312 research outputs found

    LIPIcs, Volume 261, ICALP 2023, Complete Volume

    Get PDF
    LIPIcs, Volume 261, ICALP 2023, Complete Volum

    Proof Systems for the Modal ÎĽ\mu-Calculus Obtained by Determinizing Automata

    Full text link
    Automata operating on infinite objects feature prominently in the theory of the modal ÎĽ\mu-calculus. One such application concerns the tableau games introduced by Niwi\'{n}ski & Walukiewicz, of which the winning condition for infinite plays can be naturally checked by a nondeterministic parity stream automaton. Inspired by work of Jungteerapanich and Stirling we show how determinization constructions of this automaton may be used to directly obtain proof systems for the ÎĽ\mu-calculus. More concretely, we introduce a binary tree construction for determinizing nondeterministic parity stream automata. Using this construction we define the annotated cyclic proof system BT\mathsf{BT}, where formulas are annotated by tuples of binary strings. Soundness and Completeness of this system follow almost immediately from the correctness of the determinization method

    Logics of Responsibility

    Get PDF
    The study of responsibility is a complicated matter. The term is used in different ways in different fields, and it is easy to engage in everyday discussions as to why someone should be considered responsible for something. Typically, the backdrop of these discussions involves social, legal, moral, or philosophical problems. A clear pattern in all these spheres is the intent of issuing standards for when---and to what extent---an agent should be held responsible for a state of affairs. This is where Logic lends a hand. The development of expressive logics---to reason about agents' decisions in situations with moral consequences---involves devising unequivocal representations of components of behavior that are highly relevant to systematic responsibility attribution and to systematic blame-or-praise assignment. To put it plainly, expressive syntactic-and-semantic frameworks help us analyze responsibility-related problems in a methodical way. This thesis builds a formal theory of responsibility. The main tool used toward this aim is modal logic and, more specifically, a class of modal logics of action known as stit theory. The underlying motivation is to provide theoretical foundations for using symbolic techniques in the construction of ethical AI. Thus, this work means a contribution to formal philosophy and symbolic AI. The thesis's methodology consists in the development of stit-theoretic models and languages to explore the interplay between the following components of responsibility: agency, knowledge, beliefs, intentions, and obligations. Said models are integrated into a framework that is rich enough to provide logic-based characterizations for three categories of responsibility: causal, informational, and motivational responsibility. The thesis is structured as follows. Chapter 2 discusses at length stit theory, a logic that formalizes the notion of agency in the world over an indeterministic conception of time known as branching time. The idea is that agents act by constraining possible futures to definite subsets. On the road to formalizing informational responsibility, Chapter 3 extends stit theory with traditional epistemic notions (knowledge and belief). Thus, the chapter formalizes important aspects of agents' reasoning in the choice and performance of actions. In a context of responsibility attribution and excusability, Chapter 4 extends epistemic stit theory with measures of optimality of actions that underlie obligations. In essence, this chapter formalizes the interplay between agents' knowledge and what they ought to do. On the road to formalizing motivational responsibility, Chapter 5 adds intentions and intentional actions to epistemic stit theory and reasons about the interplay between knowledge and intentionality. Finally, Chapter 6 merges the previous chapters' formalisms into a rich logic that is able to express and model different modes of the aforementioned categories of responsibility. Technically, the most important contributions of this thesis lie in the axiomatizations of all the introduced logics. In particular, the proofs of soundness & completeness results involve long, step-by-step procedures that make use of novel techniques

    Compositional Semantics of Finite Petri Nets

    Full text link
    Structure-preserving bisimilarity is a truly concurrent behavioral equivalence for finite Petri nets, which relates markings (of the same size only) generating the same causal nets, hence also the same partial orders of events. The process algebra FNM truly represents all (and only) the finite Petri nets, up to isomorphism. We prove that structure-preserving bisimilarity is a congruence w.r.t. the FMN operators, In this way, we have defined a compositional semantics, fully respecting causality and the branching structure of systems, for the class of all the finite Petri nets. Moreover, we study some algebraic properties of structure-preserving bisimilarity, that are at the base of a sound (but incomplete) axiomatization over FNM process terms.Comment: arXiv admin note: substantial text overlap with arXiv:2301.0448

    Lessons from Formally Verified Deployed Software Systems (Extended version)

    Full text link
    The technology of formal software verification has made spectacular advances, but how much does it actually benefit the development of practical software? Considerable disagreement remains about the practicality of building systems with mechanically-checked proofs of correctness. Is this prospect confined to a few expensive, life-critical projects, or can the idea be applied to a wide segment of the software industry? To help answer this question, the present survey examines a range of projects, in various application areas, that have produced formally verified systems and deployed them for actual use. It considers the technologies used, the form of verification applied, the results obtained, and the lessons that can be drawn for the software industry at large and its ability to benefit from formal verification techniques and tools. Note: a short version of this paper is also available, covering in detail only a subset of the considered systems. The present version is intended for full reference.Comment: arXiv admin note: text overlap with arXiv:1211.6186 by other author

    Computing Minimal Distinguishing Hennessy-Milner Formulas is NP-Hard, but Variants are Tractable

    Get PDF
    We study the problem of computing minimal distinguishing formulas for non-bisimilar states in finite LTSs. We show that this is NP-hard if the size of the formula must be minimal. Similarly, the existence of a short distinguishing trace is NP-complete. However, we can provide polynomial algorithms, if minimality is formulated as the minimal number of nested modalities, and it can even be extended by recursively requiring a minimal number of nested negations. A prototype implementation shows that the generated formulas are much smaller than those generated by the method introduced by Cleaveland

    Logical Relations for Session-Typed Concurrency

    Full text link
    Program equivalence is the fulcrum for reasoning about and proving properties of programs. For noninterference, for example, program equivalence up to the secrecy level of an observer is shown. A powerful enabler for such proofs are logical relations. Logical relations only recently were adopted for session types -- but exclusively for terminating languages. This paper scales logical relations to general recursive session types. It develops a logical relation for progress-sensitive noninterference (PSNI) for intuitionistic linear logic session types (ILLST), tackling the challenges non-termination and concurrency pose, and shows that logical equivalence is sound and complete with regard to closure of weak bisimilarity under parallel composition, using a biorthogonality argument. A distinguishing feature of the logical relation is its stratification with an observation index (as opposed to a step or unfolding index), a crucial shift to make the logical relation closed under parallel composition in a concurrent setting. To demonstrate practicality of the logical relation, the paper develops an information flow control (IFC) refinement type system for ILLST, with support of secrecy-polymorphic processes, and shows that well-typed programs are self-related by the logical relation and thus enjoy PSNI. The refinement type system has been implemented in a type checker, featuring local security theories to support secrecy-polymorphic processes.Comment: arXiv admin note: text overlap with arXiv:2208.1374

    LIPIcs, Volume 274, ESA 2023, Complete Volume

    Get PDF
    LIPIcs, Volume 274, ESA 2023, Complete Volum

    Analysis of Smartcard-based Payment Protocols in the Applied Pi-calculus using Quasi-Open Bisimilarity

    Get PDF
    Cryptographic protocols are instructions explaining how the communication be- tween agents should be done. Critical infrastructure sectors, such as communication networks, financial services, information technology, transportation, etc., use security protocols at their very core to establish the information exchange between the components of the system. Symbolic verification is a discipline that investigates whether a given protocol satisfies the initial requirements and delivers exactly what it intends to deliver. An immediate goal of symbolic verification is to improve the reliability of existing systems – if a protocol is vulnerable, actions must be taken asap before a malicious attacker exploits it; a far-reaching goal is to improve the system design practices – when creating a new protocol, it must be proven correct before the implementation. Properties of cryptographic protocols roughly fall into two categories. Either reachability-based, i.e. that a system can or cannot reach a state satisfying some condition, or equivalence-based, i.e. that a system is indistinguishable from its idealised version, where the desired property trivially holds. Security properties are often formulated as a reachability problem and privacy properties as an equivalence problem. While the study of security properties is relatively settled, and powerful tools like Tamarin and ProVerif, where it is possible to check reachability queries, exist, the study of privacy properties expressed as equivalence only starts gaining momentum. Tools like DeepSec, Akiss, and, again, ProVerif offer only limited support when it comes to indistinguishability. This is partially due to the question of “What is an attacker capable of?” is not answered definitively in the second case. The widely-accepted default attacker, when it comes to security, is the so-called Dolev-Yao attacker, which has full control of the communication network; however, there is no default attacker who attempts to break the privacy of a protocol. The capabilities of such an attacker are reflected in the equivalence relation used to define a privacy property; hence the choice of such relation is crucial. This dissertation justifies a particular equivalence relation called quasi-open bisimilarity which satisfies several natural requirements. It has sound and complete modal logic characterisation, meaning that any attack on privacy has a practical interpretation; it enables compositional reasoning, meaning that if a privacy property of a system automatically extends to a bigger system having the initial one as a component, and, it captures the capability of an attacker to make decisions dynamically during the execution of the protocol. We not only explain the notion of quasi-open bisimilarity, but we also employ it to study real-world protocols. The first protocol, UBDH, is an authenticated key agreement suitable for card payments, and the second protocol, UTX, is a smartcard-based payment protocol. Using quasi-open bisimilarity, we define the target privacy property of unlinkability, namely that it is impossible to link protocol sessions made with the same card and prove that it holds for UBDH and UTX. The proofs that UBDH and UTX satisfy their privacy requirements to our knowledge are the first ones that demonstrate that a privacy property of a security protocol, defined as bisimilarity equivalence, is satisfied for an unbounded number of protocol sessions. Moreover, these proofs illustrate the methodology that could be employed to study the privacy of other protocols

    Proof-theoretic Semantics for Intuitionistic Multiplicative Linear Logic

    Get PDF
    This work is the first exploration of proof-theoretic semantics for a substructural logic. It focuses on the base-extension semantics (B-eS) for intuitionistic multiplicative linear logic (IMLL). The starting point is a review of Sandqvist’s B-eS for intuitionistic propositional logic (IPL), for which we propose an alternative treatment of conjunction that takes the form of the generalized elimination rule for the connective. The resulting semantics is shown to be sound and complete. This motivates our main contribution, a B-eS for IMLL , in which the definitions of the logical constants all take the form of their elimination rule and for which soundness and completeness are established
    • …
    corecore