

# Constructive Boolean Networks and the Exactness of (Timed) Ternary Simulation

Michael Mendler

[ joint work with Tom Shiple, Gérard Berry; Formal Methods in System Design, Vol. 40, No. 3, June 2012 ]



#### What's this talk about?

- formally characterise the class of Boolean networks known, informally, as "constructive" systems (Berry, Shiple)
- present correspondence theorems linking denotational, operational and axiomatic semantics
- highlight that there are different notions of "causal" or "combinational" systems depending on the MoCC (model of coordination and communication)

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

3



#### **COMBINATIONAL NETWORKS**



#### **Combinational Networks**



#### **Definition (informal)**

A Boolean network (circuit + delay nodes) is combinational if it realises a functional relationship input  $\rightarrow$  output.

- Asynchronous Circuits
- Synchronous Programming (e.g., Esterel, Lustre, ...)
- Communicating Mealy machines (e.g., Statecharts)

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

5



#### **Combinational Networks**



#### Definition (operational)

Let DEL be a network delay/scheduling model (MoCC).

A network is DEL-combinational if for all constant input signals every output node

- stabilizes in bounded time
- to a unique response value

under DEL-execution semantics.



## **Up-bounded Inertial Delay (UIN)**

[Huffman'54, Miller'65, Brzozowski/Seger'89]



- (1) Up-bounded Propagation: The delay cannot remain unstable for longer than D time without changing output
- (2) Inertiality: The output only changes if delay is unstable

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

7



#### Example I

Muller Diagram [Muller'56]
 UIN system trajectories





- Up-bounded Inertial Delay (UIN)
- General Multiple Winner Model (GMW)
   [Huffman'54, Brzozowski/Yoeli 79]



#### Example I

Muller Diagram [Muller'56]
 UIN system trajectories





not UNI-combinational!

- Up-bounded Inertial Delay (UIN)
- General Multiple Winner
   Model (GMW)
   [Huffman'54, Brzozowski/Yoeli 79]

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

9



#### **Example II**

Muller DiagramUIN system trajectories

total state 
$$x \cdot s_2$$

$$0 \cdot 0^* \quad 1 \cdot 1^*$$

$$\downarrow \qquad \qquad \downarrow$$

$$0 \cdot 1 \quad 1 \cdot 0$$
stable states

• All possible UIN-trajectories in the General Multiple Winner (GMW) model converge!



**UIN-combinational** 



#### **Boolean Paradise Lost**





#### The 2-valued "Steady State Paradise"





#### Cycles: "Paradise lost?"



M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

14



#### Cycles: "Paradise lost?"





# Cycles: "Paradise lost?"



M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

16



#### **TIMED TERNARY SIMULATION**



#### **Timed Ternary Algebra**

- Recursion theory [Kleene'52]
- Asynchronous Circuits (hazards, races, oscillation)

[Yoeli/Rinon'64, Eichelberger'65, Roth'66] [Bryant'87] CMOS transistor-level

- Ternary simulation [Yoeli/Brzozowski'77, Brzozowski/Seger'95]
- Cyclic combinational circuits

[Burch/et.al.'93, Malik'93, Shiple'96]

[Huang/Parng/Shyu'91] Timed D-calculus

[Fairtlough/Mendler'96] Real-time interpretation

[Namjoshi/Kurshan'99, Backes/Fett /Riedel'08] Refined algorithm

Synchronous programming [Berry'99, Schneider/Brandt/Schuele'04]



M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

22



#### **Timed Ternary Algebra**



#### Example I



$$\mathbf{s}_{1}^{i+1} = [let \ s_{2} = \mathbf{s}_{2}^{i} \ in \ s_{2} + x, 1]$$

$$\mathbf{s}_{2}^{i+1} = [let \ (s_{1}, s_{3}) = (\mathbf{s}_{1}^{i}, \mathbf{s}_{3}^{i}) \ in \ \overline{s_{1}} + s_{3}, 1]$$

$$\mathbf{s}_{3}^{i+1} = [let \ s_{2} = \mathbf{s}_{2}^{i} \ in \ \overline{x} \cdot s_{2}, 1]$$

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

30



#### Example I



$$\mathbf{s}_{1}^{i+1} = [let s_{2} = \mathbf{s}_{2}^{i} in s_{2} + x, 1]$$
 $\mathbf{s}_{2}^{i+1} = [let (s_{1}, s_{3}) = (\mathbf{s}_{1}^{i}, \mathbf{s}_{3}^{i}) in \overline{s_{1}} + s_{3}, 1]$ 
 $\mathbf{s}_{3}^{i+1} = [let s_{2} = \mathbf{s}_{2}^{i} in \overline{x} \cdot s_{2}, 1]$ 



#### Example II

$$x = [0,0]$$
 $s_2 = [\bot,\infty], [1,1] \supset$ 
 $x = [1,0]$ 
 $s_2 = [\bot,\infty], [0,1] \supset$ 



$$\mathbf{s}_{2}^{i+1} = [let s_{2} = \mathbf{s}_{2}^{i} in \overline{(s_{2} + x)} + (\overline{x} \cdot s_{2}), 1]$$

$$= [let s_{2} = \mathbf{s}_{2}^{i} in \overline{x}, 1]$$

$$= [\overline{x}, 1]$$

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

32



#### **Ternary Combinational Network**

#### **Definition** -

A network (fixed set of state nodes) is ternary combinational if the least fixed point of its timed ternary extension produces bounded-time Boolean values for all (static) input vectors.



not ternary combinational not UIN-combinational

ternary combinational UIN-combinational





# **Problem Solved?**

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

34



# THE ABSTRACTION GAP



#### **UIN-Delay Full Abstraction Problem**



$$S_1 = \bot \land s_1 = \bot \land S_2 = \bot \land s_2 = \bot$$

$$S_1 = s_1 \lor S_2 = s_2$$

not ternary comb.

Ternary simulation too abstract?

UIN delays too strongly synchronised?

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

37



#### **UIN-Delay Full Abstraction Problem**



Inertial Delays / GMW are not quite the right operational interpretation of Ternary Simulation!



#### "Paradise lost?"

## **Ternary Algebra**



M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

39



#### "Paradise lost?"



# **Up-bounded Non-inertial Delays (UNI)**



The "right" operational interpretation of Timed Ternary Simulation:

#### **NON-INERTIAL DELAYS**

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

11



#### Up-bounded Non-Inertial (UNI-)Delay





(1) Up-bounded Propagation: If the input remains stable for longer than D time, then the output stabilises to new value.(2) Non-inertial: If input changes, output totally uncontrolled until new value has propagated through.



#### Up-bounded Non-Inertial (UNI-)Delay



(1) Up-bounded Propagation: If the input remains stable for longer than D time, then the output stabilises to new value.(2) Non-inertial: If input changes, output totally uncontrolled until new value has propagated through.

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

43



#### How Do We Prove UNI-Delay Adequacy?



M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

44



The "right" logical interpretation of Timed Ternary Simulation:

#### **CONSTRUCTIVE UNI-LOGIC**

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

15



#### **Basic Properties**

UNI-logic satisfies the axioms

$$\phi \supset \Diamond_D \phi$$

$$\Diamond_D \Diamond_E \phi \supset \Diamond_{D+E} \phi$$

$$\Diamond_D \phi \land \Diamond_E \psi \supset \Diamond_{max(D,E)} (\phi \land \psi)$$

and the rule  $\models \phi \supset \psi \Rightarrow \models \Diamond_D \phi \supset \Diamond_D \psi$ .

Logic: lax modality (pronounced "LAGS")

[Fairtlough & Mendler 97]

Types, Functional Progr.: strong monads [Moggi 91]



#### **UN Network Specifications**



$$\Phi_{N} \equiv y_{1} = \overline{z_{1}} \wedge y_{2} = z_{3}z_{2} \wedge y_{3} = z_{4} + z_{5} \wedge 
y_{4} = z_{6}\overline{z_{7}} + \overline{z_{6}}z_{7} \wedge 
z_{1} = x \wedge z_{2} :=_{D_{1}} y_{1} \wedge z_{3} = x \wedge z_{4} = y_{2} \wedge 
z_{5} :=_{D_{2}} y_{3} \wedge z_{6} = y_{3} \wedge z_{7} = y_{3}.$$

$$\phi_1 :=_D \phi_2$$
 stands for  $(\neg \phi_2 \supset \Diamond_D \neg \phi_1) \land (\phi_2 \supset \Diamond_D \phi_1)$ 

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

47



#### Lindenbaum/Henkin Construction

For every input  $\vec{a}$  and state vertex  $s_i$ :





 $\mathbf{x} = \bot$  "known undefined"  $\leftrightarrow$  "unknown defined"

# WHY CONSTRUCTIVENESS MATTERS...

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

40



#### What does constructiveness buy us?

 $\Psi_{N, ec{a}}$  set of UNI-trajectories of network N and input  $ec{a}$ 

#### **Disjunction Property**

 $\Psi_{N, \vec{a}} \, \vdash$  s stabilises to 0  $\lor$  s stabilises to 1

 $\Rightarrow \Psi_{N, \vec{a}} \vdash$  s stabilises to 0 or  $\Psi_{N, \vec{a}} \vdash$  s stabilises to 1

#### **Existential Property**

 $\Psi_{N, \vec{a}} \vdash \exists \ \mathsf{t.} \ \mathsf{s} \ \mathsf{stabilises} \ \mathsf{at} \ \mathsf{time} \ \mathsf{t}$ 

 $\Rightarrow$  for some delay bound D,  $\Psi_{N,\vec{a}} \vdash$  s stabilises at time D

Constructive reaction is always deterministic and bounded!



#### CONCLUSION

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

55



#### Summary

#### -Theorem—— "Constructive Networks"

The following statements are equivalent:

- A network N is provably stable in UNI-Logic axiomatic
- The ternary simulation of N in the chosen state variables generates Boolean solutions
  denotational
- N stabilises in bounded time to a unique steady state under non-inertial delay assumptions operational



#### **Research Directions**

- Expressiveness and Complexity of UNI-Logic ?
- Efficient implementation of timed ternary simulation, symbolically for arbitrary input
- What would be a sound and complete Logic for
  - Up-bounded inertial delays?
  - bi-bounded delays, transport delays, ...
- Comprehensive classification of combinational circuit hierarchies

M. Mendler, Bamberg University

PRET-Day, 15th March 2013 @ INRIA, Montbonnot

58



# Thank you!