Introduction to the ISO specification language LOTOS

LOTOS is a specification language that has been specifically developed for the formal description of the OSI (Open Systems Interconnection) architecture, although it is applicable to distributed, concurrent systems in general. In LOTOS a system is seen as a set of processes which interact and exchange data with each other and with their environment. LOTOS is expected to become an ISO international standard by 1988

Particpants' Proceedings on the Workshop: Types for Program Analysis

As a satellite meeting of the TAPSOFT'95 conference we organized a small workshop on program analysis. The title of the workshop, ``Types for Program Analysis´´, was motivated by the recent trend of letting the presentation and development of program analyses be influenced by annotated type systems, effect systems, and more general logical systems. The contents of the workshop was intended to be somewhat broader; consequently the call for participation listed the following areas of interest:- specification of specific analyses for programming languages,- the role of effects, polymorphism, conjunction/disjunction types, dependent types etc.in specification of analyses,- algorithmic tools and methods for solving general classes of type-based analyses,- the role of unification, semi-unification etc. in implementations of analyses,- proof techniques for establishing the safety of analyses,- relationship to other approaches to program analysis, including abstract interpretation and constraint-based methods,- exploitation of analysis results in program optimization and implementation.The submissions were not formally refereed; however each submission was read by several members of the program committee and received detailed comments and suggestions for improvement. We expect that several of the papers, in slightly revised forms, will show up at future conferences. The workshop took place at Aarhus University on May 26 and May 27 and lasted two half days

Factorization and resummation for generic hierarchies between Jets

Jets are an important probe to identify the hard interaction of interest at the LHC. They are routinely used in Standard Model precision measurements as well as in searches for new heavy particles, including jet substructure methods. In processes with several jets, one typically encounters hierarchies in the jet transverse momenta and/or dijet invariant masses. Large logarithms of the ratios of these kinematic jet scales in the cross section are at present primarily described by parton showers. We present a general factorization framework called SCET$_+$, which is an extension of Soft-Collinear Effective Theory (SCET) and allows for a systematic higher-order resummation of such kinematic logarithms for generic jet hierarchies. In SCET$_+$ additional intermediate soft/collinear modes are used to resolve jets arising from additional soft and/or collinear QCD emissions. The resulting factorized cross sections utilize collinear splitting amplitudes and soft gluon currents and fully capture spin and color correlations. We discuss how to systematically combine the different kinematic regimes to obtain a complete description of the jet phase space. To present its application in a simple context, we use the case of $e^+e^- \to$3 jets. We then discuss in detail the application to N-jet processes at hadron colliders, considering representative classes of hierarchies from which the general case can be built. This includes in particular multiple hierarchies that are either strongly ordered in angle or energy or not.Comment: 63 pages, 6 figures, v2: minor typos fixed, Ref. added, v3: journal versio

Work Analysis with Resource-Aware Session Types

While there exist several successful techniques for supporting programmers in deriving static resource bounds for sequential code, analyzing the resource usage of message-passing concurrent processes poses additional challenges. To meet these challenges, this article presents an analysis for statically deriving worst-case bounds on the total work performed by message-passing processes. To decompose interacting processes into components that can be analyzed in isolation, the analysis is based on novel resource-aware session types, which describe protocols and resource contracts for inter-process communication. A key innovation is that both messages and processes carry potential to share and amortize cost while communicating. To symbolically express resource usage in a setting without static data structures and intrinsic sizes, resource contracts describe bounds that are functions of interactions between processes. Resource-aware session types combine standard binary session types and type-based amortized resource analysis in a linear type system. This type system is formulated for a core session-type calculus of the language SILL and proved sound with respect to a multiset-based operational cost semantics that tracks the total number of messages that are exchanged in a system. The effectiveness of the analysis is demonstrated by analyzing standard examples from amortized analysis and the literature on session types and by a comparative performance analysis of different concurrent programs implementing the same interface.Comment: 25 pages, 2 pages of references, 11 pages of appendix, Accepted at LICS 201

A Verified Information-Flow Architecture

SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. At the lowest level, the SAFE hardware supports fine-grained programmable tags, with efficient and flexible propagation and combination of tags as instructions are executed. The operating system virtualizes these generic facilities to present an information-flow abstract machine that allows user programs to label sensitive data with rich confidentiality policies. We present a formal, machine-checked model of the key hardware and software mechanisms used to dynamically control information flow in SAFE and an end-to-end proof of noninterference for this model. We use a refinement proof methodology to propagate the noninterference property of the abstract machine down to the concrete machine level. We use an intermediate layer in the refinement chain that factors out the details of the information-flow control policy and devise a code generator for compiling such information-flow policies into low-level monitor code. Finally, we verify the correctness of this generator using a dedicated Hoare logic that abstracts from low-level machine instructions into a reusable set of verified structured code generators

Parameterised Multiparty Session Types

For many application-level distributed protocols and parallel algorithms, the set of participants, the number of messages or the interaction structure are only known at run-time. This paper proposes a dependent type theory for multiparty sessions which can statically guarantee type-safe, deadlock-free multiparty interactions among processes whose specifications are parameterised by indices. We use the primitive recursion operator from G\"odel's System T to express a wide range of communication patterns while keeping type checking decidable. To type individual distributed processes, a parameterised global type is projected onto a generic generator which represents a class of all possible end-point types. We prove the termination of the type-checking algorithm in the full system with both multiparty session types and recursive types. We illustrate our type theory through non-trivial programming and verification examples taken from parallel algorithms and Web services usecases.Comment: LMCS 201

On implicit program constructs

Session types are a well-established approach to ensuring protocol conformance and the absence of communication errors such as deadlocks in message passing systems. Implicit parameters, introduced by Haskell and popularised in Scala, are a mechanism to improve program readability and conciseness by allowing the programmer to omit function call arguments, and have the compiler insert them in a principled manner at compile-time. Scala recently gave implicit types first-class status (implicit functions), yielding an expressive tool for handling context dependency in a type-safe manner. DOT (Dependent Object Types) is an object calculus with path-dependent types and abstract type members, developed to serve as a theoretical foundation for the Scala programming language. As yet, DOT does not model all of Scala’s features, but a small subset. Among those features of Scala not yet modelled by DOT are implicit functions. We ask: can type-safe implicit functions be generalised from Scala’s sequential setting to message passing computation, to improve readability and conciseness of message passing programs? We answer this question in the affirmative by generalising the concept of an implicit function to an implicit message, its concurrent analogue, a programming language construct for session-typed concurrent computation. We explore new applications for implicit program constructs by integrating theminto four novel calculi, each demonstrating a new use case or theoretical result for implicits. Firstly, we integrate implicit functions and messages into the concurrent functional language LAST, Gay and Vasconcelos’s calculus of linear types for asynchronous sessions. We demonstrate their utility by example, and explore use cases for both implicit functions and implicit messages. We integrate implicit messages into two pi calculi, further demonstrating the robustness of our approach to extending calculi with implicits. We show that implicit messages are possible in the absence of lambda calculus, in languages with concurrency primitives only, and that they are sound not only in binary session-typed computation, but also in multi-party context. Finally we extend DOT to include implicit functions. We show type safety of the resulting calculus by translation to DOT, lending a higher degree of confidence to the correctness of implicit functions in Scala. We demonstrate that typical use cases for implicit functions in Scala are typably expressible in DOT when extended with implicit functions

Elements of concurrent programming (Third edition)

These lecture notes are intended to introduce the reader to the basic notions of nondeterministic and concurrent programming. We start by giving the operational semantics of a simple deterministic language and the operational semantics of a simple nondeterministic language based on guarded commands. Then we consider concurrent computations based on: (i) vectorization, (ii) shared variables, and (iii) handshaking communications à la CCS (Calculus for Communicating Systems) [16]. We also address the problem of mutual exclusion and for its solution we analyze various techniques such as those based on semaphores, critical regions, conditional critical regions, and monitors. Finally, we study the problem of detecting distributed termination and the problem of the serializability of database transactions. Sections 1, 2, and 6 are based on [16,22]. The material of Sections 3 and 4 is derived from [1,2,4,5,7,8,13,18,20]. Section 5 is based on [10] and is devoted to programming examples written in Java where the reader may see in action some of the basic techniques described in these lecture notes. In Section 7 we closely follow [3]. We would like to thank Dr. Maurizio Proietti for his many suggestions and his encouragement, Prof. Robin Milner and Prof. Matthew Hennessy for introducing me to CCS, Prof. Vijay K. Garg from whose book [10] I learnt concurrent programming in Java, my colleagues at Roma Tor Vergata University for their support and friendship, and my students for their patience and help. Many thanks also to Dr. Gioacchino Onorati and Lorenzo Costantini of the Aracne Publishing Company for their kind and helpful cooperation. Roma, April 2005 In the third edition we have corrected a few mistakes, we have improved Chapter 2, and we have added in the Appendix a Java program for the distributed computation of spanning trees of undirected graphs. Thanks to Dr. Emanuele De Angelis for discovering an error in the presentation of Peterson’s algorithm. Roma, January 200