##
###
Characterizing contextual equivalence in calculi with passivation

Sergueï Lenglet, Alan Schmitt, Jean-Bernard Stefani

2011
*
Information and Computation
*

We study the problem of characterizing contextual equivalence in higher-order languages with passivation. To overcome the difficulties arising in the proof of congruence of candidate bisimilarities, we introduce a new form of labeled transition semantics together with its associated notion of bisimulation, which we call complementary semantics. Complementary semantics allows to apply the well-known Howe's method for proving the congruence of bisimilarities in a higher-order setting, even in the
## more »

... presence of an early form of bisimulation. We use complementary semantics to provide a coinductive characterization of contextual equivalence in the HOπ P calculus, an extension of the higher-order π -calculus with passivation, obtaining the first result of this kind. We then study the problem of defining a more effective variant of bisimilarity that still characterizes contextual equivalence, along the lines of Sangiorgi's notion of normal bisimilarity. We provide partial results on this difficult problem: we show that a large class of test processes cannot be used to derive a normal bisimilarity in HOπ P, but we show that a form of normal bisimilarity can be defined for HOπ P without restriction. 1391 The situation is less satisfactory for higher-order concurrent languages. Bisimilarity relations that coincide with barbed congruence have only been given for some higher-order concurrent languages. They usually take the form of context bisimilarities, building on a notion of context bisimulation introduced by D. Sangiorgi for a higher-order π -calculus, HOπ [37] . Context bisimilarity has been proven to coincide with contextual equivalence for higher-order variants of the π -calculus: Sangiorgi's HOπ [36,37,20], a concurrent ML with local names [19], a higher-order distributed π -calculus called SafeDpi [16], Mobile Ambients [29], and some of Mobile Ambients's variants such as Boxed Ambients [5]. A sound but incomplete form of context bisimilarity has been proposed for the Seal calculus [10]. For the Homer calculus [14] , strong context bisimilarity is proven sound and complete, but weak context bisimilarity is not complete. A sound and complete context bisimilarity has been defined for the Kell calculus [41] , but for the strong case only. Context bisimilarity is not entirely satisfactory, however. Its definition still involves quantification on processes (or on abstractions and concretions, following Milner's terminology [30] , that can be understood, respectively, as receiving processes and emitting processes). 1 For this reason, Sangiorgi has introduced in his study of HOπ [37] an alternative form of bisimulation, called normal bisimulation, that replaces the universal quantification on processes in the input and output clauses in the definition of context bisimulation with a single test process. 2 To the best of our knowledge, the only higher-order concurrent language for which normal bisimilarity has been defined and proved to coincide with context bisimilarity is HOπ and its typed variant [36, 37, 20] . Process calculi with passivation The difficulties in characterizing contextual equivalence are particularly acute in calculi featuring process passivation, such as the Homer calculus, the Kell calculus, and, to some extent, the Seal calculus. Let us motivate first our interest in higher-order languages with strong process mobility and process passivation. Strong process mobility refers to the possibility of moving a running process from one locus of computation (or locality) to another. This feature typically occurs in languages or calculi intended for distributed programming such as the Join calculus [27], Mobile Ambients [8], or Nomadic Pict [44] . Process passivation refers to the ability to suspend the execution of a named running process and to pass around the suspended process, typically as a higher-order parameter in messages. This capability is featured in the Homer calculus [14] , the M-calculus [40] , and the Kell calculus [41] . Passivation actually subsumes strong mobility, as discussed in [41] , since strong mobility amounts to a sequence of passivation, transfer of the suspended process between localities, and reactivation. Strong mobility is a linear operation that moves a computation from one locality to another, whereas passivation may be non-linear: a passivated process can be reactivated several times. The Seal calculus [10] provides an intermediate form, with a combined migrate and replicate (and hence non-linear) operation. Strong mobility is one of several paradigms for mobile code. It has been introduced as a primary feature in several languages, including Obliq [7], Nomadic Pict [44], and JoCaml [12] . It potentially allows interesting performance and design trade-offs [9, 13] , and its use can be compelling in certain application areas such as network and distributed system management [3] . Process passivation provides basic support for dynamic reconfiguration: with passivation, named parts of a system can be replaced during execution. Dynamic reconfiguration is useful to support patches and system updates while limiting system downtime and increasing availability; to support fault recovery and fault tolerance by providing a basic mechanism for checkpointing computations and replicating them; and to support adaptive behaviors, whereby a system changes its configuration to adapt to varying operating conditions, with the aim of improving performance and/or dependability. A form of process passivation has been introduced in the Acute programming language [42] for the same reasons. There, it is called thunkification and applies to designated groups of threads. In this paper, we work with the HOπ P calculus, a minimal extension of HOπ with passivation. An example of process passivation in HOπ P is given by the following reduction: where a[P ] is a locality named a that contains a process P , and a( X)Q is a receiver process. The passivation above removes the locality a, and passes process P as an argument to the receiver process a( X)Q . A locality a[ ] is an execution context and is transparent: if P can evolve into P (i.e., P −→ P ), then we have a[P ] −→ a[P ]. Also, if P can emit a message, then 1 Despite this quantification on processes, the use of context bisimulation as a proof technique is still an improvement over the direct use of barbed congruence, as argued in [29] . Removing this quantification would pave the way to automated proof support. 2 For instance, the definition of an early strong contextual bisimulation R in HOπ has the following input clause:

doi:10.1016/j.ic.2011.08.002
fatcat:gkpm2qyasjhg3eusoq7cnvpfxy