Defining Trace Semantics for CSP-Agda

This article is based on the library CSP-Agda, which represents the process algebra CSP coinductively in the interactive theorem prover Agda. The intended application area of CSP-Agda is the proof of properties of safety critical systems (especially the railway domain). In CSP-Agda, CSP processes have been extended to monadic form, allowing the design of processes in a more modular way. In this article we extend the trace semantics of CSP to the monadic setting. We implement this semantics, together with the corresponding refinement and equality relation, formally in CSP-Agda. In order to demonstrate the proof capabilities of CSP-Agda, we prove in CSP-Agda selected algebraic laws of CSP based on the trace semantics. Because of the monadic settings, some adjustments need to be made to these laws. The examples covered in this article are the laws of refinement, commutativity of interleaving and parallel, and the monad laws for the monadic extension of CSP. All proofs and definitions have been type checked in Agda. Further proofs of algebraic laws will be available in the repository of CSP-Agda

Integration of the Process Algebra CSP in Dependent Type Theory - Formalisation and Verification

We introduce a library called CSP-Agda for representing processes in the dependently typed theorem prover and interactive programming language Agda. We will enhance processes by a monad structure. The monad struc-ture facilitates combining processes in a modular way, and allows to define recursion as a direct operation on processes. Processes are defined coinduc-tively as non-well-founded trees. The nodes of the tree are formed by a an atomic one step relation, which determines for a process the external, internal choices, and termination events it can choose, and whether the process has terminated. The data type of processes is inspired by Setzer and Hancock’s notion of interactive programs in dependent type theory. The operators of CSP will be defined rather than atomic operations, and compute new ele-ments of the data type of processes from existing ones.The approach will make use of advanced type theoretic features: the use of inductive-recursively defined universes; the definition of coinductive types by their observations, which has similarities to the notion of an object in object-oriented programming; the use of sized types for coinductive types, which allow coinductive definitions in a modular way; the handling of fini-tary information (names of processes) in a coinductive settings; the use of named types for automatic inference of arguments similar to its use in tem-plate Meta-programming in C++; and the use of interactive programs in dependent type theory.We introduce a simulator as an interactive program in Agda. The simula-tor allows to observe the evolving of processes following external or internal choices. Our aim is to use this in order to simulate railway interlocking system and write programs in Agda which directly use CSP processes.Then we extend the trace semantics of CSP to the monadic setting. We implement this semantics, together with the corresponding refinement and equality relation, formally in CSP-Agda. In order to demonstrate the proof capabilities of CSP-Agda, we prove in CSP-Agda selected algebraic laws of CSP based on the trace semantics. Because of the monadic settings, some adjustments need to be made to these laws.Next we implement the more advanced semantics of CSP, the stable fail-ures semantics and the failures divergences infinite traces semantics (FDI), in CSP-Agda, and define the corresponding refinement and equality relations. Direct proofs in these semantics are cumbersome, and we develop a tech-nique of showing algebraic laws in those semantics in an indirect way, which is much easier. We introduce divergence-respecting weak bisimilarity and strong bisimilarity in CSP-Agda, and show that both imply equivalence with respect to stable failures and FDI semantics. Now we show certain algebraic laws with respect to one of these two bisimilarity relations. As a case study, we model and verify a possible scenario for railways in CSP-Agda and in standard CSP tools

Programming with monadic CSP-style processes in dependent type theory

We introduce a library called CSP-Agda for representing processes in the dependently typed theorem prover and interactive programming language Agda. We will enhance processes by a monad structure. The monad structure facilitates combining processes in a modular way, and allows to define recursion as a direct operation on processes. Processes are defined coinductively as non-well-founded trees. The nodes of the tree are formed by a an atomic one step relation, which determines for a process the external, internal choices, and termination events it can choose, and whether the process has terminated. The data type of processes is inspired by Setzer and Hancock's notion of interactive programs in dependent type theory. The operators of CSP will be defined rather than atomic operations, and compute new elements of the data type of processes from existing ones. The approach will make use of advanced type theoretic features: the use of inductive-recursively defined universes; the definition of coinductive types by their observations, which has similarities to the notion of an object in object-oriented programming; the use of sized types for coinductive types, which allow coinductive definitions in a modular way; the handling of finitary information (names of processes) in a coinductive settings; the use of named types for automatic inference of arguments similar to its use in template Meta-programming in C++; and the use of interactive programs in dependent type theory.We introduce a simulator as an interactive program in Agda. The simulator allows to observe the evolving of processes following external or internal choices. Our aim is to use this in order to simulate railway interlocking system and write programs in Agda which directly use CSP processes

Verified compilation from BitML to Bitcoin: an Agda odyssey

Blockchain technology has taken the financial world by storm in recent years, allowing for programmable contracts to be enacted amongst participants in a decentralised fashion. Bugs in those programs, however, can lead to huge monetary losses and cannot in principle be amended after detection, due to the blockchain being an immutable data structure. This incentivizes a high-assurance approach to developing smart contracts, which so far has mainly consisted of approximate methods of static analysis. Here, we strive for something more radical, namely the use of interactive proof assistants grounded in Type Theory to develop such contracts and formally verify their correctness by proving logical propositions within the same system. Specifically, we take existing work on the Bitcoin Modelling Language (BitML) — a high-level process calculus for expressing contracts that compile down to Bitcoin transactions — and encode its definitions, semantics, and translation procedure in the Agda proof assistant. BitML is one of the most mature works at the confluence of Blockchain and Programming Languages, which justifies the tremendous amount of effort required to mechanise the intricate results of the original paper, compared to various more lightweight alternatives such as model checking. We can then prove properties about BitML contracts as Agda programs, in particular the main meta-theoretical result of the BitML paper, compilation correctness, which states that it suffices to prove properties at the more abstract level of BitML contracts, and then provably transfer them to the low-level of Bitcoin transactions. By virtue of working in a type-theoretic proof assistant whose underlying logic is constructive, we can say that the central research goal of this thesis amounts to producing a verified compiler from BitML contracts to Bitcoin transactions. This whole dissertation is a type-checked Agda script, and the corresponding formalisations are publicly available in HTML format: - https://omelkonian.github.io/formal-bitcoin/ - https://omelkonian.github.io/formal-bitml/ - https://omelkonian.github.io/formal-bitml-to-bitcoin

A Calculus of Space, Time, and Causality: its Algebra, Geometry, Logic

The calculus formalises human intuition and common sense about space, time, and causality in the natural world. Its intention is to assist in the design and implementation of programs, of programming languages, and of interworking by tool chains that support rational program development. The theses of this paper are that Concurrent Kleene Algebra (CKA) is the algebra of programming, that the diagrams of the Unified Modeling Language provide its geometry, and that Unifying Theories of Program- ming (UTP) provides its logic. These theses are illustrated by a fomalisation of features of the first concurrent object-oriented language, Simula 67. Each level of the calculus is a conservative extension of its predecessor. We conclude the paper with an extended section on future research directions for developing and applying UTP, CKA, and our calculus, and on how we propose to implement our algebra, geometry, and logic

Developing GUI Applications in a Verified Setting

Although there have been major achievements in verified software, work on verifying graphical user interfaces (GUI) applications is underdeveloped relative to their ubiquity and societal importance.In this paper, we present a library for the development of verified, state-dependent GUI applications in the dependently typed programming language Agda. The library uses Agda's expressive type system to ensure that the GUI, its controller, and the underlying model are all consistent, significantly reducing the scope for GUI-related bugs.We provide a way to specify and prove correctness properties of GUI applications in terms of user interactions and state transitions. Critically, GUI applications and correctness properties are not restricted to finite state machines and may involve the execution of arbitrary interactive programs. Additionally, the library connects to a standard, imperative GUI framework, enabling the development of native GUI applications with expected features, such as concurrency.We present applications of our library to building GUI applications to manage healthcare processes. The correctness properties we consider are the following: (1) That a state can only be reached by passing through a particular intermediate state, for example, that a particular treatment can only be reached after having conducted an X-Ray. (2) That one eventually reaches a particular state, for example, that one eventually decides on a treatment. The specification of such properties is defined in terms of a GUI application simulator, which simulates all possible sequences of interactions carried out by the user

Compositional approach to design of digital circuits

PhD ThesisIn this work we explore compositional methods for design of digital circuits with the aim of improving existing methodoligies for desigh reuse. We address compositionality techniques looking from both structural and behavioural perspectives. First we consider the existing method of handshake circuit optimisation via control path resynthesis using Petri nets, an approach using structural composition. In that approach labelled Petri net parallel composition plays an important role and we introduce an improvement to the parallel composition algorithm, reducing the number of redundant places in the resulting Petri net representations. The proposed algorithm applies to labelled Petri nets in general and can be applied outside of the handshake circuit optimisation use case. Next we look at the conditional partial order graph (CPOG) formalism, an approach that allows for a convenient representation of systems consisting of multiple alternative system behaviours, a phenomenon we call behavioural composition. We generalise the notion of CPOG and identify an algebraic structure on a more general notion of parameterised graph. This allows us to do equivalence-preserving manipulation of graphs in symbolic form, which simplifies specification and reasoning about systems defined in this way, as displayed by two case studies. As a third contribution we build upon the previous work of CPOG synthesis used to generate binary encoding of microcontroller instruction sets and design the corresponding instruction decoder logic. The proposed CPOG synthesis technique solves the optimisation problem for the general case, reducing it to Boolean satisfiability problem and uses existing SAT solving tools to obtain the result.This work was supported by a studentship from Newcastle University EECE school, EPSRC grant EP/G037809/1 (VERDAD) and EPSRC grant EP/K001698/1 (UNCOVER). i