On symbolic semantics for name-decorated contexts

Under several regards, various of the recently proposed computational paradigms are open-ended, i.e. they may comprise components whose behaviour is not or cannot be fully specified. For instance, applications can be distributed across different administration domains that do not fully disclose their internal business processes to each other, or the dynamics of the system may allow reconfigurations and dynamic bindings whose specification is not available at design time. While a large set of mature design and analysis techniques for closed systems have been developed, their lifting to the open case is not always straightforward. Some existing approaches in the process calculi community are based on the need of proving properties for components that may hold in any, or significantly many, execution environments. Dually, frameworks describing the dynamics of systems with unspecified components have also been presented. In this paper we lay some preliminary ideas on how to extend a symbolic semantics model for open systems in order to deal with name-based calculi. Moreover, we also discuss how the use of a simple type system based on name-decoration for unknown components can improve the expressiveness of the framework. The approach is illustrated on a simple, paradigmatic calculus of web crawlers, which can be understood as a term representation of a simple class of graphs

Bigraphical models for protein and membrane interactions

We present a bigraphical framework suited for modeling biological systems both at protein level and at membrane level. We characterize formally bigraphs corresponding to biologically meaningful systems, and bigraphic rewriting rules representing biologically admissible interactions. At the protein level, these bigraphic reactive systems correspond exactly to systems of kappa-calculus. Membrane-level interactions are represented by just two general rules, whose application can be triggered by protein-level interactions in a well-de\"ined and precise way. This framework can be used to compare and merge models at different abstraction levels; in particular, higher-level (e.g. mobility) activities can be given a formal biological justification in terms of low-level (i.e., protein) interactions. As examples, we formalize in our framework the vesiculation and the phagocytosis processes

On Barbs and Labels in Reactive Systems

Reactive systems (RSs) represent a meta-framework aimed at deriving behavioral congruences for those computational formalisms whose operational semantics is provided by reduction rules. RSs proved a flexible specification device, yet so far most of the efforts dealing with their behavioural semantics focused on idem pushouts (IPOs) and saturated (also known as dynamic) bisimulations. In this paper we introduce a novel, intermediate behavioural equivalence: L-bisimilarity, which is able to recast both its IPO and saturated counterparts. The equivalence is parametric with respect to a set L of RSs labels, and it is shown that under mild conditions on L it is indeed a congruence. Furthermore, L-bisimilarity can also recast the notion of barbed semantics for RSs, proposed by the same authors in a previous paper. In order to provide a suitable test-bed, we instantiate our proposal by addressing the semantics of (asynchronous) CCS and of the calculus of mobile ambients

Abstract Semantics by Observable Contexts

The operational behavior of interactive systems is usually given in terms of transition systems labeled with actions, which, when visible, represent both observations and interactions with the external world. The abstract semantics is given in terms of behavioral equivalences, which depend on the action labels and on the amount of branching structure considered. Behavioural equivalences are often congruences with respect to the operations of the language, and this property expresses the compositionality of the abstract semantics. A simpler approach, inspired by classical formalisms like pi-calculus, Petri nets, term and graph rewriting, and pioneered by the Chemical Abstract Machine [13], defines operational semantics by means of structural axioms and reaction rules. Process calculi representing complex systems, in particular those able to generate and communicate names, are often defined in this way, since structural axioms give a clear idea of the intended structure of the states while reaction rules, which are often non-conditional, give a direct account of the possible steps. Transitions caused by reaction rules, however, are not labeled, since they represent evolutions of the system without interactions with the external world. Thus reduction semantics in itself is neither abstract nor compositional. One standard solution, pioneered in [89], is that of defining a saturated transition system as follows: a process p can do a move with label C[-] and become q, iff C[p]--> q. Saturated semantics, i.e., the abstract semantics defined over the saturated transition system, are always congruences, but they are usually untractable since they have to tackle all possible contexts of which there are usually an infinite number. Moreover, in several paradigmatic cases, saturated semantics are too coarse. For example, in Milner's Calculus of Communicating Systems (CCS), saturated bisimilarity cannot distinguish "always divergent processes" and for this reason Milner and Sangiorgi introduced barbs. These are observations on the states representing the ability to interact over some channels. Sewell introduced a different approach that consists in deriving a transition system where labels are not all contexts but just the minimal ones allowing a system to reach a rule. In such a way, one obtains two advantages: firstly one avoids considering all contexts, and secondly, labels precisely represent interactions, i.e., the portion of environment that is really needed to react. This idea was then refined by Leifer and Milner in the theory of reactive systems, where the categorical notion of idem relative pushout precisely captures this idea of minimal context. In this thesis, we show that in some cases this approach works well (e.g., CCS) but often, the resulting abstract semantics are too strict. In our opinion, they are not really observational since the observer can know exactly how much structure a process needs to reach a specific rule, and thus the observation depends on the rules. One result of the thesis is that of providing evidence of this through several interesting formalisms modeled as reactive systems: Logic Programming, a fragment of open pi-calculus, and an interactive version of Petri nets. Moreover, we introduce two alternative definitions of bisimilarity that efficiently characterize saturated bisimilarity, namely semi-saturated bisimilarity and symbolic bisimilarity. These allow us to reason about saturated semantics without considering all contexts, but saturated semantics are in several cases too coarse. In order to have a framework that is suitable for many formalisms, we add to the above approach observations. Indeed, in our opinion, labels cannot represent both interactions and observations, because these two concepts are in general different, like for example, in the asynchronous calculi where receiving is not observable. Thus, we believe that some notion of observation, either on transitions or on states (e.g. barbs), is necessary. A further result of the thesis is that of providing a generalization of the above theory starting not just from purely reaction rules, but from transition systems labeled with observations. Here we can easily reuse saturated transition systems by defining them as follows: a process p can do a move with context C[-] and observation o and become q iff C[p] --o--> q. Again, saturated semantics, i.e. abstract semantics defined over the above transition systems, are congruences. Analogously to the case of reactive systems, we can define semi-saturated bisimilarity and symbolic bisimilarity as efficient characterizations of saturated semantics. The definition of symbolic bisimilarity which arises from this generalization is similar to the abstract semantics of several works. Here we consider open and asynchronous pi-calculus, by showing that their abstract semantics are instances of our general concepts of saturated and symbolic semantics. We also apply our approach to open Petri nets (that are an interactive version of P/T Petri nets) obtaining a new symbolic semantics for them, that efficiently characterizes their abstract semantics. We round up the thesis with a coalgebraic characterization for saturated, semi-saturated and symbolic bisimilarity. Universal Coalgebra provides a categorical framework where abstract semantics of interactive systems are described as morphisms to their minimal representatives. More precisely, if the category of coalgebras has final object 1, then the unique morphisms from a certain coalgebra to 1 equates all the bisimilar states. In other words, the final object can be seen as a universe of abstract behaviors and the unique morphism as a function assigning to each system its abstract behavior. This characterization of abstract semantics is not only theoretically interesting, but also pragmat- ically useful, since it suggests an algorithm which can check the equivalence: one computes the image of some coalgebras through the unique morphism (that for the finite lts corresponds to the list partitioning algorithm by Kanellakis and Smolka), and these coalgebras are behaviorally equivalent if their images are the same. Ordinary labeled transition systems can be represented as coalgebras, and the resulting abstract semantics exactly coincides with canonical bisimilarity. Then, providing a coalgebraic characterization of saturated bisimilarity is almost straightforward. The case of semi-saturated and symbolic bisimilarities are more complicated because their definitions are asymmetric. In order to properly characterizes semi-saturated and symbolic cases, we first introduce a new notion of redundancy on transitions and then normalized coalgebras: a special kind of coalgebras without redundant transitions. We prove that the category of normalized coalgebras is isomorphic to the category of saturated coalgebras (the coalgebras containing all the redundant transitions), where the large saturated transition system can be directly modelled. In doing this, we use the notions of normalization that throws away all the redundant transitions, and of saturation that adds all the redundant transitions. Both are natural transformations between the endofunctors (defining the two categories of coalgebras) and one is the inverse of the other. As a corollary of the isomorphism theorem, saturated bisimilarity can be characterized as bisimilarity in the category of normalized coalgebras, i.e., abstracting away from redundant transitions. This is interesting because, on the one hand, it provides us with a canonical representatives for ~S without redundant transitions (and then much smaller with respect to the saturated ones), on the other hand, it suggests a minimization algorithm for "efficiently" computing ~S

Proportional lumpability and proportional bisimilarity

3noIn this paper, we deal with the lumpability approach to cope with the state space explosion problem inherent to the computation of the stationary performance indices of large stochastic models. The lumpability method is based on a state aggregation technique and applies to Markov chains exhibiting some structural regularity. Moreover, it allows one to efficiently compute the exact values of the stationary performance indices when the model is actually lumpable. The notion of quasi-lumpability is based on the idea that a Markov chain can be altered by relatively small perturbations of the transition rates in such a way that the new resulting Markov chain is lumpable. In this case, only upper and lower bounds on the performance indices can be derived. Here, we introduce a novel notion of quasi-lumpability, named proportional lumpability, which extends the original definition of lumpability but, differently from the general definition of quasi-lumpability, it allows one to derive exact stationary performance indices for the original process. We then introduce the notion of proportional bisimilarity for the terms of the performance process algebra PEPA. Proportional bisimilarity induces a proportional lumpability on the underlying continuous-time Markov chains. Finally, we prove some compositionality results and show the applicability of our theory through examples.openopenMarin A.; Piazza C.; Rossi S.Marin, A.; Piazza, C.; Rossi, S

Theory and tool support for the formal verification of cryptographic protocols

Cryptographic protocols are an essential component of network communications. Despite their relatively small size compared to other distributed algorithms, they are known to be error-prone. This is due to the obligation to behave robustly in the context of unknown hostile attackers who might want to act against the security objectives of the jointly interacting entities. The need for techniques to verify the correctness of cryptographic protocols has stimulated the development of new frameworks and tools during the last decades. Among the various models is the spi calculus: a process calculus which is an extension of the pi calculus that incorporates cryptographic primitives. Process calculi such as the spi calculus offer the possibility to describe in a precise and concise way distributed algorithms such as cryptographic protocols. Moreover, spi calculus offers an elegant way to formalise some security properties of cryptographic protocols via behavioural equivalences. At the time this thesis began, this approach lacked tool support. Inspired by the situation in the pi calculus, we propose a new notion of behavioural equivalence for the spi calculus that is close to an algorithm. Besides, we propose a "coq" formalisation of our results that not only validates our theoretical developments but also will eventually be the basis of a certified tool that would automate equivalence checking of spi calculus terms. To complete the toolchain, we propose a formal semantics for an informal notation to describe cryptographic protocols, so called protocol narrations. We give a rigorous procedure to translate protocol narrations into spi calculus terms; this constitutes the foundations of our automatic translation tool "spyer"