Damien Pous

New up-to techniques for weak bisimulation

Up-to techniques have been introduced to enhance the bisimulation proof method for establishing bisimilarity results. While up-to techniques for strong bisimilarity are well understood, the irregularities that appear in the weak case make it difficult to give a unified presentation. We propose a uniform and modular theory of up-to techniques for weak bisimulation that captures most of the existing proof technology and introduces new techniques. Some proofs rely on nontrivial-and new-commutation results based on termination guarantees. All results presented in this paper have been formally proved using the Coq proof assistant.

Enhanced coalgebraic bisimulation

We present a systematic study of bisimulation-up-to techniques for coalgebras. This enhances the bisimulation proof method for a large class of state based systems, including labelled transition systems but also stream systems and weighted automata. Our approach allows for compositional reasoning about the soundness of enhancements. Applications include the soundness of bisimulation up to bisimilarity, up to equivalence and up to congruence. All in all, this gives a powerful and modular framework for simplified coinductive proofs of equivalence.

Kleene algebra with tests and coq tools for while programs

We present a Coq library about Kleene algebra with tests, including a proof of their completeness over the appropriate notion of languages, a decision procedure for their equational theory, and tools for exploiting hypotheses of a certain kind in such a theory. Kleene algebra with tests make it possible to represent if-then-else statements and while loops in imperative programming languages. They were actually introduced as an alternative to propositional Hoare logic. We show how to exploit the corresponding Coq tools in the context of program verification by proving equivalences of while programs, correctness of some standard compiler optimisations, Hoare rules for partial correctness, and a particularly challenging equivalence of flowchart schemes.

Up-to techniques for weak bisimulation

Up-to techniques have been introduced to enhance the bisimulation proof method for establishing bisimilarity results. While up-to techniques for strong bisimilarity are well understood, in the weak case they come as a collection of unrelated results, and lack a unified presentation. We propose a uniform and modular theory of up-to techniques for weak bisimulation that captures existing proof technology and introduces new techniques. Some proofs rely on non trivial – and new – commutation results based on termination guarantees.

A correct abstract machine for safe ambients

We describe an abstract machine, called GcPan, for the distributed execution of Safe Ambients (SA), a variant of the Ambient Calculus (AC). Our machine improves over previous proposals for executing AC, or variants of it, mainly through a better management of special agents (forwarders), created upon code migration to transmit messages to the target location of the migration. We establish the correctness of our machine by proving a weak bisimilarity result with a previous abstract machine for SA, and then appealing to the correctness of the latter machine. More broadly, this study is a contribution towards understanding issues of correctness and optimisations in implementations of distributed languages encompassing mobility.

Innocent strategies as presheaves and interactive equivalences for CCS

Seeking a general framework for reasoning about and comparing programming languages, we derive a new view of Milners CCS. We construct a category E of plays, and a subcategory V of views. We argue that presheaves on V adequately represent innocent strategies, in the sense of game semantics. We then equip innocent strategies with a simple notion of interaction. This results in an interpretation of CCS. Based on this, we propose a notion of interactive equivalence for innocent strategies, which is close in spirit to Beffaras interpretation of testing equivalences in concurrency theory. In this framework we prove that the analogues of fair and must testing equivalences coincide, while they differ in the standard setting.

An efficient abstract machine for Safe Ambients

Safe Ambients (SA) are a variant of the Ambient Calculus (AC) in which types can be used to avoid certain forms of interferences among processes called grave interferences. An abstract machine, called GcPan, for a distributed implementation of typed SA is presented and studied. Our machine improves over previous proposals for executing AC, or variants of it, mainly through a better management of special agents (the forwarders), created upon code migration to transmit messages to the target location of the migration. Well-known methods (such as reference counting and union-find) are applied in order to garbage collect forwarders, thus avoiding long – possibly distributed – chains of forwarders, as well as avoiding useless persistent forwarders. We present the proof of correctness of GcPan w.r.t. typed SA processes. We describe a distributed implementation of the abstract machine in OCaml. More broadly, this study is a contribution towards understanding issues of correctness and optimisations in implementations of distributed languages encompassing mobility.

A distribution law for CCS and a new congruence result for the π-calculus

We give an axiomatisation of strong bisimilarity on a small fragment of CCS that does not feature the sum operator. This axiomatisation is then used to derive congruence of strong bisimilarity in the finite π-calculus in absence of sum. To our knowledge, this is the only nontrivial subcalculus of the π-calculus that includes the full output prefix and for which strong bisimilarity is a congruence.

Component-oriented programming with sharing: containment is not ownership

Component-oriented programming yields a tension between higher-order features (deployment, reconfiguration, passivation), encapsulation, and component sharing. We propose a discipline for component-oriented programming to address this issue, and we define a process calculus whose operational semantics embodies this programming discipline. We present several examples that illustrate how the calculus supports component sharing, while allowing strong encapsulation and higher-order primitives.

A general account of coinduction up-to

Bisimulation up-to enhances the coinductive proof method for bisimilarity, providing efficient proof techniques for checking properties of different kinds of systems. We prove the soundness of such techniques in a fibrational setting, building on the seminal work of Hermida and Jacobs. This allows us to systematically obtain up-to techniques not only for bisimilarity but for a large class of coinductive predicates modeled as coalgebras. The fact that bisimulations up to context can be safely used in any language specified by GSOS rules can also be seen as an instance of our framework, using the well-known observation by Turi and Plotkin that such languages form bialgebras. In the second part of the paper, we provide a new categorical treatment of weak bisimilarity on labeled transition systems and we prove the soundness of up-to context for weak bisimulations of systems specified by cool rule formats, as defined by Bloom to ensure congruence of weak bisimilarity. The weak transition systems obtained from such cool rules give rise to lax bialgebras, rather than to bialgebras. Hence, to reach our goal, we extend the categorical framework developed in the first part to an ordered setting.