First-generation blockchains provide probabilistic finality: a block can be revoked, albeit the p... more First-generation blockchains provide probabilistic finality: a block can be revoked, albeit the probability decreases as the block sinks deeper into the chain. Recent proposals revisited committee-based BFT consensus to provide deterministic finality: as soon as a block is validated, it is never revoked. A distinguishing characteristic of these second-generation blockchains over classical BFT protocols is that committees change over time as the participation and the blockchain state evolve. In this paper, we push forward in this direction by proposing a formalization of the Dynamic Repeated Consensus problem and by providing generic procedures to solve it in the context of blockchains. Our approach is modular in that one can plug in different synchronizers and single-shot consensus instances. To offer a complete solution, we provide a concrete instantiation, called Tenderbake, and present a blockchain synchronizer and a single-shot consensus algorithm, working in a Byzantine and par...
Specification and Verification of Multi-agent Systems, 2010
This chapter introduces an encompassing theory of refinement which supports a top-down methodolog... more This chapter introduces an encompassing theory of refinement which supports a top-down methodology for designing multi-agent systems. We present a general modelling framework where we identify different abstraction levels of BDI agents. On the one hand, at a higher level of abstraction we introduce the language BUnity as a way to specify “what” an agent can do. On the other hand, at a more concrete layer we introduce the language BUpL as implementing not only what an agent can do but also “when” the agent can do. At this stage of individual agent design, refinement is understood as trace inclusion. Having the traces of an implementation included in the traces of a given specification means that the implementation is correct with respect to the specification.
International Joint Conference on Autonomous Agents & Multiagent Systems, 2009
ABSTRACT Timed coordination is an important issue in the developement of multi-agent systems. How... more ABSTRACT Timed coordination is an important issue in the developement of multi-agent systems. However, introducing a formalism for modelling time and achieving coordination while respecting the autonomy of the agents is still a challenge. This paper describes a ...
We propose a method for compositional verification to address the state space explosion problem i... more We propose a method for compositional verification to address the state space explosion problem inherent to model-checking timed systems with a large number of components. The main challenge is to obtain pertinent global timing constraints from the timings in the components alone. To this end, we make use of auxiliary clocks to automatically generate new invariants which capture the constraints induced by the synchronisations between components. The method has been implemented in the RTD-Finder tool and successfully experimented on several benchmarks.
Individual machines in flexible production lines explicitly expose capabilities at their interfac... more Individual machines in flexible production lines explicitly expose capabilities at their interfaces by means of parametric skills. Given such a set of configurable machines, a line integrator is faced with the problem of finding and tuning parameters for each machine such that the overall production line implements given safety and temporal requirements in an optimized and robust fashion. We formalize this problem of configuring and orchestrating flexible production lines as a parameter synthesis problem for systems of parametric timed automata, where interactions are based on skills. Parameter synthesis problems for interaction-level LTL properties are translated to parameter synthesis problems for state-based safety properties. For safety properties, synthesis problems are solved by checking satisfiability of $\exists\forall$SMT constraints. For constraint generation, we provide a set of computationally cheap over-approximations of the set of reachable states, together with fence ...
Our work has been originally motivated by Tezos, a public blockchain which focuses on software co... more Our work has been originally motivated by Tezos, a public blockchain which focuses on software correctness and which enables formal reasoning and verification. To further strengthen the resilience of Tezos, which now depends on a consensus protocol delivering only probabilistic finality, we propose a consensus protocol that brings deterministic finality. Our solution is backward compatible with the current liquid proof-of-stake system underlying Tezos. The main contributions of this paper are the following: (i) a formal specification of the Dynamic Repeated Consensus (DRC) problem, an adaptation of the repeated consensus problem to dynamic committees, (ii) Tenderbake, a solution to the DRC problem in a Byzantine and partially synchronous system model. In contrast to recent proposals, Tenderbake works with bounded message buffers. This feature represents a countermeasure to spamming and prevents runtime memory errors. For these reasons we think that Tenderbake is suitable for blockch...
This paper describes our approach to the Multi-Agent Programming Contest in coordination with Pro... more This paper describes our approach to the Multi-Agent Programming Contest in coordination with ProMAS and AAMAS 2007. The object of the contest is to mine as much gold as possible in competition with other teams in a multi-agent goldrush scenario. Our agents are implemented in 2APL, a BDI-based agent-oriented programming language. As required by the contest, we designed and specified
Proceedings of the 7th international joint …, 2008
We present a proof-technique for reducing the nondeterminism of abstract agent specifications in ... more We present a proof-technique for reducing the nondeterminism of abstract agent specifications in a BDI framework by means of refinement. We implement the operational semantics of agent specifications in rewrite systems such that we can automatically check ...
First-generation blockchains provide probabilistic finality: a block can be revoked, albeit the p... more First-generation blockchains provide probabilistic finality: a block can be revoked, albeit the probability decreases as the block sinks deeper into the chain. Recent proposals revisited committee-based BFT consensus to provide deterministic finality: as soon as a block is validated, it is never revoked. A distinguishing characteristic of these second-generation blockchains over classical BFT protocols is that committees change over time as the participation and the blockchain state evolve. In this paper, we push forward in this direction by proposing a formalization of the Dynamic Repeated Consensus problem and by providing generic procedures to solve it in the context of blockchains. Our approach is modular in that one can plug in different synchronizers and single-shot consensus instances. To offer a complete solution, we provide a concrete instantiation, called Tenderbake, and present a blockchain synchronizer and a single-shot consensus algorithm, working in a Byzantine and par...
Specification and Verification of Multi-agent Systems, 2010
This chapter introduces an encompassing theory of refinement which supports a top-down methodolog... more This chapter introduces an encompassing theory of refinement which supports a top-down methodology for designing multi-agent systems. We present a general modelling framework where we identify different abstraction levels of BDI agents. On the one hand, at a higher level of abstraction we introduce the language BUnity as a way to specify “what” an agent can do. On the other hand, at a more concrete layer we introduce the language BUpL as implementing not only what an agent can do but also “when” the agent can do. At this stage of individual agent design, refinement is understood as trace inclusion. Having the traces of an implementation included in the traces of a given specification means that the implementation is correct with respect to the specification.
International Joint Conference on Autonomous Agents & Multiagent Systems, 2009
ABSTRACT Timed coordination is an important issue in the developement of multi-agent systems. How... more ABSTRACT Timed coordination is an important issue in the developement of multi-agent systems. However, introducing a formalism for modelling time and achieving coordination while respecting the autonomy of the agents is still a challenge. This paper describes a ...
We propose a method for compositional verification to address the state space explosion problem i... more We propose a method for compositional verification to address the state space explosion problem inherent to model-checking timed systems with a large number of components. The main challenge is to obtain pertinent global timing constraints from the timings in the components alone. To this end, we make use of auxiliary clocks to automatically generate new invariants which capture the constraints induced by the synchronisations between components. The method has been implemented in the RTD-Finder tool and successfully experimented on several benchmarks.
Individual machines in flexible production lines explicitly expose capabilities at their interfac... more Individual machines in flexible production lines explicitly expose capabilities at their interfaces by means of parametric skills. Given such a set of configurable machines, a line integrator is faced with the problem of finding and tuning parameters for each machine such that the overall production line implements given safety and temporal requirements in an optimized and robust fashion. We formalize this problem of configuring and orchestrating flexible production lines as a parameter synthesis problem for systems of parametric timed automata, where interactions are based on skills. Parameter synthesis problems for interaction-level LTL properties are translated to parameter synthesis problems for state-based safety properties. For safety properties, synthesis problems are solved by checking satisfiability of $\exists\forall$SMT constraints. For constraint generation, we provide a set of computationally cheap over-approximations of the set of reachable states, together with fence ...
Our work has been originally motivated by Tezos, a public blockchain which focuses on software co... more Our work has been originally motivated by Tezos, a public blockchain which focuses on software correctness and which enables formal reasoning and verification. To further strengthen the resilience of Tezos, which now depends on a consensus protocol delivering only probabilistic finality, we propose a consensus protocol that brings deterministic finality. Our solution is backward compatible with the current liquid proof-of-stake system underlying Tezos. The main contributions of this paper are the following: (i) a formal specification of the Dynamic Repeated Consensus (DRC) problem, an adaptation of the repeated consensus problem to dynamic committees, (ii) Tenderbake, a solution to the DRC problem in a Byzantine and partially synchronous system model. In contrast to recent proposals, Tenderbake works with bounded message buffers. This feature represents a countermeasure to spamming and prevents runtime memory errors. For these reasons we think that Tenderbake is suitable for blockch...
This paper describes our approach to the Multi-Agent Programming Contest in coordination with Pro... more This paper describes our approach to the Multi-Agent Programming Contest in coordination with ProMAS and AAMAS 2007. The object of the contest is to mine as much gold as possible in competition with other teams in a multi-agent goldrush scenario. Our agents are implemented in 2APL, a BDI-based agent-oriented programming language. As required by the contest, we designed and specified
Proceedings of the 7th international joint …, 2008
We present a proof-technique for reducing the nondeterminism of abstract agent specifications in ... more We present a proof-technique for reducing the nondeterminism of abstract agent specifications in a BDI framework by means of refinement. We implement the operational semantics of agent specifications in rewrite systems such that we can automatically check ...
Uploads
Papers by Lacramioara Astefanoaei