Matthew Hennessy

Algebraic laws for nondeterminism and concurrency

Since a nondeterministic and concurrent program may, in general, communicate repeatedly with its environment, its meaning cannot be presented naturally as an input/output function (as is often done in the denotational approach to semantics). In this paper, an alternative is put forth. First, a definition is given of what it is for two programs or program parts to be equivalent for all observers; then two program parts are said to be observation congruent if they are, in all program contexts, equivalent. The behavior of a program part, that is, its meaning, is defined to be its observation congruence class. The paper demonstrates, for a sequence of simple languages expressing finite (terminating) behaviors, that in each case observation congruence can be axiomatized algebraically. Moreover, with the addition of recursion and another simple extension, the algebraic language described here becomes a calculus for writing and specifying concurrent programs and for proving their properties.

Testing equivalences for processes

Abstract Given a set of processes and a set of tests on these processes we show how to define in a natural way three different equivalences on processes. These equivalences are applied to a particular language CCS. We give associated complete proof systems and fully abstract models. These models have a simple representation in terms of trees.

Resource Access Control in Systems of Mobile Agents

We describe a typing system for a distributed ?-calculus which guarantees that distributed agents cannot access the resources of a system without first being granted the capability to do so. The language studied allows agents to move between distributed locations and to augment their set of capabilities via communication with other agents. The type system is based on the novel notion of a location type, which describes the set of resources available to an agent at a location. Resources are themselves equipped with capabilities, and thus an agent may be given permission to send data along a channel at a particular location without being granted permission to read data along the same channel. We also describe a tagged version of the language, where the capabilities of agents are made explicit in the syntax. Using this tagged language we define access violations as runtime errors and prove that well-typed systems are incapable of such errors.

Full abstraction for a simple parallel programming language

In [Plol] a powerdomain was defined which was intended as a kind of analogue of the powerset construction, but for (certain kinds) of cpos. For example the powerdomain~(S±) of the flat cpo Si, formed from a set S, is the set {X ! S~I(X#~) and ((±cX) or X is finite)} with the Egli-Milner ordering : X ~ Y ~ (~x ~ X.~ y ~ Y. x C y) A (~y c Y.3 x e X. x ~ y). E-M This enabled nondeterminism to be modelled by an analogue of set-theoretic union and a denotational semantics for a simple language with parallelism was given, treating parallelism in terms of non-deterministic mergeing of uninterruptible actions. Expected identities such as the associativity and commutativity of the parallel combinator were true in this semantics.

A Process Algebra for Timed Systems

A standard process algebra is extended by a new action ? which is meant to denote idling until the next clock cycle. A semantic theory based on testing is developed for the new language. This is characterised in terms of barbs, a variety of ready traces and also characterised as the initial theory generated by a set of equations.

Acceptance trees

A simple model, AT, for nondeterministic machines is presented which is based on certain types of trees. A set of operations, &Sgr;, is defined over AT and it is shown to be completely characterized by a set of inequations over &Sgr;. AT is used to define the denotational semantics of a language for defining nondeterministic machines. The significance of the model is demonstrated by showing that this semantics reflects an intuitive operational semantics of machines based on the idea that machines should only be differentiated if there is some experiment that differentiates between them.

Priorities in process algebras

An operational semantics for an algebraic theory of concurrency is developed that incorporates a notion of priority into the definition of the execution of actions. An equivalence based on strong observational equivalences is defined and shown to be a congruence, and a complete axiomization is given for finite terms. Several examples highlight the novelty and usefulness of the approaches.<<ETX>>

Information flow vs. resource access in the asynchronous pi-calculus

We propose an extension of the asynchronous π-calculus in which a variety of security properties may be captured using types. These are an extension of the input/output types for the π-calculus in which I/O capabilities are assigned specific security levels. The main innovation is a uniform typing system that, by varying slightly the allowed set of types, captures different notions of security.We first define a typing system that ensures that processes running at security level σ cannot access resources with a security level higher than σ. The notion of access control guaranteed by this system is formalized in terms of a Type Safety Theorem.We then show that, by restricting the allowed types, our system prohibits implicit information flow from high-level to low-level processes. We prove that low-level behavior can not be influenced by changes to high-level behavior. This is formalized as a noninterference theorem with respect to may testing.

An efficiency preorder for processes

A simple efficiency preorder for CCS processes is introduced in whichp≲q means thatq is at least as fast asp, or more generally,p uses at least as much resources asq. It is shown to be preserved by all CCS contexts except summation and it is used to analyse a non-trivial example: two different implementations of a bounded buffer. Finally we give a sound and complete proof system for finite processes.

Termination, deadlock, and divergence

In this paper, a process algebra that incorporates explicit representations of successful termination, deadlock, and divergence is introduced and its semantic theory is analyzed. Both an operational and a denotational semantics for the language is given and it is shown that they agree. The operational theory is based upon a suitable adaptation of the notion of bisimulation preorder. The denotational semantics for the language is given in terms of the initial continuous algebra that satisfies a set of equations <italic>E</italic>, <italic>CI<supscrpt>E</supscrpt></italic>. It is shown that <italic>CI<supscrpt>E</supscrpt></italic> is fully abstract with respect to our choice of behavioral preorder. Several results of independent interest are obtained; namely, the finite approximability of the behavioral preorder and a partial completeness result for the set of equations <italic>E</italic> with respect to the preorder.