Part 7. Phantoms: Legal States That Cannot Be Constructed

1
Part 7.Phantoms Legal States That Cannot Be
Constructed
2
Are There Legal States That Cant Be Built?

• State s is a phantom state (or phantom
  architecture) if
• It is legal (it satisfies the SoP rules) BUT
• It cannot be constructed, starting with just a
  bare containment tree, and repeatedly using rules
  (productions) to add dependency edges
• A ruleset that allows phantoms is called
  phantomic
• Do phantoms exist?

3
Example Step-Wise Construction of a State

• Example ruleset
• T ? S ? P o T ? P o T o C ? T o C
• Ruleset has 4 productions
• T D (S)
• T D (P T)
• T D (P T C)
• T D (T C)

Start with tree, successively add edges allowed
by productions
Step 3
Step 1
Step 2
f
(2) T D (P T)
(4) T D (T C)
(1) T D (S)
This example ruleset allows no phantoms. Note
Phantoms cannot be constructed in a step-wise
manner.
4
Example Phantom 1 The Cyclic Export Ruleset
An Identic Phantom

• Consider this rule E ? C ? E o E
• Rule means
• An E edge can follow a child C edge, or
• An E edge can follow two E edges

root
root
Phantom ?
OK ?
x
x
y E y y E o E y Thus, the state is legal.
State has only loop (ID) edges. It is an
identic state.
y
y
z
z
E
C
Phantom doesnt use the C right-hand side
5
Example Phantom 2Non-Identic Phantom

• Consider this rule
• R ? R o P ? R o C
• Rule means
• An R edge can follow an R then a P edge, or
• An R edge can follow an R then a C edge

w R x w R o P x w R y w R o C y So, this is
legal
The R edges are not ID self loops (not identities)
Maybe show multi-recursive phantom??
6
Some Simple Permission Rules

• Three simple rulesets
• R ? All where All means every edge
• Every state is legal and constructive.
• R ? R
• Every state is legal and they are all phantoms
  except ?.
• R ? All ? R
• All states are constructive. However, if we
  delete production (R D All) while keeping (R D
  R), there are phantoms.

7
A Multi-Recursive Ruleset with Phantoms

• Ruleset
• R ? R o P o R

This state is a phantom. Follow R then P then R
to compute R. So R is legal. But R cannot be
constructed from the empty state.
Multi-recursive because R depends on itself more
than once.
8
Why Are Most Serious Example SoP Rules
Constructive?

• Is there a hidden assumption that causes them to
  be constructive?
• Is there an algorithm to check SoP rules for
  constructivity? No, it is an open question
  whether such an algorithm exists. But with
  appropriate restrictions, such an algorithm
  exists.

9
Part 8.Abstract Permission Systems (APT)
10
Abstracting Away From the Graph Basis of SoP

• Some properties of SoP rulesets have little to do
  with the underlying structure of the state graph.
• To confirm this, we will now take an abstract
  approach, which ignores the graph structure.
• Any SoP ruleset, with a corresponding tree, can
  be projected to this abstract form.
• Essence of this abstraction is
• Legality simply means prefixpoint of given
  function f
• So, legality properties become properties of
  pfps
• States are not necessarily graphs

11
Fixed Points Terminology

• When x f(x)
• We say x is a fixpoint (fp) or a fixed point of
  function f
• When x ? f(x)
• We say x is a prefixpoint (pfp) or a pre fixed
  point of function f
• Some authors alternately use the term
  postfixpoint (post fixed point) instead of
  prefixpoint

12
Basis for Abstract Permission Theory

• Fundamental concepts
• E Finite set of elements
• (Abstraction of set of triples)
• f 2E ? 2E Permission function
• (Maps states to states)
• Derived concepts
• Lf (s) def s ? f(s) Legality of state s as
  prefixpoint
• Q def 2E State space (abstraction of
  subset of triples)
• States s, t, ? Q Abstraction of graphs
  (states)
• s ? t Operator on states
• f def Empty state, contains no triples

Monotonicity not yet assumed
13
Aside Alternate Terminology

• We could use the term well-formed instead of
  legal, so instead of
• Lf(s) or L(s)
• we would write
• WFf(s) or WF(s).

14
How to Map SoP Ruleset R with Tree T to Abstract
Form

• Def. Element set E consists of every every
  triple that can be formed with variables v from
  the ruleset R and with nodes N in tree T.
• Def. Permission function f is defined in terms
  of state s and rules set R as follows
• f(s) def (Based on state s, compute the set of
  triples specified by sums, i.e., those alled by
  right hand sides of ruleset R)

15
Piecewise Legality

• Def. Element e is legal in state s when it is
  member of f(s)
• Lf(e) def e ? f(s)
• Lemma. State s is legal iff all its elements are
  legal
• Lf(s) ? e ? s ? Lf(e)
• Proof. We re-write RHS into LHS
• ? e ? s ? Lf(e) ? e ? s ? e ? f(s)
• s ? f(s)
• Lf(s) QED

Hence, piecewise legality holds abstractly,
independent of graph structure and independent of
monotonicity.
16
Three Definitions of LegalityMicroSoft PPT Bug
Messes Up Format of this Slide??

• Def. State t permits state s when s is a least
  as large as t and s contains only elements
  permitted by t
• t ? s def t ? s ? f(t)
• 3 Legality Definitions
• 1. Lf (s) s ? f (s) Prefixpoint
• 2. L? (s) ? t ? t ? s t permits s
• 3. L?(s) ? ? s Constructive
• We will explore the relationship among these 3
  kinds of legality. For most, serious example
  SoP rules
• Lf(s) L?(s) L?(s)

If f is monotonic, t ? s means you can legally
add edges to t to make s
17
Phantom Architectures

• An state (an architecture) is a phantom if it is
  legal, but cannot be constructed.
• Constructive (s) def ? ? s
• Phantom (s) def Lf(s) not constructive(s)
• where ? is the empty state.
• A ruleset is constructive if all its legal states
  are constructive (are not phantoms).

18
When f Is Not Monotonic
Example. s f Ì t, f(s) t, f(t) s, so f(t)
Ì f(s) Function f not monotonic because not true
that s ? t ? f(s) ? f(t) Observe that Lf(t)
false, L?(t) true, L?(t) true Lemma. Not
true that for all f, Lf(t) L?(t) Proof. In
example, Lf(t) is false, but L?(t) is
true Lemma. Not true that for all f, Lf(t)
L?(t) Proof. In example, Lf(t) is false, but
L?(t) is true. In fact, in this case L?(t) ?
Lf(t) is false.
These results are counter intuitive if you are
used to dealing with monotonic systems.
19
When f is Monotonic

• Lemma A. If f is monotonic and there exists t
  such that t p s, then s is legal.
• Proof. The definition of t p s is
• t ? s ? f(t) Since f is monotonic, it follows
  that
• f(t) ? f(s) Hence,
• t ? s ? f(t) ? f(s) Hence,
• s ? f(s) So by definion of legality,
• s is legal. QED
• Lemma B. If f is monotonic and s is
  constructive, then s is legal.
• Proof. If s is constructive, i.e., if
• f p s
• then there exist states s1, s2, sn such that
• f p s1 p s2 p sn p s
• When s f , s is legal. Otherwise sn p s, in
  which case, by the previous lemma, s is legal.
  QED

Since SoP is monotonic, these results apply.
20
When f is Monotonic

• Theorem. If f is monotonic
• Lf(s) L?(s)
• ie (1) s ? f (s) ? ? t ? t ? s ? f(t)
• and (2) ? t ? t ? s ? f(t) ? s ? f (s)
• Proof.
• (1) Obvious Let t be s.
• (2) Proven in previous lemma.
• (Follows from monotonicity,
• and from transitivity of ? )

f(s)
?
f(t)
?
?
s
?
?
t
21
SoP Rules are Monotonic, So

• Corollary. In SoP systems
• Lf(s) L?(s)
• Proof. True because SoP systems are monotonic

Non-SoP permission rules are not necessarly
monotonic
22
Does Ruleset R Avoid Phantoms?

• For a particular f or ruleset R, for all s, does
• Lf(s) L?(s)?
• Is this always true for SoP rulesets?
• Phantom architecture problem Give algorithm to
  decide if ruleset allows phantoms
• (regardless of size of ruleset or size of tree)

A solution to the phantom architecture problem
is given below
23
Assume f is Monotonic

• In the rest of this section on Abstract
  Permission Theory, we shall assume that f is
  monotonic.
• Recall f as defined by any SoP rulesets is
  monotonic.

24
Tarski-Knaster Theorem

• Since f is monotonic, based on ? as an ordering
  operator, the Tarski-Knaster Theorem applies
• Theorem. f?(f) is a fixpoint. It is a least
  fixpoint.
• So, if f is repeatedly applied to empty state f,
  eventually we find a fixpoint state s f?(f),
  such that
• f(s) s
• Because s is a least fixpoint, there is no t,
  t Ì s, such that f(t) t

25
Partitioning by Fixpoints

• Observation. Given monotonic f, the prefixpoints
  (legal states) are partitioned by f?(s) , i.e.,
• PARTi def s ? f?(s) fpi
• where fpi is the i-th fixpoint.
• So, s and t are in the
• same partition when
• f?(s) f?(t)

etc
Note Every prefixpoint s necessarily converges
to a fixpoint f?(s)
26
Local Minimum and Maximum
MicroSoft Problem Turn E (exists) backwards??

• Def.
• locmax(s) def E r ? s ? r p x
• and not E t ? s ? s p t
• locmin(s) def E t Ê s ? s p t
• and not E r Ì s ? r p s
• Note that these 3 are equivalent
• E r ? s ? r p x E t Ê s ? s p t pfp(s)
• Lemma.
• locmax(s) Û fp(s)
• Each partition contains one local max (its fp).
• Each partition contains one or more local mins.

Proofs are not hard, but not obvious?? Rename as
pfpmax and pfpmin??
27
The Shape of Partitions

• For monotonic f, there are one or more
  partitions. Each has a single maximum (fixpoint)
  and one of more minima.

28
Permission Within a Partition

• For monotonic f, if you follow permission edges
  (forward or backwards), you stay in the same
  partition
• Def. s p0 t def s p t or s p-1 t
• Theorem. If s and t are legal, s p0 t Û
  f?(s) f?(t)
• Proof. (1) s p t ? f?(s) f?(t)
• So, s p0 t ? f?(s) f?(t)
• (2) f?(s) f?(t) ? s p f?(s) and
• f?(t) p-1 t
• ? s p0 t

Part (2) of proof should be expanded??
29
Necessary Sufficient Condition for Phantoms

• Theorem. For monotonic f, there are phantoms iff
  there is more than one local minimum.
• Proof.
• (1) If there is a local minimum s, besides f,
  then s is a phantom.
• (2) Suppose there is no local minimum except f.
  Then for any legal state s ? f, there exists t
  such that t Ì s and such that t p s. So, f p s
  and so s not a phantom.
• Collollary. If there is more than one fixpoint,
  there are phantoms. If there is more than one
  partition, there are phantoms.

Is proof clear??
30
Do f and R exist that minimally cause phantoms?

• Lemma. There exists monotonic function f such
  that f has exactly one fp and has a phantom.
• Lemma. There exists monotonic function f defined
  by SoP ruleset by R tree T such that f has
  exactly one fp and has a phantom.
• Proof. These two lemmas will be proven by giving
  an example that satisfies them
• Moral. Even if you know that a ruleset has only
  one fp, you still dont know whether it has a
  phantom.

31
Proving Two Lemmas by Giving an Example

• Proof. Proof is by giving tree T and ruleset R
  that define f which has 1 fp and 1 phantom. Let
  T be a trivial tree, consisting of a single node
  x. Let R be this ruleset
• v1 ? ID È v2, v2 ? v1 È v2
• Tree T can have only these 2 triples (both are ID
  triples)
• V1 (x v1 x), V2 (x v2 x)
• Tree T with ruleset R has only these 4 states
• f , s1 V1, s2 V2, s1,2 V1, V2
• State s2 is a phantom.
• The only fp is s1,2 .

f