No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
Automated Theorem Proving: A Logical Basis
... Step (33) follows from the definition of ρ and step (29). ...
... Case v ∈ Dom(τ ). Then, by (33), v / ∈ Dom(ρ), hence vµ = vρµ. ...
... For the goal-driven first-order provers such as leanCoP [45], SETHEO [30] or PTTP [57], which may described as based on clausal tableaux [28], the CM [4,6] or model elimination [33], the problem remains out of reach. This is not surprising, given that these systems in essence enumerate tree structures whose size is linearly related to the tree size of D-terms, 435 and 491 for Łukasiewicz's proof and Meredith's variation, respectively, and 64 as currently known Table 6 Properties of the proof LCL038-1 found by Prover9 in default settings if in input clause Det the major premise appears after the minor premise along with the effects of reductions on the proof. ...
We introduce and elaborate a novel formalism for the manipulation and analysis of proofs as objects in a global manner. In this first approach the formalism is restricted to first-order problems characterized by condensed detachment. It is applied in an exemplary manner to a coherent and comprehensive formal reconstruction and analysis of historical proofs of a widely-studied problem due to {\L}ukasiewicz. The underlying approach opens the door towards new systematic ways of generating lemmas in the course of proof search to the effects of reducing the search effort and finding shorter proofs. Among the numerous reported experiments along this line, a proof of {\L}ukasiewicz's problem was automatically discovered that is much shorter than any proof found before by man or machine.
... The interested reader can find complementary material in books (e.g., [34,35,65,113,120,141,163]), surveys about theorem proving in general (e.g., [37,45,48,117,136,139]), surveys about resolution, rewriting, and equational reasoning (e.g., [11,12,76,78,83,130,137]), and surveys of tableaux-based strategies (e.g., [18,93,114,116]), instance-based strategies (e.g., [103,108]), model-based methods [51], and conflict-driven methods [47]. This article has historic contents, but given its focus on one scientist-Larry Wos-it cannot be a well-rounded account of the early history of theorem proving. ...
... The inference system with resolution and factoring as expansion inference rules, and tautology deletion, purity deletion, subsumption, and clausal simplification as contraction inference rules, is sound and adequate, and it is refutationally complete [149], provided forward subsumption is applied before backward subsumption [53,111,120]. As remarked in [120], the reason for this proviso is that the subsumption ordering defined by C __ D if Cσ ⊆ D is not well-founded. ...
... The inference system with resolution and factoring as expansion inference rules, and tautology deletion, purity deletion, subsumption, and clausal simplification as contraction inference rules, is sound and adequate, and it is refutationally complete [149], provided forward subsumption is applied before backward subsumption [53,111,120]. As remarked in [120], the reason for this proviso is that the subsumption ordering defined by C __ D if Cσ ⊆ D is not well-founded. More precisely, __ is not an ordering, it is a quasi-ordering, and the induced equivalence relation C . ...
This article is a tribute to the scientific legacy of automated reasoning pioneer and JAR founder Lawrence T. (Larry) Wos. Larry’s main technical contributions were the set-of-support strategy for resolution theorem proving, and the demodulation and paramodulation inference rules for building equality into resolution. Starting from the original definitions of these concepts in Larry’s papers, this survey traces their evolution, unearthing the often forgotten trails that connect Larry’s original definitions to those that became standard in the field.
... First, methods that are goal-sensitive, typically proceeding with the tableau construction "top-down", by "backward reasoning", starting with clauses from the theorem in contrast to the axioms. Aside of clausal tableaux in the literal sense, techniques to specify and investigate such methods include model elimination [53], the connection method [10,11], and the Prolog Technology Theorem Prover [74]. One of the leading first-order proving systems of the 1990s, SETHEO [51], followed that approach. ...
... As demonstrated with the two different tableaux for the same inputs in Example 9 on page 11, there exist in general quite different closed clausal tableaux for a given clausal formula, leading to different extracted interpolants. For top-down methods such as model elimination [53] and the connection method [10,11], the constructed tableau is often largely determined by the chosen start clause, that is, the clause attached to the root. The addition of further clauses is then guided by the requirement that it closes an open branch through the connection condition, that is, the last literal on the branch is the complement of a literal in the clause. ...
We develop foundations for computing Craig-Lyndon interpolants of two given formulas with first-order theorem provers that construct clausal tableaux. Provers that can be understood in this way include efficient machine-oriented systems based on calculi of two families: goal-oriented such as model elimination and the connection method, and bottom-up such as the hypertableau calculus. We present the first interpolation method for first-order proofs represented by closed tableaux that proceeds in two stages, similar to known interpolation methods for resolution proofs. The first stage is an induction on the tableau structure, which is sufficient to compute propositional interpolants. We show that this can linearly simulate different prominent propositional interpolation methods that operate by an induction on a resolution deduction tree. In the second stage, interpolant lifting, quantified variables that replace certain terms (constants and compound terms) by variables are introduced. We justify the correctness of interpolant lifting (for the case without built-in equality) abstractly on the basis of Herbrand’s theorem and for a different characterization of the formulas to be lifted than in the literature. In addition, we discuss various subtle aspects that are relevant for the investigation and practical realization of first-order interpolation based on clausal tableaux.
... First, methods that are goal-sensitive, typically proceeding with the tableau construction "top-down", by "backward reasoning", starting with clauses from the theorem in contrast to the axioms. Aside of clausal tableaux in the literal sense, techniques to specify and investigate such methods include model elimination [52], the connection method [10,11], and the Prolog Technology Theorem Prover [73]. One of the leading first-order proving systems of the 1990s, SETHEO [50], followed that approach. ...
... As demonstrated with the two different tableaux for the same inputs in Example 9 on p. 11, there exist in general quite different closed clausal tableaux for a given clausal formula, leading to different extracted interpolants. For top-down methods such as model elimination [52] and the connection method [10,11], the constructed tableau is often largely determined by the chosen start clause, that is, the clause attached to the root. The addition of further clauses is then guided by the requirement that it closes an open branch through the connection condition, that is, the last literal on the branch is the complement of a literal in the clause. ...
We develop foundations for computing Craig-Lyndon interpolants of two given formulas with first-order theorem provers that construct clausal tableaux. Provers that can be understood in this way include efficient machine-oriented systems based on calculi of two families: goal-oriented such as model elimination and the connection method, and bottom-up such as the hypertableau calculus. Similar to known resolution-based interpolation methods our method proceeds in two stages. The first stage is an induction on the tableau structure, which is sufficient to compute propositional interpolants. We show that this can linearly simulate different prominent propositional interpolation methods that operate by an induction on a resolution deduction tree. In the second stage, interpolant lifting, quantified variables that replace certain terms (constants and compound terms) by variables are introduced. Correctness of this second stage was apparently shown so far on the basis of resolution and paramodulation with an error concerning equality, on the basis of resolution with paramodulation and superposition for a special case, and on the basis of a natural deduction calculus without taking equality into special account. Here the correctness of interpolant lifting is justified abstractly on the basis of Herbrand's theorem and based on a different characterization of the formulas to be lifted than in the literature (without taking equality into special account). In addition, we discuss various subtle aspects that are relevant for the investigation and practical realization of first-order interpolation based on clausal tableaux.
... Based on Lemma 4.4 and Lemma 4.5, every state, transition, and variable in Y have an unique corresponding location, edge, and variable in U . The semantics transitions of Y and U, i.e., formula (19) and formula (20), are equivalent. Therefore, Y and U have the equivalent execution traces under the same initial system statuses, which means Y and U are equivalent. ...
... However for safety-critical medical guideline systems, validation by medical staff alone is not adequate for guaranteeing safety, formal verifications are needed. The formal model based approaches [5,7,20] are appealing because they provide a unified basis for formal analysis to achieve the expected level of safety guarantees. Unfortunately, most existing medical guideline models, such as Asbru [3] and GLARE [28], do not provide formal verification capability. ...
Improving the effectiveness and safety of patient care is the ultimate objective for medical cyber-physical systems. Many medical best practice guidelines exist, but most of the existing guidelines in handbooks are difficult for medical staff to remember and apply clinically. Furthermore, although the guidelines have gone through clinical validations, validations by medical professionals alone do not provide guarantees for the safety of medical cyber-physical systems. Hence, formal verification is also needed. The paper presents the formal semantics for a framework that we developed to support the development of verifiably safe medical guidelines. The framework allows computer scientists to work together with medical professionals to transform medical best practice guidelines into executable statechart models, Yakindu in particular, so that medical functionalities and properties can be quickly prototyped and validated. Existing formal verification technologies, UPPAAL timed automata in particular, is integrated into the framework to provide formal verification capabilities to verify safety properties. However, some components used/built into the framework, such as the open-source Yakindu statecharts as well as the transformation rules from statecharts to timed automata, do not have built-in semantics. The ambiguity becomes unavoidable unless formal semantics is defined for the framework, which is what the paper is to present.
... To mitigate this, symbolic model checkers like NuSMVCimatti et al. [2002] employ binary decision diagrams, which offer a more efficient representation of stateful dynamics. Additionally, bounded model checkers likeCBMC Kroening and Tautschnig [2014] adopt a different strategy by unrolling the transition system for a predetermined number of steps, thereby circumventing the need to explore the entire state space.In contrast, theorem proving techniquesGordon and Melham [1993],Fitting [2012],Bibel [2013],Loveland [2016] boast greater generality and expressiveness but typically necessitate human intervention, commonly leveraging proof assistants to facilitate correctness verification through human-machine collaboration. Prominent proof assistants enable a more interactive and comprehensive way of correctness verification, including IsabelleNipkow et al. [2002], F*Swamy et al. [2016], and Lean4 Moura and Ullrich[2021]. ...
Correctness is a necessary condition for systems to be effective in meeting human demands, thus playing a critical role in system development. However, correctness often manifests as a nebulous concept in practice, leading to challenges in accurately creating specifications, effectively proving correctness satisfiability, and efficiently implementing correct systems. Motivated by tackling these challenges, this paper introduces Transition-Oriented Programming (TOP), a programming paradigm to facilitate the development of provably correct systems by intertwining correctness specification, verification, and implementation within a unified theoretical framework.
... Alternate accounts and views are provided by model elimination[34] and the connection method[7,8]. ...
We show how variations of range-restriction and also the Horn property can be passed from inputs to outputs of Craig interpolation in first-order logic. The proof system is clausal tableaux, which stems from first-order ATP. Our results are induced by a restriction of the clausal tableau structure, which can be achieved in general by a proof transformation, also if the source proof is by resolution/paramodulation. Primarily addressed applications are query synthesis and reformulation with interpolation. Our methodical approach combines operations on proof structures with the immediate perspective of feasible implementation through incorporating highly optimized first-order provers.
... Runtime Verification (RV) [7] is a kind of formal verification technique that focuses on checking the behaviour of software/hardware systems. With respect to other formal verification techniques, such as Model Checking [23] and Theorem Provers [24], RV is considered more dynamic and lightweight. This is mainly due to its being completely focused on checking how the system behaves while the latter is currently running. ...
This paper presents a Runtime Verification (RV) approach for Multi-Agent Systems (MAS) using the JaCaMo framework. Our objective is to bring a layer of security to the MAS. This is achieved keeping in mind possible safety-critical uses of the MAS, such as robotic applications. This layer is capable of controlling events during the execution of the system without needing a specific implementation in the behaviour of each agent to recognise the events. In this paper, we mainly focus on MAS when used in the context of hybrid intelligence. This use requires communication between software agents and human beings. In some cases, communication takes place via natural language dialogues. However, this kind of communication brings us to a concern related to controlling the flow of dialogue so that agents can prevent any change in the topic of discussion that could impair their reasoning. The latter may be a problem and undermine the development of the software agents. In this paper, we tackle this problem by proposing and demonstrating the implementation of a framework that aims to control the dialogue flow in a MAS; especially when the MAS communicates with the user through natural language to aid decision-making in a hospital bed allocation scenario.
... elimination [37], clausal tableaux [33] and the CM. They enumerate proof structures while propagating variable bindings initialized by the goal through unification, and hence proceed in an inherently goal-driven way. ...
Noting that lemmas are a key feature of mathematics, we engage in an investigation of the role of lemmas in automated theorem proving. The paper describes experiments with a combined system involving learning technology that generates useful lemmas for automated theorem provers, demonstrating improvement for several representative systems and solving a hard problem not solved by any system for twenty years. By focusing on condensed detachment problems we simplify the setting considerably, allowing us to get at the essence of lemmas and their role in proof search.
... The mainstream approach for program synthesis is to specify a formal grammar that allows to incrementally enumerate the space of possible programs, and to leverage the satisfiability machinery of SMT solvers to validate whether a candidate program is actually a solution. With this regard, work on theorem proving is also related to program synthesis, specially since SMT solvers allow the representation and satisfaction of first-order logic formulae [60]. Lastly, another popular trend in program synthesis is Programming by sketches that addresses program 4 ...
Planning as heuristic search is one of the most successful approaches to classical planning but unfortunately, it does not extend trivially to Generalized Planning (GP). GP aims to compute algorithmic solutions that are valid for a set of classical planning instances from a given domain, even if these instances differ in the number of objects, the number of state variables, their domain size, or their initial and goal configuration. The generalization requirements of GP make it impractical to perform the state-space search that is usually implemented by heuristic planners. This paper adapts the planning as heuristic search paradigm to the generalization requirements of GP, and presents the first native heuristic search approach to GP. First, the paper introduces a new pointer-based solution space for GP that is independent of the number of classical planning instances in a GP problem and the size of those instances (i.e. the number of objects, state variables and their domain sizes). Second, the paper defines a set of evaluation and heuristic functions for guiding a combinatorial search in our new GP solution space. The computation of these evaluation and heuristic functions does not require grounding states or actions in advance. Therefore our GP as heuristic search approach can handle large sets of state variables with large numerical domains, e.g.~integers. Lastly, the paper defines an upgraded version of our novel algorithm for GP called Best-First Generalized Planning (BFGP), that implements a best-first search in our pointer-based solution space, and that is guided by our evaluation/heuristic functions for GP.
... For example, cardinality constraints are accidentally specified for a non-exiting relation (constituting a syntax error), or on incompatible source and target classes (constituting a type error). Secondly, formal analysis or mathematical proofs (manual or automated theorem proving [14,31,93,114]) can be performed on the formal language specification, in order to verify properties of the DSML, to further detect semantic errors in the language specification, such as inconsistency among well-formedness rules, or to simulate the formal semantics of the language. Taking the Alloy-based Lightning language workbench for example, the following two verification scenarios can be envisioned: (1) To check if the language (as it is designed) has a property P, we can wrap P in the form of an assertion and check it against the Alloy model, which is the formal counterpart of the language specification. ...
Enterprise models have the potential to constitute a valuable asset for organizations, e.g., in terms of enabling a variety of analyses or by fostering cross-organizational communication. Therefore, while designing an enterprise modeling method one needs to ensure that created enterprise models are of good quality in terms of: (1) syntactic validity, which entails that a model adheres to syntactic rules encoded in the underlying modeling language, (2) semantic validity, i.e., that the model should make sense in its context of use, and (3) pragmatic validity, i.e., that the model should effectively and efficiently serve the intended purpose. To ensure these three validity types, verification and validation (V &V) techniques need to be exploited while designing the enterprise modeling method, e.g., to check created enterprise models against syntactic rules, or to ensure intra- and inter-model consistency. This paper targets the systematic embedding of V &V techniques into the engineering of (enterprise) domain-specific modeling methods (DSMMs). Specifically, after identifying and analyzing existing DSMM engineering approaches, we synthesize their elements (such as typical phases and steps) and enrich them with V &V techniques. This paper is an extension of our previous work and additionally contributes (1) a systematic analysis of a wider set of existing approaches to DSMM engineering, (2) an extended background that covers information on models, modeling languages and modeling methods, (3) additional details regarding selected validation and verification techniques for each phase, and finally (4) a road-map encompassing desiderata for further advances in V &V in domain-specific modeling method engineering, from the perspectives of practice, research and education.
... Goal-driven first-order provers such as leanCoP [30], PTTP [41], SETHEO [25] and CMProver [48], which can be described as based on clausal tableaux [23], the connection method [6,8] or model elimination [27], in essence enumerate tree-shaped proof structures, interwoven with unification of formulas that are associated with nodes of the structures. While such provers do not compete with state-of-the art systems in the range of solvable problems, they have merits that are relevant in certain contexts: Proofs are typically emitted as data structures of simple and detailed forms, making them suitable as inputs for further processing. ...
Representing a proof tree by a combinator term that reduces to the tree lets subtle forms of duplication within the tree materialize as duplicated subterms of the combinator term. In a DAG representation of the combinator term these straightforwardly factor into shared subgraphs. To search for proofs, combinator terms can be enumerated, like clausal tableaux, interwoven with unification of formulas that are associated with nodes of the enumerated structures. To restrict the search space, the enumeration can be based on proof schemas defined as parameterized combinator terms. We introduce here this "combinator term as proof structure" approach to automated first-order proving, present an implementation and first experimental results. The approach builds on a term view of proof structures rooted in condensed detachment and the connection method. It realizes features known from the connection structure calculus, which has not been implemented so far.
... However, there are reasons to believe that machine intelligence may, in limited domains, begin to complement human reasoning systems in the coming decades. In mathematical and computational fields, where theories deal with more precisely defined entities and much of inference is deductive in nature, there are many examples of automated systems solving nontrivial problems-most commonly under the guise of automated theorem proving (Loveland, 2016). However, isolated examples of automated systems inductively discovering new insights with little or no human intervention can be found in the biological sciences too (e.g., R. D. King et al., 2009). ...
... Runtime Verification (RV) [10] is a kind of formal verification technique that focuses on checking the behaviour of software/hardware systems. With respect to other formal verification techniques, such as Model Checking [15] and Theorem Provers [27], RV is considered more dynamic and lightweight. This is mainly due to its being completely focused on checking how the system behaves, while the latter is currently running. ...
This paper presents a Runtime Verification (RV) approach for Multi-Agent Systems (MAS) using the JaCaMo framework. Our objective is to bring a layer of security to the MAS. This layer is capable of controlling events during the execution of the system without needing a specific implementation in the behaviour of each agent to recognise the events. MAS have been used in the context of hybrid intelligence. This use requires communication between software agents and human beings. In some cases, communication takes place via natural language dialogues. However, this kind of communication brings us to a concern related to controlling the flow of dialogue so that agents can prevent any change in the topic of discussion that could impair their reasoning. We demonstrate the implementation of a monitor that aims to control this dialogue flow in a MAS that communicates with the user through natural language to aid decision-making in hospital bed allocation.
... Runtime Verification (RV) [10] is a kind of formal verification technique that focuses on checking the behaviour of software/hardware systems. With respect to other formal verification techniques, such as Model Checking [15] and Theorem Provers [27], RV is considered more dynamic and lightweight. This is mainly due to its being completely focused on checking how the system behaves, while the latter is currently running. ...
... Third, the system model is checked against formally specified properties to guarantee that the system retains them. This can be done via Theorem Proving [41] or Model Checking [42]. We use the latter to verify the implementation of system sub-modules, and the former to prove new properties derived from the combination (conjunction) of machine model axioms and sub-properties that were proved for the implementation of individual sub-modules. ...
There are many well-known techniques to secure sensed data in IoT/CPS systems, e.g., by authenticating communication end-points, encrypting data before transmission, and obfuscating traffic patterns. Such techniques protect sensed data from external adversaries while assuming that the sensing device itself is secure. Meanwhile, both the scale and frequency of IoT-focused attacks are growing. This prompts a natural question: how to protect sensed data even if all software on the device is compromised? Ideally, in order to achieve this, sensed data must be protected from its genesis, i.e., from the time when a physical analog quantity is converted into its digital counterpart and becomes accessible to software. We refer to this property as PfB: Privacy-from-Birth. In this work, we formalize PfB and design Verified Remote Sensing Authorization (VERSA) -- a provably secure and formally verified architecture guaranteeing that only correct execution of expected and explicitly authorized software can access and manipulate sensing interfaces, specifically, General Purpose Input/Output (GPIO), which is the usual boundary between analog and digital worlds on IoT devices. This guarantee is obtained with minimal hardware support and holds even if all device software is compromised. VERSA ensures that malware can neither gain access to sensed data on the GPIO-mapped memory nor obtain any trace thereof. VERSA is formally verified and its open-sourced implementation targets resource-constrained IoT edge devices, commonly used for sensing. Experimental results show that PfB is both achievable and affordable for such devices.
... not continue to apply modus ponens as above. Indeed much of the initial work of computer scientists in 1950s and 1960s concerned ATP and, working largely within rigid systems such as Principia Mathematica, they enjoyed some success; but it was soon realised that development of more effective heuristics would be necessary to move the enterprise forward (see Loveland [2016] or Bledsoe [1984] for a discussion of the early developments in automated theorem proving). Such a situation has persisted: robust automated theorem proving is still very much an open problem Avigad and Harrison [2014], and the bulk of the work in the area is still devoted to intelligent proof guidance Sutcliffe and Suttner [2001], Urban et al. [2010], with a growing trend to derive such guidance from machine learning (Loos et al. [2017], Schulz and Sutcliffe [2015], Bridge et al. [2014]. ...
This paper presents FASTFOOD, a rule-based Natural Language Generation Program for cooking recipes. Recipes are generated by using an Automated Theorem Proving procedure to select the ingredients and instructions, with ingredients corresponding to axioms and instructions to implications. FASTFOOD also contains a temporal optimization module which can rearrange the recipe to make it more time-efficient for the user, e.g. the recipe specifies to chop the vegetables while the rice is boiling. The system is described in detail, using a framework which divides Natural Language Generation into 4 phases: content production, content selection, content organisation and content realisation. A comparison is then made with similar existing systems and techniques.
... relevant state space exhaustively (such as BDD-based techniques) [9] or other theorem proving techniques [33], which requires enormous time or highly skilled specialists. ...
Open environmental software systems are often time-sensitive, as they need to respond to other entities within the systems and/or in the environments promptly. The timing requirements are therefore an essential part of the system correctness. Scenario-based specifications (SBS) such as message sequence charts and UML interaction models play an important role in specifying open environmental software systems since they intuitively model interactions between different entities. While modelling these systems, the timing requirements can be specified as timing constraints. In this paper, we study the problem of checking the timing consistency of SBS with timing constraints. Although this problem can be transformed into a reachability analysis problem, checking its reachability can still be time-consuming. Therefore, we propose a novel SAT and linear programming (LP) collaborative timing analysis approach named Tassat for the bounded timing analysis of SBS. Instead of using depth-first traversal algorithms, Tassat encodes the structures of the SBS into propositional formulas and adopts SAT solvers to find candidate paths. The timing analysis of candidate paths is then transformed to LP problems, where the irreducible infeasible set of the infeasible paths can be utilized to filter out candidate paths for checking. In addition, we propose an enhanced version of the approach that extends the bounded analysis results to the entire models if the infeasible path segments do not contain intermediate loops. The enhanced algorithm can prove that the given SBS satisfy the required properties on any bound condition. The experimental results show that Tassat is effective and has better performance than existing tools in terms of both time consumption and memory footprint.
... Runtime Verification (RV) is a well-known lightweight formal verification technique [5]. Similar to other existing formal verification techniques, such as Model Checking [9] and Theorem Proving [21], it aims to verify the system behaviour, usually referred to as the System Under Analysis (SUA). Such a system can be composed of both software and hardware components, and the formal verification technique of choice is used to verify that everything works as expected. ...
... Runtime Verification (RV) is a well-known lightweight formal verification technique [5]. Similar to other existing formal verification techniques, such as Model Checking [9] and Theorem Proving [21], it aims to verify the system behaviour, usually referred to as the System Under Analysis (SUA). Such a system can be composed of both software and hardware components, and the formal verification technique of choice is used to verify that everything works as expected. ...
Runtime Verification is a lightweight formal verification technique. It is used to verify at runtime whether the system under analysis behaves as expected. The expected behaviour is usually formally specified by means of properties, which are used to automatically synthesise monitors. A monitor is a device that, given a sequence of events representing a system execution, returns a verdict symbolising the satisfaction or violation of the formal property. Properties that can (resp. cannot) be verified at runtime by a monitor are called monitorable and non-monitorable, respectively. In this paper, we revise the notion of monitorability from a practical perspective, where we show how non-monitorable properties can still be used to generate partial monitors, which can partially check the properties. Finally, we present the implications both from a theoretical and practical perspectives.
... However, these techniques tend to verify simple properties only. On the other end of the spectrum, there are interactive techniques for verification such theorem provers [12]. These techniques aim at more complex properties, but demand the interaction of users to help the verification. ...
Computer simulations have become a very powerful tool for scientific research. Given the vast complexity that comes with many open scientific questions, a purely analytical or experimental approach is often not viable. For example, biological systems comprise an extremely complex organization and heterogeneous interactions across different spatial and temporal scales. In order to facilitate research on such problems, the BioDynaMo project aims at a general platform for computer simulations for biological research. Since scientific investigations require extensive computer resources, this platform should be executable on hybrid cloud computing systems, allowing for the efficient use of state-of-the-art computing technology. This chapter describes challenges during the early stages of the software development process. In particular, we describe issues regarding the implementation and the highly interdisciplinary as well as international nature of the collaboration. Moreover, we explain the methodologies, the approach, and the lessons learned by the team during these first stages.
... Both methods have been successfully applied to verify the correctness of nontrivial circuits. Theorem proving [27], [28] was applied for the verification of complex circuits like floating-point units [29]. Model checking [30], [31], an algorithmic method to check transitions systems against temporal-logic specifications, is the dominant method in formal circuit verification of CMOS circuits, e. g., with respect to sequential specifications and functional correctness [32]. ...
We present a new approach for early analysis of logic gates that is based on formal methods.As device technology research takes years and is very expensive, it is desirable to evaluate a technology’s potential as early as possible, which is hard to do with current techniques. The actual impact of new devices on circuit design and their performance in complex circuits, are difficult to predict using simulationbased techniques. We propose a new approach that supplements simulation-based analysis and enables the development of standard cells alongside ongoing fundamental device research. Thereby, it potentially shortens the development cycle and time to market of a new technology. We develop a new discrete charge-transport model for electrical networks and a new flexible model of polarity-reconfigurable transistors as our formal basis. These models make circuit designs accessible to an analysis using probabilistic model checking and power our experiments. Besides worst-case analysis, we leverage measures hardly accessible to simulation such as average delay and average energy consumption per switching operation. We complement this with an automated design-space exploration that yields all reasonable implementations of a switching function built with reconfigurable transistors. After demonstrating the accuracy of our approach by comparison with finite element method analysis results, we undergo a comprehensive design-space exploration and analysis of the 3-minority function. The quantitative results are ranked with respect to various performance metrics, and we analyze the most promising circuit implementations in detail to derive a design guide that yields the best implementation for given statistics of the input patterns.
... Logical thinking, probabilistic reasoning and data-driven machine learning are the paradigms that have informed the conceptual foundation of AI-Thinking [20]. The use of AI as an analysis tool, the representation of data-driven complex information, as well as the development of AI are exemplars of cognitive involvement in AI-Thinking [21]. ...
According to the World Bank, a key factor to poverty reduction and improving prosperity is financial inclusion. Financial service providers (FSPs) offering financially-inclusive solutions need to understand how to approach the underserved successfully. The application of artificial intelligence (AI) on legacy data can help FSPs to anticipate how prospective customers may respond when they are approached. However, it remains challenging for FSPs who are not well-versed in computer programming to implement AI projects. This paper proffers a no-coding human-centric AI-based approach to simulate the possible dynamics between the financial profiles of prospective customers collected from 45,211 contact encounters and predict their intentions toward the financial products being offered. This approach contributes to the literature by illustrating how AI for social good can also be accessible for people who are not well-versed in computer science. A rudimentary AI-based predictive modeling approach that does not require programming skills will be illustrated in this paper. In these AI-generated multi-criteria optimizations, analysts in FSPs can simulate scenarios to better understand their prospective customers. In conjunction with the usage of AI, this paper also suggests how AI-Thinking could be utilized as a cognitive scaffold for educing (drawing out) actionable insights to advance financial inclusion.
... Logical reasoning, probabilistic reasoning and deep data-driven learning are the main theoretical paradigms that have shaped research in AI-Thinking [28]. AI-Thinking is involved cognitively in the use of AI as a method for research, in dynamic representations of complex knowledge, and in AI-development [29]. ...
According to the World Health Organization (WHO) and the World Bank, malnutrition is one of the most serious but least-addressed development challenges in the world. Malnutrition refers to the malfunction or imbalance of nutrition, which could be influenced not only by under-nourishment, but also by over-nourishment. The significance of this paper is that it shows how artificial intelligence (AI) can be democratized to enable analysts who are not trained in computer science to also use human-centric explainable-AI to simulate the possible dynamics between malnutrition, health and population indicators in a dataset collected from 180 countries by the World Bank. This AI-based human-centric probabilistic reasoning approach can also be used as a cognitive scaffold to educe (draw out) AI-Thinking in analysts to ask further questions and gain deeper insights. In this study, a rudimentary beginner-friendly AI-based Bayesian predictive modeling approach was used to demonstrate how human-centric probabilistic reasoning could be utilized to analyze the dynamics of global malnutrition and optimize conditions for achieving the best-case scenario. Conditions of the worst-case “Black Swan” scenario were also simulated, and they could be used to inform stakeholders to prevent them from happening. Thus, the nutritional and health status of vulnerable populations could be ameliorated.
... Logical reasoning, probabilistic reasoning and deep data-driven learning are the main theoretical paradigms that have influenced the conceptual framework of AI-Thinking [24]. The use of AI as a tool of analyses, representation of complex knowledge and development of AI are examples where AI-Thinking are cognitively involved [25]. ...
Sustainable development is crucial to humanity. Utilization of primary socio-environmental data for analysis is essential for informing decision making by policy makers about sustainability in development. Artificial intelligence (AI)-based approaches are useful for analyzing data. However, it was not easy for people who are not trained in computer science to use AI. The significance and novelty of this paper is that it shows how the use of AI can be democratized via a user-friendly human-centric probabilistic reasoning approach. Using this approach, analysts who are not computer scientists can also use AI to analyze sustainability-related EPI data. Further, this human-centric probabilistic reasoning approach can also be used as cognitive scaffolding to educe AI-Thinking in the analysts to ask more questions and provide decision making support to inform policy making in sustainable development. This paper uses the 2018 Environmental Performance Index (EPI) data from 180 countries which includes performance indicators covering environmental health and ecosystem vitality. AI-based predictive modeling techniques are applied on 2018 EPI data to reveal the hidden tensions between the two fundamental dimensions of sustainable development: (1) environmental health; which improves with economic growth and increasing affluence; and (2) ecosystem vitality, which worsens due to industrialization and urbanization.
... The major theoretical paradigms that have shaped the field of AI-Thinking are logical reasoning, probabilistic reasoning, and deep data-driven learning [22]. AI-Thinking is involved in the usage of AI as a tool for analysis, in representations of complex knowledge, and in AI-development [23]. ...
In science, technology, engineering, arts, and mathematics (STEAM) education, artificial intelligence (AI) analytics are useful as educational scaffolds to educe (draw out) the students’ AI-Thinking skills in the form of AI-assisted human-centric reasoning for the development of knowledge and competencies. This paper demonstrates how STEAM learners, rather than computer scientists, can use AI to predictively simulate how concrete mixture inputs might affect the output of compressive strength under different conditions (e.g., lack of water and/or cement, or different concrete compressive strengths required for art creations). To help STEAM learners envision how AI can assist them in human-centric reasoning, two AI-based approaches will be illustrated: first, a Naïve Bayes approach for supervised machine-learning of the dataset, which assumes no direct relations between the mixture components; and second, a semi-supervised Bayesian approach to machine-learn the same dataset for possible relations between the mixture components. These AI-based approaches enable controlled experiments to be conducted in-silico, where selected parameters could be held constant, while others could be changed to simulate hypothetical “what-if” scenarios. In applying AI to think discursively, AI-Thinking can be educed from the STEAM learners, thereby improving their AI literacy, which in turn enables them to ask better questions to solve problems.
... One answer that seemed attractive was instead to use just a single rule of inference, the resolution rule, in one of its many variants [43]. The rule calls for all the premises and conclusion to be transformed into inclusive disjunctions, which is feasible in classical logic. ...
AI has never come to grips with how human beings reason in daily life. Many automated theorem-proving technologies exist, but they cannot serve as a foundation for automated reasoning systems. In this paper, we trace their limitations back to two historical developments in AI: the motivation to establish automated theorem-provers for systems of mathematical logic, and the formulation of nonmonotonic systems of reasoning. We then describe why human reasoning cannot be simulated by current machine reasoning or deep learning methodologies. People can generate inferences on their own instead of just evaluating them. They use strategies and fallible shortcuts when they reason. The discovery of an inconsistency does not result in an explosion of inferences—instead, it often prompts reasoners to abandon a premise. And the connectives they use in natural language have different meanings than those in classical logic. Only recently have cognitive scientists begun to implement automated reasoning systems that reflect these human patterns of reasoning. A key constraint of these recent implementations is that they compute, not proofs or truth values, but possibilities.
... Furthermore, although model checkers verify that the properties are valid within a big scope of research, I need to prove it in the absolute through a convincing argument. Hence, I will use automated proof assistants [Loveland 2016], namely Coq [Barras 1997], which implements algorithms and heuristics to build a proof describing the sequence of needed moves in order to solve a property. ...
In recent years, multi-cloud computing which aims to combine different offerings or migrate applications between different cloud providers, has become a major trend. Multi-clouds improve the performance and costs of cloud applications, and ensure their resiliency in case of outages. But with the advent of cloud computing, different cloud providers with heterogeneous cloud services (compute, storage, network, applications, etc.) and Application Programming Interfaces (APIs) have emerged. This heterogeneity complicates the implementation of an interoperable multi-cloud system. Several multi-cloud interoperability solutions have been developed to address this challenge. Among these solutions, Model-Driven Engineering (MDE) has proven to be quite advantageous and is the mostly adopted methodology to rise in abstraction and mask the heterogeneity of the cloud. However, most of the existing MDE solutions for the cloud remain focused on only designing the cloud without automating the deployment and management aspects, and do not cover all cloud services. Moreover, MDE solutions are not always representative of the cloud APIs and lack of formalization.To address these shortcomings, I present in this thesis an approach based on Open Cloud Computing Interface (OCCI) standard, MDE and formal methods. OCCI is the only community-based and open recommendation standard that describes every kind of cloud resources. MDE is used to design, validate, generate and supervise cloud resources. Formal methods are used to effectively reason on the structure and behaviour of the encoded cloud resources, by using a model checker verifying their properties. This research takes place in the context of the OCCIware project, which provides OCCIware Studio, the first model-driven tool chain for OCCI. It is coupled with OCCIware Runtime, the first generic runtime for OCCI artifacts targeting all the cloud service models (IaaS, PaaS, and SaaS). In this dissertation, I provide two major contributions implemented on top of the OCCIware approach. First, I propose an approach based on reverse-engineering to extract knowledge from the ambiguous textual documentation of cloud APIs and to enhance its representation using MDE techniques. This approach is applied to Google Cloud Platform (GCP), where I provide GCP Model, a precise model-driven specification for GCP. GCP Model is automatically inferred from GCP textual documentation, conforms to the OCCIware Metamodel and is implemented within OCCIware Studio. It allows one to perform qualitative and quantitative analysis of the GCP documentation. Second, I propose in particular the fclouds framework to achieve semantic interoperability in multi-clouds, i.e., to identify the common concepts between cloud APIs and to reason over them. The fclouds language is a formalization of OCCI concepts and operational semantics in Alloy formal specification language. To demonstrate the effectiveness of the fclouds language, I formally specify thirteen case studies and verify their properties. Then, thanks to formal transformation rules and equivalence properties, I draw a precise alignment between my case studies, which promotes semantic interoperability in multi-clouds.
With the ever-increasing hardware design complexity comes the realization that efforts required for hardware verification increase at an even faster rate. Driven by the push from the desired verification productivity boost and the pull from leap-ahead capabilities of machine learning (ML), recent years have witnessed the emergence of exploiting ML-based techniques to improve the efficiency of hardware verification. In this paper, we present a panoramic view of how ML-based techniques are embraced in hardware design verification, from formal verification to simulation-based verification, from academia to industry, and from current progress to future prospects. We envision that the adoption of ML-based techniques will pave the road for more scalable, more intelligent, and more productive hardware verification.
The increasing complexity and connectivity of automotive systems have raised concerns about their vulnerability to security breaches. As a result, the integration of formal methods and validation techniques has become crucial in ensuring the security of automotive systems. This survey research paper aims to provide a comprehensive overview of the current state-of-the-art formal methods and validation techniques employed in the automotive industry for system security. The paper begins by discussing the challenges associated with automotive system security and the potential consequences of security breaches. Then, it explores various formal methods, such as model checking, theorem proving, and abstract interpretation, which have been widely used to analyze and verify the security properties of automotive systems. Additionally, the survey highlights the validation techniques employed to ensure the effectiveness of security measures, including penetration testing, fault injection, and fuzz testing. Furthermore, the paper examines the integration of formal methods and validation techniques within the automotive development lifecycle, including requirements engineering, design, implementation, and testing phases. It discusses the benefits and limitations of these approaches, considering factors such as scalability, efficiency, and applicability to real-world automotive systems. Through an extensive review of relevant literature and case studies, this survey provides insights into the current research trends, challenges, and open research questions in the field of formal methods and validation techniques for automotive system security. The findings of this survey can serve as a valuable resource for researchers, practitioners, and policymakers involved in the design, development, and evaluation of secure automotive systems.
We present HyperMonitor a Python prototype of a novel runtime verification method specifically designed for predicting race conditions in multithread programs. Our procedure is based on the combination of Inductive Process Mining, Petri Net Tranformations, and verification algorithms. More specifically, given a trace log, the Hyper Predictive Runtime Verifier (HPRV) procedure first exploits Inductive Process Mining to build a Petri Net that captures all traces in the log, and then applies semantic-driven transformations to increase the number of concurrent threads without re-executing the program. In this paper, we present the key ideas of our approach, details on the HyperMonitor implementation and discuss some preliminary results obtained on classical examples of concurrent C programs with semaphors.
Runtime verification (RV) is an effective lightweight formal method for improving software’s reliability at runtime. There exist no RV tools specially designed for C++ programs. This paper introduces the first one, i.e., CCMOP, which implements an AOP-based RV approach and supports the RV of general properties for C/C++ program. CCMOP provides an AOP language specially designed for C++ program to define the events in RV. The instrumentation of RV monitor is done at AST-level, which improves the efficiency of compilation and the accuracy of RV. CCMOP is implemented based on JavaMOP and an industrial-strength compiler. The results of extensive experiments on 100 real-world C/C++ programs (5584.3K LOCs in total) indicate that CCMOP is robust and supports the RV of real-world C/C++ programs.
Noting that lemmas are a key feature of mathematics, we engage in an investigation of the role of lemmas in automated theorem proving. The paper describes experiments with a combined system involving learning technology that generates useful lemmas for automated theorem provers, demonstrating improvement for several representative systems and solving a hard problem not solved by any system for twenty years. By focusing on condensed detachment problems we simplify the setting considerably, allowing us to get at the essence of lemmas and their role in proof search.
Subsumption-Linear Q-Resolution (SLQR) is introduced for proving theorems from Quantified Boolean Formulas. It is an adaptation of SL-Resolution, which applies to propositional and first-order logic. In turn SL-Resolution is closely related to model elimination and tableau methods. A major difference from QDPLL (DPLL adapted for QBF) is that QDPLL guesses variable assignments, while SLQR guesses clauses.In prenex QBF (PCNF, all quantifier operations are outermost) a propositional formula D is called a nontrivial consequence of a QBF \(\varPsi \) if \(\varPsi \) is true (has at least one model) and D is true in every model of \(\varPsi \). Due to quantifiers, one cannot simply negate D and look for a refutation, as in propositional and first-order logic. Most previous work has addressed only the case that D is the empty clause, which can never be a nontrivial consequence.This paper shows that SLQR with the operations of resolution on both existential and universal variables as well as universal reduction is inferentially complete for closed PCNF that are free of asymmetric tautologies; i.e., if D is logically implied by \(\varPsi \), there is a SLQR derivation of D from \(\varPsi \). A weaker form called SLQR–ures omits resolution on universal variables. It is shown that SLQR–ures is not inferentially complete, but is refutationally complete for closed PCNF.
This paper is a perliminary view to what might be considered an AI generative deductive computing logic with applications to genrative AI. visual predictive analytics, haptic computing logic, augmented reality, virutal ontology, and virtual reality.
We show how variations of range-restriction and also the Horn property can be passed from inputs to outputs of Craig interpolation in first-order logic. The proof system is clausal tableaux, which stems from first-order ATP. Our results are induced by a restriction of the clausal tableau structure, which can be achieved in general by a proof transformation, also if the source proof is by resolution/paramodulation. Primarily addressed applications are query synthesis and reformulation with interpolation. Our methodical approach combines operations on proof structures with the immediate perspective of feasible implementation through incorporating highly optimized first-order provers.
In this paper, we solve Sokoban using Q-learning algorithm. Q-learning selects random actions according to the current state of the environment to proceed with exploration or select actions that can obtain maximum rewards through the use of learning. We analyzed and compared the learning success rate by changing the values of learning rate, discount factor and decay rate to all combinations which are three hyper-parameters that affect on learning in the process of creating an optimal Q-table. By using these results, the hyper-parameter values were fixed, learning rate to 0.3, discount factor to 0.9 and the decay rate to 0.9. And changed one of them by 0.01 from 0 to 1. Then, we evaluated the Q-table to determine success and failure in solving Sokoban using these values. As a result, hyper-parameter values that can provide the best solution was derived. When the value of the decay rate was around 0.2, the learning success rate was the largest, and when decay rate was 0.96, the learning result was close to the optimal solution for Sokoban.
In this study, we stress the importance of treating undesigned data to discover knowledge. The category of undesigned data is clarified by revisiting knowledge discovery in databases (KDD), process models, and hypotheses in each of the models. We propose the treatment of undesigned data by referring to mathematical logic. We also show that the process model of KDD can be refined by referring to the process models of fields other than KDD.KeywordsAgile modelKDD processHill-climbing modelHypothesis generationHypothesis validationInterpretation of dataPPDAC cycleProcess modelUndesgined dataSoftware engineering
This chapter provides an overview of the different Artificial Intelligence (AI) systems that are being used in contemporary digital tools for Mathematics Education (ME). It is aimed at researchers in AI and Machine Learning (ML), for whom we shed some light on the specific technologies that are being used in educational applications; and at researchers in ME, for whom we clarify: (i) what the possibilities of the current AI technologies are, (ii) what is still out of reach and (iii) what is to be expected in the near future. We start our analysis by establishing a high-level taxonomy of AI tools that are found as components in digital ME applications. Then, we describe in detail how these AI tools, and in particular ML, are being used in two key applications, specifically AI-based calculators and intelligent tutoring systems. We finish the chapter with a discussion about student modeling systems and their relationship to artificial general intelligence.
Physics laws and principles taught to students reflect how these constructs were derived and formulated by physicists. This chapter provides an overview of major physics constructs studied in the advanced high school and undergraduate physics courses that are laws, principles, theories, and theorems. While these terms are used during physics instructions, their explicit descriptions and meanings are often overshadowed by their scientific contexts. Their relations to corresponding mathematical embodiments also often remain silent. This chapter aims to bring these correspondences forth and attempt to merge their interpretations with mathematical reasoning. The discussion does not aspire to provide a comprehensive summary; instead, it is situated in perspective to exuberate the relation between physics and mathematics as filtered through algebraic structures that students concurrently study in their mathematics courses. While laws and principles are often articulated as context-related formulas, an attempt will also be made to shed more light on their covariational entanglements.
When applying formal verification to a system that interacts with the real world, we must use a model of the environment. This model represents an abstraction of the actual environment, so it is necessarily incomplete and hence presents an issue for system verification. If the actual environment matches the model, then the verification is correct; however, if the environment falls outside the abstraction captured by the model, then we cannot guarantee that the system is well behaved. A solution to this problem consists in exploiting the model of the environment used for statically verifying the system’s behaviour and, if the verification succeeds, using it also for validating the model against the real environment via runtime verification. The article discusses this approach and demonstrates its feasibility by presenting its implementation on top of a framework integrating the Agent Java PathFinder model checker. A high-level Domain Specific Language is used to model the environment in a user-friendly way; the latter is then compiled to trace expressions for both static formal verification and runtime verification. To evaluate our approach, we apply it to two different case studies: an autonomous cruise control system and a simulation of the Mars Curiosity rover.
Intelligent Mobile Business W-Interfaces, and Business Intelligence with Multitier Design
* Cyrus F Nourani
Acdmkrd@gmail.com
ARDAFW, GmbH
and AI Labs, Berlin, Germany:
cyrusfn@alum.mit.edu
Abstrract Intelligent business interfaces are designed with intelligent multi-tiers a interfaces applying agents and intelligent business objects with applications to intelligent WWW. Basic intelligent content management with multi-tier designs for interfaces are peresented. The field of automated learning and discovery has obvious financial and organizational memory applications. There are basic applications to data discovery techniques with agent multiplayer game tree planning. The computing techniques, the Morph Gentzen deductive system and its models are applied towards an active multimedia d intelligence multimedia databases. The computing model is based on a novel competitive learning with atabase warehousing, model discovery, and customizing interface design. Intelligent visual computing paradigms are applied to define the multimedia computing paradigm and active databases. The Intelligent Multimedia paradigms can be applied to databases and query processing applications to stock trading. A view-model-controller design prototype for mobile business paltforms with content processing specifics is presented.
Keywords Multiagent AI Computing, Active Databases, Intelligent Multimedia Database. Multitier Designs , Mobile Platforms, Content Processing
Linguistics knowledge representation and its relation to context abstraction are presented in brief. Nourani (e.g. Nourani 1999a) has put forth new visual computing techniques for intelligent multimedia context abstraction with linguistics components. In the present paper we also instantiate proof tree leaves with free Skolemized trees. Thus virtual trees, at times like intelligent trees, are substituted for the leaves. By a virtual tree we mean a term made up of constant symbols and named but not always prespecified Skolem function terms. In virtual planning with generic diagrams that part of the plan that involves free Skolemized trees is carried along with the proof tree for a plan goal. We can apply predictive model diagram KR (Nourani 2000) to compute queries and discover data knowledge from observed data and visual object images keyed with diagram functions. Model-based computing (Nourani 1998c) can be applied to automated data and knowledge engineering with keyed diagrams. Specific computations can be carried out with predictive diagrams (Nourani 1995a). For cognition, planning, and learning the robot's mind, a diagram grid can define the state. The starting space applicable project was meant for an autonomous robot's space journeys. The designs in the author's papers are ways for a robot to update its mental state based on what it encountered on its path. That which the robot believes can be defined on a diagram grid. The degree to which a robot believes something is on the grid. It can get strengthened or weakened as a function of what the robot learns as progress is brought on. Robot's Mind State: The array grid entries are pointing to things to remember and the degree the robot believes them. The grid model is a way to encode the world with the model diagram functions.
For the past two decades, the communication channel between the NIC and CPU has largely remained the same---issuing memory requests across a slow PCIe peripheral interconnect. Today, with application service times and network fabric delays measuring hundreds of nanoseconds, the NIC--CPU interface can account for most of the overhead when programming modern warehouse-scale computers.
In this paper, we tackle this issue head-on by proposing a design for a fast path between the NIC and CPU, called Lightning NIC (L-NIC), which deviates from the established norms of offloading computation onto the NIC (inflating latency), or using centralized dispatcher cores for packet scheduling (limiting throughput). L-NIC adds support for a fast path from the network to the core of the CPU by writing and reading packets directly to/from the CPU register file. This approach minimizes network IO latency, providing significant performance improvements over traditional NIC--CPU interfaces.
Critical systems require high reliability and are present in many applications. Standard techniques of software engineering are not enough to ensure the absence of unacceptable failures and/or that critical requirements are fulfilled. Verifying and certifying systems for Smart Cities is one of the challenges that still require some effort. Smart Cities models may be seen as Cyber-Physical Systems and they may be formalized as Finite State Machines. We discuss how to reason over these models as Finite State Machines formalized in a logical background from which it is possible to provide certified software for the Smart Cities domain.
ResearchGate has not been able to resolve any references for this publication.