Psi-calculi Workbench

Size: px

Start display at page:

Download "Psi-calculi Workbench"

Dorothy Gibbs
5 years ago
Views:

1 Andrius Paulavičius SWEDEN Psi-calculi Workbench Ramūnas Gutkovas YR-CONCUR `12, Newcastle,

2 Application areas applied pi calculus Authentication protocols multicore programming spi-calculus wireless sensor networks concurrent constraint pi others... GAP Fundamental models of computation Turing machines pi-calculus lambda-calculus pi-calculus modal logics

3 Application areas Authentication protocols multicore programming applied pi calculus wireless sensor networks spi-calculus concurrent constraint pi others... GAP Fundamental models of computation pi-calculus Turing machines lambda-calculus pi-calculus modal logics

4 The Solution: Psi-calculi! Applications + Cryptography + Eq Logics + Data structures + many other exts... Reusable Ψ Nominal Correct framework for mobile process calculi

5 Part 1 Psi-Calculi Logical Methods in Computer Science Vol. 7 (1:11) 2011, pp Introduction PSI-CALCULI: A FRAMEWORK FOR MOBILE PROCESSES WITH NOMINAL DATA AND LOGIC Submitted Dec. 30, 2009 Published Mar. 29, 2011 JESPER BENGTSON, MAGNUS JOHANSSON, JOACHIM PARROW, AND BJÖRN VICTOR Department of Information Technology, Uppsala University, Sweden address: {jesper.bengtson,magnus.johansson,joachim.parrow,bjorn.victor}@it.uu.se Publications: Abstract. The framework of psi-calculi extends the pi-calculus with nominal datatypes for data structures and for logical assertions and conditions. These can be transmitted between processes and their names can be statically scoped as inthestandardpi-calculus. Psi-calculi can capture the same phenomena as other proposed extensionsofthepi-calculus such as the applied pi-calculus, the spi-calculus, the fusion calculus, the concurrent constraint pi-calculus, and calculi with polyadic communication channels or pattern matching. Psi-calculi can be even more general, for example by allowing structuredchannels, higherorder formalisms such as the lambda calculus for data structures, and predicate logic for assertions. We provide ample comparisons to related calculi and discuss afewsignificant applications. Our labelled operational semantics and definition of bisimulation is straightforward, without a structural congruence. We establish minimal requirements on the nominal data and logic in order to prove general algebraic properties of psi-calculi, all of which have been checked in the interactive theorem prover Isabelle. Expressiveness of psi-calculi significantly exceeds that of other formalisms, while the purity ofthesemanticsisonpar with the original pi-calculus. LICS 09, TPHOLs 09, LMCS 11, SOS 09, LICS 10, SEFM 11, JLAP 12, two PhD theses 1. Introduction Authors: The pi-calculus [MPW92] has a multitude of extensions where higher-level data structures and operations on them are given as primitive. To mention only two there are the spi-calculus by Abadi and Gordon [AG99] focusing on cryptographic primitives, and the applied pi-calculus of Abadi and Fournet [AF01] where agents can introduce statically scoped aliases of names for data, used e.g. to express how knowledge of an encryption is restricted. It is also parametrised by an arbitrary signature for expressing data and an equation system for expressing data equalities. The impact of these enriched calculi is considerable with hundreds of papers applying or developing the formalisms. As Abadi and Fournet rightly observe there is a trade-off between purity, meaning the simplicity and elegance Jesper Bengtson, Johannes Borgström, Shuqin Huang, Magnus Johansson, Joachim Received by the editors April 1, ACM Subject Classification: F.1.2, F.3.1, F.3.2. Key words and phrases: pi-calculus, nominal sets, bisimulation, operational semantics, theorem prover. c J. Bengtson, M. Johansson, J. Parrow, and B. Victor CC Creative Commons Parrow, Palle Raabjerg, LOGICAL METHODS IN COMPUTER SCIENCE DOI: /LMCS-7 (1:11) 2011 Björn Victor, Johannes Åman Pohjola,...

6 Part 1 Part 2 Psi-Calculi Logical Methods in Computer Science Vol. 7 (1:11) 2011, pp Introduction PSI-CALCULI: A FRAMEWORK FOR MOBILE PROCESSES WITH NOMINAL DATA AND LOGIC Submitted Dec. 30, 2009 Published Mar. 29, 2011 JESPER BENGTSON, MAGNUS JOHANSSON, JOACHIM PARROW, AND BJÖRN VICTOR Department of Information Technology, Uppsala University, Sweden address: {jesper.bengtson,magnus.johansson,joachim.parrow,bjorn.victor}@it.uu.se Publications: Abstract. The framework of psi-calculi extends the pi-calculus with nominal datatypes for data structures and for logical assertions and conditions. These can be transmitted between processes and their names can be statically scoped as inthestandardpi-calculus. Psi-calculi can capture the same phenomena as other proposed extensionsofthepi-calculus such as the applied pi-calculus, the spi-calculus, the fusion calculus, the concurrent constraint pi-calculus, and calculi with polyadic communication channels or pattern matching. Psi-calculi can be even more general, for example by allowing structuredchannels, higherorder formalisms such as the lambda calculus for data structures, and predicate logic for assertions. We provide ample comparisons to related calculi and discuss afewsignificant applications. Our labelled operational semantics and definition of bisimulation is straightforward, without a structural congruence. We establish minimal requirements on the nominal data and logic in order to prove general algebraic properties of psi-calculi, all of which have been checked in the interactive theorem prover Isabelle. Expressiveness of psi-calculi significantly exceeds that of other formalisms, while the purity ofthesemanticsisonpar with the original pi-calculus. LICS 09, TPHOLs 09, LMCS 11, SOS 09, LICS 10, SEFM 11, JLAP 12, two PhD theses 1. Introduction Authors: The pi-calculus [MPW92] has a multitude of extensions where higher-level data structures and operations on them are given as primitive. To mention only two there are the spi-calculus by Abadi and Gordon [AG99] focusing on cryptographic primitives, and the applied pi-calculus of Abadi and Fournet [AF01] where agents can introduce statically scoped aliases of names for data, used e.g. to express how knowledge of an encryption is restricted. It is also parametrised by an arbitrary signature for expressing data and an equation system for expressing data equalities. The impact of these enriched calculi is considerable with hundreds of papers applying or developing the formalisms. As Abadi and Fournet rightly observe there is a trade-off between purity, meaning the simplicity and elegance Jesper Bengtson, Johannes Borgström, Shuqin Huang, Magnus Johansson, Joachim Received by the editors April 1, ACM Subject Classification: F.1.2, F.3.1, F.3.2. Key words and phrases: pi-calculus, nominal sets, bisimulation, operational semantics, theorem prover. c J. Bengtson, M. Johansson, J. Parrow, and B. Victor CC Creative Commons Parrow, Palle Raabjerg, LOGICAL METHODS IN COMPUTER SCIENCE DOI: /LMCS-7 (1:11) 2011 Björn Victor, Johannes Åman Pohjola,... Psi-Calculi Workbench Pwb Tool for Psi

7 Part 1 Psi-Calculi Introduction

8 Psi by Example pi-calculus (Informal) nil output input parallel replication restriction match summation 0 a<b>.p a(x).p P Q!P (new a)p [a = b]p P + Q

9 Psi by Example pi-calculus (Informal) nil output input parallel replication restriction match summation 0 a<b>.p a(x).p P Q!P (new a)p case [a a = = b]p b : P case P true + Q : P [] true : Q

10 Psi by Example Explicit Fusion (Informal) Input prefix not binding a b. P a<c>.q τ b=c P Q Wischik & Gardner Equators in Psi (a la Merro): a(e).(( b=e ) P) a<c>.q ( b=c ) P Q 1-1 transition correspondence τ communication yields explicit fusion

Psi by Example Crypto (A Closer Look) Structured data: tuples with projection equations fst(t(x,y)) = x snd(t(x,y)) = y a<t(m,x)> (new s) Facts about data: the secret s and message M

11 Psi by Example Crypto (A Closer Look) Structured data: tuples with projection equations fst(t(x,y)) = x snd(t(x,y)) = y a<t(m,x)> (new s) Facts about data: the secret s and message M hashes to x ( ) ( hash(t(s,m)) = x ) a(y).if hash(t(s,fst(y))) = snd(y) then Ch(b)<fst(y)> Structured channels Equation as condition: checks if message and hash received via a is hashed with s

12 Psi-calculi Parameterized Calculi P, Q ::= T terms (processes in ASCII notation) Output: M<N>.P C conditions Input: M(x).P Case: case cnd 1 :P 1 []... [] cnd n :P n Assertion: ( Psi ) A assertions

13 Psi-calculi Parameterized Calculi P, Q ::= (processes in ASCII notation) Output: M<N>.P Input: M(x).P Case: case cnd 1 :P 1 []... [] cnd n :P n Assertion: ( Psi ) Nil: Parallel: Replication: Restriction: 0 P Q!P (new a)p

14 Psi-calculi Defining a calculus T subst : C List(name T) A chaneq : T T C Satisfy simple axioms, practically anything entails : A C bool Provide: T C A terms are not necesseraly defined by a signature compose : A A A unit : A T terms C conditions A assertions

15 Example Psi-calculus the pi-calculus (1) T = names terms are just names C = {a == b : a, b in names} conditions are equalities between names A = {unit} = {1} no facts in the environment

16 Example Psi-calculus the pi-calculus (2) T A C chaneq = λ(a,b).a == b channel equivalence is formation of equality conditions entails = λ(ѱ,a == b).a = b name equality is entailed whenever the names are the same

17 Example Psi-calculus the pi-calculus (2) T chaneq = names = λ(a,b).a == A = b {unit} = {1} channel equivalence is formation of C = {a == b : a, b in names} equality conditions entails = λ(ѱ,a == b).a = b name equality is entailed whenever the names are the same unit = 1 compose = λ(ѱ 1,ѱ 2 ).1 assertions are trivial

18 Example Psi-calculus the pi-calculus ~ coincides 1-1 correspondnce of A = {unit} = {1} T = names C = {a == b : a, b in names} chaneq = λ(a,b).a == b entails = λ(ѱ,a == b).a = b compose = λ(ѱ 1,ѱ 2 ).1 unit = 1 machine-checked proofs That s it! Psi instance defined

19 Example Psi-calculus Fusion Calculus T = names C = {a = b : a,b names} A = pow fin ({a = b : a,b names}) Done! chaneq = λ(a,b).a = b entails = λ(ѱ,a=b). (a,b) EQ(ѱ) compose = λ(ѱ 1,ѱ 2 ). ѱ 1 ѱ 2 unit = equivalence closure

20 Example Psi-calculus crypto Σ = {hash( ), enc(, ), dec(, ), pk( ), sk( ), } E = {dec(enc(x,y),y) = x, } T = {f(m 1,,M n ): M i T & f Σ} names C = {M=N : M,N T} Done! A = pow({m=n : M,N T}) chaneq = λ(m,n). M=N entails = λ(ѱ,m=n). E ѱ eq M=N compose = λ(ѱ 1,ѱ 2 ). ѱ 1 ѱ 2 unit =

21 Psi-Calculi Expressiveness Psi-calculi can capture + Higher Order Cryptography, like applied pi-calculus (Abadi, Fournet 2001) Fusion, like the explicit fusion calculus (Wischik, Gardner 2005) Concurrent constraints, like Concurrent constraint pi (Buscemi, Montanari 2007) Polyadic synchronisation (Carbone, Maffeis 2003) pattern matching, higher-order values (various) Extensions + Broadcast + Sorts, match + Types (Hüttel, CONCUR 11)

22 Part 1 Part 2 Psi-Calculi Logical Methods in Computer Science Vol. 7 (1:11) 2011, pp Introduction PSI-CALCULI: A FRAMEWORK FOR MOBILE PROCESSES WITH NOMINAL DATA AND LOGIC Submitted Dec. 30, 2009 Published Mar. 29, 2011 JESPER BENGTSON, MAGNUS JOHANSSON, JOACHIM PARROW, AND BJÖRN VICTOR Department of Information Technology, Uppsala University, Sweden address: {jesper.bengtson,magnus.johansson,joachim.parrow,bjorn.victor}@it.uu.se Publications: Abstract. The framework of psi-calculi extends the pi-calculus with nominal datatypes for data structures and for logical assertions and conditions. These can be transmitted between processes and their names can be statically scoped as inthestandardpi-calculus. Psi-calculi can capture the same phenomena as other proposed extensionsofthepi-calculus such as the applied pi-calculus, the spi-calculus, the fusion calculus, the concurrent constraint pi-calculus, and calculi with polyadic communication channels or pattern matching. Psi-calculi can be even more general, for example by allowing structuredchannels, higherorder formalisms such as the lambda calculus for data structures, and predicate logic for assertions. We provide ample comparisons to related calculi and discuss afewsignificant applications. Our labelled operational semantics and definition of bisimulation is straightforward, without a structural congruence. We establish minimal requirements on the nominal data and logic in order to prove general algebraic properties of psi-calculi, all of which have been checked in the interactive theorem prover Isabelle. Expressiveness of psi-calculi significantly exceeds that of other formalisms, while the purity ofthesemanticsisonpar with the original pi-calculus. LICS 09, TPHOLs 09, LMCS 11, SOS 09, LICS 10, SEFM 11, JLAP 12, two PhD theses 1. Introduction Authors: The pi-calculus [MPW92] has a multitude of extensions where higher-level data structures and operations on them are given as primitive. To mention only two there are the spi-calculus by Abadi and Gordon [AG99] focusing on cryptographic primitives, and the applied pi-calculus of Abadi and Fournet [AF01] where agents can introduce statically scoped aliases of names for data, used e.g. to express how knowledge of an encryption is restricted. It is also parametrised by an arbitrary signature for expressing data and an equation system for expressing data equalities. The impact of these enriched calculi is considerable with hundreds of papers applying or developing the formalisms. As Abadi and Fournet rightly observe there is a trade-off between purity, meaning the simplicity and elegance Jesper Bengtson, Johannes Borgström, Shuqin Huang, Magnus Johansson, Joachim Received by the editors April 1, ACM Subject Classification: F.1.2, F.3.1, F.3.2. Key words and phrases: pi-calculus, nominal sets, bisimulation, operational semantics, theorem prover. c J. Bengtson, M. Johansson, J. Parrow, and B. Victor CC Creative Commons Parrow, Palle Raabjerg, LOGICAL METHODS IN COMPUTER SCIENCE DOI: /LMCS-7 (1:11) 2011 Björn Victor, Johannes Åman Pohjola,... Psi-Calculi Workbench Pwb Tool for Psi

23 Part 2 Psi-Calculi Workbench Tool for Psi

24 Psi-Calculi Workbench Framework for implementing Psi-Calculi instances Experimental Platform for experimentation with semantics and Free pi-calculus extensions Implemented in SML (PolyML) For every psi implementation includes Transition simulator Weak bisim generator

25 Psi-Calculi Workbench Pwb Implementer Architecture Modular Pluggable Supp Lib Nominal PP Parser Comb... T C A chaneq entails compose unit subst Psi Core Transition Constraint Solver Symbolic Evaluator

26 Psi-Calculi Workbench Constraint Solver Pwb Implementer Process Transition Derivative Constraint Transition Derivative Constraint Solution P Symbolic Evaluator Transition Constraint Solver

27 Psi-Calculi Workbench Pwb Architecture Modular Pluggable Implementer Parser Supp Lib Nominal PP Parser Comb... T C A chaneq entails compose unit subst Psi Core Transition Constraint Solver Symbolic Evaluator Pretty Printer Bisimulation Constraint Solver Bisim Cnstr Generator Command Interp

28 Demo

29 Psi-Calculi Extensions (in progress) + Nominal Free Algebras + Broadcast communication Johannes Borgström + Hüttel s Types Amin Khorsandi, MSc Thesis

30 References Get Pwb at $ wget mobility/applied/psiworkbench Take a look $ wget Read LICS 09, TPHOLs 09, LMCS 11, SOS 09, LICS 10, SEFM 11, JLAP 12 Exercising Psi-calculi: A Psi-calculi workbench (my MSc Thesis)

The Psi-Calculi Workbench: a Generic Tool for Applied Process Calculi

The Psi-Calculi Workbench: a Generic Tool for Applied Process Calculi Johannes Borgström Ramūnas Gutkovas Iona Rodhe Björn Victor Uppsala University ProFuN meeting, Dec 18, 2013 Presented at ACSD 13 Barcelona,