this paper, we do this by adding the #-quantifier: its role will be to declare variables to be new and of local scope. The syntax of the formula # x.B is like that for the universal and existential quantifiers. Following Church's Simple Theory of Types [Church 1940], formulas are given the type o, and for all types # not containing o, # is a constant of type (# o) o. The expression # #x.B is ACM Transactions on Computational Logic, Vol. V, No. N, October 2003. 4 usually abbreviated as simply # x.B or as if the type information is either simple to infer or not important

Abstract. Model checking for transition systems specified in π-calculus has been a difficult problem due to the infinite-branching nature of input prefix, name-restriction and scope extrusion. We propose here an approach to model checking for π-calculus by encoding it into a logic which supports reasoning about bindings and fixed points. This logic, called F Oλ ∆ ∇ , is a conservative extension of Church’s Simple Theory of Types with a “generic ” quantifier. By encoding judgments about transitions in pi-calculus into this logic, various conditions on the scoping of names and restrictions on name instantiations are captured naturally by the quantification theory of the logic. Moreover, standard implementation techniques for (higher-order) logic programming are applicable for implementing proof search for this logic, as illustrated in a prototype implementation discussed in this paper. The use of logic variables and eigenvariables in the implementation allows for exploring the state space of processes in a symbolic way. Compositionality of properties of the transitions is a simple consequence of the meta theory of the logic (i.e., cut elimination). We illustrate the benefits of specifying systems in this logic by studying several specifications of modal logics for pi-calculus. These specifications are also executable directly in the prototype implementation of F Oλ ∆ ∇. 1

Abstract. The operational semantics and typing judgements of modern programming and specification languages are often defined using relations and proof systems. In simple settings, logic programming languages can be used to provide rather direct and natural interpreters for such operational semantics. More complex features of specifications such as names and their bindings, proof rules with negative premises, and the exhaustive enumeration of state spaces, all pose significant challenges to conventional logic programming systems. In this paper, we describe a simple architecture for the implementation of deduction systems that allows a specification to interleave between finite success and finite failure. The implementation techniques for this prover are largely common ones from higher-order logic programming, i.e., logic variables, (higherorder pattern) unification, backtracking (using stream-based computation), and abstract syntax based on simply typed λ-terms. We present a particular instance of this prover’s architecture and its prototype implementation, Level 0/1, based on the dual interpretation of (finite) success and finite failure in proof search. We show how Level 0/1 provides a highlevel and declarative implementation of model checking and bisimulation checking for the (finite) π-calculus. 1

Many semantical aspects of programming languages are specified through calculi for constructing proofs: consider, for example, the specification of structured operational semantics, labeled transition systems, and typing systems. Recent proof theory research has identified two features that allow direct, logic-based reasoning about such descriptions: the treatment of atomic judgments as fixed points (recursive definitions) and an encoding of binding constructs via generic judgments. However, the logics encompassing these two features have thus far treated them orthogonally. In particular, they have not contained the ability to form definitions of object-logic properties that themselves depend on an intrinsic treatment of binding. We propose a new and simple integration of these features within an intuitionistic logic enhanced with induction over natural numbers and we show that the resulting logic is consistent. The pivotal part of the integration allows recursive definitions to define generic judgments in general and not just the simpler atomic judgments that are traditionally allowed. The usefulness of this logic is illustrated by showing how it can provide elegant treatments of object-logic contexts that appear in proofs involving typing calculi and arbitrarily cascading substitutions in reducibility arguments.

This paper has the purpose of reviewing some of the established relationships between logic and concurrency, and of exploring new ones. Concurrent and distributed systems are notoriously hard to get right. Therefore, following an approach that has proved highly beneficial for sequential programs, much effort has been invested in tracing the foundations of concurrency in logic. The starting points of such investigations have been various idealized languages of concurrent and distributed programming, in particular the well-established state-transformation model inspired to Petri nets and multiset rewriting, and the prolific process-based models such as the π-calculus and other process algebras. In nearly all cases, the target of these investigations has been linear logic, a formal language that supports a view of formulas as consumable resources. In the first part of this paper, we review some of these interpretations of concurrent languages into linear logic. In the second part of the paper, we propose a completely new approach to understanding concurrent and distributed programming as a manifestation of logic, which yields a language that merges those two main paradigms of concurrency. Specifically, we present a new semantics for multiset rewriting founded on an alternative view of linear logic. The resulting interpretation is extended with a majority of linear connectives into the language of ω-multisets. This interpretation drops the distinction between multiset elements and rewrite rules, and considerably enriches the expressive power of standard multiset rewriting with embedded rules, choice, replication, and more. Derivations are now primarily viewed as open objects, and are closed only to examine intermediate rewriting states. The resulting language can also be interpreted as a process algebra. For example, a simple translation maps process constructors of the asynchronous π-calculus to rewrite operators, while the structural equivalence corresponds directly to logically-motivated structural properties of ω-multisets (with one exception).

The operational semantics of programming and specification languages is often presented via inference rules and these can generally be mapped into logic programming-like clauses. Such logical encodings of operational semantics can be surprisingly declarative if one uses logics that directly account for term-level bindings and for resources, such as are found in linear logic. Traditional theorem proving techniques, such as unification and backtracking search, can then be applied to animate operational semantic specifications. Of course, one wishes to go a step further than animation: using logic to encode computation should facilitate formal reasoning directly with semantic specifications. We outline an approach to reasoning about logic specifications that involves viewing logic specifications as theories in an object-logic and then using a meta-logic to reason about properties of those object-logic theories. We motivate the principal design goals of a particular meta-logic that has been built for that purpose.

Certain principles are fundamental to operational semantics, regardless of the languages or idioms involved. Such principles include rule-based definitions and proof techniques for congruence results. We formulate these principles in the general context of categorical logic. From this general formulation we recover precise results for particular language idioms by interpreting the logic in particular categories. For instance, results for first-order calculi, such as CCS, arise from considering the general results in the category of sets. Results for languages involving substitution and name generation, such as the π-calculus, arise from considering the general results in categories of sheaves and group actions. As an extended example, we develop a tyft/tyxt-like rule format for open bisimulation in the π-calculus.

Some recent theoretical work in proof search has illustrated that it is possible to combine the following two computational principles into one computational logic. 1. A symmetric treatment of finite success and finite failure. This allows capturing both aspects of may and must behavior in operational semantics and mixing model checking and logic programming. 2. Direct support for λ-tree syntax, as in λProlog, via term-level λ-binders, higher-order pattern unification, and the ∇-quantifier. All these features have a clean proof theory. The combination of these features allow, for example, specifying rather declarative approaches to model checking syntactic expressions containing bindings. The Bedwyr system is intended as an implementation of these computational logic principles. Why the name Bedwyr? In the legend of King Arthur and the round table, several knights shared in the search for the holy grail. The name of one of them, Parsifal, is used for an INRIA team associated with the “Slimmer ” effort. Bedwyr was another one of those knights. Wikipedia (using the spelling “Bedivere”) mentions that Bedwyr appears in Monty Python and the Holy Grail where he is “portrayed as a master of the extremely odd logic in the ancient times, whom occasionally blunders. ” Bedwyr is a re-implementation and rethinking ∗ Support has been obtained for this work from the following sources: from INRIA through

High-level formalisms for reasoning about names and binding such as de Bruijn indices, various flavors of higher-order abstract syntax, the Theory of Contexts, and nominal abstract syntax address only one relatively restrictive form of scoping: namely, unary lexical scoping, in which the scope of a (single) bound name is a subtree of the abstract syntax tree (possibly with other subtrees removed due to shadowing). Many languages exhibit binding or renaming structure that does not fit this mold. Examples include binding transitions in the #-calculus; unique identifiers in contexts, memory heaps, and XML documents; declaration scoping in modules and namespaces; anonymous identifiers in automata, type schemes, and Horn clauses; and pattern matching and mutual recursion constructs in functional languages. In these cases, it appears necessary to either rearrange the abstract syntax so that lexical scoping can be used, or revert to first-order techniques. The purpose

Abstract. Although higher-order rewrite systems (HRS) seem to have a first-order flavor, the direct translation into first-order rewrite systems, using e.g. explicit substitutions, is by no means trivial. In this paper, we explore a two-stage approach, by showing how higher-order pattern rewrite systems, and in fact a somewhat more general class, can be expressed by conditional first-order rewriting in the open calculus of constructions (OCC), which itself has been presented and implemented using explicit substitutions. The key feature of OCC that we exploit is that conditions are allowed to contain quantifiers and equations which can be solved using first-order matching. The way we express HRS works in spite of the fact that structural equality of OCC does not subsume α-conversion. Another topic that we touch upon in this paper is the use of higher-order abstract syntax in a classical framework like OCC, because it is often used in connection with higher-order rewriting. 1