Sunday, August 9, 2009

Why I do not like Statecharts

Statecharts are used all over the place for "Model Based Design" of software systems. I have always felt uneasy about the "graphical" programming language -- the marketing speil around statecharts always seemed too glib to me. Only recently have I been able to articulate this uneasiness clearly enought to satisfy myself.

First let me list down my complaints against statecharts and then address them one by one:
  1. Do Statecharts actually reduce the cost of software development or does it just move around the costs?
  2. Are AND and XOR actually good enough to express requirements and designs?
  3. Are Statechart models specifications or are they implementations?
  4. What is this "concurrency" all about?
One of the big "advantages" of Statecharts is that it is a "high level" "Domain Specific Language" that effectively addresses the problem of programming complex mode based behaviour (especially in particular domains such as embedded systems). However, it seems to me after maintaining and programming applications for a couple of months using Rhapsody, that this is not true. Statecharts give a false sense of simplicity for complex logic, and this results in engineers quickly adding a transition here and changing a guard there in order to modify the behaviour of an existing statechart. The generated code is complex enough that no one bothers to look at the code and/or reviews it. The fact is that Statecharts do not simplify complex logic, they just provide a couple of mechanisms for "decomposing" the complexity. People often do not realize that this decomposition also has to be very carefully done to avoid unintended behaviours, and Statecharts do not provide any mechanism for "analysing" the decomposition. In fact, my guess that the most effective part of development using tools such as Rhapsody is the fact that it helps in organizing interfaces between different modules using concepts such as ports. For example, if there is a push in an organization to adopt Model Based Development for even legacy code-based projects (and this is indeed there in a number of organizations), the last part that I would convert to "models" is the behaviour -- converting code to a model will not add to the maintainability of the project in any way.

Coming to the structuring mechanisms actually provided by Statecharts, AND and XOR sub-charts are what come immediately to mind. First, I feel that the way in which these are presented is not very helpful -- saying that AND charts help to model "concurrency" is very unhelpful. It is much more valid to say that AND charts allow decomposing complex behaviour into "orthogonal" state machines. Basically the emphasis should not be on the concurrency, but on a particular way of decomposing complexity. In fact, the theory of automata gives TWO canonical ways of decomposing state-machines -- one is the "parallel" composition which has been popularised by Statecharts; and the other is "serial" composition which is infact more generic then "parallel" composition and subsumes it. Similarly, the XOR decomposition of statecharts is used to "zoom" into one part of the behaviour and specify it; but the XOR decomposition as provided by statecharts is limited by "graphical" limitations -- the zoom is much more naturally specified by logical predicates, and a graphical notation is a very poor representation of the "boolean algebra" structure of the zoom predicates-- this is a case of a "picture being worth ONLY a thousand words"

There is this idea that Statecharts are good for "specifying" behaviours. The act of specification is more than just putting down on paper our understanding of a behaviour -- this is simply a task of transliteration. Specifying behaviour (especially in early stages of software) implies that the specifier does not yet fully comprehend all aspects of the required behaviour. In this case the specifier needs tools for "exploring" different aspects of the behaviour, of checking if he has contradicted himself in places, and if he has ensured that all corner cases have been considered. Statecharts do not provide tools for doing these activities.

Let us first consider the issue of "contradiction": in Statecharts we could map this to "non-determinism". However non-determinism is clearly not the same as "contradiction" - non-determinism could arise because we have abstracted out some details while specifying and in this case is a signal to "un-abstract" some parts. This is what most software theoreticians/practitioners mean when they talk of the "power of non-determinism" -- they are really talking of "abstraction". In a specification such non-determinism should not occur unless there really is no-decision to be made, and if any one of the non-deterministic behaviours is acceptable in the system -- if this is not the case it is really a case of too much abstraction in the specification. The other case for non-determinism is when we want to have an environment that we do not control (or build) -- in this case, a specification will not lead to implementation and issues of the quality of specification are pretty much moot.

Now for "completeness". The semantics of statecharts has some notions of "undefinedness", but this has more to do with the so-called "temporal paradoxes" introduced by the semantics -- some variants such as Stateflow do not have a logical paradox, but lead to a very complex situation where the language designers have thrown up their arms and swept the problem under the carpet by "disallowing" it. Coming back to the semantics, it is pretty much an execution semantics and the focus is in ensuring that as far as possible, there is a well-defined behaviour for all possible inputs. When the semantics itself tries hard to "complete" a specification, what hope is there for talking of "incompleteness" in the specification??????

Finally, what is all this talk of modelling "concurrency" in statecharts? All that statecharts provide is some syntactic sugar for "parallelism" (see also my rant about "parallelism" and decomposition above). This again only masks the complexity and does not help in analysing the complexity. If I really want to have a high-level model of concurrency and message passing, I would rather use something like Promela and the model-checking support provided by SPIN, which actually helps in analysing the concurrent behaviour.

All in all, Statecharts were proposed in the late 80s and they were a breakthrough in computer science in many ways. They were proposed by Harel who was (and is) one of the foremost minds in computer science. However, I feel that because they were proposed by such a towering figure, and because of the considerable tool support, there are not enough people challenging it and questioning its "marketed" utility. Two decades down the line, I think it is high time we seriously re-evaluated Statecharts from every respect.

Wednesday, April 22, 2009

Isomorphism vs. identity

I came across a very interesting post by Vaughan Pratt on the FOM mailing. The post contrasts the notions of identity and isomorphism. The distinction between these concepts was first forcefully brought into focus for me when studying category theory. All constructions in category theory are only characterised upto isomorphism. This emphasises that if different mathematical structures have the "same" properties, we really should not distinguish between them.

At the basic level, a category consists of objects and arrows (or even with just arrows), and identity is required only for arrows. Objects are only important upto isomorphism. A general guideline I follow for modelling some phenomenon witht categories is to try and map concepts to objects and arrows based on whether the concept requires identity or isomorphism. If identity does not seem to appear anywhere, then we need to consider using higher-order categories such as functor categories. However it is important to drill down all the levels of the categories and identify the concepts for which identity is important and model these concepts using arrows. Of course, this is easier said than done, and we need considerable practice in working out all the book-keeping and figuring out all the universal properties for all the categories involved, before we can start performing "magic" with "abstract nonsense".

Anyway, back to my original topic of Vaughan Pratt's post. Let me reproduce the post verbatim so that I do not lose the original trigger to my thoughts:
Date: Sat, 18 Apr 2009 17:14:51 -0700
From: Vaughan Pratt
Subject: [FOM] When is it appropriate to treat isomorphism as identity?
To: Foundations of Mathematics
Message-ID: <49ea6cfb.7090802@cs.stanford.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

My recent complaint that uniqueness is too often taken for granted when dealing with questions of existence brought to light the ease with which people identify isomorphism with identity: a number of people wrote to remind me that uniqueness is common in many mathematical contexts, e.g. the cyclic group of order 5, the least upper bound of two elements of a lattice, etc.

Operations of course enforce uniqueness by definition of "operation": the sum of two integers, the concatenation of two lists, the union of two sets, etc.  However in a good many of the examples, "the" was not enforced by some operation but instead only meant "up to isomorphism."

Sometimes it is necessary to treat isomorphism as identity, sometimes it is merely convenient, sometimes it is inconvenient, and sometimes it is inconsistent or paradoxical.  Here are examples of each.

====================

1.  Necessary

(a) Equivalence definitions of "lattice".  A lattice can be defined as a poset every pair of elements of which has a least upper bound and a greatest lower bound, or as an algebra with operations of meet and join satisfying the lattice laws (idempotence, commutativity, associativity, absorption).  A poset or partially ordered set is a set with a reflexive transitive antisymmetric binary relation.  The antisymmetry requirement, that (in essence) isomorphic elements are equal, is *necessary for these two definitions to be equivalent*.  The notions of least upper bound and greatest lower bound continue to be meaningful for preordered sets, those for which the relation is only required to be reflexive and transitive, but preordered sets with all binary lubs and glbs do not 
form a natural class of algebras.

(b) Birkhoff duality of finite posets and distributive lattices, as per David Eppstein's excellent article at 
http://en.wikipedia.org/wiki/Birkhoff's_representation_theorem#Functoriality 
.  The monotone functions from a finite poset P to the two-element chain, i.e. its order filters, form a finite distributive lattice P*, the filters (homomorphisms to the two-element lattice) of which recover P up to isomorphism.  No such duality obtains for preordered sets, making antisymmetry necessary for Birkhoff duality.  Actually there are two types of isomorphism entering here, the isomorphism of elements in a clique within a preordered set, and the isomorphism between P and the poset of lattice filters of P*; regarding the latter it is convenient to think of the two posets as the same, but set theoretically unsound, see 
below under "4. Inconsistent".

(c) Enumeration of structures.  Neil Sloane's Encyclopedia of Integer Sequences counts the number A_0, A_1, A_2, ..., A_n, ... of posets, distributive lattices, tournaments, and many other structures of a given size n.  This only makes sense for structures defined up to isomorphism, as otherwise every A_i would be a proper class.  (There is however a 
notion of labeled structure which permits enumeration by assuming in effect that the n elements are the numbers from 1 to n; with that convention there is one labeled set of each finite cardinality, but three labeled posets with two elements.)

2.  Convenient

We already mentioned the convenience of identifying P with the filters of P* above.  While it's not necessary to identify every countable dense linear order with the unit interval of rationals (open, half-open, or closed according to which endpoints exist), it can be convenient.  The 
same goes for a great many other structures, e.g. the free group on one generator as the group of integers, the initial ring as the ring of integers, etc.  Sometimes there is no canonical object, for example the Boolean algebra of finite and cofinite subsets of the set N of natural numbers under union, intersection, and complement relative to N is isomorphic to that of the ultimately constant binary sequences under coordinate-wise Boolean combination, with no clear advantage to either. 
  The same goes for the Boolean algebra of periodic binary sequences, which is isomorphic to the free Boolean algebra on N as well as to the (unique) countably infinite atomless Boolean algebra.

3.  Inconvenient.

The forgetful functor U: Pos --> Set producing the underlying set of each poset in the category Pos has a left adjoint F: Set --> Pos which maps each set X to the corresponding discrete poset.  Inconveniently, U has no right adjoint.  On the other hand the category Ord of preordered sets, which extends Pos, has a forgetful functor U+: Ord --> Set which conveniently has both a left and a right adjoint.  The left adjoint F+: Set --> Ord yields discrete preordered sets as for Pos, while the right adjoint G: Set --> Ord yields codiscrete preordered sets or cliques, which don't exist in Pos for posets with two or more elements.

4.  Inconsistent

The powers N, N^2, N^3, N^4 of the set N of natural numbers are all isomorphic.  Set theory promises that we can implement N^3 as either Nx(NxN) or (NxN)xN.  If we use the former then the three projections are p, pq, and q^2, if the latter then p^2, qp, and q.  This works fine as long as Nx(NxN) and (NxN)xN remain distinct (albeit isomorphic) sets. However if we identify NxN with N then according to set theory we must have p = p^2, pq = qp, and q^2 = q.  But then p, pq, and q are the only functions that can be formed from the two projections from NxN, making it impossible to obtain four distinct projections from N^4 no matter how realized using NxN.

To make things consistent we could disallow the implementation of N^3 as (NxN)xN, but then it would no longer be set theory as we know it, but some other theory of sets that we would have to work out afresh. Identifying isomorphic sets is inconsistent with set theory as 
standardly defined and used.

(This adapts to set theory a similar argument by John Isbell for monoidal categories, see Mac Lane, Categories for the Working Mathematician, near the end of VII-1.)

=====================

A benefit of mathematical logic is that it makes explicit principles of logic that we might otherwise consider inviolable, allowing us to consider the consequences of violating them by replacing them with competing rules, thereby contributing to the ongoing undermining of the efficacy of pure reason.

This raises the following question.  It is clear that arguments purporting to show either the existence or uniqueness of any given entity beg the question of the necessity of the rules used in those arguments.  That said, is the situation entirely symmetric between existence and uniqueness, or is there some reason to suppose that existence arguments might be supportable by rules having a more necessary character than those supporting uniqueness arguments?  To demonstrate such an asymmetry would not require absolutely necessary rules, only some generally accepted or at least plausible ranking of rules by perceived necessity.

Vaughan Pratt



Why am I here?

I am a computer science researcher by profession, software engineer by training, and mathematician by inclination. Over the years I have come across a number of writings that I feel have had a profound effect on me. But without any means to write down my feelings about them, the effect these writings have on me have waned over time and they quite often have been relegated to the infinte dust-bin of forgetfulness. Writing down my impressions on pieces of paper has not worked very well, as they are not conveniently accessed at later dates.

I have finally decied to try and blog my thoughts online so that I can go over the blog at a later date and try to recreate my feelings and re-live the highs I experienced originally. This is a very personal experience and I dont expect anyone to share these experiences with me. So if anyone comes across this blog and feels totally lost, I will not be surprised.

To set the tone of the blog, let me also tell you about two other blogs that I admire and follow:
  • John Baez's blog "This week's find in Mathematical Physics" comes at the top of my list. John Baez is an amazing writer and his exposition of complex mathematical concepts has been the biggest source of "highs" for me.
  • "Lambda the ultimate" is a very interesting weblog, and even though I am a lurker there, I follow it and use it as a good indication of the pulse of computer science.