Verifying Safety Properties With the TLA+ Proof System

TLAPS, the TLA+ proof system, is a platform for the development and mechanical verification of TLA+ proofs written in a declarative style requiring little background beyond elementary mathematics. The language supports hierarchical and non-linear proof construction and verification, and it is independent of any verification tool or strategy. A Proof Manager uses backend verifiers such as theorem provers, proof assistants, SMT solvers, and decision procedures to check TLA+ proofs. This paper documents the first public release of TLAPS, distributed with a BSD-like license. It handles almost all the non-temporal part of TLA+ as well as the temporal reasoning needed to prove standard safety properties, in particular invariance and step simulation, but not liveness properties

Revisiting the Problem of Searching on a Line

We revisit the problem of searching for a target at an unknown location on a line when given upper and lower bounds on the distance D that separates the initial position of the searcher from the target. Prior to this work, only asymptotic bounds were known for the optimal competitive ratio achievable by any search strategy in the worst case. We present the first tight bounds on the exact optimal competitive ratio achievable, parameterized in terms of the given bounds on D, along with an optimal search strategy that achieves this competitive ratio. We prove that this optimal strategy is unique. We characterize the conditions under which an optimal strategy can be computed exactly and, when it cannot, we explain how numerical methods can be used efficiently. In addition, we answer several related open questions, including the maximal reach problem, and we discuss how to generalize these results to m rays, for any m >= 2

Parallel Search with no Coordination

We consider a parallel version of a classical Bayesian search problem. $k$ agents are looking for a treasure that is placed in one of the boxes indexed by $\mathbb{N}^+$ according to a known distribution $p$. The aim is to minimize the expected time until the first agent finds it. Searchers run in parallel where at each time step each searcher can "peek" into a box. A basic family of algorithms which are inherently robust is \emph{non-coordinating} algorithms. Such algorithms act independently at each searcher, differing only by their probabilistic choices. We are interested in the price incurred by employing such algorithms when compared with the case of full coordination. We first show that there exists a non-coordination algorithm, that knowing only the relative likelihood of boxes according to $p$, has expected running time of at most $10+4(1+\frac{1}{k})^2 T$, where $T$ is the expected running time of the best fully coordinated algorithm. This result is obtained by applying a refined version of the main algorithm suggested by Fraigniaud, Korman and Rodeh in STOC'16, which was designed for the context of linear parallel search.We then describe an optimal non-coordinating algorithm for the case where the distribution $p$ is known. The running time of this algorithm is difficult to analyse in general, but we calculate it for several examples. In the case where $p$ is uniform over a finite set of boxes, then the algorithm just checks boxes uniformly at random among all non-checked boxes and is essentially $2$ times worse than the coordinating algorithm.We also show simple algorithms for Pareto distributions over $M$ boxes. That is, in the case where $p(x) \sim 1/x^b$ for $0< b < 1$, we suggest the following algorithm: at step $t$ choose uniformly from the boxes unchecked in ${1, . . . ,min(M, \lfloor t/\sigma\rfloor)}$, where $\sigma = b/(b + k - 1)$. It turns out this algorithm is asymptotically optimal, and runs about $2+b$ times worse than the case of full coordination

Renal citrate metabolism and urinary citrate excretion in the infant rat

Renal citrate metabolism and urinary citrate excretion in the infant rat.BackgroundAlthough hypercalciuria has the same prevalence in children as adults, children rarely develop renal stones. This may be explained by a greater urinary citrate excretion in infants compared with adults. The present study examines the renal excretion of citrate and renal cortical citrate metabolism in infant and adult rats.MethodsAdult male and newly weaned infant rats were acclimated to metabolic cages and fed synthetic diets. Urine was collected after two days, and renal cortical citrate metabolism was assayed.ResultsInfant rats had a lower plasma [HCO3-] and higher plasma [K+] and had a fourfold higher urinary citrate:creatinine ratio and a twofold higher concentration of citrate in their urine compared with adult rats. This higher urinary citrate excretion was not due to a difference in renal proximal tubular Na/citrate cotransporter activity, nor renal cortical citrate synthase or ATP citrate lyase activities in infants as compared with adults. However, infant rat kidneys had significantly lower mitochondrial aconitase (m-aconitase) activity. Renal cortical citrate concentrations were comparable in infant and adult rats. Manipulation of plasma [K+] to adult levels did not affect the higher urinary citrate excretion in infant rats.ConclusionsUrinary citrate excretion in infant rats is greater than in adults but does not parallel tissue [citrate]. Thus, this higher urinary citrate is likely due to maturational differences in the proximal tubule, other than Na/citrate cotransport, that directly affect citrate transport

Rendezvous on a Line by Location-Aware Robots Despite the Presence of Byzantine Faults

A set of mobile robots is placed at points of an infinite line. The robots are equipped with GPS devices and they may communicate their positions on the line to a central authority. The collection contains an unknown subset of "spies", i.e., byzantine robots, which are indistinguishable from the non-faulty ones. The set of the non-faulty robots need to rendezvous in the shortest possible time in order to perform some task, while the byzantine robots may try to delay their rendezvous for as long as possible. The problem facing a central authority is to determine trajectories for all robots so as to minimize the time until the non-faulty robots have rendezvoused. The trajectories must be determined without knowledge of which robots are faulty. Our goal is to minimize the competitive ratio between the time required to achieve the first rendezvous of the non-faulty robots and the time required for such a rendezvous to occur under the assumption that the faulty robots are known at the start. We provide a bounded competitive ratio algorithm, where the central authority is informed only of the set of initial robot positions, without knowing which ones or how many of them are faulty. When an upper bound on the number of byzantine robots is known to the central authority, we provide algorithms with better competitive ratios. In some instances we are able to show these algorithms are optimal

Renal citrate metabolism and urinary citrate excretion in the infant rat

Renal citrate metabolism and urinary citrate excretion in the infant rat.BackgroundAlthough hypercalciuria has the same prevalence in children as adults, children rarely develop renal stones. This may be explained by a greater urinary citrate excretion in infants compared with adults. The present study examines the renal excretion of citrate and renal cortical citrate metabolism in infant and adult rats.MethodsAdult male and newly weaned infant rats were acclimated to metabolic cages and fed synthetic diets. Urine was collected after two days, and renal cortical citrate metabolism was assayed.ResultsInfant rats had a lower plasma [HCO3-] and higher plasma [K+] and had a fourfold higher urinary citrate:creatinine ratio and a twofold higher concentration of citrate in their urine compared with adult rats. This higher urinary citrate excretion was not due to a difference in renal proximal tubular Na/citrate cotransporter activity, nor renal cortical citrate synthase or ATP citrate lyase activities in infants as compared with adults. However, infant rat kidneys had significantly lower mitochondrial aconitase (m-aconitase) activity. Renal cortical citrate concentrations were comparable in infant and adult rats. Manipulation of plasma [K+] to adult levels did not affect the higher urinary citrate excretion in infant rats.ConclusionsUrinary citrate excretion in infant rats is greater than in adults but does not parallel tissue [citrate]. Thus, this higher urinary citrate is likely due to maturational differences in the proximal tubule, other than Na/citrate cotransport, that directly affect citrate transport

Deterministic meeting of sniffing agents in the plane

Two mobile agents, starting at arbitrary, possibly different times from arbitrary locations in the plane, have to meet. Agents are modeled as discs of diameter 1, and meeting occurs when these discs touch. Agents have different labels which are integers from the set of 0 to L-1. Each agent knows L and knows its own label, but not the label of the other agent. Agents are equipped with compasses and have synchronized clocks. They make a series of moves. Each move specifies the direction and the duration of moving. This includes a null move which consists in staying inert for some time, or forever. In a non-null move agents travel at the same constant speed, normalized to 1. We assume that agents have sensors enabling them to estimate the distance from the other agent (defined as the distance between centers of discs), but not the direction towards it. We consider two models of estimation. In both models an agent reads its sensor at the moment of its appearance in the plane and then at the end of each move. This reading (together with the previous ones) determines the decision concerning the next move. In both models the reading of the sensor tells the agent if the other agent is already present. Moreover, in the monotone model, each agent can find out, for any two readings in moments t1 and t2, whether the distance from the other agent at time t1 was smaller, equal or larger than at time t2. In the weaker binary model, each agent can find out, at any reading, whether it is at distance less than \r{ho} or at distance at least \r{ho} from the other agent, for some real \r{ho} > 1 unknown to them. Such distance estimation mechanism can be implemented, e.g., using chemical sensors. Each agent emits some chemical substance (scent), and the sensor of the other agent detects it, i.e., sniffs. The intensity of the scent decreases with the distance.Comment: A preliminary version of this paper appeared in the Proc. 23rd International Colloquium on Structural Information and Communication Complexity (SIROCCO 2016), LNCS 998

LNCS

We introduce the monitoring of trace properties under assumptions. An assumption limits the space of possible traces that the monitor may encounter. An assumption may result from knowledge about the system that is being monitored, about the environment, or about another, connected monitor. We define monitorability under assumptions and study its theoretical properties. In particular, we show that for every assumption A, the boolean combinations of properties that are safe or co-safe relative to A are monitorable under A. We give several examples and constructions on how an assumption can make a non-monitorable property monitorable, and how an assumption can make a monitorable property monitorable with fewer resources, such as integer registers

Fast Two-Robot Disk Evacuation with Wireless Communication

In the fast evacuation problem, we study the path planning problem for two robots who want to minimize the worst-case evacuation time on the unit disk. The robots are initially placed at the center of the disk. In order to evacuate, they need to reach an unknown point, the exit, on the boundary of the disk. Once one of the robots finds the exit, it will instantaneously notify the other agent, who will make a beeline to it. The problem has been studied for robots with the same speed~\cite{s1}. We study a more general case where one robot has speed $1$ and the other has speed $s \geq 1$. We provide optimal evacuation strategies in the case that $s \geq c_{2.75} \approx 2.75$ by showing matching upper and lower bounds on the worst-case evacuation time. For $1\leq s < c_{2.75}$, we show (non-matching) upper and lower bounds on the evacuation time with a ratio less than $1.22$. Moreover, we demonstrate that a generalization of the two-robot search strategy from~\cite{s1} is outperformed by our proposed strategies for any $s \geq c_{1.71} \approx 1.71$.Comment: 18 pages, 10 figure