Post on 28-Mar-2015
ANR-07-SESUR-003
Using Constraints to Verify Properties of Rule
Programs
Bruno Berstel, University of Freiburg & IBM
Michel Leconte, IBM
CSTVA’10 – April 10th, 2010
ANR-07-SESUR-003
ANR-07-SESUR-003
What are Business Rules?
ANR-07-SESUR-003
What are business rules?
Rule upgrade-to-platinumif
the category of the customer is Gold andthe value of the shopping cart is more than $1500
thenchange the category of the customer to Platinum
ANR-07-SESUR-003
Agenda
• What are Business Rules?• Verification
– rules as transition constraints– properties as constraint problems
• Impact on CP Solver– slow propagation– how to cope with it
• Conclusion
ANR-07-SESUR-003
Example rules
Rule gold-discountwhen category = Gold & value ≥ 2000then discount := discount + 10
Rule platinum-discountwhen category = Platinum & value ≥ 1000then discount := discount + 15
Rule upgradewhen category = Gold & age ≥ 60then category := Platinum
Verification
ANR-07-SESUR-003
Conflict (example)Verification
cat = Goldage = 65
value = 2500discount = 0
cat = Goldage = 65
value = 2500discount = 10
cat = Platinumage = 65
value = 2500discount = 25
cat = Platinumage = 65
value = 2500discount = 0
cat = Platinumage = 65
value = 2500discount = 15
gold-discount
≠
upgrade
upgrade +
platinum-
discount
platinum-discount
cat = Goldage ≥ 60
cat := Plat
cat = Goldvalue ≥ 2000disc += 10
cat = Platvalue ≥ 1000disc += 15
cat = Goldage ≥ 60
value ≥ 1000cat := Platdisc += 15
ANR-07-SESUR-003
Conflict (general principle)Verification
initialstate
finalstate #1
finalstate #2
execution #1
= ?
execution #2
ANR-07-SESUR-003
• Compute the transition constraints for all executions– e.g. ρ(upgrade ∘ platinum-discount) is
c =Gold ∧ a ≥60 ∧ v ≥1000 ∧ c’ =Plat ∧ d’ = d +15 ∧ a’ =a ∧ v’ =v
– interested in maximal executions only– bound length of traces to cope with infinite
executions– many unfeasible executions: ρ ⊨ ⊥
• Look for conflicting executions– s ⇝ s’1 s ⇝ s’2 s’1 ≇ s’2
– init ∧ ρ1 ∧ ρ2 ∧ ∨ ξ’1 ≠ ξ’2
• Is one of these constraint problems satisfiable?– Yes: we found a witness!– No: there is no conflict in the rule program.– Don’t know
Conflict (general principle)Verification
ξ∈Var
ANR-07-SESUR-003Conflict (example with constraints)
Verification
category ↦ cage ↦ a
value ↦ vdiscount ↦ d
category ↦ c’2
age ↦ a’2
value ↦ v’2
discount ↦ d’2
category ↦ c’1
age ↦ a’1
value ↦ v’1
discount ↦ d’1
=?
gold-discount ∘ upgrade ∘ platinum-discount
upgrade ∘ platinum-discount
c =Gold ∧ a ≥60 ∧ v ≥1000 ∧ c’1 =Plat ∧ d’1 = d +15 ∧ a’1 =a ∧ v’1
=v
c =Gold ∧ a ≥60 ∧ v ≥2000 ∧ c’2 =Plat ∧ d’2 = d +25 ∧ a’2 =a ∧ v’2
=v
v ≥ 1000v ≥ 2000
d’1 = d + 15d’2 = d + 25
d’1 ≠ d’2
ANR-07-SESUR-003
Challenging the CP Solverwith the conjunction of
• Large Domains– variables are ranging over machine-
representable values– typically 232 or 264 values for integers
• Slow Propagation– when the time of domain reduction is
proportional to the size of the domain– e.g. d’ = d + 15
d’ = d + 25
ANR-07-SESUR-003Slow convergence of propagation
d’ = d + 15d’ = d + 25
d, d’ ∈ [-231, 231-1]d’ = d + 15
d’ ∈ [-231 + 15, 231-1]
d’ = d + 25d ∈ [-231, 231-1 - 25]
d’ = d + 15d’ ∈ [-231 + 15, 231-1 - 10]
d’ = d + 25d ∈ [-231, 231-1 - 35]
d’ = d + 15d’ ∈ [-231 + 15, 231-1 - 20]
etc.
It takes approx. 859 000 000 steps to reduce the domains to the empty set.
✘
ANR-07-SESUR-003Slow propagation ⇏ unsatisfiability
x > uxx ∈ [-231, 231-1]u ∈ {0, 1}
x ≥ y + 1y = uxx, y ∈ [-231, 231-1]u ∈ {0, 1}
x ≥ y + 1
y = ux
231 steps of interval reduction
u = 1
+ 231 steps of interval reduction to empty domains
x ∈ [1, 231-1]y ∈ [0, 231-1]u ∈ {0, 1}
ANR-07-SESUR-003Slow propagation ⇏ unsatisfiability
x > uxx ∈ [-231, 231-1]u ∈ {0, 1}
x ≥ y + 1y = uxx, y ∈ [-231, 231-1]u ∈ {0, 1}
x ≥ y + 1
y = ux
231 steps of interval reduction
u = 0
x ≥ 1
solution found in 231+1 steps (best case)
x ∈ [1, 231-1]y ∈ [0, 231-1]u ∈ {0, 1}
ANR-07-SESUR-003Fighting against slow propagation
• From specialized procedures– linear normalization (x = x +1)– cycle detection (x < y ∧ y < x)– congruence domains (2x+2y = 1)
– …
• To pragmatic techniques– Let the user specify domains (age in [0,
100])– Stop the propagation before fix point
ANR-07-SESUR-003
Conclusion
• Using constraints for rule program verification– to translate rules into transition constraints– to express properties– to find answers using a CP Solver
• It scales because– problems are small in practice– techniques are put in place to fight against
slow propagation