Journal of Logical and Algebraic Methods in Programming最新文献

Formal methods and machine learning are two research fields with drastically different foundations and philosophies. Formal methods utilise mathematically rigorous techniques for software and hardware systems' specification, development and verification. Machine learning focuses on pragmatic approaches to gradually improve a parameterised model by observing a training data set. While historically, the two fields lack communication, this trend has changed in the past few years with an outburst of research interest in the robustness verification of neural networks. This paper will briefly review these works, and focus on the urgent need for broader and more in-depth communication between the two fields, with the ultimate goal of developing learning-enabled systems with excellent performance and acceptable safety and security. We present a specification language, MLS², and show that it can express a set of known safety and security properties, including generalisation, uncertainty, robustness, data poisoning, backdoor, model stealing, membership inference, model inversion, interpretability, and fairness. To verify MLS² properties, we promote the global optimisation-based methods, which have provable guarantees on the convergence to the optimal solution. Many of them have theoretical bounds on the gap between current solutions and the optimal solution.

RoboChart is a core notation in the RoboStar framework. It is a timed and probabilistic domain-specific and state machine-based language for robotics. RoboChart supports shared variables and communication across entities in its component model. It has formal denotational semantics given in CSP. The semantic technique of Interaction Trees (ITrees) represents behaviours of reactive and concurrent programs interacting with their environments. Recent mechanisation of ITrees, ITree-based CSP semantics and a Z mathematical toolkit in Isabelle/HOL bring new applications of verification and animation for state-rich process languages, such as RoboChart. In this paper, we use ITrees to give RoboChart novel operational semantics, implement it in Isabelle, and use Isabelle's code generator to generate verified and executable animations. We illustrate our approach using an autonomous chemical detector and patrol robot models, exhibiting nondeterminism and using shared variables. With animation, we show two concrete scenarios for the chemical detector when the robot encounters different environmental inputs and three for the patrol robot when its calibrated position is in other corridor sections. We also verify that the animated scenarios are trace refinements of the CSP denotational semantics of the RoboChart models using FDR, a refinement model checker for CSP. This ensures that our approach to resolve nondeterminism using CSP operators with priority is sound and correct.

Cyber-physical systems are often safety-critical and their correctness is crucial, such as in the case of automated driving. Using formal mathematical methods is one way to guarantee correctness and improve safety. Although these methods have shown their usefulness, care must be taken because modelling errors might result in proving a faulty controller safe, which is potentially catastrophic in practice. This paper deals with two such modelling errors in differential dynamic logic, a formal specification and verification language for hybrid systems, which are mathematical models of cyber-physical systems. The main contributions are to provide conditions under which these two modelling errors cannot cause a faulty controller to be proven safe, and to show how these conditions can be proven with help of the interactive theorem prover KeYmaera X. The problems are illustrated with a real world example of a safety controller for automated driving, and it is shown that the formulated conditions have the intended effect both for a faulty and a correct controller. It is also shown how the formulated conditions aid in finding a loop invariant candidate to prove properties of hybrid systems with feedback loops. Furthermore, the relation between such a loop invariant and the characterisation of the maximal control invariant set is discussed.

Cyber-physical systems often encompass complex concurrent behavior with timing constraints and probabilistic failures on demand. The analysis whether such systems with probabilistic timed behavior adhere to a given specification is essential. The formalism of Interval Probabilistic Timed Graph Transformation Systems (IPTGTSs) is often a suitable choice to model cyber-physical systems because (a) its rule-based approach to graph transformation can capture a wide range of system's structure dynamics when the states of the system can be represented by graphs while (b) it employs interval specifications for probabilistic behavior as well as lower and upper bounds on delays of steps to support systems where precise probabilities and delays are not known or may change during the runtime of the system. Probabilistic Metric Temporal Graph Logic (PMTGL) has been introduced as a powerful specification language to express worst-case/best-case probabilistic timed requirements such as actor-based soft deadlines using (a) path properties relying on its Metric Temporal Graph Logic fragment to track individual graph elements and (b) an operator inherited from Probabilistic Timed Computation Tree Logic to express worst-case/best-case probabilistic requirements identifying worst-case/best-case resolutions of non-determinism. Bounded Model Checking (BMC) support for Probabilistic Timed Graph Transformation Systems (PTGTSs) w.r.t. properties specified using PMTGL has been already presented. However, for IPTGTSs no analysis support w.r.t. PMTGL properties has been developed for stating metric temporal properties on identified subgraphs and their structural changes over time.

In this paper, we adapt the BMC approach developed for PTGTSs to the case of IPTGTSs extending modeling and analysis support to the usage of probability intervals more appropriately covering cyber-physical systems where probabilistic effects cannot be specified precisely and need to be approximated instead. In our evaluation, we apply an implementation of our BMC approach in AutoGraph to a novel running example demonstrating the effect of using probability intervals instead of precise probability values.

In probabilistic process algebras the classic qualitative description of process behaviour is enriched with quantitative information on it, usually modelled in terms of probabilistic weights and/or distributions over the qualitative behaviour. In this setting, we use behavioural equivalences to check whether two processes show exactly the same behaviour, and, if this is not the case, we can use behavioural metrics to measure the distance between them. Compositional reasoning requires that equivalence, or closeness, of behaviour of two processes are not destroyed when language operators are applied on top of them in order to build larger processes. Formally, the equivalence must be a congruence, and the metric must be uniformly continuous, with respect to language operators. Instead of verifying these compositional properties by hand, operator-by-operator, it is much more convenient to prove them for a class of operators once for all, and to check that the operators one is dealing with are in that class. This is achieved by means of SOS specification formats: they consist in a set of syntactical constraints characterising a class of operators on the patterns of SOS rules, that define the operational semantics of languages. With this survey, we aim to collect and describe the specification formats that have been proposed in the literature to guarantee the compositional properties of (variants of) bisimulation equivalences and bisimulation metrics in the probabilistic setting.

A significant task in business process optimization is concerned with streamlining the allocation and sharing of resources. This paper presents an approach for analyzing business process provisioning under a resource prediction strategy based on deep learning. A timed and probabilistic rewrite theory specification formalizes the semantics of business processes. It is integrated with an external oracle in the form of a long short-term memory neural network that can be queried to predict how traces of the process may advance within a time frame. Comparison of execution time and resource occupancy under different parameters is included for several case studies, as well as details on the construction of the deep learning model and its integration with Maude.

The verification of preemptive real-time systems is a crucial aspect in ensuring their correctness and reliability to meet strict time constraints. Generally, the analysis of the behaviors of such systems requires the computation of the reachability graphs encoding their state space. However, the construction of the latter is computationally expensive and resource-consuming as it involves, for each graph node, managing and solving polyhedral constraints whose complexity is exponential.

In this paper, we explore a novel approach that builds an over-approximation of the state space of preemptive real-time systems. Our graph construction extends the expression of a node to the time-distance system that encodes the quantitative properties of past-fired subsequences. This makes it possible to restore relevant time information that is used to compute in a polynomial time a tighter difference bound matrix over-approximation of the polyhedral constraints. We show that the obtained graph is more appropriate to restore the quantitative properties of the model. The simulation results show that our graphs are almost of the same size as the exact graphs, while improving by far the times needed for their computation.

Reduction-based systems are used as a basis for the implementation of programming languages, automated reasoning systems, mathematical analysis tools, etc. In such inherently non-deterministic systems, guaranteeing that diverging steps can be eventually rejoined is crucial for a faithful use in most applications. This property of reduction systems is called local confluence. In a landmark 1980 paper, Gérard Huet characterized local confluence of a Term Rewriting System as the joinability of all its critical pairs. In this paper, we characterize local confluence of Conditional Term Rewriting Systems, where reduction steps may depend on the satisfaction of specific conditions in rules: a conditional term rewriting system is locally confluent if and only if (i) all its conditional critical pairs and (ii) all its conditional variable pairs (which we introduce in this paper) are joinable. Furthermore, the logic-based approach we follow here is well-suited to analyze local confluence of more general reduction-based systems. We exemplify this by (i) including (context-sensitive) replacement restrictions in the arguments of function symbols, and (ii) allowing for more general conditions in rules. The obtained systems are called Generalized Term Rewriting Systems. A characterization of local confluence is also given for them.

In application domains such as routing, network analysis, scheduling, and planning, directed graphs are widely used as both formal models and core data structures for the development of efficient algorithmic solutions. In these areas, graphs are often evolving in time: for example, connection links may fail due to temporary technical issues, meaning that edges of the graph cannot be traversed for some time interval and alternative paths have to be followed.

In classical computation graphs have been implemented both explicitly through adjacency matrices/lists and symbolically as ordered binary decision diagrams. Moreover, ad-hoc visit procedures have been developed to deal with dynamically evolving graphs.

Quantum computation, exploiting interference and entanglement, has provided an exponential speed-up for specific problems, e.g., database search and integer factorization. In the quantum framework everything must be represented and manipulated using reversible operators. This poses a challenge when one has to deal with traversals of dynamically evolving directed graphs. Graph traversals are not intrinsically reversible because of converging paths. In the case of dynamically evolving graphs also the creation/destruction of paths comes into play against reversibility.

In this paper we propose a novel high level graph representation in quantum computation supporting dynamic connectivity typical of real-world network applications. Our procedure allows to encode any multigraph into a unitary matrix. We devise algorithms for computing the encoding that are optimal in terms of time and space and we show the effectiveness of the proposal with some examples. We describe how to react to edge/node failures in constant time. Furthermore, we present two methods to perform quantum random walks taking advantage of this encoding: with and without projectors. We implement and test our encoding obtaining that the theoretical bounds for the running time are confirmed by the empirical results and providing more details on the behavior of the algorithms over graphs of different densities.

Reversible primitive permutations (RPP) is a class of recursive functions that models reversible computation. We present a proof, which has been verified using the proof-assistant Lean, that demonstrates RPP can encode every primitive recursive function (PRF-completeness) and that each RPP can be encoded as a primitive recursive function (PRF-soundness). Our proof of PRF-completeness is simpler and fixes some errors in the original proof, while also introducing a new reversible iteration scheme for RPP. By keeping the formalization and semi-automatic proofs simple, we are able to identify a single programming pattern that can generate a set of reversible algorithms within RPP: Cantor pairing, integer division quotient/remainder, and truncated square root. Finally, Lean source code is available for experiments on reversible computation whose properties can be certified.