=Paper=
{{Paper
|id=Vol-3284/1841
|storemode=property
|title=A Calculus for Subjective Communication
|pdfUrl=https://ceur-ws.org/Vol-3284/1841.pdf
|volume=Vol-3284
|authors=Marino Miculan,Matteo Paier
|dblpUrl=https://dblp.org/rec/conf/ictcs/MiculanP22
}}
==A Calculus for Subjective Communication==
https://ceur-ws.org/Vol-3284/1841.pdf
A Calculus for Subjective Communication
Marino Miculan1,2 , Matteo Paier1
1
University of Udine, Italy
2
Caβ Foscari University of Venice, Italy
Abstract
In this paper we introduce Subjective Communication, a new interaction model for CAS and generalizing
the attribute-based communication introduced in the AbC calculus. In this model, a message is broad-
casted to every process, but each process can view the very same message in different ways, depending
on its attributes. To formalize this model, we introduce SCC, the Subjective Communication Calculus, for
which we propose two semantics: Direct SCC, particularly useful when dealing with an edge computing
communication paradigm, and Indirect SCC, more suited to a cloud-centric model. We then introduce a
stateless bisimilarity for our semantics, which we prove to be a congruence.
Keywords
Concurrency theory, Process algebra, Distributed Systems
1. Introduction
Collective Adaptive Systems (CAS) are systems consisting of many interacting components
(βagentsβ) which exhibit complex behaviours depending on their attributes, objectives and
actions [1]. Such systems consist of both physical and virtual entities, often geographically
distributed, and are capable to react to changes in the environment they operate in. Usually, a
CAS component contains three main blocks: Knowledge, that contains local and global data and
information; Policies, that define how different entities should interact, combine and compute;
Processes, that describe how the component progresses. Global behaviour of the system emerge
from the interaction between the components [2].
In these scenarios, new robust engineering techniques and programming paradigms, with
solid theoretical foundations, are sought. However, traditional interaction models based on
channels or point-to-point communication, as formalised in calculi such as CCS and π-calculus,
appear to be inadequate and non-scalable; hence, new formal models for CAS are currently
being investigated. An important example is AbC [3], a calculus inspired by SCEL [4] and
based on attribute-based communication. In this model, communication is broadcast-based, as in
CBS [5], but the receivers are dynamically identified by means of predicates: only the nodes
whose state satisfies a given property will actually receive the message. Thus, attribute-based
communication frees the nodes from knowing each otherβs identities, allowing for a scalable,
decoupled interaction. In fact, attribute-based communication has been integrated also in
declarative programming paradigms, e.g. ECA rule-based languages for βsmartβ systems [6, 7].
Proceedings of the 23rd Italian Conference on Theoretical Computer Science, Rome, Italy, September 7-9, 2022
" marino.miculan@uniud.it (M. Miculan); paier.matteo@spes.uniud.it (M. Paier)
� 0000-0003-0755-3444 (M. Miculan)
Β© 2022 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR
Workshop
Proceedings
http://ceur-ws.org
ISSN 1613-0073
CEUR Workshop Proceedings (CEUR-WS.org)
� However, there is a tension between the objective nature of messages and the fact that the
same message can be accessed differently by agents with different knowledge. This is evident
in the case of messages containing restricted names (akin secret keys): an agent receives a
βrestrictedβ, projected version of the message, where the unknown names have been removed.
In this paper, we solve this tension by renouncing to the idea that messages have an absolute,
βplatonisticβ meaning whose shadows is all what different agents can observed. Instead, we
embrace the empiricistic principle that a message has no meaning on its own, but can be
βexperiencedβ by an observerβand clearly, different agents can experience the same message in
different ways, according to their knowledge, processes, policies. We call this model subjective
communication, since the meaning of a message is not fixed a priori: when a communication
occurs, the very same message is delivered to all nodes, but the actual value received by each of
them depends on their internal state.
In order to model and reason about concurrent systems interacting via subjective communi-
cations, in this paper we introduce the Subjective Communication Calculus SCC. In this calculus,
each agent is composed by an internal state and a process, defining its behaviour. A component
can broadcast a message, which is actually a (partial) function from components to values.
Every component receives such function and evaluates it on itself; thus, different agents may
obtain different values from the very same functionβor nothing at all. This model generalizes
attribute-based communication: a message that in AbC is discarded by a node corresponds to a
message whose evaluation on that nodeβs state is undefined.
Given this definition of subjective communication, we need to specify where is the control
logic that decides how to modify or filter the messages that an agent will receive. We found
two possibilities, yielding two different semantics. One possibility is that the agent itself checks
each message and decides how to interpret it (i.e. it evaluates the function on itself, Fig. 1a);
the other is that an external entity enforces this check, and then passes the evaluated message
(i.e. the return value) to the agent (Fig. 1b). These possibilities, which we Direct Subjective
Communication (DSCC, Section 2.1) and Indirect Subjective Communication (ISCC, Section 2.2),
respectively, correspond to two common approaches to βsmartβ computation, namely, edge vs
cloud computing.
Furthermore, we give the definition of stateless bisimilarity over processes, and prove that it
is compositional for both direct and indirect semantics.
Synopsis. In Section 2 we introduce syntax and the two semantics of SCC. An extended example
is presented in Section 3. Stateless bisimilarity for SCC is introduced and studied in Section 4.
Some conclusions are drawn in Section 5.
2. A calculus for Subjective Communication
In this section we introduce the syntax and two operational semantics for SCC
We define a (collective) system πΆ as a collection of parallel components of the form Ξ : π ,
where π is a process and Ξ : π β π± is an environment i.e. a map from a set π of attribute
identifiers to values π±, representing the current internal state of the component. The special
β₯ represents undefined. Processes are the building blocks of components: they define the
behaviour of the component itself, whereas the environment defines the memory.
� Agent1 Agent2 Agent3
π£
Eval module Eval module Eval module
ππ.π£ ππ.π£ ππ.π£ ππ.π£
Shared communicatium medium
(a) The DSCC semantics.
Agent1 Agent2 Agent3
π£
ππ.π£
Evaluation entity
ππ.π£
Shared communicatium medium
(b) The ISCC semantics.
Figure 1: The DSCC and ISCC semantics. The dashed arrows represents the flow of information when
Agent1 sends a message, and only Agent2 is interested.
We assume a set of expressions π β β° and a set of predicates π β Ξ¦ over a fixed set of term
variables π³ . The evaluation of an expression π w.r.t. store Ξ is denoted as JπKΞ , which yields
a value π£ (possibly β₯). We do not enforce an expression syntax to remain more general. The
evaluation is defined as usual, with the requirement that it is defined only on ground expressions,
i.e. expressions with no free variable; thus: if fv(π) ΜΈ= β
then JπKΞ = β₯. This means, for instance,
that in an arithmetic context J0 Γ π₯KΞ = β₯, instead of 0 as one may expect. The evaluation is
extended to logical predicates as usual.
The complete syntax of SC is defined in terms of processes and components:
β β β β β β β
π« π, π ::= 0 β π |π β π + π β π?π : π β β¨π β©π β (π₯)π β πΎ(π β ) β [π := π]π
β β
π πΆ ::= Ξ : π β πΆβπΆ β ππ₯πΆ
The behaviour of a single component is defined by a process which can:
0 do nothing;
π |π interleave the execution of two processes;
π + π non-deterministically choose a continuation;
π?π : π evaluate π, and if it is a boolean value it chooses π or π, accordingly;
β¨π β©π broadcast a function from components to values (π : π β π±). Each receiver process
will get a value depending on itself;
(π₯)π wait for the reception of a value. This construct allows for the substitution, in π , of
the free name π₯ with the value received;
� πΌ-equivalence πΆ β‘ π· if πΆ and π· are πΌ-equivalent
Commutativity of | π |π β‘ π|π
Associativity of | π |(π|π
) β‘ (π |π)|π
Dead process 0|π β‘ π
Commutativity of β πΆβπ· β‘ π·βπΆ
Associativity of β πΆβ(π·βπΈ) β‘ (πΆβπ·)βπΈ
Commutativity of + πΆ + π· β‘ π· + πΆ
Associativity of + πΆ + (π· + πΈ) β‘ (πΆ + π·) + πΈ
Idempotency of + πΆ + πΆ β‘ πΆ
Scope extrusion of π (ππ₯πΆ)βπ· β‘ ππ₯(πΆβπ·) if π₯ β
/ fn(π·)
Reordering of π ππ₯ππ¦πΆ β‘ ππ¦ππ₯πΆ
Figure 2: Axioms of structural congruence.
πΎ(π
β ) call a process named πΎ, instantiating the parameters with the list βπ. This construct
enables looping of processes (using recursion);
[π := π]π update its local memory, by updating the cell identified by the label π with the value of
π (if not β₯).
Components can be assembled into systems:
Ξ : π is a single component, with a process π running on a store Ξ.
πΆβπΆ is a parallel of multiple components;
ππ₯πΆ is a system with a fresh, local name, a la π-calculus.
Processes and systems are taken up-to a congruence expressing the fact that they can be
denoted in different but equivalent ways. This is useful both to simplify the writing of some
semantic rules (e.g. the rules for π + π and πΆβπ·) and to simplify the modelling of systems.
The axioms are mostly standard (see Fig. 2). The congruence axioms for the commutativity
and associativity of |, β and +, for the the idempotency of + and for the reordering of π are
the usual. The rule for the scope extrusion is like in π-calculus. The rule for the elimination of
a dead process simplifies our terms. In particular, it states that 0 can be removed if it runs in
parallel with another process.
Notice that we do not have an axiom in the form Ξ : 0βπΆ β‘ πΆ because we do not allow a
component to βdisappearβ from the system, even if its process is done: a component usually
represents a physical object, which is not destroyed if the software component in it terminates.
Some common operations can be introduced as syntactic shorthands:
awareness is a blocking test, i.e. the process stops until the predicate becomes true. This is
equivalent to a busy-waiting in a classical programming language:
π?π β πΎ(π₯
β ) where πΎ(π₯
β ) β π?π : πΎ and βπ₯ = fv(π )
� πΌ πΌ
βπ· Ξβ² : π β²
Ξ:π β βπ· Ξβ² : π β²
Ξ:π β
Int πΌ Choice πΌ
βπ· Ξβ² : π β² |π
Ξ : π |π β βπ· Ξβ² : π β²
Ξ:π + π β
πΌ πΌ
βπ· Ξβ² : π β²
JπKΞ = tt Ξ : π β βπ· Ξβ² : πβ²
JπKΞ = ff Ξ : π β
ExtTrue πΌ ExtFalse πΌ
βπ· Ξβ² : π β²
Ξ : (π?π : π) β βπ· Ξβ² : πβ²
Ξ : (π?π : π) β
JπKΞ = β₯ ?π
SkipExt SkipZero Ξ : 0 β
ββπ· Ξ : 0
?π
Ξ : (π?π : π) β
ββπ· Ξ : (π?π : π)
!π ?π
Output Ξ : β¨π β©π ββπ· Ξ : π SkipOutput Ξ : β¨π β©π β
ββπ· Ξ : β¨π β©π
π (Ξ : (π₯)π ) = π£ ΜΈ= β₯ π (Ξ : (π₯)π ) = β₯
Input SkipInput
?π ?π
Ξ : (π₯)π β
ββπ· Ξ : π [π£/π₯] Ξ : (π₯)π β
ββπ· Ξ : (π₯)π
πΌ
βπ· Ξβ² : π β²
JπKΞ = π£ ΜΈ= β₯ Ξ[π β¦β π£] : π β JπKΞ = β₯
Update πΌ SkipUpdate
?π
βπ· Ξβ² : π β²
Ξ : [π := π]π β Ξ : [π := π]π β
ββπ· Ξ : [π := π]π
!π ?π πΌ
πΆ ββπ· πΆ β² π·β
ββπ· π· β² Ξ : π [π β] β
β /π₯ βπ· πΆ
Comm Call πΌ πΎ(π₯
β) β π
!π
πΆβπ· ββπ· πΆ β² βπ·β² β) β
Ξ : πΎ(π βπ· πΆ
πΌ πΌ
βπ· πΆ β²
πΆβ πΆ β‘ πΆβ² πΆβ² β
βπ· π·β² π·β² β‘ π·
Res Cong πΌ
[π₯]πΌ πΆβ
βπ· π·
ππ₯πΆ ββββπ· ππ₯πΆ β²
Figure 3: Operational semantics of DSCC.
fork duplicates a process which continues as different threads:
!π β πΎ(π₯ β ) β π |πΎ(π₯
β ) where πΎ(π₯ β ) and βπ₯ = fv(π )
case allows for choosing among multiple continuations via pattern-matching (this is useful
when we need to perform different actions based on the value of a received message):
case π₯ of ππ₯ππ1 β π1 ; ππ₯ππ2 β π2 ; . . . ; ππ₯πππ β ππ ; default β π end
β (π₯ = ππ₯ππ1 )?π1 : ((π₯ = ππ₯ππ2 )?π2 : (. . . (π₯ = ππ₯πππ )?ππ : π) . . . )
2.1. Semantics for Direct Subjective Communication
πΌ
The operational (system) semantics of DSCC is given by a labelled transition relation πΆ ββπ· πΆ β² ,
whose labels are πΌ β {?π, !π | π : π β π±}. ?π is used for inputs, !π is used for outputs. The
rules for this semantics are in Fig. 3.
Rules prefixed with Skip are needed to have a proper broadcast communication: a component
is always able to perform an input action, possibly ignoring the message and remaining itself.
Without these rules, our systems would stop communicating if a component does not want to
input something or if two components try simultaneously to perform an output. In other words,
at each step a system can only perform a single communication; if two components need to
send two messages, these cannot occur in parallel but will be interleaved.
Rule Int is the standard rule for handling interleaving of the actions of two processes. Rule
Choice represents the nondeterministic choice between the subprocesses π and π, i.e. that
π + π can choose to continue as any of π or π.
� Rules ExtTrue and ExtFalse evaluate a predicate π in Ξ; if this returns tt the process
π?π : π proceeds as π , if it is ff it proceeds as π, otherwise it does not change.
Rule SkipExt enables a component to perform an input (discarding the value) even if the
evaluation of a predicate π under the environment Ξ is not possible (e.g. in the case π is not
ground). Rule SkipZero represents the trivial fact that an inactive (dead) component can always
receive something in a broadcast.
Rule Output performs an output action, broadcasting a function π and continuing as π . Rule
SkipOutput enables a component that wants to output something also to receive a function
and remain itself. This is useful if more than a component, in a parallel system, is trying to
perform an output at once; then, these components perform their outputs in turns.
Rules Input and SkipInput evaluate a received function. If the evaluation yields a value
π£ ΜΈ= β₯, the substitution [π£/π₯] is done to the continuation process π . If the evaluation of the
received function yields β₯, the component is forced to discard the input and to remain itself.
Rule Update evaluates the expressions π in Ξ. If the result is a value (ΜΈ= β₯), it applies the
attribute update to the store. Then the component performs an action with an πΌ label if the
component Ξ[π β¦β π£] : π (π under the updated environment) can do so. Rule SkipUpdate, as
usual, forces a component that wants to update the store to discard any arriving inputs.
Rule Comm enables parallel systems to communicate. In particular, it states that if there is a
system πΆ that wants to perform an output in parallel with a system π· that is able to perform
an input (any system is able to do so, given the Skip rules), the two of them are able to continue
in parallel as πΆ β² βπ·β² .
Rule Call expands the definition of a process constant, by instantiating the formal parameters
(in a call-by-name fashion).
Rule Res defines the behaviour of components under name restriction. Since π₯ is bound in
ππ₯πΆ, it can not be visible in the label either. To this end, we use the name binding operation
provided by Nominal Sets [8, 9]. In particular, with the notation [π₯]πΌ we denote the label
obtained by binding π₯ in πΌ: if πΌ =?π then [π₯]πΌ =?π₯.π ; if πΌ =!π then [π₯]πΌ =!π₯.π . Notice that
π₯ is a local name, bound to the label πΌ, so fn([π₯]πΌ) = fn(πΌ) β {π₯}.
Rule Cong, finally, allows our system to be written in different, but equivalent ways, in order
to be in the correct shape for performing the action.
Notice that the semantics does not allow for parallel broadcasts, even if these actually involve
different subsets of the system. Without the Skip rules, a system could get stuck in two cases:
1. if two different components try to broadcast simultaneously;
2. if a component does not want to perform an input, in presence of a broadcast.
In both these cases, we would not have a rule that enables us to join the components with the
parallel operator β, since Comm requires the two parallel components to make, respectively, an
output and an input transition.
Moreover, without the congruence axioms and Cong, we would not be able to use Comm if,
e.g., we have a system πΆβπ· where πΆ wants to input and π· wants to output (we do not have
the symmetric Comm rule).
The following Lemma 1 proves that the semantics behaves well, in the sense that a component
executing a broadcast will always succeed in every system.
�Lemma 1. Given π parallel components, of which one wants to output, the broadcast succeeds
!π
βπ· πΆπβ² then
regardless the particular component ordering. Formally, for any πΆ1 , . . . , πΆπ , if πΆπ β
β² β² β² β²
there exist πΆ1 , . . . , πΆπβ1 , πΆπ+1 , . . . πΆπ such that
!π
βπ· πΆ1β² βπΆ2β² βπΆ3β² β . . . βπΆπβ²
πΆ1 βπΆ2 βπΆ3 β . . . βπΆπ β
Proof. For the congruence axioms of commutativity and associativity of the system parallel β
we have:
πΆ1 βπΆ2 βπΆ3 β . . . βπΆπ β‘ (. . . (πΆπ βπΆ1 )βπΆ2 )βπΆ3 )β . . . βπΆπβ1 )βπΆπ+1 )β . . . βπΆπ )
Now, all of πΆ1 , πΆ2 , πΆ3 , . . . , πΆπβ1 , πΆπ+1 , . . . , πΆπ may perform an input, using either Input or
a Skip rule. Then, πΆπ and πΆ1 may proceed using Comm. Since the conclusion exhibits an output
label, we can again use Comm alongside πΆ2 and we can iterate the process until we reach πΆπ
(with a total of π β 1 application of Comm).
2.2. Semantics for Indirect Subjective Communication
πΌ
The operational (system) semantics of ISCC is given by a labelled transition relation πΆ β βπΌ πΆ β² ,
different from the DSCC one. In particular, the associated labels are πΌ β π± βͺ {!π | π : π β π±}.
As for DSCC these labels denotes different actions: ?π£ is used for inputs, !π is used for outputs.
Notice that, contrary to the DSCC specification, here the communication is somewhat medi-
ated, hence the name Indirect Subjective Communication. This means that a component is no
longer required to get and execute a function (fundamentally a piece of code) to obtain a value;
instead, the broadcasted function is collected by an external mediating entity that evaluates
them on the behalf of the SC recipients. We do not discuss here how such an entity should
work: we just need to know that it must have access to the stores of all agents.
An interesting thing to notice is that in this setting the agent does not need to be trusted,
since it will receive only the values that it is meant to receive. This prevents e.g. sniffing of
messages or unwanted behaviours by byzantine components. Suppose there is a DSCC agent
that βlooks intoβ the received function prior to evaluation: such an agent may be able to gather
information that must be kept secret. With the ISCC semantics this is no longer possible, since
the component will be given only the relevant result.
The rules for ISCC are in Fig. 4, and may look similar to the ones for DSCC, but of course the
transition relation is different. They have, however, the same role in the two semantics, so that
we can omit explaining them again here.
Rule Input, in ISCC, performs the substitution [π£/π₯] to the continuation process π , if the
component is given a value π£ that is not β₯. Rule SkipInput is similar: a component, when it is
given β₯, discards the input and remains itself.
Rule Comm, like in DSCC, enables parallel systems to communicate. Here, however, is this
rule that evaluates the output function π to yield a value π£. In particular, the rule states that if
there is a system πΆ that wants to perform an output in parallel with a system π· that is able to
perform an input, the two of them are able to continue in parallel as πΆ β² βπ·β² , provided that to π·
is given the value returned by the application of the output function to π· itself.
� πΌ πΌ
βπΌ Ξβ² : π β²
Ξ:π β βπΌ Ξβ² : π β²
Ξ:π β
Int πΌ Choice πΌ
βπΌ Ξβ² : π β² |π
Ξ : π |π β βπΌ Ξβ² : π β²
Ξ:π + π β
πΌ πΌ
βπΌ Ξβ² : π β²
JπKΞ = tt Ξ : π β βπΌ Ξβ² : πβ²
JπKΞ = ff Ξ : π β
ExtTrue πΌ ExtFalse πΌ
βπΌ Ξβ² : π β²
Ξ : (π?π : π) β βπΌ Ξβ² : πβ²
Ξ : (π?π : π) β
JπKΞ = β₯ ?π£
SkipExt SkipZero Ξ : 0 β
ββπΌ Ξ : 0
?π£
Ξ : (π?π : π) β
ββπΌ Ξ : (π?π : π)
!π ?π£
Output Ξ : β¨π β©π ββπΌ Ξ : π SkipOutput Ξ : β¨π β©π β
ββπΌ Ξ : β¨π β©π
π£ ΜΈ= β₯ π£=β₯
Input SkipInput
?π£ ?π£
Ξ : (π₯)π β
ββπΌ Ξ : π [π£/π₯] Ξ : (π₯)π β
ββπΌ Ξ : (π₯)π
πΌ
JπKΞ = π£ ΜΈ= β₯ βπΌ Ξβ² : π β²
Ξ[π β¦β π£] : π β JπKΞ = β₯
Update πΌ SkipUpdate
?π£
Ξ : [π := π]π β
βπΌ Ξβ² : π β² Ξ : [π := π]π β
ββπΌ Ξ : [π := π]π
!π ?π£ πΌ
πΆ ββπΌ πΆ β² π·β
ββπΌ π·β² π (π·) = π£ Ξ : π [π β] β
β /π₯ βπΌ πΆ
Comm Call πΌ πΎ(π₯
β) β π
!π
πΆβπ· ββπΌ πΆ β² βπ·β² β) β
Ξ : πΎ(π βπΌ πΆ
πΌ πΌ
βπΌ πΆ β²
πΆβ πΆ β‘ πΆβ² βπΌ π·β²
πΆβ² β π·β² β‘ π·
Res Cong πΌ
[π₯]πΌ πΆβ
βπΌ π·
ππ₯πΆ ββββπΌ ππ₯πΆ β²
Figure 4: Operational semantics of ISCC.
m m m m m
m m m m m
m m m m m
Figure 5: A smart vineyard. Each dot represents a vine (with the associated watering valve), each m
represents a moisture sensor. The circles are the reach of each sensor
3. Example: a Vineyard Irrigation System
Let us consider a scenario where a winegrower wants to optimize the irrigation of some
vineyards. Their main goals are: 1) to irrigate each vine with the correct amount of water; 2) to
know if the soil βbehaves wellβ, i.e. if it neither causes water stagnation nor it dries too quickly;
3) to know, at every time, each watering valve status (i.e. if it is opened or closed).
Each yard is divided into zones; each zone has a moisture sensor and a certain number of
vines, each with its watering valve (see Fig. 5). Additionally, each sensor and actuator knows its
position (a Cartesian coordinate, e.g., (πππ€, ππππ’ππ)), fixed at deployment. The coordinates
are not unique among different yards. The winegrower has a console terminal that collects the
watering data and reports them in some graphical way (e.g. it shows a heat-map).
� A traditional, centralised way to implement a management system for this scenario is to use
a central server (possibly in the cloud) that gathers all the relevant data and remotely open and
closes the valves according to some policies, in order to maintain the desired moisture level. On
the other hand, there is the possibility of using a distributed, edge-computing paradigm, where
the computation is moved near the source of the data. This should reduce latency and increase
reliability, at the cost of increasing the computational resources required on the nodes.
With our paradigm we can implement both: DSCC is well-suited for a truly distributed
system, where reliability is the main goal; ISCC is better suited when security is essential. When
modelling the system we can abstract from the particular implementation: switching between
the two semantics can be easily done at any point of the design.
We can model the scenario as a SC system as follows:
πΆπ¦πππ (ππππ) = πΆπ£πππ£π (ππππ, π₯π£1 , π¦π£1 )β . . . βπΆπ£πππ£π (ππππ, π₯π£π , π¦π£π )β
πΆππππ π‘ (ππππ, π₯β1 , π¦β1 )β . . . βπΆππππ π‘ (ππππ, π₯βπ , π¦βπ )
πΆπ¦ππππ = ππ1 πΆπ¦πππ (π1 )β . . . βπππ πΆπ¦πππ (ππ )βπΆππππ πππ
The construct ππ(πΆ1 βπΆ2 ) creates a secret π (i.e., a nonce), that πΆ1 and πΆ2 can use to commu-
nicate without interfering with other components; this allows to logically separate messages
that involve only some components, yielding a cleaner βcommunication environmentβ.
The moisture sensor acts as a local controller for the zone, communicating a message which
commands the nearby watering valves, and notifying the moisture level to the console:
πΆππππ π‘ (π, π₯, π¦) = Ξππππ π‘ :!β¨πππππ π‘ β©0
Ξππππ π‘ = {π‘π¦ππ β¦β moisture, π¦πππ β¦β π, π₯ β¦β π₯, π¦ β¦β π¦,
ππππβ β¦β 2, β β¦β NaN, βπππ β¦β 0.4, βπππ₯ β¦β 0.5}
where β bound to the output of a physical moisture sensor and πππππ π‘ is defined as follows:
β§
βͺ
βͺ open if π‘βππ .β < π‘βππ .βπππ β§
βͺ π‘π¦ππ = valve β§ π¦πππ = π‘βππ .π¦πππ β§
π(π‘π¦ππ, π¦πππ, π₯, π¦).
βͺ
βͺ
βͺ βοΈ
(π‘βππ .π₯ β π₯) + (π‘βππ .π¦ β π¦)2 < π‘βππ .ππππβ
2
βͺ
βͺ
βͺ
βͺ
βͺ
π‘βππ .β > π‘βππ .βπππ₯ β§
βͺ
β¨close
βͺ if
πππππ π‘ = π‘π¦ππ = valve β§ π¦πππ = π‘βππ .π¦πππ β§
βͺ βοΈ
βͺ
βͺ
βͺ
βͺ (π‘βππ .π₯ β π₯)2 + (π‘βππ .π¦ β π¦)2 < π‘βππ .ππππβ
βͺ (οΈ )οΈ
βͺ moist,π‘βππ .π¦πππ,
if π‘π¦ππ = console
βͺ
βͺ
βͺ
βͺ
βͺ π‘βππ .π₯,π‘βππ .π¦,π‘βππ .β
βͺ
β₯
β©
otherwise
Here we see that the same message (πππππ π‘ ) can be interpreted in different ways:
1. a valve (π‘π¦ππ = valve) close to the sensor will evaluate it as a command to open or close;
2. the console (π‘π¦ππ = console) be evaluated as a tuple that contains all the information
needed to insert in a log file the current moisture value read by the particular sensor;
3. anyone else will evaluate it as β₯, meaning that no value is passed to the process.
� To complete our system we need to define the components for the irrigation valves and the
console. The valve acts on the water dripper according to the command received from the local
controller. It also updates the console with the current status of the valve (to e.g. raise an alert
if a valve is stuck open).
The valve component is programmed as follows:
πΆπ£πππ£π (π, π₯, π¦) = Ξπ£πππ£π :!(ππ£πππ£π |ππ πππππ‘ππ‘π’π )
Ξπ£πππ£π = {π‘π¦ππ β¦β valve, π¦πππ β¦β π, π₯ β¦β π₯, π¦ β¦β π¦, π€ππ‘ππ β¦β ff}
ππ£πππ£π = (ππ π)case ππ π of
open β [π€ππ‘ππ := tt]0;
close β [π€ππ‘ππ := ff]0;
end
ππ πππππ‘ππ‘π’π = β¨ππ πππππ‘ππ‘π’π β©0
β§(οΈ )οΈ
valve,π‘βππ .π¦πππ,
β¨
π‘βππ .π₯,π‘βππ .π¦,π‘βππ .π€ππ‘ππ if π‘π¦ππ = console
ππ πππππ‘ππ‘π’π = π(π‘π¦ππ).
β©β₯ otherwise
The console simply logs in a database the values obtained from the moisture sensors and the
watering valves. This component is defined as:
πΆππππ πππ = Ξππππ πππ :!πππππ πππ
Ξππππ πππ = {π‘π¦ππ β¦β console}
πππππ πππ = (ππ π)case ππ π of
(moist, π¦πππ, π₯, π¦, β) β πΎππππ πππ π‘π’ππ (π¦πππ, π₯, π¦, β);
(valve, π¦πππ, π₯, π¦, π ) β πΎππππ πππ£πππ‘ππ‘π’π (π¦πππ, π₯, π¦, π );
end
where πΎππππ πππ π‘π’ππ saves the moisture reading in a database and πΎππππ πππ£πππ‘ππ‘π’π does the same
with the valve status.
4. Stateless Bisimulation
As for similar foundational calculi, SCC is intended to be also a basis for the investigation of
theoretical aspects of the Subjective Communication model. As an example along this line, in
this section we introduce a behavioural equivalence for processes.
In SCC, components carry (local) data (the environments or stores), which may be updated
by processes. We can easily define a notion of strong bisimilarity on components and systems
by applying directly the original notion of strong bisimilarity, treating attributes in the envi-
ronments on a par with processes. More precisely, a strong bisimulation for DSCC (similary for
ISCC) is a relation π
β π Γ π, such that for all (πΆ1 , πΆ2 ) β π
:
πΌ πΌ
βπ· πΆ1β² there exists πΆ2β² such that πΆ2 β
β’ for all πΌ such that πΆ1 β βπ· πΆ2β² and (πΆ1β² , πΆ2β² ) β π
;
πΌ πΌ
βπ· πΆ2β² there exists πΆ1β² such that πΆ1 β
β’ for all πΌ such that πΆ2 β βπ· πΆ1β² and (πΆ1β² , πΆ2β² ) β π
.
�Two systems are strongly bisimilar if there exists a strong bisimulation relating them.
However, this notion of bisimilarity is not very satisfactory, because systems can be strongly
bisimilar even if their environments are not the same; e.g., Ξ1 : 0 and Ξ2 : 0 are strongly
bisimilar for any Ξ1 , Ξ2 . In fact, in most applications we need to observe and compare (local)
environments in a finer way; e.g., a closed valve is not equivalent to an open one. Therefore, in
this paper, we restrict ourselves to comparing processes with respect to the same environments,
in order to ensure that, when starting from the same state, they yield the same state.
Our behavioural equivalence is an adaptation of the stateless bisimulation given in [10]. Two
process terms are stateless bisimilar if, for all identical data states, they can mimic transitions
of each other and the resulting process terms are again stateless bisimilar, i.e. it compares
components for all identical environments and allows all sort of changes after the transition.
πΌ πΌ πΌ
More formally, let ββ be any of β βπ· , β
βπΌ :
Definition 1 (Stateless Bisimilarity). A symmetric relation π
π π β π« π Γ π« π is a stateless
β ,π
bisimulation if for all (π β ) β π
π π :
1. for all Ξ1 , . . . , Ξπ and π1β² , . . . , ππβ² such that
πΌ
β Ξβ²1 : π1β² β . . . βΞβ²π : ππβ²
Ξ1 : π1 β . . . βΞπ : ππ β
there exist πβ²1 , . . . , πβ²π such that (πβ β² , π
β β² ) β π
and
π π
πΌ
β Ξβ²1 : πβ²1 β . . . βΞβ²π : πβ²π
Ξ1 : π1 β . . . βΞπ : ππ β
2. for all Ξ1 , . . . , Ξπ and πβ²1 , . . . , πβ²π such that
πΌ
β Ξβ²1 : πβ²1 β . . . βΞβ²π : πβ²π
Ξ1 : π1 β . . . βΞπ : ππ β
there exist π1β² , . . . , ππβ² such that (πβ β² , π
β β² ) β π
and
π π
πΌ
β Ξβ²1 : π1β² β . . . βΞβ²π : ππβ²
Ξ1 : π1 β . . . βΞπ : ππ β
Two processes π and π are stateless bisimilar, written π βΌπ π π, if there exists a stateless
bisimulation π
π π such that (π, π) β π
π π .
Compositionality of stateless bisimilarity makes it particularly useful when, in a parallel
system, we want to replace a component: if the new βpartβ is stateless bisimilar to the old one,
the component (and the whole system) is guaranteed to behave the same.
Proposition 1. Stateless bisimilarity is a congruence for both DSCC and ISCC.
Proof. Follows from [10, Th. 14] and the fact that DSCC and ISCC are in process-tyft format [10].
Rule Cong is not strictly in process-tyft format, but we can omit it from the system by taking
process up-to congruence, as two congruent components exhibit the same transitions.
�5. Conclusion
In this paper we have introduced the Subjective Communication Calculus SCC, a formal model
for Collective Adaptive Systems with subjective communication. In this paradigm, messages are
(partial) functions from components to values; each component may obtain a different value (or
nothing at all) from the very same message, according to its specific state and perspective.
We have presented two operational semantics for SCC. On one hand, we have introduced
Direct Subjective Communication (DSCC), where each agent receives the message function and
evaluates it; this semantics is akin to βedge computingβ, where the burden of computation is
moved towards the node of the CAS. On the other hand, in Indirect Subjective Communication
(ISCC) the broadcasted function is evaluated by some mediating middleware; this semantics can
be seen as the counterpart of usual cloud-based computing, where messages are collected and
elaborated by some central node (possibly in the cloud). For both these semantics we have given
the definition of stateless bisimilarity, and proved that it is a congruence. In order to showcase
the expressive power of the paradigm, we have provided an example inspired to real-world
application scenario, i.e., a smart irrigation system for a vineyard.
Future work. We plan to give a categorical bialgebraic semantics for SCC [11], from which
we expect to derive a canonical compositional LTS and behavioural equivalence, which we plan
to compare with that examined in Section 4. Since the components contain states and local
names and variables, we plan to follow the approach adopted for the Fusion calculus in [12, 13].
It is interesting also to investigate behavioural equivalences where some steps are unobservable
from the point of view of some participant; to this end we plan to adopt and extend the approach
presented in [14]. Afterwards, we plan to consider also quantitative aspects (e.g. execution
times, energy consumptions); to this end, the results of [15, 16] could be useful.
There are other interesting types of bisimilarities for semantics with data: in particular
we recall the notions of initially stateless bisimilarity and statebased bisimilarity. We cannot,
however, apply the general results from [10] as we have done for stateless bisimilarity since
our transition system specifications are not in sfisl format (for initially stateless bisimilarity) or
sbsf format (for statebased bisimilarity). It is still an open question whether initially stateless or
statebased bisimilarities are congruences for our specifications.
Finally, it is interesting to develop a prototypal implementation of SCC, in order to evaluate
the practical differences of the two semantics. To this end, we will leverage the experience from
the implementation of SCEL, AbC and the AbU calculus [3, 4, 6]. An alternative approach is to
encode SCC as a bigraphic reactive system, in order to reuse existing toolkits [17].
Acknowledgments
This work has been supported by the Italian MIUR project PRIN 2017FTXR7S IT MATTERS
(Methods and Tools for Trustworthy Smart Systems).
�References
[1] V. Andrikopoulos, A. Bucchiarone, S. GΓ³mez SΓ‘ez, D. Karastoyanova, C. A. Mezzina, To-
wards modeling and execution of collective adaptive systems, in: International Conference
on Service-Oriented Computing, Springer, 2013, pp. 69β81.
[2] Miller, J. H, S. E. Page, Complex adaptive systems: An introduction to computational
models of social life, Princeton university press, 2009.
[3] Y. A. Alrahman, R. De Nicola, M. Loreti, On the power of attribute-based communication,
in: International Conference on Formal Techniques for Distributed Objects, Components,
and Systems, Springer, 2016, pp. 1β18.
[4] R. De Nicola, M. Loreti, R. Pugliese, F. Tiezzi, A formal approach to autonomic systems
programming: the SCEL language, ACM Transactions on Autonomous and Adaptive
Systems (TAAS) 9 (2014) 1β29.
[5] K. V. Prasad, A calculus of broadcasting systems, Science of Computer Programming 25
(1995) 285β327.
[6] M. Miculan, M. Pasqua, A calculus for attribute-based memory updates, in: A. Cerone, P. C.
Γlveczky (Eds.), Theoretical Aspects of Computing β ICTAC 2021, Springer International
Publishing, Cham, 2021, pp. 366β385.
[7] M. Miculan, M. Pasqua, Distributed programming of smart systems with event-condition-
action rules (short paper), in: U. Dal Lago, D. Gorla (Eds.), 23rd Italian Conference on
Theoretical Computer Science (ICTCS), Proceedings, CEUR Workshop Proceedings, 2022.
[8] A. M. Pitts, Nominal logic, a first order theory of names and binding, Information and
computation 186 (2003) 165β193.
[9] M. J. Gabbay, The π-calculus in FM, in: Thirty Five Years of Automating Mathematics,
Springer, 2003, pp. 247β269.
[10] M. R. Mousavi, M. A. Reniers, J. F. Groote, Notions of bisimulation and congruence formats
for sos with data, Information and Computation 200 (2005) 107β147.
[11] B. Klin, Bialgebras for structural operational semantics: An introduction, Theoretical
Computer Science 412 (2011) 5043β5069.
[12] M. Miculan, A categorical model of the Fusion calculus, Electr. Notes Theor. Comput. Sci.
218 (2008) 275β293.
[13] M. Miculan, K. Yemane, A unifying model of variables and names, in: V. Sassone (Ed.),
Foundations of Software Science and Computational Structures, 8th International Con-
ference, FOSSACS 2005, Proceedings, volume 3441 of Lecture Notes in Computer Science,
Springer, 2005, pp. 170β186.
[14] T. Brengos, M. Miculan, M. Peressotti, Behavioural equivalences for coalgebras with
unobservable moves, J. Log. Algebraic Methods Program. 84 (2015) 826β852.
[15] M. Miculan, M. Peressotti, GSOS for non-deterministic processes with quantitative aspects,
in: N. Bertrand, L. Bortolussi (Eds.), Proc. QAPL 2014, volume 154 of EPTCS, 2014, pp.
17β33.
[16] M. Miculan, M. Peressotti, Structural operational semantics for non-deterministic processes
with quantitative aspects, Theor. Comput. Sci. 655 (2016) 135β154.
[17] G. Bacci, D. Grohmann, M. Miculan, Dbtk: A toolkit for directed bigraphs, in: Proc. CALCO,
volume 5728 of Lecture Notes in Computer Science, Springer, 2009, pp. 413β422.
�