Reasoning about programs

This paper describes a theorem prover that embodies knowledge about programming constructs, such as numbers, arrays, lists, and expressions. The program can reason about these concepts and is used as part of a program verification system that uses the Floyd-Naur explication of program semantics. It is implemented in the qa4 language; the qa4 system allows many pieces of strategic knowledge, each expressed as a small program, to be coordinated so that a program stands forward when it is relevant to the problem at hand. The language allows clear, concise representation of this sort of knowledge. The qa4 system also has special facilities for dealing with commutative functions, ordering relations, and equivalence relations; these features are heavily used in this deductive system. The program interrogates the user and asks his advice in the course of a proof. Verifications have been found for Hoare's FIND program, a real-number division algorithm, and some sort programs, as well as for many simpler algorithms. Additional theorems have been proved about a pattern matcher and a version of Robinson's unification algorithm. The appendix contains a complete, annotated listing of the deductive system and annotated traces of several of the deductions performed by the system.     

Thinking about Reasoning about Knowledge

Minds and Machines -     

Reasoning about equality

This note contains a set of six theorems that can be used to assess the ability of a theorem-proving system to reason about equality. The six theorems are graduated in terms of difficulty: they range from fairly trivial to quite difficult. They do not cover all aspects of equality reasoning, but they have proved useful to us in developing our system.This work was supported in part by National Science Foundation grant MCS82-07496 and in part by the Applied Mathematical Sciences Research Program (KC-04-02) of the Office of Energy Research of the U.S. Department of Energy under Contract W-31-109-Eng-38.     

Reasoning about memory layouts

Verification methods for memory-manipulating C programs need to address not only well-typed programs that respect invariants such as the split-heap memory model, but also programs that access through pointers arbitrary memory objects such as local variables, single struct fields, or array slices. We present a logic for memory layouts that covers these applications and show how proof obligations arising during the verification can be discharged automatically using the layouts. The framework developed in this way is also suitable for reasoning about data structures manipulated by algorithms, which we demonstrate by verifying the Schorr-Waite graph marking algorithm.     

Reasoning about agent deliberation

We present a family of sound and complete logics for reasoning about deliberation strategies for SimpleAPL programs. SimpleAPL is a fragment of the agent programming language 3APL designed for the implementation of cognitive agents with beliefs, goals and plans. The logics are variants of PDL, and allow us to prove safety and liveness properties of SimpleAPL agent programs under different deliberation strategies. We show how to axiomatise different deliberation strategies for SimpleAPL programs, and, for each strategy we prove a correspondence between the operational semantics of SimpleAPL and the models of the corresponding logic. We illustrate the utility of our approach with an example in which we show how to verify correctness properties for a simple agent program under different deliberation strategies.     

Reasoning about interactive system

Interactive systems have goals and characteristics that differ from those of batch systems. These differences lead to a need for new techniques, methods, and tools for manipulating and constructing interactive systems. The difference in structure between batch and interactive systems. The difference is considered, focusing on the distinction between command decomposition and component decomposition. The possible ways of solving a problem using an interactive system using action paths, which account for the relatively unconstrained actions of interactive users, are described. It is shown that interactivity is not an inherent characteristic of a system but rather a characteristic that depends on the error profile of its users. The requirements that interaction places on the underlying implementation, specifically the need for incrementality and integration, are considered. The results are applied to several existing classes of systems     

Reasoning about coalitional games

We develop, investigate, and compare two logic-based knowledge representation formalisms for reasoning about coalitional games. The main constructs of Coalitional Game Logic (cgl) are expressions for representing the ability of coalitions, which may be combined with expressions for representing the preferences that agents have over outcomes. Modal Coalitional Game Logic (mcgl) is a normal modal logic, in which the main construct is a modality for expressing the preferences of groups of agents. For both frameworks, we give complete axiomatisations, and show how they can be used to characterise solution concepts for coalitional games. We show that, while cgl is more expressive than mcgl, the former can only be used to reason about coalitional games with finitely many outcomes, while mcgl can be used to reason also about games with infinitely many outcomes, and is in addition more succinct. We characterise the computational complexity of satisfiability for cgl, and give a tableaux-based decision procedure.     

Reasoning algebraically about loops

We show how to formalise different kinds of loop constructs within the refinement calculus, and how to use this formalisation to derive general transformation rules for loop constructs. The emphasis is on using algebraic methods for reasoning about equivalence and refinement of loop constructs, rather than operational ways of reasoning about loops in terms of their execution sequences. We apply the algebraic reasoning techniques to derive a collection of transformation rules for action systems and for guarded loops. These include transformation rules that have been found important in practical program derivations: data refinement and atomicity refinement of action systems; and merging, reordering, and data refinement of loops with stuttering transitions. Received: 11 February 1998 / 18 March 1999     

Reasoning about Information Change

In this paper we introduce Dynamic Epistemic Logic, which is alogic for reasoning about information change in a multi-agent system. Theinformation structures we use are based on non-well-founded sets, and canbe conceived as bisimulation classes of Kripke models. On these structures,we define a notion of information change that is inspired by UpdateSemantics (Veltman, 1996). We give a sound and complete axiomatization ofthe resulting logic, and we discuss applications to the puzzle of the dirtychildren, and to knowledge programs.     

Meta-rules: Reasoning about control

How can we insure that knowledge embedded in a program is applied effectively? Traditionally the answer to this question has been sought in different problem solving paradigms and in different approaches to encoding and indexing knowledge. Each of these is useful with a certain variety of problem, but they all share a common problem: they become ineffective in the face of a sufficiently large knowledge base. How then can we make it possible for a system to continue to function in the face of a very large number of plausibly useful chunks of knowledge?In response to this question we propose a framework for viewing issues of knowledge indexing and retrieval, a framework that includes what appears to be a useful perspective on the concept of a strategy. We view strategies as a means of controlling invocation in situations where traditional selection mechanisms become ineffective. We examine ways to effect such control, and describe meta-rules, a means of specifying strategies which offers a number of advantages. We consider at some length how and when it is useful to reason about control, and explore the advantages meta-rules offer for doing this.     

Reasoning about XML update constraints

We introduce in this paper a class of constraints for describing how an XML document can evolve, namely XML update constraints. For these constraints, we study the implication problem, giving algorithms and complexity results for constraints of varying expressive power. Besides classical constraint implication, we also consider an instance-based approach in which we take into account data. More precisely, we study implication with respect to a current tree instance, resulting from a series of unknown updates. The main motivation of our work is reasoning about data integrity under update restrictions in contexts where owners may lose control over their data, such as in publishing or exchange.     

Reasoning about faulty quantum programs

We show how to use a programming language for formally describing and reasoning about errors in quantum computation. The formalisation is based on the concept of performing the correct operation with probability at least p, and the erroneous one with probability at most 1 − p. We apply the concept to two examples: Bell’s inequalities and the Deutsch–Jozsa quantum algorithm. The former is a fundamental thought experiment aimed at showing that Quantum Mechanics is not “local and realist”, and it is used in quantum cryptography protocols. We study it assuming faulty measurements, and we derive hardware reliability conditions that must be satisfied in order for the experiment to support its conclusions. The latter is a quantum algorithm for efficiently solving a classification problem for Boolean functions. The algorithm solves the problem with no error, but when we introduce faulty operations it becomes a two-sided error algorithm. Reasoning is accomplished via standard programming laws and quantum laws.     

Reasoning about keys for XML

We study absolute and relative keys for XML, and investigate their associated decision problems. We argue that these keys are important to many forms of hierarchically structured data including XML documents. In contrast to other proposals of keys for XML, we show that these keys are always (finitely) satisfiable, and their (finite) implication problem is finitely axiomatizable. Furthermore, we provide a polynomial time algorithm for determining (finite) implication in the size of keys. Our results also demonstrate, among other things, that the analysis of XML keys is far more intricate than its relational counterpart.     

Reasoning about action and change

Reasoning about change is a central issue in research on human and robot planning. We study an approach to reasoning about action and change in a dynamic logic setting and provide a solution to problems which are related to the Frame problem. Unlike most work on the frame problem the logic described in this paper is monotonic. It (implicitly) allows for the occurrence of actions of multiple agents by introducing non-stationary notions of waiting and test. The need to state a large number of frame axioms is alleviated by introducing a concept of chronological preservation to dynamic logic. As a side effect, this concept permits the encoding of temporal properties in a natural way. We compare the relative merits of our approach and non-monotonic approaches as regards different aspects of the frame problem. Technically, we show that the resulting extended systems of propositional dynamic logic preserve (weak) completeness, finite model property and decidability.     

Reasoning about Qualitative Spatial Relationships

In this paper, we consider various spatial relationships that are of general interest in pictorial database systems and other applications. We present a set of rules that allow us to deduce new relationships from a given set of relationships. A deductive mechanism using these rules can be used in query-processing systems that retrieve pictures by content. The given set of rules is shown to be sound; that is, the deductions are logically correct. The rules are also shown to be complete for three-dimensional systems; that is, every relationship that is implied by a given consistent set of relationships F is deducible from F using the given rules. In addition, we show that the given set of rules is incomplete for two-dimensional systems. We also present efficient algorithms for the deduction and reduction problems. The deduction problem consists of computing all the relationships deducible from a given set, while the reduction problem consists of computing a minimal subset of a given set of relationships that implies all the relationships in the given set.     

Lightweight Reasoning about Program Correctness

Automated verification tools vary widely in the types of properties they are able to analyze, the complexity of their algorithms, and the amount of necessary user involvement. In this paper we propose a framework for step-wise automatic verification and describe a lightweight scalable program analysis tool that combines abstraction and model checking. The tool guarantees that its True and False answers are sound with respect to the original system. We also check the effectiveness of the tool on an implementation of the Safety-Injection System.     

Reasoning about dynamically evolving process structures

We develop a Hoare-style proof system for reasoning about the behaviour of processes that interact via a dynamically evolving communication structure.