3,464 research outputs found
Recursive Program Optimization Through Inductive Synthesis Proof Transformation
The research described in this paper involved developing transformation techniques which increase the efficiency of the noriginal program, the source, by transforming its synthesis proof into one, the target, which yields a computationally more efficient algorithm. We describe a working proof transformation system which, by exploiting the duality between mathematical induction and recursion, employs the novel strategy of optimizing recursive programs by transforming inductive proofs. We compare and contrast this approach with the more traditional approaches to program transformation, and highlight the benefits of proof transformation with regards to search, correctness, automatability and generality
Correct and Efficient Antichain Algorithms for Refinement Checking
The notion of refinement plays an important role in software engineering. It
is the basis of a stepwise development methodology in which the correctness of
a system can be established by proving, or computing, that a system refines its
specification. Wang et al. describe algorithms based on antichains for
efficiently deciding trace refinement, stable failures refinement and
failures-divergences refinement. We identify several issues pertaining to the
soundness and performance in these algorithms and propose new, correct,
antichain-based algorithms. Using a number of experiments we show that our
algorithms outperform the original ones in terms of running time and memory
usage. Furthermore, we show that additional run time improvements can be
obtained by applying divergence-preserving branching bisimulation minimisation
Globally reasoning about localised security policies in distributed systems
In this report, we aim at establishing proper ways for model checking the
global security of distributed systems, which are designed consisting of set of
localised security policies that enforce specific issues about the security
expected.
The systems are formally specified following a syntax, defined in detail in
this report, and their behaviour is clearly established by the Semantics, also
defined in detail in this report. The systems include the formal attachment of
security policies into their locations, whose intended interactions are trapped
by the policies, aiming at taking access control decisions of the system, and
the Semantics also takes care of this.
Using the Semantics, a Labelled Transition System (LTS) can be induced for
every particular system, and over this LTS some model checking tasks could be
done. We identify how this LTS is indeed obtained, and propose an alternative
way of model checking the not-yet-induced LTS, by using the system design
directly. This may lead to over-approximation thereby producing imprecise,
though safe, results. We restrict ourselves to finite systems, in the sake of
being certain about the decidability of the proposed method.
To illustrate the usefulness and validity of our proposal, we present 2 small
case-study-like examples, where we show how the system can be specified, which
policies could be added to it, and how to decide if the desired global security
property is met.
Finally, an Appendix is given for digging deeply into how a tool for
automatically performing this task is being built, including some
implementation issues. The tool takes advantage of the proposed method, and
given some system and some desired global security property, it safely (i.e.
without false positives) ensures satisfaction of it
Tableaux for Policy Synthesis for MDPs with PCTL* Constraints
Markov decision processes (MDPs) are the standard formalism for modelling
sequential decision making in stochastic environments. Policy synthesis
addresses the problem of how to control or limit the decisions an agent makes
so that a given specification is met. In this paper we consider PCTL*, the
probabilistic counterpart of CTL*, as the specification language. Because in
general the policy synthesis problem for PCTL* is undecidable, we restrict to
policies whose execution history memory is finitely bounded a priori.
Surprisingly, no algorithm for policy synthesis for this natural and
expressive framework has been developed so far. We close this gap and describe
a tableau-based algorithm that, given an MDP and a PCTL* specification, derives
in a non-deterministic way a system of (possibly nonlinear) equalities and
inequalities. The solutions of this system, if any, describe the desired
(stochastic) policies.
Our main result in this paper is the correctness of our method, i.e.,
soundness, completeness and termination.Comment: This is a long version of a conference paper published at TABLEAUX
2017. It contains proofs of the main results and fixes a bug. See the
footnote on page 1 for detail
A theory of normed simulations
In existing simulation proof techniques, a single step in a lower-level
specification may be simulated by an extended execution fragment in a
higher-level one. As a result, it is cumbersome to mechanize these techniques
using general purpose theorem provers. Moreover, it is undecidable whether a
given relation is a simulation, even if tautology checking is decidable for the
underlying specification logic. This paper introduces various types of normed
simulations. In a normed simulation, each step in a lower-level specification
can be simulated by at most one step in the higher-level one, for any related
pair of states. In earlier work we demonstrated that normed simulations are
quite useful as a vehicle for the formalization of refinement proofs via
theorem provers. Here we show that normed simulations also have pleasant
theoretical properties: (1) under some reasonable assumptions, it is decidable
whether a given relation is a normed forward simulation, provided tautology
checking is decidable for the underlying logic; (2) at the semantic level,
normed forward and backward simulations together form a complete proof method
for establishing behavior inclusion, provided that the higher-level
specification has finite invisible nondeterminism.Comment: 31 pages, 10figure
Automated Generation of User Guidance by Combining Computation and Deduction
Herewith, a fairly old concept is published for the first time and named
"Lucas Interpretation". This has been implemented in a prototype, which has
been proved useful in educational practice and has gained academic relevance
with an emerging generation of educational mathematics assistants (EMA) based
on Computer Theorem Proving (CTP).
Automated Theorem Proving (ATP), i.e. deduction, is the most reliable
technology used to check user input. However ATP is inherently weak in
automatically generating solutions for arbitrary problems in applied
mathematics. This weakness is crucial for EMAs: when ATP checks user input as
incorrect and the learner gets stuck then the system should be able to suggest
possible next steps.
The key idea of Lucas Interpretation is to compute the steps of a calculation
following a program written in a novel CTP-based programming language, i.e.
computation provides the next steps. User guidance is generated by combining
deduction and computation: the latter is performed by a specific language
interpreter, which works like a debugger and hands over control to the learner
at breakpoints, i.e. tactics generating the steps of calculation. The
interpreter also builds up logical contexts providing ATP with the data
required for checking user input, thus combining computation and deduction.
The paper describes the concepts underlying Lucas Interpretation so that open
questions can adequately be addressed, and prerequisites for further work are
provided.Comment: In Proceedings THedu'11, arXiv:1202.453
The Modal Logic of Stepwise Removal
We investigate the modal logic of stepwise removal of objects, both for its
intrinsic interest as a logic of quantification without replacement, and as a
pilot study to better understand the complexity jumps between dynamic epistemic
logics of model transformations and logics of freely chosen graph changes that
get registered in a growing memory. After introducing this logic
() and its corresponding removal modality, we analyze its
expressive power and prove a bisimulation characterization theorem. We then
provide a complete Hilbert-style axiomatization for the logic of stepwise
removal in a hybrid language enriched with nominals and public announcement
operators. Next, we show that model-checking for is
PSPACE-complete, while its satisfiability problem is undecidable. Lastly, we
consider an issue of fine-structure: the expressive power gained by adding the
stepwise removal modality to fragments of first-order logic
- ā¦