A Sorted Semantic Framework for Applied Process Calculi

Applied process calculi include advanced programming constructs such as type systems, communication with pattern matching, encryption primitives, concurrent constraints, nondeterminism, process creation, and dynamic connection topologies. Several such formalisms, e.g. the applied pi calculus, are extensions of the the pi-calculus; a growing number is geared towards particular applications or computational paradigms. Our goal is a unified framework to represent different process calculi and notions of computation. To this end, we extend our previous work on psi-calculi with novel abstract patterns and pattern matching, and add sorts to the data term language, giving sufficient criteria for subject reduction to hold. Our framework can directly represent several existing process calculi; the resulting transition systems are isomorphic to the originals up to strong bisimulation. We also demonstrate different notions of computation on data terms, including cryptographic primitives and a lambda-calculus with erratic choice. Finally, we prove standard congruence and structural properties of bisimulation; the proof has been machine-checked using Nominal Isabelle in the case of a single name sort.


Introduction
There is today a growing number of high-level constructs in the area of concurrency. Examples include type systems, communication with pattern matching, encryption primitives, concurrent constraints, nondeterminism, and dynamic connection topologies. Combinations of such constructs are included in a variety of application oriented process calculi. For each such calculus its internal consistency, in terms of congruence results and algebraic laws, must be established independently. Our aim is a framework where many such calculi fit and where such results are derived once and for all, eliminating the need for individual proofs about each calculus.
Our effort in this direction is the framework of psi-calculi [BJPV11], which provides machine-checked proofs that important meta-theoretical properties, such as compositionality of bisimulation, hold in all instances of the framework. We claim that the theoretical development is more robust than that of other calculi of comparable complexity, since we use a structural operational semantics given by a single inductive definition, and since we have checked most results in the interactive theorem prover Nominal Isabelle [Urb08].
In this paper we introduce a novel generalization of pattern matching, decoupled from the definition of substitution, and add sorts for data terms and names. The generalized pattern matching is a new contribution that holds general interest; here it allows us to directly capture computation on data in advanced process calculi, without elaborate encodings.
We evaluate our framework by providing instances that correspond to standard calculi, and instances that use several different notions of computation. We define strong criteria for a psi-calculus to represent another process calculus, meaning that they are for all practical purposes one and the same. Representation is stronger than the standard encoding correspondences e.g. by Gorla [Gor10], which define criteria for one language to encode the behaviour of another. The representations that we provide of other standard calculi advance our previous work, where we had to resort to nontrivial encodings with an unclear formal correspondence to the source calculus.
An extended abstract [BGP + 14] of the present paper has previously been published.
1.1. Background: Psi-calculi. In the following we assume the reader to be acquainted with the basic ideas of process algebras based on the pi-calculus, and explain psi-calculi by a few simple examples. Full definitions can be found in the references above, and for a reader not acquainted with our work we recommend the first few sections of [BJPV11] for an introduction. A psi-calculus has a notion of data terms, ranged over by K, L, M, N , and we write M N . P to represent an agent sending the term N along the channel M (which is also a data term), continuing as the agent P . We write K(λ x)X . Q to represent an agent that can input along the channel K, receiving some object matching the pattern X, where x are the variables bound by the prefix. These two agents can interact under two conditions. First, the two channels must be channel equivalent, as defined by the channel equivalence predicate M . ↔ K. Second, N must match the pattern X. Formally, a transition is of kind Ψ ✄ P α −→ P ′ , meaning that in an environment represented by the assertion Ψ the agent P can do an action α to become P ′ . An assertion embodies a collection of facts used to infer conditions such as the channel equivalence predicate ↔ K, i.e. when the assertion Ψ entails that M and K represent the same channel. In this way we may introduce a parametrised equational theory over a data structure for channels. Conditions, ranged over by ϕ, can be tested in the if construct: we have that Ψ ✄ if ϕ then P α −→ P ′ when Ψ ⊢ ϕ and Ψ ✄ P α −→ P ′ . In order to represent concurrent constraints and local knowledge, assertions can be used as agents: Ψ stands for an agent that asserts Ψ to its environment. Assertions may contain names and these can be scoped; for example, in P | (νa)( Ψ | Q) the agent Q uses all entailments provided by Ψ , while P only uses those that do not contain the name a.
Assertions and conditions can, in general, form any logical theory. Also the data terms can be drawn from an arbitrary set. One of our major contributions has been to pinpoint the precise requirements on the data terms and logic for a calculus to be useful in the sense that the natural formulation of bisimulation satisfies the expected algebraic laws (see Section 2). It turns out that it is necessary to view the terms and logics as nominal [Pit03]. This means that there is a distinguished set of names, and for each term a well defined notion of support, intuitively corresponding to the names occurring in the term. Functions and relations must be equivariant, meaning that they treat all names equally. In addition, we impose straight-forward requirements on the combination of assertions, on channel equivalence, and on substitution. Our requirements are quite general, and therefore our framework accommodates a wide variety of applied process calculi.
1.2. Extension: Generalized pattern matching. In our original definition of psi-calculi ( [BJPV11], called "the original psi-calculi" below), patterns are just terms and pattern matching is defined by substitution in the usual way: the output object N matches the pattern X with binders x iff N = X[ x := L]. In order to increase the generality we now introduce a function match which takes a term N , a sequence of names x and a pattern X, returning a set of sequences of terms; the intuition is that if L is in match(N, x, X) then the term N matches the pattern X by instantiating x to L. The receiving agent K(λ x)X . Q then continues as Q[ x := L].
As an example we consider a term algebra with two function symbols: enc of arity three and dec of arity two. Here enc(N, n, k) means encrypting N with the key k and a random nonce n and and dec(N, k) represents symmetric key decryption, discarding the nonce. Suppose an agent sends an encryption, as in M enc(N, n, k) . P . If we allow all terms to act as patterns, a receiving agent can use enc(x, y, z) as a pattern, as in c(λx, y, z)enc(x, y, z) . Q, and in this way decompose the encryption and extract the message and key. Using the encryption function as a destructor in this way is clearly not the intention of a cryptographic model. With the new general form of pattern matching, we can simply limit the patterns to not bind names in terms at key position. Together with the separation between patterns and terms, this allows to directly represent dialects of the spi-calculus as in Sections 5.2 and 5.3.
Moreover, the generalization makes it possible to safely use rewrite rules such as dec(enc(M, N, K), K) → M . In the psi-calculi framework such evaluation is not a primitive concept, but it can be part of the substitution function, with the idea that with each substitution all data terms are normalized according to rewrite rules. Such evaluating substitutions are dangerous for two reasons. First, in the original psi-calculi they can introduce ill-formed input prefixes. The input prefix M (λ x)N is well-formed when x ⊆ n(N ), i.e. the names x must all occur in N ; a rewrite of the well-formed M (λy)dec(enc(N, y, k), k) . P to M (λy)N . P yields an ill-formed agent when y does not appear in N . Such ill-formed agents could also arise from input transitions in some original psi-calculi; with the current generalization preservation of well-formedness is guaranteed.
Second, in the original psi-calculi there is a requirement that substituting L for x in M must yield a term containing all names in L whenever x ⊆ n(M ). The reason is explained at length in [BJPV11]; briefly put, without this requirement the scope extension law is unsound. If rewrites such as dec(enc(M, N, K), K) → M are performed by substitutions this requirement is not fulfilled, since a substitution may then erase the names in N and K.
Sort systems for mobile processes. Sorts for the pi-calculus were first described by Milner [Mil93], and were developed in order to remove nonsensical processes using polyadic communication, similar to the motivation for the present work.
In contrast, Hüttel's dependently typed psi-calculi [Hüt11,Hüt14] is intended for a more fine-grained control of the behaviour of processes, and is capable of capturing a wide range of earlier type systems for pi-like calculi formulated as instances of psi-calculi. In Hüttel's typed psi-caluli the term language is a free term algebra (without name binders), using the standard notions of substitution and matching, and not admitting any computation on terms.
In contrast, in our sorted psi-calculi terms and substitution are general. A given term always has a fixed sort, not dependent on any term or value and independent of its context. We also have important meta-theoretical results, with machine-checked proofs for the case of a single name sort, including congruence results and structural equivalence laws for wellsorted bisimulation, and the preservation of well-sortedness under structural equivalence; no such results exist for Hüttel's typed psi-calculi. Indeed, our sorted psi-calculi can be seen as a foundation for Hüttel's typed psi-calculi: we give a formal account of the separation between variables and names used in Hüttel's typed psi-calculi, and substantiate Hüttel's claim that "the set of well-[sorted] terms is closed under well-[sorted] substitutions, which suffices" (Theorem 3.19).
The state-of-the art report [HV13] of WG1 of the BETTY project (EU COST Action IC1201) is a comprehensive guide to behavioural types for process calculi.
Fournet et al. [FGM05] add type-checking for a general authentication logic to a process calculus with destructor matching; there the authentication logic is only used to specify program correctness, and does not influence the operational semantics in any way.
1.5. Results and outline. In Section 2 we define psi-calculi with the above extensions and prove preservation of well-formedness. In Section 3 we prove the usual algebraic properties of bisimilarity. The proof is in two steps: a machine-checked proof for calculi with a single name sort, followed by manual proof based on the translation of a multi-sorted psi calculus instance to a corresponding single-sorted instance. We demonstrate the expressiveness of our generalization in Section 4 where we directly represent standard calculi, and in Section 5 where we give examples of calculi with advanced data structures and computations on them, even nondeterministic reductions.

Definitions
Psi-calculi are based on nominal data types. A nominal data type is similar to a traditional data type, but can also contain binders and identify alpha-variants of terms. Formally, the only requirements are related to the treatment of the atomic symbols called names as explained below. In this paper, we consider sorted nominal datatypes, where names and members of the data type may have different sorts.
We assume a set of sorts S. Given a countable set of sorts for names S N ⊆ S, we assume countably infinite pair-wise disjoint sets of atomic names N s , where s ∈ S N . The set of all names, N = ∪ s N s , is ranged over by a, b, . . . , x, y, z. We write x for a tuple of names x 1 , . . . , x n and similarly for other tuples, and x also stands for the set of names {x 1 , . . . , x n } if used where a set is expected. We let π range over permutations of tuples of names: π · x is a tuple of names of the same length as x, containing the same names with the same multiplicities.
A sorted nominal set [Pit03,GP01] is a set equipped with name swapping functions written (a b), for any sort s and names a, b ∈ N s , i.e. name swappings must respect sorting. An intuition is that for any member T of a nominal set we have that (a b) · T is T with a replaced by b and b replaced by a. The support of a term, written n(T ), is intuitively the set of names that can be be affected by name swappings on T . This definition of support coincides with the usual definition of free names for abstract syntax trees that may contain binders. We write a#T for a ∈ n(T ), and extend this to finite sets and tuples by conjunction. A function f is equivariant if (a b) · (f (T )) = f ((a b) · T ) always holds; a relation R is equivariant if x R y implies that (a b) · x R (a b) · y holds; and a constant symbol C is equivariant if (a b) · C = C. In particular, we require that all sorts s ∈ S are equivariant. A nominal data type is a nominal set together with some equivariant functions on it, for instance a substitution function.
2.1. Original Psi-calculi Parameters. Sorted psi-calculi is an extension of the original psi-calculi framework [BJPV11], which are given by three nominal datatypes (data terms, conditions and assertions) as discussed in the introduction.
Definition 2.1 (Original psi-calculus parameters). The psi-calculus parameters from the original psi-calculus are the following nominal data types: (data) terms M, N ∈ T, conditions ϕ ∈ C, and assertions Ψ ∈ A; equipped with the following four equivariant operators: channel equivalence . ↔ : T × T → C, assertion composition ⊗ : A × A → A, the unit assertion 1 ∈ A, and the entailment relation ⊢ ⊆ A × C.

The binary functions
. ↔ and ⊗ and the relation ⊢ above will be used in infix form. Two assertions are said to be equivalent, written Ψ ≃ Ψ ′ , if they entail the same conditions, i.e. for all ϕ we have that Ψ ⊢ ϕ ⇔ Ψ ′ ⊢ ϕ.
We impose certain requisites on the sets and operators. In brief, channel equivalence must be symmetric and transitive modulo entailment, the assertions with (⊗, 1) must form an abelian monoid modulo ≃, and ⊗ must be compositional w.r.t. ≃ (i.e. Ψ 1 ≃ Ψ 2 =⇒ Ψ ⊗ Ψ 1 ≃ Ψ ⊗ Ψ 2 ). (For details see [BJPV11], and for examples of machine-checked valid instantiations of the parameters see [ÅP10].) In examples in this paper, we usually consider the trivial assertion monoid A = {1}, and let channel equivalence be term equality (i.e. 2.2. New parameters for generalized pattern-matching. To the parameters of the original psi-calculi we add patterns X, Y , that are used in input prefixes; a function vars which yields the possible combinations of binding names in the pattern, and a patternmatching function match, which is used when the input takes place. Intuitively, an input pattern (λ x)X matches a message N if there are L ∈ match(N, x, X); the receiving agent then continues after substituting L for x. If match(N, x, X) = ∅ then (λ x)X does not match N ; if |match(N, x, X)| > 1 then one of the matches will be non-deterministically chosen. Below, we use "variable" for names that can be bound in a pattern.
Definition 2.2 (Psi-calculus parameters for pattern-matching). The psi-calculus parameters for pattern-matching include the nominal data type X of (input) patterns, ranged over by X, Y , and the two equivariant operators match : T × N * × X → P fin (T * ) Pattern matching vars : X → P fin (P fin (N)) Pattern variables The vars operator gives the possible (finite) sets of names in a pattern which are bound by an input prefix. For example, we may want an input prefix with a pairing pattern x, y to be able to bind both x and y, only one of them, or none, and so we define vars( x, y ) = {{x, y}, {x}, {y}, {}}. This way, we can let the input prefix c(λx) x, y only match pairs where the second argument is the name y. To model a calculus where input patterns cannot be selective in this way, we may instead define vars( x, y ) = {{x, y}}. This ensures that input prefixes that use the pattern x, y must be of the form M (λx, y) x, y , where both x and y are bound. Another use for vars is to exclude the binding of terms in certain positions, such as the keys of cryptographic messages (cf. Section 5.3).
Requisites on vars and match are given below in Definition 2.5. Note that the four data types T, C, A and X are not required to be disjoint. In most of the examples in this paper the patterns X is a subset of the terms T.
2.3. New parameters for sorting. To the parameters defined above we add a sorting function and four sort compatibility predicates. Definition 2.3 (Psi-calculus parameters for sorting). The psi-calculus parameters for sorting include the equivariant sorting function sort : N⊎T⊎X → S, and the four compatibility predicates ∝ ⊆ S × S can be used to receive, ∝ ⊆ S × S can be used to send, ⊆ S × S can be substituted by, S ν ⊆ S N can be bound by name restriction.
The sort operator gives the sort of a name, term or pattern; on names we require that sort(a) = s iff a ∈ N s . This is similar to Church-style lambda-calculi, where each well-formed term has a unique type.
The sort compatibility predicates are used to restrict where terms and names of certain sorts may appear in processes. Terms of sort s can be used to send values of sort t if s ∝ t. Dually, a term of sort s can be used to receive with a pattern of sort t if s ∝ t. A name a can be used in a restriction (νa) if sort(a) ∈ S ν . If sort(a) sort(M ) we can substitute the term M for the name a. In most of our examples, is a subset of the equality relation. These predicates can be chosen freely, although the set of well-formed substitutions depends on , as detailed in Definition 2.4 below.
2.4. Substitution and Matching. We require that each datatype is equipped with an equivariant substitution function, which intuitively substitutes terms for names. The requisites on substitution differ from the original psi-calculi as indicated in the Introduction. Substitutions must preserve or refine sorts, and bound pattern variables must not be removed by substitutions.
We define two usage preorders ≤ T and ≤ X on S. Intuitively, s 1 ≤ T s 2 if terms of sort s 1 can be used as a channel or message whenever s 2 can be, and s 1 ≤ X s 2 if patterns of sort s 1 can be used whenever s 2 can be. Formally Intuitively, substitutions must map every term of sort s to a term of some sort s ′ with s ′ ≤ T s and similarly for patterns, or else a sort compatibility predicate may be violated. The usage preorders compare the sorts of terms (resp. patterns), and so do not have any formal relationship to (which relates the sort of a name to the sort of a term). In particular, is not used in the definition of usage preorders.
Definition 2.4 (Requisites on substitution). If a is a sequence of distinct names and N is an equally long sequence of terms such that sort(a i ) sort(N i ) for all i, we say that [ a := N ] is a substitution. Substitutions are ranged over by σ.
For each data type among T, A, C we define an equivariant substitution operation on members T of that data type as follows: we require that T σ is an member of the same data type, and that if ( a b) is a (bijective) name swapping such that b#T, a then T For patterns X ∈ X, we require that substitution is equivariant, that Xσ ∈ X, and that if x ∈ vars(X) and x#σ then sort(Xσ) ≤ X sort(X) and x ∈ vars(Xσ) and alpharenaming of substituted variables (as above) holds for σ and X.
Intuitively, the requirements on substitutions on patterns ensure that a substitution on a pattern with binders ((λ x)X)σ with x ∈ vars(X) and x#σ yields a pattern (λ x)Y with x ∈ vars(Y ). As an example, consider the pair patterns discussed above with X = { x, y : x = y} and vars( x, y ) = {{x, y}}. We can let x, y σ = x, y when x, y#σ. Since vars( x, y ) = {{x, y}} the pattern x, y in a well-formed agent will always occur directly under the binder (λx, y), i.e. as (λx, y) x, y , and here a substitution for x or y will have no effect. It therefore does not matter what e.g. x, y [x := M ] is, since it will never occur in derivations of transitions of well-formed agents. We could think of substitutions as partial functions which are undefined in such cases; formally, since substitutions are total, the result of this substitution can be assigned an arbitrary value.
In the original psi-calculi there is no requirement that substitution preserves names that are used as input variables (i.e., n(N σ) ⊇ n(N ) \ n(σ)). As seen in the introduction, this means that the original psi semantics does not always preserve the well-formedness of agents (an input prefix M (λ x)N . P is well-formed when x ⊆ n(N )) although this is assumed by the operational semantics [BJPV11]. In pattern-matching psi-calculi, substitution on patterns is required to preserve variables, and the operational semantics does preserve well-formedness as shown below in Theorem 2.11.
Matching must be invariant under renaming of pattern variables, and the substitution resulting from a match can only mention names that are from the matched term or the pattern.
Definition 2.5 (Requisites on pattern matching). For the function match we require that if x ∈ vars(X) are distinct and N ∈ match(M, x, X) then it must hold that [ x := N ] is a substitution, that n( N ) ⊆ n(M ) ∪ (n(X) \ x), and that for all name swappings ( x y) with y#X we have N ∈ match(M, y, ( x y) · X) (alpha-renaming of matching).
In many process calculi, and also in the symbolic semantics of psi [JVP12], the input construct binds a single variable. This is a trivial instance of pattern matching where the pattern is a single bound variable, matching any term. When all substitutions on terms preserve names, we can recover the pattern matching of the original psi-calculi. Such psi-calculi also enjoy well-formedness preservation (Theorem 2.11). Proof. Straightforward; this result has been checked in Isabelle.

Agents.
Definition 2.8 (Agents). The agents, ranged over by P, Q, . . ., are of the following forms.
In the Input all names in x bind their occurrences in both X and P , and in the Restriction a binds in P. Substitution on agents is defined inductively on their structure, using the substitution function of each datatype based on syntactic position, avoiding name capture.
The output prefix M N.P sends N on a channel that is equivalent to M . Dually, M (λ x)X.P receives a message matching the pattern X from a channel equivalent to M . A non-deterministic case statement case ϕ 1 : P 1 [] · · · [] ϕ n : P n executes one of the branches P i where the corresponding condition ϕ i holds, discarding the other branches. Restriction (νa)P scopes the name a in P ; the scope of a may be extruded if P communicates a data term containing a. A parallel composition P | Q denotes P and Q running in parallel; they may proceed independently or communicate. A replication !P models an unbounded number of copies of the process P . The assertion Ψ contributes Ψ to its environment. We often write if ϕ then P for case ϕ : P , and nothing or 0 for the empty case statement case.
In comparison to [BJPV11] we additionally restrict the syntax of well-formed agents by imposing requirements on sorts: the subjects and objects of prefixes must have compatible sorts, and restrictions may only bind names of a sort in S ν .
Definition 2.9. An occurrence of an assertion is unguarded if it is not a subterm of an Input or Output. An agent is well-formed if, for all its subterms, (1) in a replication !P there are no unguarded assertions in P ; and (2) in case ϕ 1 : P 1 [] · · · [] ϕ n : P n there is no unguarded assertion in any P i ; and (3) in an Output M N.P we require that sort(M ) ∝ sort(N ); and (4) in an Input M (λ x)X.P we require that (a) x ∈ vars(X) is a tuple of distinct names and (b) sort(M ) ∝ sort(X); and (5) in a Restriction (νa)P we require that sort(a) ∈ S ν . Requirements 3, 4b and 5 are new for sorted psi-calculi.
2.6. Frames and transitions. Each agent affects other agents that are in parallel with it via its frame, which may be thought of as the collection of all top-level assertions of the agent. A frame F is an assertion with local names, written (ν b)Ψ where b is a sequence of names that bind into the assertion Ψ . We use F, G to range over frames, and identify alphaequivalent frames. We overload ⊗ to frame composition defined by (ν b 1 )Ψ 1 ⊗(ν b 2 )Ψ 2 = (ν b 1 b 2 )(Ψ 1 ⊗Ψ 2 ) where b 1 # b 2 , Ψ 2 and vice versa. We write Ψ ⊗F to mean (νǫ)Ψ ⊗F , and (νc)((ν b)Ψ ) for (νc b)Ψ .
Intuitively a condition is entailed by a frame if it is entailed by the assertion and does not contain any names bound by the frame, and two frames are equivalent if they entail the same conditions. Formally, we define F ⊢ ϕ to mean that there exists an alpha variant (ν b)Ψ of F such that b#ϕ and Ψ ⊢ ϕ. We also define F ≃ G to mean that for all ϕ it holds that F ⊢ ϕ iff G ⊢ ϕ.
Definition 2.10 (Frames and Transitions). The frame F(P ) of an agent P is defined inductively as follows: The actions ranged over by α, β are of the following three kinds: Output M (ν a) N wherẽ a ⊆ n(N ), Input M N , and Silent τ . Here we refer to M as the subject and N as the object. We define bn(M (νã) N ) =ã, and bn(α) = ∅ if α is an input or τ . We also define n(τ ) = ∅ and n(α) = n(M ) ∪ n(N ) for the input and output actions. We write M N for M (νε) N .
Symmetric versions of Com and Par are elided. In the rule Com we assume that F(P ) = (ν b P )Ψ P and F(Q) = (ν b Q )Ψ Q where b P is fresh for all of Ψ, b Q , Q, M and P , and that b Q is correspondingly fresh. In the rule Par we assume that F(Q) = (ν b Q )Ψ Q where b Q is fresh for Ψ, P and α. In Open the expression νã ∪ {b} means the sequenceã with b inserted anywhere. A transition is written Ψ ✄ P α −→ P ′ , meaning that in the environment Ψ the wellformed agent P can do an α to become P ′ . The transitions are defined inductively in Table 1. We write P α −→ P ′ without an assertion to mean 1 ✄ P α −→ P ′ .
The operational semantics, defined in Table 1, is the same as for the original psi-calculi, except for the use of match in rule In. We identify alpha-equivalent agents and transitions (see [BJPV11] for details). In a transition the names in bn(α) bind into both the action object and the derivative, therefore bn(α) is in the support of α but not in the support of the transition. This means that the bound names can be chosen fresh, substituting each occurrence in both the action and the derivative.
As shown in the introduction, well-formedness is not preserved by transitions in the original psi-calculi. However, in sorted psi-calculi the usual well-formedness preservation result holds.
Proof. The first part is by induction on P . The output prefix case uses the sort preservation property of substitution on terms (Definition 2.4). The interesting case is input prefix M (λ x)X.Q: assume that Q is well-formed, that x ∈ vars(X), that sort(M ) ∝ sort(X) and that x#σ. By induction Qσ is well-formed. By sort preservation we get sort(M σ) ≤ sort(M ), so sort(M σ) ∝ sort(X). By preservation of patterns by non-capturing substitutions we have that x ∈ vars(Xσ) and sort(Xσ) ≤ sort(X), so sort(M σ) ∝ sort(Xσ).
The second part is by induction on the transition rules, using part 1 in the In rule.
Since well-formedness is preserved by transitions and substitutions, from this point on we only consider well-formed agents.

Meta-theory
As usual, the labelled operational semantics gives rise to notions of labelled bisimilarity.
Similarly to the applied pi-calculus [AF01], the standard definition of bisimilarity needs to be adapted to take assertions into account. In this section, we show that both strong and weak bisimilarity satisfy the expected structural congruence laws and the standard congruence properties of name-passing process calculi. We first prove these results for calculi with a single name sort (Theorem 3.12) supported by Nominal Isabelle. We then extend the results to all sorted psi-caluli (Theorems 3.19, 3.20, and 3.21) by manual proofs.
3.1. Recollection. We start by recollecting the required definitions, beginning with the definition of strong labelled bisimulation on well-formed agents by Bengtson et al. [BJPV11], to which we refer for examples and more intuitions.
Definition 3.1 (Strong bisimulation). A strong bisimulation R is a ternary relation on assertions and pairs of agents such that R(Ψ, P, Q) implies the following four statements.
(4) Simulation: for all α, P ′ such that bn(α)#Ψ, Q and Ψ ✄ P Above, (1) corresponds to the capability of a parallel observer to test the truth of a condition using case, while (3) models an observer taking a step and adding a new assertion Ψ ′ to the current environment.
We close strong bisimulation under substitutions to obtain a congruence.
Definition 3.2 (Strong bisimulation congruence). P ∼ Ψ Q means that for all sequences σ of substitutions it holds that P σ .
To illustrate the definitions of bisimulation and bisimulation congruence, we here prove a result about the case statement, to be used in Section 4. Proof. We let I := Ψ,P {(Ψ, P, P )} be the identity relation, and We prove that T : The proof that T is a bisimulation is straightforward: Static equivalence: The frame of a case agent is always 1, hence static equivalence follows by reflexivity of ≃. Symmetry: Follows by definition of T . Extension with arbitrary assertion: Trivial by the choice of candidate relation, since the Ψ in S and I are universally quantified. Simulation: Trivially, any process P simulates itself.
Here Ψ ⊢ ϕ ⊤ follows by definition of S. Since T includes both S and S −1 , we must follow transitions from both R and R ′ .
• A transition from R via P i can be derived as follows: Then R ′ can simulate this with the following derivation: The process R can simulate this with the following derivation: Psi-calculi are also equipped with a notion of weak bisimilarity ( . ≈) where τ -transitions cannot be observed, introduced by Bengtson et al. [JBPV10]. We here restate its definition, but refer to the original publication for examples and more motivation.
The definition of weak transitions is standard.
Definition 3.4 (Weak transitions). Ψ ✄ P =⇒ P ′ is defined inductively by the rules: For weak bisimulation we use static implication (rather than static equivalence) to compare the frames of the process pair under consideration.
Definition 3.5 (Static implication). P statically implies Q in the environmental assertion Definition 3.6 (Weak bisimulation). A weak bisimulation R is a ternary relation between assertions and pairs of agents such that R(Ψ, P, Q) implies all of (1) Weak static implication: for all Ψ ′ there exist Q ′ , Q ′′ such that (2) Symmetry: R(Ψ, Q, P ) (3) Extension of arbitrary assertion: for all Ψ ′ it holds that R(Ψ ⊗Ψ ′ , P, Q) We define P . ≈ Q to mean that there exists a weak bisimulation R such that R(1, P, Q) and we write P . ≈ Ψ Q when there exists a weak bisimulation R such that R(Ψ, P, Q).
Above, (1) allows Q to take τ -transitions before and after enabling at least those conditions that hold in the frame of P , as per Definition 3.5. Moreover, when testing these conditions, the observer may also add an assertion Ψ ′ to the environment. In (4b), the observer may test the validity of conditions when matching a visible transition, and may also add an assertion as above.
To obtain a congruence from weak bisimulation, we must require that every τ -transition is simulated by a weak transition containing at least one τ -transition.
Definition 3.7. A weak τ -bisimulation R is a ternary relation between assertions and pairs of agents such that R(Ψ, P, Q) implies all conditions of a weak bisimulation (Definition 3.6) with 4a replaced by We then let P ≈ Ψ Q mean that for all sequences σ of substitutions there is a weak τbisimulation R such that R(Ψ, P σ, Q σ). We write P ≈ Q for P ≈ 1 Q.
We seek to establish the following standard congruence and structural properties properties of strong and weak bisimulation: Definition 3.10 (Congruence relation). A relation R ⊆ A × P × P, where (Ψ, P, Q) ∈ R is written P R Ψ Q, is a congruence iff for all Ψ , R Ψ is an equivalence relation, and the following implications hold.
A CCase-pseudo-congruence is defined like a congruence, except that CIn is substituted by the following rule CIn-2.
A pseudo-congruence is defined like a CCase-pseudo-congruence, but without rule CCase.
Our goal is to establish that for all Ψ the relations . ∼ Ψ , ∼ Ψ , . ≈ Ψ and ≈ Ψ are complete with respect to structural congruence; that .
∼ is a CCase-pseudo-congruence; that ∼ is a congruence; that . ≈ is a pseudo-congruence; and that ≈ is a congruence.
3.2. Psi-calculi with a single name sort. To prove the desired algebraic properties of strong and weak bisimilarity and their induced congruences, we first adapt the Isabelle proofs for the original psi-calculi to sorted psi-calculi with a single name sort, and then manually lift the results to arbitrary sorted psi-calculi. The reason for this approach is the lack of support in Nominal Isabelle for data types that are parametric in the sorts of names.
≈ is a pseudocongruence, and ≈ is a congruence.
These results have all been machine-checked in Isabelle [ÅP15]. The proof scripts are adapted from Bengtson's formalisation of psi calculi [Ben10]. The same technical lemmas hold and the proof scripts are essentially identical, save for the input cases of inductive proofs, a more detailed treatment of structural congruence, and the addition of sorts and compatibility relations. We have also machine-checked Theorem 2.7 (relationship to original psi-calculi) and Theorem 2.11 (preservation of well-formedness) in this setting. These developments comprise 31909 lines of Isabelle code; Bengtson's code is 28414 lines. This represents no more than four days of work, with the bulk of the effort going towards proving a crucial technical lemma stating that transitions do not invent new names with the new matching construct.
Isabelle is an LCF-style theorem prover, where the only trusted component is a small kernel that implements the inference rules of the logic and checks that they are correctly applied. All proofs must be fed through the kernel. Hence the results are highly trustworthy.
As indicated these proof scripts apply only to calculi with a single name sort. This restriction is a consequence of technicalities in Nominal Isabelle: it requires every name sort to be declared individually, and there are no facilities to reason parametrically over the set of name sorts.
Huffman and Urban have developed a new foundation for Nominal Isabelle that lifts the requirement to declare every name sort individually [HU10]. Unfortunately, the proof automation for reasoning about syntax quotiented by alpha-equivalence still assumes individually declared name sorts. Working around this with manually constructed quotients is possible in principle, but in practice this approach does not scale well enough to make the endeavour feasible given the size of our formalisation. A further difficulty is that Huffman and Urban's new foundation is still alpha-ware and is not backwards-compatible.
3.3. Trivially name-sorted psi-calculi. A trivially name-sorted psi-calculus is one where S ν = S N and there is S ⊆ S such that = S N × S, i.e., the sorts of names do not affect how they can be used for restriction and substitution.
When generalising the result for single name-sorted calculi above, the main discrepancy is that the mechanisation works with a single sort of names and thus would allow for illsorted alpha-renamings in the case of multiple name sorts. This is only a technicality, since every use of alpha-renaming in the formal proofs is to ensure that the bound names in patterns and substitutions avoid other bound names-thus, whenever we may work with an ill-sorted renaming, there would be a well-sorted renaming that suffices for the task.
≈ is a pseudo-congruence, and ≈ is a congruence.
Proof. By manually checking that all uses of alpha-equivalence in the proof of Theorem 3.12 admit a well-sorted alpha-renaming.
3.4. Arbitrary sorted psi-calculi. We here extend the results of Theorem 3.12 to arbitrary sorted psi-calculi. The idea is to encode arbitrary sorted psi-calculi in trivially name-sorted psi-calculi by introducing an explicit error element ⊥, resulting from application of ill-sorted substitutions. For technical reasons we must also include one extra condition fail (cf. Example 3.15) and in the patterns we need different error elements with different support (cf. Example 3.16).
Let I be a sorted psi-calculus with datatype parameters T I , X I , C I , A I . We construct a trivially name-sorted psi-calculus U (I) with one extra sort, error, and constant symbols ⊥ and fail with empty support of sort error, where ⊥ is not a channel, never entailed, matches nothing and entails nothing but fail.

Channel equivalence
. ↔ is the same in U (I) as in I, plus M .
Substitution is then defined in U (I) as follows: , and the compatibility predicates of U (I) as ∝ = ∝ I ∪ ⊲⊳ and ∝ = ∝ I ∪ ⊲⊳ and = S N × {s ∈ S : ∃s ′ ∈ S N .s ′ I s} and S ν = S N . Lemma 3.14. U (I) as defined above is a trivially name-sorted psi-calculus, and any wellformed process P in I is well-formed in U (I).
Proof. A straight-forward application of the definitions.
The addition of fail is in order to ensure the compositionality of ⊗.
No variables can bind into equivariant patterns, so we need different error patterns with different support to ensure the preservation of pattern variables under substitution. Lemma 3.17. If P is well-formed in I and Ψ = ⊥, then Ψ ✄ P Proof. By induction on the derivation of the transitions. The cases In, Out, Case and Com use the fact that match, ⊢ and . ↔ are the same in I and U (I), and that substitutions in I have the same effect when considered as substitutions in U (I).
Bisimulation in U (I) coincides with bisimulation in I for processes in I.
Lemma 3.18. Assume that P and Q are well-formed processes in I. Then P .
Proof. We show only the proof for the strong case; the weak case is similar. Let R be a bisimulation in U (I). Then {(Ψ, P ′ , Q ′ ) ∈ R : Ψ = ⊥ ∧ P ′ , Q ′ well-formed in I} is a bisimulation in I: the proof is by coinduction, using Lemma 3.17 and Theorem 2.11 in the simulation case. Symmetrically, let R ′ be a bisimulation in I, and let R ′ Proof. Fix a sorted psi-calculus I. For strong and weak bisimilarity, we show only the proof for commutativity of the parallel operator. The other cases are analogous.
Let P and Q be well-formed in I and Ψ = ⊥. By Theorem 3.12, By Theorem 2.11, when σ is well-sorted then (P |Q) σ and (Q|P ) σ are well-formed. By Lemma 3.18, (P |Q) σ .
Using Lemma 3.18, we can also lift the congruence properties of strong and weak bisimilarity.
Proof. Fix a sorted psi-calculus I. We show only the proof that .
∼ is a congruence with respect to parallel operator, the other cases are analogous.
Assume P .
and Lemma 3.18 yields the same in I.
Unfortunately, the approach of Theorems 3.19 and 3.20 does not work for proving congruence properties for ∼ or ≈, since the closure of bisimilarity under well-sorted substitutions does not imply its closure under ill-sorted substitutions: consider a sorted psi-calculus I such that 0 ∼ 1 . Here 1σ = ⊥ if σ is ill-sorted, but 0 . ∼ ⊥ does not hold since only ⊥ entails fail. We have instead performed a direct hand proof.
Theorem 3.21. In all sorted psi-calculi, ∼ is a congruence and ≈ is a congruence.
Proof. The proofs are identical, line by line, to the proofs for trivially name-sorted psicalculi. Theorem 3.20 is used in every case.

Representing Standard Process Calculi
We here consider psi-calculi corresponding to some variants of popular process calculi. One main point of our work is that we can represent other calculi directly as psi-calculi, without elaborate coding schemes. In the original psi-calculi we could in this way directly represent the monadic pi-calculus, but for the other calculi presented below a corresponding unsorted psi-calculus would contain terms with no counterpart in the represented calculus, as explained in Section 1.3. We establish that our formulations enjoy a strong operational correspondence with the original calculus, under trivial mappings that merely specialise the original concrete syntax (e.g., the pi-calculus prefix a(x) maps to a(λx)x in psi).
Because of the simplicity of the mapping and the strength of the correspondence we say that psi-calculi represent other process calculi, in contrast to encoding them. A representation is significantly stronger than standard correspondences, such as the approach to encodability proposed by Gorla [Gor10]. Gorla's criteria aim to capture the property that one language can encode the behaviour of another using some (possibly elaborate) protocol, while our criteria aim to capture the property that a language for all practical purposes is a sub-language of another.
Definition 4.1. A context C of arity k is a psi-calculus process term with k occurrences of 0 replaced by a hole []. We consider contexts as raw terms, i.e., no name occurrences are binding. The instantiation C[P 1 , . . . , P k ] of a context C of arity k is the psi-calculus process resulting from the replacement of the leftmost occurrence of [] with P 1 , the second leftmost occurrence of [] with P 2 , and so on.
A psi-calculus is a representation of a process calculus with processes P ∈ P and labelled transition system → ⊆ P × A × P, if there exist an equivariant map · from P to psi-calculus processes and an equivariant relation ≅ between A and psi-calculus actions such that (1) · is a simple homomorphism, i.e., for each process constructor f of P there is an equivariant psi-calculus context C such that f (P 1 , . . . , P n ) = C[ P 1 , . . . , P n ].
(2) · is a strong operational correspondence (modulo structural equivalence), i.e., (a) whenever P β −→ P ′ then there exist α, Q such that P α −→ Q and P ′ ≡ Q and β ≅ α; and (b) whenever P α −→ Q then there exist β, P ′ such that P β −→ P ′ and P ′ ≡ Q and β ≅ α. A representation is complete if it additionally satisfies (3) · is surjective modulo strong bisimulation congruence, i.e., for each psi process P there is Q ∈ P such that P ∼ Q .
Any representation is a valid encoding in the sense of Gorla, but the converse is not necessarily true.
• In Gorla's approach, the contexts that process constructors are translated to may fix certain names, or translate one name into several names, in accordance with a renaming policy. We require equivariance, which admits no such special treatment of names. • Gorla uses three criteria for semantic correspondence: weak operational correspondence modulo some equivalence for silent transitions, that the translation does not introduce divergence, and that reducibility to a success process in the source and target processes coincides. Clearly strong operational correspondence modulo structural equivalence implies all of these criteria. Our use of structural equivalence in the operational correspondence allows to admit representations of calculi that use a structural congruence rule to define a labelled semantics (cf. Section 4.4).
Below, we use the standard notion of simultaneous substitution. Since the calculi we represent do not use environments, we let the assertions be the singleton {1} in all examples, with 1 ⊢ ⊤ and 1 ⊢ ⊥. Proofs of lemmas and theorems can be found in Appendix A.
4.1. Unsorted Polyadic pi-calculus. In the polyadic pi-calculus [Mil93] the only values that can be transmitted between agents are tuples of names. Tuples cannot be nested. The processes are defined as follows. P, Q ::= 0 | x(ỹ).P | x ỹ .P | [a = b]P | νx P | !P | P | Q | P + Q An input binds a tuple of distinct names and can only communicate with an output of equal length, resulting in a simultaneous substitution of all names. In the unsorted polyadic picalculus there are no further requirements on agents, in particular a(x).P | a y, z .Q is a valid agent. This agent has no communication action since the lengths of the tuples mismatch.
We now present the psi-calculus PPI, which we will show represents the polyadic picalculus.
This being our first substantial example, we give a detailed explanation of the new instance parameters. Patterns X are finite vectors of distinct names. The sorts S are chan for channels and tup for tuples (of names); the only sort of names S N is channels, as is the sort of restricted names. The only sort of substitutions ( ) are channels for channels; the only sort of sending (∝) and receiving (∝) is tuples over channels. In an input prefix all names in the tuple must be bound (vars) and a vector of names a matches a pattern y if the lengths match and all names in the pattern are bound (in some arbitrary order).
As an example the agent a(λx, y) x, y . a y . 0 is well-formed, since chan ∝ tup and chan ∝ tup, with vars( x, y ) = {{x, y}}. This demonstrates that PPI disallows anomalies such as nested tuples but does not enforce a sorting discipline to guarantee that names communicate tuples of the same length.
To prove that PPI is a psi-calculus, we need to check the requisites on the parameters (data types and operations) defined above. Clearly the parameters are all equivariant, since no names appear free in their definitions. For the original psi-calculus parameters (Definition 2.1), the requisites are symmetry and transitivity of channel equivalence, which hold because of the same properties of (entailment of) name equality, and abelian monoid laws and compositionality for assertion composition, which trivially hold since A = {1}. The standard notion of simultaneous substitution of names for names preserves sorts, and also satisfies the other requirements of Definition 2.4. To check the requisites on pattern matching (Definition 2.5), it is easy to see that match generates only well-sorted substitutions (of names for names), and that n( b) = n( a ) whenever b ∈ match( a , x, y ) Finally, for all name swappings ( x y) we have match( a , x, z ) = match( a , y, ( x y) · z ).
PPI is a representation of the polyadic pi-calculus as presented by Sangiorgi [San93] (with replication instead of process constants).

Definition 4.2 (Polyadic Pi-Calculus to PPI).
Let · be the function that maps the polyadic pi-calculus to PPI processes as follows. The function · is homomorphic for 0, restriction, replication and parallel composition, and is otherwise defined as follows: Similarly, we also translate the actions of polyadic pi-calculus. Here each action corresponds to a set of psi actions, since in a pi-calculus output label "the order of the bound names is immaterial" [SW01, p. 129], which is not the case in psi-calculi.
Although the binders in bound output actions are ordered in psi-calculi, they can be arbitrarily reordered. Proof. By induction on the derivation of the transition. The base case is trivial. In the Open rule, we use the induction hypothesis to reorder the bound names in the premise as desired; we can then add the opened name at the appropriate position in the action in the conclusion of the rule. The other induction cases are trivial.
We can now show that · is a strong operational correspondence.
Proof. By induction on the derivation of the transitions, using Lemma 4.3 in the OPEN case of (1).
We have now shown that the polyadic pi-calculus can be embedded in PPI, with an embedding · that is a strong operational correspondence.
In order to investigate surjectivity properties of the embedding · , we also define a translation P in the other direction.
Above, note that the order of the binders in input prefixes is ignored. To show that the reverse translation is an inverse of · modulo bisimilarity, we need to prove that their order does not matter. We now show that the embeddings · and · are inverses, modulo bisimilarity.
Theorem 4.7. If P is a PPI process, then P ∼ P .
Proof. By structural induction on P . The input case uses Lemma 4.6. For case agents, we use an inner induction on the number of branches, with Lemma 3.3 applied in the induction case.
Let the relation ∼ c e be early congruence of polyadic pi-calculus agents as defined in [San93]. Then we have Corollary 4.8. If P is a polyadic pi-calculus process, then P ∼ c e P . We also have Corollary 4.9. If P and Q are polyadic pi-calculus process, then P ∼ c e Q iff P ∼ Q . Proof. Follows from the strong operational correspondence of Theorem 4.4, and · commuting with substitutions.
This shows that every PPI process corresponds to a polyadic pi-calculus process, modulo strong bisimulation congruence, since · is surjective on the bisimulation classes of polyadic pi-calculus, and the inverse of · . In other words, PPI is a complete representation. Proof. We let β ≅ α iff α ∈ β .
(1) · is a simple homomorphism by definition.
(3) · is surjective modulo strong bisimulation congruence by Theorem 4.7. [Gel85]. A process calculus with LINDA-like pattern matching can easily be obtained from the PPI calculus, by modifying the possible binding names in patterns.

LINDA
Everything as in PPI except: Here, any subset of the names occurring in a pattern may be bound in the input prefix; this allows to only receive messages with particular values at certain positions (sometimes called "structured names" [Gel85]) We also do not require patterns to be linear, i.e., the same variable may occur more than once in a pattern, and the pattern only matches a tuple if each occurrence of the variable corresponds to the same name in the tuple.
To prove that LINDA is a psi-calculus, the interesting case is the preservation of variables of substitution on patterns in Definition 2.4, i.e., that x ∈ vars( y ) and x#σ implies x ∈ vars( y σ). This holds because standard substitution preserves names and structure: there is z such that y σ = z , and if x ∈ y and x#σ, then x ∈ z.
4.3. Sorted polyadic pi-calculus. Milner's classic sorting [Mil93] regime for the polyadic pi-calculus ensures that pattern matching in inputs always succeeds, by enforcing that the length of the pattern is the same as the length of the received tuple. This is achieved as follows. Milner assumes a countable set of subject sorts S ascribed to names, and a partial function ob : S ⇀ S * , assigning a sequence of object sorts to each sort in its domain. The intuition is that if a has sort s then any communication along a must be a tuple of sort ob(s). An agent is well-sorted if for any input prefix a(b 1 , . . . b n ) it holds that a has some sort s where ob(s) is the sequence of sorts of b 1 , . . . , b n and similarly for output prefixes.
A formal comparison with the system in [Mil93] is complicated by the fact that Milner uses so called concretions and abstractions as agents. Restricting attention to agents in the normal sense we have the following result, where · is the function from the previous example.
Theorem 4.11. P is well-sorted iff P is well-formed.
Proof. A trivial induction over the structure of P , observing that the requirements are identical.
Theorem 4.12. SORTEDPPI is a complete representation of the sorted polyadic picalculus.
Proof. The operational correspondence in Theorem 4.4 still holds when restricted to wellformed agents. The inverse translation · maps well-formed agents to well-sorted processes, so the surjectivity result in Theorem 4.7 still applies. [CM03] explore the so called pi-calculus with polyadic synchronisation, e π, which can be thought of as a dual to the polyadic pi-calculus. Here action subjects are tuples of names, while the objects transmitted are just single names. It is demonstrated that this allows a gradual enabling of communication by opening the scope of names in a subject, results in simple encodings of localities and cryptography, and gives a strictly greater expressiveness than standard pi-calculus. The processes of e π are defined as follows.

Polyadic synchronisation pi-calculus. Carbone and Maffeis
In order to represent e π, only minor modifications to the representation of the polyadic picalculus in Section 4.1 are necessary. To allow tuples in subject position but not in object position, we invert the relations ∝ and ∝. Moreover, e π does not have name matching conditions a = b, since they can be encoded (see [CM03]).
PSPI Everything as in PPI except: To obtain a representation, we consider a dialect of e π without the τ prefix. This has no cost in terms of expressiveness since the τ prefix can be encoded within e π using a communication over a restricted fresh name. However, the PSPI context C[] = (ν a)( a a.0 | a (λa)a.[]]) that encodes the prefix is not admissible as part of a representation since it depends on the name a and so is not equivariant.
The e π calculus also uses an operational semantics with late input, unlike psi-calculi. In order to yield a representation, we consider an early version −→ e of the semantics, obtained by turning bound input actions into free input actions at top-level.  4.13 (Polyadic synchronisation pi-calculus to PSPI). · is homomorphic for 0, restriction, replication and parallel composition, and is otherwise defined as follows: Σ i α i .P i = case ⊤ i : α i .P i x y .P = x y. P x(y).P = x (λy)y. P We translate bound and free output, free input, and tau actions in the following way.
The transition system in e π is given up to structural congruence, i.e., for all α we have Definition 4.14. ≡ is the least congruence satisfying alpha conversion, the commutative monoidal laws with respect to both (|,0) and (+,0) and the following axioms 1 : The proofs of operational correspondence are similar to the polyadic pi-calculus case. We have the following initial results for late input actions. (1) If Px (2) If P   ( Proof. By induction on the derivation of the transitions.
Again, these results lead us to say that the polyadic synchronization pi-calculus can be represented as a psi-calculus.
Theorem 4.17. PSPI is a representation of the polyadic synchronization pi-calculus.
(1) · is a simple homomorphism by definition.
To investigate the surjectivity properties of · , we need to consider the fact that polyadic synchronization pi has only mixed (i.e., prefix-guarded) choice.
We define the translation R from case-guarded PSPI processes to e π as the translation with the same name from PPI, except that ⊥-guarded branches of case statements are discarded.
Theorem 4.19. For all case-guarded PSPI processes R we have R ∼ R .
Proof. By structural induction on R. For case agents, we use an inner induction on the number of branches, with Lemma 3.3 applied in the induction case.
Corollary 4.20. If P is a polyadic synchronization pi-calculus process, then P∼ P .
Corollary 4.21. For all e π processes P , Q, P∼ Q (i.e., P and Q are early labelled congruent) iff P ∼ Q .
Proof. By strong operational correspondence 4.16, and · commuting with substitutions.
1 The original definition of ≡ [CM03] includes an additional axiom [x = x]P ≡ P allowing to contract successful matches, but this axiom is omitted here since the e π calculus does not include the match construct. Unusually, the definition of ≡ does not admit commuting restrictions, i.e., (νx)(νy)P ≡ (νy)(νx)P . We thus have that polyadic synchronization pi corresponds to the case-guarded PSPI processes, modulo strong bisimulation. 4.5. Value-passing CCS. Value-passing CCS [Mil89] is an extension of pure CCS to admit arbitrary data from some set V to be sent along channels; there is no dynamic connectivity so channel names cannot be transmitted. When a value is received in a communication it replaces the input variable everywhere, and where this results in a closed expression it is evaluated, so for example a(x) . c(x + 3) can receive 2 along a and become c 5. There are conditional if constructs that can test if a boolean expression evaluates to true, as in a(x) . if x > 3 then P . Formally, the value-passing CCS processes are defined by the following grammar with x, y ranging over names, v over values, b over boolean expressions, and L over sets of names.
To represent this as a psi-calculus we assume an arbitrary set of expressions e ∈ E including at least the values V.
Closed value-passing CCS processes correspond to VPCCS agents P where all free names are of sort chan. To prove that VPCCS is a psi-calculus, the interesting case is when the sort of a term is changed by substitution: let e be an open term, and σ a substitution such that n(e) ⊆ dom(σ). Here sort(e) = exp and sort(eσ) = value; this satisfies Definition 2.4 since value ≤ exp in the subsorting preorder (here exp ≤ value also holds, but is immaterial since there are no names of sort value).
We show that VPCCS represents value-passing CCS as defined by Milner [Mil89], with the following modifications: • We use replication instead of process constants.
• We consider only finite sums. Milner allows for infinite sums without specifying exactly what infinite sets are allowed and how they are represented, making a fully formal comparison difficult. Introducing infinite sums naively in psi-calculi means that agents might exhibit cofinite support and exhaust the set of names, rendering crucial operations such as α-converting all bound names to fresh names impossible. • We do not consider the relabelling construct P [f ] of CCS at all. Injective relabelings are redundant in CCS [GSV04], and the construct is not included in the psi-calculi framework. • We only allow finite sets L in restrictions P \ L. With finite sums, this results in no loss of expressivity since agents have finite support. Milner's restrictions are of sets of names, which we represent as a sequence of ν-binders.
To create a unique such sequence from L, we assume an injective and support-preserving function − → · : P fin (N chan ) → (N chan ) * . For instance, − → L may be defined as sorting the names in L according to some total order on N chan , which is always available since N chan is countable.
The mapping · from value-passing CCS into VPCCS is defined homomorphically on parallel composition, output and 0, and otherwise as follows.
x(y).P = x(λy)y. P Σ i P i = case ⊤ : P 1 [] · · · [] ⊤ : P i if b then P = case b : P P \ L = (ν − → L ) P We translate the value-passing CCS actions as follows As an example, in a version of VPCCS where the expressions E include natural numbers and operations on those, In our psi semantics, expressions in processes are evaluated when they are closed by reception of variables (e.g. in the first transition above), while Milner simply identifies closed expressions with their values [Mil89,p55f].
Lemma 4.22. If P is a closed VPCCS process and P α −→ P ′ , then P ′ is closed.  Proof. By induction on the derivations of P ′ and P ′′ , respectively. The full proof is given in Appendix A.3.
As before, this yields a representation theorem.
Theorem 4.24. VPCCS is a representation of the closed agents of value-passing CCS (modulo the modifications described above).
(1) · is a simple homomorphism by definition.
To investigate the surjectivity of the encoding, we let P = {P : sort(n(P )) ⊆ {chan}} be the VPCCS processes where all fre names are of channel sort.
Lemma 4.25. If P ∈ P, then there is a CCS process Q such that P ∼ Q .
Proof. As before, we define an inverse translation ·, that is homomorphic except for Using Lemma 3.3, we get P ∼ P . Here also channel names can be substituted for other channel names, and they can be sent and received along channel names.

Advanced Data Structures
We here demonstrate that we can accommodate a variety of term structures for data and communication channels; in general these can be any kind of data, and substitution can include any kind of computation on these structures. This indicates that the word "substitution" may be a misnomer -a better word may be "effect" -though we keep it to conform with our earlier work. We focus on our new contribution in the patterns and sorts, and therefore make the following definitions that are common to all the examples (unless explicitly otherwise defined).
If t and u are from some term algebra, we write t u when t is a (non-strict) subterm of u.

Convergent rewrite systems on terms.
In Example 4.26, the value language consisted of closed terms, with an opaque notion of evaluation. We can instead work with terms containing names and consider deterministic computations specified by a convergent rewrite system. The interesting difference is in which terms are admissible as patterns, and which choices of vars(X) are valid. We first give a general definition and then give a concrete instance in Example 5.1.
Let Σ be a sorted signature with sorts S, and · ⇓ be normalization with respect to a convergent sort-preserving rewrite system on the nominal term algebra over N generated by the signature Σ. We let terms M range over the range of ⇓, i.e., the normal forms. We write ρ for sort-preserving capture-avoiding simultaneous substitutions { M / a } where every M i is in normal form; here n(ρ) = n( M , a). A term M is stable if for all ρ, M ρ⇓ = M ρ. The patterns are all instances of stable terms, i.e., X = M ρ where M is stable. Such a pattern X can bind any combination of names occurring in M but not in ρ. As an example, any term M is a pattern (since any name x is stable and M = x{ M / x }) that can be used to match the term M itself (since ∅ ⊆ n(x) \ n(M, x) = ∅).

REWRITE(⇓)
We need to show that the patterns are closed under substitution, including preservation of vars (cf. Definition 2.4), and that matching satisfies the criteria of Definition 2.5. Since any term is a pattern, the patterns are closed under substitution. Since term substitution { · / · } and normalization ⇓ are both sort-preserving, term and pattern substitution [· := ·] is also sort-preserving.
To show preservation of pattern variables, assume that x ∈ vars(X) is a tuple of distinct names. By definition there are M and ρ such that X = M ρ with M stable and x ⊆ n(M ) \ n(ρ). Assume that x#σ; then Xσ = (M ρ)σ = M (σ • ρ) with x#σ • ρ, so x ∈ vars(Xσ).
For the criteria of Definition 2.5, additionally assume that L ∈ match(N, x, X) and let σ = [ x := L]. Since { L / x } is well-sorted, so is [ x := L]. We also immediately have n( L) = n(N ) ∪ (n(X) \ x), and alpha-renaming of matching follows from the same property for term substitution.
Example 5.1 (Peano arithmetic). As a simple instance of REWRITE(⇓), we may consider Peano arithmetic. The rewrite rules for addition (below) induce a convergent rewrite system ⇓ Peano , where the stable terms are those that do not contain any occurrence of plus. Writing i for succ i (zero), the agent (νa)(a 2 | a(λy)succ(y) . c plus(3, y)) of REWRITE(⇓ Peano ) has one visible transition, with the label c 4. In particular, the object of the label is plus(3, y)[y := 1] = plus(3, y){ 1 / y }⇓ Peano = 4. 5.2. Symmetric cryptography. We can also consider variants of REWRITE(⇓), such as a simple Dolev-Yao style [DY83] cryptographic message algebra for symmetric cryptography, where we ensure that the encryption keys of received encryptions can not be bound in input patterns, in agreement with cryptographic intuition. The rewrite rule describing decryption dec(enc(M, K), K) → M induces a convergent rewrite system ⇓ enc , where the terms not containing dec are stable. The construction of REWRITE(⇓) yields that x ∈ vars(X) if x ⊆ n(X) are pair-wise different and no x i occurs as a subterm of a dec in X. This construction would still permit to bind the keys of an encrypted message upon reception, e.g. a(λm, k)enc(m, k) . P would be allowed although it does not make cryptographic sense. Therefore we further restrict vars(X) to those sets not containing names that occur in key position in X, thus disallowing the binding of k above. Below we give the formal definition (recall that is the subterm preorder).

SYMSPI
Everything as in REWRITE(⇓ enc ) except: The proof of the conditions of Definition 2.4 and Definition 2.5 for patterns is the same as for REWRITE(·) in Section 5.1 above.
As an example, the agent (νa, k)(a enc(enc(M, l), k) | a(λy)enc(y, k) . c dec(y, l)) has a visible transition with label c M , where one of the leaf nodes of the derivation is a(λy)enc(y, k) . c dec(y, l)

Asymmetric cryptography.
A more advanced version of Section 5.2 is the treatment of data in the pattern-matching spi-calculus [HJ06], to which we refer for more examples and motivations of the definitions below. The calculus uses asymmetric encryption, and includes a non-homomorphic definition of substitution that does not preserve sorts, and a sophisticated way of computing permitted pattern variables. This example highlights the flexibility of sorted psi-calculi in that such specialized modelling features can be presented in a form that is very close to the original. We start from the term algebra T Σ over the unsorted signature Σ = {(), (·, ·), eKey(·), dKey(·), enc(·, ·), enc −1 (·, ·)}  The eKey(M ) and dKey(M ) constructions represent the encryption and decryption parts of the key pair M , respectively. The operation enc −1 (M, N ) is encryption of M with the inverse of the decryption key N , which is not an implementable operation but only permitted to occur in patterns. We add a sort system on T Σ with sorts S = {impl, pat, ⊥}, where impl denotes implementable terms not containing enc −1 , and pat those that may only be used in patterns. The sort ⊥ denotes ill-formed terms, which do not occur in well-formed processes. Names stand for implementable terms, so we let S N = {impl}. Substitution is defined homomorphically on the term algebra, except to avoid unimplementable subterms on the form enc −1 (M, dKey(N )). In order to define vars(X), we write M N if all N i ∈ N can be deduced from M in the Dolev-Yao message algebra (i.e., using cryptographic operations such as encryption and decryption). For the precise definition, see Table 2. The definition of vars(X) below allows to bind a set S of names only if all names in S can be deduced from the message term X using the other names occurring in X. This excludes binding an unknown key (cf. Section 5.2). As an example, consider the following transitions in PMSPI: (νa, k, l)( a enc(dKey(l), eKey(k)).a enc(M, eKey(l)) | a(λy)enc(y, eKey(k)) . a(λz)enc −1 (z, y) . c z) τ −→ (νa, k, l)(a enc(M, eKey(l)) | a(λz)enc(z, eKey(l)) . c z) τ −→ (νa, k, l)c M. Note that σ = [y := dKey(l)] resulting from the first input changed the sort of the second input pattern: sort(enc −1 (z, y)) = pat, but sort(enc −1 (z, y)σ) = sort(enc(z, eKey(l))) = impl. However, this is permitted by Definition 2.4 (Substitution), since impl ≤ pat (implementable terms can be used as channels or messages whenever patterns can be).
Terms (and patterns) are trivially closed under substitution. All terms in the domain of a well-sorted substitution have sort impl, so well-sorted substitutions cannot introduce subterms of the forms enc −1 (N 1 , N 2 ) or enc −1 (N 1 , dKey(N 2 )) where none existed; thus sort(M σ) ≤ sort(M ) as required by Definition 2.4.
To show preservation of pattern variables, we first need some technical results about Dolev-Yao derivability.  The requisites on matching (Definition 2.5) follow from those on substitution. Lemma 5.3 implies that the set of (well-sorted) processes [HJ06] is closed under (well-sorted) substitution, a result which appears not to have been published previously.

Nondeterministic computation.
The previous examples considered total deterministic notions of computation on the term language. Here we consider a data term language equipped with partial non-deterministic evaluation: a lambda calculus extended with the erratic choice operator · · and the reduction rule M 1 M 2 → M i if i ∈ {1, 2}. Due to non-determinism and partiality, evaluation cannot be part of the substitution function. Instead, we define the match function to collect all evaluations of the received term, which are non-deterministically selected from by the In rule. This example also highlights the use of object languages with binders, a common application of nominal logic.
We let substitution on terms be the usual capture-avoiding syntactic replacement, and define reduction contexts R ::= [ ] | R M | (λx.M ) R (we here use the boldface λ rather than the λ used in input prefixes). Reduction → is the smallest pre-congruence for reduction contexts that contain the rules for β-reduction (λx.M N → M [x := N ]) and · · (see above).
We use the single-name patterns of Example 2.6, but include evaluation in matching.
To avoid confusing the λ of the input prefix and the λ of the term language, we write a(x) for a(λx)x. As an example, the agent P def = (νa)(a(y) . c y . 0 | a ((λx.x x) (λx.x)) . 0) has the following transitions:

Conclusions and further work
We have described two features that taken together significantly improve the precision of applied process calculi: generalised pattern matching and substitution, which allow us to model computations on an arbitrary data term language, and a sort system which allows us to remove spurious data terms from consideration and to ensure that channels carry data of the appropriate sort. The well-formedness of processes is thereby guaranteed to be preserved by transitions. Using these features we have provided representations of other process calculi, ranging from the simple polyadic pi-calculus to the spi-calculus and nondeterministic computations, in the psi-calculi framework. The critera for representation (rather than encoding) are stronger than standard correspondences e.g. by Gorla, and mean that the psi-calculus and the process calculus that it represents are for all practical purposes one and the same.
The meta-theoretic results carry over from the original psi formulations, and have been machine-checked in Isabelle for the case of a single name sort (e.g. the calculi PPI, LINDA and PSPI in Section 4, and the calculi PMSPI and NDLAM in Section 5). We have also added sorts to an existing tool for psi-calculi [BGRV15], the Psi-calculi Workbench (Pwb), which provides an interactive simulator and automatic bisimulation checker. Users of the tool need only implement the parameters of their psi-calculus instances, supported by a core library. In the tool we currently support only tuple patterns, similarly to the PPI calculus of Section 4.1.
Future work includes developing a symbolic semantics with more elaborate pattern matching. For this, a reformulation of the operational semantics of Table 1 in the late style, where input objects are not instantiated until communication takes place, is necessary.
A comparison of expressiveness to calculi with non-binary (e.g., join-calculus [FG96] or Kell calculus) or bidirectional (e.g., dyadic interaction terms [Hon93] or the concurrent pattern calculus [GWGJ10]) communication primitives would be interesting. We here inherit positive results from the pi calculus, such as the encoding of the join-calculus.
We aim to extend the use of sorts and generalized pattern matching to other variants of psi-calculi, including higher-order psi calculi [PBRÅP13] and reliable broadcast psicalculi [ÅPBP + 13]. Although assertions and conditions are unsorted, we intend to investigate adding sorts and pattern-matching to psi-calculi with non-trivial assertions [BJPV11].
As discussed in Section 3.2, further work is needed for scalable mechanised reasoning about theories that are parametric in an arbitrary but fixed name sorting.
A.1. Polyadic Pi-Calculus. This section contains full proofs of Section 4.1 for the polyadic pi-calculus example. We use definitions and results of Sangiorgi [San93]. However, we opted to replace process constants with replication.
For convenience, we repeat definition of the encoding function given in Example 4.1.

COM:
Assume The induction hypothesis is that for every α ′ ∈ (νỹ ′ )x ỹ and ↔ x and y ′ # Q . We then choose α ′ and α ′′ and alpha-variants of the frames of P and Q that are sufficiently fresh to allow the derivation P | Q τ −→ (ν y ′ )( P ′ | Q ′ ) with the Com rule.

MATCH:
Assume x]P , we derive case x = x : P α −→ P ′ with the Case rule.

37
(2) We now show that if P α −→ P ′′ then P β −→ P ′ where α ∈ β and P ′ = P ′′ . We proceed by by induction on the derivation of the transition. We show the interesting cases:

Case:
Assume P α −→ P ′′ . By inversion of the Case rule, P is of the form caseφ :P . Since P C = case ϕ : P is in the range of · , either P C = ⊤ : P [] ⊤ : Q , P C = ⊤ : Q [] ⊤ : P or P C = case x = y : P . We proceed by case analysis: (a) When P C = ⊤ : P [] ⊤ : Q , we note that P + Q = P C and imitate the derivation of P ′′ from P C with the derivation P + Q β −→ P ′ , using the SUM rule and the fact obtained from induction hypothesis α ∈ β . (b) The case when P C = ⊤ : Q [] ⊤ : P is symmetric to the previous case. (c) When P C = case x = y : P , since 1 ⊢ x = y by the induction hypothesis, x = y. We note that [x = x]P = P C and imitate the derivation of P ′′ from P C with the derivation [x = x]P β −→ P ′ , using the MATCH rule and the fact obtained from induction hypothesis α ∈ β .
From the strong operational correspondence, we obtain full abstraction. We use Sangiorgi's definition of bisimulation and congruence for the polyadic pi-calculus [San93, page 42].
Theorem A.4. For polyadic-pi calculus agents P and Q we have P ∼ c e Q iff P ∼ Q . Proof. For direction ⇐, assume P ∼ Q . We claim that the relation R = {(P, Q) : P ∼ Q } is an early congruence in the polyadic pi-calculus.
Firs let us consider the simulation case. Assume P β −→ P ′ . Then, we need to show that there exists Q ′ such that Q β −→ Q ′ and (P ′ , Q ′ ) ∈ R. By Theorem 4.4 (1), we get P α −→ P ′ for any α ∈ β . By Theorem 4.4 (2) and using the assumption α ∈ β as well as the fact P ∼ Q , we derive Q α −→ Q ′ . From the simulation clause and that P and Q are congruent we get that P ′ ∼ Q ′ . Hence, (P ′ , Q ′ ) ∈ R. The symmetry case follows from the symmetry of ∼. Thus, R is an early bisimulation. Since R is closed under all substitutions by Lemma A.3, it is also an early congruence. Now let us consider the other direction ⇒. First, assume P ∼ c e Q. We claim the relation {(1, P , Q ) : P ∼ c e Q} is a congruence in PPI. The static equivalence and extension of arbitrary assertion cases are trivial since there is unit assertion only. Symmetry follows from symmetry of ∼ c e , and simulation follows by Theorem 4.4 and the fact that ∼ c e is an early congruence.
Proof of Theorem 4.7. By structural induction on P . We only consider the case agent since the other cases are trivial. P = case ϕ 1 : P 1 [] . . . [] ϕ n : P n : We have one induction hypothesis IH i for every i ∈ {1..n}, namely that P i ∼ P i . We proceed by induction on n.
Proof. By induction on P and Q while inspecting all possible cases.
Lemma A.6. · is surjective up to ∼, that is, for every P there is a Q such that Q ∼ P .
Proof. By induction on the well-formed agent P .
Case x ỹ .P ′ : Case P | P ′ : By induction there are Q ′ , Q ′′ such that Q ′ ∼ P and Q ′′ ∼ P ′ . Then let Case (νx)P : Case !P : Case 1 : Case case ϕ : P ′ : The induction hypothesis IH case is that for every P ′ i there is Q ′ i such that Q ′ i ∼ P ′ i . The proof proceeds by induction on the length of ϕ.
Proof of Lemma 4.15.
(1) By induction on the derivation of P ′ , avoiding z.

Prefix:
Here Σ ixi (y i ).P ix Since match(z, y i , y i ) = {z}, we can use the Case and In rules to derive the transition case ⊤ : x 1 (λy 1 )y 1 . P 1 [] Finally, we have P ′′ = P i [y i := z] and use reflexivity of ∼ to conclude this case.

Bang:
Here P | !Px By rule Rep, we also have that ! P x z − −− → P ′′ .

Par:
Here Px Using the Par rule we derive P | Q

Struct:
Here P ≡ Q, Qx

Res:
Here Px (2) By induction on the derivation of P ′′ , avoiding y.

Case:
Here P C x z − −− → P ′′ , where P C = case ϕ : Q is in the range of · . Hence P C must be the encoding of some prefix-guarded sum, i.e., P C = Σ i α i .P i = case ⊤ : α 1 . P 1 [] . . . [] ⊤ : α i . P i . By transition inversion, we can deduce that for some j, α j =x(y) and P j [y := z] = P ′′ . By the Prefix rule,

Out:
A special case of Case.

Rep:
Here Using the Bang rule, we derive !Px

Scope:
Here P x z − −− → P ′′ , y#P, Q and a#x, y, z. By induction Px We give a proof for the strong operational correspondence.
Proof of Theorem 4.16.
(1) By induction on the derivation of P ′ . In case of input rule eIn, we apply Lemma 4.15 (1).
The other interesting cases are:
By Open, we derive (νy) P

Com:
Here P

Static equivalence:
Trivial since there is only a unit assertion.

Symmetry:
By symmetry of ∼

Extension of arbitrary assertion:
Trivial since there is only a unit assertion.
Lemma A.11. · is surjective up to ∼ on the set of case-guarded processes, that is, for every case-guarded P there is a Q such that Q ∼ P .
Proof. By induction on the well-formed agent P .
Case case ϕ : P ′ : For induction hypothesis IH case , we have for every i there is Q ′ i such that Q ′ i ∼ P ′ i . The proof proceeds by induction on the length of ϕ.

Base case:
Let Q = 0, then Q = 0 ∼ case. First, we note that IH case holds for every i and in particular i = n + 1, thus we get Q ′ n+1 ∼ P n+1 . Second, we note that ϕ n+1 has two forms, thus we proceed by case analysis on ϕ n+1 . We conclude the case.
Lemma A.12. · is injective, that is, for all P, Q, if P = Q then P = Q.
Proof. By induction on P and Q while inspecting all the possible cases.
A.3. Value-passing CCS. This section contains the full proofs of the results found in Section 4.5 for the value-passing CCS.
Lemma A.13. If P is a VPCCS process such that P Proof. By induction on the derivation of P ′ . Obvious in all cases except Open, where we derive a contradiction since only values can be transmitted and yet only channels can be restricted -hence the name a is both a name and a value.
We prove strong operational correspondence using the implicit translation from valuepassing CCS to CCS of Milner [Mil89, Section 2.6, p. 56]. If L is a set of labels, we write L#α to mean that for every ℓ ∈ L there is no v such that α = ℓ v or α = ℓ v .
Proof of Theorem 4.23.
(1) By induction on the derivation of P ′ .

Act:
We have that α.P α −→ P . Since α.P is a closed value-passing CCS agent, α cannot be a free input. Thus, α is an output action α = x(v) for some x and v. The Out rule then admits the derivation x(v).P = x v. P x v − − → P .

Sum:
There are two cases to consider: either Σ i P i is the encoding of an input, or a summation.
(a) If it is an encoding of an input Σ i P i = x(y).P = Σ v x(v).P {v/y}, then the action α must be the free input action x(v) for some value v. Thus, for each v, we can derive x(y).P = x(λy)y. P

Com3:
Here P α −→ P ′ and Q α −→ Q ′ . Since α is in the range of ·, there are x and v such that α = x(v) and α = x(v) (or vice versa, in which case read the next sentence symmetrically). By the induction hypotheses, P x v − − → P ′ and Q x v − − → Q ′ .
Then P | Q τ −→ P ′ | Q ′ by the Com rule.

Out:
Here x v. P x v − − → P . We match this by deriving x(v).P x(v) −−→ P using the Act rule.

Com:
Here P

Scope:
Here P Open: Impossible, by Lemma A.13.