Model checking infinite-state systems: generic and specific approaches

Model checking is a fully-automatic formal verification method that has been extremely successful in validating and verifying safety-critical systems in the past three decades. In the past fifteen years, there has been a lot of work in extending many model checking algorithms over finite-state systems to finitely representable infinitestate systems. Unlike in the case of finite systems, decidability can easily become a problem in the case of infinite-state model checking. In this thesis, we present generic and specific techniques that can be used to derive decidability with near-optimal computational complexity for various model checking problems over infinite-state systems. Generic techniques and specific techniques primarily differ in the way in which a decidability result is derived. Generic techniques is a “top-down” approach wherein we start with a Turing-powerful formalismfor infinitestate systems (in the sense of being able to generate the computation graphs of Turing machines up to isomorphisms), and then impose semantic restrictions whereby the desired model checking problem becomes decidable. In other words, to show that a subclass of the infinite-state systems that is generated by this formalism is decidable with respect to the model checking problem under consideration, we will simply have to prove that this subclass satisfies the semantic restriction. On the other hand, specific techniques is a “bottom-up” approach in the sense that we restrict to a non-Turing powerful formalism of infinite-state systems at the outset. The main benefit of generic techniques is that they can be used as algorithmic metatheorems, i.e., they can give unified proofs of decidability of various model checking problems over infinite-state systems. Specific techniques are more flexible in the sense they can be used to derive decidability or optimal complexity when generic techniques fail. In the first part of the thesis, we adopt word/tree automatic transition systems as a generic formalism of infinite-state systems. Such formalisms can be used to generate many interesting classes of infinite-state systems that have been considered in the literature, e.g., the computation graphs of counter systems, Turing machines, pushdown systems, prefix-recognizable systems, regular ground-tree rewrite systems, PAprocesses, order-2 collapsible pushdown systems. Although the generality of these formalisms make most interesting model checking problems (even safety) undecidable, they are known to have nice closure and algorithmic properties. We use these nice properties to obtain several algorithmic metatheorems over word/tree automatic systems, e.g., for deriving decidability of various model checking problems including recurrent reachability, and Linear Temporal Logic (LTL) with complex fairness constraints. These algorithmic metatheorems can be used to uniformly prove decidability with optimal (or near-optimal) complexity of various model checking problems over many classes of infinite-state systems that have been considered in the literature. In fact, many of these decidability/complexity results were not previously known in the literature. In the second part of the thesis, we study various model checking problems over subclasses of counter systems that were already known to be decidable. In particular, we consider reversal-bounded counter systems (and their extensions with discrete clocks), one-counter processes, and networks of one-counter processes. We shall derive optimal complexity of various model checking problems including: model checking LTL, EF-logic, and first-order logic with reachability relations (and restrictions thereof). In most cases, we obtain a single/double exponential reduction in the previously known upper bounds on the complexity of the problems

Exploring linear size-change terminating programs

Ph.DDOCTOR OF PHILOSOPH

Formal methods in the theories of rings and domains

In recent years, Hilbert's Programme has been resumed within the framework of constructive mathematics. This undertaking has already shown its feasability for a considerable part of commutative algebra. In particular, point-free methods have been playing a primary role, emerging as the appropriate language for expressing the interplay between real and ideal in mathematics. This dissertation is written within this tradition and has Sambin's notion of formal topology at its core. We start by developing general tools, in order to make this notion more immediate for algebraic application. We revise the Zariski spectrum as an inductively generated basic topology, and we analyse the constructive status of the corresponding principles of spatiality and reducibility. Through a series of examples, we show how the principle of spatiality is recurrent in the mathematical practice. The tools developed before are applied to specific problems in constructive algebra. In particular, we find an elementary characterization of the notion of codimension for ideals of a commutative ring, by means of which a constructive version of Krull's principal ideal theorem can be stated and proved. We prove a formal version of the projective Eisenbud-Evans-Storch theorem. Finally, guided by the algebraic intuition, we present an application in constructive domain theory, by proving a finite version of Kleene-Kreisel density theorem for non-flat information systems.In den vergangenen Jahren wurde das Hilbertsche Programm im Rahmen der konstruktiven Mathematik wiederaufgenommen. Diese Unternehmung hat sich vor allem in der kommutativen Algebra als praktikabel erwiesen. Insbesondere spielen punktfreie Methoden eine wesentliche Rolle: sie haben sich als die angemessene Sprache herausgestellt, um das Zwischenspiel von "real'" und "ideal" in der Mathematik auszudrücken. Die vorliegende Dissertation steht in dieser Tradition; zentral ist Sambins Begriff der formalen Topologie. Zunächst entwickeln wir ein allgemeines Instrumentarium, das geeignet ist, diesen Begriff seinen algebraischen Anwendungen näherzubringen. Sodann arbeiten wir das Zariski-Spektrum in eine induktiv erzeugte "basic topology" um und analysieren den konstruktiven Status der einschlägigen Varianten von Spatialität und Reduzibilität. Durch Angabe einer Reihe von Instanzen zeigen wir, wie häufig das Prinzip der Spatialität in der mathematischen Praxis vorkommt. Die eigens entwickelten Werkzeuge werden schließlich auf spezifische Probleme aus der konstruktiven Algebra angewandt. Insbesondere geben wir eine elementare Charakterisierung der Kodimension eines Ideals in einem kommutativen Ring an, mit der eine konstruktive Fassung des Krullschen Hauptidealsatzes formuliert und bewiesen werden kann. Ferner beweisen wir eine formale Fassung des Satzes von Eisenbud-Evans-Storch im projektiven Fall. Geleitet von der algebraischen Intuition stellen wir zuletzt eine Anwendung in der konstruktiven Bereichstheorie vor, indem wir eine finite Variante des Dichtheitssatzes von Kleene und Kreisel für nicht-flache Informationssysteme beweisen

On the complexity of verifying differential privacy

This thesis contributes to the understanding of the computational complexity of verifying differential privacy. The problem is considered in two constrained, but expressive, models; namely labelled Markov chains and randomised circuits. In the setting of labelled Markov chains (LMC) it is shown that most relevant decision problems are undecidable when considered directly and exactly. Given an LMC, and an ε, consider the problem of finding the least value of δ such that the chain is (ε, δ)-differentially private. Finding this value of δ can be expressed as a variant of the total variation distance. Whilst finding the exact value is not possible, it can be approximated, with a complexity between #P and PSPACE. Instead, bisimilarity distances are studied as over-estimate of δ, which can be computed in polynomial time assuming access to an NP oracle and a slightly weaker distance can be computed in polynomial time. One may also wish to estimate the minimal value of ε such that the LMC is ε-differentially private. The question of whether such an ε even exists is studied through the big-O problem. That is, does there exist a constant C such that the probability of each word in one system is at most C times the probability in the other machine. However in general this problem is undecidable but can be decided on unary chains (and is coNP-complete). On chains with bounded language (that is, when there exists w_1,…..,w_m in Σ such that all words are of the form w_1^*…w_m^*) the problem is decidable subject to Schanuel’s conjecture by invoking the first order theory of the reals with exponential function. The minimal such constant C corresponds exactly to exp(ε) and approximating this value is not possible, even when the value is known to exist. A bisimilarity distance to over-estimate exp(ε) can be computed in PSPACE. In the setting of randomised circuits, the complexity of verifying pure differential privacy is fully captured as coNP^#P-complete; formalising the intuition that differential privacy is universal quantification followed by a condition on probabilities. However verifying approximate differential privacy is between coNP^#P and coNP^#P^#P, and coNP^#P-complete when the number of output bits is small (poly-logarithmic) relative to the total size of the circuit. Further, each parameter cannot be approximated given the other in polynomial time (assuming P not equal to NP)

Principles of Security and Trust

This open access book constitutes the proceedings of the 8th International Conference on Principles of Security and Trust, POST 2019, which took place in Prague, Czech Republic, in April 2019, held as part of the European Joint Conference on Theory and Practice of Software, ETAPS 2019. The 10 papers presented in this volume were carefully reviewed and selected from 27 submissions. They deal with theoretical and foundational aspects of security and trust, including on new theoretical results, practical applications of existing foundational ideas, and innovative approaches stimulated by pressing practical problems

Automated Deduction – CADE 28

This open access book constitutes the proceeding of the 28th International Conference on Automated Deduction, CADE 28, held virtually in July 2021. The 29 full papers and 7 system descriptions presented together with 2 invited papers were carefully reviewed and selected from 76 submissions. CADE is the major forum for the presentation of research in all aspects of automated deduction, including foundations, applications, implementations, and practical experience. The papers are organized in the following topics: Logical foundations; theory and principles; implementation and application; ATP and AI; and system descriptions

Computer Aided Verification

This open access two-volume set LNCS 13371 and 13372 constitutes the refereed proceedings of the 34rd International Conference on Computer Aided Verification, CAV 2022, which was held in Haifa, Israel, in August 2022. The 40 full papers presented together with 9 tool papers and 2 case studies were carefully reviewed and selected from 209 submissions. The papers were organized in the following topical sections: Part I: Invited papers; formal methods for probabilistic programs; formal methods for neural networks; software Verification and model checking; hyperproperties and security; formal methods for hardware, cyber-physical, and hybrid systems. Part II: Probabilistic techniques; automata and logic; deductive verification and decision procedures; machine learning; synthesis and concurrency. This is an open access book