No Arabic abstract
In this paper, we extend the theory CCS for trees (CCTS) to value-passing CCTS (VCCTS), of which symbols have the capacity for receiving and sending data values, and a nonsequential semantics is proposed in an operational approach. In this concurrent model, a weak barbed congruence and a localized early weak bisimilarity are defined, and the latter relation is proved to be sufficient to justify the former. As an illustration of potential applications of VCCTS, a semantics based on VCCTS is given to a toy multi-threaded programming language featuring a core of C/C++ concurrency; and a formalization based on the operational semantics of VCCTS is proposed for some relaxed memory models, and a DRF-guarantee property with respect to VCCTS is proved.
This paper provides a fully abstract semantics for value-passing CCS for trees (VCCTS). The operational semantics is given both in terms of a reduction semantics and in terms of a labelled transition semantics. The labelled transition semantics is non-sequential, allowing more than one action occurring simultaneously. We develop the theory of behavioral equivalence by introducing both weak barbed congruence and weak bisimilarity. In particular, we show that weak barbed congruence coincides with weak bisimilarity on image-finite processes. This is the first such result for a concurrent model with tree structures. Distributed systems can be naturally modeled by means of this graph-based system, and some examples are given to illustrate this.
It is common to prove by reasoning over source code that programs do not leak sensitive data. But doing so leaves a gap between reasoning and reality that can only be filled by accounting for the behaviour of the compiler. This task is complicated when programs enforce value-dependent information-flow security properties (in which classification of locations can vary depending on values in other locations) and complicated further when programs exploit shared-variable concurrency. Prior work has formally defined a notion of concurrency-aware refinement for preserving value-dependent security properties. However, that notion is considerably more complex than standard refinement definitions typically applied in the verification of semantics preservation by compilers. To date it remains unclear whether it can be applied to a realistic compiler, because there exist no general decomposition principles for separating it into smaller, more familiar, proof obligations. In this work, we provide such a decomposition principle, which we show can almost halve the complexity of proving secure refinement. Further, we demonstrate its applicability to secure compilation, by proving in Isabelle/HOL the preservation of value-dependent security by a proof-of-concept compiler from an imperative While language to a generic RISC-style assembly language, for programs with shared-memory concurrency mediated by locking primitives. Finally, we execute our compiler in Isabelle on a While language model of the Cross Domain Desktop Compositor, demonstrating to our knowledge the first use of a compiler verification result to carry an information-flow security property down to the assembly-level model of a non-trivial concurrent program.
In previous work with Pous, we defined a semantics for CCS which may both be viewed as an innocent presheaf semantics and as a concurrent game semantics. It is here proved that a behavioural equivalence induced by this semantics on CCS processes is fully abstract for fair testing equivalence. The proof relies on a new algebraic notion called playground, which represents the rule of the game. From any playground, two languages, equipped with labelled transition systems, are derived, as well as a strong, functional bisimulation between them.
The model checking problem for propositional dynamic logic (PDL) over message sequence charts (MSCs) and communicating finite state machines (CFMs) asks, given a channel bound $B$, a PDL formula $varphi$ and a CFM $mathcal{C}$, whether every existentially $B$-bounded MSC $M$ accepted by $mathcal{C}$ satisfies $varphi$. Recently, it was shown that this problem is PSPACE-complete. In the present work, we consider CRPDL over MSCs which is PDL equipped with the operators converse and repeat. The former enables one to walk back and forth within an MSC using a single path expression whereas the latter allows to express that a path expression can be repeated infinitely often. To solve the model checking problem for this logic, we define message sequence chart automata (MSCAs) which are multi-way alternating parity automata walking on MSCs. By exploiting a new concept called concatenation states, we are able to inductively construct, for every CRPDL formula $varphi$, an MSCA precisely accepting the set of models of $varphi$. As a result, we obtain that the model checking problem for CRPDL and CFMs is still in PSPACE.
Mereology is the study of parts and the relationships that hold between them. We introduce a behavioral approach to mereology, in which systems and their parts are known only by the types of behavior they can exhibit. Our discussion is formally topos-theoretic, and agnostic to the topos, providing maximal generality; however, by using only its internal logic we can hide the details and readers may assume a completely elementary set-theoretic discussion. We consider the relationship between various parts of a whole in terms of how behavioral constraints are passed between them, and give an inter-modal logic that generalizes the usual alethic modalities in the setting of symmetric accessibility.