A Theory AB Toolbox

Randomized algorithms are a staple of the theoretical computer science literature. By careful use of randomness, algorithms can achieve properties that are simply not possible with deterministic algorithms. Today, these properties are proved on paper, by theoretical computer scientists; we investigate formally verifying these proofs. The main challenges are two: proofs about algorithms can be quite complex, using various facts from probability theory; and proofs are highly customized - two proofs of the same property for two algorithms can be completely different. To overcome these challenges, we propose taking inspiration from paper proofs, by building common tools - abstractions, reasoning principles, perhaps even notations - into a formal verification toolbox. To give an idea of our approach, we consider three common patterns in paper proofs: the union bound, concentration bounds, and martingale arguments

Parameterized abstractions used for proof-planning

In order to cope with large case studies arising from the application of formal methods in an industrial setting, this paper presents new techniques to support hierarchical proof planning. Following the paradigm of difference reduction, proofs are obtained by removing syntactical differences between parts of the formula to be proven step by step. To guide this manipulation we introduce dynamic abstractions of terms. These abstractions are parameterized by the individual goals of the manipulation and are especially designed to ease the proof search based on heuristics. The hierarchical approach and thus the decomposition of the original goal into several subgoals enables the use of different abstractions or different parameters of an abstraction within the proof search. In this paper we will present one of these dynamic abstractions together with heuristics to guide the proof search in the abstract space

Language and Proofs for Higher-Order SMT (Work in Progress)

Satisfiability modulo theories (SMT) solvers have throughout the years been able to cope with increasingly expressive formulas, from ground logics to full first-order logic modulo theories. Nevertheless, higher-order logic within SMT is still little explored. One main goal of the Matryoshka project, which started in March 2017, is to extend the reasoning capabilities of SMT solvers and other automatic provers beyond first-order logic. In this preliminary report, we report on an extension of the SMT-LIB language, the standard input format of SMT solvers, to handle higher-order constructs. We also discuss how to augment the proof format of the SMT solver veriT to accommodate these new constructs and the solving techniques they require.Comment: In Proceedings PxTP 2017, arXiv:1712.0089

Building Abstractions

The use of abstraction has been largely informal. As a consequence, it has often been difficult to see how or why a particular abstraction works. This paper attempts to help correct this trend by presenting a formal theory of abstraction. We use this theory to characterise the different types of abstraction that can be built; the different classes of abstractions we identify capture the majority of abstractions of which we are aware. We end by proposing a method for automatically building one very common type of abstraction, that used in Abstrips; our proposal is motivated by consideration of the various formal properties that such a method should possess

QRAT+: Generalizing QRAT by a More Powerful QBF Redundancy Property

The QRAT (quantified resolution asymmetric tautology) proof system simulates virtually all inference rules applied in state of the art quantified Boolean formula (QBF) reasoning tools. It consists of rules to rewrite a QBF by adding and deleting clauses and universal literals that have a certain redundancy property. To check for this redundancy property in QRAT, propositional unit propagation (UP) is applied to the quantifier free, i.e., propositional part of the QBF. We generalize the redundancy property in the QRAT system by QBF specific UP (QUP). QUP extends UP by the universal reduction operation to eliminate universal literals from clauses. We apply QUP to an abstraction of the QBF where certain universal quantifiers are converted into existential ones. This way, we obtain a generalization of QRAT we call QRAT+. The redundancy property in QRAT+ based on QUP is more powerful than the one in QRAT based on UP. We report on proof theoretical improvements and experimental results to illustrate the benefits of QRAT+ for QBF preprocessing.Comment: preprint of a paper to be published at IJCAR 2018, LNCS, Springer, including appendi

Symbolic Abstractions for Quantum Protocol Verification

Quantum protocols such as the BB84 Quantum Key Distribution protocol exchange qubits to achieve information-theoretic security guarantees. Many variants thereof were proposed, some of them being already deployed. Existing security proofs in that field are mostly tedious, error-prone pen-and-paper proofs of the core protocol only that rarely account for other crucial components such as authentication. This calls for formal and automated verification techniques that exhaustively explore all possible intruder behaviors and that scale well. The symbolic approach offers rigorous, mathematical frameworks and automated tools to analyze security protocols. Based on well-designed abstractions, it has allowed for large-scale formal analyses of real-life protocols such as TLS 1.3 and mobile telephony protocols. Hence a natural question is: Can we use this successful line of work to analyze quantum protocols? This paper proposes a first positive answer and motivates further research on this unexplored path

Hidden assumptions in the derivation of the Theorem of Bell

John Bell's inequalities have already been considered by Boole in 1862. Boole established a one-to-one correspondence between experimental outcomes and mathematical abstractions of his probability theory. His abstractions are two-valued functions that permit the logical operations AND, OR and NOT and are the elements of an algebra. Violation of the inequalities indicated to Boole an inconsistency of definition of the abstractions and/or the necessity to revise the algebra. It is demonstrated in this paper, that a violation of Bell's inequality by Einstein-Podolsky-Rosen type of experiments can be explained by Boole's ideas. Violations of Bell's inequality also call for a revision of the mathematical abstractions and corresponding algebra. It will be shown that this particular view of Bell's inequalities points toward an incompleteness of quantum mechanics, rather than to any superluminal propagation or influences at a distance