52,393 research outputs found
Automated Verification of Design Patterns with LePUS3
Specification and [visual] modelling languages are expected to combine strong abstraction mechanisms with rigour, scalability, and parsimony. LePUS3 is a visual, object-oriented design description language axiomatized in a decidable subset of the first-order predicate logic. We demonstrate how LePUS3 is used to formally specify a structural design pattern and prove (‗verify‘) whether any JavaTM 1.4 program satisfies that specification. We also show how LePUS3 specifications (charts) are composed and how they are verified fully automatically in the Two-Tier Programming Toolkit
On model checking data-independent systems with arrays without reset
A system is data-independent with respect to a data type X iff the operations
it can perform on values of type X are restricted to just equality testing. The
system may also store, input and output values of type X. We study model
checking of systems which are data-independent with respect to two distinct
type variables X and Y, and may in addition use arrays with indices from X and
values from Y . Our main interest is the following parameterised model-checking
problem: whether a given program satisfies a given temporal-logic formula for
all non-empty nite instances of X and Y . Initially, we consider instead the
abstraction where X and Y are infinite and where partial functions with finite
domains are used to model arrays. Using a translation to data-independent
systems without arrays, we show that the u-calculus model-checking problem is
decidable for these systems. From this result, we can deduce properties of all
systems with finite instances of X and Y . We show that there is a procedure
for the above parameterised model-checking problem of the universal fragment of
the u-calculus, such that it always terminates but may give false negatives. We
also deduce that the parameterised model-checking problem of the universal
disjunction-free fragment of the u-calculus is decidable. Practical motivations
for model checking data-independent systems with arrays include verification of
memory and cache systems, where X is the type of memory addresses, and Y the
type of storable values. As an example we verify a fault-tolerant memory
interface over a set of unreliable memories.Comment: Appeared in Theory and Practice of Logic Programming, vol. 4, no.
5&6, 200
Computer-aided verification in mechanism design
In mechanism design, the gold standard solution concepts are dominant
strategy incentive compatibility and Bayesian incentive compatibility. These
solution concepts relieve the (possibly unsophisticated) bidders from the need
to engage in complicated strategizing. While incentive properties are simple to
state, their proofs are specific to the mechanism and can be quite complex.
This raises two concerns. From a practical perspective, checking a complex
proof can be a tedious process, often requiring experts knowledgeable in
mechanism design. Furthermore, from a modeling perspective, if unsophisticated
agents are unconvinced of incentive properties, they may strategize in
unpredictable ways.
To address both concerns, we explore techniques from computer-aided
verification to construct formal proofs of incentive properties. Because formal
proofs can be automatically checked, agents do not need to manually check the
properties, or even understand the proof. To demonstrate, we present the
verification of a sophisticated mechanism: the generic reduction from Bayesian
incentive compatible mechanism design to algorithm design given by Hartline,
Kleinberg, and Malekian. This mechanism presents new challenges for formal
verification, including essential use of randomness from both the execution of
the mechanism and from the prior type distributions. As an immediate
consequence, our work also formalizes Bayesian incentive compatibility for the
entire family of mechanisms derived via this reduction. Finally, as an
intermediate step in our formalization, we provide the first formal
verification of incentive compatibility for the celebrated
Vickrey-Clarke-Groves mechanism
Alternating register automata on finite words and trees
We study alternating register automata on data words and data trees in
relation to logics. A data word (resp. data tree) is a word (resp. tree) whose
every position carries a label from a finite alphabet and a data value from an
infinite domain. We investigate one-way automata with alternating control over
data words or trees, with one register for storing data and comparing them for
equality. This is a continuation of the study started by Demri, Lazic and
Jurdzinski. From the standpoint of register automata models, this work aims at
two objectives: (1) simplifying the existent decidability proofs for the
emptiness problem for alternating register automata; and (2) exhibiting
decidable extensions for these models. From the logical perspective, we show
that (a) in the case of data words, satisfiability of LTL with one register and
quantification over data values is decidable; and (b) the satisfiability
problem for the so-called forward fragment of XPath on XML documents is
decidable, even in the presence of DTDs and even of key constraints. The
decidability is obtained through a reduction to the automata model introduced.
This fragment contains the child, descendant, next-sibling and
following-sibling axes, as well as data equality and inequality tests
- …