133 research outputs found
States in Process Calculi
Formal reasoning about distributed algorithms (like Consensus) typically
requires to analyze global states in a traditional state-based style. This is
in contrast to the traditional action-based reasoning of process calculi.
Nevertheless, we use domain-specific variants of the latter, as they are
convenient modeling languages in which the local code of processes can be
programmed explicitly, with the local state information usually managed via
parameter lists of process constants. However, domain-specific process calculi
are often equipped with (unlabeled) reduction semantics, building upon a rich
and convenient notion of structural congruence. Unfortunately, the price for
this convenience is that the analysis is cumbersome: the set of reachable
states is modulo structural congruence, and the processes' state information is
very hard to identify. We extract from congruence classes of reachable states
individual state-informative representatives that we supply with a proper
formal semantics. As a result, we can now freely switch between the process
calculus terms and their representatives, and we can use the stateful
representatives to perform assertional reasoning on process calculus models.Comment: In Proceedings EXPRESS/SOS 2014, arXiv:1408.127
On the Distributability of Mobile Ambients
Modern society is dependent on distributed software systems and to verify
them different modelling languages such as mobile ambients were developed. To
analyse the quality of mobile ambients as a good foundational model for
distributed computation, we analyse the level of synchronisation between
distributed components that they can express. Therefore, we rely on earlier
established synchronisation patterns. It turns out that mobile ambients are not
fully distributed, because they can express enough synchronisation to express a
synchronisation pattern called M. However, they can express strictly less
synchronisation than the standard pi-calculus. For this reason, we can show
that there is no good and distributability-preserving encoding from the
standard pi-calculus into mobile ambients and also no such encoding from mobile
ambients into the join-calculus, i.e., the expressive power of mobile ambients
is in between these languages. Finally, we discuss how these results can be
used to obtain a fully distributed variant of mobile ambients.Comment: In Proceedings EXPRESS/SOS 2018, arXiv:1808.08071. Conference version
of arXiv:1808.0159
Breaking Symmetries
A well-known result by Palamidessi tells us that {\pi}mix (the {\pi}-calculus
with mixed choice) is more expressive than {\pi}sep (its subset with only
separate choice). The proof of this result argues with their different
expressive power concerning leader election in symmetric networks. Later on,
Gorla of- fered an arguably simpler proof that, instead of leader election in
symmetric networks, employed the reducibility of "incestual" processes (mixed
choices that include both enabled senders and receivers for the same channel)
when running two copies in parallel. In both proofs, the role of breaking (ini-
tial) symmetries is more or less apparent. In this paper, we shed more light on
this role by re-proving the above result-based on a proper formalization of
what it means to break symmetries-without referring to another layer of the
distinguishing problem domain of leader election.
Both Palamidessi and Gorla rephrased their results by stating that there is
no uniform and reason- able encoding from {\pi}mix into {\pi}sep . We indicate
how the respective proofs can be adapted and exhibit the consequences of
varying notions of uniformity and reasonableness. In each case, the ability to
break initial symmetries turns out to be essential
What Is a ‘Good’ Encoding of Guarded Choice?
The pi-calculus with synchronous output and mixed-guarded choices is strictly more expressive than the pi-calculus with asynchronous output and no choice. As a corollary, Palamidessi recently proved that there is no fully compositional encodingfrom the former into the latter that preserves divergence-freedom and symmetries. This paper shows that there are nevertheless `good' encodings between these calculi.In detail, we present a series of encodings for languages with (1) input-guarded choice, (2) both input- and output-guarded choice, and (3) mixed-guarded choice, and investigate them with respect to compositionality and divergence-freedom. The firstand second encoding satisfy all of the above criteria, but various `good' candidates for the third encoding - inspired by an existing distributed implementation - invalidate one or the other criterion. While essentially confirming Palamidessi's result, our studysuggests that the combination of strong compositionality and divergence-freedom is too strong for more practical purposes
Inter-Blockchain Protocols with the Isabelle Infrastructure Framework
The main incentives of blockchain technology are distribution and distributed change, consistency, and consensus. Beyond just being a distributed ledger for digital currency, smart contracts add transaction protocols to blockchains to execute terms of a contract in a blockchain network. Inter-blockchain (IBC) protocols define and control exchanges between different blockchains.
The Isabelle Infrastructure framework {has been designed to} serve security and privacy for IoT architectures by formal specification and stepwise attack analysis and refinement. A major case study of this framework is a distributed health care scenario for data consistency for GDPR compliance. This application led to the development of an abstract system specification of blockchains for IoT infrastructures.
In this paper, we first give a summary of the concept of IBC. We then introduce an instantiation of the Isabelle Infrastructure framework to model blockchains. Based on this we extend this model to instantiate different blockchains and formalize IBC protocols. We prove the concept by defining the generic property of global consistency and prove it in Isabelle
What is a ‘Good’ Encoding of Guarded Choice?
The pi-calculus with synchronous output and mixed-guarded choices is strictly more expressive than the pi-calculus with asynchronous output and no choice. This result was recently proved by Palamidessi and, as a corollary, she showed that there is no fully compositional encoding from the former into the latter that preserves divergence-freedom and symmetries. This paper argues that there are nevertheless `good' encodings between these calculi. In detail, we present a series of encodings for languages with (1) input-guarded choice, (2) both input- and output-guarded choice, and (3) mixed-guarded choice, and investigate them with respect to compositionality and divergence-freedom. The first and second encoding satisfy all of the above criteria, but various `good' candidates for the third encoding - inspired by an existing distributed implementation - invalidate one or the other criterion. While essentially confirming Palamidessi's result, our study suggests that the combination of strong compositionality and divergence-freedom is too strong for more practical purposes
Adding Priority to Event Structures
Event Structures (ESs) are mainly concerned with the representation of causal
relationships between events, usually accompanied by other event relations
capturing conflicts and disabling. Among the most prominent variants of ESs are
Prime ESs, Bundle ESs, Stable ESs, and Dual ESs, which differ in their
causality models and event relations. Yet, some application domains require
further kinds of relations between events. Here, we add the possibility to
express priority relationships among events.
We exemplify our approach on Prime, Bundle, Extended Bundle, and Dual ESs.
Technically, we enhance these variants in the same way. For each variant, we
then study the interference between priority and the other event relations.
From this, we extract the redundant priority pairs-notably differing for the
types of ESs-that enable us to provide a comparison between the extensions. We
also exhibit that priority considerably complicates the definition of partial
orders in ESs.Comment: In Proceedings EXPRESS/SOS 2013, arXiv:1307.690
Matching in the Pi-Calculus (Technical Report)
We study whether, in the pi-calculus, the match prefix---a conditional
operator testing two names for (syntactic) equality---is expressible via the
other operators. Previously, Carbone and Maffeis proved that matching is not
expressible this way under rather strong requirements (preservation and
reflection of observables). Later on, Gorla developed a by now widely-tested
set of criteria for encodings that allows much more freedom (e.g. instead of
direct translations of observables it allows comparison of calculi with respect
to reachability of successful states). In this paper, we offer a considerably
stronger separation result on the non-expressibility of matching using only
Gorla's relaxed requirements.Comment: This report extends a paper in EXPRESS/SOS'14 and provides the
missing proof
- …