HO π in Coq Guillaume Ambal, Sergue¨ ı Lenglet and Alan Schmitt
Higher-Order π -calculus ◮ Model of concurrent and communicating systems ◮ First-order: inert data (channel names, . . . ) ◮ Higher-order: executable processes ◮ Behavioral equivalence proofs (bisimulation): complex, prone to error ◮ Very few formalization of higher-order process calculi ◮ Difficulty: binders
Higher-Order π -calculus Communication channel names a , b , c , . . . Process variables X , Y , Z , . . . P , Q ::=
Higher-Order π -calculus Communication channel names a , b , c , . . . Process variables X , Y , Z , . . . P , Q ::= ⊘ nil process
Higher-Order π -calculus Communication channel names a , b , c , . . . Process variables X , Y , Z , . . . P , Q ::= ⊘ nil process | P � Q parallel composition
Higher-Order π -calculus Communication channel names a , b , c , . . . Process variables X , Y , Z , . . . P , Q ::= ⊘ nil process | P � Q parallel composition | X variable | a ( X ) . P process input a ( X ) . X
Higher-Order π -calculus Communication channel names a , b , c , . . . Process variables X , Y , Z , . . . P , Q ::= ⊘ nil process | P � Q parallel composition | X variable | a ( X ) . P process input a ( X ) . ( X � b ( Y ) . Y )
Higher-Order π -calculus Communication channel names a , b , c , . . . Process variables X , Y , Z , . . . P , Q ::= ⊘ nil process | P � Q parallel composition | X variable | a ( X ) . P process input | a � P � . Q process output a ( X ) . ( X � b ( Y ) . Y � b �⊘� . ⊘ )
Higher-Order π -calculus Communication channel names a , b , c , . . . Process variables X , Y , Z , . . . P , Q ::= ⊘ nil process | P � Q parallel composition | X variable | a ( X ) . P process input | a � P � . Q process output a ( X ) . ( X � b ( Y ) . Y � b �⊘� . ⊘ ) � a � b � c ( Z ) . Z � . ⊘ � ⊘
Higher-Order π -calculus Communication channel names a , b , c , . . . Process variables X , Y , Z , . . . P , Q ::= ⊘ nil process | P � Q parallel composition | X variable | a ( X ) . P process input | a � P � . Q process output a ( X ) . ( X � b ( Y ) . Y � b �⊘� . ⊘ ) � a � b � c ( Z ) . Z � . ⊘ � ⊘
Higher-Order π -calculus Communication channel names a , b , c , . . . Process variables X , Y , Z , . . . P , Q ::= ⊘ nil process | P � Q parallel composition | X variable | a ( X ) . P process input | a � P � . Q process output Communication: a ( X ) . P � a � R � . Q − → P { R / X } � Q a ( X ) . ( X � b ( Y ) . Y � b �⊘� . ⊘ ) � a � b � c ( Z ) . Z � . ⊘ � ⊘
Higher-Order π -calculus Communication channel names a , b , c , . . . Process variables X , Y , Z , . . . P , Q ::= ⊘ nil process | P � Q parallel composition | X variable | a ( X ) . P process input | a � P � . Q process output Communication: a ( X ) . P � a � R � . Q − → P { R / X } � Q a ( X ) . ( X � b ( Y ) . Y � b �⊘� . ⊘ ) � a � b � c ( Z ) . Z � . ⊘ � ⊘ − → b � c ( Z ) . Z � . ⊘ � b ( Y ) . Y � b �⊘� . ⊘ � ⊘
Higher-Order π -calculus Communication channel names a , b , c , . . . Process variables X , Y , Z , . . . P , Q ::= ⊘ nil process | P � Q parallel composition | X variable | a ( X ) . P process input | a � P � . Q process output Communication: a ( X ) . P � a � R � . Q − → P { R / X } � Q a ( X ) . ( X � b ( Y ) . Y � b �⊘� . ⊘ ) � a � b � c ( Z ) . Z � . ⊘ � ⊘ − → b � c ( Z ) . Z � . ⊘ � b ( Y ) . Y � b �⊘� . ⊘ � ⊘
Higher-Order π -calculus Communication channel names a , b , c , . . . Process variables X , Y , Z , . . . P , Q ::= ⊘ nil process | P � Q parallel composition | X variable | a ( X ) . P process input | a � P � . Q process output Communication: a ( X ) . P � a � R � . Q − → P { R / X } � Q a ( X ) . ( X � b ( Y ) . Y � b �⊘� . ⊘ ) � a � b � c ( Z ) . Z � . ⊘ � ⊘ − → b � c ( Z ) . Z � . ⊘ � b ( Y ) . Y � b �⊘� . ⊘ � ⊘ − → ⊘ � c ( Z ) . Z � b �⊘� . ⊘ � ⊘
Higher-Order π -calculus Communication channel names a , b , c , . . . Process variables X , Y , Z , . . . P , Q ::= ⊘ nil process | P � Q parallel composition | X variable | a ( X ) . P process input | a � P � . Q process output | ν a . P name restriction Communication: a ( X ) . P � a � R � . Q − → P { R / X } � Q
Name restriction Syntax: P , Q ::= ⊘ | P � Q | X | a ( X ) . P | a � P � . Q | ν a . P ν ab . ( a � b �⊘� . ⊘� . P � a ( X ) . d � X � . Q )
Name restriction Syntax: P , Q ::= ⊘ | P � Q | X | a ( X ) . P | a � P � . Q | ν a . P ν ab . ( a � b �⊘� . ⊘� . P � a ( X ) . d � X � . Q ) � a ( X ) . X
Name restriction Syntax: P , Q ::= ⊘ | P � Q | X | a ( X ) . P | a � P � . Q | ν a . P ν ab . ( a � b �⊘� . ⊘� . P � a ( X ) . d � X � . Q )
Name restriction Syntax: P , Q ::= ⊘ | P � Q | X | a ( X ) . P | a � P � . Q | ν a . P ν ab . ( a � b �⊘� . ⊘� . P � a ( X ) . d � X � . Q ) → ν ab . ( P � d � b �⊘� . ⊘� . Q ) −
Name restriction Syntax: P , Q ::= ⊘ | P � Q | X | a ( X ) . P | a � P � . Q | ν a . P ν ab . ( a � b �⊘� . ⊘� . P � a ( X ) . d � X � . Q ) → ν ab . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) −
Name restriction Syntax: P , Q ::= ⊘ | P � Q | X | a ( X ) . P | a � P � . Q | ν a . P ν ab . ( a � b �⊘� . ⊘� . P � a ( X ) . d � X � . Q ) → ν ab . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) − → ν ab . ( P � Q ) � b �⊘� . ⊘ � R −
Name restriction Syntax: P , Q ::= ⊘ | P � Q | X | a ( X ) . P | a � P � . Q | ν a . P ν ab . ( a � b �⊘� . ⊘� . P � a ( X ) . d � X � . Q ) → ν ab . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) − ≃ ν ba . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R )
Name restriction Syntax: P , Q ::= ⊘ | P � Q | X | a ( X ) . P | a � P � . Q | ν a . P ν ab . ( a � b �⊘� . ⊘� . P � a ( X ) . d � X � . Q ) → ν ab . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) − ≃ ν ba . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) ≃ ν b . ( ν a . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) )
Name restriction Syntax: P , Q ::= ⊘ | P � Q | X | a ( X ) . P | a � P � . Q | ν a . P ν ab . ( a � b �⊘� . ⊘� . P � a ( X ) . d � X � . Q ) → ν ab . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) − ≃ ν ba . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) ≃ ν b . ( ν a . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) ) → ν b . ( ν a . ( P � Q ) � b �⊘� . ⊘ � R ) −
Name restriction Syntax: P , Q ::= ⊘ | P � Q | X | a ( X ) . P | a � P � . Q | ν a . P ν ab . ( a � b �⊘� . ⊘� . P � a ( X ) . d � X � . Q ) → ν ab . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) − ≃ ν ba . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) ≃ ν b . ( ν a . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) ) → ν b . ( ν a . ( P � Q ) � b �⊘� . ⊘ � R ) − a a → ν � Input: P → ( X ) R − Output: Q − b . � S � T
Name restriction Syntax: P , Q ::= ⊘ | P � Q | X | a ( X ) . P | a � P � . Q | ν a . P ν ab . ( a � b �⊘� . ⊘� . P � a ( X ) . d � X � . Q ) → ν ab . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) − ≃ ν ba . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) ≃ ν b . ( ν a . ( P � d � b �⊘� . ⊘� . Q ) � d ( Y ) . ( Y � R ) ) → ν b . ( ν a . ( P � Q ) � b �⊘� . ⊘ � R ) − a a → ν � Input: P → ( X ) R − Output: Q − b . � S � T a a → ν � − → ( X ) R − b . � S � T P Q � b ∩ fn( R ) = ∅ → ν � P � Q − b . ( R { S / X } � T )
� � � What we formalize ◮ Bisimilarity: if P then P Q Q ∼ ∼ α α α P ′ P ′ Q ′ ∼ ◮ Congruence: if P ∼ Q then P � R ∼ Q � R , ν a . P ∼ ν a . Q , . . . ◮ Howe’s method [CONCUR 15]
Binders Process input a ( X ) . P : binds process variables X ◮ Static scope ◮ Process variables are substituted (by processes) ◮ Forbids computation Name restriction ν a . P , ν � a . � P � Q : binds names a ◮ Dynamic scope ◮ No substitution ◮ Allows computation
Binders Process input a ( X ) . P : binds process variables X ◮ Static scope ◮ Process variables are substituted (by processes) ◮ Forbids computation Similar to λ -abstraction: any representation Name restriction ν a . P , ν � a . � P � Q : binds names a ◮ Dynamic scope ◮ No substitution ◮ Allows computation
Recommend
More recommend