367 research outputs found
LIPIcs, Volume 251, ITCS 2023, Complete Volume
LIPIcs, Volume 251, ITCS 2023, Complete Volum
An Infinite Needle in a Finite Haystack: Finding Infinite Counter-Models in Deductive Verification
First-order logic, and quantifiers in particular, are widely used in
deductive verification. Quantifiers are essential for describing systems with
unbounded domains, but prove difficult for automated solvers. Significant
effort has been dedicated to finding quantifier instantiations that establish
unsatisfiability, thus ensuring validity of a system's verification conditions.
However, in many cases the formulas are satisfiable: this is often the case in
intermediate steps of the verification process. For such cases, existing tools
are limited to finding finite models as counterexamples. Yet, some quantified
formulas are satisfiable but only have infinite models. Such infinite
counter-models are especially typical when first-order logic is used to
approximate inductive definitions such as linked lists or the natural numbers.
The inability of solvers to find infinite models makes them diverge in these
cases. In this paper, we tackle the problem of finding such infinite models.
These models allow the user to identify and fix bugs in the modeling of the
system and its properties. Our approach consists of three parts. First, we
introduce symbolic structures as a way to represent certain infinite models.
Second, we describe an effective model finding procedure that symbolically
explores a given family of symbolic structures. Finally, we identify a new
decidable fragment of first-order logic that extends and subsumes the
many-sorted variant of EPR, where satisfiable formulas always have a model
representable by a symbolic structure within a known family. We evaluate our
approach on examples from the domains of distributed consensus protocols and of
heap-manipulating programs. Our implementation quickly finds infinite
counter-models that demonstrate the source of verification failures in a simple
way, while SMT solvers and theorem provers such as Z3, cvc5, and Vampire
diverge
A Semantic Framework for Neural-Symbolic Computing
Two approaches to AI, neural networks and symbolic systems, have been proven
very successful for an array of AI problems. However, neither has been able to
achieve the general reasoning ability required for human-like intelligence. It
has been argued that this is due to inherent weaknesses in each approach.
Luckily, these weaknesses appear to be complementary, with symbolic systems
being adept at the kinds of things neural networks have trouble with and
vice-versa. The field of neural-symbolic AI attempts to exploit this asymmetry
by combining neural networks and symbolic AI into integrated systems. Often
this has been done by encoding symbolic knowledge into neural networks.
Unfortunately, although many different methods for this have been proposed,
there is no common definition of an encoding to compare them. We seek to
rectify this problem by introducing a semantic framework for neural-symbolic
AI, which is then shown to be general enough to account for a large family of
neural-symbolic systems. We provide a number of examples and proofs of the
application of the framework to the neural encoding of various forms of
knowledge representation and neural network. These, at first sight disparate
approaches, are all shown to fall within the framework's formal definition of
what we call semantic encoding for neural-symbolic AI
Erasure in dependently typed programming
It is important to reduce the cost of correctness in programming. Dependent types
and related techniques, such as type-driven programming, offer ways to do so.
Some parts of dependently typed programs constitute evidence of their typecorrectness
and, once checked, are unnecessary for execution. These parts can easily
become asymptotically larger than the remaining runtime-useful computation, which
can cause linear-time algorithms run in exponential time, or worse. It would be
unnacceptable, and contradict our goal of reducing the cost of correctness, to make
programs run slower by only describing them more precisely.
Current systems cannot erase such computation satisfactorily. By modelling
erasure indirectly through type universes or irrelevance, they impose the limitations
of these means to erasure. Some useless computation then cannot be erased and
idiomatic programs remain asymptotically sub-optimal.
This dissertation explains why we need erasure, that it is different from other
concepts like irrelevance, and proposes two ways of erasing non-computational data.
One is an untyped flow-based useless variable elimination, adapted for dependently
typed languages, currently implemented in the Idris 1 compiler.
The other is the main contribution of the dissertation: a dependently typed core
calculus with erasure annotations, full dependent pattern matching, and an algorithm
that infers erasure annotations from unannotated (or partially annotated) programs.
I show that erasure in well-typed programs is sound in that it commutes with
single-step reduction. Assuming the Church-Rosser property of reduction, I show
that properties such as Subject Reduction hold, which extends the soundness result
to multi-step reduction. I also show that the presented erasure inference is sound
and complete with respect to the typing rules; that this approach can be extended
with various forms of erasure polymorphism; that it works well with monadic I/O
and foreign functions; and that it is effective in that it not only removes the runtime
overhead caused by dependent typing in the presented examples, but can also shorten
compilation times."This work was supported by the University of St Andrews (School of Computer
Science)." -- Acknowledgement
LIPIcs, Volume 261, ICALP 2023, Complete Volume
LIPIcs, Volume 261, ICALP 2023, Complete Volum
Formal Methods for Trustworthy Voting Systems : From Trusted Components to Reliable Software
Voting is prominently an important part of democratic societies, and its outcome may have a dramatic and broad impact on societal progress. Therefore, it is paramount that such a society has extensive trust in the electoral process, such that the system’s functioning is reliable and stable with respect to the expectations within society. Yet, with or without the use of modern technology, voting is full of algorithmic and security challenges, and the failure to address these challenges in a controlled manner may produce fundamental flaws in the voting system and potentially undermine critical societal aspects.
In this thesis, we argue for a development process of voting systems that is rooted in and assisted by formal methods that produce transparently checkable evidence for the guarantees that the final system should provide so that it can be deemed trustworthy. The goal of this thesis is to advance the state of the art in formal methods that allow to systematically develop trustworthy voting systems that can be provenly verified. In the literature, voting systems are modeled in the following four comparatively separable and distinguishable layers: (1) the physical layer, (2) the computational layer, (3) the election layer, and (4) the human layer. Current research usually either mostly stays within one of those layers or lacks machine-checkable evidence, and consequently, trusted and understandable criteria often lack formally proven and checkable guarantees on software-level and vice versa.
The contributions in this work are formal methods that fill in the trust gap between the principal election layer and the computational layer by a reliable translation of trusted and understandable criteria into trustworthy software. Thereby, we enable that executable procedures can be formally traced back and understood by election experts without the need for inspection on code level, and trust can be preserved to the trustworthy system.
The works in this thesis all contribute to this end and consist in five distinct contributions, which are the following:
(I) a method for the generation of secure card-based communication schemes,
(II) a method for the synthesis of reliable tallying procedures,
(III) a method for the efficient verification of reliable tallying procedures,
(IV) a method for the computation of dependable election margins for reliable audits,
(V) a case study about the security verification of the GI voter-anonymization software.
These contributions span formal methods on illustrative examples for each of the three principal components, (1) voter-ballot box communication, (2) election method, and (3) election management, between the election layer and the computational layer.
Within the first component, the voter-ballot box communication channel, we build a bridge from the communication channel to the cryptography scheme by automatically generating secure card-based schemes from a small formal model with a parameterization of the desired security requirements. For the second component, the election method, we build a bridge from the election method to the tallying procedure by (1) automatically synthesizing a runnable tallying procedure from the desired requirements given as properties that capture the desired intuitions or regulations of fairness considerations, (2) automatically generating either comprehensible arguments or bounded proofs to compare tallying procedures based on user-definable fairness properties, and (3) automatically computing concrete election margins for a given tallying procedure, the collected ballots, and the computed election result, that enable efficient election audits. Finally, for the third and final component, the election management system, we perform a case study and apply state-of-the-art verification technology to a real-world e-voting system that has been used for the annual elections of the German Informatics Society (GI – “Gesellschaft für Informatik”) in 2019. The case study consists in the formal implementation-level security verification that the voter identities are securely anonymized and the voters’ passwords cannot be leaked.
The presented methods assist the systematic development and verification of provenly trustworthy voting systems across traditional layers, i.e., from the election layer to the computational layer. They all pursue the goal of making voting systems trustworthy by reliable and explainable formal requirements. We evaluate the devised methods on minimal card-based protocols that compute a secure AND function for two different decks of cards, a classical knock-out tournament and several Condorcet rules, various plurality, scoring, and Condorcet rules from the literature, the Danish national parliamentary elections in 2015, and a state-of-the-art electronic voting system that is used for the German Informatics Society’s annual elections in 2019 and following
Proof-theoretic Semantics for Intuitionistic Multiplicative Linear Logic
This work is the first exploration of proof-theoretic semantics for a substructural logic. It focuses on the base-extension semantics (B-eS) for intuitionistic multiplicative linear logic (IMLL). The starting point is a review of Sandqvist’s B-eS for intuitionistic propositional logic (IPL), for which we propose an alternative treatment of conjunction that takes the form of the generalized elimination rule for the connective. The resulting semantics is shown to be sound and complete. This motivates our main contribution, a B-eS for IMLL
, in which the definitions of the logical constants all take the form of their elimination rule and for which soundness and completeness are established
Fundamentals
Volume 1 establishes the foundations of this new field. It goes through all the steps from data collection, their summary and clustering, to different aspects of resource-aware learning, i.e., hardware, memory, energy, and communication awareness. Machine learning methods are inspected with respect to resource requirements and how to enhance scalability on diverse computing architectures ranging from embedded systems to large computing clusters
- …