Gerardo Schneider Dept. of Computer Science and Engineering - - PowerPoint PPT Presentation

Gerardo Schneider

• Dept. of Computer Science and Engineering

Chalmers | Univ. of Gothenburg

gerardo@cse.gu.se http://www.cse.chalmers.se/~gersch/

FMAIL’19

Bergen, 2 December 2019

(1) (2) (3)

Counter- example Analyzer NL to CNL CNL to FL Contract Analyzer Monitor Gener. Run me Viola on Analyzer Sta c Viola on Analyzer

Run me Sta c

NLCon CNLCon eCon Prop Lib AeCon CEx Log Mon Sys QL

Normative texts: specifications, requirements, legal contracts, regulations, directives, work descriptions, …

2

(1) (2) (3)

Counter- example Analyzer NL to CNL CNL to FL Contract Analyzer Monitor Gener. Run me Viola on Analyzer Sta c Viola on Analyzer

Run me Sta c

NLCon CNLCon eCon Prop Lib AeCon CEx Log Mon Sys QL

Many challenges to address before getting a fully working system!

 Will mention few of them…

3

(1) (2) (3)

Counter- example Analyzer NL to CNL CNL to FL Contract Analyzer Monitor Gener. Run me Viola on Analyzer Sta c Viola on Analyzer

Run me Sta c

NLCon CNLCon eCon Prop Lib AeCon CEx Log Mon Sys QL

4 Need a ”good” logic: real time, no &, cross-references, explicit agents, … Develop model checker, query and property language (decidability issues,…)

• Contracts with algorithmic

content: Average, percentages, usage, etc, over a given period of time

• Needs a rich library with some

standard procedures

• Connection between the abstract

level description of a contract and the system: Script to make the connection semi-automatically Need a ”good” CNL close to NL Intelligent editor? NL2CNL: (bottleneck) expressiveness vs automation Statistic vs grammar (machine learning ?!) Runtime overhead Distributed monitors Causality and liability analyis: are traces enough? (need to

keep track of alternatives in the past)

• Theory of contracts
• Evolving contracts
• …

▪ Long and low level witnesses ▪ Identifying where the problem is

5

(1) (2) (3)

Counter- example Analyzer NL to CNL CNL to FL Contract Analyzer Monitor Gener. Run me Viola on Analyzer Sta c Viola on Analyzer

Run me Sta c

NLCon CNLCon eCon Prop Lib AeCon CEx Log Mon Sys QL

6

A (simple) CNL to translate into CL

CL: A formal language for contracts CLAN: A conflict analyzer

Simple monitor extraction algorithm

* Cristian Prisacariu et al

(1) (2) (3)

Counter- example Analyzer NL to CNL CNL to FL Contract Analyzer Monitor Gener. Run me Viola on Analyzer Sta c Viola on Analyzer

Run me Sta c

NLCon CNLCon eCon Prop Lib AeCon CEx Log Mon Sys QL

7

* John Camilleri et al * Enrique Martínez et al A CNL to translate into C-O Diagrams C-O Diagrams Syntactic and semantic queries Contract Verifier (web-based prototype tool) Semi-automatic procedure

8

9

1.

After the Client presents a valid ticket (pt), the Crew is obliged to check the Client’s passport is OK (cp) and then give the boarding pass (gb)

2.

If the Client shows a boarding pass (sb) and the Crew check its validity (cb), then the Crew is forbidden to deliver a boarding pass (gb). If the Crew delivers a boarding pass it should destroy

• ne of them (db).

[pt] O(cp.gb) ^ [sb.cb] FO(db)(gb)

 A formal language to specify “contracts”

 Conditional obligations, prohibitions and permissions over

complex actions

 CTDs and CTPs

CL

* Joint work with Cristian Prisacariu (PhD thesis)

10

 Encoding into the modal mu-calculus

 Useful to show expressiveness

 Kripke-structure semantics

 “The” semantics of the language

 Trace semantics

 Useful for monitoring purposes (useful for CLAN)

* Joint work with Cristian Prisacariu (PhD thesis)

CL Semantics

11

* Joint work with Stephen Fenech and Gordon Pace

[pt] O(cp.gb) ^ [sb.cb] FO(db)(gb)

CLAN: Conflict!



Conflict Analyzer for CL

1.

Obliged and forbidden from performing the same action

2.

Permitted and forbidden from performing the same action

3.

Obliged to perform two conflicting actions

4.

Obliged and permitted to perform two conflicting actions



Soundness, completeness, terminatation



Trace semantics



Counterexample



Simulation

Conflict Analysis (CLAN)

12

 A framework allowing contracts written in

Controlled Natural Language (CNL) to be analyzed for conflicts

* Joint work with John Camilleri & Krasimir Angelov

13

Key elements

 Languages

 CNL  CL

 Framework

 GF

 Analyzer

 CLAN

* Joint work with John Camilleri & Krasimir Angelov

14

15

* John J. Camilleri et al (2014-2017) * Enrique Martínez et al (2012-2013)

R RegIsOpen

16

Action Agent Modality Time constraints Reparation Activation constraint

The ”Box”

Label

&

Clocks associated with boxes (t_submit) Clocks associated with actions (t_app) Predicates ( IsDone(.)

IsSat(.) IsViol(.) ... )

Timing constraints

17

<

<

Sequence Conjunction Choice

Refinement

18

19

Timed Automata Semantics

20

21

* John J. Camilleri et al 2016 * Proof-of-concept prototype: http://remu.grammaticalframework.org/contracts/verifier/

Na t u r a l L a n g u a g e No r ma t i v e Co n t r a c t T a b u l a r v i e w

Mod Agent Action O u se r p a y P a d mi n b l

• c

k

Co n t r

• l

l e d Na t u r a l L a n g u a g e ( CNL ) T i me d Au t

• ma

t a ( NT A)

T r an s l ati

• n

Se ma n t i c Qu e r y

E ฀ t < 5 ฀ p 1 .

• k

SAT / UNSAT + c

• u

n t e r

• e

x a mp l e Sy n t a c t i c Qu e r y

i sOb l & a g e n t ( u se r )

M a t c h i n g c l a u se s Co n t r a c t M

• d

e l Na t u r a l L a n g u a g e Qu e r y

<obligation> <agent>user</agent> <action>pay</action> </obligation> <permission> <agent>admin</agent> ...

E xtr acti

• n

C o n ver s i

• n

V erbal i s ati

• n

Stanford parser

22

Different representations of the contract model:

• Original input text (top)
• Controlled natural language (bottom left)
• C-O Diagram (bottom right)

23

• Visualization of the extracted CNL
• Each row indicates a clause (first sentence refined into sub-clauses)
• User can post-edit the extracted output before going on to the next step

24

• Queries
• Syntactic (text mining on the internal xml representation)
• “Semantic” (timed automata -> UPPAAL)

Automatic extraction of actions and actors Syntactic and ”semantic” queries

25

• ”Philosophical” papers

– Joint work with Gordon Pace and Fernando Schapachnik

• Contract Automata

– Mostly Gordon’s work

27

WHAT IS THE CONNECTION BETWEEN

28

SMART CONTRACTS ”REAL” (LEGAL) CONTRACTS

29

Smart Contracts

30

NOT smart! NOT contracts!

Today….

But we would like them to be!

are...

Limitations

and

Open Issues (Challenges)

31

Smart Contracts as “Software” (Programs)

Smart Contracts as “Contracts”

32

Smart Contracts as “Contracts”

Understanding the underlying contract

• What is the smart contract

(program) encoding?

• What are my rights and

responsibilities/obligations?

• Where are they

“written”?

Connection with the real world

• No way to ensure certain

transactions are satisfied

• Was the good delivered?
• Blockchain + Off-Chain
• What are the liabilities?
• Explicit? Where?
• Are they enforceable?
• What is the legal value?

33

Starting in 2020

34

Language to write Smart Legal Contracts Smart Contract Language

Enhanced with high-level code

35

36

SMART CONTRACTS

(CONNECTIONS WITH THE LEGAL)

BLOCKCHAIN CNL FOR LEGAL CONTRACTS BETWEEN PARTIES

(RESOURCE AWARE)

▪

Cristian Prisacariu (PhD thesis)

▪

John Camilleri (PhD thesis)

▪

Enrique Martínez

▪

Gordon Pace

▪

Stephen Fenech, Fernando Schapachnik, Krasimir Angelov, Emilia Cambronero, Gregorio Díaz, Normunds Gruzitis, Mohammad Reza Haghshenas, Marcel Kyas, Olaf Owe, Gabrielle Paganelli, Anders Ravn,…

37

ACKNOWLEDGEMENTS

38

?

Gerardo Schneider 39

40 Gerardo Schneider

• Xerox Research Center Grenoble, 1998
• Aarne Ranta (Univ. of Gothenburg)



A programming language for multilingual grammar applications

 A special-purpose language for grammars, but not restricted to prog.

lang.

 A functional language, but specialized to grammar writing  A natural language processing framework, but based on functional

• prog. and type theory

 A categorial grammar formalism, but different and equipped with

different tools

 A logical framework, but equipped with concrete syntax in addition to

logic



Abstract syntax vs Concrete syntax

 Abstract defines a system of trees  Concrete specifies how trees are realized as strings



GF grammars are reversible

 Linearization (abstract - concrete) and parsing (concrete – abstract)

41 Gerardo Schneider

 Actions are abstract names in CL, and represent

sentences in NL

 The ground crew opens the check-in desk

subject verb object

 We have all CL action operators: and, choice,

sequences,…

 In our CNL  The verb is important  Free text is delimited with { and }

{the ground crew} opens {the check-in desk}

We follow the Internet recommendation RFC 2119 (for requirement specification)

42 Gerardo Schneider

 Obligation

{the ground crew} must open {the check-in desk} shall open is required to open

 Permission

{the ground crew} may open {…} it is optional for {the ground crew} to open {…}

 Prohibition {the ground crew} must not open {…}

{the ground crew} shall not open {…}

 Reparations

{the ground crew} must open {…} otherwise {the ground crew} must pay {a fine}

43 Gerardo Schneider

 We use indentation / bullet lists for conjunction

(both) and choice (either) on clauses

Both

• {the ground crew} must not issue

{boarding pass}

• {the ground crew} must not reopen {the

check-in desk}

 CNL representation for most of CL terms

44 Gerardo Schneider

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <contract> <clauses> <clause> [b6] (F(a1) ^ F(a4)) </clause> </clauses> <concurrentActions/> <action> b6 # a4</action> <action> b6 # a1</action> <action> a4 # a1</action> </concurrentActions> </contract>

 Intermediates files

 GF abstract syntax

 …

 CL formula

 txt and xml format

 Output of CLAN

 Translated back to CNL

45 Gerardo Schneider

 Applied to two case studies

 Airline check-in process

[Fenech, Pace & Schneider, 2009]

 Internet Service Provider (ISP) contract [Pace,

Prisacariu & Schneider, 2007]

* K. Angelov, J. Camilleri and G. Schneider. A Framework for Conflict Analysis of Normative Texts Written in CNL. Subbmitted to JLAP, 2012

46 Gerardo Schneider

Once the check-in desk is closed, the ground crew is prohibited from issuing any boarding pass or from reopening the check-in desk. if { the ground crew } closes { the check-in desk } then both

• {the ground crew } must not issue { boarding pass }
• {the ground crew } must not reopen { the check-in desk }

NL Description (incomplete…) CNL version (Input file to AnaCon)  AnaCon will generate a “dictionary”  b6: “the ground crew closes the check-in desk”  a4: “the ground crew reopens the check-in desk”  It is possible to add mutually exclusive actions  b6 # a4

47 Gerardo Schneider

if { the airline crew } provides { the passenger manifest to the ground crew } then each

• f
• first {the check -in crew } must initiate { the check -in process } ...
• {the ground crew } must close { the check -in desk 20 mins before flight leaves } ...
• if {the ground crew } closes { the check -in desk 20 mins before flight leaves } then ...

[a5]((O(a8&...))^((O(b5))^[b5](...)))

CNL Description (Input file to AnaCon -partial) CL generated by AnaCon

4 counter examples found ( only showing first ) Clause : (((( Oa8 )_(Ob6)) ^([ a8 ]((O(b4 .( a7.a6)))_( Ob6))))^((( Ob5)_( Oa3)) ^(([ b5 ]( Ob1)) ^(([ b5 ]( Fa1)) ^([b5 ]( Fa4)))))) Trace :

• 1. the flight leave in two hours
• 2. the ground crew open the check -in desk 2 hours before
• 3. the ground crew request the passenger manifest from the airline
• 4. the airline crew provide the passenger manifest to the ground crew

Output AnaCon

48 Gerardo Schneider

 Determine whether the counter-example indicates a

problem…

 … in the model (CNL)  … in the real contract

 This might require revisiting and rewriting the

CNL and try many times

 In some cases you might get to go into the CL formula L