A Theory of Agreements and Protection Massimo Bartoletti University of Cagliari — BETTY COST Action
Contracts Many theories of contract for reactive systems: I (Bravetti, Zavattaro)+ I Carpineti & Laneve, I (Castagna, Gesbert, Padovani)+ I van der Aalst et al. ...each with different notions of: I compliance / agreement I subcontract / refinement Goal: find a commom semantic model: concurrent multi-party games
A theory of agreements and protection
Contracts = Obligations + Objectives I
Obligations = Event Structures I I I
I
a set of events E , a conflict relation # an enabling relation `
Objectives = functions Φ over sequences of events
Example: I A’s obligations: ∅ ` a I B’s obligations: {a} ` b
, if b ∈ σ , if a ∈ σ
/ if a ∈ σ, b 6∈ σ / if b ∈ σ, a 6∈ σ
Contracts as games
Plays C `e
e 6∈ C
C ∪ {e} conflict-free e
C −−→ C ∪ {e}
Strategies ΣA : finite plays → sets of events of A such that:
e ∈ ΣA (σ)
=⇒
σe is a play
Winning strategies A is innocent in σ iff: ∀i ≥ 0. ∀e of A.
e
e
σi −→ =⇒ ∃j ≥ i. σj − 6 −→
A wins in σ iff WAσ = ,, where ΦAσ WAσ = / ,
if all participants are innocent in σ if A is culpable in σ otherwise
Σ is a winning strategy for A in C iff A wins in every fair play of C which conforms to Σ.
Contracts as games — an example A : ` a, ` a0 , a # a0
B : a ` b, a ` c, b # c
ΦA : , if gets b or c / o.w., and did a or a0 o.w.
ΦB : , if gets a / o.w., and did b or c o.w.
( {a} if σ = ε ΣA (σ) = ∅ if σ 6= ε
( {b} ΣB (σ) = ∅
a
{a, b}
c
{a, c}
{a}
∅ a’
b
0
{a }
A hi hai ha bi
if a ∈ σ if a ∈ 6 σ B
/ ,
, ,
Agreement
A agrees on C iff A has a winning strategy in C.
A hi hai ha bi
B / ,
, ,
Session types as games Def. Let P and Q be binary session types. P is compliant with Q iff P | Q →∗ P 0 | Q 0 6→ implies P 0 = 0.
Theorem. P is compliant with Q iff the “eager” strategy is winning for A in CA (P) | CB (Q). P = (!a.!c)+!b
Q =?a&?b
Protection
C protects A iff ∀C0 .
A has a non-losing strategy in C | C0 .
Protection is relevant when service brokers are untrusted!
A : ` a, ` a0 , a # a0
B : a ` b, a ` c, b # c
ΦA : , if gets b or c / o.w., and did a or a0 o.w.
ΦB : , if gets a / o.w., and did b or c o.w.
Agreement vs. Protection Theorem. Let C1 , . . . , Cn be contracts with circular payoffs. Then:
EITHER all the participants agree on C1 | · · · | Cn
OR all the participants are protected
Extends a result in: Even and Yacobi. Relations among public key signature system, 1980.
Vicious circles
In event structures: A: a`b
B: b`a
Vicious circle: neither a nor b are reachable
In logic (IPC): a→b ∧ b→a Vicious circle: neither a nor b are provable
From vicious circles to virtuous circles Elimination of → in Intuitionistic Propositional Logic: ∆`p→q ∆`p ∆`q
(→E)
Example: ∆ = a → b, b → a
∆`a→b ∆`b→a
∆`b ∆`a
.. . ∆ ` a (→E) (→E)
Propositional Contract Logic [LICS’10]
PCL = IPC + contractual implication p q ∆`pq ∆, q ` p ∆`q
(E)
Example: ∆ = b a, a → b
∆`ba
∆, a ` a → b ∆, a ` a (→E) ∆, a ` b (E) ∆`a
Event structures with circular causality CES = ES + circular enabling relation Plays σ = e0 e1 e2 · · · are traces of the LTS e
(C , Γ(C )) −−−−→ (C ∪ {e}, Γ(C ∪ {e})) where Γ(σ) is the set of credits of σ: Γ(σ) = {ei ∈ σ | σi 6` ei ∧ σ 6 ei }
A: b a B: a`b
a
b
b
a
{∅, ∅} → − {{a}, {a}} → − {{b, a}, ∅} {∅, ∅} → − {{b}, {b}} → − {{b, a}, {b}}
Prudent events (enjoy mutual coinduction!) A is innocent in σ = e0 e1 · · · iff: ∀e of A. ∀i ≥ 0. ∃j ≥ i. e not prudent in σj
e is prudent in σ if ∃ Σ prudent strategy such that e ∈ Σ(σ)
Σ is a prudent strategy for A iff, for all fair plays σ 0 extending σ, conforming to Σ, and where all B 6= A are innocent: ∃k > |σ|. Γ(σk0 ) ∩ {events of A} ⊆ Γ(σ)
Agreement AND Protection
Theorem. For circular payoffs for participants A1 . . . An , there always exist CES-contracts C1 . . . Cn such that: C1 | · · · | Cn admits an agreement
AND ∀i ∈ 1..n : Ci protects Ai
This justifies extending ES with .
CES are a model of Horn PCL Conflict-free CES are isomorphic to Horn PCL theories: V X ` e ∼ (V X ) → e X e ∼ ( X) e Example. I
CES: b ` a, a b
Reachable events: a, b
I
PCL: b → a, a b
Provable atoms: a, b
Th. If E ∼ ∆, then reachable events in E = provable atoms in ∆
Publications
I
I
I
M. Bartoletti and R. Zunino. A calculus of contracting processes. LICS 2010. M. Bartoletti, T. Cimoli and R. Zunino. A theory of agreements and protection. POST 2013. M. Bartoletti, T. Cimoli and G.M. Pinna. A note on two notions of compliance. ICE 2014.