We study the interaction of the "new" construct with a rich but common form of (first-order) communication. This interaction is crucial in security protocols, which are the main motivating examples for our work; it also appears in other programming-language contexts. Specifically, we introduce a simple, general extension of the pi calculus with value passing, primitive functions, and equations among terms. We develop semantics and proof techniques for this extended language and apply them in reasoning about some security protocols.
A case for impurityPurity often comes before convenience and even before faithfulness in the lambda calculus, the pi calculus, and other foundational programming languages. For example, in the standard pi calculus, the only messages are atomic names [32]. This simplicity is extremely appealing from a foundational viewpoint, and helps in developing the theory of the pi calculus. Furthermore, ingenious encodings demonstrate that it may not entail a loss of generality: in particular, integers, objects, and even higher-order processes can be represented in the pure pi calculus.On the other hand, this purity has a price. In applications, the encodings can be futile, cumbersome, and even misleading. For example, in the study of programming languages based on the pi calculus (such as Pict [37] or Jocaml [14]), there is little point in pretending that integers are not primitive. The encodings may also complicate static analysis and preclude careful thinking about the implementations of communication. Moreover, it is not clear that satisfactory encodings can always be found. We may ask, for instance, whether there is a good representation of the spi calculus [5] (a calculus with cryptographic operations) in the standard pi calculus; we are not aware of any such representation that preserves security properties without a trusted central process.These difficulties are often circumvented through on-thefly extensions. The extensions range from quick punts ("for the next example, let's pretend that we have a datatype of integers") to the laborious development of new calculi, such as the spi calculus and its variants. Generally, the extensions bring us closer to a realistic programming language or modeling language-that is not always a bad thing.Although many of the resulting calculi are ad hoc and poorly understood, others are robust and uniform enough to have a rich theory and a variety of applications. In particular, impure extensions of the lambda calculus with function symbols and with equations among terms ("delta rules") have been developed systematically, with considerable success. Similarly, impure versions of CCS and CSP with value-passing are not always deep but often neat and convenient [31].In this paper, we introduce, study, and use an analogous uniform extension of the pi calculus, which we call the applied pi calculus (by analogy with "applied lambda calculus"). From the pure pi calculus, we inherit constructs for communication and concurrency, and for generating statically scoped new...
