# Volume 11, Issue 3

2015

### 1. On the system CL12 of computability logic

Computability logic (see http://www.csc.villanova.edu/~japaridz/CL/) is a long-term project for redeveloping logic on the basis of a constructive game semantics, with games seen as abstract models of interactive computational problems. Among the fragments of this logic successfully axiomatized so far is CL12 --- a conservative extension of classical first-order logic, whose language augments that of classical logic with the so called choice sorts of quantifiers and connectives. This system has already found fruitful applications as a logical basis for constructive and complexity-oriented versions of Peano arithmetic, such as arithmetics for polynomial time computability, polynomial space computability, and beyond. The present paper introduces a third, indispensable complexity measure for interactive computations termed amplitude complexity, and establishes the adequacy of CL12 with respect to A-amplitude, S-space and T-time computability under certain minimal conditions on the triples (A,S,T) of function classes. This result very substantially broadens the potential application areas of CL12. The paper is self-contained, and targets readers with no prior familiarity with the subject.

### 2. Presenting Distributive Laws

Distributive laws of a monad T over a functor F are categorical tools for specifying algebra-coalgebra interaction. They proved to be important for solving systems of corecursive equations, for the specification of well-behaved structural operational semantics and, more recently, also for enhancements of the bisimulation proof method. If T is a free monad, then such distributive laws correspond to simple natural transformations. However, when T is not free it can be rather difficult to prove the defining axioms of a distributive law. In this paper we describe how to obtain a distributive law for a monad with an equational presentation from a distributive law for the underlying free monad. We apply this result to show the equivalence between two different representations of context-free languages.

### 3. Service-Oriented Logic Programming

We develop formal foundations for notions and mechanisms needed to support service-oriented computing. Our work builds on recent theoretical advancements in the algebraic structures that capture the way services are orchestrated and in the processes that formalize the discovery and binding of services to given client applications by means of logical representations of required and provided services. We show how the denotational and the operational semantics specific to conventional logic programming can be generalized using the theory of institutions to address both static and dynamic aspects of service-oriented computing. Our results rely upon a strong analogy between the discovery of a service that can be bound to an application and the search for a clause that can be used for computing an answer to a query; they explore the manner in which requests for external services can be described as service queries, and explain how the computation of their answers can be performed through service-oriented derivatives of unification and resolution, which characterize the binding of services and the reconfiguration of applications.

### 4. Proof Theory of a Multi-Lane Spatial Logic

We extend the Multi-lane Spatial Logic MLSL, introduced in previous work for proving the safety (collision freedom) of traffic maneuvers on a multi-lane highway, by length measurement and dynamic modalities. We investigate the proof theory of this extension, called EMLSL. To this end, we prove the undecidability of EMLSL but nevertheless present a sound proof system which allows for reasoning about the safety of traffic situations. We illustrate the latter by giving a formal proof for the reservation lemma we could only prove informally before. Furthermore we prove a basic theorem showing that the length measurement is independent from the number of lanes on the highway.

### 5. Deciding definability in FO2(<h,<v) on trees

We provide a decidable characterization of regular forest languages definable in FO2(<h,<v). By FO2(<h,<v) we refer to the two variable fragment of first order logic built from the descendant relation and the following sibling relation. In terms of expressive power it corresponds to a fragment of the navigational core of XPath that contains modalities for going up to some ancestor, down to some descendant, left to some preceding sibling, and right to some following sibling. We also show that our techniques can be applied to other two variable first-order logics having exactly the same vertical modalities as FO2(<h,<v) but having different horizontal modalities.

### 6. Constructing Fully Complete Models of Multiplicative Linear Logic

The multiplicative fragment of Linear Logic is the formal system in this family with the best understood proof theory, and the categorical models which best capture this theory are the fully complete ones. We demonstrate how the Hyland-Tan double glueing construction produces such categories, either with or without units, when applied to any of a large family of degenerate models. This process explains as special cases a number of such models from the literature. In order to achieve this result, we develop a tensor calculus for compact closed categories with finite biproducts. We show how the combinatorial properties required for a fully complete model are obtained by this glueing construction adding to the structure already available from the original category.

### 7. On Nested Sequents for Constructive Modal Logics

We present deductive systems for various modal logics that can be obtained from the constructive variant of the normal modal logic CK by adding combinations of the axioms d, t, b, 4, and 5. This includes the constructive variants of the standard modal logics K4, S4, and S5. We use for our presentation the formalism of nested sequents and give a syntactic proof of cut elimination.

### 8. Quantitative Approximation of the Probability Distribution of a Markov Process by Formal Abstractions

The goal of this work is to formally abstract a Markov process evolving in discrete time over a general state space as a finite-state Markov chain, with the objective of precisely approximating its state probability distribution in time, which allows for its approximate, faster computation by that of the Markov chain. The approach is based on formal abstractions and employs an arbitrary finite partition of the state space of the Markov process, and the computation of average transition probabilities between partition sets. The abstraction technique is formal, in that it comes with guarantees on the introduced approximation that depend on the diameters of the partitions: as such, they can be tuned at will. Further in the case of Markov processes with unbounded state spaces, a procedure for precisely truncating the state space within a compact set is provided, together with an error bound that depends on the asymptotic properties of the transition kernel of the original process. The overall abstraction algorithm, which practically hinges on piecewise constant approximations of the density functions of the Markov process, is extended to higher-order function approximations: these can lead to improved error bounds and associated lower computational requirements. The approach is practically tested to compute probabilistic invariance of the Markov process under study, and is compared to a known alternative approach from the literature.

### 9. Quantified Constraints and Containment Problems

The quantified constraint satisfaction problem $\mathrm{QCSP}(\mathcal{A})$ is the problem to decide whether a positive Horn sentence, involving nothing more than the two quantifiers and conjunction, is true on some fixed structure $\mathcal{A}$. We study two containment problems related to the QCSP. Firstly, we give a combinatorial condition on finite structures $\mathcal{A}$ and $\mathcal{B}$ that is necessary and sufficient to render $\mathrm{QCSP}(\mathcal{A}) \subseteq \mathrm{QCSP}(\mathcal{B})$. We prove that $\mathrm{QCSP}(\mathcal{A}) \subseteq \mathrm{QCSP}(\mathcal{B})$, that is all sentences of positive Horn logic true on $\mathcal{A}$ are true on $\mathcal{B}$, iff there is a surjective homomorphism from $\mathcal{A}^{|A|^{|B|}}$ to $\mathcal{B}$. This can be seen as improving an old result of Keisler that shows the former equivalent to there being a surjective homomorphism from $\mathcal{A}^\omega$ to $\mathcal{B}$. We note that this condition is already necessary to guarantee containment of the $\Pi_2$ restriction of the QCSP, that is $\Pi_2$-$\mathrm{CSP}(\mathcal{A}) \subseteq \Pi_2$-$\mathrm{CSP}(\mathcal{B})$. The exponent's bound of ${|A|^{|B|}}$ places the decision procedure for the model containment problem in non-deterministic double-exponential time complexity. We further show the exponent's bound $|A|^{|B|}$ to be close to tight by giving a sequence of structures $\mathcal{A}$ together with a fixed $\mathcal{B}$, $|B|=2$, such that there is a […]

### 10. Logics with rigidly guarded data tests

The notion of orbit finite data monoid was recently introduced by Bojanczyk as an algebraic object for defining recognizable languages of data words. Following Buchi's approach, we introduce a variant of monadic second-order logic with data equality tests that captures precisely the data languages recognizable by orbit finite data monoids. We also establish, following this time the approach of Schutzenberger, McNaughton and Papert, that the first-order fragment of this logic defines exactly the data languages recognizable by aperiodic orbit finite data monoids. Finally, we consider another variant of the logic that can be interpreted over generic structures with data. The data languages defined in this variant are also recognized by unambiguous finite memory automata.

### 11. Abstract Model Repair

Given a Kripke structure M and CTL formula $\varphi$, where M does not satisfy $\varphi$, the problem of Model Repair is to obtain a new model M' such that M' satisfies $\varphi$. Moreover, the changes made to M to derive M' should be minimum with respect to all such M'. As in model checking, state explosion can make it virtually impossible to carry out model repair on models with infinite or even large state spaces. In this paper, we present a framework for model repair that uses abstraction refinement to tackle state explosion. Our framework aims to repair Kripke Structure models based on a Kripke Modal Transition System abstraction and a 3-valued semantics for CTL. We introduce an abstract-model-repair algorithm for which we prove soundness and semi-completeness, and we study its complexity class. Moreover, a prototype implementation is presented to illustrate the practical utility of abstract-model-repair on an Automatic Door Opener system model and a model of the Andrew File System 1 protocol.

### 12. Detecting Unrealizability of Distributed Fault-tolerant Systems

Writing formal specifications for distributed systems is difficult. Even simple consistency requirements often turn out to be unrealizable because of the complicated information flow in the distributed system: not all information is available in every component, and information transmitted from other components may arrive with a delay or not at all, especially in the presence of faults. The problem of checking the distributed realizability of a temporal specification is, in general, undecidable. Semi-algorithms for synthesis, such as bounded synthesis, are only useful in the positive case, where they construct an implementation for a realizable specification, but not in the negative case: if the specification is unrealizable, the search for the implementation never terminates. In this paper, we introduce counterexamples to distributed realizability and present a method for the detection of such counterexamples for specifications given in linear-time temporal logic (LTL). A counterexample consists of a set of paths, each representing a different sequence of inputs from the environment, such that, no matter how the components are implemented, the specification is violated on at least one of these paths. We present a method for finding such counterexamples both for the classic distributed realizability problem and for the fault-tolerant realizability problem. Our method considers, incrementally, larger and larger sets of paths until a counterexample is found. For safety […]

### 13. Learning Regular Languages over Large Ordered Alphabets

This work is concerned with regular languages defined over large alphabets, either infinite or just too large to be expressed enumeratively. We define a generic model where transitions are labeled by elements of a finite partition of the alphabet. We then extend Angluin's L* algorithm for learning regular languages from examples for such automata. We have implemented this algorithm and we demonstrate its behavior where the alphabet is a subset of the natural or real numbers. We sketch the extension of the algorithm to a class of languages over partially ordered alphabets.

### 14. Quantitative Languages Defined by Functional Automata

A weighted automaton is functional if any two accepting runs on the same finite word have the same value. In this paper, we investigate functional weighted automata for four different measures: the sum, the mean, the discounted sum of weights along edges and the ratio between rewards and costs. On the positive side, we show that functionality is decidable for the four measures. Furthermore, the existential and universal threshold problems, the language inclusion problem and the equivalence problem are all decidable when the weighted automata are functional. On the negative side, we also study the quantitative extension of the realizability problem and show that it is undecidable for sum, mean and ratio. We finally show how to decide whether the language associated with a given functional automaton can be defined with a deterministic one, for sum, mean and discounted sum. The results on functionality and determinizability are expressed for the more general class of functional group automata. This allows one to formulate within the same framework new results related to discounted sum automata and known results on sum and mean automata. Ratio automata do not fit within this general scheme and different techniques are required to decide functionality.

### 15. Compositional Verification for Timed Systems Based on Automatic Invariant Generation

We propose a method for compositional verification to address the state space explosion problem inherent to model-checking timed systems with a large number of components. The main challenge is to obtain pertinent global timing constraints from the timings in the components alone. To this end, we make use of auxiliary clocks to automatically generate new invariants which capture the constraints induced by the synchronisations between components. The method has been implemented in the RTD-Finder tool and successfully experimented on several benchmarks.

### 16. Partial functions and domination

The current work introduces the notion of pdominant sets and studies their recursion-theoretic properties. Here a set A is called pdominant iff there is a partial A-recursive function {\psi} such that for every partial recursive function {\phi} and almost every x in the domain of {\phi} there is a y in the domain of {\psi} with y<= x and {\psi}(y) > {\phi}(x). While there is a full {\pi}01-class of nonrecursive sets where no set is pdominant, there is no {\pi}01-class containing only pdominant sets. No weakly 2-generic set is pdominant while there are pdominant 1-generic sets below K. The halves of Chaitin's {\Omega} are pdominant. No set which is low for Martin-Löf random is pdominant. There is a low r.e. set which is pdominant and a high r.e. set which is not pdominant.

### 17. On the Axiomatizability of Impossible Futures

A general method is established to derive a ground-complete axiomatization for a weak semantics from such an axiomatization for its concrete counterpart, in the context of the process algebra BCCS. This transformation moreover preserves omega-completeness. It is applicable to semantics at least as coarse as impossible futures semantics. As an application, ground- and omega-complete axiomatizations are derived for weak failures, completed trace and trace semantics. We then present a finite, sound, ground-complete axiomatization for the concrete impossible futures preorder, which implies a finite, sound, ground-complete axiomatization for the weak impossible futures preorder. In contrast, we prove that no finite, sound axiomatization for BCCS modulo concrete and weak impossible futures equivalence is ground-complete. If the alphabet of actions is infinite, then the aforementioned ground-complete axiomatizations are shown to be omega-complete. If the alphabet is finite, we prove that the inequational theories of BCCS modulo the concrete and weak impossible futures preorder lack such a finite basis.

### 18. Positive fragments of coalgebraic logics

Positive modal logic was introduced in an influential 1995 paper of Dunn as the positive fragment of standard modal logic. His completeness result consists of an axiomatization that derives all modal formulas that are valid on all Kripke frames and are built only from atomic propositions, conjunction, disjunction, box and diamond. In this paper, we provide a coalgebraic analysis of this theorem, which not only gives a conceptual proof based on duality theory, but also generalizes Dunn's result from Kripke frames to coalgebras for weak-pullback preserving functors. To facilitate this analysis we prove a number of category theoretic results on functors on the categories $\mathsf{Set}$ of sets and $\mathsf{Pos}$ of posets: Every functor $\mathsf{Set} \to \mathsf{Pos}$ has a $\mathsf{Pos}$-enriched left Kan extension $\mathsf{Pos} \to \mathsf{Pos}$. Functors arising in this way are said to have a presentation in discrete arities. In the case that $\mathsf{Set} \to \mathsf{Pos}$ is actually $\mathsf{Set}$-valued, we call the corresponding left Kan extension $\mathsf{Pos} \to \mathsf{Pos}$ its posetification. A $\mathsf{Set}$-functor preserves weak pullbacks if and only if its posetification preserves exact squares. A $\mathsf{Pos}$-functor with a presentation in discrete arities preserves surjections. The inclusion $\mathsf{Set} \to \mathsf{Pos}$ is dense. A functor $\mathsf{Pos} \to \mathsf{Pos}$ has a presentation in discrete arities if and only if it preserves coinserters of […]

### 19. Featherweight VeriFast

VeriFast is a leading research prototype tool for the sound modular verification of safety and correctness properties of single-threaded and multithreaded C and Java programs. It has been used as a vehicle for exploration and validation of novel program verification techniques and for industrial case studies; it has served well at a number of program verification competitions; and it has been used for teaching by multiple teachers independent of the authors. However, until now, while VeriFast's operation has been described informally in a number of publications, and specific verification techniques have been formalized, a clear and precise exposition of how VeriFast works has not yet appeared. In this article we present for the first time a formal definition and soundness proof of a core subset of the VeriFast program verification approach. The exposition aims to be both accessible and rigorous: the text is based on lecture notes for a graduate course on program verification, and it is backed by an executable machine-readable definition and machine-checked soundness proof in Coq.

### 20. Verification for Timed Automata extended with Unbounded Discrete Data Structures

We study decidability of verification problems for timed automata extended with unbounded discrete data structures. More detailed, we extend timed automata with a pushdown stack. In this way, we obtain a strong model that may for instance be used to model real-time programs with procedure calls. It is long known that the reachability problem for this model is decidable. The goal of this paper is to identify subclasses of timed pushdown automata for which the language inclusion problem and related problems are decidable.

### 21. Weak upper topologies and duality for cones

In functional analysis it is well known that every linear functional defined on the dual of a locally convex vector space which is continuous for the weak topology is the evaluation at a uniquely determined point of the given vector space. M. Schroeder and A. Simpson have obtained a similar result for lower semicontinuous linear functionals on the cone of all Scott-continuous valuations on a topological space endowed with the weak upper topology, an asymmetric version of the weak topology. This result has given rise to several proofs, originally by the Schroeder and Simpson themselves and, more recently, by the author of these Notes and by J. Goubault-Larrecq. The proofs developed from very technical arguments to more and more conceptual ones. The present Note continues on this line, presenting a conceptual approach inspired by classical functional analysis which may prove useful in other situations.

### 22. A correspondence between rooted planar maps and normal planar lambda terms

A rooted planar map is a connected graph embedded in the 2-sphere, with one edge marked and assigned an orientation. A term of the pure lambda calculus is said to be linear if every variable is used exactly once, normal if it contains no beta-redexes, and planar if it is linear and the use of variables moreover follows a deterministic stack discipline. We begin by showing that the sequence counting normal planar lambda terms by a natural notion of size coincides with the sequence (originally computed by Tutte) counting rooted planar maps by number of edges. Next, we explain how to apply the machinery of string diagrams to derive a graphical language for normal planar lambda terms, extracted from the semantics of linear lambda calculus in symmetric monoidal closed categories equipped with a linear reflexive object or a linear reflexive pair. Finally, our main result is a size-preserving bijection between rooted planar maps and normal planar lambda terms, which we establish by explaining how Tutte decomposition of rooted planar maps (into vertex maps, maps with an isthmic root, and maps with a non-isthmic root) may be naturally replayed in linear lambda calculus, as certain surgeries on the string diagrams of normal planar lambda terms.

### 23. Exact Unification and Admissibility

A new hierarchy of "exact" unification types is introduced, motivated by the study of admissible rules for equational classes and non-classical logics. In this setting, unifiers of identities in an equational class are preordered, not by instantiation, but rather by inclusion over the corresponding sets of unified identities. Minimal complete sets of unifiers under this new preordering always have a smaller or equal cardinality than those provided by the standard instantiation preordering, and in significant cases a dramatic reduction may be observed. In particular, the classes of distributive lattices, idempotent semigroups, and MV-algebras, which all have nullary unification type, have unitary or finitary exact type. These results are obtained via an algebraic interpretation of exact unification, inspired by Ghilardi's algebraic approach to equational unification.

### 24. New Directions in Categorical Logic, for Classical, Probabilistic and Quantum Logic

Intuitionistic logic, in which the double negation law not-not-P = P fails, is dominant in categorical logic, notably in topos theory. This paper follows a different direction in which double negation does hold. The algebraic notions of effect algebra/module that emerged in theoretical physics form the cornerstone. It is shown that under mild conditions on a category, its maps of the form X -> 1+1 carry such effect module structure, and can be used as predicates. Predicates are identified in many different situations, and capture for instance ordinary subsets, fuzzy predicates in a probabilistic setting, idempotents in a ring, and effects (positive elements below the unit) in a C*-algebra or Hilbert space. In quantum foundations the duality between states and effects plays an important role. It appears here in the form of an adjunction, where we use maps 1 -> X as states. For such a state s and a predicate p, the validity probability s |= p is defined, as an abstract Born rule. It captures many forms of (Boolean or probabilistic) validity known from the literature. Measurement from quantum mechanics is formalised categorically in terms of `instruments', using Lüders rule in the quantum case. These instruments are special maps associated with predicates (more generally, with tests), which perform the act of measurement and may have a side-effect that disturbs the system under observation. This abstract description of side-effects is one of the main achievements of the […]

### 25. Ellipses and Lambda Definability

Ellipses are a meta-linguistic notation for denoting terms the size of which are specified by a meta-variable that ranges over the natural numbers. In this work, we present a systematic approach for encoding such meta-expressions in the \^I-calculus, without ellipses: Terms that are parameterized by meta-variables are replaced with corresponding \^I-abstractions over actual variables. We call such \^I-terms arity-generic. Concrete terms, for particular choices of the parameterizing variable are obtained by applying an arity-generic \^I-term to the corresponding numeral, obviating the need to use ellipses. For example, to find the multiple fixed points of n equations, n different \^I-terms are needed, every one of which is indexed by two meta-variables, and defined using three levels of ellipses. A single arity-generic \^I-abstraction that takes two Church numerals, one for the number of fixed-point equations, and one for their arity, replaces all these multiple fixed-point combinators. We show how to define arity-generic generalizations of two historical fixed-point combinators, the first by Curry, and the second by Turing, for defining multiple fixed points. These historical fixed-point combinators are related by a construction due to B\~Ahm: We show that likewise, their arity-generic generalizations are related by an arity-generic generalization of B\~Ahm's construction. We further demonstrate this approach to arity-generic \^I-definability with additional \^I-terms […]