Roberto Bruni

• University of Pisa

Sound over-approximation methods are effective for proving the absence of errors, but inevitably produce false alarms that can hamper programmers. In contrast, under-approximation methods focus on bug detection and are free from false alarms. In this work, we present two novel proof systems designed to locate the source of errors via backward under...

The main goal of most static analyses is to prove the absence of bugs : if the analysis reports no alarms, then the program will not exhibit any unwanted behaviours. For this reason, they are designed to over-approximate program behaviours and, consequently, they can report some false alarms. O’Hearn’s recent work on incorrectness has renewed the i...

This paper forges a strong connection between two well known computational frameworks for representing biological systems, in order to facilitate the seamless transfer of techniques between them. Boolean networks are a well established formalism employed from biologists. They have been studied under different (synchronous and asynchronous) update s...

Cause/effect analysis of complex systems is instrumental in better understanding many natural phenomena. Moreover, formal analysis requires the availability of suitable abstract computational models that somehow preserve the features of interest. Our contribution focuses on the analysis of Reaction Systems (RSs), a qualitative computational formali...

Reaction systems (RSs) are a computational framework inspired by biochemical mechanisms. A RS defines a finite set of reactions over a finite set of entities. Typically each reaction has a local scope, because it is concerned with a small set of entities, but complex models can involve a large number of reactions and entities, and their computation...

Completeness of an abstract interpretation is an ideal situation where the abstract interpreter is guaranteed to be compositional and producing no false alarm when used for verifying program correctness. Completeness for all possible programs and inputs is a very rare condition, met only by straightforward abstractions. In this paper we make a jour...

Reaction Systems (RSs) are a computational framework inspired by biological systems. A RS is formed by a set of entities together with a set of reactions over them. Entities can enable or inhibit each reaction and are produced by reactions. The interaction of a RS with the environment can be modelled by means of an external context sequence. RSs ca...

We formulate, in lattice-theoretic terms, two novel algorithms inspired by Bradley’s property directed reachability algorithm. For finding safe invariants or counterexamples, the first algorithm exploits over-approximations of both forward and backward transition relations, expressed abstractly by the notion of adjoints. In the absence of adjoints,...

We formulate, in lattice-theoretic terms, two novel algorithms inspired by Bradley's property directed reachability algorithm. For finding safe invariants or counterexamples, the first algorithm exploits over-approximations of both forward and backward transition relations, expressed abstractly by the notion of adjoints. In the absence of adjoints,...

interpretation is a framework to design sound static analyses by over-approximating the set of program behaviours. While over-approximations can prove correctness, they cannot witness incorrectness because false alarms may arise. An ideal, but uncommon, situation is completeness of the abstraction that can ensure no false alarm is introduced by the...

interpretation is a well known and extensively used method to extract over-approximate program invariants by a sound program analysis algorithm. Soundness means that no program errors are lost and it is, in principle, guaranteed by construction. Completeness means that the abstract interpreter reports no false alarms for all possible inputs, but th...

Reaction systems (RSs) are a successful natural computing framework inspired by chemical reaction networks. A RS consists of a set of entities and a set of reactions. Entities can enable or inhibit each reaction and are produced by reactions or provided by the environment. In this paper, we define two quantitative variants of RSs: the first one is...

Reaction Systems (RSs) are a successful computational framework inspired by biological systems. RSs can involve a large number of reactions and entities, which makes it difficult the debugging of quite long computations that traverses complex states. Slicing is a technique which is useful for simplifying a debugging process, by selecting a portion...

Abstract interpretation provides an over-approximation of program behaviours that is used to prove the absence of bugs. When the computed approximation in the chosen abstract domain is as precise as possible, we say the analysis is complete and false alarms cannot arise. Unfortunately for any non trivial abstract domain there is some program whose...

Static analyses are mostly designed to show the absence of bugs : if the analysis reports no alarms then the program won’t exhibit any unwanted behaviours. To this aim they manipulate over-approximations of program semantics and, inevitably, they often report some false alarms. Recently, O’Hearn proposed Incorrectness Logic, that is based on under-...

Reaction Systems (RSs) are a successful natural computing framework inspired by chemical reaction networks. A RS consists of a set of entities and a set of reactions. Entities can enable or inhibit each reaction, and are produced by reactions or provided by the environment. In a previous paper, we defined an original labelled transition system (LTS...

Reaction Systems (RSs) are a successful computational framework inspired by biological systems. A RS combines a set of entities with a set of reactions over them. Entities can be provided by an external context, used to enable or inhibit each reaction, and also produced by reactions. RS semantics is defined in terms of an (unlabelled) rewrite syste...

Reaction Systems (RSs) are a successful computational framework inspired by biological systems. A RS pairs a set of entities with a set of reactions over them. Entities can be used to enable or inhibit each reaction, and are produced by reactions. Entities can also be provided by an external context sequence to simulate in silico biological experim...

In the area of Natural Computing, Reaction Systems (RSs) are a qualitative abstraction inspired by the functioning of living cells, suitable to model the main mechanisms of biochemical reactions. RSs interact with a context, and pose challenges for modularity, compositionality, extendibility and behavioural equivalence. In this paper we define a mo...

Reaction Systems (RSs) are a successful computational framework inspired by biological systems. A RS pairs a set of entities with a set of reactions over them. Entities can be used to enable or inhibit each reaction, and are produced by reactions. Entities can also be provided by an external context. RS semantics is defined in terms of an (unlabell...

Complex problems can be sometimes solved efficiently via recursive decomposition strategies. In this line, the tree decomposition approach equips problems modelled as graphs with tree-like parsing structures. Following Milner’s flowgraph algebra, in a previous paper two of the authors introduced a strong network algebra to represent open graphs (up...

We present the link-calculus, an extension of π-calculus, that models interactions that are multiparty, i.e. that may involve more than two processes, mutually exchanging data. Communications are seen as chains of suitably combined links (which record the source and the target ends of each hop of interactions), each contributed by one party. Values...

In the area of Natural Computing, reaction systems are a qualitative abstraction inspired by the functioning of living cells, suitable to model the main mechanisms of biochemical reactions. This model has already been applied and extended successfully to various areas of research. Reaction systems interact with the environment represented by the co...

In the version of logic programming (LP) based on interpretations where variables occur in atoms, a goal reduction via unification can be seen as a transition labelled by the most general unifier. Categorically, it is thus natural to model a logic program as a coalgebra. In the paper we represent: (i) goals as the substitutive monoid freely generat...

Recent work by the authors equips Petri occurrence nets (PN) with probability distributions which fully replace nondeterminism. To avoid the so-called confusion problem, the construction imposes additional causal dependencies which restrict choices within certain subnets called structural branching cells (s-cells). Bayesian nets (BN) are usually st...

We propose Klaim as a suitable base for a novel choreographic framework. More precisely we advocate Klaim as a suitable language onto which to project data-driven global specifications based on distributed tuple spaces. These specifications, akin to behavioural types, describe the coordination from a global point of view. Differently from behaviour...

The personal contacts of the first author with Carl Adam Petri and Petri nets are initially described and the role of Petri nets as a connector algebra is then examined.

We present a process algebra aimed at describing interactions that are multiparty, i.e. that may involve more than two processes and that are open, i.e. the number of the processes they involve is not fixed or known a priori. Here we focus on the theory of a core version of a process calculus, without message passing, called Core Network Algebra (C...

Recent work by the authors equips Petri occurrence nets (PN) with probability distributions which fully replace nondeterminism. To avoid the so-called confusion problem, the construction imposes additional causal dependencies which restrict choices within certain subnets called structural branching cells (s-cells). Bayesian nets (BN) are usually st...

Assigning a satisfactory truly concurrent semantics to Petri nets with confusion and distributed decisions is a long standing problem, especially if one wants to resolve decisions by drawing from some probability distribution. Here we propose a general solution based on a recursive, static decomposition of (occurrence) nets in loci of decision, cal...

We present a process algebra aimed at describing interactions that are multiparty, i.e. that may involve more than two processes and that are open, i.e. the number of the processes they involve is not fixed or known a priori. Here we focus on the theory of a core version of a process calculus, without message passing, called Core Network Algebra (C...

Event structures are a well-accepted model of concurrency. In a seminal paper by Nielsen, Plotkin and Winskel, they are used to establish a bridge between the theory of domains and the approach to concurrency proposed by Petri. A basic role is played by an unfolding construction that maps (safe) Petri nets into a subclass of event structures, calle...

Event structures are a well-accepted model of concurrency. In a seminal paper by Nielsen, Plotkin and Winskel, they are used to establish a bridge between the theory of domains and the approach to concurrency proposed by Petri. A basic role is played by an unfolding construction that maps (safe) Petri nets into a subclass of event structures, calle...

Assigning a satisfactory truly concurrent semantics to Petri nets with confusion and distributed decisions is a long standing problem, especially if one wants to fully replace nondeterminism with probability distributions and no stochastic structure is desired/allowed. Here we propose a general solution based on a recursive, static decomposition of...

Causal trees are one of the earliest pioneering contributions of Pierpaolo Degano, in joint work with Philippe Darondeau. The idea is to record causality dependencies in processes and in their actions. As such, causal trees sit between interleaving models and truly concurrent ones and they originate an abstract, event-based bisimulation semantics f...

In this paper we revisit some pioneering efforts to equip Petri nets with compact operational models for expressing causality. The models we propose have a bisimilarity relation and a minimal representative for each equivalence class, and they can be fully explained as coalgebras on a presheaf category on an index category of partial orders. First,...

In this paper we consider a calculus of connectors that allows for the most general combination of synchronisation, non-determinism and buffering. According to previous results, this calculus is tightly related to a flavour of Petri nets with interfaces for composition, called Petri nets with boundaries. The calculus and the net version are equippe...

In this paper we recast the classical Darondeau-Degano's causal seman-tics of concurrency in a coalgebraic setting, where we derive a compact model. Our construction is inspired by the one of Montanari and Pistore yielding causal automata, but we show that it is instance of an existing categorical framework for modeling the semantics of nominal cal...

This paper proposes to reconcile two perspectives on behavioral adaptation commonly taken at different stages of the engineering of autonomic computing systems. Requirements engineering activities often take a black-box perspective: A system is considered to be adaptive with respect to an environment whenever the system is able to satisfy its goals...

The diffusion of adaptive systems motivate the study of models of software entities whose interaction capabilities can evolve dynamically. In this paper we overview the contributions in the ASCENS project in the area of software defined networks and of reconfigurable connectors. In particular we highlight: (i) the definition of the Network-consciou...

We present a white-box conceptual framework for adaptation developed in the context of the EU Project ASCENS coordinated by Martin Wirsing. We called it CoDa, for Control Data Adaptation, since it is based on the notion of control data. CoDa promotes a neat separation between application and adaptation logic through a clear identification of the se...

Graph transformation techniques, the Double-Pushout (DPO) approach in particular, have been successfully applied in the modeling of concurrent systems. In this area, a research thread has addressed the definition of concurrent semantics for process calculi. In this paper, we propose a theory of graph transformations for service programming with sop...

We focus on hierarchical BIP, an extension of Joseph Sifakis et al’s BIP component framework, to provide a semantics-preserving, compositional encoding in the Petri calculus, a recently proposed algebra of stateless connectors and one-position buffers.

Service-oriented computing is calling for novel computational models and languages with well-disciplined primitives for client–server interaction, structured orchestration and unexpected events handling. We present CaSPiS, a process calculus where the conceptual abstractions of sessioning and pipelining play a central role for modelling service-ori...

This paper proposes a formal approach to the design and programming of long running transactions (LRTs). We exploit techniques from process calculi to define cJoin, which is an extension of the Join calculus with few well-disciplined primitives for LRT. Transactions in cJoin are intended to describe the transactional interaction of several partners...

The link-calculus has been recently proposed as a process calcu-lus for representing interactions that are open (i.e. that the number of processes may vary), and multiparty (i.e. that may involve more than two processes). Here, we apply the link-calculus for expressing, possibly hierarchical and non dyadic, biological interactions. In par-ticular,...

The growth and diffusion of reconfigurable and adaptive systems motivate the foundational study of models of software connectors that can evolve dynamically, as opposed to the better understood notion of static connectors. In this paper we investigate the interplay of behaviour, interaction and dynamics in the context of the BIP component framework...

Compositional graph models for global computing systems must account for two relevant dimensions, namely structural containment and communication linking. In Milner's bigraphs the two dimensions are made explicit and represented as two loosely coupled structures: the place graph and the link graph. Here, bigraphs are compared with an earlier model,...

A quite flourishing research thread in the recent literature on component-based systems is concerned with the algebraic properties of different classes of connectors. In a recent paper, an algebra of stateless connectors was presented that consists of five kinds of basic connectors, namely symmetry, synchronization, mutual exclusion, hiding and ina...

We present an essential model of adaptable transition systems inspired by white-box approaches to adaptation and based on foundational models of component based systems. The key feature of adaptable transition systems are control propositions, imposing a clear separation between ordinary, functional behaviours and adaptive ones. We instantiate our...

Control data variants of game models such as Interface Automata are suitable for the design and analysis of self-adaptive systems.

Building adaptive systems with predictable emergent behavior is a difficult task and it is becoming a critical need. The research community has accepted the challenge by introducing approaches of various nature: from software architectures to programming paradigms and analysis techniques. Our white-box conceptual approach to adaptive systems based...

Constraint networks are hyper-graphs whose nodes and hyper-edges respectively represent variables and relations between them. The problem to assign values to variables by satisfying all constraints is NP-complete. We propose an algebraic approach to the design and transformation of constraint networks, inspired by Architectural Design Rewriting (AD...

We present the link-calculus, a process calculus based on interactions that are multiparty, i.e., that may involve more than two processes and are open, i.e., the number of involved processes is not fixed or known a priori. Communications are seen as chains of links, that record the source and the target ends of each hop of interactions. The semant...

Business processes design is an error-prone task often relying on long-running transactions with compensations. Unambiguous formal semantics and flexible verification tools should be used for early validation of processes. To this aim, we define a small-step semantics for the Sagas calculus according to the so-called “coordinated interruption” poli...

Recent years have witnessed an increasing interest about a rigorous modelling of (different classes of) connectors. Here, the term connector is used to name entities that can regulate the interaction of possibly heterogeneous components. Thus, connectors must take care of exogenous coordination, handling all those aspects that lie outside the scope...

Compensable programs offer a convenient paradigm to deal with long-running transactions, because they offer a structured and modular approach to the composition of distributed transactional activities, like services. The basic idea is that each activity has its own compensation and that the compensable program fixes the order of execution of such a...

Developing trustworthy concurrent applications is a seemingly never ending quest, which is necessary but difficult. It is necessary because mainstream systems and applications are inherently concurrent and they are pervasive to our daily life activities. It is difficult because such systems are inherently interactive and heterogeneous, so that boun...

Building adaptive systems with predictable emergent behavior is a difficult task and it is becoming a critical need. The research community has accepted the challenge by introducing approaches of various nature: from software architectures to programming paradigms and analysis techniques. Our white-box conceptual approach to adaptive systems based...

In this position paper we present a conceptual vision of adaptation, a key feature of autonomic systems. We put some stress on the role of control data and argue how some of the programming paradigms and models used for adaptive systems match with our conceptual framework.

In this position paper we present a conceptual vision of adaptation, a key feature of autonomic systems. We put some stress on the role of control data and argue how some of the programming paradigms and models used for adaptive systems match with our conceptual framework.

In the area of component-based software architectures, the term connector has been coined to denote an entity (e.g. the communica-tion network, middleware or infrastructure) that regulate the interaction of independent components. Hence, a rigorous mathematical foundation for connectors is crucial for the study of coordinated systems. In recent yea...

Rule-based programming has been shown to be very successful in many application areas. Two prominent examples are the specification of model transformations in model driven development approaches and the definition of structured operational semantics of formal languages. General rewriting frameworks such as Maude are exible enough to allow the prog...

In the Sensoria project, core calculi have been adopted as a linguistic means to model and analyze service-oriented applications. The present chapter reports about the static analysis techniques developed for the Sensoria session-oriented core calculi CaSPiS and CC. In particular, it presents a type system for client progress and control flow analy...

We present our approach to the denotation and representation of hierarchical graphs: a suitable algebra of hierarchical graphs and two domains of interpretations. Each domain of interpretation focuses on a particular perspective of the graph hierarchy: the top view (nested boxes) is based on a notion of embedded graphs while the side view (tree hie...

Architectural Design Rewriting (ADR) is an approach for the design of software architectures developed within Sensoria by reconciling graph transformation and process calculi techniques. The key feature that makes ADR a suitable and expressive framework is the algebraic handling of structured graphs, which improves the support for specification, an...

A quite flourishing research thread in the recent literature on component-based system is concerned with the algebraic properties of various kinds of connectors for defining well-engineered systems. In a recent paper, an algebra of stateless connectors was presented that consists of five kinds of basic connectors, plus their duals. The connectors c...

We report our experiences gained when integrating process analysis activities into a regional gateway of the Italian eGov platform to promote real-time process monitoring within a Service Oriented Architecture. We exploit ProM, a state-of-the-art suite providing several analysis algorithms for business processes. First, we outline our technological...

This volume contains the pre-proceedings of ICE'11, the 4th Interaction and Concurrency Experience workshop, which was held in Reykjavik, Iceland on the 9th of June 2011 as a satellite event of DisCoTec'11. The topic of ICE'11 was Reliable and Contract-based Interaction. Reliable interactions are, e.g., those enjoying suitable logical, behavioural,...

This volume contains the pre-proceedings of ICE'11, the 4th Interaction and Concurrency Experience workshop, which was held in Reykjavik, Iceland on the 9th of June 2011 as a satellite event of DisCoTec'11. The topic of ICE'11 was Reliable and Contract-based Interaction. Reliable interactions are, e.g., those enjoying suitable logical, behavioural,...

Structural aspects play a key role in the model-driven development of software systems. Effective techniques and tools must therefore be based on suitable representation formalisms that facilitate the specification, manipulation and analysis of the structure of models. Graphical and algebraic approaches have been shown to be very successful for suc...

The authors emphasize the actual relevance and need of formal methods for the advancements of complex systems, and brie present the other papers contained in this issue.

This volume contains the proceedings of the 3rd Interaction and Concurrency Experience (ICE 2010) workshop, which was held in Amsterdam, Netherlands on 10th of June 2010 as a satellite event of DisCoTec'10. Each year, the workshop focuses on a specific topic: the topic of ICE 2010 was Guaranteed Interactions, by which we mean, for example, guarante...

This volume contains the proceedings of the 3rd Interaction and Concurrency Experience (ICE 2010) workshop, which was held in Amsterdam, Netherlands on 10th of June 2010 as a satellite event of DisCoTec'10. Each year, the workshop focuses on a specific topic: the topic of ICE 2010 was Guaranteed Interactions, by which we mean, for example, guarante...

Graph transformation techniques, and the Double-Pushout approach in particular, have been successfully applied in the modeling of concurrent systems. In this area, a research thread has addressed the definition of concurrent semantics for process calculi. In this paper, we show how graph transformation can cope with advanced features of service-ori...

We propose new denotational (trace-based) and operational semantics for parallel Sagas with interruption, prove the correspondence between the two and assess their merits w.r.t. existing proposals. The new semantics is realistic, in the sense that it guarantees that distributed compensations may only be observed after a fault actually occurred. Mor...

We define an algebraic theory of hierarchical graphs, whose axioms characterise graph isomorphism: two terms are equated exactly when they represent the same graph. Our algebra can be understood as a high-level language for describing graphs with a node-sharing, embedding structure, and it is then well suited for defining graphical representations...

Graph transformation techniques have been applied successfully to the modelling of process calculi, for example for equipping them with a truly concurrent semantics. Recently, there has been an increasing interest towards hierarchical structures both at the level of graph-based models, in order to represent explicitly the interplay between linking...

Rule-based specifications have been very successful as a declarative approach in many domains, due to the handy yet solid foundations offered by rule-based machineries like term and graph rewriting. Realistic problems, however, call for suitable techniques to guarantee scalability. For instance, many domains exhibit a hierarchical structure that ca...

We propose a sound and complete axiomatisation of a class of graphs with nesting and either locally or globally restricted nodes. Such graphs allow to represent explicitly and at the right level of abstraction some relevant topological and logical features of models and systems, including nesting, hierarchies, sharing of resources, and pointers or...

Rule-based specifications have been very successful as a declarative approach in many domains, due to the handy yet solid foundations offered by rule-based machineries like term and graph rewriting. Realistic problems, however, call for suitable techniques to guarantee scalability. For instance, many domains exhibit a hierarchical structure that ca...

We propose a class of hierarchical graphs equipped with a simple algebraic syntax as a convenient way to describe configurations in languages with inherently hierarchical features such as sessions, fault- handling scopes or transactions. The graph syntax can be seen as an intermediate representation language, that facilitates the encoding of struct...

We propose a sound and complete axiomatisation of a class of graphs with nesting and either locally or globally restricted nodes. Such graphs allow to represent explicitly and at the right level of abstraction some relevant topological and logical features of models and systems, including nesting, hierarchies, sharing of resources, and pointers or...

We define an algebraic theory of hierarchical graphs, whose axioms characterise graph isomorphism: two terms are equated exactly when they represent the same graph. Our algebra can be understood as a high-level language for describing graphs with a node-sharing, embedding structure, and it is then well suited for defining graphical representations...

We present a UML Profile for the description of service oriented applications. The profile focuses on style-based design and reconfiguration aspects at the architectural level. Moreover, it has formal support in terms of an approach called Architectural Design Rewriting, which enables formal analysis of the UML specifications. We show how our proto...

Application or business logic, used in the development of services, has to do with the operations that define the application functionalities and not with the platform ones. Often security problems can be found at this level, because circumventing or misusing the required operations can lead to unexpected behaviour or to attacks, called application...

This paper extends the invited talk by the first author about the virtues of structured graphs. The motivation behind the talk and this paper relies on our experience on the development of ADR, a formal approach for the design of style-conformant, reconfigurable software systems. ADR is based on hierarchical graphs with interfaces and it has been c...

Under several regards, various of the recently proposed computational paradigms are open-ended, i.e., they may comprise components whose behaviour is not or cannot be fully specified. For instance, applications can be distributed across different administration domains that do not fully disclose their internal business processes to each other, or t...

Architectural Design Rewriting (ADR) is a rule-based approach for the design of dynamic software architectures. The key features that make ADR a suitable and expressive framework are the algebraic presentation and the use of conditional rewrite rules. These features enable, e.g. hierarchical (top-down, bottom-up or composition-based) design and ind...

It is widely recognised that process calculi stay to concurrent computing as lambda-calculus stays to sequential computing; in fact, they lay abstract, rigorous foundations for the analysis of interactive, communicating systems. Nowadays, the increasing popularity of Service-Oriented Computing (SOC) challenges the quest for novel abstractions tailo...

A number of formalisms have been defined to support the specification and analysis of service oriented applications. These formalisms have been equipped with tools (types or logics) to guarantee the correct behavior of the specified services. Due to the semantic gap between the specification formalism and the programming languages of service orient...