Visibly Pushdown Modular Games

Games on recursive game graphs can be used to reason about the control flow of sequential programs with recursion. In games over recursive game graphs, the most natural notion of strategy is the modular strategy, i.e., a strategy that is local to a module and is oblivious to previous module invocations, and thus does not depend on the context of invocation. In this work, we study for the first time modular strategies with respect to winning conditions that can be expressed by a pushdown automaton. We show that such games are undecidable in general, and become decidable for visibly pushdown automata specifications. Our solution relies on a reduction to modular games with finite-state automata winning conditions, which are known in the literature. We carefully characterize the computational complexity of the considered decision problem. In particular, we show that modular games with a universal Buchi or co Buchi visibly pushdown winning condition are EXPTIME-complete, and when the winning condition is given by a CARET or NWTL temporal logic formula the problem is 2EXPTIME-complete, and it remains 2EXPTIME-hard even for simple fragments of these logics. As a further contribution, we present a different solution for modular games with finite-state automata winning condition that runs faster than known solutions for large specifications and many exits.Comment: In Proceedings GandALF 2014, arXiv:1408.556

From LCF to Isabelle/HOL

Interactive theorem provers have developed dramatically over the past four decades, from primitive beginnings to today's powerful systems. Here, we focus on Isabelle/HOL and its distinctive strengths. They include automatic proof search, borrowing techniques from the world of first order theorem proving, but also the automatic search for counterexamples. They include a highly readable structured language of proofs and a unique interactive development environment for editing live proof documents. Everything rests on the foundation conceived by Robin Milner for Edinburgh LCF: a proof kernel, using abstract types to ensure soundness and eliminate the need to store proofs. Compared with the research prototypes of the 1970s, Isabelle is a practical and versatile tool. It is used by system designers, mathematicians and many others

Modélisation et vérification des processus métier orientés données probabilistes

There is a wide range of new applications that stress the need for business process models that are able to handle imprecise data. This thesis studies the underlying modelling and analysis issues. It uses as formal model to describe process behaviours a labelled transitions system in which transitions are guarded by conditions defined over a probabilistic database. To tackle verification problems, we decompose this model to a set of traditional automata associated with probabilities named as world-partition automata. Next, this thesis presents an approach for testing probabilistic simulation preorder in this context. A complexity analysis reveals that the problem is in 2-exptime, and is exptime-hard, w.r.t. expression complexity while it matches probabilistic query evaluation w.r.t. data-complexity. Then P-LTL and P-CTL model checking methods are studied to verify this model. In this context, the complexity of P-LTL and P-CTL model checking is in exptime. Finally a prototype called ”PRODUS” which is a modeling and verification tool is introduced and we model a realistic scenario in the domain of GIS (graphical information system) by using our approach.Un large éventail de nouvelles applications met l’accent sur la nécessité de disposer de modèles de processus métier capables de manipuler des données imprécises ou incertaines. Du fait de la présence de données probabilistes, les comportements externes de tels processus métier sont non markoviens. Peu de travaux dans la littérature se sont intéressés à la vérification de tels systèmes. Ce travail de thèse étudie les questions de modélisation et d’analyse de ce type de processus métier. Il utilise comme modèle formel pour décrire les comportements des processus métier un système de transitions étiquetées dans lequel les transitions sont gardées par des conditions définies sur une base de données probabiliste. Il propose ensuite une approche de décomposition de ces processus qui permet de tester la relation de simulation entre processus dans ce contexte. Une analyse de complexité révèle que le problème de test de simulation est dans 2-EXPTIME, et qu’il est EXPTIME-difficile en termes de complexité d’expression, alors que du point de vue de la complexité en termes des données, il n’engendre pas de surcoût supplémentaire par rapport au coût de l’évaluation de requêtes booléennes sur des bases de données probabilistes. L’approche proposée est ensuite étendue pour permettre la vérification de propriétés exprimées dans les logiques P-LTL et P-CTL. Finalement, un prototype, nommé ‘PRODUS’, a été implémenté et utilisé dans le cadre d’une application liée aux systèmes d’information géographiques pour montrer la faisabilité de l’approche proposée

Verification of Automata with Storage Mechanisms

An important question in computer science is to ask, whether a given system conforms to a specification. Often this question is equivalent to ask whether a finite automaton with certain memory like a stack or queue can reach some given state. In this thesis we focus this reachability problem of automata having one or more lossy or reliable stacks or queues as their memory. Unfortunately, the reachability problem is undecidable or of high complexity in most of these cases. We circumvent this by several approximation methods. So we extend the exploration algorithm by Boigelot and Godefroid under-approximating the reachability problem of queue automata. We also study some automata having multiple stacks with a restricted behavior. These “asynchronous pushdown systems” have an efficiently decidable reachability problem. To show our results we first have to gain knowledge of several algebraic properties of the so-called transformation monoid of the studied storage mechanisms.An important research topic in computer science is the verification, i.e., the analysis of systems towards their correctness. This analysis consists of two parts: first we have to formalize the system and the desired properties. Afterwards we have to find algorithms to check whether the properties hold in the system. In many cases we can model the system as a finite automaton with a suitable storage mechanism, e.g., functional programs with recursive calls can be modeled as automata with a stack (or pushdown). Here, we consider automata with two variations of stacks and queues: 1. Partially lossy queues and stacks, which are allowed to forget some specified parts of their contents at any time. We are able to model unreliable systems with such memories. 2. Distributed queues and stacks, i.e., multiple such memories with a special synchronization in between. Often we can check the properties of our models by solving the reachability and recurrent reachability problems in our automata models. It is well-known that the decidability of these problems highly depends on the concrete data type of our automata’s memory. Both problems can be solved in polynomial time for automata with one stack. In contrast, these problems are undecidable if we attach a queue or at least two stacks to our automata. In some special cases we are still able to verify such systems. So, we will consider only special automata with multiple stacks - so-called asynchronous pushdown automata. These are multiple (local) automata each having one stack. Whenever these automata try to write something into at least one stack, we require a read action on these stacks right before these actions. We will see that the (recurrent) reachability problem is decidable for such asynchronous pushdown automata in polynomial time. We can also semi-decide the reachability problem of our queue automata by exploration of the configration space. To this end, we can join multiple consecutive transitions to so-called meta-transformations and simulate them at once. Here, we study meta-transformations alternating between writing words from a given regular language into the queues and reading words from another regular language from the queues. We will see that such metatransformations can be applied in polynomial time. To show this result we first study some algebraic properties of our stacks and queues.Ein wichtiges Forschungsthema in der Informatik ist die Verifikation, d.h., die Analyse von Systemen bezüglich ihrer Korrektheit. Diese Analyse erfolgt in zwei Schritten: Zuerst müssen wir das System und die gewünschten Eigenschaften formalisieren. Anschließend benötigen wir Algorithmen zum Testen, ob das System die Eigenschaften erfüllt. Oftmals können wir das Systemals endlichen Automaten mit geeignetem Speichermechanismus modellieren, z.B. rekursive Programme sind im Wesentlichen Automaten mit einem Stack. Hier betrachten wir Automaten mit zwei Varianten von Stacks und Queues: 1. Partiell vergessliche Stacks und Queues, welche bestimmte Teile ihrer Inhalte jederzeit vergessen können. Diese können für unzuverlässige Systeme verwendet werden. 2. Verteilte Stacks und Queues, d.h., mehrere Stacks und Queues mit vordefinierter Synchronisierung. Häufig lassen sich die Eigenschaften unserer Modelle mithilfe des (wiederholten) Erreichbarkeitsproblems in unseren Automaten lösen. Dabei ist bekannt, dass die Entscheidbarkeit dieser Probleme oftmals stark vom konkreten Datentyp des Speichers abhängt. Beide Probleme können für Automaten mit einem Stack in Polynomialzeit gelöst werden. Sie sind jedoch unentscheidbar, wenn wir Automaten mit einer Queue oder zwei Stacks betrachten. In bestimmten Spezialfällen sind aber dennoch in der Lage diese Systeme zu verifizieren. So können wir beispielsweise bestimmte Automaten mit mehreren Stacks betrachten - so genannte Asynchrone Kellerautomaten. Diese bestehen aus mehreren (lokalen) Automaten mit jeweils einem Stack. Wann immer diese Automaten etwas in mind. einen Stack schreiben, müssen sie unmittelbar zuvor von diesen Stacks etwas lesen. Das (wiederholte) Erreichbarkeitsproblem ist in asynchronen Kellerautomaten in Polynomialzeit entscheidbar. Wir können zudem das Erreichbarkeitsproblem von Queueautomaten durch Exploration des Konfigurationsraums semi-entscheiden. Hierzu können wir mehrere aufeinanderfolgende Transitionen zu so genannten Meta-Transformationen zusammenfassen und diese in einem Schritt simulieren. Hier betrachten wir Meta-Transformationen, die zwischen dem Lesen und Schreiben von Wörtern aus zwei gegebenen regulären Sprachen alternieren. Diese Meta-Transformationen können in Polynomialzeit ausgeführt werden. Für dieses Ergebnis müssen wir jedoch zunächst verschiedene algebraische Eigenschaften der Queues betrachten

Reasoning about Cognitive Trust in Stochastic Multiagent Systems

We consider the setting of stochastic multiagent systems modelled as stochastic multiplayer games and formulate an automated verification framework for quantifying and reasoning about agents’ trust. To capture human trust, we work with a cognitive notion of trust defined as a subjective evaluation that agent A makes about agent B’s ability to complete a task, which in turn may lead to a decision by A to rely on B. We propose a probabilistic rational temporal logic PRTL*, which extends the probabilistic computation tree logic PCTL* with reasoning about mental attitudes (beliefs, goals, and intentions) and includes novel operators that can express concepts of social trust such as competence, disposition, and dependence. The logic can express, for example, that “agent A will eventually trust agent B with probability at least p that B will behave in a way that ensures the successful completion of a given task.” We study the complexity of the automated verification problem and, while the general problem is undecidable, we identify restrictions on the logic and the system that result in decidable, or even tractable, subproblems

Model Checking Logics of Social Commitments for Agent Communication

This thesis is about specifying and verifying communications among autonomous and possibly heterogeneous agents, which are the key principle for constructing effective open multi-agent systems (MASs). Effective systems are those that successfully achieve applicability, feasibility, error-freeness and balance between expressiveness and verification efficiency aspects. Over the last two decades, the MAS community has advocated social commitments, which successfully provide a powerful representation for modeling communications in the figure of business contracts from one agent to another. While modeling communications using commitments provides a fundamental basis for capturing flexible communications and helps address the challenge of ensuring compliance with specifications, the designers and business process modelers of the system as a whole cannot guarantee that an agent complies with its commitments as supposed to or at least not wantonly violate or cancel them. They may still wish to first formulate the notion of commitment-based protocols that regulate communications among agents and then establish formal verification (e.g., model checking) by which compliance verification in those protocols is possible. In this thesis, we address the aforementioned challenges by firstly developing a new branching-time temporal logic---called ACTL*c---that extends CTL* with modal operators for representing and reasoning about commitments and all associated actions. The proposed semantics for ACL (agent communication language) messages in terms of commitments and their actions is formal, declarative, meaningful, verifiable and semi-computationally grounded. We use ACTL*c to derive a new specification language of commitment-based protocols, which is expressive and suitable for model checking. We introduce a reduction method to formally transform the problem of model checking ACTL*c to the problem of model checking GCTL* so that the use of the CWB-NC model checker is possible. We prove the soundness of our reduction method and implement it on top of CWB-NC. To check the effectiveness of our reduction method, we report the verification results of the NetBill protocol and Contract Net protocol against some properties. In addition to the reduction method, we develop a new symbolic algorithm to perform model checking ACTL*c. To balance between expressiveness and verification efficiency, we secondly adopt a refined fragment of ACTL*c, called CTLC, an extension of CTL with modalities for commitments and their fulfillment. We extend the formalism of interpreted systems introduced to develop MASs with shared and unshared variables and considered agents' local states in the definition of a full-computationally grounded semantics for ACL messages using commitments. We present reasonable axioms of commitment and fulfillment modalities. In our verification technique, the problem of model checking CTLC is reduced into the problems of model checking ARCTL and GCTL* so that respectively extended NuSMV and CWB-NC (as a benchmark) are usable. We prove the soundness of our reduction methods and then implement them on top of the extended NuSMV and CWB-NC model checkers. To evaluate the effectiveness of our reduction methods, we verified the correctness of two business case studies. We finally proceed to develop a new symbolic model checking algorithm to directly verify commitments and their fulfillment and commitment-based protocols. We analyze the time complexity of CTLC model checking for explicit models and its space complexity for concurrent programs that provide compact representations. We prove that although CTLC extends CTL, their model checking algorithms still have the same time complexity for explicit models, and the same space complexity for concurrent programs. We fully implement the proposed algorithm on top of MCMAS, a model checker for the verification of MASs, and then check its efficiency and scalability using an industrial case study

Tools and Algorithms for the Construction and Analysis of Systems

This open access book constitutes the proceedings of the 28th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2022, which was held during April 2-7, 2022, in Munich, Germany, as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022. The 46 full papers and 4 short papers presented in this volume were carefully reviewed and selected from 159 submissions. The proceedings also contain 16 tool papers of the affiliated competition SV-Comp and 1 paper consisting of the competition report. TACAS is a forum for researchers, developers, and users interested in rigorously based tools and algorithms for the construction and analysis of systems. The conference aims to bridge the gaps between different communities with this common interest and to support them in their quest to improve the utility, reliability, exibility, and efficiency of tools and algorithms for building computer-controlled systems