Section: New Results

Verification Techniques

Participants : Mario Bravetti, Adrien Durier, Daniel Hirschkoff, Ivan Lanese, Cosimo Laneve, Davide Sangiorgi.

We analyze sensible properties of concurrent systems such as deadlock freedom, and proof techniques for deriving behavioural equalities and preorders on processes.

Deadlock detection

We have continued the work on deadlock detection of previous years, on languages of concurrent objects. Thus in [33] we have applied and refined previous techniques so to handle multi-threaded programs with reentrant locks. For this we have defined a simple calculus featuring recursion, threads and synchronizations that guarantee exclusive access to objects. We detect deadlocks by associating an abstract model to programs and we define an algorithm for verifying that a problematic object dependency (e.g. a circularity) between threads will not be manifested.

In [15] we give two different notions of deadlock for systems based on active objects and futures. One is based on blocked objects and conforms with the classical definition of deadlock. The other one is an extended notion of deadlock based on blocked processes which is more general than the classical one. We introduce a technique to prove deadlock freedom in which an abstract version of the program is translated into Petri nets. Extended deadlocks, and then also classical deadlock, can be detected via checking reachability of a certain forms of marking.

Proof techniques based on unique solutions

We study bisimilarity, a behavioural equivalence whose success is much due to the associated bisimulation proof method. In particular, we discuss different proof methods, based on unique solution of equations or of special forms of inequations called contractions, and inspired by Milner's theorem on unique solution of equations. The techniques are at least as powerful as the bisimulation proof method and its up-to context enhancements. The techniques can be transferred onto other behavioural equivalences, possibly contextual and non-coinductive. This enables a coinductive reasoning style on such equivalences. An overview paper on these techniques is [19].

The paper [36] discusses a rather comprehensive formalisation of the core of the theory of CCS in the HOL theorem prover (HOL4), with a focus towards the theory of unique solutions of contractions. (The formalisation consists of about 20,000 lines of proof scripts in Standard ML.) Some refinements of the theory itself are obtained. In particular we remove the constraints on summation, which must be weakly-guarded, by moving to rooted contraction, that is, the coarsest precongruence contained in the contraction preorder.

In [26] we apply the above techniques to study Milner's encoding of the call-by-value $\lambda$-calculus into the $\pi$-calculus. We show that, by tuning the encoding to two subcalculi of the $\pi$-calculus (Internal $\pi$ and Asynchronous Local $\pi$), the equivalence on $\lambda$-terms induced by the encoding coincides with Lassen's eager normal-form bisimilarity, extended to handle $\eta$-equality. As behavioural equivalence in the $\pi$-calculus we consider contextual equivalence and barbed congruence. We also extend the results to preorders.

On a different, but related, strand of work [17], we study the tree structures that result when writing call-by-name functions as processes, and give general conditions under which this representation produces Lévy-Longo Trees and Böhm Trees, the best known tree structures on the lambda-calculus.