69 research outputs found
Alternatives vs. Outcomes: A Note on the Gibbard-Satterthwaite Theorem
The Gibbard-Satterthwaite theorem is a well-known theorem from the field of social choice theory. It states that every voting scheme with at least 3 possible outcomes is dictatorial or manipulable. Later work on the Gibbard-Satterthwaite theorem frequently does not distinguish between alternatives and outcomes, thereby leading to a
less general statement that requires the voting scheme to be onto. We show how the Gibbard-Satterthwaite theorem can be derived from the seemingly less general formulation
The Largest Respectful Function
Respectful functions were introduced by Sangiorgi as a compositional tool to
formulate short and clear bisimulation proofs. Usually, the larger the
respectful function, the easier the bisimulation proof. In particular the
largest respectful function, defined as the pointwise union of all respectful
functions, has been shown to be very useful. We here provide an explicit and
constructive characterization of it
On the Use of Underspecified Data-Type Semantics for Type Safety in Low-Level Code
In recent projects on operating-system verification, C and C++ data types are
often formalized using a semantics that does not fully specify the precise byte
encoding of objects. It is well-known that such an underspecified data-type
semantics can be used to detect certain kinds of type errors. In general,
however, underspecified data-type semantics are unsound: they assign
well-defined meaning to programs that have undefined behavior according to the
C and C++ language standards.
A precise characterization of the type-correctness properties that can be
enforced with underspecified data-type semantics is still missing. In this
paper, we identify strengths and weaknesses of underspecified data-type
semantics for ensuring type safety of low-level systems code. We prove
sufficient conditions to detect certain classes of type errors and, finally,
identify a trade-off between the complexity of underspecified data-type
semantics and their type-checking capabilities.Comment: In Proceedings SSV 2012, arXiv:1211.587
Alternatives vs. Outcomes: A Note on the Gibbard-Satterthwaite Theorem
The Gibbard-Satterthwaite theorem is a well-known theorem from the field of social choice theory. It states that every voting scheme with at least 3 possible outcomes is dictatorial or manipulable. Later work on the Gibbard-Satterthwaite theorem frequently does not distinguish between alternatives and outcomes, thereby leading to a
less general statement that requires the voting scheme to be onto. We show how the Gibbard-Satterthwaite theorem can be derived from the seemingly less general formulation
Mechanisation of Model-theoretic Conservative Extension for HOL with Ad-hoc Overloading
Definitions of new symbols merely abbreviate expressions in logical
frameworks, and no new facts (regarding previously defined symbols) should hold
because of a new definition. In Isabelle/HOL, definable symbols are types and
constants. The latter may be ad-hoc overloaded, i.e. have different definitions
for non-overlapping types. We prove that symbols that are independent of a new
definition may keep their interpretation in a model extension. This work
revises our earlier notion of model-theoretic conservative extension and
generalises an earlier model construction. We obtain consistency of theories of
definitions in higher-order logic (HOL) with ad-hoc overloading as a corollary.
Our results are mechanised in the HOL4 theorem prover.Comment: In Proceedings LFMTP 2020, arXiv:2101.0283
Mathematizing C++ concurrency
Shared-memory concurrency in C and C++ is pervasive in systems programming, but has long been poorly defined. This motivated an ongoing shared effort by the standards committees to specify concurrent behaviour in the next versions of both languages. They aim to provide strong guarantees for race-free programs, together with new (but subtle) relaxed-memory atomic primitives for high-performance concurrent code. However, the current draft standards, while the result of careful deliberation, are not yet clear and rigorous definitions, and harbour substantial problems in their details.
In this paper we establish a mathematical (yet readable) semantics for C++ concurrency. We aim to capture the intent of the current (`Final Committee') Draft as closely as possible, but discuss changes that fix many of its problems. We prove that a proposed x86 implementation of the concurrency primitives is correct with respect to the x86-TSO model, and describe our Cppmem tool for exploring the semantics of examples, using code generated from our Isabelle/HOL definitions.
Having already motivated changes to the draft standard, this work will aid discussion of any further changes, provide a correctness condition for compilers, and give a much-needed basis for analysis and verification of concurrent C and C++ programs
Modal Logics for Nominal Transition Systems
We define a uniform semantic substrate for a wide variety of process calculi where states and action labels can be from arbitrary nominal sets. A Hennessy-Milner logic for these systems is introduced, and proved adequate for bisimulation equivalence. A main novelty is the use of finitely supported infinite conjunctions. We show how to treat different bisimulation variants such as early, late and open in a systematic way, and make substantial comparisons with related work. The main definitions and theorems have been formalized in Nominal Isabelle
- …