Valid extensions of introspective systems: a foundation for reflective theorem provers

Introspective systems have been proved ueful in several applications, especially in the area of automated reasoning. In this paper we propose to use structured algebraic specifications to describe the embedded account of introspective systems. Our main result is that extending such an introspective system in a valid manner can be reduced to development of correct software. Since sound extension of automated reasoning systems again can be reduced to valid extension of introspective systems, our work can be seen as a foundation for extensible introspective reasoning systems, and in particular for reflective provers. We prove correctness of our mechanism and report on first experiences we have made with its realization in the KIV system (Karlsruhe Interactive Verifier)

Decision procedures for equality logic with uninterpreted functions

In dit proefschrift presenteren we een aantal technieken om vervulbaarheid (satisfiability) vast te stellen binnen beslisbare delen van de eerste orde logica met gelijkheid. Het doel van dit proefschrift is voornamelijk het ontwikkelen van nieuwe technieken in plaats van het ontwikkelen van een effici¨ente implementatie om vervulbaarheid vast te stellen. Als algemeen logisch raamwerk gebruiken we de eerste orde predikaten logica zonder kwantoren. We beschrijven enkele basisprocedures om vervulbaarheid van propositionele formules vast te stellen: de DP procedure, de DPLL procedure, en een techniek gebaseerd op BDDs. Deze technieken zijn eigenlijk families van algoritmen in plaats van losse algoritmen. Hun gedrag wordt bepaald door een aantal keuzen die ze maken gedurende de uitvoering. We geven een formele beschrijving van resolutie, en we analyseren gedetailleerd de relatie tussen resolutie en DPLL. Het is bekend dat een DPLL bewijs van onvervulbaarheid (refutation) rechtstreeks kan worden getransformeerd naar een resolutie bewijs van onvervulbaarheid met een vergelijkbare lengte. In dit proefschrift wordt een transformatie ge¨introduceerd van zo’n DPLL bewijs naar een resolutie bewijs dat de kortst mogelijke lengte heeft. We presenteren GDPLL, een generalisatie van de DPLL procedure. Deze is bruikbaar voor het vervulbaarheidsprobleem voor beslisbare delen van de eerste orde logica zonder kwantoren. Voldoende eigenschappen worden ge¨identificeerd om de correctheid, de be¨eindiging en de volledigheid van GDPLL te bewijzen. We beschrijven manieren om vervulbaarheid vast te stellen binnen de logica met gelijkheid en niet-ge¨interpreteerde functies (EUF). Dit soort logica is voorgesteld om abstracte hardware ontwerpen te verifi¨eren. Het snel kunnen vaststellen van vervulbaarheid binnen deze logica is belangrijk om dergelijke verificaties te laten slagen. In de afgelopen jaren zijn er verschillende procedures voorgesteld om de vervulbaarheid van dergelijke formules vast te stellen. Wij beschrijven een nieuwe aanpak om vervulbaarheid vast te stellen van formules uit de logica met gelijkheid die in de conjunctieve normaal vorm zijn gegeven. Centraal in deze aanpak staat ´e´en enkele bewijsregel genaamd gelijkheidsresolutie. Voor deze ene regel bewijzen wij correctheid en volledigheid. Op grond van deze regel stellen we een volledige procedure voor om vervulbaarheid van dit soort formules vast te stellen, en we bewijzen de correctheid ervan. Daarnaast presenteren we nog een nieuwe procedure om vervulbaarheid vast te stellen van EUF-formules, gebaseerd op de GDPLL methode. Tot slot breiden we BDDs voor propositionele logica uit naar logica met gelijkheid. We bewijzen dat alle paden in deze uitgebreide BDDs vervulbaar zijn. In een constante hoeveelheid tijd kan vastgesteld worden of de formule een tautologie is, een tegenspraak is, of slechts vervulbaar is

Computer Aided Verification

This open access two-volume set LNCS 10980 and 10981 constitutes the refereed proceedings of the 30th International Conference on Computer Aided Verification, CAV 2018, held in Oxford, UK, in July 2018. The 52 full and 13 tool papers presented together with 3 invited papers and 2 tutorials were carefully reviewed and selected from 215 submissions. The papers cover a wide range of topics and techniques, from algorithmic and logical foundations of verification to practical applications in distributed, networked, cyber-physical, and autonomous systems. They are organized in topical sections on model checking, program analysis using polyhedra, synthesis, learning, runtime verification, hybrid and timed systems, tools, probabilistic systems, static analysis, theory and security, SAT, SMT and decisions procedures, concurrency, and CPS, hardware, industrial applications

Architectural Refinement in HETS

The main objective of this work is to bring a number of improvements to the Heterogeneous Tool Set HETS, both from a theoretical and an implementation point of view. In the first part of the thesis we present a number of recent extensions of the tool, among which declarative specifications of logics, generalized theoroidal comorphisms, heterogeneous colimits and integration of the logic of the term rewriting system Maude. In the second part we concentrate on the CASL architectural refinement language, that we equip with a notion of refinement tree and with calculi for checking correctness and consistency of refinements. Soundness and completeness of these calculi is also investigated. Finally, we present the integration of the VSE refinement method in HETS as an institution comorphism. Thus, the proof manangement component of HETS remains unmodified

Automated Deduction – CADE 28

This open access book constitutes the proceeding of the 28th International Conference on Automated Deduction, CADE 28, held virtually in July 2021. The 29 full papers and 7 system descriptions presented together with 2 invited papers were carefully reviewed and selected from 76 submissions. CADE is the major forum for the presentation of research in all aspects of automated deduction, including foundations, applications, implementations, and practical experience. The papers are organized in the following topics: Logical foundations; theory and principles; implementation and application; ATP and AI; and system descriptions

Unifying Static And Runtime Analysis In Declarative Distributed Systems

Today’s distributed systems are becoming increasingly complex, due to the ever-growing number of network devices and their variety. The complexity makes it hard for system administrators to correctly configure distributed systems. This motivates the need for effective analytic tools that can help ensure correctness of distributed systems. One challenge in ensuring correctness is that there does not exist one solution that works for all properties. One type of properties, such as security properties, are so critical that they demand pre-deployment verification (i.e., static analysis) which, though time-consuming, explores the whole execution space. However, due to the potential problem of state explosion, static verification of all properties is not practical, and not necessary. Violation of non-critical properties, such as correct routing with shortest paths, is tolerable during execution and can be diagnosed after errors occur (i.e., runtime analysis), a more light-weight approach compared to verification. This dissertation presents STRANDS, a declarative framework that enables users to perform both pre-deployment verification and post-deployment diagnostics on top of declarative specification of distributed systems. STRANDS uses Network Datalog (NDlog), a distributed variant of Datalog query language, to specify network protocols and services. STRANDS has two components: a system verifier and a system debugger. The verifier allows the user to rigorously prove safety properties of network protocols and services, using either the program logic or symbolic execution we develop for NDlog programs. The debugger, on the other hand, facilitates diagnosis of system errors by allowing for querying of the structured history of network execution (i.e., network provenance) that is maintained in a storage-efficient manner. We show the effectiveness of STRANDS by evaluating both the verifier and the debugger. Using the verifier, we prove path authenticity of secure routing protocols, and verify a number of safety properties in software-defined networking (SDN). Also, we demonstrate that our provenance maintenance algorithm achieves significant storage reduction, while incurring negligible network overhead

Certificates for decision problems in temporal logic using context-based tableaux and sequent calculi.

115 p.Esta tesis trata de resolver problemas de Satisfactibilidad y Model Checking, aportando certificados del resultado. En ella, se trabaja con tres lógicas temporales: Propositional Linear Temporal Logic (PLTL), Computation Tree Logic (CTL) y Extended Computation Tree Logic (ECTL). Primero se presenta el trabajo realizado sobre Certified Satisfiability. Ahí se muestra una adaptación del ya existente método dual de tableaux y secuentes basados en contexto para satisfactibilidad de fórmulas PLTL en Negation Normal Form. Se ha trabajado la generación de certificados en el caso en el que las fórmulas son insactisfactibles. Por último, se aporta una prueba de soundness del método. Segundo, se ha optimizado con Sat Solvers el método de Certified Satisfiability para el contexto de Certified Model Checking. Se aportan varios ejemplos de sistemas y propiedades. Tercero, se ha creado un nuevo método dual de tableaux y secuentes basados en contexto para realizar Certified Satisfiability para fórmulas CTL yECTL. Se presenta el método y un algoritmo que genera tanto el modelo en el caso de que las fórmulas son satisfactibles como la prueba en el caso en que no lo sean. Por último, se presenta una implementación del método para CTL y una experimentación comparando el método propuesto con otro método de similares características

Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation

Abstract-Despite advances in security engineering, authentication in applications such as email and the Web still primarily relies on the X.509 public key infrastructure introduced in 1988. This PKI has many issues but is nearly impossible to replace. Leveraging recent progress in verifiable computation, we propose a novel use of existing X.509 certificates and infrastructure. Instead of receiving & validating chains of certificates, our applications receive & verify proofs of their knowledge, their validity, and their compliance with application policies. This yields smaller messages (by omitting certificates), stronger privacy (by hiding certificate contents), and stronger integrity (by embedding additional checks, e.g. for revocation). X.509 certificate validation is famously complex and errorprone, as it involves parsing ASN.1 data structures and interpreting them against diverse application policies. To manage this diversity, we propose a new format for writing application policies by composing X.509 templates, and we provide a template compiler that generates C code for validating certificates within a given policy. We then use the Geppetto cryptographic compiler to produce a zero-knowledge verifiable computation scheme for that policy. To optimize the resulting scheme, we develop new C libraries for RSA-PKCS#1 signatures and ASN.1 parsing, carefully tailored for cryptographic verifiability. We evaluate our approach by providing two real-world applications of verifiable computation: a drop-in replacement for certificates within TLS; and access control for the Helios voting protocol. For TLS, we support fine-grained validation policies, with revocation checking and selective disclosure of certificate contents, effectively turning X.509 certificates into anonymous credentials. For Helios, we obtain additional privacy and verifiability guarantees for voters equipped with X.509 certificates, such as those readily available from some national ID cards