As an alternative to planning, an approach to high-level agent control based on concurrent program execution is considered. The language includes facilities for prioritizing the concurrent execution, interrupting the execution when certain conditions become true, and dealing with exogenous actions. The language di ers from other procedural formalisms for concurrency in that the initial state can be incompletely speci ed and the primitive actions can be user-de ned by axioms in the situation calculus. In a companion paper, a formal de nition in the situation calculus of such a programming language is presented and illustrated with detailed examples. In this paper, the mathematical properties of the programming language are explored. 1

We propose a general, powerful framework of type systems for the #-calculus, and show that we can obtain as its instances a variety of type systems guaranteeing non-trivial properties like deadlock-freedom and race-freedom. A key idea is to express types and type environments as abstract processes: We can check various properties of a process by checking the corresponding properties of its type environment. The framework clarifies the essence of recent complex type systems, and it also enables sharing of a large amount of work such as a proof of type preservation, making it easy to develop new type systems.

As an alternative to planning, an approach to highlevel agent control based on concurrent program execution is considered. A formal definition in the situation calculus of such a programming language is presented and illustrated with a detailed example. The language includes facilities for prioritizing the concurrent execution, interrupting the execution when certain conditions become true, and dealing with exogenous actions. The language differs from other procedural formalisms for concurrency in that the initial state can be incompletely specified and the primitive actions can be user-defined by axioms in the situation calculus.

We introduce a temporal logic for the polyadic ß-calculus based on fixed point extensions of Hennessy-Milner logic. Features are added to account for parametrisation, generation, and passing of names, including the use, following Milner, of dependent sum and product to account for (unlocalised) input and output, and explicit parametrisation on names using lambda-abstraction and application. The latter provides a single name binding mechanism supporting all parametrisation needed. A proof system and decision procedure is developed based on Stirling and Walker's approach to model checking the modal ¯-calculus using constants. One difficulty, for both conceptual and efficiency-based reasons, is to avoid the explicit use of the !-rule for parametrised processes. A key idea, following Hennessy and Lin's approach to deciding bisimulation for certain types of value-passing processes, is the relativisation of correctness assertions to conditions on names. Based on this idea a proof system and ...

. This paper presents a prefixed tableaux calculus for Propositional Dynamic Logic with Converse based on a combination of different techniques such as prefixed tableaux for modal logics and model checkers for ¯-calculus. We prove the correctness and completeness of the calculus and illustrate its features. We also discuss the transformation of the tableaux method (naively NEXPTIME) into an EXPTIME algorithm. 1 Introduction Propositional Dynamic Logics (PDLs) are modal logics introduced in [10] to model the evolution of the computation process by describing the properties of states reached by programs during their execution [15, 24, 27]. Over the years, PDLs have been proved to be a valuable formal tool in Computer Science, Logic, Computational Linguistics, and Artificial Intelligence far beyond their original use for program verification (e.g. [4, 12, 14, 15, 24, 23]). In this paper we focus on Converse-PDL (CPDL) [10], obtained from the basic logic PDL by adding the converse operat...

We study a security property for processes in dynamic contexts, i.e., contexts that can be reconfigured at runtime. The security property that we propose in this paper, named Persistent BNDC, is such that a process is "secure" when every state reachable from it satisfies a basic Non-Interference property. We define a suitable bisimulation based equivalence relation among processes, that allows us to express the new property as a single equivalence check, thus avoiding the universal quantifications over all the reachable states (required by Persistent BNDC) and over all the possible hostile environments (implicit in the basic Non-Interference property we adopt). We show that the novel security property is compositional and we discuss how it can be efficiently checked.

Coalgebras are of growing importance in theoretical computer science. To develop languages for them is significant for the specification and verification of systems modelled with them. Modal logic has proved to be suitable for this purpose. So far, most approaches have presented a language to describe only deterministic coalgebras. The present paper introduces a generalization that also covers non-deterministic systems. As a special case, we obtain the "usual" modal logic for Kripke-structures. Models for our modal language L F are F-coalgebras where the functor F is inductively constructed from constant sets and the identity functor using product, coproduct, exponentiation, and the power set functor. We define a language L F and show that it embeds into L F . We prove that, for image-finite coalgebras, L F is expressive enough to distinguish elements up to bisimilarity and therefore L F does so, too. Moreover, we also give a complete calculus for L F in case the constants...

We consider a class of infinite two-player games on finitely coloured graphs. Our main question is: given a winning condition, what is the inherent blow-up (additional memory) of the size of the I/O automata realizing winning strategies in games with this condition. This problem is relevant to synthesis of reactive programs and to the theory of automata on infinite objects. We provide matching upper and lower bounds for the size of memory needed by winning strategies in games with a fixed winning condition. We also show that in the general case the LAR (latest appearance record) data structure of Gurevich and Harrington is optimal. Then we propose a more succinct way of representing winning strategies by means of parallel compositions of transition systems. We study the question: which classes of winning conditions admit only polynomial-size blowup of strategies in this representation. 1 Introduction We consider games played on (not necessarily finite) graphs coloured with a finite nu...

The problem of modeling semi-structured data is important in many application areas such as multimedia data management, biological databases, digital libraries, and data integration. Graph schemas (Buneman et al. 1997) have been proposed recently as a simple and elegant formalism for representing semistructured data. In this model, schemas are represented as graphs whose edges are labeled with unary formulae of a theory, and the notions of conformance of a database to a schema and of subsumption between two schemas are defined in terms of a simulation relation. Several authors have stressed the need of extending graph schemas with various types of constraints, such as edge existence and constraints on the number of outgoing edges. In this paper we analyze the appropriateness of various knowledge representation formalisms for representing and reasoning about graph schemas extended with constraints. We argue that neither First Order Logic, nor Logic Programming nor Frame-based languages are satisfactory for this purpose, and present a solution based on very expressive Description Logics. We provide techniques and complexity analysis for the problem of deciding schema subsumption and conformance in various interesting cases, that differ by the expressive power in the specification of constraints.

. We describe how model-checking games can be the foundation for efficient local model-checking of the modal mu-calculus on transition systems. Game-based algorithms generate winning strategies for a certain game, which can then be used interactively to help the user understand why the property is or is not true of the model. This kind of feedback has advantages over traditional techniques such as error traces. We give a proof technique for verifying such algorithms, and apply it to one which we have implemented in the Edinburgh Concurrency Workbench. We discuss its usability and performance. 1 Introduction The modal mu-calculus (see e.g. [9]) is an expressive logic which can be used to describe properties of systems modelled as labelled transition systems (LTSs). The problem of model-checking the mu-calculus on transition systems is that of deciding whether an LTS satisfies a formula. Many model-checking algorithms have been developed and implemented in tools. One such tool ...