Henrik Pilegaard

The Succinct Solver Suite

The Succinct Solver Suite offers two analysis engines for solving data and control flow problems expressed in clausal form in a large fragment of first order logic. The solvers have proved to be useful for a variety of applications including security properties of Java Card byte-code, access control features of Mobile and Discretionary Ambients, and validation of protocol narrations formalised in a suitable process algebra. Both solvers operate over finite domains although they can cope with regular sets of trees by direct encoding of the tree grammars; they differ in fine details about the demands on the universe and the extent to which universal quantification is allowed. A number of transformation strategies, mainly automatic, have been studied aiming on the one hand to increase the efficiency of the solving process, and on the other hand to increase the ease with which users can develop analyses. The results from benchmarking against state-of-the-art solvers are encouraging.

Spatial Analysis of BioAmbients

Programming language technology can contribute to the development and understanding of Systems Biology by providing formal calculi for specifying and analysing the dynamic behaviour of biological systems. Our focus is on BioAmbients, a variation of the ambient calculi developed for modelling mobility in computer systems. We present a static analysis for capturing the spatial structure of biological systems and we illustrate it on a few examples.

Relational Analysis of Correlation

In service-oriented computing, correlations are used to determine links between service providers and users. A correlation contains values for some variables received in a communication. Subsequent messages will only be received when they match the values of the correlation. Correlations allow for the implementation of sessions, local shared memory, gradually provided input, or input provided in arbitrary order --- thus presenting a challenge to static analysis. In this work, we present a static analysis in relational form of correlations. It is defined in terms of a fragment of the process calculus COWS that itself builds on the Fusion Calculus. The analysis is implemented and practical experiments allow us to automatically establish properties of the flow of information between services.

Flow Logic for Process Calculi

Flow Logic is an approach to statically determining the behavior of programs and processes. It borrows methods and techniques from Abstract Interpretation, Data Flow Analysis and Constraint Based Analysis while presenting the analysis in a style more reminiscent of Type Systems. Traditionally developed for programming languages, this article provides a tutorial development of the approach of Flow Logic for process calculi based on a decade of research. We first develop a simple analysis for the π-calculus; this consists of the specification, semantic soundness (in the form of subject reduction and adequacy results), and a Moore Family result showing that a least solution always exists, as well as providing insights on how to implement the analysis. We then show how to strengthen the analysis technology by introducing reachability components, interaction points, and localized environments, and finally, we extend it to a relational analysis. A Flow Logic is a program logic---in the same sense that a Hoare’s logic is. We conclude with an executive summary presenting the highlights of the approach from this perspective including a discussion of theoretical properties as well as implementation considerations. The electronic supplements present an application of the analysis techniques to a version of the π-calculus incorporating distribution and code mobility; also the proofs of the main results can be found in the electronic supplements.

Relational analysis for delivery of services

Many techniques exist for statically computing properties of the evolution of processes expressed in process algebras. Static analysis has shown how to obtain useful results that can both be checked and computed in polynomial time. In this paper we develop a static analysis in relational form which substantially improves the precision of the results obtained while being able to deal with the full generality of the syntax of processes. The analysis reveals a feasible complexity for practical examples and gives rise to a fast prototype. We use this prototype to automatically prove the correct delivery of messages for the implementation of an accident service, which is based on multiplexed communication, a crucial feature of global computing applications.

What is a free name in a process algebra

There are two popular approaches to specifying the semantics of process algebras: labelled transition semantics and reaction semantics. While the notion of free name is rather unproblematic for labelled transition semantics this is not so for reaction semantics in the presence of a structural congruence for unfolding recursive declarations. We show that the standard definition of free name is not preserved under the structural congruence. We then develop a fixed point approach to the set of free names and show that it is invariant under the structural congruence.

Active Evaluation Contexts for Reaction Semantics

In the context of process algebras it is customary to define semantics in the form of a reaction relation supported by a structural congruence relation. Recently process algebras have grown more expressive in order to meet the modelling demands of fields as diverse as business modelling and systems biology. This leads to combining various features, such as general choice and parallelism that were previously studied separately, and it often becomes difficult to define the reaction semantics. We present a general approach based on active evaluation contexts that allows the reaction semantics to be easily constructed.

From explicit to symbolic types for communication protocols in CCS

We study communication protocols having several rounds and expressed in value passing CCS. We develop a type-based analysis for providing an explicit record of all communications and show the usual subject reduction result. Since the explicit records can be infinitely large, we also develop a type-based analysis for providing a finite, symbolic record of all communications. We show that it correctly approximates the explicit record and prove an adequacy result for it.