Reachability in Vector Addition Systems by Examples
ABSTRACT. I plan to briefly describe recent advances on understanding the complexity of the reachability problemfor vector addition systems (or equivalently for vector addition systems with states - VASS). I will present a zoo of a few involved VASS examples, which illustrate intuitions behind various aspects of hardnessof the problem and various techniques of proving lower complexity bounds.
ABSTRACT. We prove a Kleene theorem for higher-dimensional automata (HDAs). It states that the languages they recognise are precisely the rational subsumption-closed sets of interval pomsets. The rational operations include a gluing composition, for which we equip pomsets with interfaces. For our proof, we introduce HDAs with interfaces as presheaves over labelled precube categories and use tools inspired by algebraic topology, such as cylinders and (co)fibrations. HDAs are a general model of non-interleaving concurrency, which subsumes many other models in this field. Interval orders occur as models for concurrent or distributed systems where events extend in time. Our tools and techniques may therefore yield templates for Kleene theorems in a variety of models.
Diamonds for Security: A Non-Interleaving Operational Semantics for the Applied Pi-Calculus
ABSTRACT. We introduce a non-interleaving structural operational semantics for the applied π-calculus and prove that it satisfies the properties expected of a labelled asynchronous transition system (LATS). LATS have well studied relations with other standard non-interleaving models, such as Mazurkiewicz traces or event structures, and are a natural extension of labelled transition systems where the independence of transitions is made explicit. Our choice of LATS as the underlying model is motivated by our wish to give an operational semantics close to the existing ones of applied π-calculus. We build on a considerable body of literature on located semantics for process algebras and adopt a static view on locations to identify the parallel processes that perform a transition. By lifting in this way the works on CCS and π-calculus to the applied π-calculus, we lay down a principled foundation for reusing verification techniques such as partial-order reduction and non-interleaving equivalences in the field of security. The key technical device we develop is the notion of located aliases to refer unambiguously to a specific output originating from a specific process. This light mechanism ensures stability, avoiding disjunctive causality problems that parallel extrusion incurs in similar non-interleaving semantics for the π-calculus.
Weak Progressive Forward Simulation is Necessary and Sufficient for Strong Observational Refinement
ABSTRACT. Hyperproperties are correctness conditions for labelled transition systems that are more expressive than traditional trace properties, with particular relevance to security. Recently, Attiya and Enea studied a notion of strong observational refinement that preserves all hyperproperties. They analyse the correspondence between forward simulation and strong observational refinement in a setting with only finite traces. We study this correspondence in a setting with both finite and infinite traces. In particular, we show that forward simulation does not preserve hyperliveness properties in this setting. We extend the forward simulation proof obligation with a (weak) progress condition, and prove that this weak progressive forward simulation is equivalent to strong observational refinement.
ABSTRACT. Concurrent multi-player games with $\omega$-regular objectives are a standard model for systems that consist of several interacting components, each with its own objective.
The standard solution concept for such games is Nash Equilibrium, which is a ``stable'' strategy profile for the players.
In many settings, the system is not fully observable by the interacting components, e.g., due to internal variables. Then, the interaction is modelled by a partial information game. Unfortunately, the problem of whether a partial information game has an NE is not known to be decidable.
A particular setting of partial information arises naturally when processes are assigned IDs by the system, but these IDs are not known to the processes. Then, the processes have full information about the state of the system, but are uncertain of the effect of their actions on the transitions.
We generalize the setting above and introduce Multi-Topology Games (MTGs) -- concurrent games with several possible topologies, where the players do not know which topology is actually used.
We show that extending the concept of NE to these games can take several forms. To this end, we propose two notions of NE: Conservative NE, in which a player deviates if she can strictly add topologies to her winning set, and Greedy NE, where she deviates if she can win in a previously-losing topology.
We study the properties of these NE, and show that the problem of whether a game admits them is decidable.
Strategies for MDP Bisimilarity Equivalence and Inequivalence
ABSTRACT. A labelled Markov decision process (MDP) is a labelled Markov chain with nondeterminism; i.e., together with a strategy a labelled MDP induces a labelled Markov chain. Motivated by applications to the verification of probabilistic noninterference in security, we study problems whether there exist strategies such that the labelled MDPs become bisimilarity equivalent/inequivalent. We show that the equivalence problem is decidable; in fact, it is EXPTIME-complete and becomes NP-complete if one of the MDPs is a Markov chain. Concerning the inequivalence problem, we show that (1) it is decidable in polynomial time; (2) if there are strategies for inequivalence then there are memoryless strategies for inequivalence; (3) such memoryless strategies can be computed in polynomial time.
ABSTRACT. We study the rational verification problem which consists in verifying the correctness of a system executing in an environment that is assumed to behave rationally. We consider the model of rationality in which the environment only executes behaviors that are Pareto-optimal with regard to its set of objectives, given the behavior of the system (which is committed in advance of any interaction). We examine two ways of specifying this behavior, first by means of a deterministic Moore machine, and then by lifting its determinism. In the latter case the machine may embed several different behaviors for the system, and the universal rational verification problem aims at verifying that all of them are correct when the environment is rational. For parity objectives, we prove that the Pareto-rational verification problem is co-NP-complete and that its universal version is in PSPACE and both NP-hard and co-NP-hard. For Boolean Büchi objectives, the former problem is Π2P-complete and the latter is PSPACE-complete. Both problems are also shown to be fixed-parameter tractable.
Generalised Multiparty Session Types with Crash-Stop Failures
ABSTRACT. Session types enable the specification and verification of communicating systems. However, their
theory often assumes that processes never fail. To address this limitation, we present a generalised
multiparty session type (MPST) theory with crash-stop failures, where processes can crash arbitrarily.
Our new theory validates more protocols and processes w.r.t. previous work. We apply minimal
syntactic changes to standard session π-calculus and types: we model crashes and their handling
semantically, with a generalised MPST typing system parametric on a behavioural safety property.
We cover the spectrum between fully reliable and fully unreliable sessions, via optional reliability
assumptions, and prove type safety and protocol conformance in the presence of crash-stop failures.
Introducing crash-stop failures has non-trivial consequences: writing correct processes that
handle all possible crashes can be difficult. Yet, our generalised MPST theory allows us to tame this
complexity, via model checkers, to validate whether a multiparty session satisfies desired behavioural
properties, e.g. deadlock-freedom or liveness. We implement our approach using the mCRL2 model
checker, and evaluate it with examples extended from the literature.
An Infinitary Proof Theory of Linear Logic Ensuring Fair Termination in the Linear π-Calculus
ABSTRACT. Fair termination is the property of programs that may diverge “in principle” but that terminate “in practice”, under suitable fairness assumptions concerning the resolution of non-deterministic choices. We study a conservative extension of μMALL∞, the infinitary proof system of the multiplicative additive fragment of linear logic with least and greatest fixed points, such that cut elimination corresponds to fair termination. Proof terms are processes of πLIN, a variant of the linear π-calculus with (co)recursive types into which binary and (some) multiparty sessions can be encoded. As a result we obtain a behavioral type system for πLIN (and indirectly for session calculi through their encoding into πLIN) that ensures fair termination: although well-typed processes may engage in arbitrarily long interactions, they are fairly guaranteed to eventually perform all pending actions.
On Session Typing, Probabilistic Polynomial Time, and Cryptographic Experiments
ABSTRACT. In this work, a system of session types is introduced, following Caires and Pfenning, as induced by a Curry Howard correspondence applied to Bounded Linear Logic, and then extending the thus obtained type system with probabilistic choices and ground types. In particular, we show how such a system satisfies the expected properties, like subject reduction and progress, but also unexpected ones, like a polynomial bound on the time needed to reduce processes. This makes the system suitable for modelling experiments and proofs in the so-called computational model of cryptography.