Central to fundamental computer science, graphs and their transformation .... However, this requires first the introduct
FORMALIZATION OF A DYNAMIC LOGIC FOR GRAPH TRANSFORMATION IN THE COQ PROOF ASSISTANT ∗ Mathias Winckel, Ralph Matthes Institut de Recherche en Informatique de Toulouse (IRIT) {winckel, matthes}@irit.fr
Abstract A formalization, in the C OQ system, of deterministic labeled termgraphs is presented, after introducing a syntax and a mathematical structure of such graphs. We will formally describe a dynamic logic, introduced initially by P. BALBIANI, R. E CHAHED and A. H ERZIG, which is useful to describe properties of termgraphs and for the characterization of transformations on those termgraphs, and then give the formalization of the syntax and the semantics of this modal logic close to the one for the graphs. We’ll discuss issues and choices made to carry out such formalization, presenting in detail the development from the original mathematical concepts to an implementation in Coq, leading to a better understanding of the introduced objects and ideas and the way they could be defined and used with a computer.
Introduction Central to fundamental computer science, graphs and their transformation deal with expression and comprehension of information and computation. They are a major challenge to get further in the quest of comprehension, formalization and computation towards an algebraic and, above all, a semantical level. Without exaggeration, nearly every field of computer science uses graphs to represent data or the behavior of systems. Then to talk about a higher level of dynamics, it uses rewriting in a more or less formal way to handle manipulation on such objects. In some fields, as in Formal Methods and Model-Driven Engineering, the graphs are one of the main tools and having advanced methods for expressing and reasoning on these graphs or on rewriting them is really useful. Modal logic allows one to express relational properties naturally and, with the Kripke semantics, is closely linked to the notion of graphs which are its models. Dynamic logic as defined by D. H AREL offers by its modality the possibility to express the relation on ∗ This
work has been funded by the CLIMT project (ANR-11-BS02-016 of the French Agence Nationale de la Recherche).
1
models if they have desired properties. Yet, instead of discussing graphs and rewriting using hyper-graphs as models, the transformed graphs could be directly these models. In this spirit, introduced during ICGT 2010, “A Dynamic Logic for Termgraph Rewriting” [1] was proposed by P. BALBIANI, R. E CHAHED and A. H ERZIG as an adapted dynamic logic to describe graphs and transformations on these graphs. An implementation of such rewriting systems requires some expertise, as the usual problems of development and the difficulties of the domain, in addition to those related to the realisation of theoretical concepts, make it a difficult task to achieve. Using formal methods can ease the realization of such a task and a software called a proof assistant, as the C OQ system, helps the smooth running of the project, adding a real value of trust in the resulting system. Based on a quite expressive type theory, the formalization of mathematical concepts defined by a scientist in an article with such mechanical means can be a first step. A logical framework upon its underlying typed λ -calculus – even done in a predicative way for most of its aspects – is already a first brick to characterize a more concrete graph rewriting system, easily well defined by the logical development already done, and to develop it, using the theoretical proofs-as-programs or proofs-as-algorithms correspondence realized in such proof assistants. It is the proof assistant C OQ which is used here for this formalization step. The implementation can require to use a detailed nomenclature for the objects when the synthesis of research works needs more succinct names to increase the readability, it is not so easy to get a clear indentation without getting heavier during the definition blocks, syntactic coloration being there for help. Within paragraphs presenting the development in C OQ, it is this typography which will be used to format the code. In the following, we will present the type of graphs we use and its formalization in Section 2, then in Section 3 discusses the formalization of the dynamic logic for graph rewriting, its syntax and its semantics.
Termgraphs Graphs considered here are deterministic node-labeled and edge-labeled termgraphs [2]. A termgraph is a graph that can be defined linearly by a term, and a label is a specific attribute being attached to a node, or attached to an edge and being then called a feature. The definability by a term is not restrictive to the usability of such graphs, it can be useful to define real data structures having interesting properties using pointers, as sharing or cycles, as displayed in Figure 1. n : πn
a
b
m : πm
b n : πn
s:ω (a) sharing
a (b) cycle
Fig. 1: Examples of Termgraph 2
m : πm
Syntax of Termgraphs A linear graph grammar is defined [1] over a set of nodes N , a set of labels Ω and a set of features F , by the following rules: TermGraph ::= Node | Node + TermGraph Node ::= n : ω ( f1 ⇒ Node, ... , fk ⇒ Node) | n : • | n with n ∈ N , ω ∈ Ω and f1 , ... , fk ∈ F This is easily translated into Coq using inductive types. But a question arises: is that only a description of a termgraph-like object or a well-founded termgraph? Using an environment during the parsing of the term and checking if all node references are sound or if every edge definition preserves a determinism condition could reject an ill-formed termgraph, but it is not specified which level of being well-defined is intended here. So, the notion of pre-termgraph is introduced to talk about the result of an attempt of a definition of a notion of graphs. However, this requires first the introduction of sets N , Ω and F as parameters of such a module of the syntax for the graphs. Parameters (N : Set) (Omega : Set) (F : Set). As a side note, for later decidability of properties, it is assumed that each of these sets is provided with its own algorithm for decision of equality over its elements, and such properties can be axiomatized in a module. We cite here the expression of such a procedure for decidability of equality on any type S : Set. Axiom eq_gen_dec (S:Set) : forall (s1 s2:S), {s1 = s2} + {~(s1 = s2)}. Decidability of dependent constructions on such sets can be nailed down at convenience later. Thus, for a proper syntax of termgraphs, we begin with a type for the Node with three constructors. Inductive Node : Type := | LabelledNode : N -> Omega -> list (F * Node) -> Node | UnlabelledNode : N -> Node | NodeReference : N -> Node. As in a tree, a node embeds other nodes as direct sons and the later references to nodes make the graph existing, semantically speaking. The rules of a grammar to build the termgraphs can be defined again by an inductive type. Inductive PreTermGraph_syntax : Type := | OneNode : Node -> PreTermGraph_syntax | NodeUnionGraph : Node -> PreTermGraph_syntax -> PreTermGraph_syntax. 3
Structure of Term Graphs With a more semantic manner, a termgraph is defined as well by a structure. [1] (N , E , L N , L E , S , T ) with • N a finite set of nodes • E a finite set of edges • L N a partial function from N to Ω, associating a node to its label • L E a total function from E to F , associating a edge to its feature • S a source function from E to N • T a target function from E to N and it’s assumed that the previous definitions respects a determinism condition defined as ∀ e1 , e2 ∈ E , S (e1 ) = S (e2 ) ∧ L E (e1 ) = L E (e2 ) → e1 = e2 Before the definition of a structure type bundling everything, it’s suitable to look closer these mathematical objects. N and E are assumed as sets of ids on which the other functions are defined. It’s a good idea to differ and use as the edge type a Cartesian product type N ×F ×N of the source, feature and target of an edge, defined by Definition E : Set := N * F * N. Then, there is no point to keep some elements anymore in a termgraph with such definition, the source function S : E → N , target function T : E → N and edge labeling L E : E → F being no longer specific, but only projections as well for any termgraph. Now the finite set of edges E can be formalized over a classic list data type, without any further development for the moment. The node labeling function L N : N → Ω is partial because of some nodes of the graph not having an element corresponding in Ω. But these nodes are marked with a •, so Ω can be extended naturally to include this option, getting the labeling to be fully defined on the set of nodes N of the graph, this extension is denoted Ω• in the following. The Coq system has no way to express partiality but allows one to have natively such type exception, defined as option Omega with terms being Some ω with ω : Omega labeling properly a node, or None assimilated to •. Considering the N : Set type for encoding the nodes being a wider notion than the N set, this is every node possible and not only the ones being defined in the graph, the N set of nodes can be formalized as well as the edge set over a list. But the labeling node function, defined over the N type as its domain and not N , is now partial again. It’s required to define the function as typed by LN : N → option (option Omega), the first option being for partiality over N and the second one being for partiality over Omega. But is the term None not semantically equal to the term Some None? 4
Maybe it is correct to understand a node that does not belong to the graph as having no label, but merging the two levels of option to a single one will induce a mistake if the module of graph would be slightly changed in the following, and it will. A better shot is to define the termgraph with a labeling function as LN : N → option Omega’, so partial over the N node type but total over an Omega’ label type, to formalize well the issues of having term of type N not actually belonging to the graph and getting it instantiates with option Omega as its Omega’ to formalize then the node being labeled or not. Any problem of actually labeling a "non-existent" node, as this merge of different levels of partiality, could and should be done indeed in this later instantiation of the graph module, the problem being formally speaking induces with the extension, and the formalization keeps thereby the fineness of a partial labeling over the N node type with some out of the graph. Thus the structure of a termgraph can be settle down to a more simple one (N , E , L N ) But the labeling function could be seen as the relation between a node and its label, denoted RL N , being a sub set of N × Ω• and can be define over a list. Then the information of nodes being part of the graph is computable from this relation and the set of node N is now superfluous too. The structure of a termgraph can be write as (E , RL N ) This is the structure chosen in the later formalization, and the pretermgraph can be define now as the bundle of the set of edges and the association node − label. Record PreTermGraph : Set := makePTG { edges: list E; rel_label_n: list (N * option Omega); }. Once a pretermgraph is defined, it only lacks a valid determinism condition to be a termgraph. The condition can be formalized so that it is faithful to the original one.
Definition determinism_condition_inPaper (ptg:PreTermGraph) : Prop := forall e1 e2:E, (In e1 (edges ptg) /\ In e2 (edges ptg)) -> ( source e1 = source e2 /\ label_e e1 = label_e e2 ) -> e1 = e2. But could be defined equally as an inductive type but above all being defined over the equality of the edges target.
5
Inductive determinism_condition (ptg:PreTermGraph) : Prop := | constr_det_cond : (forall e1 e2:E, In e1 (edges ptg) -> In e2 (edges ptg) -> source e1 = source e2 -> label_e e1 = label_e e2 -> target e1 = target e2) -> determinism_condition ptg. Based on the choice for the representation of an edge as a tuple (source, f eature,target), once the equalities of the source and the feature hold, the equality of the edge only holds on the one for the last component, the target. Proof is done of this property during the development and it’s this second definition that will be used to validate a pretermgraph as a proper termgraph. As an aside, the graphs here being finite, such property could be decidable. Considering the axiomatized decidability on equalities over N and F, a procedure is defined in proof mode and can be used to lift a pretermgraph to a termgraph. Definition detCond_validation_dec (ptg:PreTermGraph) : { determinism_condition ptg } + { ~(determinism_condition ptg) }. Thus, the termgraph type can be defined by bundling a pretermgraph and a proof term of its determinism. Record TermGraph : Set := makeTG { ptGraph :> PreTermGraph; determinism_cond : determinism_condition ptGraph }. The :> for the PreTermGraph typed field establishes a coercion between the TermGraph type and the PreTermGraph type. Every function defined for a pretermgraph can be applied to a termgraph, being automatically applied to its pretermgraph and giving thereby a natural and useful lifting of the PreTermGraph type.
Rooted Term Graphs In the following, for the need of the logic, the graphs will be an extension of the termgrah with a specific node pointed as its root. (N , E , L N , L E , S , T , r) with the root r ∈ N Actually, here the root isn’t a root at all, in any usual sense. It’s a pointed node, and thus rooted termgraph should be called pointed termgraph, but to stay consistent with the original paper we’re going to keep naming it rooted termgraph. 6
The rooted termgraph can be defined as a structure, quite similar to the one for the termgraph using the same previous skimming of this structure. (E , RL N , r) with the root r ∈ N = nodes(RL N ) And can be defined, as its structure suggests it, by the bundle of a termgraph and a root, without omitting a proof of such node being part of the graph. Record RootedTermGraph : Type := makeRTG { tGraph:> TermGraph; root: N; root_belong: In root (nodes tGraph) }. Just as for the TermGraph, a coercion gives to the RootedTermGraph all functions defined on Termgraph, and above all the useful functions defined on PreTermGraph which one would naturally apply to a rooted termgraph too.
Dynamic Logic for Graph Rewriting A modal logic is a propositional logic, extended with one or several modality operators. Dynamic logic [3] is a multi-modal logic with its modalities being actions, usually navigation by the feature of edges, with the possibility to express the choice or the sequence of actions. This notion can be extended as well to describe a panel of actions far more miscellaneous, which seems useful to talk about graph transformation.
Syntax of the Dynamic Logic Formulas and actions of the dynamic logic can’t be defined independently. Laying on countable sets F of feature of edges (denoted usually a, b, ...) and Ω of label of nodes (denoted usually ω, π, ...), here’s the rules, mutually dependents, to define the syntax. [1] An action α is defined by the following rules. α ::= a |U |n|n | φ?
for the navigation by a ∈ F from the root for changing the root to anywhere in the graph for the creation of a node n, and eventually to set it as the root for the verification of the validity of a formula φ for the root
| (ω := l φ ) | (ω := g φ ) for labeling a node with a label ω ∈ Ω if a formula φ is valid, locally for the root or globally for every node. 7
| (a + (φ , ψ)) | (a − (φ , ψ)) for adding or removing an edge with the feature a between nodes verifying a formula φ and those verifying a formula ψ. for the definition of a sequence, a choice or an iteration | (α1 ; α2 ) | (α1 ∪ α2 ) | α1∗ over actions α1 and α2 . And for the record, one could consider one more action, non atomic since equivalent to another expression, the non null iteration α + ≡ α ; α ∗ . Thus a formula φ is defined by the following rules φ ::= ω | ⊥ | ¬ φ | φ ∨ ψ | [ α ]φ The propositional logic of such dynamic logic being a classical one, some more symbols can be defined as usual conjunction, implication and equivalency being respectively φ ∧ ψ ≡ ¬(¬φ ∨ ¬ψ), φ → ψ ≡ ¬φ ∨ ψ and φ ↔ ψ ≡ (φ → ψ) ∧ (ψ → φ ), for given formulas φ and ψ. One can as well denote a second modal operator, for a given action α and a formula φ , as < α > φ ≡ ¬[α]¬φ . Formalizing this syntax requires only the introduction of sets Ω and F . Parameters (Omega : Set) (F : Set). Then two inductive types, one for the actions Inductive Action : Set := | MoveRootAlongEdge : F -> Action | MoveRootSomewhere : Action | Test : Formula -> Action | CreateNewNode : Action | MoveRootToANewNode : Action | AssignLocally : Omega -> Formula -> Action | AssignGlobally : Omega -> Formula -> Action | AddEdgesFromTo : F -> Formula -> Formula -> Action | DeleteEdgesFromTo : F -> Formula -> Formula -> Action | Sequence : Action -> Action -> Action | Choose : Action -> Action -> Action | Iterate : Action -> Action and one for the formulas with Formula : Set := | RootHas : Omega -> Formula | Bottom : Formula | Top : Formula | Negation : Formula -> Formula 8
| | | | | |
Or : Formula -> Formula -> Formula And : Formula -> Formula -> Formula Box : Action -> Formula -> Formula Diamond : Action -> Formula -> Formula Imp : Formula -> Formula -> Formula Equiv : Formula -> Formula -> Formula.
Constructors are not only defined for a minimal set of operators for the syntax of the logic and the others simply denoted as an expression with these minimal symbols. This is due to the underlying logic in the Coq system, being an intuitionist logic which does not have every properties of the classical logic on which the dynamic logic is built. In this intuitionist framework, the sense of these classical operators seems to be closer to the intuitionist one than the one based on definitions with those which are minimals, if no extension of the meta-logic is made to get it classical a semantic could be defined over this extended set of operators. The bet is made that the intuitionist logic of Coq is adequate for expressing everything being mandatory in the following and reasoning with it, despite the difference. Some notations are introduced to use everything, in Coq, the closest to the original definition of the syntax. Notation "φ :: omega" := (RootHas omega) (at level 61). being the notation the most different from the one defined previously to express a ω ∈ Ω as an atomic formula. Notation "new-Node" := CreateNewNode (at level 72). Notation "new-Node&Go" := MoveRootToANewNode (at level 72). hold for n and n in the following. The iteration operator inherits of a prefix notation because of parsing issue. Notation "* alpha " := (Iterate alpha) (at level 71). There is one more definition for the added operator al pha+ Definition IteratePlus (alpha:Action) : Action := alpha ; *alpha. and its notation, as for the iteration, is a prefix one. Notation "+ alpha " := (IteratePlus alpha) (at level 71).
Semantics of the Dynamic Logic A semantic can be defined for this dynamic logic using rooted termgraph G = (N , E , L N , L E , S , T , n0 ) as model and verifying on these graphs the properties expressed by the logic formula upon the sets of labels and features, F and Ω, of G. 9
Models The rooted termgraphs used here are different from the ones defined previously. The function of labeling is now defined as L N : N → P(Ω) of what the previous definition would be a particular case [1], as displayed in Figure 2.
Uni-labeled Rooted TermGraph
:=
Multi-labeled Rooted TermGraph P(Ω) N F only one label
Fig. 2: Unique Labeling as specific Multiple Labeling In Coq, P(Ω) is well defined by a simple list Omega if the set Ω is finite. Is there anything saying that Ω is finite? Actually, no. Using finite graph, it could be pragmatic to use finite set of labels and features. Also the labels of a node are never used as an infinite subset of Ω, it’s honest to say that we’re only using finite members of P(Ω), Ω being finite or not. For the sake of this formalization, the subsets P(Ω) are going to be reduced to finite list Omega, but it’s still a pretty debatable choice. With everything done before for the graphs (rewriting, morphisms, matching...) being defined over rooted termgraph with unique labeling of node, one would define the multiple labeling as an instantiation of the previous work, as displayed in Figure 3 with a label being actually a list of labels to get everything already well done on a simple particular case.
Multi-labeled Rooted TermGraph
:=
Uni-labeled Rooted TermGraph Ω N F P(Ω)
Fig. 3: Multiple Labeling as specific Unique Labeling It seems mathematically sounding to do that, even if due to lacking any more explanation this function should be understood as total. The previous labeling function being partial, mathematically speaking, it’s not correct to say that a partial function is a particular case of a total one, wanting this function L N : N → P(Ω) partial too to get a chance to be more general than the previous one. But doing this leads the formalization to draw a line between a node unlabeled by partiality of unique labeling and unlabeled cause marked with an empty label as displayed in the Figure 4, which could seems expected but brings many inconsistencies in a further development. The formalization can help to make clear this imbroglio. If a first concept of termgraph is defined as previously with a uni-labeling function L N : N → Ω0 but being total 10
n:{}
6=
n:•
Fig. 4: Unlabeling being encoded differently and a node can’t be unlabeled by the function in a mathematical way, the termgraph with a multi-labeling function is well founded as a instantiation of this concept, with Ω0 being P(Ω), and an empty label in a semantic way. It’s formalized as a function LN : N → option (list Omega) . Now the termgraph with a partial uni-labeling function can be defined the same, but with a property asserting that the list of labels associated to a node has at most one element. A uni-labeled termgraph is as well a specific case of a multi-labeled termgraph, being itself a specific case of a unique total labeled termgraph as displayed in Figure 5. Uni-total-labeling Rooted TermGraph Omega := list Omega
Omega := option Omega
Multi-total-labeling Rooted TermGraph
Uni-partial-labeling Rooted TermGraph
+(only one label)
Fig. 5: Inheritance of labeling The former formalization of the uni-labeled termgraph being not useful to define the new multi-labeled termgraph as it seems at first. Interpretation of Actions and Formulas To keep going with the formalization of the semantics of the logic, before the satisfiability, it needs interpretation functions over the models. [1] IG is defined as • IG (a) = {e | e ∈ E and L E (e) = a} the set of edges labeled with a • IG (ω) = {n | n ∈ N and ω ∈ L N (n)} the set of nodes labeled with ω. And another relation, for any feature a ∈ F , • RG is the interpretation of the action a on G defined such RG (a) = {(n1 , n2 ) | ∃e ∈ IG (a), S (e) = n1 and T (e) = n2 } Thus, because of dependency between formulas and actions, the satisfiability |= for a formula F for a rooted termgraph G requires a dependent definition, inductively on F. 11
• G � ω iff n0 ∈ IG (ω) • G 2⊥ • G � ¬φ iff G 2 φ • G � φ ∨ ψ iff G � φ or G � ψ • G � [α]φ iff for any rooted termgraph G0 , if G −→α G0 then G0 � φ with G −→α G0 the binary relation between G = (N , E , L N , L E , S , T , n0 ) and = (N 0 , E 0 , L N 0 , L E 0 , S 0 , T 0 , n00 ) upon the action α, defined inductively on α. We’re going to present this definition for only one case, the iteration. G −→α∗ G0 iff G0
• there is a sequence of rooted termgraphs G(0) ... G(k) with G(0) = G, for all i ∈ {0, ... , k − 1}, G(i) −→α G(i+1) and G(k) = G0 The other cases aren’t interesting for the formalization purpose and can be found in the original paper. [1] For the formalization, an inductive type dependent of a rooted termgraph characterizes well when an edge belongs to the set IG (a) if its feature match a. Inductive I__G_a (rtg : RootedTermGraph) (e:E) : F -> Prop := | constr_I__G_a : In e (edges rtg) -> I__G_a rtg e (label_e e). It’s interesting to point out the utilisation of a Generalized Algebraic Data Type, a pattern is used for the head of the clause, expressing the correspondence with (label_e e) and being equivalent to express a condition on the equality of (label_e e) and the argument of F type. For the labels of a node, in a similar way, an inductive type defines as well when a node belongs to the set IG (w).
Inductive I__G_w (rtg : RootedTermGraph) (w : Omega) (n:N) : Prop := | constr_I__G_w : In n (nodes rtg) -> In__option w (label_n rtg n) -> I__G_w rtg w n. The relation RG can be defined easily too with an inductive type to express for a given feature a when a couple n1 , n2 of graph nodes belongs to the relation, using the previous formalized IG .
Inductive R__G (rtg : RootedTermGraph) (a : F) (n1xn2:N*N) : Prop := | constr_R__G : I__G_a rtg (fst n1xn2, a, snd n1xn2) a -> R__G rtg a n1xn2. 12
Thus, can be done the formalization of the satisfiability �. Strongly dependent of the −→α relation for the modality, it could be useful to define previously in separate inductive types every case for an action α. As introduced previously, we let aside definitions for every action but present the one for the iteration, being a transitive closure over a relation R. Inductive transitive_closure (R: relation RootedTermGraph) : relation RootedTermGraph := | trans_init : forall rtg:RootedTermGraph, transitive_closure R rtg rtg | trans_step : forall rtg rtg’ rtg”: RootedTermGraph, R rtg rtg’ -> transitive_closure R rtg’ rtg” -> transitive_closure R rtg rtg”. Finally, the satisfiability itself can be defined, as a fix-point recursively decreasing on a formula f. Fixpoint sat (f: Formula) (rtg: RootedTermGraph) : Prop := match f with | | | | | | | | |
RootHas w => I__G_w rtg w (root rtg) Bottom => False Top => True Negation sf => ~ (sat sf rtg) Or sf1 sf2 => (sat sf1 rtg) \/ (sat sf2 rtg) And sf1 sf2 => (sat sf1 rtg) /\ (sat sf2 rtg) Imp sf1 sf2 => (sat sf1 rtg) -> (sat sf2 rtg) Equiv sf1 sf2 => (sat sf1 rtg) (sat sf2 rtg) Box alpha sf => forall rtg’:RootedTermGraph, imp__alpha alpha rtg rtg’ -> sat sf rtg’ | Diamond alpha sf => exists rtg’:RootedTermGraph, imp__alpha alpha rtg rtg’ -> sat sf rtg’ end And mutually dependent, the one of the application of action can be defined, as a fix-point recursively decreasing on the action alpha. with imp__alpha (alpha : Action) (rtg rtg’: RootedTermGraph) : Prop := match alpha with | MoveRootAlongEdge f => imp__Label f rtg rtg’ | MoveRootSomewhere => imp__Uni rtg rtg’ | CreateNewNode => imp__NewNode rtg rtg’ 13
| MoveRootToANewNode => imp__NewNodeAndGo rtg rtg’ | Test f => imp__Test rtg rtg’ (sat f) | Sequence a1 a2 => imp__Sequence rtg rtg’ (imp__alpha a1) (imp__alpha a2) | Choose a1 a2 => imp__alpha a1 rtg rtg’ \/ imp__alpha a2 rtg rtg’ | AssignLocally w f => imp__AssignLocally rtg rtg’ w (sat f) | AssignGlobally w f => imp__AssignGlobally rtg rtg’ w (sat f) | AddEdgesFromTo a f1 f2 => imp__AddEdgesFromTo rtg rtg’ a (sat f1) (sat f2) | DeleteEdgesFromTo a f1 f2 => imp__RemoveEdgesFromTo rtg rtg’ a (sat f1) (sat f2) | Iterate a => transitive_closure (imp__alpha a) rtg rtg’ end. The way the iteration is formalized is interesting, one could try to use a recursive definition, with the idea of the star in language being a∗ ≡ λ + a.a∗ . It could be as well defined such G −→α∗ G0 iff • G = G0 or ∃ a rooted termgraph G00 , G −→α G00 and G00 −→α∗ G0 And formalized as | Iterate a => G = G’ \/ exists G”:RootedTermGraph, imp__alpha a G G” /\ imp__alpha (*a) G” G’ But such definition is ill-formed for Coq, defining imp__alpha (*a) with imp__alpha (*a) and breaking obviously the rule of the action syntactically decreasing for the imp__alpha fixpoint. There is no way to get Coq accepting this idea and the definition over a sequence of termgraph being the iteration as done originally in the article is the well-formed one, the transitive closure being a way to describe a list satisfying the relation over an action alpha, encoding the sequence of Gi .
Conclusion This paper presents some parts of a formalization in Coq of a logic for graph rewriting. The concept of rooted termgraph is properly captured, by its syntax and then its structure with some simplifications, and thus a logic for graph rewriting is formalized as well, letting the reader discover some questions arising during the process and our analysis of the problem and thereby the solutions we propose and the choices we made. Actually, a use of the formalization was made, proving somes tautologies being still true or using the possibility to pin down classes of graphs with a formula by proving, for example, the correspondence between the formula for non a-cyclic graph and a property of 14
cycles being indeed false for such graph. Thereby, this formalization acquires the benefit of usability and confidence in a result corresponding to the theoretical system introduced in the original paper. But it is a small part of the original article that is presented here. However, the article has been entirely studied during the formalization, and the current formalization of the remainder is showing more problems and questions about the content which don’t have straightforward or even clearcut and unanimously acceptable solutions. For the ones related with the formalization previously introduced, first the question about the type Ω being finite or infinite seems to tend to an infinite one with the rewriting system defined like it is. That may lead to a far more complex handling of the entire power set of such a type Ω for the formalization of multi-labeling of nodes, if one did not only use finite subsets of such power set, and it could be mandatory to change these mathematical definitions to allow a termgraph and a rewriting system to be still defined over a finite set Ω and to be defined fully and simplier. Secondly, the logic makes great use of this multi-labeling, here shown not to be an extension of the simple one previously introduced, whereas the rewrite system studied is defined for unique labels and applied to multiple labels without more explanations. The formulas defined for expressing the actions of the rewriting system, an invariant or the matching of a graph could be using too deeply the uni-labeling case as a start and just assume that all would go well with multi-labeling. We expect quite some advances – theoretically and practically – in doing this formalization and from the formalization we obtain, and we hope to come back later with coherent solutions for the mentioned problems and other ones, allowing a real use of the modules developed in Coq to discuss graph rewriting and model transformation systems. This might demand an extension of the current set of rewrite rules and will be well done only if the extended system is fully understood, so that reliable extension can be based on it.
References [1] Philippe Balbiani, Rachid Echahed, and Andreas Herzig. A dynamic logic for termgraph rewriting. In ICGT, pages 59–74, 2010. [2] H. Barendregt, M. van Eekelen, J. Glauert, J. Kennaway, M. Plasmeijer, and M. Sleep. Term graph rewriting. In J. de Bakker, A. Nijman, and P. Treleaven, editors, PARLE Parallel Architectures and Languages Europe, volume 259 of Lecture Notes in Computer Science, pages 141–158. Springer Berlin / Heidelberg, 1987. [3] David Harel, Dexter Kozen, and Jerzy Tiuryn. Dynamic logic. In Handbook of Philosophical Logic, pages 497–604. MIT Press, 1984.
15
