## Operational congruences for reactive systems (2001)

Citations: | 35 - 4 self |

### BibTeX

@TECHREPORT{Leifer01operationalcongruences,

author = {James Judi Leifer},

title = {Operational congruences for reactive systems},

institution = {},

year = {2001}

}

### OpenURL

### Abstract

This document consists of a slightly revised and corrected version of a dissertation

### Citations

3643 | Communicating Sequential Processes
- Hoare
- 1985
(Show Context)
Citation Context ... graph-like contexts that contain summation. 3.6 Traces preorder This section addresses the traces preorder, a simple preorder that compares agents based on their finite traces. A trace (see p. 41 in =-=[Hoa85]-=-) is a sequence of labelled transitions. The traces preorder is insensitive to non-determinism and deadlock so is of limited use. Nonetheless, traces are good for specifying security properties since ... |

1418 | A Calculus of Communicating Systems - Milner - 1980 |

1373 | A structural approach to operational semantics
- Plotkin
- 1981
(Show Context)
Citation Context ..., agents have a free syntax and the labelled transition relation is generated by inference rules in the style of Plotkin’s structured operational semanticss1.2. Historical background and motivation 5 =-=[Plo81]-=-, e.g. x.a x a a α a ′ a + b α a ′ Remark: Throughout this dissertation a, b, c, . . . are used to denote agents even when this contradicts historical conventions. The labels (ranged over by α . . .) ... |

1184 |
The Lambda Calculus: Its Syntax and Semantics
- Barendregt
- 1984
(Show Context)
Citation Context ...active (non-guarding) contexts; • reaction rules. I call a process calculus containing these components a reactive system. In this way, a reactive system closely resembles instances of the λ-calculus =-=[Bar84]-=-. The latter consist of a simple syntax, a structural congruence based on α-conversion, a set of reactive contexts (known as “evaluation contexts” [FF86]) chosen to force strategies such as call-by-na... |

986 |
Categories for the Working Mathematician
- Lane
- 1971
(Show Context)
Citation Context ...achieved.sAppendix A Review of category theory I summarise here the main ideas of category theory used in this dissertation. For greater detail, the reader is referred to the classic work by Mac Lane =-=[Mac71]-=-. Another good reference is [BW01] (which is online). Categories A category C consists of objects X, Y, . . . and of arrows f, g, . . . between objects. An arrow f has a domain object Dom f and a codo... |

849 | Mobile ambients - Cardelli, Gordon - 1998 |

828 | A calculus for cryptographic protocols: The Spi calculus
- Abadi, Gordon
- 1999
(Show Context)
Citation Context ... | (c | x(z).b) ≡ (¯x〈y〉 | x(z).b) | c {y/z}b | c . The ease with which reaction rules are defined in this style facilitated an outpouring of new process calculi for modelling encrypted communication =-=[AG97]-=-, secure encapsulations1.2. Historical background and motivation 7 [SV99], agent migration [CG98, Sew98, FGL + 96] and so on. Each isolates a computational phenomenon and presents it via a reaction ru... |

700 |
Concurrency and automata on infinite sequences
- Park
- 1981
(Show Context)
Citation Context ...CCS; the main ones were strong and weak bisimulation. Both kinds employ a coinductive form of definition which gives a powerful proof technique for comparing agents (an idea that originates with Park =-=[Par81]-=-) and provide a general way of defining an equivalence parameterised by a labelled transition system. Strong bisimulation relies on no assumptions about the underlying structure of the labels; weak bi... |

653 |
The Theory and Practice of Concurrency
- Roscoe
- 1997
(Show Context)
Citation Context ...es. This notion of comparing computations based on their labelled transitions is now known as the traces preorder; the interpretation of computations in terms of their traces is the traces model (see =-=[Ros98]-=-). The traces preorder is attractive for its simplicity but is not faithful in comparing exactly when one automata’s labelled transitions are “no worse” than another’s. Some of its inadequacies with r... |

642 | Breaking and fixing the needham-schroeder public-key protocol using FDR
- Lowe
- 1996
(Show Context)
Citation Context ...tial order of agents). The explicit set-theoretic representation of agents in CSP supports the design of model checkers [Ros94, Ros98] which are, for example, effective in detecting bugs in protocols =-=[Low96]-=-. This explicitness is also an obligation: experimentation with new constructors for combining agents requires the creation of a continuous function that manipulates failures; new preorders other than... |

604 |
Petri Nets: an Introduction
- REISIG
- 1985
(Show Context)
Citation Context ....sChapter 1. Introduction 4 The problem of handling non-determinism together with causality (the dependence of one transition upon an earlier one) was first addressed by Petri nets (see, for example, =-=[Rei85]-=-). In its simplest form, a Petri net consists of a directed hypergraph whose nodes are called conditions and whose hyperedges are called events. A token may reside at a condition. When the preconditio... |

490 | The chemical abstract machine - Berry, Boudol - 1990 |

483 |
The pi-calculus: a Theory of Mobile Processes
- Sangiorgi, Walker
- 2001
(Show Context)
Citation Context ... ¯x ¯y v | y[b] . In the π-calculus the communication of names along channels presented subtleties in the design of a labelled transitions system and of equivalences (of which several are now studied =-=[SW01]-=-); the proofs of congruence for these equivalences require care. For many of the newer calculi, such as those listed above, the problem of choosing appropriate labelled transitions and proving that bi... |

438 | Testing equivalences for processes
- Nicola, Hennessy
- 1984
(Show Context)
Citation Context ...or process calculi from a reaction relation and not from a labelled transition relation is studied in the work on barbed bisimulation [MS92], insensitivity observation [HY95], and testing equivalence =-=[DH84]-=-. The first two construct equivalences by augmenting bisimulation over the reaction relation with observations about related states. For example, in the former, the observations are barbs which detect... |

433 | The inductive approach to verifying cryptographic protocols - Paulson - 1998 |

375 | An Object Calculus for Asynchronous Communications
- Honda, Tokoro
- 1991
(Show Context)
Citation Context ...8.4), and instead confine replication to be input guarded and to have a reaction rule of the form ¯x〈y〉 | ! x(z).a {y/z}a | ! x(z).a . This is a commonly done in asynchronous variations of π-calculus =-=[HT91]-=-. Another way of handling replication is via an encoding in terms of combinators (already mentioned above) [HY94b]. For input guarded summation, encoding [NP96] is also an option. full reflexion: The ... |

335 |
Functions as Processes
- Milner
- 1992
(Show Context)
Citation Context ...res the entire collection of labelled transition rules to generate it. A dramatic simplification was proposed in the Chemical Abstract Machine (CHAM) of Berry and Boudol [BB90, BB92] and used in work =-=[Mil90]-=- on the π-calculus of Milner, Parrow, and Walker [MPW89, MPW92]. These calculi were the first to employ a lightweight quotient of the agent terms, called a structural congruence, in order to make thei... |

275 | A Calculus of Mobile Agents - Foumet, Gonthier - 1996 |

273 | A classification of models for concurrency
- Sassone, Nielsen, et al.
- 1993
(Show Context)
Citation Context ...t structures, which are similar to traces but account for the causality and non-determinism of events, are a setting for modelling Petri nets and other causal systems and yield notions of equivalence =-=[WN95]-=-. Because Petri nets do not have a compositional syntax, it is difficult to understand what it means for an equivalence to be a congruence. For this reason, I do not discuss them further and confine m... |

233 | Barbed bisimulation
- Milner, Sangiorgi
- 1992
(Show Context)
Citation Context ...ers future work. The problem of deriving operational congruences for process calculi from a reaction relation and not from a labelled transition relation is studied in the work on barbed bisimulation =-=[MS92]-=-, insensitivity observation [HY95], and testing equivalence [DH84]. The first two construct equivalences by augmenting bisimulation over the reaction relation with observations about related states. F... |

220 | Call-by-name, call-by-value, and the -calculus - Plotkin - 1975 |

214 |
Call-by-name, call-by-value and the λ-calculus
- Plotkin
- 1975
(Show Context)
Citation Context ...exts are reactive, I take D to be a subcategory of C. Furthermore, decomposing reactive contexts yields reactive contexts, so D1D0 ∈ D implies D1, D0 ∈ D. For example, in the call-by-value λ-calculus =-=[Plo75]-=-, the reactive contexts consist of all compositions of the following contexts: − ap(v, −) ap(−, a) where v is any value (closed abstraction) and a is any term. In the π-calculus (see [Mil90]), the rea... |

203 | A calculus of mobile processes (parts - Milner, Parrow, et al. - 1992 |

201 | Structured operational semantics and bisimulation as a congruence - Groote, Vaandrager - 1992 |

188 |
Introduction to the algebraic theory of graph grammars
- Ehrig
- 1979
(Show Context)
Citation Context ...ed to embrace wiring without the benefit of the notion of RPOs or other universal constructions. In this dissertation, I have made no use of the double pushout techniques developed in graph rewriting =-=[Ehr79]-=-. These are a way to describe the occurrence of a subgraph —especially a redex— in a graph. To avoid confusion, I should emphasise that relative pushouts play quite a different role. In my work, subgr... |

174 |
Interaction nets
- Lafont
- 1990
(Show Context)
Citation Context ...ols 0 : (0, 1), S : (1, 1), and + : (2, 1). The reactive system is shown in Figure 5.2; it is an example of the sharing graphs of Hasegawa [Has99], which add sharing to the interaction nets of Lafont =-=[Laf90]-=-. Nodes represent subexpressions, and the forking of arcs allows these to be shared. The reaction rules are in the top diagram; the garbage collection rules allow unattached expressions to be incremen... |

169 |
Traced monoidal categories
- Joyal, Street, et al.
- 1996
(Show Context)
Citation Context ...f arcs, not of nodes. They satisfy simple equations, e.g. c·p = c representing the commutativity of copying. There is also an operator called reflexion [Mil94] (similar to the “trace” of Joyal et al. =-=[JSV96]-=-) which we need not detail here. Finally, each action calculus has a binary reaction relation , relating action graphs of equal arity. This relation is preserved by all constructions, i.e. by composit... |

155 |
Gedanken-Experiments on Sequential Machines
- Moore
- 1956
(Show Context)
Citation Context ...e and those such as equivalence that are useful to have. To illustrate how this gap opened, let us look at some strands in the history of process calculi. Starting with the seminal work by E.F. Moore =-=[Moo56]-=- which examined “finite automata from the experimental point of view”, theoretical computer scientists have pursued the notion that the observable behaviour of a computation is more fundamental than t... |

153 | A new approach to abstract syntax involving binders - Gabbay, Pitts - 1999 |

153 | Elements of interaction
- Milner
- 1993
(Show Context)
Citation Context ...could be proved for some graph-theoretic representation of the π-calculus, it would not necessarily generalise smoothly to other calculi. As a result, I studied dissection for Milner’s action calculi =-=[Mil96]-=-, which are a family of reactive systems. The syntax of action calculi is sufficiently rich to embrace process calculi such as π-calculus, the λ-calculus, and the ambient calculus. Action calculi are ... |

150 | Abstract syntax and variable binding - Fiore, Plotkin, et al. - 1999 |

148 | On Reduction-Based Process Semantics
- Honda, Yoshida
- 1995
(Show Context)
Citation Context ...riving operational congruences for process calculi from a reaction relation and not from a labelled transition relation is studied in the work on barbed bisimulation [MS92], insensitivity observation =-=[HY95]-=-, and testing equivalence [DH84]. The first two construct equivalences by augmenting bisimulation over the reaction relation with observations about related states. For example, in the former, the obs... |

142 | Towards a Mathematical Operational Semantics
- Turi, Plotkin
- 1997
(Show Context)
Citation Context ...ce for strong bisimulation, say — one based on the RPO theory shown in this dissertation and the other based on GSOS reasoning, particularly as provided by recent categorical treatments of the latter =-=[TP97]-=-. It is not surprising that some of these areas (e.g. free names and multi-hole redexes) require changes to the categorical abstractions of a reactive system, not just cleverer ways of constructing RP... |

121 | Deriving bisimulation congruences for reactive systems
- Leifer, Milner
(Show Context)
Citation Context ...d work for which I am a joint author. All other work presented in this dissertation that is not mentioned here is my own. • Leifer and Milner: “Deriving bisimulation congruences for reactive systems” =-=[LM00a]-=-. This paper introduces RPOs and gives a proof of congruence for strong bisimulation, thus overlapping with some of the material in Chapter 2. Milner collaborated with me on the categorical manipulati... |

120 | A calculus of mobile processes, parts i and ii - Milner, Parrow, et al. - 1992 |

103 | Réductions correctes et optimales dans le lambda calcul. Thèse de doctorat d’état - Lévy - 1978 |

100 | Decoding choice encodings
- Nestmann, Pierce
- 1996
(Show Context)
Citation Context ...n asynchronous variations of π-calculus [HT91]. Another way of handling replication is via an encoding in terms of combinators (already mentioned above) [HY94b]. For input guarded summation, encoding =-=[NP96]-=- is also an option. full reflexion: The contexts considered in Chapter 5 have only a limited form of reflexion, as enforced by the condition Loose that prevents tight loops linking a hole to itself. T... |

84 | Control operators, the SECD-machine, and the -calculus - Felleisen, Friedman - 1986 |

83 |
Model-Checking CSP
- Roscoe
- 1994
(Show Context)
Citation Context ... agent provide a domain-theoretic interpretation, assigning a meaning to each agent independently of the others (unlike for bisimulation). This makes failures properties well-suited to model checking =-=[Ros94, Low96]-=-. In order to define a failure of an agent, I first extend the notion of a weak labelled transition to allow for sequences of labels (not just single labels): Definition 3.23 (weak labelled transition... |

79 |
Control operators, the SECD machine, and the λcalculus
- Felleisen, Friedman
- 1987
(Show Context)
Citation Context ...closely resembles instances of the λ-calculus [Bar84]. The latter consist of a simple syntax, a structural congruence based on α-conversion, a set of reactive contexts (known as “evaluation contexts” =-=[FF86]-=-) chosen to force strategies such as call-by-name or call-by-value, and a reaction rule based on β-reduction. There is however an important difference which renders the problem of finding useful equiv... |

75 | From rewrite rules to bisimulation congruences
- Sewell
(Show Context)
Citation Context ...ifferent syntactic representations of the same agent that it is difficult to understand where to begin. Without any naming structure, parallel composition becomes easier to handle, as shown by Sewell =-=[Sew01]-=-. As I explain in Section 1.5, it is the treatment of names that distinguishes the dissection results in this dissertation from his. A possible approach is to abandon tree-like syntax and to think in ... |

66 | Global/local subtyping and capability inference for a distributed π-calculus - Sewell - 1998 |

63 | A hierarchy of equivalences for asynchronous calculi
- Fournet, Gonthier
- 1998
(Show Context)
Citation Context ...ward to prove barbed equivalence in particular cases but difficult to show barbed congruence because of the heavy quantification over all contexts. Work by Fournet [Fou98] and by Fournet and Gonthier =-=[FG98]-=- ease this burden with techniques that allow a proof of barbed congruence to be broken into pieces, each of which may be carried out using other congruence relations.s1.5. Other work 15 Jeffrey and Ra... |

63 | Models of Sharing Graphs: A Categorical Semantics of let and letrec
- Hasegawa
- 1997
(Show Context)
Citation Context ...ing an action calculus for elementary arithmetic having controls 0 : (0, 1), S : (1, 1), and + : (2, 1). The reactive system is shown in Figure 5.2; it is an example of the sharing graphs of Hasegawa =-=[Has99]-=-, which add sharing to the interaction nets of Lafont [Laf90]. Nodes represent subexpressions, and the forking of arcs allows these to be shared. The reaction rules are in the top diagram; the garbage... |

59 |
The Join-Calculus: a Calculus for Distributed Mobile Programming
- Fournet
- 1998
(Show Context)
Citation Context ...exts. For example, it is straightforward to prove barbed equivalence in particular cases but difficult to show barbed congruence because of the heavy quantification over all contexts. Work by Fournet =-=[Fou98]-=- and by Fournet and Gonthier [FG98] ease this burden with techniques that allow a proof of barbed congruence to be broken into pieces, each of which may be carried out using other congruence relations... |

44 |
Structural operational semantics for weak bisimulations
- Bloom
- 1995
(Show Context)
Citation Context ...) [GV92, TP97]. The principle is to postulate rule formats, conditions on an inductive presentation of a labelled transition relation that ensure that operational equivalences (e.g. weak bisimulation =-=[Blo93]-=-) are congruences. There is a fundamental difference between this problem and the one I am looking at. The work on SOS presumes that a labelled transition relation is already given: the problem is to ... |

38 | Secure composition of untrusted code: Wrappers and causality types - Sewell, Vitek - 2000 |

34 | Secure composition of insecure components - Sewell, Vitek - 1999 |

24 | P.: Models for name-passing processes: Interleaving and causal
- Cattani, Sewell
- 2000
(Show Context)
Citation Context ...any ways of handling this when looking at bisimulation, for example, but most involve augmenting the definition with freshness side conditions to cater explicitly for extrusion. An alternate approach =-=[CS00]-=- keeps track of extruded names as annotations of the agents themselves, thus gaining the power of extrusion but keeping the simplicity of bisimulation without added conditions. Adding these annotation... |

23 | Towards a theory of bisimulation for local names
- Jeffrey, Rathke
- 1999
(Show Context)
Citation Context ... this burden with techniques that allow a proof of barbed congruence to be broken into pieces, each of which may be carried out using other congruence relations.s1.5. Other work 15 Jeffrey and Rathke =-=[JR99]-=- used contexts as the basis for the labels of an LTS in the case of the ν-calculus (a variant of the λ-calculus with fresh name creation). They did not derive uniformly these labels from a reaction re... |