CBS is a simple and natural CCS-like calculus where processes speak one at a time and are heard instantaneously by all others. Speech is autonomous, contention between speakers being resolved nondeterministically, but hearing only happens when someone else speaks. Observationally meaningful laws differ from those of CCS. The change from handshake communication in CCS to broadcast in CBS permits several advances. (1) Priority, which attaches only to autonomous actions, is simply added to CBS in contrast to CCS, where such actions are the result of communication. (2) A CBS simulator runs a process by returning a list of values it broadcasts. This permits a powerful combination, CBS with the host language. It yields several elegant algorithms. Only processes with a unique response to each input are needed in practice, so weak bisimulation is a congruence. (3) CBS subsystems are interfaced by translators; by mapping messages to silence, these can restrict hearing and hide speech. Reversi...

. Data types like trees which are finitely branching and of (possibly) infinite depth are described by iterating initial algebras and terminal coalgebras. We study proof principles for such data types in the context of categorical logic, following and extending the approach of [14, 15]. The technical contribution of this paper involves a description of initial algebras and terminal coalgebras in total categories of fibrations for lifted "datafunctors". These lifted functors are used to formulate our proof principles. We test these principles by proving some elementary results for four kinds of trees (with finite or infinite breadth or depth) using the proof tool pvs. 1 Introduction Algebras and coalgebras are of well-established importance in computer science, notably in the theory of datatypes, where especially initial algebras and terminal coalgebras play a distinguished role. Over the past decade there is more and more interest in the logic associated with initial algebras and ter...

This paper reports on the first steps towards the formal verification of correctness proofs of real-life protocols in process algebra. We show that proofs can be verified, and partly constructed, by a general purpose proof checker. The process algebra we use is µCRL, ACP augmented with data, which is small enough to make the verification feasible, and at the same time expressive enough for the specification of real-life protocols. The proof checker we use is Coq, which is based on the Calculus of Constructions, an extension of simply typed lambda calculus. The focus is on the translation of the proof theory of µCRL and µCRL-specifications to Coq. As a case study, we verified the Alternating Bit Protocol.

This paper explains the setting of an extensive formalisation of the theory of sequences (finite and infinite lists of elements of some data type) in the Prototype Verification System pvs. This formalisation is based on the characterisation of sequences as a final coalgebra, which is used as an axiom. The resulting theories comprise standard operations on sequences like composition (or concatenation), filtering, flattening, and their properties. They also involve the prefix ordering and proofs that sequences form an algebraic complete partial order. The finality axiom gives rise to various reasoning principles, like bisimulation, simulation, invariance, and induction for admissible predicates. Most of the proofs of equality statements are based on bisimulations, and most of the proofs of prefix order statements use simulations. Some significant aspects of these theories are described in detail. This coalgebraic formalisation of sequences is presented as a concrete example that shows t...

C'era una volta un re seduto in canap`e, che disse alla regina raccontami una storia. La regina cominci`o: "C'era una volta un re seduto in canap`e

Construction and observation are two basic notions in Computer Science corresponding to precise dual mathematical concepts: those of algebra and coalgebra. This paper introduces a simple coalgebraic model for concurrent processes and discusses its animation in the declarative language Charity. It is argued that the ability to reason in an uniform way about data and behaviour, provides an unifying approach to functional prototyping of software specifications. Keywords: Coalgebraic models, prototyping, higher-order programming. 1

: Coq is a proof assistant based on a higher-order logic allowing powerful definitions of functions. Coq V6.1 is available by anonymous ftp at ftp.inria.fr:/INRIA/Projects/coq/V6.1 and ftp.ens-lyon.fr:/pub/LIP/COQ/V6.1 Key-words: Coq, Proof Assistant, Formal Proofs, Calculus of Inductives Constructions (R'esum'e : tsvp) This research was partly supported by ESPRIT Basic Research Action "Types" and by the GDR "Programmation " co-financed by MRE-PRC and CNRS. Unit'e de recherche INRIA Rocquencourt Domaine de Voluceau, Rocquencourt, BP 105, 78153 LE CHESNAY Cedex (France) T'el'ephone : (33 1) 39 63 55 11 -- T'el'ecopie : (33 1) 39 63 53 30 Manuel de r'ef'erence du syst`eme Coq version V6.1 R'esum'e : Coq est un syst`eme permettant le d'eveloppement et la v'erification de preuves formelles dans une logique d'ordre sup'erieure incluant un riche langage de d'efinitions de fonctions. Ce document constitue le manuel de r'ef'erence de la version V6.1 qui est distribu 'ee par ftp ...

We review ordered sets. An order, or “comparison”, can be used to generate equivalences. We discuss inductively, and coinductively defined sets. Such sets arise naturally when defining, and reasoning about, programs and processes. We define proof principles for such sets. We use the principle of coinduction to validate equivalences, and discuss when this is possible.

Introduction Nous d#crivons dans ce rapport une premi#re #tape possible vers la certication en Coq [5] du compilateur v5 d'Esterel. Nous consid#rons la traduction des programmes du noyau d'Esterel (Esterel Pur) en circuits, telle qu'elle est pr#sent#e dans [2]. Cette nouvelle traduction est bas# sur un raOEnement s#mantique de la causalit#, qui correspond # la notion de circuits constructifs dans le domaine du mat#riel. Le syst#me de d#veloppement de preuve interactif Coq nous a permis de mener # bien une premi#re approximation de la preuve de correction de la traduction. Il fournit un environnement de haut niveau, confortable pour raisonner sur des objets d#nis par (co)induction. Un programme Esterel est un module compos# d'un ensemble de d#clarations et d'un corps ex#cutable (instruction principale). Nous nous pla#ons dans le cadre d'Esterel Pur o# seuls les signaux d'entr#e/sortie sont d#clar#s et seules les i

. An inductive definition of a set is often informally presented by giving some rules that explain how to build the elements of the set. The closure property states that any object is in the set if and only if it has been generated according to the formation rules. This is enough to justify case analysis reasoning: we can read the formation rules backwards to derive the necessary conditions for a given instance to hold. The problem of inversion consists in finding out these conditions. In this paper we address the problem of deriving inversion lemmas in logical frameworks based on Type Theory that have been extended with inductive definitions at the primitive level. These frameworks associate to each inductive definition a case analysis principle corresponding to the closure property. In this formal context, inversion lemmas can be seen as derived case analysis principles. Though they are intuitively simple they are curiously hard to formalize. We relate first inversion to co...