scispace - formally typeset
Search or ask a question

Showing papers in "Information & Computation in 2014"


Journal ArticleDOI
TL;DR: This work shows that the achievability problem is undecidable for the full Aeolus model, a strong limiting result for automated configuration in the cloud, and provides a polynomial time algorithm for the further restriction of the model where support for inter-component conflicts is also removed.
Abstract: We introduce the Aeolus component model, which is specifically designed to capture realistic scenarii arising when configuring and deploying distributed applications in the so-called cloud environments, where interconnected components can be deployed on clusters of heterogeneous virtual machines, which can be in turn created, destroyed, and connected on-the-fly. The full Aeolus model is able to describe several component characteristics such as dependencies, conflicts, non-functional requirements (replication requests and load limits), as well as the fact that component interfaces to the world might vary depending on the internal component state. When the number of components needed to build an application grows, it becomes important to be able to automate activities such as deployment and reconfiguration. This correspond, at the level of the model, to the ability to decide whether a desired target system configuration is reachable, which we call the achievability problem, and producing a path to reach it. In this work we show that the achievability problem is undecidable for the full Aeolus model, a strong limiting result for automated configuration in the cloud. We also show that the problem becomes decidable, but Ackermann-hard, as soon as one drops non-functional requirements. Finally, we provide a polynomial time algorithm for the further restriction of the model where support for inter-component conflicts is also removed.

62 citations


Journal ArticleDOI
TL;DR: It is proved that all proof conversions induced by the logic interpretation actually express observational equivalences, and how type isomorphisms resulting from linear logic equivalences are realized by coercions between interface types of session-based concurrent systems are explained.
Abstract: We investigate strong normalization, confluence, and behavioral equality in the realm of session-based concurrency These interrelated issues underpin advanced correctness analysis in models of structured communications The starting point for our study is an interpretation of linear logic propositions as session types for communicating processes, proposed in prior work Strong normalization and confluence are established by developing a theory of logical relations Defined upon a linear type structure, our logical relations remain remarkably similar to those for functional languages We also introduce a natural notion of observational equivalence for session-typed processes Strong normalization and confluence come in handy in the associated coinductive reasoning: as applications, we prove that all proof conversions induced by the logic interpretation actually express observational equivalences, and explain how type isomorphisms resulting from linear logic equivalences are realized by coercions between interface types of session-based concurrent systems

61 citations


Journal ArticleDOI
TL;DR: It is shown that List 4-Coloring is NP-complete for P"6-free graphs, where P" 6 is the path on six vertices.
Abstract: If a graph G contains no subgraph isomorphic to some graph H, then G is called H-free. A coloring of a graph G=(V,E) is a mapping c:V->{1,2,...} such that no two adjacent vertices have the same color, i.e., c(u) c(v) if [email protected]?E; if |c(V)|=0, the Listk-Coloring problem is to decide whether a graph allows a coloring, such that every vertex u receives a color from some given set L(u) that must be a subset of {1,...,k}. We show that List 4-Coloring is NP-complete for P"6-free graphs, where P"6 is the path on six vertices. This completes the classification of Listk-Coloring for P"6-free graphs.

54 citations


Journal ArticleDOI
TL;DR: A model-based framework which supports approximate quantitative verification of implantable cardiac pacemaker models over hybrid heart models based on hybrid input-output automata and can be instantiated with user-specified pacemaker and heart models is developed.
Abstract: We develop a model-based framework which supports approximate quantitative verification of implantable cardiac pacemaker models over hybrid heart models. The framework is based on hybrid input-output automata and can be instantiated with user-specified pacemaker and heart models. For the specifications, we identify two property patterns which are tailored to the verification of pacemakers: "can the pacemaker maintain a normal heart behaviour?" and "what is the energy level of the battery after t time units?". We implement the framework in Simulink based on the discrete-time simulation semantics and endow it with a range of basic and advanced quantitative property checks. The advanced property checks include the correction of pacemaker mediated Tachycardia and how the noise on sensor leads influences the pacing level. We demonstrate the usefulness of the framework for safety assurance of pacemaker software by instantiating it with two hybrid heart models and verifying a number of correctness properties with encouraging experimental results.

51 citations


Journal ArticleDOI
TL;DR: This work extends the known untyped generalization algorithm to an order-sorted typed setting with sorts, subsorts, and subtype polymorphism, and extends it to work modulo equational theories, where function symbols can obey any combination of associativity, commutativity, and identity axioms.
Abstract: Generalization, also called anti-unification, is the dual of unification. Given terms t and t^', a generalizer is a term t^'' of which t and t^' are substitution instances. The dual of a most general unifier (mgu) is that of least general generalizer (lgg). In this work, we extend the known untyped generalization algorithm to, first, an order-sorted typed setting with sorts, subsorts, and subtype polymorphism; second, we extend it to work modulo equational theories, where function symbols can obey any combination of associativity, commutativity, and identity axioms (including the empty set of such axioms); and third, to the combination of both, which results in a modular, order-sorted equational generalization algorithm. Unlike the untyped case, there is in general no single lgg in our framework, due to order-sortedness or to the equational axioms. Instead, there is a finite, minimal and complete set of lggs, so that any other generalizer has at least one of them as an instance. Our generalization algorithms are expressed by means of inference systems for which we give proofs of correctness. This opens up new applications to partial evaluation, program synthesis, and theorem proving for typed equational reasoning systems and typed rule-based languages such as ASF+SDF, Elan, OBJ, Cafe-OBJ, and Maude.

48 citations


Journal ArticleDOI
TL;DR: The extended logic STL* is introduced in which STL is augmented with a signal-value freezing operator allowing to express (and distinguish) various dynamic aspects of oscillations, and expressive power of STL with respect to STL*.
Abstract: To express temporal properties of dense-time real-valued signals, the Signal Temporal Logic (STL) has been defined by Maler et al. The work presented a monitoring algorithm deciding the satisfiability of STL formulae on finite discrete samples of continuous signals. The logic is not expressive enough to sufficiently distinguish oscillatory properties important in biology. In this paper we introduce the extended logic STL* in which STL is augmented with a signal-value freezing operator allowing to express (and distinguish) various dynamic aspects of oscillations. This operator may be nested for further increase of expressiveness. The logic is supported by a monitoring algorithm prototyped in Matlab for the fragment that avoids nesting of the freezing operator. The monitoring procedure for STL* is evaluated on a sample oscillatory signal with varied parameters. Application of the extended logic is demonstrated on a case study of a biological oscillator. We also discuss expressive power of STL with respect to STL*.

47 citations


Journal ArticleDOI
TL;DR: This work provides an elegant characterization of TBox and ABox satisfiability testing and establishes a double exponential upper bound for answering P2RPQs over ZIQ knowledge bases, significantly pushing the frontier of 2ExpTime decidability of query answering in expressive DLs.
Abstract: Expressive Description Logics (DLs) have been advocated as formalisms for modeling the domain of interest in various application areas, including the Semantic Web, data and information integration, peer-to-peer data management, and ontology-based data access. An important requirement there is the ability to answer complex queries beyond instance retrieval, taking into account constraints expressed in a knowledge base. We consider this task for positive 2-way regular path queries (P2RPQs) over knowledge bases in the expressive DL ZIQ. P2RPQs are more general than conjunctive queries, union of conjunctive queries, and regular path queries from the literature. They allow regular expressions over roles and data joins that require inverse paths. The DL ZIQ extends the core DL ALC with qualified number restrictions, inverse roles, safe Boolean role expressions, regular expressions over roles, and concepts of the form @?S.Self in the style of the DL SRIQ. Using techniques based on two-way tree-automata, we first provide as a stepping stone an elegant characterization of TBox and ABox satisfiability testing which gives us a tight ExpTime bound for this problem (under unary number encoding). We then establish a double exponential upper bound for answering P2RPQs over ZIQ knowledge bases; this bound is tight. Our result significantly pushes the frontier of 2ExpTime decidability of query answering in expressive DLs, both with respect to the query language and the considered DL. Furthermore, by reducing the well known DL SRIQ to ZIQ (with an exponential blow-up in the size of the knowledge base), we also provide a tight 2ExpTime upper bound for knowledge base satisfiability in SRIQ and establish the decidability of query answering for this significant fragment of the new OWL 2 standard.

45 citations


Journal ArticleDOI
TL;DR: This paper describes some state space reduction techniques that have been implemented in Maude-NPA, and provides completeness proofs, and experimental evaluations of their effect on the performance of Maude, which supports a wide variety of algebraic properties.
Abstract: The Maude-NRL Protocol Analyzer (Maude-NPA) is a tool and inference system for reasoning about the security of cryptographic protocols in which the cryptosystems satisfy different equational properties. It both extends and provides a formal framework for the original NRL Protocol Analyzer, which supported equational reasoning in a more limited way. Maude-NPA supports a wide variety of algebraic properties that includes many crypto-systems of interest such as, for example, one-time pads and Diffie-Hellman. Maude-NPA, like the original NPA, looks for attacks by searching backwards from an insecure attack state, and assumes an unbounded number of sessions. Because of the unbounded number of sessions and the support for different equational theories, it is necessary to develop ways of reducing the search space and avoiding infinite search paths. In order for the techniques to prove useful, they need not only to speed up the search, but should not violate completeness, so that failure to find attacks still guarantees security. In this paper we describe some state space reduction techniques that we have implemented in Maude-NPA. We also provide completeness proofs, and experimental evaluations of their effect on the performance of Maude-NPA.

42 citations


Journal ArticleDOI
TL;DR: The logic contains a new operator ?
Abstract: In this paper we present refinement modal logic. A refinement is like a bisimulation, except that from the three relational requirements only 'atoms' and 'back' need to be satisfied. Our logic contains a new operator ? in addition to the standard box modalities for each agent. The operator ? acts as a quantifier over the set of all refinements of a given model. As a variation on a bisimulation quantifier, this refinement operator or refinement quantifier ? can be seen as quantifying over a variable not occurring in the formula bound by it. The logic combines the simplicity of multi-agent modal logic with some powers of monadic second-order quantification. We present a sound and complete axiomatization of multi-agent refinement modal logic. We also present an extension of the logic to the modal µ-calculus, and an axiomatization for the single-agent version of this logic. Examples and applications are also discussed: to software verification and design (the set of agents can also be seen as a set of actions), and to dynamic epistemic logic. We further give detailed results on the complexity of satisfiability, and on succinctness.

39 citations


Journal ArticleDOI
TL;DR: A declarative formalism is used in order to give an operational semantics to the distributed metamodel, and it is shown how properties of policies can be directly obtained from standard results for the operational semantics of access request evaluation.
Abstract: We describe a metamodel for access control, designed to take into account the specific requirements of distributed environments. We see a distributed system consisting of several sites, each with its own resources to protect, as a federation, and propose a framework for the specification (and enforcement) of global access control policies that take into account the local policies specified by each member of the federation. The framework provides mechanisms to specify heterogeneous local access control policies, to define policy composition operators, and to use them to define conflict-free access authorisation decisions. We use a declarative formalism in order to give an operational semantics to the distributed metamodel. We then show how properties of policies can be directly obtained from standard results for the operational semantics of access request evaluation.

38 citations


Journal ArticleDOI
TL;DR: It is proved that the secrecy problem is PSPACE-complete in the bounded memory model where all actions are balanced and a potentially infinite number of the nonce updates is allowed.
Abstract: In a collaborative system, the agents collaborate to achieve a common goal, but they are not willing to share some sensitive private information.The question is how much damage can be done by a malicious participant sitting inside the system.We assume that all the participants (including internal adversaries) have bounded memory - at any moment, they can store only a fixed number of messages of a fixed size. The Dolev-Yao adversaries can compose, decompose, eavesdrop, and intercept messages, and create fresh values (nonces), but within their bounded memory.We prove that the secrecy problem is PSPACE-complete in the bounded memory model where all actions are balanced and a potentially infinite number of the nonce updates is allowed.We also show that the well-known security protocol anomalies (starting from the Lowe attack to the Needham-Schroeder protocol) can be rephrased within the bounded memory paradigm with the explicit memory bounds.

Journal ArticleDOI
TL;DR: A calculus for modeling and reasoning about security protocols, including in particular secured routing protocols, is proposed, which extends standard symbolic models to take into account the characteristics of routing protocols and to model wireless communication in a more accurate way.
Abstract: Mobile ad hoc networks consist of mobile wireless devices which autonomously organize their infrastructure. In such networks, a central issue, addressed by routing protocols, is to find a route from one device to another. These protocols use cryptographic mechanisms in order to prevent malicious nodes from compromising the discovered route.Our contribution is twofold. We first propose a calculus for modeling and reasoning about security protocols, including in particular secured routing protocols. Our calculus extends standard symbolic models to take into account the characteristics of routing protocols and to model wireless communication in a more accurate way. Our second main contribution is a decision procedure for analyzing routing protocols for any network topology. By using constraint solving techniques, we show that it is possible to automatically discover (in NPTIME) whether there exists a network topology that would allow malicious nodes to mount an attack against the protocol, for a bounded number of sessions. We also provide a decision procedure for detecting attacks in case the network topology is given a priori. We demonstrate the usage and usefulness of our approach by analyzing protocols of the literature, such as SRP applied to DSR and SDMSR.

Journal ArticleDOI
TL;DR: This work presents a sequential aggregate signature scheme based on trapdoor permutations, which is provably secure in the random oracle model, and compares its signatures to the algorithms currently proposed for use in BGPsec, and finds that they are considerably shorter than nonaggregate RSA and have an order of magnitude faster verification thanNonaggregate ECDSA, although E CDSA has shorter signatures when the number of signers is small.
Abstract: Sequential aggregate signature schemes allow n signers, in order, to sign a message each, at a lower total cost than the cost of n individual signatures. We present a sequential aggregate signature scheme based on trapdoor permutations (e.g., RSA). Unlike prior such proposals, our scheme does not require a signer to retrieve the keys of other signers and verify the aggregate-so-far before adding its own signature. Indeed, we do not even require a signer to know the public keys of other signers!Moreover, for applications that require signers to verify the aggregate anyway, our schemes support lazy verification: a signer can add its own signature to an unverified aggregate and forward it along immediately, postponing verification until load permits or the necessary public keys are obtained. This is especially important for applications where signers must access a large, secure, and current cache of public keys in order to verify messages. The price we pay is that our signature grows slightly with the number of signers.We report a technical analysis of our scheme (which is provably secure in the random oracle model), a detailed implementation-level specification, and implementation results based on RSA and OpenSSL. To evaluate the performance of our scheme, we focus on the target application of BGPsec (formerly known as Secure BGP), a protocol designed for securing the global Internet routing system. There is a particular need for lazy verification with BGPsec, since it is run on routers that must process signatures extremely quickly, while being able to access tens of thousands of public keys. We compare our scheme to the algorithms currently proposed for use in BGPsec, and find that our signatures are considerably shorter than nonaggregate RSA (with the same sign and verify times) and have an order of magnitude faster verification than nonaggregate ECDSA, although ECDSA has shorter signatures when the number of signers is small.

Journal ArticleDOI
TL;DR: Two equivalent definitions of grammars with left contexts are given and their basic properties are established, including a transformation to a normal form and a cubic-time parsing algorithm, with a square-time version for unambiguous Grammars.
Abstract: The paper introduces an extension of context-free grammars equipped with an operator for referring to the left context of the substring being defined. For example, a rule A->[email protected]?B defines a symbol a, as long as it is preceded by a string defined by B. The conjunction operator in this example is taken from conjunctive grammars (Okhotin, 2001), which are an extension of ordinary context-free grammars that maintains most of their practical properties, including many parsing algorithms. This paper gives two equivalent definitions of grammars with left contexts-by logical deduction and by language equations-and establishes their basic properties, including a transformation to a normal form and a cubic-time parsing algorithm, with a square-time version for unambiguous grammars.

Journal ArticleDOI
TL;DR: A type system that guarantees both session safety and a form of access control, which ensures secure information flow, including controlled forms of declassification, is proposed for multiparty sessions with delegation.
Abstract: We consider a calculus for multiparty sessions with delegation, enriched with security levels for session participants and data. We propose a type system that guarantees both session safety and a form of access control. Moreover, this type system ensures secure information flow, including controlled forms of declassification. In particular, it prevents information leaks due to the specific control constructs of the calculus, such as session opening, selection, branching and delegation. We illustrate the use of our type system with a number of examples, which reveal an interesting interplay between the constraints of security type systems and those used in session types to ensure properties like communication safety and session fidelity.

Journal ArticleDOI
TL;DR: A simple, algebraic characterization of languages recognized by one- way reversible finite automata augmented with deterministic advice is presented and the power and limitation of randomized advice and quantum advice when they are given to one-way quantum finite automaton are demonstrated.
Abstract: We examine the characteristic features of reversible and quantum computations in the presence of supplementary external information, known as advice. In particular, we present a simple, algebraic characterization of languages recognized by one-way reversible finite automata augmented with deterministic advice. With a further elaborate argument, we prove a similar but slightly weaker result for bounded-error one-way quantum finite automata with advice. Immediate applications of those properties lead to containments and separations among various language families when they are assisted by appropriately chosen advice. We further demonstrate the power and limitation of randomized advice and quantum advice when they are given to one-way quantum finite automata.

Journal ArticleDOI
TL;DR: This work presents a new symmetric key management API for cryptographic devices intended to implement security protocols in distributed systems that has a formal security policy and proofs of security in the symbolic model, under various threat scenarios.
Abstract: We present a new symmetric key management API for cryptographic devices intended to implement security protocols in distributed systems. Our API has a formal security policy and proofs of security in the symbolic model, under various threat scenarios. This sets it apart from previous APIs such as RSA PKCS#11, which are under-specified, lack a clear security policy and are often subject to attacks. Our design is based on the principle of explicitness: the security policy for a key must be given at creation time, and this policy is then included in any ciphertext containing the key. Our API also contains novel features such as the possibility of insisting on a freshness check before accepting an encrypted key for import. To show the applicability of our design, we give an algorithm for automatically instantiating the API commands for a given key management protocol and apply it on the Clark-Jacob protocols suite.

Journal ArticleDOI
TL;DR: It is shown that the freeness problem is decidable for upper-triangular 2x2 matrices with rational entries when the products are restricted to certain bounded languages.
Abstract: We study the freeness problem for matrix semigroups. We show that the freeness problem is decidable for upper-triangular 2x2 matrices with rational entries when the products are restricted to certain bounded languages. We also show that this problem becomes undecidable for sufficiently large matrices.

Journal ArticleDOI
TL;DR: This paper introduces Cancer Hybrid Automata (CHAs), a formalism to model the progression of cancers through discrete phenotypes, and shows how existing controller synthesis algorithms can be generalized to CHA models, so that therapies can be generated automatically.
Abstract: This paper introduces Cancer Hybrid Automata (CHAs), a formalism to model the progression of cancers through discrete phenotypes. The classification of cancer progression using discrete states like stages and hallmarks has become common in the biology literature, but primarily as an organizing principle, and not as an executable formalism. The precise computational model developed here aims to exploit this untapped potential, namely, through automatic verification of progression models (e.g., consistency, causal connections, etc.), classification of unreachable or unstable states and computer-generated (individualized or universal) therapy plans. The paper builds on a phenomenological approach, and as such does not need to assume a model for the biochemistry of the underlying natural progression. Rather, it abstractly models transition timings between states as well as the effects of drugs and clinical tests, and thus allows formalization of temporal statements about the progression as well as notions of timed therapies. The model proposed here is ultimately based on hybrid automata, and we show how existing controller synthesis algorithms can be generalized to CHA models, so that therapies can be generated automatically. Throughout this paper we use cancer hallmarks to represent the discrete states through which cancer progresses, but other notions of discretely or continuously varying state formalisms could also be used to derive similar therapies.

Journal ArticleDOI
TL;DR: The Krivine machine model is proposed, a new approach to analyzing higher-order recursive schemes that is closer to lambda-calculus, and incorporates nicely many invariants of computations, as for example the typing information.
Abstract: We propose a new approach to analyzing higher-order recursive schemes. Many results in the literature use automata models generalizing pushdown automata, most notably higher-order pushdown automata with collapse (CPDA). Instead, we propose to use the Krivine machine model. Compared to CPDA, this model is closer to lambda-calculus, and incorporates nicely many invariants of computations, as for example the typing information. The usefulness of the proposed approach is demonstrated with new proofs of two central results in the field: the decidability of the local and global model checking problems for higher-order schemes with respect to the mu-calculus.

Journal ArticleDOI
TL;DR: A standardised approach to data extraction to retrieve relevant information from heterogeneous data sources, using semantic interoperability enabled via detailed clinical modelling, is used for data extraction from data sources for analysis and for pre-population of electronic Case Report Forms from electronic health records in primary care clinical systems.
Abstract: The reuse of routinely collected clinical data for clinical research is being explored as part of the drive to reduce duplicate data entry and to start making full use of the big data potential in the healthcare domain. Clinical researchers often need to extract data from patient registries and other patient record datasets for data analysis as part of clinical studies. In the TRANSFoRm project, researchers define their study requirements via a Query Formulation Workbench. We use a standardised approach to data extraction to retrieve relevant information from heterogeneous data sources, using semantic interoperability enabled via detailed clinical modelling. This approach is used for data extraction from data sources for analysis and for pre-population of electronic Case Report Forms from electronic health records in primary care clinical systems.

Journal ArticleDOI
TL;DR: This work introduces parametric shrinking of clock constraints, which corresponds to tightening these, and proposes symbolic procedures to decide the existence of parameters under which the shrunk version of a given timed automaton is non-blocking and can time-abstract simulate the exact semantics.
Abstract: We define and study a new approach to the implementability of timed automata, where the semantics is perturbed by imprecisions and finite frequency of the hardware. In order to circumvent these effects, we introduce parametric shrinking of clock constraints, which corresponds to tightening these. We propose symbolic procedures to decide the existence of (and then compute) parameters under which the shrunk version of a given timed automaton is non-blocking and can time-abstract simulate the exact semantics. We then define an implementation semantics for timed automata with a digital clock and positive reaction times, and show that for shrinkable timed automata, non-blockingness and time-abstract simulation are preserved in implementation.

Journal ArticleDOI
TL;DR: It is demonstrated that a double-exponential size increase when converting a constant height nondeterministic pushdown automaton into an equivalent deterministic device cannot be avoided by certifying its optimality.
Abstract: We study the descriptional cost of removing nondeterminism in constant height pushdown automata-i.e., pushdown automata with a built-in constant limit on the height of the pushdown. We show a double-exponential size increase when converting a constant height nondeterministic pushdown automaton into an equivalent deterministic device. Moreover, we prove that such a double-exponential blow-up cannot be avoided by certifying its optimality. As a direct consequence, we get that eliminating nondeterminism in classical finite state automata is single-exponential even with the help of a constant height pushdown store.

Journal ArticleDOI
TL;DR: Different notions of vanishing states (a concept originating from the area of Generalised Stochastic Petri Nets) are defined and non-naively vanishing states are shown to be essential for relating the concepts of (state-based) naive weak bisimulation and (distribution-based).
Abstract: This paper develops a decision algorithm for weak bisimulation on Markov Automata (MA). For this purpose, different notions of vanishing states (a concept originating from the area of Generalised Stochastic Petri Nets) are defined. In particular, non-naively vanishing states are shown to be essential for relating the concepts of (state-based) naive weak bisimulation and (distribution-based) weak bisimulation. The bisimulation algorithm presented here follows the partition-refinement scheme and has exponential time complexity.

Journal ArticleDOI
TL;DR: The Hybrid Automata are a formal model for hybrid systems, originally proposed to study embedded systems, where a discrete control acts on a continuously changing environment.
Abstract: Hybrid Systems are dynamical systems presenting both discrete and continuous evolution. Hybrid Automata are a formal model for hybrid systems, originally proposed to study embedded systems, where a discrete control acts on a continuously changing environment.

Journal ArticleDOI
TL;DR: It is shown that pPDA language equivalence (and hence multiplicity equivalence of context-free grammars) is in PSPACE and at least as hard as the polynomial identity testing problem.
Abstract: We study the language equivalence problem for probabilistic pushdown automata (pPDA) and their subclasses. We show that the problem is interreducible with the multiplicity equivalence problem for context-free grammars, the decidability of which has been open for several decades. Interreducibility also holds for pPDA with one control state. In contrast, for the case of a one-letter input alphabet we show that pPDA language equivalence (and hence multiplicity equivalence of context-free grammars) is in PSPACE and at least as hard as the polynomial identity testing problem.

Journal ArticleDOI
TL;DR: This work introduces sufficient conditions for the strong termination and quasi-termination of logic programs which rely on the construction of size-change graphs, and presents a fast binding-time analysis that takes the output of the termination analysis and annotates logic programs so that partial evaluation terminates.
Abstract: One of the most important challenges in partial evaluation is the design of automatic methods for ensuring the termination of the process. In this work, we introduce sufficient conditions for the strong (i.e., independent of a computation rule) termination and quasi-termination of logic programs which rely on the construction of size-change graphs. We then present a fast binding-time analysis that takes the output of the termination analysis and annotates logic programs so that partial evaluation terminates. In contrast to previous approaches, the new binding-time analysis is conceptually simpler and considerably faster, scaling to medium-sized or even large examples.

Journal ArticleDOI
TL;DR: This paper solves the satisfiability problem for the quantifier-free fragment of set theory MLSSPF involving in addition to the basic Boolean set operators of union, intersection, and difference, also the powerset and singleton operators, and a finiteness predicate, and proves a small witness-model property for MLS SPF.
Abstract: In this paper we solve the satisfiability problem for the quantifier-free fragment of set theory MLSSPF involving in addition to the basic Boolean set operators of union, intersection, and difference, also the powerset and singleton operators, and a finiteness predicate. The more restricted fragment obtained by dropping the finiteness predicate has been shown to have a solvable satisfiability problem in a previous paper, by establishing for it a small model property. We exploit the latter decision result for dealing also with the finiteness predicate (and therefore with the infiniteness predicate too) and prove a small witness-model property for MLSSPF, asserting that any model for a satisfiable formula @F with m distinct variables of the fragment of our interest admits a finite representation bounded by c(m), where c is a suitable computable function. Since such candidate representations are finitely many, their number does not exceed a known bound, and it can be recognized algorithmically whether they indeed represent a(n infinite) model for the input formula, the decidability of the satisfiability problem for MLSSPF follows.

Journal ArticleDOI
TL;DR: This paper shows how to get message boundedness "for free" under a reasonable (syntactic) assumption on protocols, in order to verify a variety of interesting security properties including secrecy and several authentication properties.
Abstract: While the verification of security protocols has been proved to be undecidable in general, several approaches use simplifying hypotheses in order to obtain decidability for interesting subclasses. Amongst the most common is type abstraction, i.e. considering only well-typed runs of the protocol, therefore bounding message length. In this paper, we show how to get message boundedness "for free" under a reasonable (syntactic) assumption on protocols, in order to verify a variety of interesting security properties including secrecy and several authentication properties. This enables us to improve existing decidability results by restricting the search space for attacks.

Journal ArticleDOI
TL;DR: It is shown that the family of sets representable by unique (least, greatest) solutions of systems of finitely many equations of the form @f(X"1,..., X"n)[email protected](X" 1,...,X"n) is exactly thefamily of recursive (r.e., co-r.i., respectively) sets of numbers.
Abstract: Systems of finitely many equations of the form @f(X"1,...,X"n)[email protected](X"1,...,X"n) are considered, in which the unknowns X"i are sets of natural numbers, while the expressions @f,@j may contain singleton constants and the operations of union and pairwise addition S+T={m+n|[email protected]?S,[email protected]?T}. It is shown that the family of sets representable by unique (least, greatest) solutions of such systems is exactly the family of recursive (r.e., co-r.e., respectively) sets of numbers. Basic decision problems for these systems are located in the arithmetical hierarchy. The same results are established for equations with addition and intersection.