5.3. Procedimiento de la administración del cuestionario
6.1.1 Relevancia de la Violencia contra las Mujeres
The translation given byBerry(1999a) maps Esterel expressions into circuits with the interface shown in Figure5.8. We use a pair of records to model the control inputsCinandCout, and sequences of Booleans to track the signal environmentESigsand thrown exceptions.
We structure our translation as a shallow embedding using the familiar static/dynamic split. In this instance the static information is the translation context, which is just the number of signals and exceptions in scope. The generated dynamic Arrow incorporates the standard circuit interface for Esterel constructs:
typeDynamic( )α β= (Cin(B( )),Esigs(B( )),α) (Cout(B( )),Esigs(B( )),β) newtypeE( )α β= E(EnvM Static(Dynamic( )α β))
Here we use a simple environment MonadEnvM:
newtypeEnvMsα = EnvM(s → α)
with an operation to read from the environment (readEnvM :: EnvMs s) and another to run a computation in a new environment (inEnvM :: s → EnvMsα → EnvMsα()).
It is straightforward to implement theArrowandArrowLoopclasses using the semantics for Esterel’s sequential composition. We provide an instance for theArrowTransformerclass that lifts computations in the underlying Arrow ( ) intoE( ) as instantaneous computations. Similarly the Esterel kernel statements are routine; for instance the circuit andEcomputation for thepauseEstatement are shown in Figure5.9.
We represent signals and exceptions as abstract indices into the environment, and provide allocation functions in the style of higher-order abstract syntax (HOAS):
signalE :: (EC( ),Structure Signalv) ⇒ (v → E( )γ α) → E( )γ α
catchE :: EC ⇒ (Exception → E( )γ,α) → E( )γ α
whereECcollects the various circuit classes we discussed in §5.2. The generics of §5.3allow for the allocation of any structure that can be constructed fromSignals. The semantics of Esterel signals depends crucially on combinational cycles.
go
suspend kill resume terminated selected paused exceptionsclass(ArrowLoop( ),ArrowDelay( ) (B( )),
ArrowCombLoop( ) (B( )),ArrowComb( ))
⇒ EC( )
pauseE :: EC( ) ⇒ E( )γ()
pauseE = E(dos ← readEnvM
return(proc(cin,ienv,c) →
donKill ← notA−≺ciKillcin
recreg ← LdelayAC(falseA−≺()) (andA−≺(t,nKill))M
t ← orA<<< second andA−≺(ciGocin, (ciSuspcin,reg))
terminated ← andA−≺(reg,ciRescin)
ff ← falseA−≺()
let(oenv,exns) =cenv_exns_emptys ff
returnA −≺(Cout{coSelected = reg
,coTerminated = terminated
,coPaused =ciGo cin
,coExns = exns},oenv, () ) ))
Figure 5.9: The circuit corresponding to apauseEstatement: Figure 11.3 fromBerry(1999a) and its rendition as an Arrow. The functioncenv_exns_emptyyields exception and signal environ- ments where all elements are set to absent.
Pleasantly the signal and exception scopes are enforced by the Arrow structure: Arrows may returnSignals andExceptions but there are no operations that accept them Arrow-bound. Hence we do not need to use type-level tricks to ensure that signals do not escape their scopes (in contrast to theSTMonad (Launchbury and Peyton Jones 1995), for instance).
TheABROexample of the previous section can be rendered as a Kesterel Arrow as follows:
abroa b r o = loopEachEr( (awaitImmediateEa||||awaitImmediateEb) >>>sustainEo)
where (||||) and (>>>) are parallel and sequential composition ofEcomputations, respectively. The other operations use the standard expansions provided byBerry(1999a). We replace Esterel’s module syntax withλ-bindings. This syntax is closer to the process calculus notation ofBerry (1999a, Chapter 5) than traditional Esterel source code.
We note in passing that the netlist interpretation of §5.4.1was very useful when debugging this Arrow transformer.
Kesterel is much easier to extend than existing Esterel implementations, which makes it an ideal platform for the sort of language experimentation we engage in in the next chapter. Moreover the standard Esterel language suffers from a lack of parametrisation in the same way as many standalone (non-embedded) DSLs; for instance signal routing can be quite verbose, at times dominating the control logic.
One of the major attractions for adding a Monadic interface to an EDSL is thedonotation that idiomatically supports sequencing in Haskell. In our case the use of an Arrow transformer precludes a Monad instance, and unfortunately the Arrow syntax is heavier than explicit uses of the sequential composition operation (>>>).
The simple translation we use here has issues withreincarnationandschizophrenia, which (coarsely put) describe the incorrect handling of some signals that are created in loop contexts. We provide an example in §6.6. A solution was proposed byBerry(1999a, Chapter 12), and all such solutions involve duplicating logic. As this severs the link between the source text and the generated circuit, it ceases to be meaningful to ask what the instantaneous value of a signal is – in general it may have as many statuses as the number of enclosing loops. In our case this complicates the identification of propositions in knowledge-based programs, and as resolving these issues is not critical to our agenda, we use the simple translation. We note that our Arrow-based scheme can support the full translation however, as it only involves adding context in ways we already support.
Similarly general data handling is complicated by parallel composition, and since our examples do not require it, we leave its addition to Kesterel to future work.
More broadly there has been much work towards efficient compilation of Esterel in software settings (Potop-Butucaru et al. 2007), in contrast to our goal of building a transition relation expressed as a BDD for exhaustive state-space traversal (§6.2).Bourke(2009, §2.4) discusses the hierarchical state machine language Argos and its relation to Esterel.Claessen(2001, Chapter 6) describes a simple imperative language called Flash that is compiled to combinationally cyclic circuits in Lava 2000 with some issues that are resolved by Esterel. York Lava, which we discussed in §4.2.6provides a a small imperative language that does not treat the semantic complexities that Esterel does.
5.6 Concluding remarks
The Arrows presented here resolve the “observable sharing” issue we discussed in the previous chapter in a way that preserves the validity of the unrestrictedβlaw in Haskell by introducing a combinatory language that is not Cartesian closed. We have also seen how other languages can be constructed on top of the basic circuit Arrows.
The approach sketched here relies on circuit descriptions being suitably polymorphic. We enforce this by only providing abstract interfaces to the basic components, which has the unfortunate effect that type signatures become quite verbose for any non-trivial circuit. As we tend to omit these, we need to defeat the standard Haskell monomorphism restriction as our circuits are overloaded constant applicative forms (CAFs) that are rejected by default if unaccompanied by a type signature.
In addition to the interpretations shown in §5.4, we would like to transform our circuit Arrows, such as by propagating constants. We leave this to future work.
Much of this chapter could also be carried out in a Monadic framework, or even using observable sharing; however the next chapter shows that our knowledge-based programs require one further construct that is not so readily implemented with these. We further evaluate the use of Arrows for this domain in §7.1.
Knowledge-based circuits and
applications
W
ITHthe theory of Chapter3and machinery of Chapter5in hand, we return to the problem of constructing implementations of knowledge-based programs. We augment ADHOC with several constructs for describing knowledge-based programs, making essential use of the Arrow structure, and proceed to give symbolic versions of the algorithms we developed in Chapter3and canvas the problem of minimising the automata we generate. The remainder of the chapter illustrates the tools at work on a series of scenarios with epistemic characteristics.6.1 Arrows for knowledge-based circuits
The Arrows of the previous chapter give us a compositional means of description that is easily parametrised, and for larger examples we have a flexible way of building state machines (§5.5). Our goal here is to extend them with constructs for knowledge-based programs.
We delimit the boundaries of an agent using theagentconstruct: §5.1.2:
obs f ac t i on
agent
aid fclassArrowAgent( )obswhere
agent :: AgentID → (obs action) → (obs action)
The environment can pass values of typeobsto the agent, who responds withactionvalues at each instant. Due to the Arrow structure these are the entirety of the “dynamic” interface between them. (The information passed “statically” to agents is commonly known to all agents.) As we need to capture the agents’ observations but not their actions, we include onlyobsin the head of theArrowAgentclass; we use the generics of §5.3to record the observation, as we show below. Agents can also maintain private state usingdelayA, which we can capture using the existingArrowDelayclass of §5.2.3. Similarly we capture the result of agent-local non-deterministic choices with the classes of §5.2.5, as these are represented by state variables.
Note that if we had used a Cartesian-closed abstraction such as observable sharing or Monads then we could not capture the observation in this way, as functions and Monadic computations cannot be scrutinised for what they depend upon. We discuss how agent boundaries could be enforced with these abstractions in §7.1.4. That this abstraction really does encapsulate an agent’s state could probably be established by adapting the proof of non-interference byLi and Zdancewic(2010, §5) for their Arrow-based secure-computation EDSL, but the reader may be convinced by the examples in the following sections.
Our next step is to define a syntax for knowledge formulas analogous to the HOL datatype (0a,0p)KFormof §3.2:
dataKF = KFfalse|KFtrue|KF‘KFand‘ KF|KFneg KF
|KFprobe String — propositions
|AgentID‘KFknows‘KF
|AgentID‘KFknowsHat‘ProbeID
|[AgentID] ‘KFcommon‘KF
|[AgentID] ‘KFcommonHat‘ ProbeID
These constructors will not appear explicitly in the examples as we overload the common syntax for logical languages, using the familiar operators.
We deviate from our previous syntax in two substantive respects: firstly, our primitive proposi- tions are circuit probes. Recall that interesting knowledge formulas refer to variables that are not in the agent’s scope – and moreover in this setting an agent has direct knowledge of the values of all variables in its scope. By using probes we avoid the need to route unobservable values to agents, which would often severely obfuscate descriptions.
Secondly we add the modalitiesknows andácknowsto make testing for an agent’s knowledge of a
variable more efficient. Semantically we expect:
knowsa(v::T)≡_ i∈T
knowsa(v=i)
wherevis the representation of some probe, andiranges over the elements of the typeT. We expect a similar property ofácknows. This primitive is essential to our treatment of the Mr P. and
Mr S. puzzle (§6.4.2) whereTis large.
Using this syntax we define a construct for knowledge tests:
classArrowKTest( )where
kTest :: KF→ (γ B( ))
In the scope of theagentmethod,kTestallows an agent to test the truth of the given knowl- edge formula, which is passed “statically”; these serve the same purpose as the guards in the Isabelle/HOL theory of Chapter3. An agent may contain an arbitrary number ofkTests; zero, in the case of model checking (§6.5), one (§6.3) or many (§6.4.2).
The crucial instances of these classes are for the constructivity ArrowCArrowof §5.4.3; we also lift this functionality to the Kesterel level in §6.6. TheArrowAgentinstance captures the agent’s observation of the environment using the generics of §5.3:
instanceStructureDest CBoolobs ⇒ ArrowAgent CArrowobswhere agentaid f = ...
In other words, the environment can pass arbitrary (finite) structures to the agents, provided they are made out of bits. Agents’ private states are similarly recorded by theArrowDelayinstance in theDynamicstructure. We note thatStructureDestis sufficient here and allows us to give an instance for Kesterel, where signal environments are of arbitrary size.
TheArrowKTestinstance forCArrowassociates eachKFformula in akTestwith a BDD variable,
and stores these in theStaticstructure. Intuitively we compose the knowledge automaton in synchronous parallel with the rest of the system and use this bit to communicate the truth of the knowledge formula. We discuss this further in the next section.
We note that placing theagentmethod within a combinational cycle is difficult to interpret; essentially what the agent observes would depend instantaneously on what it does. There is the similar problem of allowing one agent to instantaneously observe the output of another’s
kTest. This can be resolved by adapting the constructivity analysis of §5.4.3to order thekTests, and rejecting the program if this is not possible. As we make no use of combinational cycles involving the infrastructure for KBPs we do not pursue that here.
Conceivably the simulation Arrow of §5.4.2could underpin an explicit-state variant. We leave this to future work.