40,617 research outputs found
A program logic for union bounds
International audienceWe propose a probabilistic Hoare logic aHL based on the union bound, a tool from basic probability theory. While the union bound is simple, it is an extremely common tool for analyzing randomized algorithms. In formal verification terms, the union bound allows flexible and compos-itional reasoning over possible ways an algorithm may go wrong. It also enables a clean separation between reasoning about probabilities and reasoning about events, which are expressed as standard first-order formulas in our logic. Notably, assertions in our logic are non-probabilistic, even though we can conclude probabilistic facts from the judgments. Our logic can also prove accuracy properties for interactive programs, where the program must produce intermediate outputs as soon as pieces of the input arrive, rather than accessing the entire input at once. This setting also enables adaptivity, where later inputs may depend on earlier intermediate outputs. We show how to prove accuracy for several examples from the differential privacy literature, both interactive and non-interactive. 1998 ACM Subject Classification D.2.4 Software/Program Verification 1 Introduction Probabilistic computations arise naturally in many areas of computer science. For instance, they are widely used in cryptography, privacy, and security for achieving goals that lie beyond the reach of deterministic programs. However, the correctness of probabilistic programs can be quite subtle, often relying on complex reasoning about probabilistic events. Accordingly, probabilistic computations present an attractive target for formal verification. A long line of research, spanning more than four decades, has focused on expressive formalisms for reasoning about general probabilistic properties both for purely probabilistic programs and for programs that combine probabilistic and non-deterministic choice (see, e.g., [29, 34, 35]). More recent research investigates specialized formalisms that work with more restricted assertions and proof techniques, aiming to simplify formal verification. As perhaps the purest examples of this approach, some program logics prove probabilistic properties by working purely with non-probabilistic assertions; we call such systems lightweight logics. Examples include probabilistic relational Hoare logic [3] for proving the reductionist security of cryptographic constructions, and the related approximate probabilistic relational Hoare logic [4] for reasoning about differential privacy. These logics rely on the powerful abstraction of probabilistic couplings to derive probabilistic facts from non-probabilistic assertions [7]
Michael John Caldwell Gordon (FRS 1994), 28 February 1948 -- 22 August 2017
Michael Gordon was a pioneer in the field of interactive theorem proving and
hardware verification. In the 1970s, he had the vision of formally verifying
system designs, proving their correctness using mathematics and logic. He
demonstrated his ideas on real-world computer designs. His students extended
the work to such diverse areas as the verification of floating-point
algorithms, the verification of probabilistic algorithms and the verified
translation of source code to correct machine code. He was elected to the Royal
Society in 1994, and he continued to produce outstanding research until
retirement.
His achievements include his work at Edinburgh University helping to create
Edinburgh LCF, the first interactive theorem prover of its kind, and the ML
family of functional programming languages. He adopted higher-order logic as a
general formalism for verification, showing that it could specify hardware
designs from the gate level right up to the processor level. It turned out to
be an ideal formalism for many problems in computer science and mathematics.
His tools and techniques have exerted a huge influence across the field of
formal verification
Advanced Probabilistic Couplings for Differential Privacy
Differential privacy is a promising formal approach to data privacy, which
provides a quantitative bound on the privacy cost of an algorithm that operates
on sensitive information. Several tools have been developed for the formal
verification of differentially private algorithms, including program logics and
type systems. However, these tools do not capture fundamental techniques that
have emerged in recent years, and cannot be used for reasoning about
cutting-edge differentially private algorithms. Existing techniques fail to
handle three broad classes of algorithms: 1) algorithms where privacy depends
accuracy guarantees, 2) algorithms that are analyzed with the advanced
composition theorem, which shows slower growth in the privacy cost, 3)
algorithms that interactively accept adaptive inputs.
We address these limitations with a new formalism extending apRHL, a
relational program logic that has been used for proving differential privacy of
non-interactive algorithms, and incorporating aHL, a (non-relational) program
logic for accuracy properties. We illustrate our approach through a single
running example, which exemplifies the three classes of algorithms and explores
new variants of the Sparse Vector technique, a well-studied algorithm from the
privacy literature. We implement our logic in EasyCrypt, and formally verify
privacy. We also introduce a novel coupling technique called \emph{optimal
subset coupling} that may be of independent interest
Probability Logic for Harsanyi Type Spaces
Probability logic has contributed to significant developments in belief types
for game-theoretical economics. We present a new probability logic for Harsanyi
Type spaces, show its completeness, and prove both a de-nesting property and a
unique extension theorem. We then prove that multi-agent interactive
epistemology has greater complexity than its single-agent counterpart by
showing that if the probability indices of the belief language are restricted
to a finite set of rationals and there are finitely many propositional letters,
then the canonical space for probabilistic beliefs with one agent is finite
while the canonical one with at least two agents has the cardinality of the
continuum. Finally, we generalize the three notions of definability in
multimodal logics to logics of probabilistic belief and knowledge, namely
implicit definability, reducibility, and explicit definability. We find that
S5-knowledge can be implicitly defined by probabilistic belief but not reduced
to it and hence is not explicitly definable by probabilistic belief
A Formal Approach based on Fuzzy Logic for the Specification of Component-Based Interactive Systems
Formal methods are widely recognized as a powerful engineering method for the
specification, simulation, development, and verification of distributed
interactive systems. However, most formal methods rely on a two-valued logic,
and are therefore limited to the axioms of that logic: a specification is valid
or invalid, component behavior is realizable or not, safety properties hold or
are violated, systems are available or unavailable. Especially when the problem
domain entails uncertainty, impreciseness, and vagueness, the appliance of such
methods becomes a challenging task. In order to overcome the limitations
resulting from the strict modus operandi of formal methods, the main objective
of this work is to relax the boolean notion of formal specifications by using
fuzzy logic. The present approach is based on Focus theory, a model-based and
strictly formal method for componentbased interactive systems. The contribution
of this work is twofold: i) we introduce a specification technique based on
fuzzy logic which can be used on top of Focus to develop formal specifications
in a qualitative fashion; ii) we partially extend Focus theory to a fuzzy one
which allows the specification of fuzzy components and fuzzy interactions.
While the former provides a methodology for approximating I/O behaviors under
imprecision, the latter enables to capture a more quantitative view of
specification properties such as realizability.Comment: In Proceedings FESCA 2015, arXiv:1503.0437
Towards the Formal Reliability Analysis of Oil and Gas Pipelines
It is customary to assess the reliability of underground oil and gas
pipelines in the presence of excessive loading and corrosion effects to ensure
a leak-free transport of hazardous materials. The main idea behind this
reliability analysis is to model the given pipeline system as a Reliability
Block Diagram (RBD) of segments such that the reliability of an individual
pipeline segment can be represented by a random variable. Traditionally,
computer simulation is used to perform this reliability analysis but it
provides approximate results and requires an enormous amount of CPU time for
attaining reasonable estimates. Due to its approximate nature, simulation is
not very suitable for analyzing safety-critical systems like oil and gas
pipelines, where even minor analysis flaws may result in catastrophic
consequences. As an accurate alternative, we propose to use a
higher-order-logic theorem prover (HOL) for the reliability analysis of
pipelines. As a first step towards this idea, this paper provides a
higher-order-logic formalization of reliability and the series RBD using the
HOL theorem prover. For illustration, we present the formal analysis of a
simple pipeline that can be modeled as a series RBD of segments with
exponentially distributed failure times.Comment: 15 page
- …