Showing papers on "Undecidable problem published in 2022"

Approximating Perfect Recall When Model Checking Strategic Abilities

Abstract: The model checking problem for multi-agent systems against specifications in the alternating-time temporal logic AT L, hence AT L∗ , under perfect recall and imperfect information is known to be undecidable. To tackle this problem, in this paper we investigate a notion of bounded recall under incomplete information. We present a novel three-valued semantics for AT L∗ in this setting and analyse the corresponding model checking problem. We show that the three-valued semantics here introduced is an approximation of the classic two-valued semantics, then give a sound, albeit partial, algorithm for model checking two-valued perfect recall via its approximation as three-valued bounded recall. Finally, we extend MCMAS, an open-source model checker for AT L and other agent specifications, to incorporate bounded recall; we illustrate its use and present experimental results.

Verification and Monitoring for First-Order LTL with Persistence-Preserving Quantification over Finite and Infinite Traces

Abstract: We address the problem of model checking first-order dynamic systems where new objects can be injected in the active domain during execution. Notable examples are systems induced by a first-order action theory, e.g., expressed in the Situation Calculus. Recent results have shown that, under the state-boundedness assumption, such systems, in spite of having a first-order representation of the state, admit decidable model checking for full first-order mu-calculus. However, interestingly, model checking remains undecidable in the case of first-order LTL (LTL-FO). In this paper, we show that in LTL-FOp, which is the fragment of LTL-FO in which quantification is over objects that persist along traces, model checking state-bounded systems becomes decidable over finite and infinite traces. We then employ this result to show how to handle monitoring of LTL-FOp properties against a trace stemming from an unknown state-bounded dynamic system, simultaneously considering the finite trace up to the current point, and all its possibly infinite future continuations.

Deciding Hyperproperties Combined with Functional Specifications

Abstract: We study satisfiability for HyperLTL with a ∀*∃* quantifier prefix, known to be highly undecidable in general. HyperLTL can express system properties that relate multiple traces (so-called hyperproperties), which are often combined with trace properties that specify functional behavior on single traces. Following this conceptual split, we first define several safety and liveness fragments of ∀*∃* HyperLTL, and characterize the complexity of their (often much easier) satisfiability problem. We then add LTL trace properties as functional specifications. Though (highly) undecidable in many cases, this way of combining “simple” HyperLTL and arbitrary LTL also leads to interesting new decidable fragments. This systematic study of ∀*∃* fragments is complemented by a new (incomplete) algorithm for ∀∃*-HyperLTL satisfiability.

Statistical Verification of Cyber-Physical Systems using Surrogate Models and Conformal Inference

Abstract: Uncertainty in safety-critical cyber-physical systems can be modeled using a finite number of parameters or input signals. Given a system specification in Signal Temporal Logic (STL), we would like to verify that for all (infinite) values of the model parameters/input signals, the system satisfies its specification. Unfortunately, this problem is undecidable in general. Statistical model checking (SMC) offers a solution by providing guarantees on the correctness of CPS models by statistically reasoning on model simulations. We propose a new approach for statistical verification of CPS models for user-provided distribution on the model parameters. Our technique uses model simulations to learn surrogate models, and uses conformal inference to provide probabilistic guarantees on the satisfaction of a given STL property. Additionally, we can provide prediction intervals containing the quantitative satisfaction values of the given STL property for any user-specified confidence level. We also propose a refinement procedure based on Gaussian Process (GP)-based surrogate models for obtaining fine-grained probabilistic guarantees over sub-regions in the parameter space. This in turn enables the CPS designer to choose assured validity domains in the parameter space for safety-critical applications. Finally, we demonstrate the efficacy of our technique on several CPS models.

Solving constrained Horn clauses modulo algebraic data types and recursive functions

Abstract: This work addresses the problem of verifying imperative programs that manipulate data structures, e.g., Rust programs. Data structures are usually modeled by Algebraic Data Types (ADTs) in verification conditions. Inductive invariants of such programs often require recursively defined functions (RDFs) to represent abstractions of data structures. From the logic perspective, this reduces to solving Constrained Horn Clauses (CHCs) modulo both ADT and RDF. The underlying logic with RDFs is undecidable. Thus, even verifying a candidate inductive invariant is undecidable. Similarly, IC3-based algorithms for solving CHCs lose their progress guarantee: they may not find counterexamples when the program is unsafe. We propose a novel IC3-inspired algorithm Racer for solving CHCs modulo ADT and RDF (i.e., automatically synthesizing inductive invariants, as opposed to only verifying them as is done in deductive verification). Racer ensures progress despite the undecidability of the underlying theory, and is guaranteed to terminate with a counterexample for unsafe programs. It works with a general class of RDFs over ADTs called catamorphisms. The key idea is to represent catamorphisms as both CHCs, via relationification , and RDFs, using novel abstractions . Encoding catamorphisms as CHCs allows learning inductive properties of catamorphisms, as well as preserving unsatisfiabilty of the original CHCs despite the use of RDF abstractions, whereas encoding catamorphisms as RDFs allows unfolding the recursive definition, and relying on it in solutions. Abstractions ensure that the underlying theory remains decidable. We implement our approach in Z3 and show that it works well in practice.

The decidability and complexity of interleaved bidirected Dyck reachability

Abstract: Dyck reachability is the standard formulation of a large domain of static analyses, as it achieves the sweet spot between precision and efficiency, and has thus been studied extensively. Interleaved Dyck reachability (denoted D k ⊙ D k ) uses two Dyck languages for increased precision (e.g., context and field sensitivity) but is well-known to be undecidable. As many static analyses yield a certain type of bidirected graphs, they give rise to interleaved bidirected Dyck reachability problems. Although these problems have seen numerous applications, their decidability and complexity has largely remained open. In a recent work, Li et al. made the first steps in this direction, showing that (i) D 1 ⊙ D 1 reachability (i.e., when both Dyck languages are over a single parenthesis and act as counters) is computable in O ( n 7 ) time, while (ii) D k ⊙ D k reachability is NP-hard. However, despite this recent progress, most natural questions about this intricate problem are open. In this work we address the decidability and complexity of all variants of interleaved bidirected Dyck reachability. First, we show that D 1 ⊙ D 1 reachability can be computed in O ( n 3 · α( n )) time, significantly improving over the existing O ( n 7 ) bound. Second, we show that D k ⊙ D 1 reachability (i.e., when one language acts as a counter) is decidable, in contrast to the non-bidirected case where decidability is open. We further consider D k ⊙ D 1 reachability where the counter remains linearly bounded. Our third result shows that this bounded variant can be solved in O ( n 2 · α( n )) time, while our fourth result shows that the problem has a (conditional) quadratic lower bound, and thus our upper bound is essentially optimal. Fifth, we show that full D k ⊙ D k reachability is undecidable. This improves the recent NP-hardness lower-bound, and shows that the problem is equivalent to the non-bidirected case. Our experiments on standard benchmarks show that the new algorithms are very fast in practice, offering many orders-of-magnitude speedups over previous methods.

Under-Approximating Expected Total Rewards in POMDPs

Abstract: Abstract We consider the problem: is the optimal expected total reward to reach a goal state in a partially observable Markov decision process (POMDP) below a given threshold? We tackle this—generally undecidable—problem by computing under-approximations on these total expected rewards. This is done by abstracting finite unfoldings of the infinite belief MDP of the POMDP. The key issue is to find a suitable under-approximation of the value function. We provide two techniques: a simple (cut-off) technique that uses a good policy on the POMDP, and a more advanced technique (belief clipping) that uses minimal shifts of probabilities between beliefs. We use mixed-integer linear programming (MILP) to find such minimal probability shifts and experimentally show that our techniques scale quite well while providing tight lower bounds on the expected total reward.

A Labelling Semantics and Strong Admissibility for Weighted Argumentation Frameworks

Abstract: Abstract Argumentation Theory provides tools for both modelling and reasoning with controversial information and is a methodology that is often used as a way to give explanations to results provided using machine learning techniques. In this context, labelling-based semantics for Abstract Argumentation Frameworks (AFs) allow for establishing the acceptability of sets of arguments, dividing them into three partitions: in, out and undecidable (instead of classical Dung acceptable and not acceptable sets). This kind of semantics have been studied only for classical AFs, while the more powerful weighted and preference-based frameworks have not been studied yet. In this paper, we define a novel labelling semantics for Weighted Argumentation Frameworks (WAFs), extending and generalizing the crisp one, and we provide some insights towards a definition of strong admissibility for WAFs.

There are no minimal essentially undecidable theories

Abstract: We show that there is no theory that is minimal with respect to interpretability among recursively enumerable essentially undecidable theories.

Understanding Queries by Conditional Instances

Abstract: A powerful way to understand a complex query is by observing how it operates on data instances. However, specific database instances are not ideal for such observations: they often include large amounts of superfluous details that are not only irrelevant to understanding the query but also cause cognitive overload; and one specific database may not be enough. Given a relational query, is it possible to provide a simple and generic "representative'' instance that (1) illustrates how the query can be satisfied, (2) summarizes all specific instances that would satisfy the query in the same way by abstracting away unnecessary details? Furthermore, is it possible to find a collection of such representative instances that together completely characterize all possible ways in which the query can be satisfied? This paper takes initial steps towards answering these questions. We design what these representative instances look like, define what they stand for, and formalize what it means for them to satisfy a query in "all possible ways." We argue that this problem is undecidable for general domain relational calculus queries, and develop practical algorithms for computing a minimum collection of such instances subject to other constraints. We evaluate the efficiency of our approach experimentally, and show its effectiveness in helping users debug relational queries through a user study.

Verification of agent navigation in partially-known environments

Abstract: This paper establishes a framework based on logic and automata theory in which to model and automatically verify systems of multiple mobile agents moving in environments with partially-known topologies, i.e., ones which are not completely known at design time. Examples include physical agents designed to be used in many spatial environments and not tailored for a specific one, robots in environments not reachable by humans, and software exploring partially-mapped networks. We model spatial environments as graphs whose edges are labelled with directions. We model agents as finite-state machines that move on the graphs by issuing commands of the form “go in direction X”, that can communicate their internal state to other agents, and that can sense agent positions (including current and visited positions). We treat the incomplete information about the spatial environment by studying the decision problem that asks whether a given collection of agents achieve their tasks on all graphs from a class of graphs — this is called the parameterised verification problem. The framework also introduces a new logical language based on Linear Temporal Logic that is tailored for expressing agent navigation tasks in such environments. Although the parameterised verification problem is undecidable, we identify two key dimensions that need to be limited in order to regain decidability, namely, the set of graph-environments and the amount of sensing and communication between agents. In particular, one should limit the families of graphs to exclude grids, and there should be a bound on the number of times an agent senses the position of another agent or communicates its own state to another agent. We prove that dropping either of these assumptions results in undecidability, even for agents with severe restrictions on their abilities (e.g., with very limited sensing abilities and no communication abilities). The importance of this work is that a) it provides a general computational model for mobile multi-agent systems in environments with partially-known topologies, b) it identifies, for the first time, the precise causes of undecidability of these systems and presents minimal restrictions to alleviate this problem, and c) it provides a generic sound and complete procedure for solving the parameterised verification problem over a broad range of spatial-environments and for agents with very powerful sensing and communication abilities.

Peano: learning formal mathematical reasoning

Abstract: General mathematical reasoning is computationally undecidable, but humans routinely solve new problems. Moreover, discoveries developed over centuries are taught to subsequent generations quickly. What structure enables this, and how might that inform automated mathematical reasoning? We posit that central to both puzzles is the structure of procedural abstractions underlying mathematics. We explore this idea in a case study on five sections of beginning algebra on the Khan Academy platform. To define a computational foundation, we introduce Peano, a theorem-proving environment where the set of valid actions at any point is finite. We use Peano to formalize introductory algebra problems and axioms, obtaining well-defined search problems. We observe existing reinforcement learning methods for symbolic reasoning to be insufficient to solve harder problems. Adding the ability to induce reusable abstractions (‘tactics’) from its own solutions allows an agent to make steady progress, solving all problems. Furthermore, these abstractions induce an order to the problems, seen at random during training. The recovered order has significant agreement with the expert-designed Khan Academy curriculum, and second-generation agents trained on the recovered curriculum learn significantly faster. These results illustrate the synergistic role of abstractions and curricula in the cultural transmission of mathematics. This article is part of a discussion meeting issue ‘Cognitive artificial intelligence’.

OUP accepted manuscript

Abstract: Abstract Argumentation Theory provides tools for both modelling and reasoning with controversial information and is a methodology that is often used as a way to give explanations to results provided using machine learning techniques. In this context, labelling-based semantics for Abstract Argumentation Frameworks (AFs) allow for establishing the acceptability of sets of arguments, dividing them into three partitions: in, out and undecidable (instead of classical Dung acceptable and not acceptable sets). This kind of semantics have been studied only for classical AFs, while the more powerful weighted and preference-based frameworks have not been studied yet. In this paper, we define a novel labelling semantics for Weighted Argumentation Frameworks (WAFs), extending and generalizing the crisp one, and we provide some insights towards a definition of strong admissibility for WAFs.

Formula Synthesis in Propositional Dynamic Logic with Shuffle

Abstract: We introduce the formula-synthesis problem for Propositional Dynamic Logic with Shuffle (PDL || ). This problem, which generalises the model-checking problem againsts PDL || is the following: given a finite transition system and a regular term-grammar that generates (possibly infinitely many) PDL || formulas, find a formula generated by the grammar that is true in the structure (or return that there is none). We prove that the problem is undecidable in general, but add certain restrictions on the input structure or on the input grammar to yield decidability. In particular, we prove that (1) if the grammar only generates formulas in PDL (without shuffle), then the problem is EXPTIME-complete, and a further restriction to linear grammars is PSPACE-complete, and a further restriction to non-recursive grammars is NP-complete, and (2) if one restricts the input structure to have only simple paths then the problem is in 2-EXPTIME. This work is motivated by and opens up connections to other forms of synthesis from hierarchical descriptions, including HTN problems in Planning and Attack-tree Synthesis problems in Security.

Partial (In)Completeness in abstract interpretation: limiting the imprecision in program analysis

Abstract: Imprecision is inherent in any decidable (sound) approximation of undecidable program properties. In abstract interpretation this corresponds to the release of false alarms, e.g., when it is used for program analysis and program verification. As all alarming systems, a program analysis tool is credible when few false alarms are reported. As a consequence, we have to live together with false alarms, but also we need methods to control them. As for all approximation methods, also for abstract interpretation we need to estimate the accumulated imprecision during program analysis. In this paper we introduce a theory for estimating the error propagation in abstract interpretation, and hence in program analysis. We enrich abstract domains with a weakening of a metric distance. This enriched structure keeps coherence between the standard partial order relating approximated objects by their relative precision and the effective error made in this approximation. An abstract interpretation is precise when it is complete. We introduce the notion of partial completeness as a weakening of precision. In partial completeness the abstract interpreter may produce a bounded number of false alarms. We prove the key recursive properties of the class of programs for which an abstract interpreter is partially complete with a given bound of imprecision. Then, we introduce a proof system for estimating an upper bound of the error accumulated by the abstract interpreter during program analysis. Our framework is general enough to be instantiated to most known metrics for abstract domains.

String diagram rewrite theory III: Confluence with and without Frobenius

Abstract: Abstract In this paper, we address the problem of proving confluence for string diagram rewriting, which was previously shown to be characterised combinatorially as double-pushout rewriting with interfaces (DPOI) on (labelled) hypergraphs. For standard DPO rewriting without interfaces, confluence for terminating rewriting systems is, in general, undecidable. Nevertheless, we show here that confluence for DPOI, and hence string diagram rewriting, is decidable. We apply this result to give effective procedures for deciding local confluence of symmetric monoidal theories with and without Frobenius structure by critical pair analysis. For the latter, we introduce the new notion of path joinability for critical pairs, which enables finitely many joins of a critical pair to be lifted to an arbitrary context in spite of the strong non-local constraints placed on rewriting in a generic symmetric monoidal theory.

On the Relationship between Shy and Warded Datalog+/-

Abstract: Datalog^E is the extension of Datalog with existential quantification. While its high expressive power, underpinned by a simple syntax and the support for full recursion, renders it particularly suitable for modern applications on Knowledge Graphs, query answering (QA) over such language is known to be undecidable in general. For this reason, different fragments have emerged, introducing syntactic limitations to Datalog^E that strike a balance between its expressive power and the computational complexity of QA, to achieve decidability. In this short paper, we focus on two promising tractable candidates, namely Shy and Warded Datalog+/-. Reacting to an explicit interest from the community, we shed light on the relationship between these fragments. Moreover, we carry out an experimental analysis of the systems implementing Shy and Warded, respectively DLV^E and Vadalog.

Wetzel: Formalisation of an Undecidable Problem Linked to the Continuum Hypothesis

Abstract: In 1964, Paul Erd\H{o}s published a paper settling a question about function spaces that he had seen in a problem book. Erd\H{o}s proved that the answer was yes if and only if the continuum hypothesis was false: an innocent-looking question turned out to be undecidable in the axioms of ZFC. The formalisation of these proofs in Isabelle/HOL demonstrate the combined use of complex analysis and set theory, and in particular how the Isabelle/HOL library for ZFC integrates set theory with higher-order logic.

The Complexity of Evaluating nfer

Abstract: Nfer is a rule-based language for abstracting event streams into a hierarchy of intervals with data. Nfer has multiple implementations and has been applied in the analysis of spacecraft telemetry and autonomous vehicle logs. This work provides the first complexity analysis of nfer evaluation, i.e., the problem of deciding whether a given interval is generated by applying rules. We show that the full nfer language is undecidable and that this depends on both recursion in the rules and an infinite data domain. By restricting either or both of those capabilities, we obtain tight decidability results. We also examine the impact on complexity of exclusive rules and minimality. For the most practical case, which is minimality with finite data, we provide a polynomial time algorithm.

Guaranteeing Timed Opacity using Parametric Timed Model Checking

Abstract: Information leakage can have dramatic consequences on systems security. Among harmful information leaks, the timing information leakage occurs whenever an attacker successfully deduces confidential internal information. In this work, we consider that the attacker has access (only) to the system execution time. We address the following timed opacity problem: given a timed system, a private location and a final location, synthesize the execution times from the initial location to the final location for which one cannot deduce whether the system went through the private location. We also consider the full timed opacity problem, asking whether the system is opaque for all execution times. We show that these problems are decidable for timed automata (TAs) but become undecidable when one adds parameters, yielding parametric timed automata (PTAs). We identify a subclass with some decidability results. We then devise an algorithm for synthesizing PTAs parameter valuations guaranteeing that the resulting TA is opaque. We finally show that our method can also apply to program analysis.

Representability of matroids by c-arrangements is undecidable

Abstract: For a natural number c, a c-arrangement is an arrangement of dimension c subspaces satisfying the following condition: the sum of any subset of the subspaces has dimension a multiple of c. Matroids arising as normalized rank functions of c-arrangements are also known as multilinear matroids. We prove that it is algorithmically undecidable whether there exists a c such that a given matroid has a c-arrangement representation, or equivalently whether the matroid is multilinear. It follows that certain problems on network coding and secret sharing schemes are also undecidable. In the proof, we encode group presentations in frame matroids of rank three which we call generalized Dowling geometries: the construction is inspired by Dowling geometries of finite groups and by the von Staudt construction. The idea is to construct a reduction from the uniform word problem for finite groups to multilinear representability of matroids. The c-arrangement condition gives rise to some difficulties and their resolution is the main part of the paper.

Control of Real-Time Systems With Integer Parameters

Abstract: We consider the problem of synthesizing controllers for real-time systems where some timing features are not known with precision. We model the plant as a parametric timed automaton (PTA), i.e., a finite automaton equipped with real-valued clocks constraining its behavior, in which the timing constraints on these clocks can make use of parameters. The most general problem we study then consists in synthesizing both a controller and values for the parameters such that some control location of the automaton is reachable. It is, however, well-known that most nontrivial problems on parametric timed automata are undecidable and the classical techniques for the verification (and a fortiori for the control) of timed systems do not terminate in that setting. We, therefore, provide a restriction on the use of parameters to ensure the decidability of the control problems. Since in classical timed automata, real-valued clocks are always compared to integers for all practical purposes, we search for parameter values as bounded integers. Hence, we solve undecidability and termination issues, we provide terminating symbolic synthesis procedures, and our method retains most of the practical usefulness of PTA for the modeling of real-time systems.

Extendability of Simplicial Maps is Undecidable

Abstract: We present a short proof of the adek–Král–Matouek–Vokřínek–Wagner result from the title (in the following form due to Filakovský–Wagner–Zhechev). For any fixed even l there is no algorithm recognizing the extendability of the identity map of $$S^l$$ to a PL map $$X\rightarrow S^l$$ of given 2l-dimensional simplicial complex X containing a subdivision of $$S^l$$ as a given subcomplex. We also exhibit a gap in the Filakovský–Wagner–Zhechev proof that embeddability of complexes is undecidable in codimension $$>1$$ .

Solving Invariant Generation for Unsolvable Loops

Abstract: Automatically generating invariants, key to computer-aided analysis of probabilistic and deterministic programs and compiler optimisation, is a challenging open problem. Whilst the problem is in general undecidable, the goal is settled for restricted classes of loops. For the class of solvable loops, introduced by Kapur and Rodríguez-Carbonell in 2004, one can automatically compute invariants from closed-form solutions of recurrence equations that model the loop behaviour. In this paper we establish a technique for invariant synthesis for loops that are not solvable, termed unsolvable loops. Our approach automatically partitions the program variables and identifies the so-called defective variables that characterise unsolvability. We further present a novel technique that automatically synthesises polynomials, in the defective variables, that admit closed-form solutions and thus lead to polynomial loop invariants. Our implementation and experiments demonstrate both the feasibility and applicability of our approach to both deterministic and probabilistic programs.

Be Realistic: Automated Program Repair is a Combination of Undecidable Problems

Abstract: Automated program repair (APR) tools have promising results, but what are APR's limits? The answer could help researchers design tool trade-offs and manage user expectations. Since APR is undecidable, as are two of its typical phases, tools must use conservative approximations. Such approximations can help APR tools be better understood and can lead to a theory of sound APR.