67 research outputs found

    Alternatives vs. Outcomes: A Note on the Gibbard-Satterthwaite Theorem

    Get PDF
    The Gibbard-Satterthwaite theorem is a well-known theorem from the field of social choice theory. It states that every voting scheme with at least 3 possible outcomes is dictatorial or manipulable. Later work on the Gibbard-Satterthwaite theorem frequently does not distinguish between alternatives and outcomes, thereby leading to a less general statement that requires the voting scheme to be onto. We show how the Gibbard-Satterthwaite theorem can be derived from the seemingly less general formulation

    The Largest Respectful Function

    Full text link
    Respectful functions were introduced by Sangiorgi as a compositional tool to formulate short and clear bisimulation proofs. Usually, the larger the respectful function, the easier the bisimulation proof. In particular the largest respectful function, defined as the pointwise union of all respectful functions, has been shown to be very useful. We here provide an explicit and constructive characterization of it

    On the Use of Underspecified Data-Type Semantics for Type Safety in Low-Level Code

    Full text link
    In recent projects on operating-system verification, C and C++ data types are often formalized using a semantics that does not fully specify the precise byte encoding of objects. It is well-known that such an underspecified data-type semantics can be used to detect certain kinds of type errors. In general, however, underspecified data-type semantics are unsound: they assign well-defined meaning to programs that have undefined behavior according to the C and C++ language standards. A precise characterization of the type-correctness properties that can be enforced with underspecified data-type semantics is still missing. In this paper, we identify strengths and weaknesses of underspecified data-type semantics for ensuring type safety of low-level systems code. We prove sufficient conditions to detect certain classes of type errors and, finally, identify a trade-off between the complexity of underspecified data-type semantics and their type-checking capabilities.Comment: In Proceedings SSV 2012, arXiv:1211.587

    Psi-calculi in Isabelle

    Get PDF

    Alternatives vs. Outcomes: A Note on the Gibbard-Satterthwaite Theorem

    Get PDF
    The Gibbard-Satterthwaite theorem is a well-known theorem from the field of social choice theory. It states that every voting scheme with at least 3 possible outcomes is dictatorial or manipulable. Later work on the Gibbard-Satterthwaite theorem frequently does not distinguish between alternatives and outcomes, thereby leading to a less general statement that requires the voting scheme to be onto. We show how the Gibbard-Satterthwaite theorem can be derived from the seemingly less general formulation

    Mechanisation of Model-theoretic Conservative Extension for HOL with Ad-hoc Overloading

    Full text link
    Definitions of new symbols merely abbreviate expressions in logical frameworks, and no new facts (regarding previously defined symbols) should hold because of a new definition. In Isabelle/HOL, definable symbols are types and constants. The latter may be ad-hoc overloaded, i.e. have different definitions for non-overlapping types. We prove that symbols that are independent of a new definition may keep their interpretation in a model extension. This work revises our earlier notion of model-theoretic conservative extension and generalises an earlier model construction. We obtain consistency of theories of definitions in higher-order logic (HOL) with ad-hoc overloading as a corollary. Our results are mechanised in the HOL4 theorem prover.Comment: In Proceedings LFMTP 2020, arXiv:2101.0283

    The Largest Respectful Function

    Full text link

    Mathematizing C++ concurrency

    Get PDF
    Shared-memory concurrency in C and C++ is pervasive in systems programming, but has long been poorly defined. This motivated an ongoing shared effort by the standards committees to specify concurrent behaviour in the next versions of both languages. They aim to provide strong guarantees for race-free programs, together with new (but subtle) relaxed-memory atomic primitives for high-performance concurrent code. However, the current draft standards, while the result of careful deliberation, are not yet clear and rigorous definitions, and harbour substantial problems in their details. In this paper we establish a mathematical (yet readable) semantics for C++ concurrency. We aim to capture the intent of the current (`Final Committee') Draft as closely as possible, but discuss changes that fix many of its problems. We prove that a proposed x86 implementation of the concurrency primitives is correct with respect to the x86-TSO model, and describe our Cppmem tool for exploring the semantics of examples, using code generated from our Isabelle/HOL definitions. Having already motivated changes to the draft standard, this work will aid discussion of any further changes, provide a correctness condition for compilers, and give a much-needed basis for analysis and verification of concurrent C and C++ programs

    Modal Logics for Nominal Transition Systems

    Get PDF
    We define a uniform semantic substrate for a wide variety of process calculi where states and action labels can be from arbitrary nominal sets. A Hennessy-Milner logic for these systems is introduced, and proved adequate for bisimulation equivalence. A main novelty is the use of finitely supported infinite conjunctions. We show how to treat different bisimulation variants such as early, late and open in a systematic way, and make substantial comparisons with related work. The main definitions and theorems have been formalized in Nominal Isabelle
    • …
    corecore