (here fwdMachineBoundModule),
2. a human readable name (here "Machine POG Forward Bound Module"),
3. register a parent in the hierarchy of modules (here we used the machine POG module of the Event-B POG : org.eventb.core.machineModule),
4. create a class for this module.(here we created the class fr.systerel.rodinextension.sample.pog.modules.FwdMachineBoundModule).

The above module should share (this is done by repository.setState()), at its initialisation, an IMachineBoundInfo state that we will implement in step 2.

	@Override
	public void initModule(IRodinElement element,IPOGStateRepository repository, IProgressMonitor monitor) throws CoreException {
		repository.setState(createMachineBoundInfo(element, repository));
	}

	private IMachineBoundInfo createMachineBoundInfo(IRodinElement element,	IPOGStateRepository repository) throws CoreException {
		final IRodinFile machineFile = (IRodinFile) element;
		final ISCMachineRoot root = (ISCMachineRoot) machineFile.getRoot();
		final ISCBound[] bounds = root.getChildrenOfType(ISCBound.ELEMENT_TYPE);
		if (bounds.length != 1) {
			return new MachineBoundInfo();
		}
		final ISCBound scBound = bounds[0];
		final ITypeEnvironment typeEnv = repository.getTypeEnvironment();
		final Expression expr = scBound.getExpression(typeEnv.getFormulaFactory(), typeEnv);
		return new MachineBoundInfo(expr, scBound);
	}

Where MachineBoundInfo will be our class representing the state for the bound of the traversed machine.

To use a registered state of the repository, one can use

repository.getState(IStateType<? extends IPOGState> stateType)

As we suppose the MachineBoundInfo to be a state available after our module is initialized, we will here use :

final IMachineBoundInfo machineBoundInfo = (IMachineBoundInfo) repository.getState(IMachineBoundInfo.STATE_TYPE);

Sub-modules of our module fwdMachineBoundFinitenessModule can use this state freely from the repository using the above invocation. What we want to do is creating a BFN PO if the bound expression is not trivially finite. A trivially finite expression is an integer expression or derived from a boolean type.

Here is the code that makes those checkings :

private boolean mustProveFinite(Expression expr, FormulaFactory ff) {
		final Type type = expr.getType();
		if (type.equals(ff.makeIntegerType()))
			return false;
		if (derivedFromBoolean(type, ff))
			return false;
		return true;
	}
private boolean derivedFromBoolean(Type type, FormulaFactory ff) {
	if (type.equals(ff.makeBooleanType()))
		return true;
	final Type baseType = type.getBaseType();
	if (baseType != null)
		return derivedFromBoolean(baseType, ff);
	if (type instanceof ProductType) {
		final ProductType productType = (ProductType) type;
		return derivedFromBoolean(productType.getLeft(), ff) && derivedFromBoolean(productType.getRight(), ff);
	}
	return false;
}

Here is the corresponding code that generates the PO BFN put into the process() method of our module :

		final IMachineBoundInfo machineBoundInfo = (IMachineBoundInfo) repository.getState(IMachineBoundInfo.STATE_TYPE);
 		final ISCBound scBound = machineBoundInfo.getBound();
		final Expression expr = machineBoundInfo.getExpression();
		final FormulaFactory ff = repository.getFormulaFactory();
		final IPOGSource[] sources = new IPOGSource[] { makeSource(IPOSource.DEFAULT_ROLE, scBound.getSource()) };
		final IPORoot target = repository.getTarget();
		final IMachineHypothesisManager machineHypothesisManager = (IMachineHypothesisManager) repository.getState(IMachineHypothesisManager.STATE_TYPE);

		// if the finitness of bound is not trivial
		// we generate the PO
		if (mustProveFinite(expr, ff)) {
			final Predicate finPredicate = ff.makeSimplePredicate(Formula.KFINITE, expr, null);
			createPO(target, "BFN",
					POGProcessorModule.makeNature("Finiteness of bound"),
					machineHypothesisManager.getFullHypothesis(),
					makePredicate(finPredicate, scBound.getSource()), sources,
					machineHypothesisManager.machineIsAccurate(), monitor);

Add this module to the configuration created for the static checker by creating an extension pogModule.

Step 2 : creating the support for sharing bound informations among POG sub-modules

We will here create the extension to store the informations about the statically checked bound which we want available through sub-modules. To do this : add the org.eventb.core.pogStateTypes extension point to our plugin. Then create an extension stateType :
- id : machineBoundInfo
- name : POG Machine Bound Info
- class : a new class that will implement the interface described below (here MachineBoundInfo).

We want three methods to be available in this interface :

  • getExpression() to retrieve the expression of the bound,
  • getBound() to retrieve the statically checked bound,
  • hasMachineBound() telling if the currently processed machine has a bound or not.

Here is the interface IMachineBoundInfo one has to create:

public interface IMachineBoundInfo extends IPOGState {

	final static IStateType<IMachineBoundInfo> STATE_TYPE = POGCore.getToolStateType(QualProbPlugin.PLUGIN_ID + ".machineBoundInfo");
	
	/**
	 * Returns the parsed and type-checked bound expression, or null 
	 * if the machine does not have a bound.
	 * 
	 * @return the parsed and type-checked bound expression, or null 
	 * 		if the machine does not have a bound
	 */
	Expression getExpression();
	
	/**
	 * Returns a handle to the bound, or null if the machine does not have a bound.
	 * 
	 * @return a handle to the bound, or null if the machine does not have a bound
	 */
	ISCBound getBound();
	
	/**
	 * Returns whether the machine has a bound.
	 * 
	 * @return whether the machine has a bound
	 */
	boolean machineHasBound();

}

and here is its implementation class :

public class MachineBoundInfo implements IMachineBoundInfo {

	private final Expression boundExpression;
	private final ISCBound bound;
 	private boolean immutable;

	/**
	 * Constructor
	 */
	public MachineBoundInfo(final Expression expression, final ISCBound bound) {
		this.boundExpression = expression;
		this.bound = bound;
		immutable = false;
	}
	
	/**
	 * Constructor with no bound attached
	 */
	public MachineBoundInfo() {
		this.boundExpression = null;
		this.bound = null;
		immutable = false;
	}

	@Override
	public String toString() {
		return boundExpression == null ? "null" : boundExpression.toString();
	}
 	
	public Expression getExpression() {
		return boundExpression;
	}

	public ISCBound getBound() {
		return bound;
	}

	public IStateType<?> getStateType() {
		return IMachineBoundInfo.STATE_TYPE;
	}

	public boolean machineHasBound() {
		return boundExpression != null;
	}

	@Override
	public void makeImmutable() {
		immutable = true;
	}

	@Override
	public boolean isImmutable() {
		return immutable;
	}

}

Step 3 : Removing a PO

To remove a PO, one has to create a filter module. This can be done the same way as for the static checker. After a small search in the package org.eventb.internal.core.pog.modules, we identify that the module responsible of creating the FIN PO is actually FwdMachineVariantModule. The goal is here to register our filter as a submodule of FwdMachineVariantModule and prevent it to create the FIN PO.

The code is really simple... First, one has to check if the model contains a probabilistic event, which means that we want to override the FIN PO that will be created by default, and then, one has to search from the generated PO if one corresponds to FIN by searching inside PO names and reject it.

1. give the module an id (here finPORejectingModule),
2. a human readable name (here "Machine POG Filter FIN PO Rejecting Module"),
3. register a parent in the hierarchy of modules (here we used the variant POG module of the Event-B POG that creates the POG we want to suppress: org.eventb.core.fwdMachineVariantModule),
4. create a class for this module.(here we created the class fr.systerel.rodinextension.sample.pog.modules.FinPORejectingModule).

Here we just retrieve the bound informations in the initModule(), so we can check in the accept() method that the current machine aims to be proved against probabilistic convergence, and remove the FIN PO which is about to be created. Here is what the code might look like :

public class FinPORejectingFilterModule extends POGFilterModule {

	private static final IModuleType<FinPORejectingFilterModule> MODULE_TYPE = POGCore.getModuleType(QualProbPlugin.PLUGIN_ID + ".finPORejectingModule");
	private IMachineBoundInfo boundInfo;

	@Override
	public IModuleType<?> getModuleType() {
		return MODULE_TYPE;
	}

	@Override
	public boolean accept(String poName, IProgressMonitor monitor) throws CoreException {
		if (! boundInfo.machineHasBound()) {
			return true;
		}
		final boolean rejectedFIN = poName.equals("FIN");
		if (QualProbPlugin.DEBUG) {
			System.out.println("PO " + poName + " is "+ (rejectedFIN ? "" : "not ") + "filtered out.");
		}
		return !rejectedFIN;
	}

	@Override
	public void initModule(IPOGStateRepository repository, IProgressMonitor monitor) throws CoreException {
		boundInfo = (IMachineBoundInfo) repository.getState(IMachineBoundInfo.STATE_TYPE);
	}

	@Override
	public void endModule(IPOGStateRepository repository, IProgressMonitor monitor) throws CoreException {
		boundInfo = null;
	}

}