Communication is an essential element of modern software, yet the programming and analysis of communicating systems are difficult tasks. A reason for this difficulty is the lack of compositional mechanisms that preserve relevant communication properties.

In 12, we present a comprehensive treatment of the case of synchronous communications. We consider both symmetric synchronous communications and asymmetric synchronous communications (where senders decide independently which message should be exchanged). The composition mechanism preserves different properties under different conditions depending on the considered type of synchronous communication. We show here that the preservation of lock freedom requires an additional condition on gateways for asymmetric communication. Such a condition is also needed for the preservation of deadlock freedom, lock freedom or strong lock freedom for symmetric communications. This is not needed, instead, for the preservation of either deadlock freedom or strong lock freedom with asymmetric interactions.

We also worked on formalizations and implementations of choreographic languages.

In 11, we introduce a meta-model based on formal languages, dubbed formal choreographic languages, to study message-passing systems. Our framework allows us to generalize standard constructions from the literature and to compare them. In particular, we consider notions such as global view, local view, and projections from the former to the latter. The correctness of local views projected from global views is characterized in terms of a closure property. We consider a number of communication properties – such as (dead)lock-freedom – and give conditions on formal choreographic languages to guarantee them. Finally, we show how formal choreographic languages can capture existing formalisms; specifically we consider communicating finite-state machines, choreography automata, and multiparty session types. Notably, formal choreographic languages, differently from most approaches in the literature, can naturally model systems exhibiting non-regular behavior.

In the paradigm of choreographic programming, choreographies are programs that can be compiled into executable implementations. Choreographic Programming originated primarily in the context of process calculi, with preliminary work done to establish its foundations and experiment with implementations.

In 16, we present Choral, the first choreographic programming language based on mainstream abstractions. The key idea in Choral is a new notion of data type able to express data distribution over different participants. We use this idea to reconstruct the paradigm of choreographic programming through object-oriented abstractions. Choreographies are classes, and instances of choreographies are objects with states and behaviors implemented collaboratively by the participants. Choral comes with a compiler that, given a choreography, generates an implementation for each of its roles. These implementations are libraries in pure Java, whose types are under the control of the Choral programmer. Developers can then modularly compose these libraries in their programs, to participate correctly in choreographies. Choral is the first incarnation of choreographic programming offering such modularity, which finally connects more than a decade of research on the paradigm to practical software development. The integration of choreographic and object-oriented programming yields other powerful advantages, where the features of one paradigm benefit the other in ways that go beyond the sum of the parts. On the one hand, the high-level abstractions and static checks from the world of choreographies can be used to write concurrent and distributed object-oriented software more concisely and correctly. On the other hand, we obtain a much more expressive choreographic language from object-oriented abstractions than in previous work. This expressiveness supports writing more reusable and flexible choreographies. For example, object passing makes Choral the first higher-order choreographic programming language, whereby one can parametrize choreographies over other choreographies without the need for central coordination. We also extend method overloading to a new dimension: specialization based on data location. The integration of overloading, together with subtyping and generics, allows Choral to elegantly support user-defined communication mechanisms and middleware.

The service-oriented programming language Jolie is a long-standing project within Focus.

In 17 we introduce LEMMA2Jolie, a tool for translating domain models of microservice architectures given in LEMMA into concrete APIs of microservices in the Jolie programming language. The tool combines the state of the art for the design and implementation of microservices: developers can use Domain-Driven Design (DDD) for the construction of the domain models of a microservice architecture, and then automatically transition to a service-oriented programming language that provides native linguistic support for implementing the behavior of each microservice. In 28 we formally define and integrate into the LEMMA2Jolie tool a translation of domain and service models. As a result, LEMMA2Jolie now supports a software development process whereby one can design microservice architectures in collaboration with domain experts in LEMMA, and then automatically translate the design into programmable Jolie APIs.

Another work related to Jolie is JoT 29, a testing framework for Microservice Architectures (MSAs) based on technology agnosticism, a core principle of microservices. The main advantage of JoT is that it reduces the amount of work for a) testing for MSAs whose services use different technology stacks, b) writing tests that involve multiple services, and c) reusing tests of the same MSA under different deployment configurations or after changing some of its components (e.g., when, for performance, one reimplements a service with a different technology). In JoT, tests are orchestrators that can both consume or offer operations from/to the MSA under test. The language for writing JoT tests is Jolie, which provides constructs that support technology agnosticism and the definition of terse test behaviors.

APP (and variants) is a platform-agnostic declarative language developed within Focus that allows serverless platforms to support multiple scheduling logics. Indeed, proprietary and open-source serverless platforms follow opinionated, hardcoded scheduling policies to deploy the functions to be executed over the available workers. Such policies may decrease the performance and the security of the application due to locality issues (e.g., functions executed by workers far from the databases to be accessed). APP helps in overcoming these limitations. However, defining the “right” scheduling policy in APP is a non-trivial task since it often requires rounds of refinement involving knowledge of the underlying infrastructure, guesswork, and empirical testing. In 32 we present a gentle introduction to APP through an illustrative application developed over several incremental steps to help developers identify and specify relevant properties of their serverless architectures. In 31, we start investigating how one can use static analysis to inform APP scheduling function policies for selecting the best-performing workers at function allocation. We substantiate our proposal by presenting a pipeline able to extract cost equations from functions' code, synthesizing cost expressions through the usage of off-the-shelf solvers, and extending APP allocation policies to consider this information.

Ransomware is one of the most infamous kinds of malware, particularly the “crypto” subclass, which encrypts users' files, asking for some monetary ransom in exchange for the decryption key. Recently, crypto-ransomware grew into a scourge for enterprises and governmental institutions. The most recent and impactful cases include an oil company in the US, an international Danish shipping company, and many hospitals and health departments in Europe. Attacks result in production lockdowns, shipping delays, and even risks to human lives. To contrast ransomware attacks (crypto, in particular), in 14 we propose a family of solutions, called Data Flooding against Ransomware (DFaR), tackling the main phases of detection, mitigation, and restoration, based on a mix of honeypots, resource contention, and moving target defence. These solutions hinge on detecting and contrasting the action of ransomware by flooding specific locations (e.g., the attack location, sensitive folders, etc.) of the victim's disk with files. Building on the DFaR approach, in 15 we present an open-source tool, called Ranflood, that implements the mitigation and restoration phases. In particular, Ranflood supports three flooding strategies, apt for different attack scenarios. At its core, Ranflood buys time for the user to counteract the attack, e.g., to access an unresponsive, attacked server and shut it down manually.

In Focus, we are interested in studying notions of termination and resource analysis for non-standard computing paradigms, like those induced by the presence of randomized and quantum effects. For instance, over the last years we have developed the cost analyser eco-imp 6.1.5, which can derive bounds on the average runtime of probabilistic imperative programs, in a fully automated manner. This year, we have extended the tool along two axes. First, we have extended the capabilities of the language, for instance, the new version is capable of analyzing recursively defined functions. Second, the tool has been extended from reasoning about expected runtime to a broader set of events, through the analyzed notion of expected outcomes. All of this required significant extensions to the underlying inference machinery, described in 10.

Another very important research axis within Focus is that about the study of metrics and quantitative reasoning on programs, supported by tools such as relational logic and program metrics. This year there have been a number of contributions in this direction.

We first of all looked at Mardare et al.’s quantitative algebras, and at whether they can be adapted to the structures which naturally emerge from Combinatory Logic and the $\lambda$-calculus 25. First of all, we show that the framework is indeed applicable to those structures, and give soundness and completeness results. Then, we prove some negative results, clearly delineating to which extent categories of metric spaces can be models of such theories. We conclude by giving several examples of non-trivial higher-order quantitative algebras.

We then introduced contextual behavioral metrics (CBMs) as a novel way of measuring the discrepancy in behavior between processes in a concurrent scenario, taking into account both quantitative aspects and contextual information. This way, process distances by construction take the environment into account: two (non-equivalent) processes may still exhibit very similar behavior in some contexts, e.g., when certain actions are never performed. We first show how CBMs capture many well-known notions of equivalence and metric, including Larsen's environmental parametrized bisimulation. We then study compositional properties of CBMs with respect to some common process algebraic operators, namely prefixing, restriction, non-deterministic sum, parallel composition and replication 26.

Finally, we also studied higher-order logic and its role in quantitative reasoning. More specifically, we introduce a variation on Barthe et al.’s higher-order logic in which formulas are interpreted as predicates over open rather than closed objects. This way, concepts which have an intrinsically functional nature, like continuity, differentiability, or monotonicity, can be expressed and reasoned about in a very natural way, following the structure of the underlying program. We give open higher-order logic in distinct flavors, and in particular in its relational and local versions, the latter being tailored for situations in which properties hold only in part of the underlying function’s domain of definition 24.

Another topic of interest in Focus is the study of abstract machines for the implementation of high-level languages and in particular the analysis of their performance. In the last years, we have been concerned with the study of abstract machines derived from Girard's Geometry of Interaction. In a joint work between Dal Lago and Vanoni, we study one of the two formulations of the interaction abstract machine, namely that obtained from the so-called “boring” translation of intuitionistic logic into linear logic. We prove the correctness of the resulting call-by-name machine, at the same time establishing an improved bisimulation with Krivine’s abstract machine. The proof makes essential use of the definition of a novel relational property linking configurations of the two machines 27. This turned out to be a surprising fact, because the “boring” translation is well-known to be related to call-by-value evaluation.

In the realm of quantum computing, circuit description languages represent a valid alternative to traditional QRAM-style languages. They indeed allow for finer control over the output circuit, without sacrificing flexibility nor modularity. We introduce in 23 a generalization of the paradigmatic lambda-calculus Proto-Quipper-M, which models the core features of the quantum circuit description language Quipper. The extension, called Proto-Quipper-K, is meant to capture a very general form of dynamic lifting. This is made possible by the introduction of a rich type and effect system in which not only computations, but also the very types are effectful. The main results we give for the introduced language are the classic type soundness results, namely subject reduction and progress.

In the area of qualitative semantics, during the past year our efforts have gone mainly in the direction of "unifying semantics", which has been our major direction in the past few years.

In particular we have deepened the study of the comparison between the the $\lambda$-calculus, as a pure model of functions, and the $\pi$-calculus, as a pure model of processes 33. There has been a lot of work in the literature on the representation of $\lambda$-calculus into $\pi$-calculus, since early 1990s, where the process representations always yield (at best) non-extensional lambda-theories (i.e., beta rule holds, whereas eta does not). We have studied how to obtain extensional representations. In particular we have showed how that the representation of functions can be made parametric on certain abstract components called wires (intuitively, processes whose task is to connect two end-point channels). When a few algebraic properties of wires hold, the representation yields a lambda-theory. Further, by varying the shape of wires (exploiting symmetries and dualities of the $\pi$-calculus), we can obtain well-known lambda-theories, both extensional and non-extensional (intuitively, those of Bohm trees with infinite eta, of Levy-Longo trees, and of Bohm trees).

To celebrate the 30th edition of EXPRESS (Expressiveness in Concurrency) and the 20th edition of SOS (Structural Operational Semantics) we have produced an overview on how session types can be expressed in a type theory for the standard $\pi$-calculus by means of a suitable encoding 18. The encoding allows one to reuse results about the $\pi$-calculus in the context of session-based communications, thus deepening the understanding of sessions and reducing redundancies in their theoretical foundations. We have also reviewed the practical implications of these results (e.g., refined forms of deadlock analysis, type inference).

We designed and tested an interdisciplinary training module on cryptography 13 for prospective STEM teachers that leveraged some “boundary objects” between Math and CS (e.g., adjacency matrices, graphs, computational complexity, factoring) in an important social context (the debate on the benefits and risks of end-to-end cryptography). The module proved useful in making students mobilize concepts, methods, and practices of the two disciplines and making them move between semiotic representations of the interdisciplinary objects involved.

We co-designed with teachers 22 a learning module to teach iteration to second graders using a visual programming environment and following the Use-Modify-Create methodology. The co-designed learning module was piloted with three second-grade classes. Sharing the different perspectives of researchers and teachers improved the quality of the resulting learning module and constituted a very significant professional development opportunity for both teachers and researchers.

We studied 20 the problem-solving ability of GPT-3 in solving tasks proposed in the Bebras challenge. GPT-3 was able to answer with a majority of correct answers in about one-third of the Bebras tasks. It provided explanations that sounded correct but often logically wrong. The system was good in applying procedures, but quite bad at synthesis or logically complex tasks.