How to Trust the Re-use of Data

Abstract

Research in natural sciences and life sciences involve carrying out experiments to collect data as well as carrying out analysis to interpret the data. Increasingly data is being made available to other scientists in big databases. The scientific process builds on the idea that research results can be independently validated by other researchers. However, the concern about the correct re-use of data is also increasing. As illustrated by a currently evolving case of alleged scientific mispractice there is a need to support a reliable re-use of data. To solve this challenge we introduce an enriched coordination language based on Klaim, that can model the coordination of the re-use of data in the research community. We define the formal semantics of our language and develop a static analysis that can be used to check whether we have a trustable re-use of data.

A Appendix: Proofs

Proof

(Lemma  1 ). The proof is by induction on how \(N_1 \equiv N_2\) is obtained from Table 2.

There are three base cases, for \(N_1 \equiv N_2\): (a) \(N_1:= l\,{:}{:}\, P\) and \(N_2:= l\,{:}{:}\,P || l\,{:}{:}\,0\) (b) \(N_1:l\,{:}{:}\,P_1|P_2\) and \(N_2:= l\,{:}{:}\,P_1 || l\,{:}{:}\, P_2\) (c) \(N:= l\,{:}{:}\,*P\) and \(N_2:= l\,{:}{:}\,P| *P\). We are going to show just the second case, the remaining cases are proved similarly.

The base case is when \(N_1:= l\,{:}{:}\, P_1|P_2\) and \(N_2 := l\,{:}{:}\,P_1 || l\,{:}{:}\,P_2\), where we have to prove that if \(N_1 \equiv N_2\), then \(\chi , \rho \vdash _N l\,{:}{:}\, P_1|P_2:\varepsilon \Leftrightarrow \chi , \rho \vdash _N l\,{:}{:}\,P_1 || l\,{:}{:}\,P_2 : \varepsilon .\) Let’s prove the \((\Rightarrow )\): If \(\chi , \rho \vdash _N l\,{:}{:}\,P_1 | P_2 :\varepsilon \), then \(\chi , \rho \vdash _N l\,{:}{:}\, P_1 || l\,{:}{:}\,P_2:\varepsilon \). By applying Judgment⁴ (2) to the left-hand side formula we have \(\chi , \rho , l \vdash _P P_1 | P_2:\varepsilon \) and by applying (4) to it we have: \( \chi , \rho , l \vdash _P P_1:\varepsilon _1 \ \wedge \ \chi , \rho , l \vdash _P P_2:\varepsilon _2 \ \wedge \ \varepsilon _1 \cup \varepsilon _2 \subseteq \varepsilon . \) By applying (2) to the above formulas we have: \( \chi , \rho \vdash _N l\,{:}{:}\, P_1:\varepsilon _1 \ \wedge \ \chi , \rho \vdash _N l\,{:}{:}\, P_2:\varepsilon _2 \ \wedge \ \varepsilon _1 \cup \varepsilon _2 \subseteq \varepsilon \) and by applying (1) we have: \(\chi , \rho \vdash _N l\,{:}{:}\, P_1 || l\,{:}{:}\, P_2:\varepsilon \) that is what we need to prove.

Let’s prove the \((\Leftarrow )\): If \(\chi , \rho \vdash _N l\,{:}{:}\, P_1 || l\,{:}{:}\,P_2:\varepsilon \), then \(\chi , \rho \vdash _N l\,{:}{:}\,P_1 | P_2 :\varepsilon \). By applying (1) we have: \( \chi , \rho \vdash _N l\,{:}{:}\, P_1:\varepsilon _1 \ \wedge \ \chi , \rho \vdash _N l\,{:}{:}\, P_2:\varepsilon _2 \ \wedge \ \varepsilon _1 \cup \varepsilon _2 \subseteq \varepsilon \) where by (2) we have: \( \chi , \rho , l \vdash _P P_1:\varepsilon _1 \ \wedge \ \chi , \rho , l \vdash _P P_2:\varepsilon _2 \ \wedge \ \varepsilon _1 \cup \varepsilon _2 \subseteq \varepsilon . \) By applying (4) to it, we have: \( \chi , \rho , l \vdash _P P_1| P_2 :\varepsilon \) and by applying (2) we get what we need to prove: \( \chi , \rho \vdash l\,{:}{:}\, P_1| P_2 :\varepsilon . \)

Our inductive hypothesis says: if \(N_1 \equiv N_2\), then we have: \(\chi , \rho \vdash N_1:\varepsilon \ \text {iff} \ \chi , \rho \vdash N_2:\varepsilon \), where \(N_1\) and \(N_2\) are constructed as above.

Let’s analyze the inductive step, where given \(N_1:= N||N'_1\) and \(N_2:= N || N'_2\), and \(N_1 \equiv N_2\), then \(\chi , \rho \vdash N|| N'_1 :\varepsilon \Leftrightarrow \chi , \rho \vdash N || N'_2:\varepsilon \), and we also have that \(N'_1\equiv N'_2\), where \(N'_1, N'_2, N\) are nets constructed as described above.

Let’s prove the \((\Rightarrow )\): If \(\chi , \rho \vdash _N N||N'_1:\varepsilon \), then by applying (1) we have: \( \chi , \rho \vdash _N N:\varepsilon _1 \ \wedge \ \chi , \rho \vdash _N N'_1:\varepsilon _2 \ \wedge \ \varepsilon _1 \cup \varepsilon _2 \subseteq \varepsilon . \) Given \(N'_1\equiv N'_2\) by the inductive hypothesis and the above result we have: \(\chi , \rho \vdash _N N'_1:\varepsilon _2 \Leftrightarrow \chi , \rho \vdash _N N'_2:\varepsilon _2\) that transforms the previous formula in: \(\chi , \rho \vdash _N N:\varepsilon _1 \ \wedge \ \chi , \rho \vdash _N N'_2:\varepsilon _2 \ \wedge \ \varepsilon _1 \cup \varepsilon _2 \subseteq \varepsilon .\) Thus, by applying again (1) we have the formula that we want to prove: \(\chi , \rho \vdash _N N|| N'_2:\varepsilon .\)

The proof for \((\Leftarrow )\): \( \chi , \rho \vdash _N N||N'_1:\varepsilon \Leftarrow \chi , \rho \vdash _N N|| N'_2:\varepsilon \) is done analogously.

Proof

(Substitution Lemma  2 ). The proof is by structural induction on P. From the syntax of P we have that: \(P \,{:}{:}{=}\, P_1| P_2 \ | \ *P \ | \ \sum _i a_i.P_i.\)

Basic Step: the sum of the action prefixed processes is 0: if \(\chi , \rho , l \vdash _P 0\), then \(\chi , \rho , l \vdash _P 0\theta \).

Our inductive hypothesis says that if \(\chi , \rho , l \vdash _P P:\varepsilon \), then \(\chi , \rho , l \vdash _P P\theta : \varepsilon \).

The first inductive step is when the processes is a non empty sum of action prefixed processes: \(\chi , \rho , l \vdash _P \sum _i a_i.P_i:\varepsilon \) which by applying (6) becomes: \(\forall i. \chi , \rho , l \vdash _A a_i:\varepsilon '_i \wedge \chi , \rho , l \vdash _P P_i:\varepsilon ''_i \ \wedge \ \varepsilon '_i \subseteq \varepsilon \wedge \varepsilon ''_i \subseteq \varepsilon .\) It is sufficient to show that \(\forall \ i\), given \(\theta [d/x]\):

$$\begin{aligned} \begin{array}{lc} (1) &{} \text {if } x \not \in {\textit{bv}}(a_i), \text { then }\chi , \rho , l \vdash a_i\theta : \varepsilon '_i \wedge \chi , \rho , l \vdash P_i\theta : \varepsilon ''_i\\ (2) &{} \text {if } x \in {\textit{bv}}(a_i), \text { then }\chi , \rho , l \vdash a_i\theta : \varepsilon '_i \wedge \chi , \rho , l \vdash P_i: \varepsilon ''_i. \end{array} \end{aligned}$$

The second part of the first condition follows from the inductive hypothesis, and the second part of the second condition is trivial. Below we prove the first part of both conditions, where \(a_i\) is an action. We prove it for the \(\mathbf{read }\) action, the proofs for the other actions follow similarly. We have to prove that if \(\chi , \rho , l \vdash _A \mathbf{read }(\overrightarrow{x}, G)@l'\), then \(\chi , \rho , l \vdash _A \mathbf{read }(\overrightarrow{x}\theta , G)@l'\). Thus, we have to prove that:

$$\begin{aligned} \begin{array}{c} \forall \overrightarrow{l''}, \rho (\overrightarrow{x}\theta , \overrightarrow{l''}) \wedge (\forall l_0. \chi (l', \overrightarrow{l''}, l_0, G) \Rightarrow l_0 = l) \ \wedge ((\forall l_0. \chi (l', \overrightarrow{l''}, l_0, G) \wedge l_0 \ne l) \Rightarrow \\ (l', l, l_0, G)\in \varepsilon ) \ \wedge (\forall G'. \chi (l', \overrightarrow{l''}, l, G') \wedge G \# G') \Rightarrow (l', l, G') \in \varepsilon \end{array} \end{aligned}$$

since then \(\chi , \rho , l \vdash _A \mathbf{read }(\overrightarrow{x}\theta , G)@l'\). In this case, if \(x\ne y\) and \(\theta [d/y]\), then \(\rho (\overrightarrow{x}\theta , \overrightarrow{l''})\) is trivial. Otherwise, if \(x = y\) and \(\theta [d/y]\), then \(\rho (\overrightarrow{x}[d/y], \overrightarrow{l''})\) it’s always true by the definition of \(\rho \). Thus, \(\chi , \rho , l \vdash _A \mathbf{read }(\overrightarrow{x}\theta , G)@l'\) it true.

The remaining two cases of how P is constructed, are easily proved by using the Judgments of Table 6.

Proof

(Subject Reduction Lemma  3 ). The proof is by induction on how \(N\rightarrow M\) is obtained using the rules of Tables 4 and 5. As basic step we use the rules in Table 5. We show one case, for the \(\mathbf{read }\) action, the others follow similarly. What we need to prove is given: \( N_C \vdash l_s\,{:}{:}\, read(\overrightarrow{x}, G)@l_t.P || l_t\,{:}{:}\, \overrightarrow{d},{\text {AC}}\ \rightarrow \ l_s\,{:}{:}\, P\theta || l_t\,{:}{:}\, \overrightarrow{d}, {\text {AC}}\cup \{(G:l_s)\} \) and \(\chi , \rho \vdash l_s\,{:}{:}\,\mathbf{read }(\overrightarrow{x}, G)@l_t. P || l_t\,{:}{:}\, \overrightarrow{d}, {\text {AC}}:\varepsilon \) then we can imply \(\chi , \rho \vdash l_s\,{:}{:}\,P\theta || l_t\,{:}{:}\, \overrightarrow{d}, {\text {AC}}\cup \{(G: l_s)\}:\varepsilon \) assuming \({\textit{match}}(\overrightarrow{x}, d)= \theta \ \wedge \ \forall l. \ (G:l) \in {\text {AC}}\rightarrow l=l_s \ \wedge (\forall l,G'. \ (G':l)\in {\text {AC}}\wedge G\#G' \Rightarrow l\ne l_s).\)

Given the formula \(\chi , \rho \vdash l_s\,{:}{:}\, \mathbf{read }(\overrightarrow{x}, G)@l_t. P || l_t\,{:}{:}\, \overrightarrow{d}, {\text {AC}}: \varepsilon \) then by applying (1) we have: \( \chi , \rho \vdash l_s\,{:}{:}\, \mathbf{read }(\overrightarrow{x}, G)@l_t. P: \varepsilon _1 \wedge \chi , \rho \vdash l_t\,{:}{:}\, \overrightarrow{d}, {\text {AC}}: \varepsilon _2 \) and \(\varepsilon _1 \subseteq \varepsilon \), \(\varepsilon _2 \subseteq \varepsilon \) where \(\varepsilon _1, \varepsilon _2 \) are fresh. By applying (2) and (6) to \(\chi , \rho \vdash l_s\,{:}{:}\,\mathbf{read }(\overrightarrow{x}, G)@l_t. P: \varepsilon _1\), we have: \( \chi , \rho , l_s \vdash _P \mathbf{read }(\overrightarrow{x}, G)@l_t: \varepsilon _3 \wedge \chi , \rho , l_s \vdash _P P: \varepsilon _4 \) and \(\varepsilon _3 \subseteq \varepsilon _1\), \(\varepsilon _4 \subseteq \varepsilon _1\) where \(\varepsilon _3, \varepsilon _4\) are fresh. From the Substitution Lemma 2 if \({\textit{match}}(\overrightarrow{x}, \overrightarrow{d})= \theta \), then we have that: \(\chi , \rho , l_s \vdash \mathbf{read }(\overrightarrow{x}\theta , G)@l_t: \varepsilon _3 \wedge \chi , \rho , l_s \vdash P\theta : \varepsilon _4 \) and by applying the Substitution Lemma 2 and (7) to the left-hand side we have that: \( \forall \overrightarrow{l''}. \ \rho (\overrightarrow{x}\theta , \overrightarrow{l''}) \wedge (\forall l'. \chi (l_t, \overrightarrow{l''}, l', G) \Rightarrow l' = l_s) \wedge (\forall l'. \chi (l_t, \overrightarrow{l''}, l', G) \Rightarrow l' \ne l_s \Rightarrow (l_t, l_s, l', G) \in \varepsilon _3) \ \wedge (\forall G'. \chi (l_t, \overrightarrow{l''}, l_s, G') \wedge G\#G' \Rightarrow (l_t, l_s, G') \in \varepsilon _3). \) In case we don’t have an error, we always have \(l_t\,{:}{:}\, \overrightarrow{d}, {\text {AC}}\cup \{(G:l_s)\}\) from \(\chi (l_t, \overrightarrow{l''}, l_s, G)\), and by using (2) and (1) we have: \(\chi , \rho \vdash l_s\,{:}{:}\,P\theta || l_t\,{:}{:}\, \overrightarrow{d}, {\text {AC}}\cup \{(G: l_s)\}:\varepsilon . \)

Our inductive hypothesis says if \(N_C\vdash N\rightarrow M\) and \(\chi , \rho \vdash N:\varepsilon \), then \(\chi , \rho \vdash M:\varepsilon \). Let’s analyze now the inductive steps, that are taken from Table 4. By the first rule we have to prove that given \(N_C\vdash N_1||N_2 \rightarrow N'_1||N_2\) and \(\chi , \rho \vdash N_1||N_2:\varepsilon \), then \(\chi , \rho \vdash N'_1|| N_2:\varepsilon \), assuming also \(N_C \cup \{N_2\} \vdash N_1 \rightarrow N'_1\). Given \(\chi , \rho \vdash N_1||N_2:\varepsilon \), by using (1), we have \(\chi , \rho \vdash N_1:\varepsilon \) and \(\chi , \rho \vdash N_2:\varepsilon \). By the inductive hypothesis given \(N_C \cup \{N_2\} \vdash N_1 \rightarrow N'_1\) and \(\chi , \rho \vdash N_1:\varepsilon \) we have: \(\chi , \rho \vdash N'_1:\varepsilon \), where by using (1), we have: \(\chi , \rho \vdash N'_1||N_2:\varepsilon . \)

Let’s analyze the second rule, where given \(N_C\vdash N\rightarrow N'\) and \(\chi , \rho \vdash N:\varepsilon \) we need to prove that \(\chi , \rho \vdash N':\varepsilon \), assuming also that \(N\equiv M\), \(N_C \vdash M\rightarrow M'\) and \(M'\equiv N'\). Given \(N\equiv M\) and \(\chi , \rho \vdash N:\varepsilon \) from Lemma 1 we have \(\chi , \rho \vdash M:\varepsilon \). We can apply the inductive hypothesis to the last result and \(N_C\vdash M\rightarrow M'\), and we have \(\chi , \rho \vdash M':\varepsilon \). By Lemma 1 given \(\chi , \rho \vdash M':\varepsilon \) and \(M'\equiv N'\) we have \(\chi , \rho \vdash N':\varepsilon \).

Proof

(Theorem  1 ). The proof is by contradiction, so assume that \(\chi , \rho \vdash _N:\varepsilon \) where \(\varepsilon =\emptyset \) and that \(N\rightarrow \cdots \rightarrow l_s\,{:}{:}\, \mathbf{in }(\overrightarrow{b^\lambda }, G)@l_t.P|| l_t\,{:}{:}\,\overrightarrow{d}, {\text {AC}}\) but this condition is not true: \(({\textit{match}}(\overrightarrow{b^\lambda }, \overrightarrow{d}) =\theta \) \(\Rightarrow \) \(\forall l. (G:l) \in {\text {AC}}\Rightarrow l=l_s\) \(\wedge \) \((\forall l, G'.\ (G':l) \in {\text {AC}}\wedge G\#G' \Rightarrow l\ne l_s))\). From Lemma 3, as we have \(\chi , \rho \vdash N:\emptyset \) and \(N\rightarrow \cdots \rightarrow l_s\,{:}{:}\, \mathbf{in }(\overrightarrow{b^\lambda }, G)@l_t.P|| l_t\,{:}{:}\,\overrightarrow{d}, {\text {AC}}\), then \(\chi , \rho \vdash l_s\,{:}{:}\, \mathbf{in }(\overrightarrow{b^\lambda }, G)@l_t.P|| l_t\,{:}{:}\,\overrightarrow{d}, {\text {AC}}:\emptyset \). That we can rewrite as: \(\chi , \rho \vdash l_s\,{:}{:}\, \mathbf{in }(\overrightarrow{b^\lambda }, G)@l_t.P:\emptyset \wedge \chi , \rho \vdash l_t\,{:}{:}\,\overrightarrow{d}, {\text {AC}}:\emptyset \) and the left-hand side can be rewritten as: \(\chi , \rho \vdash l_s\,{:}{:}\, \mathbf{in }(\overrightarrow{b^\lambda }, G)@l_t:\emptyset \wedge \chi , \rho \vdash l_s\,{:}{:}\, P :\emptyset . \) For the left-hand side, as the condition is not true, we have \({\textit{match}}(\overrightarrow{b^\lambda }, G) = \theta \) and that \((l_t, l_s, l, G) \in \varepsilon \) or \((l_t, l_s, G') \in \varepsilon \), which is not true as \(\varepsilon =\emptyset \). We prove similarly for the other two cases.