Faithful Modeling of Product Lines with Kripke Structures and Modal Logic

Software product lines are now an established framework for software design. They are specified by special diagrams called feature models. For formal analysis, the latter are usually encoded by Boolean propositional theories. We discuss a major deficiency of this semantics, and show that it can be fixed by considering a product to be an instantiation process rather than its final result. We call intermediate states of this process partial products, and argue that what a feature model really defines is a poset of its partial products. We argue that such structures can be viewed as special Kripke structure that we call partial product Kripke structures, ppKS. To specify these Kripke structures, we propose a CTL-based logic, called partial product CTL, ppCTL. We show how to represent a feature model M by a ppCTL theory ML(M) (ML stands for modal logic) such that any ppKS satisfying the theory is equal to the partial product line determined by M. Hence, ML(M) can be considered a sound and complete representation of M. We also discuss several applications of the modal logic view in feature modeling, including refactoring of feature models

A domain equation for refinement of partial systems

Published versio

Distributed Relation Logic

We extend the relational algebra of Chin and Tarski so that it is multisorted or, as we prefer, typed. Each type supports a local Boolean algebra outfitted with a converse operator. From Lyndon, we know that relation algebras cannot be represented as proper relation algebras where a proper relation algebra has binary relations as elements and the algebra is singly-typed. Here, the intensional conjunction, which was to represent relational composition in Chin and Tarski, spans three different local algebras, thus the term distributed in the title. Since we do not rely on proper relation algebras, we are free to re-express the algebras as typed. In doing so, we allow many different intensional conjunction operators.We construct a typed logic over these algebras, also known as heterogeneous algebras of Birkhoff and Lipson. The logic can be seen as a form of relevance logic with a classical negation connective where the Routley-Meyer star operator is reified as a converse connective in the logic. Relevance logic itself is not typed but our work shows how it can be made so. Some of the properties of classical relevance logic are weakened from Routley-Meyer’s version which is too strong for a logic over relation algebras

The logic of public announcements, common knowledge, and private suspicions

This paper presents a logical system in which various group-level epistemic actions are incorporated into the object language. That is, we consider the standard modeling of knowledge among a set of agents by multi-modal Kripke structures. One might want to consider actions that take place, such as announcements to groups privately, announcements with suspicious outsiders, etc. In our system, such actions correspond to additional modalities in the object language. That is, we do not add machinery on top of models (as in Fagin et alia), but we reify aspects of the machinery in the logical language. Special cases of our logic have been considered in Plaza, Gerbrandy, and Gerbrandy and Groeneveld. The latter group of papers introduce a language in which one can faithfully represent all of the reasoning in examples such as the Muddy Children scenario. In that paper we find operators for updating worlds via announcements to groups of agents who are isolated from all others. We advance this by considering many more actions, and by using a more general semantics. Our logic contains the infinitary operators used in the standard modeling of common knowledge. We present a sound and complete logical system for the logic, and we study its expressive power

Zero-one laws with respect to models of provability logic and two Grzegorczyk logics

It has been shown in the late 1960s that each formula of first-order logic without constants and function symbols obeys a zero-one law: As the number of elements of finite models increases, every formula holds either in almost all or in almost no models of that size. Therefore, many properties of models, such as having an even number of elements, cannot be expressed in the language of first-order logic. Halpern and Kapron proved zero-one laws for classes of models corresponding to the modal logics K, T, S4, and S5 and for frames corresponding to S4 and S5. In this paper, we prove zero-one laws for provability logic and its two siblings Grzegorczyk logic and weak Grzegorczyk logic, with respect to model validity. Moreover, we axiomatize validity in almost all relevant finite models, leading to three different axiom systems

New Directions in Model Checking Dynamic Epistemic Logic

Dynamic Epistemic Logic (DEL) can model complex information scenarios in a way that appeals to logicians. However, its existing implementations are based on explicit model checking which can only deal with small models, so we do not know how DEL performs for larger and real-world problems. For temporal logics, in contrast, symbolic model checking has been developed and successfully applied, for example in protocol and hardware verification. Symbolic model checkers for temporal logics are very efficient and can deal with very large models. In this thesis we build a bridge: new faithful representations of DEL models as so-called knowledge and belief structures that allow for symbolic model checking. For complex epistemic and factual change we introduce transformers, a symbolic replacement for action models. Besides a detailed explanation of the theory, we present SMCDEL: a Haskell implementation of symbolic model checking for DEL using Binary Decision Diagrams. Our new methods can solve well-known benchmark problems in epistemic scenarios much faster than existing methods for DEL. We also compare its performance to to existing model checkers for temporal logics and show that DEL can compete with established frameworks. We zoom in on two specific variants of DEL for concrete applications. First, we introduce Public Inspection Logic, a new framework for the knowledge of variables and its dynamics. Second, we study the dynamic gossip problem and how it can be analyzed with epistemic logic. We show that existing gossip protocols can be improved, but that no perfect strengthening of "Learn New Secrets" exists