... often, models are required to be executable, as a simulation, on a computer. In this paper, we present some contributions to the process-theoretic and logical foundations of discrete-event modelling with resources and processes. We present a process calculus with an explicit representation of resources in which processes and resources co-evolve. The calculus is closely connected to a logic that may be used as a specification language for properties of models. The logic is strong enough to allow requirements that a system has certain structure; for example, that it is a parallel composite of subsystems. This work consolidates, extends, and improves upon aspects of earlier work of ours in this area. An extended example, consisting of a semantics for a simple parallel programming language, indicates a connection with separating logics for concurrency.

Experience of practical systems modelling suggests that the key conceptual components of a model of a system are processes, resources, locations, and environment. In recent work, we have given a process-theoretic account of this view in which resources as well as processes are first-class citizens. This process calculus, SCRP, captures the structural aspects of the semantics of the Demos2k modelling tool. Demos2k represents environment stochastically using a wide range of probability distributions and queue-like data structures. Associated with SCRP is a (bunched) modal logic, MBI, which combines the usual additive connectives of Hennessy-Milner logic with their multiplicative counterparts. In this paper, we complete our conceptual framework by adding to SCRP and MBI an account of a notion of location that is simple, yet sufficiently expressive to capture naturally a wide range of forms of location, both spatial and logical. We also provide a description of an extension of the Demos2k tool to incorporate this notion of location. 1

We propose a requirements-driven approach to the design and verification of Web services. The proposed methodology starts from a requirements model, which defines a business domain at a “strategic ” level, describing the participating actors, their mutual dependencies, goals, requirements, and expectations. This business requirements model is then refined into a business process model. In this refinement, definitions of the processes carried out by the actors of the domain are added to the model in the form of BPEL4WS code. We show how to exploit model checking techniques for the verification of the specification, both at the requirements and at the process level. At the requirements level, model checking is used to validate the specification against a set of queries specified by the designer; at the process level, it is used to verify if the BPEL4WS processes satisfy the constraints described in the requirements model.

Abstract. We propose a formalisation of the notion of transaction, using a variant of CCS, RCCS, that distinguishes reversible and irreversible actions, and incorporates a distributed backtrack mechanism. Any weakly correct implementation of a given transaction in CCS, once embedded in RCCS, automatically obtains a correct one. We show examples where this method allows for a more concise implementation and a simpler proof of correctness. 1

Abstract. This paper describes the architecture of a toolkit, called Mihda, providing facilities to minimise labelled transition systems for name passing calculi. The structure of the toolkit is derived from the co-algebraic formulation of the partition-refinement minimisation algorithm for HD-automata. HD-automata have been specifically designed to allocate and garbage collect names and they provide faithful finite state representations of the behaviours of π-calculus processes. The direct correspondence between the coalgebraic specification and the implementation structure facilitates the proof of correctness of the implementation. We evaluate the usefulness of Mihda in practise by performing finite state verification of π-calculus specifications. 1

... syntax and functorial operational semantics to give a compositional and fully abstract semantics for the π-calculus equipped with open bisimulation. The key novelty in our work is the realisation that the sophistication of open bisimulation requires us to move from the usual semantic domain of presheaves over subcategories of Set to presheaves over subcategories of Rel. This extra structure is crucial in controlling the renaming of extruded names and in providing a variety of different dynamic allocation operators to model the different binders of the π-calculus.

Dynamic architectural change is defined as the addition and removal of components and connectors. Dynamic software architectures are those architectures that modify their architecture and enact the modifications during the system’s execution. This behavior is most commonly known as run-time evolution or dynamism. As dynamic software architecture use becomes more widespread, it is important to gain a better understanding of this type of software evolutionary change and be able to classify formalisms, approaches and tools. Current evaluations in the areas of software architecture and evolutionary change have made strides in classification but are not sufficient to evaluate dynamic software architectures. A dedicated comparison of dynamic software architectures and architectural formalisms is necessary in order to gain a deeper understanding of run-time evolution. In this paper we present a set of classification criteria for the comparison of dynamic software architectures based on: change type, change process, and change infrastructure. We demonstrate the use of the criteria by classifying three types of dynamic software architectural change. In addition we survey 14 current approaches to the formal specification of dynamic software architectures based on graphs, process algebras, logic, and other formalisms. We then

Abstract. We propose a type-based resource usage analysis for the πcalculus extended with resource creation/access primitives. The goal of the resource usage analysis is to statically check that a program accesses resources such as files and memory in a valid manner. Our type system is an extension of previous behavioral type systems for the pi-calculus, and can guarantee the safety property that no invalid access is performed, as well as the property that necessary accesses (such as the close operation for a file) are eventually performed unless the program diverges. A sound type inference algorithm for the type system is also developed to free the programmer from the burden of writing complex type annotations. Based on the algorithm, we have implemented a prototype resource usage analyzer for the π-calculus. To the authors ’ knowledge, ours is the first type-based resource usage analysis that deals with an expressive concurrent language like the π-calculus. 1

Abstract. We present MMC, a model checker for mobile systems specified in the style of the π-calculus. MMC’s development builds on that of XMC, a model checker for an expressive extension of Milner’s value-passing calculus implemented using the XSB tabled logic-programming engine. MMC addresses the salient issues that arise in the π-calculus, including scope extrusion and intrusion and dynamic generation of new names to avoid name capture. We show that logic programming provides an efficient implementation platform for model checking π-calculus specifications and can be used to obtain an exact encoding of the π-calculus’s transitional semantics. Moreover, MMC is easily extended to handle process expressions in the spi-calculus of Abadi and Gordon. Our experimental data show that MMC outperforms other known tools for model checking the π-calculus.

Abstract. Nominal calculi have been shown very effective to formally model a variety of computational phenomena. The models of nominal calculi have often infinite states, thus making model checking a difficult task. In this note we survey some of the approaches for model checking nominal calculi. Then, we focus on History-Dependent automata, a syntax-free automaton-based model of mobility. History-Dependent automata have provided the formal basis to design and implement some existing verification toolkits. We then introduce a novel syntax-free setting to model the symbolic semantics of a nominal calculus. Our approach relies on the notions of reactive systems and observed borrowed contexts introduced by Leifer and Milner, and further developed by Sassone, Lack and Sobocinski. We argue that the symbolic semantics model based on borrowed contexts can be conveniently applied to web service discovery and binding. 1