Calculi for higher order communicating systems

This thesis develops two Calculi for Higher Order Communicating Systems. Both calculi consider sending and receiving processes to be as fundamental as nondeterminism and parallel composition. The first calculus called CHOCS is an extension of Milner's CCS in the sense that all the constructions of CCS are included or may be derived from more fundamental constructs. Most of the mathematical framework of CCS carries over almost unchanged. The operational semantics of CHOCS is given as a labelled transition system and it is a direct extension of the semantics of CCS with value passing. A set of algebraic laws satisfied by the calculus is presented. These are similar to the CCS laws only introducing obvious extra laws for sending and receiving processes. The power of process passing is underlined by a result showing that the recursion operator is unnecessary in the sense that recursion can be simulated by means of process passing and communication. The CHOCS language is also studied by means of a denotational semantics. A major result is the full abstractness of this semantics with respect to the operational semantics. The denotational semantics is used to provide an easy proof of the simulation of recursion. Introducing processes as first class objects yields a powerful metalanguage. It is shown that it is possible to simulate various reduction strategies of the untyped λ-Calculus in CHOCS. As pointed out by Milner, CCS has its limitations when one wants to describe unboundedly expanding systems, e.g. an unbounded number of procedure invocations in an imperative concurrent programming language P with recursive procedures. CHOCS may neatly describe both call-by-value and call-by-reference parameter mechanisms for P. We also consider call-by-name and lazy parameter mechanisms for P. The second calculus is called Plain CHOCS. Essential to the new calculus is the treatment of restriction as a static binding operator on port names. This calculus is given an operational semantics using labelled transition systems which combines ideas from the applicative transition systems described by Abramsky and the transition systems used for CHOCS. This calculus enjoys algebraic properties which are similar to those of CHOCS only needing obvious extra laws for the static nature of the restriction operator. Processes as first class objects enable description of networks with changing interconnection structure and there is a close connection between the Plain CHOCS calculus and the π-Calculus described by Milner, Parrow and Walker: the two calculi can simulate one another. Recently object oriented programming has grown into a major discipline in computational practice as well as in computer science. From a theoretical point of view object oriented programming presents a challenge to any metalanguage since most object oriented languages have no formal semantics. We show how Plain CHOCS may be used to give a semantics to a prototype object oriented language called 0.Open Acess

Encoding CSP into CCS

We study encodings from CSP into asynchronous CCS with name passing and matching, so in fact, the asynchronous pi-calculus. By doing so, we discuss two different ways to map the multi-way synchronisation mechanism of CSP into the two-way synchronisation mechanism of CCS. Both encodings satisfy the criteria of Gorla except for compositionality, as both use an additional top-level context. Following the work of Parrow and Sj\"odin, the first encoding uses a centralised coordinator and establishes a variant of weak bisimilarity between source terms and their translations. The second encoding is decentralised, and thus more efficient, but ensures only a form of coupled similarity between source terms and their translations.Comment: In Proceedings EXPRESS/SOS 2015, arXiv:1508.0634

A UML-based static verification framework for security

Secure software engineering is a new research area that has been proposed to address security issues during the development of software systems. This new area of research advocates that security characteristics should be considered from the early stages of the software development life cycle and should not be added as another layer in the system on an ad-hoc basis after the system is built. In this paper, we describe a UML-based Static Verification Framework (USVF) to support the design and verification of secure software systems in early stages of the software development life-cycle taking into consideration security and general requirements of the software system. USVF performs static verification on UML models consisting of UML class and state machine diagrams extended by an action language. We present an operational semantics of UML models, define a property specification language designed to reason about temporal and general properties of UML state machines using the semantic domains of the former, and implement the model checking process by translating models and properties into Promela, the input language of the SPIN model checker. We show that the methodology can be applied to the verification of security properties by representing the main aspects of security, namely availability, integrity and confidentiality, in the USVF property specification language

Automatic Verification of Erlang-Style Concurrency

This paper presents an approach to verify safety properties of Erlang-style, higher-order concurrent programs automatically. Inspired by Core Erlang, we introduce Lambda-Actor, a prototypical functional language with pattern-matching algebraic data types, augmented with process creation and asynchronous message-passing primitives. We formalise an abstract model of Lambda-Actor programs called Actor Communicating System (ACS) which has a natural interpretation as a vector addition system, for which some verification problems are decidable. We give a parametric abstract interpretation framework for Lambda-Actor and use it to build a polytime computable, flow-based, abstract semantics of Lambda-Actor programs, which we then use to bootstrap the ACS construction, thus deriving a more accurate abstract model of the input program. We have constructed Soter, a tool implementation of the verification method, thereby obtaining the first fully-automatic, infinite-state model checker for a core fragment of Erlang. We find that in practice our abstraction technique is accurate enough to verify an interesting range of safety properties. Though the ACS coverability problem is Expspace-complete, Soter can analyse these verification problems surprisingly efficiently.Comment: 12 pages plus appendix, 4 figures, 1 table. The tool is available at http://mjolnir.cs.ox.ac.uk/soter

Static Safety for an Actor Dedicated Process Calculus by Abstract Interpretation

The actor model eases the definition of concurrent programs with non uniform behaviors. Static analysis of such a model was previously done in a data-flow oriented way, with type systems. This approach was based on constraint set resolution and was not able to deal with precise properties for communications of behaviors. We present here a new approach, control-flow oriented, based on the abstract interpretation framework, able to deal with communication of behaviors. Within our new analyses, we are able to verify most of the previous properties we observed as well as new ones, principally based on occurrence counting

On the Expressiveness of Markovian Process Calculi with Durational and Durationless Actions

Several Markovian process calculi have been proposed in the literature, which differ from each other for various aspects. With regard to the action representation, we distinguish between integrated-time Markovian process calculi, in which every action has an exponentially distributed duration associated with it, and orthogonal-time Markovian process calculi, in which action execution is separated from time passing. Similar to deterministically timed process calculi, we show that these two options are not irreconcilable by exhibiting three mappings from an integrated-time Markovian process calculus to an orthogonal-time Markovian process calculus that preserve the behavioral equivalence of process terms under different interpretations of action execution: eagerness, laziness, and maximal progress. The mappings are limited to classes of process terms of the integrated-time Markovian process calculus with restrictions on parallel composition and do not involve the full capability of the orthogonal-time Markovian process calculus of expressing nondeterministic choices, thus elucidating the only two important differences between the two calculi: their synchronization disciplines and their ways of solving choices

Towards a Unified Framework for Declarative Structured Communications

We present a unified framework for the declarative analysis of structured communications. By relying on a (timed) concurrent constraint programming language, we show that in addition to the usual operational techniques from process calculi, the analysis of structured communications can elegantly exploit logic-based reasoning techniques. We introduce a declarative interpretation of the language for structured communications proposed by Honda, Vasconcelos, and Kubo. Distinguishing features of our approach are: the possibility of including partial information (constraints) in the session model; the use of explicit time for reasoning about session duration and expiration; a tight correspondence with logic, which formally relates session execution and linear-time temporal logic formulas