 So when I prepared the talk I found that this is a bit of a difficult talk to prepare Because this is an abstract framework and abstract frameworks are very nice for the people who know the instance specific Instances of this framework because then you can somehow appreciate the generalization and see that it's a nice theory But if you don't know the instances it sometimes a bit of okay, there's a lot of formalism around What does it mean what why why this level of generality? So it was a bit tough to prepare so let's see how I managed So this is the overview I'll first talk a bit about reactive systems in the sense of lifer and Milner Which is an abstract framework of rewriting Then I'll talk a bit about the conditions in the title I'll define them. I'll relate them to first order logic. So we had quite a bit of first order logic now again Take on first order logic Then I'll say what are these conditional reactive systems and I say a bit on the operations and conditions what you can do with them How you can manipulate them? And then we also have two applications in this paper. I mean it's an abstract framework, but it has two applications And the first is to compute pre and post conditions and the second is conference via critical pair analysis And then I'll conclude Okay, what are reactive systems? It is an active abstract theory of rewriting Which was first introduced by life friend Milner. There's a conquered 2000 paper And it's a general framework in which it encompasses lots of things so it encompasses term rewriting process Calculi graph transformation by grass also invented by Milner and The original motivation actually that life friend Milner had when they introduced this framework Mostly derived labor transition systems Really for process Calculi so that original application was process Calculi and they used this to derive labor transition systems in a fairly general framework and then also to derive Bites by simulation congruences and equivalences, so I will not really talk about equivalences here behavioral equivalences But about the underlying And in this talk, I'll show you how to enrich reactive systems by conditions making them to conditional reactive systems and These conditions control whether a rewriting rule can be applied or not and So we have a huge source of inspiration which comes from graph transformation systems And these conditions have been really extensively studied in the context of graph transformation systems And we show how to lift them to this more upset setting and I think it The theory that you get is quite elegant And especially if you compare to what has been done for graph transformation system There's important work done there, but it's really a bit cumbersome and I think that on this abstract level It's really things become suddenly much simpler and much easier to understand Okay, so first this is about categories, so I don't really want to frighten you too much But I mean I think I'll give you the definition for category, which is really not too complicated And I think you really need it to to understand the rest of the talk So category is a generalization of a monoid in some sense And it consists of objects a b and arrows between objects Just think of them as errors just arrow. There's no deeper meaning behind it It's like a monoid element. It also doesn't have a deeper meaning. It's just an element With the property that there are identity arrows from each object to another arrow It's another object and there's an associative composition operation Meaning that if you have two arrows one from a to be and the other to be to see they compose and are using this semicolon for composition and Well, let's say the category that every other category in some kind is trying to imitate It's the category of sets and functions but the categories that we're looking here are Category of graphs and graph morphisms. So here the objects are graphs and the arrows are graph morphisms that are really Very similar to to Mosh's homomorphism from the last talk only here our graphs can have loops. So things are slightly different Then the other category that I'm looking into is the category of graphs and cospons of graphs and The objects are again graphs and the arrows of cospons of graph morphisms that is we have two arrows Sorry two morphisms They should be morphisms Of the form there's a graph in the middle and there are two other graphs J and K Which you can think of the interfaces of this graph So think of it as a graph G where you identify two subgraphs J and K which act as the interfaces of this graph and Let me give you a bit more of intuition for this cospan category So cospans are graphs with an inner and an outer interface and Composition you only also need composition to have a category performed by gluing over the joint interface So we have to these to go cospans and You see that the in this outer interface and this inner interface are really the same So we just glue over this and Leave out this interface and then you get a new cospan. This is how cospan composition works and Let's say this is the category which I will mainly work in the other category also makes a short appearance at some point Okay in a reactive systems over category C the arrows are rewritten in the following way Well, let me show you maybe the definition So you have a rule which consists of two arrows Ellen are starting from some distinguish of that zero Think of it as the empty graph. I'm in most cases doing to an object I and The reduction relation is generated as follows If I put this left hand side into some context C, which is again an arrow of the category. This is perfectly General then we can place replace this by the right hand side and the arrow C So in some sense, we're doing prefix rewriting Where the things that we are rewriting our arrows of a category So now you can say oh, isn't this somehow restriction to do prefix writing is in a sense Um, but let's say one special case that we're very interested in is double push out graph rewriting and If we instantiate this with a cospan category, we get exactly double push out graph writing So we get something which is very well known. This is not a result of our paper. This has been known for a while and Why the prefix is okay is basically because you can always rearrange decompose actually A graph in such a way that the left-hand side comes first and then you have the rest and then you can cut out the left-hand side And replace it by the right-hand side Okay, now what is the condition? So condition a is a finite tree Where the nodes are labeled through objects and quantifiers. So I mean here for instance this node is labeled with quantifier for all object a and then you have The edges of the tree and on the edges of the tree we put the errors Arrows of the category and of course in such a way that f is an arrow going from a to b and a is called the root object of the condition Okay, so it looks a bit first order like when we are not quite maybe and Actually, this is quite true. This is more or less a first order led logic and I will make this more precise in the following So just but let's do an example maybe first in order to express that a graph So graphs now we view as co-spans Where the middle graph is the graph you want to consider and has an empty inner and empty outer interface And we want to express that a graph contains an isolated node f Here we say something like this There exists a co-span In the graph and this cospan is this one is just this isolated node Such that for all ways could continue We need nothing so we have an empty universal quantification, which is just to So this means there exists such an isolated node f and it really must be isolated because you have no way to glue something to this node Okay, then I have to tell you how to evaluate a condition on an error. So they're always evaluated on errors If you have a condition with root object a and the error goes from a to b then I can evaluate or check whether the arrow satisfies the condition and Okay, they're naturally there two cases. There's universal quantification and if you have universal quantification and here This kind of branching in the condition here. There are other conditions sitting Sorry required that for every index of these f1 to fn and every alpha such that I Compose the c which is the arrow for which I ask whether that would satisfies the condition Can you decompose into fi and alpha we require that alpha satisfies the condition out I I which comes afterwards so basically for every way of removing such an error fi from my Arrow the remaining arrow had assessed to satisfy the condition that comes afterwards an existential quantification. Well, okay, you can guess that now for every way of decomposing the c into f one of the fi and no, sorry, they exist the way of composing C and fi and alpha and For this alpha that we get then it has to satisfy the condition I So actually we compare this with another category or ecologic which we kind of invented ourselves So maybe this is not interested so much It's a so-called logic on sub-objects and it tries to imitate monotonic second-order graph logic in a more categorical setting And if you restrict to the first order fragment we get exactly the same logic or the same kind of expressiveness as we appear for the conditions Okay, so yes, there's two strange logics But okay, if you this logic if we take as the category the category of graphs and graph morphisms now And I was taking this other category. I get exactly first-order graph logic so this is something well known and and okay, but Many example of the example that comes now Doesn't work in the category of graphs and graph morphisms, but in the category of Cospans and in this category actually the logic is more expressive So we have examples of properties that can be expressed in this logic, but not in the other logic Okay, so now what is a conditional reactive system it consists of rules Again, just as a reactive system plus every rule has an application condition sitting on this interface object I hear and Then rule is applicable to an arrow if the arrow can be deco-imposed as left-hand side plus some context and The context must satisfy the condition So we're always evaluating the condition on the remaining context left after removing at the left-hand side and in this case Left-hand side composed with the context is reduced to the right-hand side composed with the context Okay, just a simple rule maybe to illustrate a bit better what I'm talking about This is the dereferencing of a file owned by a user So there's a user and owns a file and it wants to so this own relationship should be removed But I can only remove it If for all if for all protected loops that are attached to the F nodes There exists an admin node attached to the user node Which means that either the file is not protected or if it is protected the user has to be the admin and This is basically what you can specify. I mean, it's a really a first-order logic and Okay, that's I said this before basically so conditions really restrict the context in which the rules are applied Okay, now we have to do a bit with these conditions. We need some conditions and For this I'm introducing the following thing which is called as a representative class of squares. Now. What is that? assume that you're to given a commuting square commuting means if you compose these two arrows and these two arrows you get the same and Yes, we say a class of squares is representative if for every commuting square you find inside another of such representative squares that can be Where you have also find an error e such that everything here commutes so inside you find a representative square So in a category usually take if you need Representative square you usually take the so-called pushouts but now assume that you don't have pushouts which we don't have actually in our category and So the idea is to find something that such as for each pair of arrows a b There are only finitely many squares representative squares push out there would be only one, but we're happy with their fun Okay, this is not terribly exotic in the sense that this has been studied before it was a Real problem in the work of life and Milner where they generated this label transition systems behavioral equivalences To kind of close these squares and they came up with a notion of so-called item pushouts The definition is not too too complex I'll not give it here But actually the implications are very Complicated because for the in the categories you're interested in not even these item pushouts exist and then you get into a lot of trouble and it There's really a huge amount of work trying to solve this problem Which is connected to somehow very tricky automorphism problems of course Then the one way to solve this was the so-called group ideal item pushouts by Sasone and Sobochinski We also had our own solution, which is the so-called bird context diagrams, but Here we just we don't really say what kind of universal properties these squares should have We kind of really trying to avoid the problem and say we just need the police Representativity property I showed on this slide before and then things work fine Okay, now the operation that I want to do with these representative squares is how to how to shift the condition along an arrow And I assume we have an arrow going from A to B and Then we have a condition and they shifted along the arrow I can't to show it on this slide, but it's better to show it on this slide You have this condition the arrow going from A to B and now here you have two arrows And it just take all representative squares here, which could be zero one two many and You close it then again you have here an arrow and here an arrow and you can take all representative squares and then once you're through the tree it might be Might be have a higher branch in degrees than before But if you have this finiteness property that for two hours you have only finite many representative ways to close this square then the condition that you get will also be fine and We have the following property the shift has a nice property So I mean some of the things we're showing here, especially this one There are similar results in the context of graph transformation system. It just kind of abstracted them to a Higher level and so so this operation shift has been known there and it has the following property if phi C satisfies a condition a this is equivalent to C satisfying a shifted over phi So it's a kind of partial evaluation I know already that I will evaluate my condition on arrow starting with phi so I shifted and kind of pre-compute this this condition and Okay, what we have in the paper actually is this result that this shift Is part of an adjunction so now we also have Existential quantification universal quantification which you saw just means putting an existential universal quantifier in front of a condition and usually These quantifiers arise as adjoints in categorical logic So it was quite natural to look here. What is the adjunction and the adjunction is with the shift operation. So Shift here is a right adjoint to Existential quantification, which is the left and here's the other way around so if you don't know that much about adjunction Think of the last Galois connections, which might be known from from program analysis So a connection between two lettuces and here the lettuces are the sets of all condition with Boolean orange Okay, this is it just a theoretical results, but nice and of course you can Derive several laws for this logic for instance the usual quantifier distribution law holds for all distributes over And the shift to support over both should be because it's a left and the right adjoint But this is also easy to prove otherwise And then there's also these bits slightly more unusual quantifier distribution law so you can do a bit of Laws and equivalences with this logic Okay, now the applications and We had to have two applications in this paper and the first is on computing pre and post conditions So again, there's a rule with the condition and let be a condition on errors with the source of X zero so just a condition on Think of that condition of co-span which are conditions on graphs for instance Which tell you something the property of the graph and then when you apply a rule you want to know What is the strongest post condition that the graph set is for the graphs that you reach satisfy afterwards? And if you have a backwards you want to know the weakest precondition So weakest precondition of a rule for a condition B is computed as follows So for all left-hand sides that you might have if If the remaining context satisfies C This implies that the context must satisfy B if you put our in front This is what it means To have a weakest precondition and the strongest post condition says they resist the right-hand side Okay, you just applied the rules. There should be a right-hand side such that the context satisfies C and If you put in front the left-hand side again, what do you have satisfies A? and Okay, this looks quite natural and But we hope you have to look what people have done in the graph transformation literature And there are all these construction But it typically takes two or three pages to construct these things with lots of operations And we find now that this is somehow a nice high level representation of what you get there Okay, so another application is Confluence, I mean We are doing here abstract high-level some high-level rewriting So of course we want to do all the stuff that you'd usually like to do with rewriting all the in the also in this setting and Okay, we want to analyze local confluence Of course, I mean if you know if your system is locally confluent and terminates then it is confluent And we do this by the usual critical pair analysis That means look for overlapping left-hand sides So just overlap your left-hand sides and in these Thing that you get which consists of two overlapping left left-hand sides You apply both rules apply the rules and get the what you get after inserting the right-hand sides And then they show that after potentially any number of steps you are your confluence so you reach the same same arrow afterwards and Of course the question is what are the critical pairs here and the critical pairs as we found adjust these representative squares So the rewriting relation is locally confluent if and only for every pair of left-hand sides and all representative ways to close this left-hand sides There exists an arrow D such that you can reduce here and here and You end up in the same and this is an if and only if result as in in terminal writing string writing You have it is confluent if and only if it satisfies this Okay, and then okay, this is about conditions conditional reactive system So you wanted to do the same with conditions and Actually, there is a predecessor work on graph transformation system Which has a similar idea and we kind of adapted it to generalize it a bit and now especially moved it to this more abstract setting and Okay, this is a bit this looks a bit More difficult so rewriting relation is loaded conflict if no if and only if unfortunately we thought about it But we have some examples which show that if and only if it's probably Not really possible For every pair of left-hand sides and all representative ways to close this pair Okay, now they accept now several arrows to which you can reduce why several Because you have conditions and if this a contact satisfies some condition You might be able to reduce to this one But if it satisfies some other condition you might be able to reduce to some other arrow There's ever and conditions that that under these conditions you can make the reductions to the DI and This condition or what does it mean since you know that both rules were applicable? You know that the context satisfies these conditions and This implies the disjunction so at least one of the pairs of conditions that guarantee confluence has to be has to be So and here AI denotes the application conditions of these two rules move to the joint to move to their joint interface And this means that under this condition a can reduce to be it might not be in general able to read a Might not be in general able to use to be because the contacts might have some inhibiting conditions Especially with these conditions you can express things like that certain things should not be there And if they are there they might inhibit the reductions So if no the intuition but I already stated this basic if under the condition that both rules can be applied We can at least one pop find one less possibility close the diamonds and the system is locally confluent and There might be several different ways to join the diamond and only one direction no if and only Okay, so now I should say a bit about related work because This is really based on a lot of stuff and we kind of pulled it together and packaged it into this framework and nested application conditions in graphic writing have been studied quite a bit actually have to be Fair and say it's not just graphic writing, but it's really also some categorical form of rewriting, but let's say I think that's based off very similar to graph writing and then basically were one step more abstract Then we did this because pre-condition and strongest post-conditions in high-level transformation system These are these form of double push-out rewriting have already been studied in hub by hobble and panaman and Then the idea to compare these conditions the first order graph logic is by rensing from 2004 The local conference for draft transformation system without condition is from plume by plume and with conditions as I just said We took the special case and which it was is from 2010 and generalized it now to this setting and things I think they were really took some pages to express in these papers now you can write in few lines and Yeah, we also had heavy some inspiration from categorical logic, especially to look for this adjunction that is because they usually exist in categorical logic and So okay, what else do we have in mind? So? The reason why we looked into this was really that we came from the from the area of deriving labeled transition systems behavioral equivalences and And we wanted to do it with conditions. I mean why okay nice here, but actually we really have some very tough case studies which we will talk to Verifying these especially from the area of model transformation So we have some people who bring us case studies from the era of model transformation You want to Transform some model sometimes they are a bit you ml like Petri net models whatever into another model And you want to show that some kind of behavior is preserved and these model transformation rules always have conditions always all the time So you cannot really deal With rules who do not have conditions if you come more from process algebra, you might think My conditions really don't need them But if you look into this application area, they're they're abandoned and the other thing is now that we can Compute the pre and post conditions. We couldn't principle Implement this for the special case of graph transformation and do some kind of cigar so count example guided abstraction refinement framework With predicate abstraction for graph transformation. So we haven't done this yet. This is an idea. So many steps are I've been taken but of course it's not clear whether the results will be good And of course in order to do this. I mean because we also have to in mind to implement this we have to solve one small problem and Of course, this is the first order logic and the entailment problem is undecidable So in order to get around to this we actually I either can actually restrict the simpler logics or They actually have been already quite successful attempt especially in the PhD thesis of penamon To do this in a approximative way so that you are actually can reason with such logics despite the undecidability Okay, and that's it and thank you much for your attention