We investigate the complexity and expressive power of a spatial logic for reasoning about graphs. This logic was previously introduced by Cardelli, Gardner, and Ghelli, and provides the simplest setting in which to explore such results for spatial logics. We study several forms of the logic: the logic with and without recursion, and with either an exponential or a linear version of the basic composition operator. We study the combined complexity and the expressive power of the four combinations. We prove that, without recursion, the linear and exponential versions of the logic correspond to significant fragments of first-order (FO) and monadic second-order (MSO) logics; the two versions are actually equivalent to FO and MSO on graphs representing strings. However, when the two versions are enriched with-style recursion, their expressive power is sharply increased. Both are able to express PSPACE-complete problems, although their combined complexity and data complexity still belong to PSPACE.

In this paper we investigate the quantifier-free fragment of the TQL logic proposed by Cardelli and Ghelli. The TQL logic, inspired from the ambient logic, is the core of a query language for semistructured data represented as unranked and unordered trees. The fragment we consider here, named STL, contains as main features spatial composition and location as well as a fixed point construct. We prove that satisfiability for STL is undecidable. We show also that STL is strictly more expressive than the Presburger monadic second-order logic (PMSO) of Seidl, Schwentick and Muscholl when interpreted over unranked and unordered edge-labelled trees. We define a class of tree automata whose transitions are conditioned by arithmetical constraints; we show then how to compute from a closed STL formula a tree automaton accepting precisely the models of the formula. Finally, still using our tree automata framework, we exhibit some syntactic restrictions over STL formulae that allow us to capture precisely the logics MSO and PMSO. 1

Bigraphs are emerging as an interesting model that can represent both the picalculus and the ambient calculus. Bigraphs are built orthogonally on two structures: a hierarchical `place' graph for locations and a `link' (hyper-)graph for connections.

We study relations on trees defined by first-order constraints over a vocabulary that includes the tree extension relation T ≺ T ′ , holding if and only if every branch of T extends to a branch of T ′, unary node-tests, and a binary relation checking if the domains of two trees are equal. We consider both ranked and unranked trees. These are trees with and without a restriction on the number of children of nodes. We adopt the model-theoretic approach to tree relations and study relations definable over the structure consisting of the set of all trees and the above predicates. We relate definability of sets and relations of trees to computability by tree automata. We show that some natural restrictions correspond to familiar logics in the more classical setting, where every tree is a structure over a fixed vocabulary, and to logics studied in the context of XML pattern languages. We then look at relational calculi over collections of trees, and obtain quantifier-restriction results that give us bounds on the expressive power and complexity. As unrestricted relational calculi can express problems complete for each level of the polynomial hierarchy, we look at their restrictions, corresponding to the restricted logics over the family of all unranked trees, and find several calculi with low (NC 1) data complexity, while still expressing properties important for database and

Abstract. We investigate in this paper the spatial logic TQL for querying semistructured data, represented as unranked ordered trees over an infinite alphabet. This logic consists of usual Boolean connectives, spatial connectives (derived from the constructors of a tree algebra), tree variables and a fixpoint operator for recursion. Motivated by XML-oriented tasks, we investigate the guarded TQL fragment. We prove that for closed formulas this fragment is MSO-complete. In presence of tree variables, this fragment is strictly more expressive than MSO as it allows for tree (dis)equality tests, i.e. testing whether two subtrees are isomorphic or not. We devise a new class of tree automata, called TAGED, which extends tree automata with global equality and disequality constraints. We show that the satisfiability problem for guarded TQL formulas reduces to emptiness of TAGED. Then, we focus on bounded TQL formulas: intuitively, a formula is bounded if for any tree, the number of its positions where a subtree is captured by a variable is bounded. We prove this fragment to correspond with a subclass of TAGED, called bounded TAGED, for which we prove emptiness to be decidable. This implies the decidability of the bounded guarded TQL fragment. Finally, we compare bounded TAGED to a fragment of MSO extended with subtree isomorphism tests. 1

Abstract. Spatial logics are used to reason locally about disjoint data structures. They consist of standard first-order logic constructs, spatial (structural) connectives and their corresponding adjuncts. Lozes has shown that the adjuncts add no expressive power to a spatial logic for analysing tree structures, a surprising and important result. He also showed that a related logic does not have this adjunct elimination property. His proofs yield little information on the generality of adjunct elimination. We present a new proof of these results based on modelcomparison games, and strengthen Lozes ’ results. Our proof is directed by the intuition that adjuncts can be eliminated when the corresponding moves are not useful in winning the game. The proof is modular with respect to the operators of the logic, providing a general technique for determining which combinations of operators admit adjunct elimination. 1

We describe a coordination–oriented way of integrating semantic-based verification toolkits, being motivated by a three–pronged observation: • There is a potential for integration since verification toolkits are typically based on well–understood mathematical notions. • There is a need for and a profit to be gained from integrating such tools since they are often of rather special and, at the same time, complementary functionality. • There is a problem with such integration since the formal verification community prefers decentralisation and, at the same time, the available resources for working on portability are often limited anyway. Our approach is distributed, thereby moving the issue to the realm of coordination. To this end, we argue that toolkit integration, while not new, can be given a new life by applying the emerging paradigm of web services. We argue that web services can not only serve as a technological platform for our purposes but, indeed, also as a coordination framework, addressing all the basic issues present in the situation we are dealing with. We give an account of a prototype implementation of these concepts. 1

Abstract. Netconf is a protocol proposed by the IETF that defines a set of operations for network configuration. One of the main issues of Netconf is to define operations such as validate and commit, which currently lack a clear description and an information model. We propose in this paper a model for validation based on XML schema trees. By using an existing logical formalism called TQL, we express important dependencies between parameters that appear in those information models, and automatically check these dependencies on sample XML trees in reasonable time. We illustrate our claim by showing different rules and an example of validation on a Virtual Private Network. 1

Abstract. Negation is intrinsic to human thinking and most of the time when searching for something, we base our patterns on both positive and negative conditions. In a previous work, we have extended the notion of term to the one of anti-term that may contain complement symbols. Matching such anti-terms against terms has the nice property of being unitary. Here we generalize the syntactic anti-pattern matching to anti-pattern matching modulo an arbitrary equational theory E, and we study the specific and practically very useful case of associativity, possibly with a unity (AU). To this end, based on the syntacticness of associativity, we present a rule-based associative matching algorithm, and we extend it to AU. This algorithm is then used to solve AU anti-pattern matching problems. This allows us to be generic enough so that for instance, the AllDiff standard predicate of constraint programming becomes simply expressible in this framework. AU anti-patterns are implemented in the Tom language and we show some examples of their usage. 1

Separation Logic (SL) is often presented as an assertion language for reasoning about mutable data structures. As recent results about verification in SL have mainly been achieved from a model-checking point of view, our aim in this paper is to study Separation Logic from a complementary proof-theoretic perspective in order to provide results about proof-search in SL. We begin our study with a fragment of SL, denoted SLP, where first order quantifiers, variables and equality are removed. We first define specific structures, called resource graphs, that capture SLP models by considering heaps as resources via a labelling process. We then provide a tableau calculus that allows us to build such resource graphs from which either proofs, or countermodels can be generated. We finally prove soundess, completeness and termination of our tableau calculus before discussing extensions to various fragments of SL (including full SL) and the related decidability issues.