Results 1  10
of
47
The Fusion Calculus: Expressiveness and Symmetry in Mobile Processes (Extended Abstract)
 LICS'98
, 1998
"... We present the fusion calculus as a significant step towards a canonical calculus of concurrency. It simplifies and extends the πcalculus.
The fusion calculus contains the polyadic πcalculus as a proper subcalculus and thus inherits all its expressive power. The gain is that fusion contains action ..."
Abstract

Cited by 138 (14 self)
 Add to MetaCart
(Show Context)
We present the fusion calculus as a significant step towards a canonical calculus of concurrency. It simplifies and extends the πcalculus.
The fusion calculus contains the polyadic πcalculus as a proper subcalculus and thus inherits all its expressive power. The gain is that fusion contains actions akin to updating a shared state, and a scoping construct for bounding their effects. Therefore it is easier to represent computational models such as concurrent constraints formalisms. It is also easy to represent the so called strong reduction strategies in the lambdacalculus, involving reduction under abstraction. In the πcalculus these tasks require elaborate encodings.
The dramatic main point of this paper is that we achieve these improvements by simplifying the πcalculus rather than adding features to it. The fusion calculus has only one binding operator where the πcalculus has two (input and restriction). It has a complete symmetry between input and output actions where the πcalculus has not. There is only one sensible variety of bisimulation congruence where the picalculus has at least three (early, late and open). Proofs about the fusion calculus, for example in complete axiomatizations and full abstraction, therefore are shorter and clearer.
Our results on the fusion calculus in this paper are the following. We give a structured operational semantics in the traditional style. The novelty lies in a new kind of action, fusion actions for emulating updates of a shared state. We prove that the calculus contains the πcalculus as a subcalculus. We define and motivate the bisimulation equivalence and prove a simple characterization of its induced congruence, which is given two versions of a complete axiomatization for finite terms. The expressive power of the calculus is demonstrated by giving a straightforward encoding of the strong lazy lambdacalculus, which admits reduction under lambda abstraction.
Types as Models: Model Checking MessagePassing Programs
 In Principles of Programming Languages (POPL
, 2001
"... Abstraction and composition are the fundamental issues in making model checking viable for software. This paper proposes new techniques for automating abstraction and decomposition using source level type information provided by the programmer. Our system includes two novel components to achieve thi ..."
Abstract

Cited by 91 (3 self)
 Add to MetaCart
(Show Context)
Abstraction and composition are the fundamental issues in making model checking viable for software. This paper proposes new techniques for automating abstraction and decomposition using source level type information provided by the programmer. Our system includes two novel components to achieve this end: (1) a new behavioral typeandeffect system for the picalculus, which extracts sound models as types, and (2) a new assumeguarantee proof rule for carrying out compositional model checking on the types. Open simulation between CCS processes is used as both the subtyping relation in the type system and the abstraction relation for compositional model checking. We have implemented these ideas in a tool  Piper. Piper exploits type signatures provided by the programmer to partition the model checking problem, and emit model checking obligations that are discharged using the Spin model checker. We present the details on applying Piper on two examples: (1) the SIS standard for managing trouble tickets across multiple organizations and (2) a file reader from the pipelined implementation of a web server.
The Update Calculus
, 1997
"... In the update calculus concurrent processes can perform update actions with side effects, and a scoping operator can be used to control the extent of the update. In this way it incorporates fundamental concepts both from imperative languages or concurrent constraints formalisms, and from functional ..."
Abstract

Cited by 84 (3 self)
 Add to MetaCart
In the update calculus concurrent processes can perform update actions with side effects, and a scoping operator can be used to control the extent of the update. In this way it incorporates fundamental concepts both from imperative languages or concurrent constraints formalisms, and from functional formalisms such as the  and calculi. Structurally it is similar to but simpler than the calculus; it has only one binding operator and a symmetry between input and output. We define the structured operational semantics and the proper bisimulation equivalence and congruence, and give a complete axiomatization. The calculus turns out to be an asymmetric subcalculus. 1 Introduction Theory of concurrent computation is a diverse field where many different approaches have been proposed and no consensus has emerged on the best paradigms. In this paper we take a step towards unifying two seemingly contradictory schools of thought: global vs local effects of concurrent actions. We define a calc...
Algebraic Theories for NamePassing Calculi
, 1996
"... In a theory of processes the names are atomic data items which can be exchanged and tested for identity. A wellknown example of a calculus for namepassing is the πcalculus, where names additionally are used as communication ports. We provide complete axiomatisations of late and early bisimulation ..."
Abstract

Cited by 54 (10 self)
 Add to MetaCart
(Show Context)
In a theory of processes the names are atomic data items which can be exchanged and tested for identity. A wellknown example of a calculus for namepassing is the πcalculus, where names additionally are used as communication ports. We provide complete axiomatisations of late and early bisimulation equivalences in such calculi. Since neither of the equivalences is a congruence we also axiomatise the corresponding largest congruences. We consider a few variations of the signature of the language; among these, a calculus of deterministic processes which is reminiscent of sequential functional programs with a conditional construct. Most of our axioms are shown to be independent. The axiom systems differ only by a few simple axioms and reveal the similarities and the symmetries of the calculi and the equivalences.
History Dependent Automata
, 2001
"... In this paper we present historydependent automata (HDautomata in brief). They are an extension of ordinary automata that overcomes their limitations in dealing with historydependent formalisms. In a historydependent formalism the actions that a system can perform carry information generated i ..."
Abstract

Cited by 50 (11 self)
 Add to MetaCart
In this paper we present historydependent automata (HDautomata in brief). They are an extension of ordinary automata that overcomes their limitations in dealing with historydependent formalisms. In a historydependent formalism the actions that a system can perform carry information generated in the past history of the system. The most interesting example is calculus: channel names can be created by some actions and they can then be referenced by successive actions. Other examples are CCS with localities and the historypreserving semantics of Petri nets. Ordinary
Adding roles to CORBA objects
 IEEE Transactions on Software Engineering
"... Abstract—Traditional IDLs were defined for describing the services that objects offer, but not those services they require from other objects, nor the relative order in which they expect their methods to be called. Some of the existing proposals try to add protocol information to object interfaces, ..."
Abstract

Cited by 41 (11 self)
 Add to MetaCart
(Show Context)
Abstract—Traditional IDLs were defined for describing the services that objects offer, but not those services they require from other objects, nor the relative order in which they expect their methods to be called. Some of the existing proposals try to add protocol information to object interfaces, but most of them fail to do so in a modular way. In this paper we propose an extension of the CORBA IDL that uses a sugared subset of the polyadiccalculus for describing object service protocols, based on the concept of roles. Roles allow the modular specification of the observable behavior of CORBA objects, reducing the complexity of the compatibility tests. Our main aim is the automated checking of protocol interoperability between CORBA objects in open componentbased environments, using similar techniques to those used in software architecture description and analysis. In addition, our proposal permits the study of substitutability between CORBA objects, as well as the realization of dynamic compatibility tests during their runtime execution. Index Terms—Interface definition languages, software components, componentbased software development, protocols, compatibility and substitutability of components.
A Congruence Theorem for Structured Operational Semantics of HigherOrder Languages
, 1997
"... In this paper we describe the promoted tyft/tyxt rule format for defining higherorder languages. The rule format is a generalization of Groote and Vaandrager 's tyft/tyxt format in which terms are allowed as labels on transitions in rules. We prove that bisimulation is a congruence for any la ..."
Abstract

Cited by 38 (0 self)
 Add to MetaCart
(Show Context)
In this paper we describe the promoted tyft/tyxt rule format for defining higherorder languages. The rule format is a generalization of Groote and Vaandrager 's tyft/tyxt format in which terms are allowed as labels on transitions in rules. We prove that bisimulation is a congruence for any language defined in promoted tyft/tyxt format and demonstrate the usefulness of the rule format by presenting promoted tyft/tyxt definitions for the lazy calculus, CHOCS and the ßcalculus. 1 Introduction For a programming language definition that uses bisimulation as the notion of equivalence, it is desirable for the bisimulation relation to be compatible with the language constructs; i.e. that bisimulation be a congruence. Several rule formats have been defined, so that as long as a definition satisfies certain syntactic constraints, then the defined bisimulation relation is guaranteed to be a congruence. However these rule formats have not been widely used for defining languages with higher...
Models for NamePassing Processes: Interleaving and Causal
 In Proceedings of LICS 2000: the 15th IEEE Symposium on Logic in Computer Science (Santa Barbara
, 2000
"... We study syntaxfree models for namepassing processes. For interleaving semantics, we identify the indexing structure required of an early labelled transition system to support the usual picalculus operations, defining Indexed Labelled Transition Systems. For noninterleaving causal semantics we de ..."
Abstract

Cited by 29 (3 self)
 Add to MetaCart
(Show Context)
We study syntaxfree models for namepassing processes. For interleaving semantics, we identify the indexing structure required of an early labelled transition system to support the usual picalculus operations, defining Indexed Labelled Transition Systems. For noninterleaving causal semantics we define Indexed Labelled Asynchronous Transition Systems, smoothly generalizing both our interleaving model and the standard Asynchronous Transition Systems model for CCSlike calculi. In each case we relate a denotational semantics to an operational view, for bisimulation and causal bisimulation respectively. We establish completeness properties of, and adjunctions between, categories of the two models. Alternative indexing structures and possible applications are also discussed. These are first steps towards a uniform understanding of the semantics and operations of namepassing calculi.
The Mobility Workbench  A Tool for the piCalculus
 PROC. OF CAV'94
, 1994
"... In this paper we describe the first prototype version of the Mobility Workbench (MWB), an automated tool for manipulating and analyzing mobile concurrent systems (those with evolving connectivity structures) described in the picalculus. The main feature of this version of the MWB is checking ope ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
In this paper we describe the first prototype version of the Mobility Workbench (MWB), an automated tool for manipulating and analyzing mobile concurrent systems (those with evolving connectivity structures) described in the picalculus. The main feature of this version of the MWB is checking open bisimulation equivalences. We illustrate the MWB with an example automated analysis of a handover protocol for a mobile telephone system.