The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security

The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security Carlos Olarte and Frank D. Valencia INRIA /CNRS and LIX, Ecole Polytechnique

Motivation Concurrent Constraint Prog. (CCP): Agents telling and asking information represented as constraints in a global store.

Motivation Concurrent Constraint Prog. (CCP): Agents telling and asking information represented as constraints in a global store. Temporal CCP (tcc): CCP + discrete time intervals for modeling reactive systems. Expressiveness: Processes can be represented as finite-state Büchi automata [Valencia 05] Semantics: Processes can be compositionally represented as closure operators over sequences of constraints [Saraswat et al 91]

Our Contributions Expressiveness and Semantic characterization of utcc:

Our Contributions Expressiveness and Semantic characterization of utcc: 1. Proving utcc Turing powerful (Encoding Minsky Machines)

Our Contributions Expressiveness and Semantic characterization of utcc: 1. Proving utcc Turing powerful (Encoding Minsky Machines) 2. Given a semantic characterization of utcc processes based on closure operators over temporal formulae. Applications of the above study: Using (1) to prove that the monadic fragment of first-order linear-time temporal logic (FLTL) is strongly incomplete.

Agenda 1. Universal Timed CCP. Description and Operational Semantics 2. Expressiveness of utcc 2.1. Encoding Minsky Machines into utcc 2.2. Incompleteness of Monadic FLTL 3. Infinite Behavior and denotational semantics of utcc 3.1. Symbolic Semantics 3.2. Closure Operator Semantics for utcc 3.3. Application: Semantics to Security Languages 4. Concluding Remarks

The utcc Calculus The CCP Model: Store of partial information. Agents monotonically add (tell) constraints. They synchronize via blocking asks querying the store

The utcc Calculus The CCP Model: Store of partial information. Agents monotonically add (tell) constraints. They synchronize via blocking asks querying the store The TCC Model: Reactive Systems c1 d1 c2 d2 c3 d3 P P P Universal tcc: utcc replaces the tcc ask operator when c do P (executing P if c can be entailed from the store) by a temporary parametric ask (abs x; c) P executing P [ t/ x] for each t s.t. c[ t/ x] can be deduced from the current store. Syntax: Processes P, Q,... in utcc are built from constraints in the underlying constraint system by the following syntax: P, Q := skip tell(c) (abs x; c) P P Q (local x; c) P next P unless c next P! P

Operational Semantics and FLTL Correspondence Internal Reductions R T tell(c),d skip,d c R P P, c P,d P Q, c P Q, d R A d c[ t/ x] t = x (abs x; c) P, d P [ t/ x] (abs x; c x t ) P, d Observable Transition R O P, c Q, d P (c,d) ==== F (Q) (true,c 1 ) (true,c 2 ) (true,c i ) Notation: Let P = P 1 ==== P 2 ====...P i ====... If c i c then we write P c Declarative view of utcc Processes based on FLTL formulae Definition: Let [[ ]] be a map from utcc processes to FLTL formulae: [[skip]] = true [[tell(c)]] = c [[(abs y; c) P ]] = y(c [[P ]]) [[P Q]] = [[P ]] [[Q]] [[(local x; c) P ]] = x(c [[P ]]) [[next P ]] = [[P ]] [[unless c next P ]] = c [[P ]] [[! P ]] = [[P ]] Theorem: Logic Correspondence [[P ]] T c iff P c

Turing Expressiveness of utcc A Minsky Machines is a imperative program consisting of a sequence of labeled instruction modifying the values of two non-negative counters. It { } computes the value ni if it halts with c 0 = n heorem m L i : halt L i : c n := c n + 1; goto L j L i : if c n =0 then goto L j else c n := c n 1; goto L k Using the monadic fragment of FOL without function symbols nor equality as cs., it is possible to encode Minsky Machines into utcc s.t: Theorem. Correctness. A M. machine M(0, 0) computes the value n iff ([[M(0, 0)]] Dec n ) yes

Incompleteness of Monadic FLTL Proving decidability of monadic FOL requires to obtain prenex forms to reduce to decidability of propositional logic. In FLTL, it is not possible: Let F =(x = 42 x 42). If x is a flexible variable, xf is satisfiable whereas x F is not. I.e., moving quantifier to the outermost position does not preserve satisfiability.

Incompleteness of Monadic FLTL Proving decidability of monadic FOL requires to obtain prenex forms to reduce to decidability of propositional logic. In FLTL, it is not possible: Using the encoding of Minsky Machines into utcc processes and the correspondence between utcc and FLTL, it is possible to prove: Let F =(x = 42 x 42). If x is a flexible variable, xf is satisfiable whereas x F is not. I.e., moving quantifier to the outermost position does not preserve satisfiability. Proposition. Given a Minsky machine M(0, 0), it is possible to construct a monadic FLTL formula without equality and function symbols F M s.t F M is valid iff M(0, 0) loops (i.e., it never halts). Corollary: Incompleteness. Monadic FLTL without equality and function

Incompleteness of Monadic FLTL Proving decidability of monadic FOL requires to obtain prenex forms to reduce to decidability of propositional logic. In FLTL, it is not possible: Using the encoding of Minsky Machines into utcc processes and the correspondence between utcc and FLTL, it is possible to prove: Let F =(x = 42 x 42). If x is a flexible variable, xf is satisfiable whereas x F is not. I.e., moving quantifier to the outermost position does not preserve satisfiability. Proposition. Given a Minsky machine M(0, 0), it is possible to construct a monadic FLTL formula without equality and function symbols F M s.t F M is valid iff M(0, 0) loops (i.e., it never halts). Corollary: Incompleteness. Monadic FLTL without equality and function Corollary: Incompleteness. Monadic FLTL without equality and function symbols is strongly incomplete.

Infinite Behavior and Symbolic Semantics Due to the underlying c.s. and/or loops in abstractions, some utcc procs. are not well-terminated: they can exhibit infinitely many internal reductions.

Infinite Behavior and Symbolic Semantics Due to the underlying c.s. and/or loops in abstractions, some utcc procs. are not well-terminated: they can exhibit infinitely many internal reductions. Example. Let P = tell(y=42) (abs x; x y) next tell(out(x)). Here the SOS never produces an observable transition (infinitely many valid subs. for x y) The Symbolic Semantics [Olarte & Valencia 08] of utcc aims at representing finitely the infinite behavior of the SOS using temporal formulae: Example. Let P as above. The Symbolic semantics outputs the following: (y = 42) x ( (x y) out(x)) (e 1,e Definition. Symbolic IO behavior. If P = P 1 ) (e 2,e 1 ==== s P 2 ) 2 ==== s..., we write P (w,w ) ==== s where w = e 1.e 2... and w = e 1.e 2... io s (P )={(w, w ) P (w,w ) ==== s } Proposition 1 (Closure Properties) The io-behavior of a proc. is a (par-

Strongest Postcondition { } Proposition. Closure Properties. The io-behavior of a proc. P is a (partial) closure operator. It satisfies: Extensiveness and Idempotence. If P is monotonic, then io s (P ) also satisfies Monotonicity. A closure operators is that they are uniquely determined by its set of fixed Closure Operators are uniquely determined by their set of fixed points: monotonic, then io s (P ) also satisfies Monotonicity. Definition. Strongest Postcondition. sp s (P )={w (w, w) io s (P )}

Denotational Model The strongest postcondition can be compositionally characterized: D T [[tell(c)]] = {e.w e T c} D P [[P Q]] = [[P ]] [[Q]] D L [[(local x; c) P ]] = {w there exists an x-variant w of w s.t w (1) T c and w [[P ]]} D A [[(abs x; c) P ]] = {w for every x-variant w of w if w (1) T c and w ( x = t) ω. for some t s.t. x = t and x = t then w [[P ]]} Theorem. Full abstraction. Let P and Q be a monotonic processes. Then P io s Q iff [[P ]] = [[Q]]. Thus the denotational semantics allows us to retrieve compositionally the IO-behavior of a monotonic process!.

Application: Semantics to Security We map a simple language for security into monotonic utcc procs. Syntax of SCCP Values v, v ::= n x Keys k ::= pub(v) priv(v) Messages M, N ::= v k X (M, N) {M} k Patterns Π, Π ::= v k X (Π, Π ) Processes R ::= nil skip new(x)r (local x) I(R) out(m).r! tell(out(m)) next I(R) in [M >Π].R (abs x; c) next I (R)!R! I (R) R R i I I (R i ) Definition 1 Let I be a function from SCCP to monotonic processes Proposition. Let R be a SCCP process modeling a security protocol. f = [[R]] SCCP [[! when out(attack) do! tell(false)]] Therefore, I (R) attack iff the least-fixed point of f takes the form w. false ω

Concluding Remarks We study the expressiveness and semantic characterization of utcc processes concluding that:

Concluding Remarks We study the expressiveness and semantic characterization of utcc processes concluding that: Well-terminated processes and a monadic constraint system are enough to encode Turing powerful formalisms. utcc processes can be represented as (partial) closure operators over sequences of temporal formulae. We applied the previous results to other fields in comp. science: We proved strongly incomplete the monadic fragment of FLTL without equality and function symbols

Thank You!

FLTL Syntax and Semantics Definition 7 Given a constraint system with a first-order language L, the LTL formulae we use are given by the syntax: F, G,... := c F G F xf F F F. L Definition 8 We say that σ satisfies F in an L-structure M(L), written σ = M(L) F, iff σ, 0 = M(L) F where: σ,i = M(L) true σ,i = M(L) false σ,i = M(L) c iff σ(i) = M(L) c σ,i = M(L) F iff σ,i = M(L) F σ,i = M(L) F G iff σ,i = M(L) F and σ,i = M(L) G σ,i = M(L) F iff i>0 and σ,i 1 = M(L) F σ,i = M(L) F iff σ,i+1 = M(L) F σ,i = M(L) F iff for all j i, σ,j = M(L) F σ,i = M(L) xf iff for some x-variant σ of σ, σ,i = M(L) F We say that F is valid in M(L) iff for all σ, σ = M(L) F. F is said to be valid if F is valid for every model M(L).

Operational Semantics R T tell(c),d skip,d c R P R L R U P, c P,d P Q, c P Q, d P, c ( xd) P,c ( xd) (local x; c) P, d (local x; c ) P,d xc d c unless c next P, d skip, d R R! P, d P next! P, d R A d c[ t/ x] t = x (abs x; c) P, d P [ t/ x] (abs x; c x t ) P, d R S γ 1 γ 2 γ 1 γ 2 if γ 1 γ 1 and γ 2 γ 2 P, c Q, d R O P ==== (c,d) F (Q) F (P )= Table 1.1: Internal and observable reductions. In R A, x t denotes 1 i x x i t i. If x = 0, x t is defined as false. skip if P = skip skip if P =(abs x; c) Q F (P 1 ) F (P 2 ) if P = P 1 P 2 (local x) F (Q) if P =(local x; c) Q Q if P = next Q Q if P = unless c next Q 1 Processes in are built from constrain

Symbolic Semantics R As P, xe s Q, e xe (abs x; e ) P, e s (abs x; e ) Q, e x(e e ) R Os P, e s Q, e s P (e,e ) ==== s F s (Q, e ) Table 3.1: Symbolic Rules for Internal and Observable Transitions. skip if P = skip (abs x; e) F (Q) if P =(abs x; e) Q F F (P )= (P 1 ) F (P 2 ) if P = P 1 P 2 (local x; e) F (Q) if P =(local x; e) Q Q if P = next Q Q if P = unless c next Q Theorem 4 (Semantic Correspondence [23]) Let P be an abstracted-unless free process. Suppose that P (c 1,d 1 ) (c 2,d 2 ) (c i,d i ) ==== P 1 ====... ==== P i and P (c 1,e 1 ) ==== s (c 2,e 2 ) (c i,e i ) P 1 ==== s... ==== P i. Then for every c C and j {1,..., i}, d j c iff e j T c.

Denotational Semantics D S [[skip]] = PM D T [[tell(c)]] = {e.w PM e T c} D P [[P Q]] = [[P ]] [[Q]] D N [[next P ]] = {e.w PM w [[P ]]} D U [[unless c next P ]] = {e.w PM e T c and w [[P ]]} {e.w PM e T c} D R [[! P ]] = {w PM for all v, v s.t. w = v.v, v [[P ]]} D L [[(local x; c) P ]] = {w PM there exists an x-variant w of w s.t w (1) T c and w [[P ]]} D A [[(abs x; c) P ]] = {w PM for every x-variant w of w if w (1) T c and w ( x = t) ω. for some t s.t. x = t and x = t then w [[P ]]} Figure 3.1: Denotational Semantics for utcc. The function [[ ]] is of type Proc P(PM ). In D A, x = t denotes the constraint 1 i x x. i = t i and t = x stands for point-wise syntactic difference, i.e. 1 i x t. i = x i (see Sect. 1.1). If x =0. then x = t and x = t are defined as true.

Encoding of Minsky Machines { } 1! when isz n do 2 unless inc n next tell(isz n ) 3 when inc n do next (local a)(tell(out 1 n(a)) 3! when out 2 n(a) do tell(isz n )) 4!(abs z; out 1 n(z)) 5 whenever dec n inc n do 6 when dec n do next tell(out 2 n(z)) 7 when inc n do next (local b)(tell(out 1 n(b)) 7! when out 2 n(b) do tell(out 1 n(z)))