Thesis - Research Explorer - Universiteit van Amsterdam

UvA-DARE is a service provided by the library of the University of Amsterdam (https://dare.uva.nl)

UvA-DARE (Digital Academic Repository)

Choice quantification in process algebra

Luttik, S.P.

Publication date2002Document VersionFinal published version

Link to publication

Citation for published version (APA):Luttik, S. P. (2002). Choice quantification in process algebra.

General rightsIt is not permitted to download or to forward/distribute the text or part of it without the consent of the author(s)and/or copyright holder(s), other than for strictly personal, individual use, unless the work is under an opencontent license (like Creative Commons).

Disclaimer/Complaints regulationsIf you believe that digital publication of certain material infringes any of your rights or (privacy) interests, pleaselet the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the materialinaccessible and/or remove it from the website. Please Ask the Library: https://uba.uva.nl/en/contact, or a letterto: Library of the University of Amsterdam, Secretariat, Singel 425, 1012 WP Amsterdam, The Netherlands. Youwill be contacted as soon as possible.

Download date:16 Sep 2022

https://dare.uva.nl/personal/pure/en/publications/choice-quantification-in-process-algebra(57e8d797-4e50-4f2d-8b90-785621b41c64).html

Choicee Quantification l i nn Process Algebra

&*%*?V &*%*?V

we we define define

Bass Luttik

Stellingen n

behorendee bij het proefschrift

Choicee Quantification inn Process Algebra

door r

Bass Luttik

I I

Hett is vaak handig om bij het formeel specificeren van een proces enkele rele-vantee datatypen apart te definiëren.

Zie:: Hoofdstuk 1 van dit proefschrift.

I I I

Mett keuzekwantificatie kunnen zowel de universele als de existentiële kwantor uitt de eerste-orde logica worden gesimuleerd, terwijl met het ' input prefix'-mechanismee van value-passing CCS alleen de universele kwantor kan worden gesimuleerd. .


I I I I

Hett deductiesysteem voor pCRL dat in dit proefschrift wordt bestudeerd, is relatiefrelatief volledig: het is volledig als (1) elke eerste-orde bewering over de da ta kann worden uitgedrukt middels ecu Boolese expressie, en (2) het geïmporteerde deductiesysteemm voor de data volledig is.


IV V

Hett deductiesysteem voor pCRL dat in dit proefschrift wordt bestudeerd, is weliswaarr equationeel, maar niet algebraisch.


V V

Inn de definitie van de klasse van lokaal eindige Lj-dimensionale cylinderalgebra's {zi ee Henkin en Tarski (1961)) is het axioma

XX V C,-X — Ci'X

overbodig. .

Vergelijk:: Corollariuni 6.32 van dit proefschrift.

L.. Henkin en A. Tarski. Cylindric algebras. In: Proc. Sympos. Pure Math., Vol. II.

blz.. 83 113. 1961.

VI I

Dee transformatie van That te, toegepast op een zwak persistent termherschrijf-systeem,, behoudt geen confluentie, maar wel uniciteit van normaalvormen met betrekkingg tot reductie.

Zie:: S.P. Luttik, P.H. Rodenburg en R.M. Verraa. Correctness criteria for transfor-mationss of rewrite systems (with an application to Thatte's transformation).

VI I I

Inn de theorie PA$e(A) heeft elk genormeerd proces (d.w.z., elk proces dat suc-cesvoll kan terrnineren) een decompositie in parallelle priemen. Echter, deze decompositiee is niet altijd uniek: de processen a, (a S + E) en (a -f a ö) met aa 6 A, zijn parallel priem en paarsgewijs niet bisimulair, terwijl

aa || (a ö + e) (a + aö) || (a 6 + e).

Zie:Zie: S.P. Luttik. A note on unique factorisation of communicating processes.

V I I I I

Zijj A een eindige verzameling van actiesymbolen. De theorie PA (A) is niet u;-volledig;; een eindige w-volledige axiomatizering wordt verkregen door het zogenaamdee 'axioma voor standard concurreny' toe te voegen en daarnaast nog voorr iedere eindige alternatieve compositie a = a\ + ... + an van verschillende actiesymbolenn a i , . . ., an e A het axioma

xx a [j_ a ~ (x [J_ a) a.

Zie:: W.J. Fokkink en S.P. Luttik. An ^-complete equational specification of inter-leaving.. In: Proc. ICALP 2000, biz. 729-743.

I X X

Beterr geen laatste stelling, dan een teleurstelling.


L L

IPAA Dissertation Series

2002-04 4

lNST /y^ ^

^DE^DE EN M'

Thee work in this thesis has been carried out under the auspices of the research schooll IPA (Institute for Programming research and Algorithmics). The author wass employed by the Netherlands Organisation for Scientific Research (NWO; projectt 612-33-008; 1996-2000), and by the Centre for Mathematics and Computer Sciencee (CWI; 2000-2001).


ACADEMISCHH PROEFSCHRIFT

terr verkrijging van de graad van doctor aann de Universiteit van Amsterdam opp gezag van de Rector Magnificus

prof.. mr. P.F. van der Heijden tenn overstaan van

eenn door het college voor promoties ingestelde commissie, inn het openbaar te verdedigen

inn de Aula der Universiteit opp woensdag 3 april 2002, te 14.00 uur

door r

Sebastiaann Pascal Luttik

geborenn te Zutphen

Promotoren:: prof. dr. J.A. Bergstra prof.. dr. ir. J.F. Groote

Faculteitt der Natuurwetenschappen, Wiskunde en Informatica

Copyrightt © 2002 by Bas Luttik

ISBNN 90-90156-24-0 NUGII 855 IPAA Dissertation Series 2002-04

Typesett with IATEX2 £

Printedd by Thela Thesis, Amsterdam Coverr design by Simona Orzan

Author'ss address: CWI I P.O.. Box 94079 10988 SJ Amsterdam Thee Netherlands Bas.LuttikOcwi.nl l

Contents s

Prefacee Hi

11 Introductio n 1 1.11 Process specification 1 1.22 Process theory 7 1.33 Choice quantification 12

22 Process algebras wit h infinit e sums 17 2.11 Generalised basic process algebras with deadlock 18 2.22 Transition trees 21 2.33 Free GBPA^'s 24

Bibliographicc notes 26

33 The syntax and semantics of pCRL 29 3.11 Data 31 3.22 The language pCRL 33 3.33 The semantics of pCRL 36 3.44 pCRL trees 38 3.55 Tree forms 41 3.66 Value-passing CCS 46


44 A correspondence between pCRL and first-order logic 51 4.11 Boolean expressions and open first-order formulas 53 4.22 The definition of 4> 55 4.33 The definition of rj 61 4.44 A universal fragment 65


55 A deductive system for pCRL 71 5.11 The deductive system 73 5.22 Tree forms revisited 81 5.33 Relative completeness 83


66 Algebraic pCRL 103

i i

6.11 cj-dimensional basic process modules 106 6.22 Comparing formal systems 112 6.33 Dimension-restricted free basic process modules 123


77 Concluding remark s 143

Bibliograph yy 145

Indexx of notations 151

Indexx of subjects 153

Samenvattingg (Dutch summary) 157

Preface e

Whenn I started work as an onderzoeker in opleiding, affiliated with the CWI and thee University of Amsterdam, my first project was to specify a part of the IEEE 13944 (see Luttik, 1997). It was my first encounter with the process specification languagee /zCRL, and with the choice quantifier (also referred to as 'sum opera-tor').. Syntactically, /iCRL is an extension of the algebraic process theory ACP, whichh I had come across before, and, indeed, the choice quantifier reminded me of thee notation sometimes used in ACP specifications to abbreviate large alternative compositions.. However, in ACP, this notation is informal, and its use is explicitly restrictedd to cases in which the abbreviated alternative composition is finite. In contrast,, the choice quantifier belongs to the official syntax of //CRL, and it may referr to an infinite alternative composition.

Sincee my first contact with //CRL, I have been interested in choice quantification, andd especially in its mathematical theory. Jan Friso Groote and I tried to axioma-tisee choice quantification in the context of a finite fragment of ^CRL in several semanticc settings. First, we investigated the completeness of a set of equational axiomss with strong bisimulation as a semantics (Groote and Luttik, 1998a). Our mainn conclusion was that a complete set of axioms could not be found in general, becausee for certain data, the associated notion of bisimulation was too complex to havee an axiomatisation. We also formulated general restrictions on the data, under whichh our set of axioms was complete. Then, we extended our results to a setting withh branching bisimulation as a semantics (Groote and Luttik, 1998b), and I extendedd this result further, to settings with weak-, delay- and 77-bisimulation as semanticss (Luttik, 1999a).

Inn my view, a drawback of the axiomatisations we had found was that they treatt choice quantification as a binder, a construction that relies on the syntactic structuree of its argument. As such, our axiomatisations could not be viewed at thee same time as an abstract algebraic definition of the mathematical notion that choicee quantification refers to. In other words, choice quantification had in our theoryy not the same semantic status as the operations of a purely algebraic theory suchh as ACP. Building on the techniques of algebraic logic, I therefore proposed an alternativee treatment of choice quantification, which abstracts from the syntactic aspectt of choice quantification (Luttik, 1999b).

Apartt from conducting the above mentioned investigations, I participated in otherr research. Eelco Visser and I coauthored a paper on the specification of rewritingg strategies (Luttik and Visser, 1997). Together with Piet Rodenburg andd Rakesh Verma, I wrote a paper on correctness criteria for transformations of rewritee systems (Luttik et al., 1998). Wan Fokkink and I proved that a finite in-completee specification of interleaving is obtained by adding to the algebraic theory

in n

IV V Preface e

PAA of Bergstra and Klop (1985) a well-known axiom for standard concurrency and thee equations generated by a new axiom schema (Fokkink and Luttik. 2000). And II wrote a short note about unique decomposition of processes with respect to parallell composition (Luttik, 2000).

Whenn time had come to present a dissertation. I could have chosen to just putt all my papers together. Clearly, given the diversity of subjects, this would havee resulted in a very fragmented account. Instead, I preferred to try and write a coherentt report of my study of choice quantification, the main theme of my research thuss far. One of the things I had learned, was that the mathematical definitions underlyingg /iCRL are considerably more complex than those underlying, e.g., the algebraicc theory ACP, which is firmly founded on the standard theory of universal algebra.. In fact, I found that the mathematical basis for yuCRL had not been definedd in sufficiently precise detail.

Thiss dissertation, then, is concerned with the mathematical theory of choice quantification,, with a bias towards an algebraic approach. It is organised as fol-lows.. Chapter 1 explains the advantages of using choice quantification in a process specification,, and briefly touches on the subjects of the later chapters. Chapter 2 exploress the semantic connection between //CRL and ACP, providing an abstract algebraicc definition of infinite sums in basic process algebras with deadlock. Chap-terr 3 defines the fragment of //CRL which is the main focus of the rest of the book. I tt establishes a connection with the structures discussed in Chapter 2; in particu-lar,, it explains how choice quantification relates to alternative composition.

Chapterr 4 demonstrates a correspondence between choice quantification in tCRL andd quantification in first-order logic. It considerably improves on the first part of (Grootee and Luttik, 1998a), showing that, with respect to the data inside / CRL expressions,, choice quantification can simulate both universal and existential quan-tificationn of first-order logic. We put this in perspective by showing that the input prefixx mechanism of value-passing CCS can only simulate universal quantification.

Thee results of Chapter 4 motivate the restrictions imposed on the data domain inn later chapters. Chapter 5 discusses a sound and complete deductive system, andd is based on the second part of (Groote and Luttik, 1998a). Chapter 6 is based onn (Luttik, 1999a), and presents an alternative to the deductive system discussed inn Chapter 5; this alternative is more attractive from an algebraic point of view. Itt is shown that the systems of Chapters 5 and 6 are equivalent in expressive and deductivee power. Chapter 7 presents the conclusions.

Acknowledgments s

Myy supervisors, Jan Bergstra and Jan Friso Groote, always expressed their confi-dencee in me. for which I am very grateful. Jan had time for me whenever I wanted too discuss my work or my personal situation. He always gave inspiring and valu-ablee advice. Jan Friso made his 'theme' at the CWI into a stimulating research environment,, in which I had the freedom to do the research that I wanted to do. Hiss enthusiasm was of great support to me.

Piett Rodenburg played an invaluable part in my development as a researcher. I couldd always drop by his office to ask him a question, to test an idea for a proof, or

Preface e v v

justt to chat about one thing or another. He taught me a lot about logic, algebra, andd science in general. His proof reading ability is superhuman.

Myy cooperation with Wan Fokkink was most pleasant, and when he succeeded Jann Friso as theme leader, he turned out to be an excellent boss as well, providing me,, both literally and figuratively, with the room in which I could write this book. Thee circumstances in my last six months at the CWI, in my corner on the third floor,floor, were perfect. I could close my door and concentrate on the writing. But wheneverr I felt like it, I could swing it open again, to find in Jaco van de Pol an enthusiasticc neighbour, ready to exchange ideas. He read and commented on large partss of this dissertation.

II thank the members of the reading committee, Maarten Boasson, Jan van Eijck, Wann Fokkink, Paul Klint , Kees Middelburg, Piet Rodenburg and Davide Sangiorgi forr reviewing the manuscript and for their comments. A last minute discussion withh Jan van Eijck enabled me to improve the presentation.

II wish to express my gratitude to all the participants of PAM, and especially too top speakers Sjouke Mauw and Vincent van Oostrom, who were always willin g andd able to fill gaps in my program. Vincent was usually there when I spent the weekendd at the CWI, and I have benefited from our long conversations. I wish too extend my gratitude to all the former colleagues of the CWI, and in particular too Doeko Bosscher, David Griffioen, Alban Ponse, Michel Reniers, Judi Romijn, Yaroslavv Usenko and Mark van der Zwaag.

Jann Willem Klop and Roel de Vrijer were so kind as to enable me to complete thiss book at the VU. My new colleagues there, and especially my new office mate Mirnaa Bognar, made me quickly feel at home.

Thee cooperation with Eelco Visser, at the end of my first year, has meant a lot too me. He has become a good friend, and has been very encouraging ever since.

Thee most important source of relaxation in my life is jazz music; I played the pianoo in quite a few (big) bands, and I wish to thank my fellow musicians. I amm most grateful to all my friends, and in particular to Anna, Eric, Floortje, Ingmar,, Luuk, Ramin, Rob and Sanne. Simona's presence and support made a greatt difference to me and, indeed, to this book; mulûmesc frumos!

Myy final words of thanks are for my family: Mama k. Jan, Papa k, Karin, and myy three sisters Léonie, Tirza and Janine. Jan carefully read the introduction and suggestedd many improvements with regard to English usage. I am happy to have Tirr and Nien for my 'paranimfen'.

Bass Luttik

Amsterdam,, January 2002

1 1

Introduction n

Wee shall conduct a systematic investigation of choice quantification in the context off process algebra. Choice quantification is used to describe the act of selecting an instantiationn of a process with an arbitrary element from a data domain. This first chapterr is meant to introduce the context in which the above mentioned subjects playy a role. We first explain the basics of formal process specification, and why itt is sometimes convenient to give a separate specification of some relevant data. Then,, we shall describe a general method for assigning a mathematical meaning too formal specifications of processes, and we shall discuss the consequences for thiss method if some of the data is to be specified separately. Finally, we shall brieflyy mention the results about choice quantification that wil l be obtained in the remainderr of this thesis.

1.11 Process specification

Too start with, here is an informal description of a very simple process. At almost everyy street corner in downtown Amsterdam there is a car park ticket dispenser. Thiss is a quite simple device that translates coins into parking time. When this thesiss was written (on the eve of the introduction of the 'euro'), the machine acceptedd the following Dutch coins: 'kwartjes' (Dfl. 0.25), 'guldens' (Dfl. 1.00), 'rijksdaalders'' (Dfl. 2.50) and 'vijfjes' (Dfl. 5.00).

AA car owner wishing to avoid a wheel clamp will look for the nearest ticket dispenserr —advertised by the capital P— immediately after parking his car. It presentss him with the following options:

1.. He can insert a coin.

2.. He can press a green button to instruct the machine to produce a ticket. Thee dispenser requires the insertion of at least Dfl. 0.50 to print a ticket; otherwise,, pressing the green button has no effect.

3.. He can turn a red knob causing the machine to return all the coins that were insertedd since the last time that either the button was pushed or the knob wass turned.

Inn the city centre, the parking fee is approximately Dfl. 5.00 an hour. (To be entirelyy honest, the fee is Dfl. 5.75 per hour between 9am and 7pm, and Dfl. 3.25 betweenn 7pm and 11pm, and outside these hours parking is for free. Further,

1 1

2 2 Chapterr 1 Introductio n

theree is obviously a (physical) limit on the amount of money that the car owner cann deposit in the dispenser. We ignore such details so as to guarantee that our examplee retains its promised simplicity. Also, we are not sure about the internal precisionn of our dispenser when it associates minutes with coins; somewhere in the processs it presumably rounds off to the nearest minute. It is more convenient to workk with a fee of Dfl. 5.00 per hour, so that the number of minutes associated withh each coin is an integer; e.g., a 'kwartje' buys 3 minutes of parking time.)

1.1.11 Implici t data

Above,, we have informally described the events that may occur in the process of obtainingg a ticket from the ticket dispenser. We assign to each of these events a formall symbol from the following list

ink,, ing, inr, inv, button, print, knob, return. (1.1)

Thee symbols "ink", "ing" , "inr" and "inv" respectively refer to the events of the carr owner inserting a 'kwartje', a 'gulden', a 'rijksdaalder' or a 'vijfje' into the tickett dispenser. The symbol "button" refers to the event of him pressing the greenn button, and the symbol "knob" refers to the event of him turning the red knob.. The symbol "print" refers to the event of the dispenser printing a ticket, andd the symbol "return" refers to the event of it returning all the recently inserted coins. .

Furthermore,, let us attach the number of minutes for which the car owner has paidd as a subscript to the name of the ticket dispenser. This gives us another list off formal symbols:

P o , P3 , . . . , P3n , . ... ( n > 0 ). (1.2)

Thee number 3n (n > 0) may be thought of as the state the ticket dispenser got into whenn the car owner inserted coins to the equivalent of 3n minutes. The symbol P3 nn refers to the behaviour of the ticket dispenser when it is in state 3n.

Insertingg a coin, pressing the button and turning the knob wil l generally have thee effect of changing the state of the ticket dispenser; e.g., inserting a coin will increasee the subscript by the number of minutes associated with that coin, and turningg the knob while the dispenser is in some state 3n (n > 1) will make the dispenserr return all the inserted coins and go back to state 0. We introduce the symboll " to express that things happen consecutively. For instance, we write "inkk P3" if we want to say that the insertion of a 'kwartje' makes the dispenser go intoo state 3, and we write "knob return P0" if we want to say that after turning thee knob the dispenser returns the inserted coins and goes into state 0.

Accordingg to our informal descriptions, the car owner may activate a number of alternativee events. To specify this, we introduce the symbol "+" ; e.g., to express thatt the car owner may choose to insert a 'kwartje' to make the dispenser go into statee 3, or to insert a 'gulden' to make the dispenser go into state 12, we write "inkk P3 + ing P12". Incidentally, note that the car owner may choose to insert aa coin, press the button or turn the knob irrespective of the actual state of the tickett dispenser.

1.11 Process specification 3 3

Wee can now define the behaviour of our ticket dispenser by simultaneously specifyingg the behaviours that it may exhibit in each of its states:

P00 = ink P3 + ing Pï2 + inr P30 + inv P60 + button - P0 + knob - P0;

P33 = ink P6 + ing P i5 + inr P33 + inv P63

++ button P3 + knob return Po;

andd for all n > 2:

P3nn = ink P3n+3 + ing P3n+i2 + hir P3n+30 + inv P3n+6o

++ button print Po + knob return Po-

Thee equations above may serve as a formal specification of the behaviour of anyy car park ticket dispenser in downtown Amsterdam. Now, suppose that our carr owner did not find a place to park his car in the city centre, and that he was forcedd to put it somewhere just outside the city centre. He is still in a part of Amsterdamm where he has to pay, but parking time is twice as cheap: the fee is DA.. 2.50 an hour. The car park ticket dispensers in this part of Amsterdam look veryy similar to those in the city centre; they carry the same initial (P) and appear too behave in the same fashion too. The difference only becomes apparent when onee compares the amount of money inserted and the number of minutes allotted inn the two regions.

Whatt should we do to adapt the specification given above in such a way that it describess the behaviour of a ticket dispenser in this part of Amsterdam? We should doublee every number that appears as a subscript, thus obtaining a specification thatt assigns a behaviour to the symbols

P0 , P6 , . . . , P6 n , . ... ( n > 0 ).

Thee new specification accurately describes the behaviour of a ticket dispenser just outsidee the city centre. It is somewhat unfortunate, however, that the intuitively clearr relationship between the new specification and the previous one is obscured byy a computation. If we were to order ticket dispensers for all of Amsterdam, it wouldd be more convenient if we could give the manufacturer just one specification off their behaviour, plus the going rates for the different regions.

1.1.22 Explici t data

Wee started out to say that a car park ticket dispenser is a machine that translates coinss into minutes; coins and minutes are the types of data on which our ticket dispenserr operates. That our specification involves data at all has thus far been implicitt in our suggestive nomenclature for states and events. Let us now proceed andd give explicit definitions of some of the data in our specifications. The accepted coinss are the elements of a set C; in our example

CC = {k,g, r,v}.


Whenn a car owner inserts a coin c G C into the slot of a ticket dispenser, this has thee effect of increasing the parking time bought by the number of minutes T(c) associatedd with c; e.g., in the case of a ticket dispenser in the city centre

T(k)) = 3, T(g) = 12, T(r) = 30, and T(v) = 60;

andd in the case of a ticket dispenser just outside the city centre

T(k)) = 6, T(g) - 24, T(r) = 60, and T(v) = 120.

Wee are going to consider the set of coins C and the coins-to-minutes translation TT as parameters of a general specification of the behaviour of car park ticket dispensers. .

Too emphasize that the data have now come to the fore, we stop pushing them awayy in subscripts: we write P(ro) to refer to the ticket dispenser after the insertion off coins to the equivalent of n minutes; and we write in(k), in(g), in(r) and in(v) too refer to the events of inserting the respective coins. The car owner inserting a coin,, with the dispenser in state n, could then be denoted by

in{k )) P(n + T(k)) + in(g) P(n + T(g))

++ in(r) P(n + T(r)) + in(v) P(n + T(v)).

(Caution:: the symbol "+" occurs in two different capacities: referring to a choice betweenn events, and referring to addition of natural numbers.)

Thiss notation abstracts from the particular association between coins and min-utes,, and hence is suitable for the specification of ticket dispensers inside and outsidee the city center. But it is quite long, and it contains some redundant in-formation.. That is, which coins the ticket dispensers accept is already clear upon presentingg the parameter C; we can abstract from this information in the speci-ficationn of their behaviours. We want to say that the car owner may insert any memberr c of the set of coins C, upon which the dispenser updates its state with thee appropriate number of minutes T(c). We give the symbol "c" the status of a variablevariable that ranges over C, introduce a new formal symbol " X V ' anc^ sPecif y the eventt by

£c i n ( C ) - P (nn + T(c)).

Inn contrast to the previous notation, the new notation has the additional advan-tagee of being 'euro proof: to make the transition from the present Dutch coins to Europeann currency, the only thing that has to be done is to adapt the parameter C,, replacing the Dutch coins by euros, and to adapt the mapping T accordingly. Incidentally,, the new notation also reflects in a more natural way the physical ap-pearancee of ticket dispensers in Amsterdam: they have only one slot, which takes alll types of coins.

Thee effect of pressing the green button depends on the state n of the dispenser: if thee car owner has paid for at least 2 times the amount of minutes associated with a 'kwartje',, i.e., n > 2xT(k), then the dispenser produces a ticket; otherwise nothing

1.11 Process specification 5 5

happens.. To specify this in a concise way, we use the notation "< n > 2 x T(k) o" (inn general, read 'x <3 b > y' as 'then x if b else y'); e.g., we write

buttonn print P(0) < n > 2 x T(k) > button P(n)

too abbreviate 'if n > 2 x T(k), then button print P(0) happens, and otherwise buttonn P(n) happens'.

Wee can now specify the behaviour of ticket dispensers in Amsterdam concisely byy means of the following equation:

P(3n)) = £ c ni(c) P(3n + T(c))

++ button print P(0) < 3n > 2 x T(k) > button P(3n) (1.3)

++ knob return P(0) < 3n > 3 O knob P(0).

Notee that, to make this behaviour specification completely euro proof, we should eliminatee the explicit mention of k in 2 x T(k), e.g., by introducing a constant that representss the minimum number of minutes that can be bought.

Mostt of the symbols used in (1.3) explicitly refer to specific aspects of ticket dispensers,, denoting specific events associated with such machines or naming spe-cificc behaviour that they may exhibit in a certain state. In contrast, the symbols "+" ,, , "5Z " a nd "<! -1>" refer t° mechanisms that are not specific to ticket dispensers.. They have the kind of generality that one expects of the primitives of aa general purpose specification formalism.

1.1.33 The process specification language //CRL

Thee previous two subsections serve to illustrate that there is at least a conceptual advantagee in defining some relevant data separately when specifying a process. Manyy process specification languages, i.e., specification languages whose principal purposee is to specify the behaviour of systems, nowadays are accommodated with facilitiess to define data separately and with mechanisms to incorporate these in the actuall behaviour specification. Examples of such process specification languages are,, e.g., LOTOS (Bolognesi and Brinksma, 1987), PSF (Mauw and Veltink, 1990) andd /iCRL (Groote and Ponse, 1995). In this thesis, we shall elaborate on the theoreticall foundations of the process specification language /iCRL (micro Common Representationn Language; for a survey, see Groote and Reniers (2001)).

Inn a /iCRL specification, abstract data types are defined by means of a many-sortedd algebraic specification (see, e.g., Bergstra et al., 1989; Loeckx et al, 1996). Theree is a facility to declare basic events that may take the specified data as parameters,, and to aid the description of processes, /iCRL includes the mechanisms symbolisedd by "+" , , "£_" and "o _[>". To give some idea of what a tCRL specificationn looks like, we present in Table 1.1 a complete formal specification of aa ticket dispenser in the centre of Amsterdam, in //CRL syntax. At this point, two furtherr remarks about /xCRL are in order.

Firstly,, one should take our '//CRL syntax' with a pinch of salt. The official syntaxx of /iCRL was designed to be read by computers; to enhance readability for humanss we deviate slightly from it. We use mathematical symbols (e.g., <, +)

6 6 Chapterr 1 Introduction

sortt B funcc T.J_ :-> B

> : M x M ^ B B varr x, y : M reww (x > 0) = T

(00 > 3 + x) = _L (33 + x > 3 + y) = (x > y)

sortt C funcc k, g, r, v :—> C

T :: C ^ M reww T(k) = 3

T(g)) = 4 x 3 T(r)) = 10 x 3 T(v)) = 20 x 3

sortt M funcc 0 . 3 :^ M

++ : M x M —> M varr x. y. z : M reww (x + y) + z — x + (y + z)

xx + y — y -f x xx + 0 = x

actt button, print, knob, return in:C C

procc P(m : M) = £c : C i n( c) " P ( m + T( c) )

++ button print P(0) < m > 2 x T(k) > button P(m) ++ knob return P(0) O m > 3 t> knob P(0)

Tablee 1.1: A /iCRL specification of a car park ticket dispenser. We use an abbre-viationn that ought to be spelled out: if t is a term of sort M and n is a natural number,, then we write n x t to denote the term ( (t + i) + • • • + t) + t with n occurrencess of t.

ass names of functions declared in func sections and write them infix, whereas the officiall £iCRL syntax only allows strings of letters from the Latin alphabet as names forr such functions and prescribes that they be written prefix. Also, we write ^ c- c -insteadd of sum(c : C, _) and _ <\ _ > _ instead of __.

Ourr specification in Table 1.1 is, of course, a rather simplistic example, and that itt describes what we intended to describe is a fact that hardly needs additional justification.. But for larger and more complex specifications, it is vital to have computerr support, e.g., to simulate specifications and to verify that they have certainn properties. For /.tCRL, such computer support is available (see Blom et al. (2001),, or consult http:/ /www.cwi.nl/~mcrl).

Secondly,, //CRL has additional mechanisms to facilitate the specification of pro-cesses;; e.g., it includes mechanisms to specify that a process consists of several componentss running in parallel, to specify that certain parallel components must

http://www.cwi.nl/~mcrl

1.22 Process theory 7 7

synchronise,, and to specify that certain events should be considered unobservable. Inn this thesis these mechanisms wil l not play a role. Interestingly, one of the computerisedd tools for //CRL, the so-called lineariser (see Groote et a/., 2001), is ablee to translate many / CRL specifications to //CRL specifications without these additionall mechanisms. The other tools operate on the output of this lineariser.

1.22 Process theory

Wee have introduced a collection of formal symbols to write down fiCRL specifica-tions.. Our explanations of the meanings of these symbols are still informal, saying somethingg to the effect that "+" indicates a choice between alternatives, that " indicatess that events occur consecutively, that "<] _ >" indicates a choice that de-pendss on a condition, and that " ^ " indicates a choice that depends on input. Soo far, we got away with such informalities, because we have been specifying a tickett dispenser and most people already have a pretty good idea of how such slot machiness tend to behave. But it is, of course, an undesirable situation that the behaviourr of the ticket dispenser explains the meaning of its /;,CRL specification. Itt should be the other way around: our /J.CRL specifications should explain the behaviourss of the systems they are meant to describe.

Inn other words, we want to give /iCRL specifications a meaning that is indepen-dentt of the systems that they intend to describe, preferably as a mathematical abstractionn of the concept of a process. By interpreting /xCRL specifications as mathematicall objects, fiCRL becomes a mathematical language. A distinct ad-vantagee of this is that we can then prove by mathematical means that a system behavess (or does not behave) the way it should. Before explaining the approach takenn in this thesis to turn fiCRL into a mathematical language, we first discuss onee of our methodological considerations in a more general context.

1.2.11 Process calculi

AA mathematical theory about objects that are thought of as mathematical abstrac-tionss of processes, is frequently called a model of concurrency, since, intuitively, aa process consists of a number of activities running in parallel. Such a model of concurrencyy together with a formal language to reason about its elements, is what wee call a process calculus. The pioneers of the design of process calculi are Hoare (1985)) and Milner (1980).

Hoaree introduced CSP (Communicating Sequential Processes) to reason about a mathematicall model in which a process is viewed as a set of failures. A failure con-sistss of a sequence of events in which the process may engage, together with a set off events that it subsequently refuses to engage in. Typically, the formal symbols off CSP are interpreted as operations on the failures model. These operations are shownn to satisfy a set of basic mathematical laws in the form of equations, which supportt the mathematical reasoning about them (see Brookes et al. (1984)).

Milnerr introduced CCS (Calculus of Communicating Systems; see also Milner (1989,, 1999)) to reason about a mathematical model in which a process is viewed as aa labeled transition system modulo observation equivalence. A labeled transition


systemm consists of states, and transitions between states labeled with names of events;; a transit ion marks the occurrence of the associated event. Wi th each such labeledd transit ion system one can. intuitively, associate a notion of observable behaviour.. To consider a labeled transition system modulo observation equivalence meanss to consider a set consisting of all labeled transit ion systems that represent thee same observable behaviour.

Again,, the formal symbols of CCS are interpreted as operations on the math-ematicall model for which CCS was introduced, i.e., on sets of labeled transit ion systemss modulo observation equivalence. And again, to support the mathematical reasoning,, these operations are shown to satisfy a set of basic mathematical laws inn the form of equations. We quote Milner (1983):

"Thesee four operators [of CCS] obey (as we show) several algebraic identities.. It is not too much to hope that a class of these identities mayy be isolated as axioms of an algebraic 'concurrency' theory, anal-ogouss (say) to rings or vector spaces. For the present, however, we concentratee on an interpretation of the calculus derived from an op-erationall or dynamic understanding of each operator, whereupon the algebraicc identities arise as theorems."

Byy using the terms "rings' and "vector spaces', Milner makes a connection with ann established area of mathematics, t hat of abstract algebra (see, e.g., Hungerford, 1974).. It comprehends the study of algebras, structures that consist of a set (universe)verse) with a sequence of operations defined on it . The desideratum is to abstract fromm the nature of the elements of the universe, and to study the fundamental propert iess of the operations, conventionally expressed in the form of equations. Typically,, one studies all algebras that satisfy a part icular collection of equational axioms. .

1.2.22 P r o c e ss a lgebra

I nn the l i terature, there is not (yet) an established consensus about what is the ap-propr iatee mathemat ical abstraction of the notion of process, judging by the many differentt models of concurrency that are currently in use. However, the languages associatedd with these models (if any) often include mechanisms to express

1.. that a process consists of a choice between a number of alternative behaviours (alternative(alternative composition);

2.. that a process consists of a number of behaviours that are performed con-secutivelyy (sequential composition)] and

3.. that a process consists of a number of behaviours that are executed in parallel (parallel(parallel composition).

Bergstraa and Klop (1984) propose to study these and other process theoretic mech-anismss through the axiomatic method, instead of via a presupposed model of con-currency.. They coined the term process algebra for their approach.


Whollyy in the style of the contemporary textbooks on abstract algebra, Bergstra andd Klop present their algebraic theory of processes in a modularised fashion. Theyy begin with formulating the algebraic theory BPA (Basic Process Algebra) off alternative and sequential composition, both represented as binary operations. Then,, they consider the algebras that satisfy the axioms of BPA and in which theree is a neutral element for alternative composition that acts as a left zero forr sequential composition. That element stands for deadlock, the process with-outt any behaviour. The algebraic theory of alternative composition, sequential compositionn and deadlock is called BPAj (Basic Process Algebra with deadlock). Subsequently,, they discuss extensions of the theories BPA and BPA with a bi-naryy operation for parallel composition. First, they consider parallel composition withoutt communication, obtaining the theories PA (Process Algebra) and PA (Processs Algebra with deadlock). Thereafter, they also consider a form of parallel compositionn in combination with mechanisms to express and to require synchro-nisationn between parallel components; the resulting theory is called ACP (Algebra off Communicating Processes).

Whatt makes the process theories of Bergstra and Klop truly algebraic is that theyy are axiomatic, and, moreover, not prescriptive with respect to the objects thatt are taken to represent processes (in the same way as group theory does not prescribee what the elements of a group should be). This has a didactical advantage; forr instance, to understand what alternative composition is, one does not need to firstt digest, e.g., the mathematically quite involved definition of labeled transition systemm modulo observation equivalence. Furthermore, placing process theoretic mechanismss in a general algebraic context has the methodological advantage that theyy easily make contact with mechanisms studied elsewhere. For instance, it is att once clear that an algebra satisfying the axioms of BPA is a semilattice with respectt to alternative composition, and that it therefore has a natural partial order associatedd with it, defined in terms of alternative composition. This partial order turnss out to be a convenient tool in process algebra.

Thee algebraic theory BPA of alternative and sequential composition may be used too give a precise mathematical interpretation of our first formal specification of thee ticket dispenser (the one with implicit data). The most important stipulation iss that the symbols "-I-" and " denote the binary operations of alternative and sequentiall composition from the theory BPA. To assign a mathematical object to ourr specification, we need to select

1.. a particular algebra, say P, that satisfies the axioms of BPA, and

2.. interpretations of the symbols listed in (1.1) on p. 2 as elements of P.

Henceforthh we shall refer to the combination of 1 and 2 as a model of BPA with actions.actions. Then, a solution of our specification in P is an assignment of elements of PP to the symbols listed in (1.2) such that all the defining equations are true in P.

Too proceed a littl e more generally we define grammatical categories of

processprocess expressions: (i) each of the symbols in the lists (1.1) and (1.2) arc process expressions;; (ii) if p and q are both process expressions, then so are p + q


andd p • q\ and (iii ) every process expression can be obtained by finitely many applicationss of (i) and (ii) ;

processprocess equations: if P is a symbol from the list (1.2), and p is a process expression, thenn P — p is a process equation that defines P: and

processprocess specifications: a set of process equations such that each symbol from the listt (1.2) is defined exactly once.

Wee see that the symbols in the list (1.1) and those in the list (1.2) have different grammaticall functions in a process specification. To distinguish them, we agree too call the symbols in the first list action symbols, and those in the second list processprocess variables.

Wee can now speak of the solution of an arbitrary process specification in a model PP of BPA with actions. The point of the algebraic approach, however, is that we doo not need to commit ourselves to a particular model of BPA with actions, before wee can start doing calculations. For instance, we can already prove the equivalence off process specifications by applying the axioms of BPA (the first five axioms in Tablee 2.1 on p. 17 below) to the right-hand sides of their process equations, or by applyingg other rules that preserve the solutions of recursive specifications in any modell of BPA with actions (see, e.g., Ponse and Usenko, 2001).

Now,, let us consider our //CRL specification of the ticket dispenser to see whether itt can also be given a precise mathematical interpretation by means of the theory BPA.. At first sight, it does not fit our definition of a process specification, because off the occurrences of the symbols "^_" and "<1 _ E>". However, recall that our initiall motivation for introducing these extra symbols was to be able say things moree succinctly, and not to be able to say new things. Our /JCRL specification of thee ticket dispenser was intended to specify in a better way what had already been specifiedd by our first specification. The latter is, according to our definition above, aa genuine process specification. We could perhaps give a mathematical interpre-tationn to //CRL specifications by first translating them to process specifications.

Inn our example, the translation may be carried out in three straightforward steps: :

1.. Replace the expression ^ c in(c) P(n 4- T(c)) by the sum of all the instances off the expression in(c) P(n + T(c)) with a coin for the variable c.

2.. Collect in a set all the instantiations of the equation defining P(m : M) with aa natural number of the form 3n for the variable m.

3.. Eliminate all occurrences of "< _ >" from the equations in the set obtained in thee second step. This can be done by replacing the occurrences of expressions 'button-print-P(0)<]] 3n > 2 x T(k) >button-P(3n)' by ' button-print-P(0)' if 3nn > 2 x T(k) evaluates to true and by 'button-P(3n)' if it evaluates to false, andd by treating the occurrences of 'knob return P(0) < 3n > 0 t> knob P(0)' inn a similar fashion.

Notee that the first two steps of the translation eliminate all occurrences of vari-ables,, and that this guarantees that the evaluation of the middle component of an


occurrencee of "<3 _ t>" in the third step can always be done. Further note that the sett of equations generated in the second step is infinite; but this is not a problem sincee process specifications consisting of an infinite set of process equations are allowedd according to our definition.

Nevertheless,, the recipe does not work in general, and the culprit is in the firstt step. The variable associated with an occurrence of the symbol "£]_" may rangee over any of the specified data sorts, and consequently it may range over ann infinite set (e.g., it could range over the sort M in our example specification). Soo the syntactic sum that should be associated with a /iCRL expression starting withh an occurrence of the symbol "Yl " maYi m general, consist of infinitely many components.. However, such an infinite sum is not a process expression according too our inductive definition. And with reason: the intended infinite alternative compositionn may fail to exist for some models of BPA with actions. That is, whetherr a model of BPA with actions is suitable for the interpretation of a certain /iCRLL specification, depends on whether it has the right sums.

1.2.33 Infinit e sums

Lett P be an algebra that satisfies the axioms of BPA,s (in what follows it wil l be convenientt to assume the presence of the neutral element 5 for alternative com-position).. We have already indicated that P, being a semilattice with respect too alternative composition, has a natural partial order associated with it. Con-versely,, the alternative composition of two elements of P may be defined as their leastt upper bound with respect to that partial order. Generalising this definition, thee alternative composition of the empty set is the minimal element Ó, and the alternativee composition of a nonempty finite subset P' of the universe of P is its leastt upper bound, say ^ P'. If P' is an infinite set, then it may not have a least upperr bound ^ P' in the universe of P.

Inn Chapter 2 of this thesis we shall develop a general theory about infinite sums inn algebras that satisfy the axioms of BPAj. If P is the universe of such an algebra, thenn we define on it an operation

££ : V - P, with V C {P' | P' C p} .

Inn the terminology of Rasiowa and Sikorski (1963), the operation ^ is a "gener-alisedd operation". Assigning an element of P to some (but generally not to all) subsetss of the universe P, it may be thought of as a partial operation with variable (andd possibly infinite) arity. The element Yl P' assigned to a subset P' of P must satisfyy a few requirements. To tie in with process algebraic traditions, we shall definee those requirements by means of axioms in the form of equations. The the-oryy that is obtained by adding these axioms to the axioms of BPAj we shall refer too as GBPA<5 (Generalised Basic Process Algebra with deadlock); the mechanism embodiedd by ^ we call generalised summation.

Too substantiate our definitions, we shall study certain natural extensions with infinitee sums of the algebra of finitely branching transition trees of finite depth (forr which the axioms of BPA are known to be sound and complete). In the case off transition trees, the sum ^ T of a set T of transition trees is the transition tree


thatt we get by identifying the roots of the trees in T. Clearly, ^ T is a countably branchingg tree provided that the set T is countable and its elements are countably branchingg trees. Therefore, on the algebra of countably branching transition trees thee operation Y2 assigns a sum to every countable set of transition trees. In the samee way we can define for every infinite cardinal K an algebra of transition trees withh branching degree < K that is closed under sums of cardinality < K. We shall provee that the axioms of GBPAj are sound and complete for each of these algebras (seee Theorem 2.11).

1.33 Choice quantification

Thee symbol " ^ " of / CRL refers to a rather special kind of generalised summation. Lett x be a variable that ranges over an arbitrary set D of data values (e.g., asso-ciatedd with a sort in the data part of a iCRL specification). If p is an expression thatt denotes a process after instantiating its data variables, then

£* PP = E{p[*:=d]|deD} .

Inn words, ^ x p is the generalised sum of all the instantiations of p with an element off D for the variable x. Thus, ^2X refers to taking the generalised sum of a set that iss obtained by quantification over D; henceforth, we speak of choice quantification, andd call ^2X a choice quantifier.

Fromm Chapter 3 onwards, we shall study choice quantification in the context off pCRL (pico Common Representation Language), which is /iCRL without paral-lelism.. With respect to its common definition, we shall make two further simplifi-cations: :

1.. We restrict our attention to processes that are specified from an alphabet off actions parametrised with data by means of alternative and sequential composition,, conditional composition and choice quantification; in particu-lar,, we do not consider recursion. Thus, we only consider processes whose behaviourr is finite with respect to the number of actions that they can per-formm consecutively. This is certainly not a minor restriction. Clearly, tCRL withoutt recursion would not have many applications as a process specifi-cationn language. For all that, we do believe that it is sensible to try and understandd the case without recursion first, since it usually greatly helps the understandingg of the case with recursion as well.

2.. We shall only consider choice quantification over a single data domain, which mayy be fitted with functions and relations. This is for the sake of clarity of presentationn only; all of our results generalise in the obvious way to choice quantificationn over multiple domains and thus fit in with /iCRL.

Inn Chapter 3 we give a semantics to the language pCRL by explaining how itss expressions denote elements of suitable models of GBPA^, where suitability dependss on the availability of generalised sums. For every particular choice of aa data domain D and an alphabet of parametrised actions A we shall define a suitablee algebra of transition trees that is initial in the class of all suitable models

1.33 Choice quantification 13 3

off GBPA (Theorem 3.15). If the cardinality of D is infinite, then there exist pCRL expressionss whose interpretation in this initial algebra is an infinitely branching transitionn tree.

Forr use in later chapters, we shall establish in Chapter 3 two results regarding particularr syntactic forms of pCRL expressions. The first result states that ev-eryy pCRL expression is semantically equivalent to a tree form, a pCRL expression whosee syntactic structure, intuitively, reflects the structure of the transition tree thatt it denotes (Lemma 3.22). The second result makes use of a straightforward translationn of the finite, sequential fragment of value-passing CCS (as discussed, e.g.,, by Hennessy and Lin (1996)) into pCRL expressions. Our interest is in the inputinput prefix mechanism, the translation of which involves choice quantification: if thee translation assigns the pCRL expression p' to an expression p of value-passing CCSS (let us concisely denote this by p i— p'), then

tfx.ptfx.p i—> Ylx c(x) ' P'-

Notee that the variable x of the choice quantifier Ylx o c c u rs as a parameter of

thee action c that immediately follows it. If all choice quantifiers in an expression havee this property, then we shall say that the expression has explicit instantiation. I tt turns out that the tree forms associated with (translations of) expressions of value-passingg CCS have explicit instantiation (Lemma 3.26).

1.3.11 Expressiveness

Inn Chapter 4 we shall investigate the expressiveness of the mechanisms of pCRL by consideringg the complexity of pCRL equations. Not surprisingly, the complexity of aa pCRL equation depends on the data that occur in it. The results that we shall obtainn are therefore relative to the complexity of the incorporated data. Precisely, wee prove that any pCRL equation can be effectively transformed into an equivalent first-orderr assertion about the data (Theorem 4.10), and that, conversely, any first-orderr assertion about the data gives rise to an equivalent pCRL equation (Theoremm 4.17). Hence, pCRL is as expressive as first-order logic, with respect to thee incorporated data.

Inn particular, we shall see that pCRL owes to a large extent its expressiveness too choice quantification. It accounts for the simulation of the universal as well ass the existential quantifiers of first-order logic. It turns out that an equation of pCRLL expressions with explicit instantiation has the content of a universal first-orderr assertion about the data that occurs in it (Corollary 4.23). Hence, the finite, sequentiall fragment of value-passing CCS is as expressive as the universal fragment off first-order logic, with respect to the incorporated data.

1.3.22 Deduct ive system

Inn Chapter 5 we shall present a deductive system for pCRL equations, so that when doingg calculations with pCRL expressions we may proceed entirely syntactically. Thee desiderata for the design of our deductive system are


1.. to separate reasoning about the data inside pCRL expressions from reasoning aboutt behavioural aspects: and

2.. to fit in as much as possible with standard equational reasoning.

AA natural question to ask about a deductive system is whether it is complete, i.e... whether it allows a deduction for every pCRL equation that holds in every suitablee model of GBPA5. The expressiveness results of Chapter 4 indicate that suchh a completeness result cannot be obtained, unless drastic restrictions on the incorporatedd data are imposed. We prove that our deductive system is complete providedd that it may ask an oracle to provide deductions of valid first-order asser-tionss about the incorporated data (Theorem 5.20).

1.3.33 Algebraic semantics

Thee framework developed in Chapters 2, 3 and 5 has a syntactical side and a semanticalsemantical side (see Figure 1.1). On the syntactical side we find the formal system pCRL;; it extends the formal system associated with BPA with choice quantifiers andd conditionals. On the semantical side we find the algebraic theory GBPA#; itt extends the algebraic theory BPA<j with generalised summation. The reason forr extending BPA differently on both sides is as follows. On the one hand, generalisedd summation is an infinitary operation, i.e.. it may take infinitely many arguments.. Since is a desirable property of a formal system that its expressions aree finite, an infinitary operation is not a convenient construction to have in such aa system. On the other hand, the choice quantifiers of pCRL are binders, relying onn the syntactic nature of their arguments, while the desideratum of an algebraic theoryy is to abstract from the nature of the objects under consideration.

AA pCRL expression p together with a valuation that assigns data values to data variabless describes a process, an element of a generalised basic process algebra with deadlock.. The pCRL expression p itself may thus be thought of as the description of functionn from the set data values into a universe of processes, i.e. as the description off a parametrised process. In Chapter 6 we shall propose an algebraic theory of parametrisedd processes. It unites the syntactical and the semantical sides of pCRL inn a single purely algebraic theory of basic process modules (BPM). It is obtained fromm pCRL by abstracting from the syntactic aspects of choice quantification, and itt is obtained from GBPAd- by adding a notion of dimension. We shall prove that thee (ground) equational theory of basic process modules is equivalent to that of pCRLL (Theorem 6.37).

1.33 Choice quantification 15 5

SYNTACTICALL SIDE

choicee quantificatjo: conditional ^

abstraction n fromm syntax

PARAMETRISEDD \ PROCESSES ^

Figuree 1.1: The process theories in this thesis.

2 2

Processs algebras with infinite sums

AA basic process algebra with deadlock is an algebra1 P = (P,+, -,<5) that satisfies forr all p, q, r € P the equalities in Table 2.1. The class of all basic process algebras withh deadlock is denoted by BPAj. The elements of a basic process algebra with deadlockk we shall call processes. Intuitively, a process p G P is a collection of behaviourss that we shall refer to as the alternatives in p.

(Al) ) (A2) ) (A3) ) (A4) ) (A5) ) (A6) ) (A7) )

pp + q = q + P p+ (qq + r) = (p + q) + r PP + P = P (pp + q) -r = p-r + q-r (p-q)-rr = p . ( q - r ) pp + 5 = p SpSp =S

Tablee 2.1: The axioms of basic process algebras with deadlock.

Thee operation + stands for alternative composition (or: choice); if p and q are processes,, then p + q is the process that executes either an alternative in p or an alternativee in q. According to (A1)-(A3), the structure (P,+) is a semilattice. Accordingg to (A6), this semilattice has a neutral element 6 that we call deadlock] itt is the process with no alternatives.

Thee operation - stands for sequential composition. If p and q are processes, thenn p q is the process that starts with executing an alternative in p, and if thiss execution terminates, then it proceeds with executing an alternative in q. Sequentiall composition is associative by (A5), and it distributes from the right overr alternative composition by (A4). The process S is a left zero for sequential compositionn by (A7). Note that we do not require that sequential composition distributess from the left over alternative composition. The underlying idea is that thee choices in a process are not resolved beforehand, but in the course of execution. Wee shall illustrate this by means of an example.

1Wee shall assume that the reader is familiar with the basic definitions of set theory {see, e.g., Halmos,, 1974) and universal algebra (see, e.g., Burris and Sankappanavar, 1981; McKenzie et al., 1987). .

17 7

188 Chapter 2 Process algebras with infinit e sums

Examplee 2.1 Let us consider a simple protocol for the acknowledged transmis-sionn of a message from a sender S to a receiver R through an unreliable medium M (seee Figure 2.1). The sender has a connection to the medium that we call Ci and

Figuree 2.1: A simple protocol for the acknowledged transmission of messages.

thee receiver has a connection to the medium that we call c2. The sender sends a messagee m into the medium along ci. In the medium the contents of m may get corrupted;; we assume that the receiving party has the means to verify the validity off a message. After the receiver has received m or a corrupted version, it responds byy sending an acknowledgment to the sender through the medium (to keep the examplee simple we assume that the medium does not corrupt acknowledgments): itt sends a positive acknowledgment (1) to the sender if it has received a valid mes-sage;; otherwise it sends a negative acknowledgment (0). The sending party may bee modeled as the following process:

SS = s1(m) - ( r1(0 )+r1( l ) ) ,

wheree Si(m) denotes the action of sending m along ci, rj(0) denotes the action off receiving 0 along ci and r i( l ) denotes the action of receiving 1 along ci. It iss understood here that an action r1(a) (a e {0,1} ) synchronises with an action si(a)) from the medium. Thus, the choice between ri(0) or rx( l ) is not made by the sender.. It is determined by the medium, and it is not made before the action Si(m) hass occurred. So, we want that si(m) (r i(0)+ r : ( l ) ) ^ si(m) -n(0) +si(m) -r i ( l ) .

2.11 Generalised basic process algebras with deadlock

Sincee (P, +) is a semilattice, we may associate with every basic process algebra withh deadlock a partial order < defined for p, q e P by

pp < q if, and only if, q = q + p.

Deadlockk is the least element with respect to this partial order and any two pro-cessess p and q have a least upper bound p + q. Thus, in a basic process algebra withh deadlock any finite set {pi,. . . ,p„} of processes has a least upper bound Pii + hPn-

Inn Example 2.1 we have modeled the action of receiving an acknowledgment as thee alternative composition of the actions of receiving a negative acknowledgment andd receiving a positive acknowledgment. Similarly, if D = {d i , . . . ,d „ } is any arbitraryy finite data domain, then we may model thee receipt of an arbitrary element off D as the process r(di) + + r (dn) , i.e., as the least upper bound of the set off actions that stand for the receipt of a particular element of D. Taking this a

2.11 Generalised basic process algebras with deadlock 19 9

( G A I )) p < E p ' . forallpeP'; (GA2)) if p < q for all p <E P', then ^ P ' < q; and ( G A 3)) E P ' -q = E { p - q | p e P ' }.

Tablee 2.2: The axioms for generalised summation.

littl ee further, if D happens to be an infinite set, then the process that models the receiptt of an arbitrary element from D would be the least upper bound of the set of processess that represent the receipt of any particular element of D. Thus, in order too be able to model the receipt of an arbitrary element from an infinite domain, wee need to generalise the operation for alternative composition.

Rasiowaa and Sikorski (1963) give a treatment of first-order logic from the point off view of the theory of abstract algebras. To deal with existential and univer-sall quantifications, which coincide with certain infinite joins and meets in the Booleann algebra, of first-order formulas, they propose to generalise the notion of operationss in an algebra. Let A be a set; a generalised operation O on A is a partiall mapping from the subsets of A to A. That is, O : V —> A, where V is a sett of subsets of A. The class T> is called the domain of the generalised operation OO and the sets in V are called the admissible sets of the operation O. Then Ra-siowaa and Sikorski proceed to define a generalised (abstract) algebra as a structure {A ,, O i , . . ., om, O i , . . ., On) , where A is a set, o i , . . ., om is a sequence of finitary operationss on A and O i , . . ., On is a sequence of generalised operations on A. We shalll adapt their definitions to our setting.

Wee shall be interested in process algebras in which certain infinite sets of pro-cessess have a least upper bound. Therefore, we equip our BPA with a generalised operation n

£ : P - > P, ,

wheree V C {P' | P' C P} is a set of (finite or infinite) subsets of P. Supposee that P' is admissible for E- K E satisfies ( G A I ) of Table 2.2, then

EE P' is an upper bound of P' with respect to <. If E a^so satisfies ( G A 2) of Tablee 2.2, then E P' *s the l e a st upper bound of P' with respect to <. If ( G A I ) andd ( G A 2) hold for all admissible P', then we say that E generalises +. We have thee following lemma.

Lemmaa 2.2 If E generalises +, then E l Pi' > P«} = Pi H h pn for all finite setss {p i , . . . , pn} that are admissible for E-

Wee see that there is only one way to define E o n a n n i t e s et of processes in such aa way that it generalises +. This property extends to infinite sets, so, in general, iff E generalises + in a basic process algebra with deadlock, then it is uniquely determinedd by its domain V.

Notee that if P' = {p i , . . . , pn} and {p q | p G P'} are both admissible for E;

20 0 Chapterr 2 Process algebras with infinit e sums

thenn by (A4) and Lemma 2.2

££ P' q = (Pi + ' + Pn) q = Pi q + + Pn q = £ { p q | p e P'}.

Wee want this equation to hold for infinite sums too, but this is not automatic.

Examplee 2.3 Let Q be the first uncountable ordinal; then (f2,U, x,0) is a basic processs algebra with deadlock. Indeed, set-theoretic union is commutative, as-sociativee and idempotent, and the binary operation x (ordinal multiplication) is associativee and distributes from the right over U. Furthermore, the ordinal 0 is a neutrall element for U and a left zero for x.

Thee set Q is closed under countable unions (see, e.g., Halmos, 1974), so that we mayy define a generalised operation

U:: {r c n | |r| < K0} -^ a

Clearly,, (J generalises U, but x does not distribute from the right over U; e.g.,

\Ju\Ju x 2 = w x 2 ^ w = |J{n x 2 | n G w }.

Wee shall consider extensions of basic process algebras with deadlock with an operationn £ that generalises + in such a way that distributes from the right overr £ . Distributivity from the right of over £ is formulated as ( G A 3) in Tablee 2.2, which is to be interpreted in the sense that if one side of the equality is defined,, then so is the other.

Definitio nn 2.4 A generalised basic process algebra with deadlock is a generalised algebraa P = (P, +, , <5, £ ) such that

(i)) (P, +, -, 6) is a basic process algebra with deadlock;

(ii )) P' C P is admissible if, and only if, {p q | p e P'} is admissible for all q 6 P;

(iii )) ( G A 1 ) - ( G A 3) of Table 2.2 hold for all admissible P ' CP and for all q e P.

Wee denote by GBPA the class of generalised basic process algebras with deadlock.

Supposee that P = (P, +, , S) is an arbitrary basic process algebra with deadlock. Iff we want to extend it with a generalised operation £ that satisfies the axioms inn Table 2.2, then we have some freedom with respect to the specification of the admissiblee sets of T> (in fact, as we have seen above, this is the only freedom we have).. For instance, we may define £ as having no admissible sets at all (the trivialtrivial generalisation of P), or as having as admissible sets precisely the finite subsetss of P (the finitary generalisation of P). But mostly, we shall be interested inn the maximal generalisation of P in which the domain of £ is the largest set off subsets of P such that (P, +, •,51 £ ) is a generalised basic process algebra with deadlock. .

2.22 Transition trees 21 1

Examplee 2.5 Suppose that the messages of Example 2.1 are drawn from a (pos-siblyy infinite) set M, and that the receiving party can determine whether received messagess are valid. Then, the receiving party may be modeled as the following process: :

RR = £({ r 2(m) s2(l ) | m e M & m is validju

{r2(m)) - s2(0) | m £ M & m is not valid}).

Wee have specified processes by explaining how they are obtained from certain simplerr processes —we have called them actions— through applications of the fundamentall operations of generalised basic process algebras with deadlock. In Examplee 2.1 we have specified the process S by explaining how it is obtained fromm the actions si(m), ri(0) and r i ( l ) by means of the operations for sequential andd alternative composition. In Example 2.5 we have specified the process R by explainingg how it is obtained from the actions r2(m), S2(0) and S2(l) by means off the operations of sequential composition and generalised choice. Let us now generalisee a few more standard definitions from abstract algebra.

AA subset Q C P is closed under the generalised operation ^ if ^ P' t Q for everyy P ' CQ that is admissible for ^ in P. A generalised basic process algebra withh deadlock Q = (Q, +, , S, £]) is a subalgebra of P if:

(i)) (Q,+,-,<5) is a subalgebra of (P, +,-,S);

(ii )) Q is closed under ^ ; and

(iii )) ^ in Q is the restriction to Q of ^ m P-

AA set P0 C P is a set of generators for P if the least subalgebra of P that contains P00 is P itself. Let P = (P, +, -, <S, Yl) ê a generalised basic process algebra with deadlock,, and let us fix a set A C P of actions. The least subalgebra that contains AA contains precisely those elements of P that can be obtained from the actions inn A by means of applications of the fundamental operations of generalised basic processs algebras with deadlock. Hence, if A is a set of generators for P, then every processs can be obtained from actions by means of applications of the fundamental operationss of generalised basic process algebras with deadlock.

2.22 Transition trees

Wee shall now construct a collection of generalised basic process algebras with deadlockk in which certain infinite alternative compositions exist. We start from ann infinite cardinal K and a non-void set C of urelements2 that we shall call labels andd we define the set TK(£) of transition trees with branching degree < K as the leastt set such that

(i)) {£} E JK(C) for all £ € C; 2Urelementss (see, e.g., Shoenfield, 1967) are elements that are not sets themselves and do not

involvee sets in their construction; we work with a set theory based on urelements to rule out confusionn between labels and trees.

22 2 Chapterr 2 Process algebras with infinit e sums

(ii )) if £ 6 £ and t e TK (£), then {(£,t)} G TK (£); and

(iii )) if T' C TK (£) and |T'| < «, then \JV € TK (£).

Thee elements of a tree we shall call branches. Clearly, if b is a branch, then either bb G £ or there exists a label ^ and a tree t such that b = (£,t). If t e TK (£), then tt has less than K branches. The elements of T N 0 ( £) we shall call finitely branching (Koo denotes the cardinality of w); they may be pictured as in Figure 2.2.

** *

(i)) (ii) (iii)

Figuree 2.2: The finitely branching transition trees as constructed in (i)-(iii) .

Henceforthh we shall denote the empty transition tree 0 with the symbol 6; if t andd u are transition trees, then t + u is their union; and we define t u by:

t - uu = U b 6 t ( b © u ) '

wheree (£, t') 0 u = {£, t' u) and £ 0 u = (£, u) {£ e £, t' e TK(£)).

Lett us denote by T>K the subsets of TK (£) with cardinality < K, i.e., let

VVKK = {V C TK (£) | | T ' | < / t };

wee define on TK (£) a generalised operation

££ : VK -* TK (£) such that T' ^ |JT' .

Proposit ionn 2.6 The algebra TK (£) = (TK (£), +, -,ö, ]T ) is a generalised basic processs algebra with deadlock, for every infinite cardinal n.

Proof.. It is immediate that (TK(£),-f) is a semilattice. The partial order associatedd with it is set inclusion, and clearly, with respect to set inclusion, 0 = 5 iss the least element in TK (£) and (J T' = J^T' is the least upper bound of any admissiblee T' C TK (£). Hence (Al)-(A3) , (A6), ( G A I ) and ( G A 2) hold in TK (£). I tt is immediate from the definitions that ( G A 3) holds. Since ^ 0 = 0 = 5, (A7) is aa special case of ( G A 3 ). Since ^ generalises + and every two-element set of trees iss admissible for J , it follows from Lemma 2.2 that (A4) is also a special case of

2.22 Transition trees 23 3

( G A 3 ).. SO, it remains to show that (A5) holds, i.e., that (t u) v = t (u v) for alll t, u and v; we proceed by induction on the rank of t:

(tt u) v = ({{£, t ' u) | (£, t ') e t } U {(£, u) \e 6 t } ) v

== {(£,(t' • u) -v) \ (l,t') et}u {(l,u -v) \ t et}

== { ( l , t ' . ( u . v ) ) | ( f , t ' ) e t } u { ( f , u - v ) | ! e t } == ({(£,t')\(£,t')et}u{e\£et})-(u-y)

== t - ( u - v ) .

byy (IH)

D D

Iff £ G C, then we shall call the singleton {£} a tree action. Clearly, there is a one-to-onee correspondence between the actions and the labels, and between the sequentiall compositions of the form a t, where a is an action, and the branches off the form (£, t). Hence, when we picture trees, it will not give rise to confusion iff we label the edges with actions instead of with the corresponding labels. See Figuree 2.3 for an example that proves that in TK(£) sequential composition does nott distribute from the left over alternative composition, provided that there are att least two distinct actions (it is required that b and c are distinct).

Ï Ï

a- (b b aa b + a c

Figuree 2.3: In TK (£), sequential composition does not distribute from the left over alternativee composition.

Inn the following lemma we list a few elementary properties of tree actions.

Lemmaa 2.7 If a and b are tree actions, then

(i)) a j£ 5, and a t ^ 5 for all trees t;

(ii )) for all trees t, u and v:

(a)) a < t -f u if, and only if, a < t or a < u, and

(b)) a t < u + v if, and only if, a t < u or a t < v;

(iii )) for all admissible T' C TK (£):

(a)) a < J^T' if, and only if, there exists t' 6 T' such that a < t', and

244 Chapter 2 Process algebras with infinit e sums

(b)) a t < 53 T' if, and only if, there exists t' € T' such that a t < t';

(iv)) a ^ b t and a t ^ b, for all trees t:

(v)) a < b if, and only if, a = b; and

(vi)) a t < b u if, and only if, a = b and t = u, for all trees t and u.

2.33 Free GBPA^'s

Lett P = (P, +, , 5, 53) be a generalised basic process algebra with deadlock. Some-times,, we want to use the processes of P to specify processes of another generalised basicc process algebra with deadlock, say Q = (Q, + , -,5, 53)- Then, we define

hh : P — Q

andd we require that it preserves the fundamental operations of generalised basic processs algebras with deadlock. Let h(P') = {h(p) | p 6 P'}; if for all P' C P admissiblee for 53 m P

(i)) h(P') is admissible for 53 in Q and

(ii )) M £ P ' ) = 2 > ( P ' ),

thenn we say that h preserves 53- ^ homomorphism of generalised basic process algebrass with deadlock is a homomorphism of basic process algebras with deadlock thatt preserves 53 i if /i is a homomorphism from P into Q, then we shall write hh : P —> Q. Suppose that we start from a designated set A C P of actions and a mapping g

ƒƒ : A - Q.

Iff A is a set of generators for P and ƒ extends to a homomorphism, then this extensionn is unique. However, ƒ does not necessarily extend to a homomorphism fromm P to Q.

Examplee 2.8 Suppose that £ is a set of labels; we denote by C* the set of finite sequencess of elements of C. A language over C is any subset of £*; let L be thee set of all languages over C. We denote the empty language by 5; we define XX + Y = X U Y and X • Y = {xy \ x E X and y G Y} for all X, Y 6 L; and we definee 53 L' = (J L' for all L' C L. The generalised algebra L = (L,+,-,5, £ ) is aa generalised basic process algebra with deadlock and it is generated by the set L00 = {{£ } | £ € £}. Moreover, in L sequential composition is left-distributive over alternativee composition, so, in particular,

{M-({ MM + {M ) = {M-{ M + {M-{M -

Consequently,, if Q = (Q,+,-,<5, £]) is a generalised basic process algebra with deadlockk and every mapping ƒ : LQ — Q extends to a homomorphism h : L —> Q,

2.33 Free GBPA 's 25 5

then n

/({M)-(/({M )) + /({* 3}) ) = Wi } - ( {4 } + {4»)

whichh allows us to conclude that sequential composition distributes from the left overr alternative composition in Q. But then, since this is not so in TK (£) (see Figuree 2.3), it follows that not every mapping ƒ : L0 —> TK(£) extends to a homomorphismm h : L — TK(£).

Supposee that /C is any subclass of GBPA5 and let Po be a set of generators for P;; then P is free for K, over P0 if every mapping ƒ : P0 — Q from P0 into the universee Q of an element Q of K can be extended to a homomorphism h : P —> Q. Wee say that P is free in K, over Po if P G fC and P is free for K over Po- If P is freee in K over P0, then P0 is called a free generating set for P, and P is said to be freelyfreely generated by PQ.

Inn abstract algebra, the elements of the free generating set for a free algebra inn a particular class K, of algebras of the same type satisfy, intuitively, no other conditionss than the identities that hold for every element in every other algebra inn K (e.g., Example 2.8 shows that the algebra L is not free in any class that also containss the algebra TK (£)). For generalised algebras we get an extra require-ment:: every admissible set of the free generalised algebra must correspond to an admissiblee set of any other generalised algebra in the class.

Examplee 2.9 Let a be an action of TN l (£) (Ni denotes the cardinality of Q, thee smallest uncountable ordinal number). We define an (n > 1) inductively as follows:: a1 = a and an +1 = a an. Clearly, the set

VV = {an\n> 1}

iss admissible for J2 hi TN l (£ ). With Lemma 2.7 and induction on m and n it iss easily verified that am = an implies m = n, so |T'j = N0. Consequently, T' is nott admissible for ^ in T K 0 ( £ ) , so if ƒ is the identity mapping on the actions of TK^JC),, ƒ does not extend to a homomorphism from T ^ J C) to T N 0 ( £ ) . Hence, thee algebra T#1(C) is not free in any class of algebras that also contains T^0(£).

Inn abstract algebra, the most interesting classes of algebras are the varieties, the classess that consist precisely of all algebras that satisfy a particular set of identi-ties.. We see from Example 2.9 that a free algebra in the class of all generalised basicc process algebras with deadlock should not have too many admissible sets: inn fact, one can show that it has no admissible sets at all. Our interest is in the operationn £], but in a free generalised basic process algebra with deadlock it is not denned.. Hence, we shall mostly be interested in particular classes of generalised basicc process algebras with deadlock that satisfy an extra requirement with respect too the admissible sets. For instance, the domain of the generalised operation J2 OI" TTKK(£)(£) consists precisely of the subsets of TK(C) that have cardinality less than K.

26 6 Chapterr 2 Process algebras with infinite sums

Definitio nn 2.10 A generalised basic process algebra with deadlock with universe PP is K-complete if every P ' CP such that |P'| < n is admissible for £ \

Wee shall now prove that TK(£) is a free «-complete generalised basic process algebraa with deadlock, freely generated by its actions.

Theoremm 2.11 For every infinite cardinal «, TK(£) is free in the class of K-completee generalised basic process algebras with deadlock, with free generating sett T0 = {{£} \£eC}.

Proof.. Clearly, TK(£) is «-complete, and it is generated by T0. Let P be any «-completee generalised basic process algebra, and suppose ƒ : To —> P. We define aa mapping h : TK(£) — P by induction on the rank of transition trees:

Mt)) = E M b ) | b € t} , where g((£,t')) = f({£}) h(t') and g{£) = ƒ({£} ) .

Sincee t has less than K branches, the set {g{b) | b £ t} is admissible for ^ in P. Notee that h(S) = ^ 0 = 5. It is clear that h preserves ^ , whence, by Lemma 2.2,

hh also preserves +. To prove that h(t • u) = h(t) - h(u) we do induction on the rank oft: :

h(th(t • u)

== h({(£,t'-u) | {£,t') Gt}U{(f,u ) K e t } )

== E({ / (m) Ht' u) | (i,t') e t }u {ƒ({*} ) h(u) Ket} ) == E({/(W) " Mt') h(u) | <*,t') e t} u {/({£}) • h(u) \£et}) by (IH) == E ( { / ( W ) Mt') I <^,t') € t} U {/({£}) | € G t} ) /i(u)

== h{t) • h{u).

Hence,, h is the (unique) homomorphism that extends ƒ. Ü

Bibliographicc notes

Milnerr (1983) explains how his value-passing CCS (see Section 3.6), with input as a primitivee construct, can be reduced to pure CCS, without the input construct, but withh summations of the form Yliel P*' w n e re 11S a possibly infinite set. The input mechanismm of Milner's value-passing CCS is a variable binding construct; his pure CCS,, on the other hand, has no binders, and therefore it is more suitable for an algebraicc treatment. It inspired Bergstra and Klop (1984) when they introduced theirr algebras of processes. They replaced Milner's infmitary operation Yl w-ith aa binary operation +, noting that the "algebraic specification [of infinite sums] iss much less obvious than that of finite sums". The definition of basic process algebrass with deadlock, which we havee extended with an infmitary operation ^ , iss due to Bergstra and Klop (1984).

Baetenn and Weijland (1990) provide an introduction to process algebra with an emphasiss on the axiomatic approach. They present the axiom systems of Bergstra andd Klop, and discuss for each of these axiom systems several models, i.e., con-cretee process algebras that satisfy the axioms. A nowadays standard technique

2.33 Free GBPA^'s 27 7

too obtain concrete process algebras is to associate a transit ion relation with a set off process terms by assigning a structural operational semantics (see Aceto et ai, 2001)) to the operations, and to subsequently divide out a behavioural equivalence. Fokkinkk (2000), in his introduction to process algebra, puts more emphasis on thatt part icular construction, using bisimulation as behavioural equivalence. He considerss the axiom systems as tools to reason about concrete process algebras, ratherr than as the definition of a class of process algebras.

Incidentally,, that labeled trees give rise to concrete process algebras is well-knownn (see, e.g., Milner, 1980; Baeten and Weijland, 1990). The part icular defini-t ionn of the algebras TK(£) and the proof that they are free «-complete generalised basicc process algebras with deadlock (Theorem 2.11) generalise a definition and a prooff of Rodenburg (2000). (Rodenburg defines an algebra of finitely branching transit ionn trees and proves that it is a free (basic) process algebra.) Note that Theoremm 2.11 also generalises the completeness theorem for BPAj (see Baeten and Weijlandd (1990)). Namely, it is not hard to see that T ^ 0 ( £) is isomorphic to the algebraa of finite acyclic process graphs modulo bisimulation. Since, by Lemma 2.2, thee operation ^ is a defined operator in T N 0 ( J C ), it must also be a free algebra inn BPA<5. Hence, it is isomorphic to the initial algebra of BPA^-terms with actions fromm TQ.

3 3

Thee syntax and semantics of pCRL

Inn the previous chapter we have acknowledged the fact that in some process al-gebrass certain infinite sums exist, and that they play a role when we want to modell input over some infinite domain. We have proposed generalised basic pro-cesss algebras with deadlock to allow an explicit treatment of infinite sums. In thiss chapter, we put forward a formal framework to describe elements of gener-alisedd basic process algebras with deadlock. Our framework is called pCRL (pico Commonn Representation Language) as it consists of the core of the specification formalismm /iCRL We defer the technicalities of pCRL to Section 3.2 and first give ann informal introduction.

Lett P = {P, +, , 5, ^2) be a generalised basic process algebra with deadlock. The developmentt of our formal framework begins with the hypothesis that associated withh P is a set A of action symbols (e.g., si(m), ri(0)) and a mapping

actt : A -> P

thatt interprets these action symbols as elements of P. To describe other elements of PP we may use the fundamental operations of basic process algebras with deadlock. Forr instance, given an interpretation of si(m), ri(0) and r i ( l ) as actions of P, we mayy describe another element of P with the expression si(m) (ri(0) 4- r i( l ) ) (see Examplee 2.1). Similarly, if we already have an expression for each element of P ' CPP and P' is a finite set, then we could describe the least upper bound of the elementss in P' writing the symbol ^ and listing the expressions for the elements off P' between brackets. For instance, we could describe the least upper bound of thee set consisting of three actions denoted by r(rni), r(m2) and r(m3) with the expressionn ^{r(m 1) , r (m2) , r {m 3) } .

Whenn P' is an infinite set, listing the expressions for the elements of P' is not an option.. We need a method to denote the least upper bound of an infinite set P' withh a finite expression. Recall our motivation for treating infinite sums as first-classs citizens of our process algebras: the process that inputs an arbitrary element fromm a set D can be modeled as the least upper bound of the set of actions that modell the receipt of a particular element of D, i.e., as the process XX 1"^) I d e D} . Notee how we make use of the intuitive structure of the expression r(d) to explain whichh process we mean. The key step towards pCRL is to make this structure explicit:: we presuppose a nonempty set A of parametrised action symbols with fixedd arities, and we assume that the set of action symbols is of the form

AA = {a(di , . .. ,dn) | a e A of arity n and d i , . .. ,dn € D} . (3.1)

29 9

300 Chapter 3 The syntax and semantics of pCRL

Then,, certain infinite sums are expressible using quantification over D. Let x be aa variable that ranges over D; we denote the process £{ r (d ) M 6 D} with the expressionn ^T,x r(x).

Wee further enhance the expressiveness of our language by allowing that D too hass some structure. To describe processes that perform calculations on a received value,, we equip D with operations that represent these calculations.

Examplee 3.1 Let N be the set of natural numbers and suppose that we want to describee the process that inputs a natural number and subsequently outputs its square.. If sqr : N — N is such that n ^ n2 , then

J2J2XX in(x) out (sqr (a;)) = £{in(n) ' out(n2) n € N} .

Too describe processes in which choices depend on a received value, we include a conditionall in our language and we equip D with relations.

Examplee 3.2 Consider the receiving party R of the protocol described in the previouss chapter (see Example 2.5): which acknowledgment is to be sent, depends onn the contents of the received message. Let V be a unary relation on the set off messages M such that V(m) holds if, and only if, m is valid. Writing r2(x)s2( l )) < V(x) > r2(x) s2(0) for the set

{r 2(m)) s2(l ) | m e M & V(m)} U {r 2(m) s2(0) j m G M & not V(m)} ,

wee may denote the receiving party R with the expression

£ ^ 2 ( 2 :)) . S2( i ) < v(x) > r2(a;) 82(0)).

conditionals s parametrisedd actions

choicee quantifiers

Figuree 3.1: Introducing a formal framework to describe elements of generalised basicc process algebras with deadlock.

Wee shall model relations as functions from D into a two-element set B = {T , _L} off Booleans. A domain together with functions and relations we shall refer to as data.data. Figure 3.1 outlines the framework that was informally introduced above. Wee now turn to the technicalities.

3.11 Data 31 1

3.11 Data

Wee assume that data are given as a two-sorted algebra.

Definitio nn 3.3 A data algebra D is a two-sorted algebra that consists of

(i)) an algebra (D, F)\ D is a set and T is a set of operations on D, i.e., each FF E T is a mapping

FF : Dn —> D for some n e u;

(ii )) the two-element Boolean algebra (B, V, A, , T, _L>, i.e., B = , T} (J_ ^ T), -ii is a unary operation on B defined by -> = T and -< T = J_, and A and V aree binary operations on B defined by the following tables:

V V

T T

_L L _L L T T

T T T T T T

A A _L L T T

_L L _L L

T T _L L T T

(iii )) a set 71 of operations from D to B, i.e., each R e 71 is a mapping

RR : Dn —> B for some n e u>.

Thee set D we call the domain of D; the elements of T we call functions and the elementss of 71 we call relations.

Remarkk 3.4 Note that, by definition, a data algebra does not have operations fromm B to D. So it may be thought of as a model in the sense of first-order model theoryy (see, e.g., Chang and Keisler, 1990).

Examplee 3.5 The set R of real numbers gives rise to a data algebra

R == <R, + , - , -, 0,1, <}

withh domain R, real addition (+) and real multiplication ) as binary functions, thee real numbers 0 and 1 as nullary functions, and a binary relation < defined by

(rii < r2) = T if, and only if, ri is at most r2.

Notee that in the above example we have implicitly introduced a symbolism. Forr instance, we wrote the symbol "+" to denote a certain binary function on thee real numbers (instead of writing the intended set of ordered triples), and we wrotee the symbol "0" for a certain real number (instead of, e.g., the left side of aa Dedekind cut with the rational number 0 as least upper bound). Henceforth, wee shall assume that every data algebra D comes with a fixed set of symbols thatt denote the functions and relations of D, one for every function and one for everyy relation of D. A symbol that corresponds to an n-ary function of D, i.e.. ann operation from Dn into D, we shall call a function symbol of arity n. A symbol

32 2 Chapterr 3 The syntax and semantics of pCRL

thatt corresponds to an n-ary relation of D, i.e., an operation from Dn into B, we shalll call a relation symbol of arity n. The collection of all function symbols and relationn symbols, together with their arities, we call the language of D. For the restt of this thesis we assume that the language associated with D is countable.

Lett us fix for the remainder of this thesis a countably infinite set X of (data) variables.variables. With respect to the language of a data algebra D, we now define two setss of expressions. The set V of data expressions associated with D consists of alll terms built from the variables in X and the function symbols in the language off D; i.e., T> is generated by

dd ::= x | f (d , . . . , d ), (3.2)

wheree x is a variable, f is a function symbol of arity n and d,..., d is a sequence off length n. The set B of Boolean expressions associated with D is generated by

b::=b::= r ^ ! , . . . , ^ ) | ~T | J_ | —»6| 6 v 6 | 6 A 6 , (3.3)

wheree r is a relation symbol of arity n and d\,..., dn are data expressions. (On thee very few occasions that we actually write data expressions —this will mainly bee in examples— we adopt the standard notational conventions; e.g., whenever appropriatee we use infix notation for binary function symbols or binary relation symbolss and we leave out parentheses if this does not lead to confusion.)

AA valuation is a mapping from the set of variables X into the domain D of a dataa algebra D. Let us fix a valuation v : X —> D; we denote by v its unique extensionn to a homomorphism from the two-sorted algebra of data and Boolean expressionss into D. That is, v associates with every data expression an element off D such that

v(x)v(x) = u{x) and

P(f(d i , . . . ,dn) )) = F(i?(di),..., i /(dn)),

wheree F is the n-ary function of D denoted by the function symbol f. Furthermore, vv associates with every Boolean expression an element of B such that

* ( T )) = T ,

*(-L)) = -L,

i / ( -6 )) = - P ( 6 ) ,

v{bv{b A c) = v{b) A p(c),

&{b&{b V c) = 9{b) V v{c) and

i / ( r(d1, . . . ,dn))) = i2(i/(d1),...,P(dn)),

wheree R is the n-ary relation of D denoted by the relation symbol r.

Remarkk 3.6 Note that we are using " 1 " , "T" , " - " , "A" and "V" both to refer to semanticc objects (viz., to elements and operations of the Boolean algebra that is containedd in a data algebra) and to syntactic objects (viz., to symbols that occur inn Boolean expressions).

3.22 The language pCRL 33 3

AA data equation is a formula of the form d ~ e, where d and e are data ex-pressions;; if v(d) — ^(e), then we say that u satisfies d ~ e in D (notation: D,, ^ (= GJ « e); and if every valuation satisfies d ~ e, then we say that d sa e is ua^rff in D (notation: D \= p & q). Likewise, a Boolean equation is a formula of thee form b « c, where 6 and c are Boolean expressions; if v{b) = v(c), then we sayy that v satisfies b « c in D (notation: D ,f |= b « c); and if every valuation satisfiess 6 w c, then we say that b ~ c is mZzd in D (notation: D |= & « c).

3.22 Th e language pCRL

Now,, suppose that A is a nonempty countable set of parametrised action symbols withh fixed arities. The set V of pCRL expressions is generated by the following grammar: :

p::=p::= &(d1,...,dn) \ 5 \ p + p | p-p \ pp j J2XP (3-4)

wheree a is a parametrised action symbol of arity n, d\,..., dn are data expressions, ££ is a variable and b is a Boolean expression.

Mostt of the time we shall write pq instead of p • q. We assign syntactic precedence too the constructs according to the following order:

++ < Zx < < *> > < >

i.e.,, -I- binds weakest and binds strongest. The construct is called a conditional,ditional, and the Boolean expression b is sometimes called its condition. The constructt Y^x

w e s n aH call a choice quantifier; it binds the variable x in its argu-ment.. An occurrence of a variable x is free in a pCRL expression if it is not in the scopee of a ^2X', otherwise it is bound. The set of variables with a free occurrence inn p we denote by FV(p). A pCRL expression without free variables is closed.

Wee need to exercise some prudence when applying substitutions to pCRL ex-pressions.. Suppose that d is substituted for x in p\ then only the free occurrences off x should be replaced by d, and an occurrence of a variable y in d should not becomee bound by this replacement. A substitution a : X —> T> is correct for p if, forr all x e FV(p), no free occurrence of a variable y in a(x) is in the scope of a ^ whenn x is replaced by a{x) in p. A substitution a is extended to a partial mapping aa from expressions to expressions: a is denned only for expressions for which a is correct,, and it distributes over all the constructs of the language, except that

* E ,, V) = E , fir), where ) = { » f e ) ^ j ™ ^

Lett x — Xi,..., xn be a sequence of variables, and let d = di,..., dn be a sequence off data expressions. If er is a correct substitution for p that is the identity on all variables,, except that a(xl) — di for all i = l , . . . , n, then, we shall frequently writee p[x := d] to designate cr(p). Moreover, if p designates a pCRL expression, thenn by writing p[x :— d] we shall always mean the pCRL expression obtained fromm p in the manner just described; in particular, it wil l be tacitly assumed that thee involved substitution is correct.


Supposee that p is a pCRL expression with a subexpression of the form J^x v'\ thenn we may replace this subexpression by ^2vp'[x :— y], where y £ FV(p'); p andd q are a-congruent if q can be obtained from p by a series of replacements of thiss kind. Although a substitution a may not be correct for p, there is always an elementt in [p]a = {q \ q is a-congruent with p} for which a is correct. Moreover, if aa is correct for both p and q and [p]a = [q]a, then also [<r(p)]a = [a(q)]a. Hence, theree exists a unique total mapping on a-congruence classes such that [p]a >—[^(p)]aii let us denote it by a/a. In general, a partial mapping ƒ on expressions inducess a unique total mapping ƒ /a on a-congruence classes of expressions such thatt [p]a i— [/(p)]Q, provided that

1.. for every p there exists an a-congruent q for which ƒ is defined; and

2.. if ƒ is defined for a-congruent p and g, then f(p) = ƒ(<?)

Inn the remainder, we shall leave the proof that there exists a unique mapping ƒ /a too the reader, and we shall adopt the following convention (similar to the 'variable convention'' of the A-calculus (Barendregt, 1984)).

Conventionn 3.7 We identify expressions and their respective congruence classes; i.e.,, we use p also to denote the set [p]a. Whenever we define a partial mapping ƒƒ on expressions that gives rise to a unique total mapping ƒ /a on a-congruence classess of expressions, we identify ƒ and f/a: i.e., we use ƒ also to denote ƒ /a.

Thee syntax of pCRL suggests a correspondence with the operations of generalised basicc process algebras with deadlock. When we use pCRL expressions to denote elementss of a generalised basic process algebra with deadlock, then we want that pp + q denotes the alternative composition of the elements denoted by p and </, thatt p • q denotes their sequential composition, and that the pCRL expression 6 referss to deadlock. If we want to make a similar remark about the correspondence betweenn choice quantification and generalised summation, then we need to fix a domainn of values for the variables.

Examplee 3.8 Suppose that variables range over the set R of real numbers. Ac-cordingg to our remarks at the beginning of this chapter, with the expression ^2^2xxin(x)in(x) we mean the process that inputs an arbitrary real number. This is thee infinite sum

£{m( r )) | r 6 R}

inn a generalised basic process algebra with deadlock with for every real number r aa process that is denoted with the action name in(r) and that models the action of inputtingg r. There may not be a pCRL expression to denote the process in(r); e.g., withh respect to the language of R in Example 3.5, \/2 is not a data expression, and hencee in(v2) is not a pCRL expression. Also note that the set of pCRL expressions associatedd with R is countable, while the pCRL expression ^ in (a:) refers to the leastt upper bound of a continuum of alternatives (there is an action in(r) for every reall number r € R).

3.22 The language pCRL 35

Lett us now fix a data algebra D, and let us assume that variables range over thee domain D of D. The above example illustrates that, in general, the expression J2J2 p does not refer to a generalised sum of pCRL expressions. Intuitively, it referss to ^ { p ^ := d] | d G D} , where p[x := d] is obtained by replacing the free occurrencess of x in p by the element d € D. To get a formalisation that reflects our intuition,, we introduce expressions of the form p[x := d] as an auxiliary notion.

Thee set PO!D(D) of data polynomials is generated by

dpoldpol ::= x | d | {(dpol,..., dpol),

wheree x is a variable, d is an element of D, f is a function symbol of arity n and dpol,dpol,...,..., dpol is a sequence of length n (cf. (3.2)).

Examplee 3.9 With respect to the data algebra R of Example 3.5, a data ex-pressionn d(xi,... ,xn) is a polynomial in n indeterminates over R with natural coefficients,, while a data polynomial dpol(xi,... ,xn) is a polynomial in n inde-terminatess over R with real coefficients. Note that the set of data expressions associatedd with R is countable, whereas the set of data polynomials associated withh R is uncountable.

Thee set POIB(D) of Boolean polynomials is generated by the grammar in (3.3) by lettingg di,. ..,dn range over data polynomials instead of over data expressions. Thee set Pol^(D) of pCRL polynomials is generated by the grammar in (3.4) by lettingg di,.. > ,dn range over data polynomials and b over Boolean polynomials. Thee set Pol-p(D) is the universe of a generalised algebra similar to generalised basic processs algebras with deadlock:

Pol(( A D) = <P<MD),+,-,*,£>;

aa set P C Pol-p(D) is admissible for J2 in Pol(.4,D) if there exists a pCRL poly-nomiall p and a free variable x such that

PP = {p[x:=d] | d€ D} , (3.5)

andd we define

Remarkk 3.10 Examples 3.8 and 3.9 illustrate why we have taken pCRL expression ass the fundamental notion in our language and treat polynomial as auxiliary: we wishh to reason about the least upper bound of a continuum of alternatives (e.g., thee pCRL expression J2x^

n(x) refers to the êast uPPer bound of a continuum off pCRL polynomials) without reverting to an uncountable language. In this way, thee integration operation of real time process algebra (Baeten and Bergstra, 1991), whichh is used to specify that an action occurs somewhere within a time interval, iss a special form of choice quantification.

Grootee and Ponse (1995) require in their original definition of / CRL that data algebrass are minimal (i.e., every element is denoted by a data expression), and


theyy let variables range over data expressions. Thus, they escape the introduc-tionn of polynomials, but at the same time exclude uncountable domains as data. Consequently,, the integration operation is not a special instance of their choice quantifier.. In the timed version of fiCRl of Groote et al. (2000) it is no longer requiredd that the data algebra is minimal.

Remarkk 3.11 In /^CRL, data is defined with a many-sorted algebraic specifica-tion,, which must at least include the specification of a sort Bool (a Boolean alge-bra).. Furthermore, /xCRL has choice quantification over every sort (including the sortt Bool). In this thesis, we shall only consider two-sorted data algebras and we assumee that choice quantification is not over the Booleans. This restriction is only too simplify notation; it is not essential for our results.

3.33 The semantics of pCRL

Wee are now going to establish an interpretation of pCRL expressions as elements off a generalised basic process algebra with deadlock P. A closed pCRL expression shouldd denote a unique element of P. In general, a pCRL expression may contain freee variables, and then it should denote a unique element of P for every assign-mentt of values to its free variables. We shall define the interpretation i of pCRL expressionss as elements of P as a family

LL = {iu J v a valuation}

off mappings that interpret each pCRL expression p as an element iu{p) of P. Clearly,, the interpretation t should reflect the relation that we have established betweenn the syntax of pCRL and the operations of generalised basic process alge-brass with deadlock, so we require that each

iivv : Fol{A, D) -> P

iss a homomorphism from the algebra of pCRL polynomials Pol(.A, D) into P; we calll it the interpretation homomorphism generated by v.

Wee began with the hypothesis that associated with every generalised basic pro-cesss algebra with deadlock P is a set of action names A and a mapping act : A — P thatt interprets action names as elements of P. The action names in A, we have argued,, should be thought of as having a particular structure (see (3.1)). We have,, as we may now observe, assumed that A consists of a special kind of pCRL polynomial.. The elements of A are of the form a(d i , . .. ,dn) , with a e A and d i , . . .,, dn € D. Henceforth, we call such polynomials pCRL actions. The mapping

actt : A -> P

thatt interprets pCRL actions as elements of P we call the A-interpretation asso-ciatedd with P. We require that each interpretation homomorphism iv of pCRL polynomialss into P extends the A-interpretation associated with P.

Inn accordance with McKenzie et al (1987), we denote by Sg(A) the subuniverse off Pol(*4, D) generated by A (i.e., Sg(A) is the least set that contains A and is

3.33 The semantics of pCRL 37 7

closedd under the operations of generalised basic process algebras with deadlock); wee define

Act(.A,D)) = <Sg(A),+,-,<*,£>

Thee A-interpretation associated with P does not necessarily extend to a homomor-phismm from A c t ( A D ) to P, since the image of a set of pCRL actions admissible inn Act(.A,D) may not be admissible in P. Let act : Sg(A) ^ P be the maximal extensionn of act to a partial mapping from Sg(A) to P that respects the operations off generalised basic process algebras with deadlock. Since A generates Sg(A), act iss unique.

Definit ionn 3.12 Let P be a generalised basic process algebra with deadlock with ann associated A-interpretation act. We say that P is pCRL-complete with respect too act if the following closure condition holds for all pCRL polynomials p(x) in one variable: :

iff ict(p(d)) is defined for all d e D, then the set {ict(p(d)) | d € D} is admissiblee in P.

Examplee 3.13 The algebra TK(C) of transition trees with branching degree < K iss pCRL-complete under any interpretation of the pCRL actions, provided that the domainn of D has cardinality < K. For example, if D has a finite domain, then T N 0 ( £ )) is pCRL-complete; if D has a countably infinite domain, then T^1(£) is pCRL-complete,, but T N 0 ( £ ) is not.

Clearly,, our requirement that iv must be a homomorphism that extends act, can onlyy be satisfied if P is pCRL-complete. On the other hand, if P is pCRL-complete, thenn act uniquely extends to a homomorphism

actt : Act ( A D ) - P.

Now,, to complete the definition of iv, it suffices to explain how, given a valuation v,v, arbitrary pCRL polynomials should be interpreted as elements of Act(-4, D). Too this end, we associate with every valuation v a particular homomorphism

I_L:Pol(AD)Âct(AD) . .

Henceforth,, let v denote the extension of v to a homomorphism from the two-sortedd algebra of data and Boolean polynomials into D (this is an extension of our earlierr definition of v, given on p. 32); we define [_]„ as follows:

l&idpol^..l&idpol^...,., dpoln)lu = aWdpoli),..., v{dpoln))\

¥h¥h = *;

\p<bpol>q]\p<bpol>q]vv = [ j - if -\hpol) = . and

IE^LL = E{bk^=d]!JdeD}.

388 Chapter 3 The syntax and semantics of pCRL

Thee homomorphic image of Po\(A, D) under [_]„ is the subalgebra of Pol(„4, D) generatedd by A. We define the interpretation homomorphism t„ generated by the valuationn v as the composition of act and [_] :

Pol(AD) )

I-LL \ ^ = i c t o [ _ ]„

A c t ( . 4 , D ) = — P. .

AA pCRL equation is a formula of the form p ~ q, where p and q are pCRL expressions.. If t„(p) = tv{q), then we say that v satisfies p « q in P (notation: P,uP,u \= p (a q). If every valuation satisfies p sa g in P, then we say that p « g iss wa/zrf in P, and we write P f= p « g. A pCRL summand inclusion is a formal expressionn of the form p ^ q, where p and g are pCRL expressions. If i„(p ) < iu{q), thenn we say that v satisfies p =<; g in P (notation: P, Ï/ |= p = g). If every valuation satisfiess p =$ g in P, then we say that p ^ g is rafod in P, and we write P j= p =$ g. Notee that it follows from the definition of < on p. 18 that

P,, v \= p =4 q if, and only if, P, v f= g sa g + p.

3.44 pCRL trees

Considerr the algebra TK(£) with an injective A-interpretation

actt : A - T0 = {{£} \ £ e C)

thatt associates with every pCRL action a unique tree action, and suppose that the domainn of D has cardinality < K. The homomorphism

act:: Act ( A D ) -> TK (£)

inducedd by this A-interpretation allows us to picture certain closed pCRL polyno-mialss as transition trees with actions as labels.

Examp lee 3.14 If we take as data the additive group of integers ordered by <, thenn the pCRL expression

J2J2XX T(X)S(X) <] 0 < x > r(x)s(-x),

mayy be pictured as the tree in Figure 3.2.

Theirr interpretation as transition trees induces an equivalence on the pCRL polynomials.. We apply a standard technique in universal algebra to construct from Actt (A, D) a generalised basic process algebra with deadlock, with as universe the sett of pCRL polynomials modulo this equivalence. First, we need to generalise thee notion of congruence. Suppose that ^ is a congruence of an algebra (P,+,-,S) similarr to basic process algebras with deadlock. As usual, with p/# we shall denote

3.44 pCRL t rees 39 9

Figuree 3.2: The transition tree associated with the expression of Example 3.14.

thee congruence class with respect to # that contains p, i.e., p/i? = {q | (q, p) e •&}, andd if P' C P, then

P'/êP'/ê = {p/ê j p e P'}.

Thee relation ê is a congruence of the algebra P = (P, +, , 6, E) similar to gener-alisedd basic process algebras with deadlock if it is a congruence of (P,+, -,S) and itt satisfies the following substitution property with respect to J2:

iff P', P" C P are admissible for ]T and P'/d = P"/ê, then { £ P', ]T p"> e 0.

Iff •& is a congruence of P, then we may define on P/i9 the operations +, , and 5 ass usual, and we may also define a generalised operation J2 by

J2J2 (P'/tf) = ( E P 'V (P'/<? is admissible if P' is admissible for £ in P);

wee get a generalised quotient algebra P/i? = (P/i9, + , , <5, ^ ) . Now,, consider the homomorphism act : Act(A,D) — Tre(£), induced by the

bijectionn act. The kernel of this homomorphism is the relation

00 = {(P, 9) C Sg(A) x Sg(A) | ir t(p) = Ict(g)} ;

itt is a congruence on Act (.4., D).1 We denote the generalised quotient algebra by TTDD(A),(A), i.e.,

TTDD(A)(A) = A c t (A D) /0 = (Sg(A)/0, + , -, (5, £ ) .

Clearly,, TD(-4.) is a generalised basic process algebra with deadlock, and we asso-ciatee with it an A-interpretation defined by

a(di , . . . ,dn)) >-» a(di,...,d„)/??.

Withh respect to this A-interpretation T D ( ^ 4) is pCRL-complete. An element of T D ( - 4)) we call a pCRL tree.

1Wee use a generalised version of the Homomorphism Theorem (see (McKenzie et al., 1987, p.28)) or (Burris and Sankappanavar, 1981, p.46)); the generalisation is straightforward.


Recalll that our definition of the interpretation homomorphisms iv hinges on a presupposedd interpretation act of pCRL actions as elements of P. Moreover, P shouldd be pCRL-complete with respect to act. The set of pCRL actions and the associatedd definition of pCRL-completeness are relative to a particular choice of AA and D. Henceforth, we shall denote by GBPAj(^4, D) the class of all suitable combinationss of a generalised basic process algebra with deadlock P and an inter-pretationn of the pCRL actions, given the specific instance of pCRL with A and D. Formally,, GBPA<s(*4, D) consists of all pairs (P, act) of a generalised basic process algebraa with deadlock P and an interpretation act of pCRL actions as elements of PP such that P is pCRL complete. Par abus de language, if (P, act) € GBPA,s(.4., D), thenn we shall often just say that P is in G B P A ^ ^ D ), leaving act implicit.

Lett P and Q be generalised basic process algebras with deadlock, and with A-interpretationss actP and actQ, respectively; a homomorphism h : P — Q is said too preserve A if actQ = Zioactp. A generalised basic process algebra with deadlock PP together with an associated A-interpretation is initial for GBPA^( , D) if for everyy element Q of GBPAs(.A, D) there is a unique A-preserving homomorphism / i : P - » Q. .

Theo remm 3.15 The algebra TD(*4) is initial in GBPAÂD).

Proof.. Consider a generalised basic process algebra with deadlock TK(£) with |D|| < K and a bijective A-interpretation act : A —> TQ. Within TK(£) we find an isomorphicc copy of T D ( - 4 ); it is the subalgebra generated by To of the algebra thatt is obtained by restricting the admissible sets of TK(£) to those denoted by a pCRLL polynomial with one free variable (see (3.5)). So, that T D ( * 4 ) is an element off GBPA<5(„4, D) is immediate. That T D ( ^ 4) is initial for GBPA^ , D) can be seen ass follows.

Theree is a unique ƒ from To into the universe of a generalised basic process algebraa with deadlock P with A-interpretation act' such that act' = ƒ o act. By a straightforwardd adaptation of our proof of Theorem 2.11 we get that ƒ extends to ann A-preserving homomorphism h from the isomorphic copy of T D ( - 4) in TK(£) too P, provided that P is pCRL-complete with respect to act'. Clearly, h is unique. Hencee TD(.4) is initial for GBPA5(.4, D). D

Lett us write GBPA5(.4, D), v (= p « q if P, v \= p « q for all P in GBPA*(.4, D). Then,, Theorem 3.15 has the following corollary.

Corol laryy 3.16 For all pCRL expressions p and q,

GBPAa(.A,D),i// |= p « q if, and only if, TD( .4), v |= p w q.

Proof.. The implication from left to right is immediate; we prove the impli-cationn from right to left. Let P be an arbitrary element of GBPA^(^4, D). By Theoremm 3.15 there exists a unique homomorphism h : T D ( ^ 4) —> P that pre-servess A. So, if we denote by act the A-interpretation associated with Tu(A), thenn actp = h o act is the A-interpretation associated with P. The mapping act extendss uniquely to a homomorphism act : Act (.4, D) — T D ( - 4 ), SO

hh o act : Act(v4, D) -> P

3.55 Tree forms 41 1

iss a homomorphism. Clearly, the mapping Zioact extends /JOact, so actp = /toact. Fromm T D (A), v |= p « q it follows that

i c t F ( b L)) = Mict([p]„) ) = A( i r t (U lJ ) = actF([«L),

andd hence P , j / | = ] ) « } . This concludes the proof of the implication from right too left and of the corollary. D

3.55 Tree forms

Wee shall now associate with every pCRL expression an equivalent pCRL expres-sionn in a certain special form, with a close resemblance to the transition tree it describes. .

Ann action expression is a pCRL expression of the form a(d i , . . ., dn), where a is an n-aryy parametrised action symbol and di,..., dn is a sequence of data expressions. Byy a simple pCRL expression we shall understand an expression of the form

Y,sY,s a S or oï the form Y,£ ap 6, (3.6)

wheree J^s abbreviates the sequence £) ' ' ' Y^Xn ôr a sequence x = X\,..., xn

off variables, a is an action expression, b is a Boolean expression and p is a pCRL expression.. If in (3.6) the sequence x is empty, then the simple pCRL expression hass no leading choice quantifiers. We call p the continuation of the simple pCRL expressionn ^ - ap 6.

Definitionn 3.17 The set T of tree forms is generated by

** ::= s ! Y,xa<b:>0 1 J 2 s a t 0 I t + t' wheree a is an action expression, b is a Boolean expression, and x is a (possibly empty)) sequence of variables.

Examplee 3.18 With the pCRL expression of Example 3.2 we may associate the treee form

Y,Y,xx r2(z)s2(l ) < V(x) > 6 + Zx r2(:r)s2(0) < -, V{x) > S.

Withh the pCRL expression of Example 3.14 we may associate the tree form

5ZXX r(x)s(ar) <3 0 < x ><$ + £ x r(x)s(-x) < ->(0 < x) O S;

thee first simple expression describes the right half of the transition tree in Fig-uree 3.2 and that the second simple expression describes the left half.

Below,, we shall define a function 9 : V —> T that associates with every pCRL expressionn p an equivalent tree form 6{p). First, we give the definitions of three auxiliaryy functions:


Thee function #seq : T x T — T is recursively defined by

#seq(Exx a ö' 0 = Ex G * s ({£} n FV(i) = 0);

êq(Eff a * < ^ >h U) = Ex ö W * > U) < & > $ ({X} fl FV(«) = 0); Qseq(t-\-Qseq(t-\- U,V) = 0 s e q ( M) + 0seq(u, v ) .

Supposee f and u are tree forms; Öseq(i,w) is defined provided that the bound variabless in t are distinct from the free variables in u. The function 0seq induces aa total function on a-congruence classes of tree forms which is by Convention 3.7 alsoo denoted by #seq.

L e m maa 3.19 GBPA5(.A, D) \= 0seq(t, .

Proof.. Without loss of generality, we may assume that the bound variables in t aree distinct from the free variables in u. Our proof is by induction on the structure off t. Let v be an arbitrary valuation, and let iv be interpretation homomorphism generatedd by v from Pol(„4, D) into an arbitrary element of GBPA^Â, D); we showw that t„(0Seq(£) u)) = Lv{t • u). Iff t = 6, then, with an application of (A7), tl / (0seq(i , u)) = S = S • cv{u) — Lu{t- u). Supposee t = Ex a S, with x — Xi,...,xn. By our assumption on the variabless in t and w, {x} fl FV(w) — 0, so u[x := d] = u for all d = d i , . . ., dn e D. Hence,, by ( G A 3)

== E ( ^ ( a « [^ := d]) | d = d i , . . . , dn € D s.t. v(b[x:= d]) = T}

== E ( ^ ( a [ ^ : = d] ) I d = d i , . . ., dn G D s.t. v(b[x := d]) = T} iv(u) == ^ ( i - u).

Supposee t — Ex a • t' <] b > S, with £ = x\,..., xn. By the induction hypothesis wee get that, for all d = d i , . . ., dn e D,

ii/(0seq(*',, «)[# := d]) = ^(Y[ £ := d]) *,„(«[ £ := d])

Hence,, since our assumption on the variables in t and u implies u[x := d] = u,

t«/(0seq(*',, «)[£ := d]) = t„(i'[ x := d]) tv(u).

Wee now obtain by (A5) and (GA3) that

tt/C^Beqq ( * , « ) )

== E K ( a [ £ := d]) tA°seq(t', U)[X := d]) I

dd = d i , . . . , dn e D s.t. p(6[x := d]) = T}

== E K ( a [ ^ = d ] ) - ^ ' [ x : = d ] )|

dd = d i , . . ., dn 6 D s.t. P(6[f := d]) = T} - i„(u)

== bu(t • u).


Iff t = t' + t", then by the induction hypothesis and (A4)

t«/(0seq( ^ « )) = l-AOseqit', « )) + iy(0seq(*", « ))

—— Lv{t' • u) + lv{t" U)

== iv(t' + t") • i„{u)

== ly{t • U).

Thee proof of the lemma is complete.

Thee function 0cnd : T x B — T is recursively defined by

eecndcnd(ó,b)(ó,b) = ö-

OcndiEïOcndiEï a « c ><5, 6) = £ - a <] b A c > J ({£} n FV(& ) = 0);

< W £ xx fl-i<c><J,6) = ^ - o - t < t A c > ( 5 ({£} n FV(&) = 0);

00CCnd(tnd(t + u, &) = 0cnd(£, 6) + öcnd(w, 6).

Supposee t is a tree form and b is a boolean expression; 0cnd(t, b) is defined provided thatt the bound variables in t are distinct from the (free) variables in b. The functionn #cnd induces a total function on a-congruence classes of tree forms which iss by Convention 3.7 also denoted by #cnd-

Lemmaa 3.20 GBPA*(.4,D) (= 0cnd{t, b) ^t6.

Proof.. Without loss of generality we may assume that the bound variables in tt do not occur in b. Our proof is by induction on the structure of t. Let v be ann arbitrary valuation, and let iv be the interpretation homomorphism generated byy v from Pol(.A, D) into an arbitrary element of GBPA<j(»4, D); we show that

t„(0cnd(E,, &)) = i„(« 6). Iff * = <5, then L^(9cnd(t, b)) = 5 = iv(S 5) = i v( i < ft > (5). Supposee that t = ^ x £* < c [> <5, with x = x i , . . .. xn. By our assumption on the variabless in t and 6, {5} O FV(ft) = 0, so P(6[f := d]) = P(&) for all sequences dd = d i , . . ., dn € D; there are two cases:

l.I ff v{b\x := d]) = i/(&) = T, then

t i / ( 0cnd (<,, & ) )

== EWt*^=d])l dd = d i , . . . , d„ s.t. */(&[£ : = d]) AP(c[f :=d]) = T}

-- £ K ( t * [ £ := d]) | d = dT , . . ., dn s.t. P(c[x := d]) = T}

andd iu{t S) = /.„(£)> so ^ { # c n d (^ &)) = ^ U < & t> <5).


2.Iff v(b[x := d]) — u(b) — _L, then, with applications of (A6) and ( G A 2 ),

dd = d i , . . ., dn s.t. v(b[x := d]) A v(c[x := d]) = T}

== E 0 = <5

and.. also ^ ( t <1 b > 5) — 5, so Lu{Bcnd(t, b)) — Lv{t <\b\> 6).

Iff t — t' + t", then by the induction hypothesis

ti/(0cnd(<,, W)) = ti/(^cnd(</, «)) + i„(#cnd(*", «))

== t„(* ' < 6 > <ï) + Lv{t" 6).

So,, if 9{b) = T, then t„(0Cnd(*, «)) = ^ ( ^ + t") = Lv{t <\ b > 6); and if v{b) = JL, then,, with an application of (A3), Lu(Ocn<i(t, u)) — 5 + Ö — 5 — tv{t ö). D

Thee function 0aum : X x T —> T is recursively defined by

0Sum(;c,£)) = <5; 0sum(z,, Ex Ü 5) = Ex,£ O < & > <5;

Ösum(x,, 53- a i < & > <5) = £x ; ; f o t 5; and

#sum( ,, * + «) = #sumOc, t) + 0sxlm(x, u).

Lemmaa 3.21 GBPAd(„4, D) \= 8snm(x, t) « Ex t.

Proof.. Our proof is by induction on the structure of t. Lett v be an arbitrary valuation, and let iv be the interpretation homomorphism generatedd by v from Pol(*4, D) into an arbitrary element of GBPA^(^4, D); we showw that iv(Osum(x, t)) = t „ (Ex t). Iff t — S, then, since S[x := d] = S and by ( G A I ) and (GA2)

tv(ösum(ar,, 0) = LA&) =S = LbM* •= d]) | d € D} = LU(£X 0-

Iff t is a simple expression, then 6sum(x, t) — E x t by definition. Iff t = t' + t" y then by the induction hypothesis

t«/(0SUm(a;,, *)) = ^ ( Ex t') + ^ ( Ex *" ) == E K C t ' b := d]) | d G D} + £ K ( * " [ * := d]) | d e D},

and d

^ ( E xx *) = T,Mt'[x := dj) + *„(*"[ * := d]) | d e D} .

Onn the one hand, we get by ( G A I ) that

iivv{t'[x{t'[x := d]), iu{t"[x := d]) < M E * 0 >


soo by ( G A 2)

hencee t„(0sum(x, t)) < LV(Y,X 0-Onn the other hand, we get by ( G A I ) that

iivv(t'[x(t'[x := d]) < tu(J2x t') sum(x, *)) D

Now,, we define 9 as follows:

9(5)9(5) = S;

9(a)9(a) = o < T > 5;

9(p9(p + q) = 9(p)+9(q);

9(p-q)9(p-q) = 6aeq(9(p),9(q));

9(pq)9(pq) = 9cnd(9(p), b) + 9cnd(9(q), - ft);

0 (£ *P)) = 0Bum(M(p)).

Lemmaa 3.22 (Tree forms) The function 9 \V —>T associates with every pCRL expressionn p a tree form 9(p) such that GBPAs(A. D) j= 9(p) « p.

Proof.. Clearly, 9(p) is a tree form for every pCRL expression p. To prove thatt GBPAj(.4, D) j= p « #(p), we fix an arbitrary valuation u and an inter-pretationn homomorphism iv generated by v from Pol(^4, D) into some element of GBPA,5( 4,, D), and we show that iu(p) = tu(9(p)) by structural induction. Iff p = 5, then tll(9(p)) = tu{p) by definition. Iff p is an action expression, then, since P(T) = T,

iivv(9(p))(9(p)) = iv(p < T ><5) = iu(p).

Iff p — p' + p", then by the induction hypothesis

t„(9{p))t„(9{p)) = L»(9(P!)) + i»(9(p")) = tv(p') + LV{JP") = L„(P).

Iff p = p' • p", then

iu(0(p))iu(0(p)) = ^(0(pr)) ^ W ) ) by Lemma 3.19

== UP ' ) - ^ (P " ) = ^(P ) by( IH )-


Iff p = p' p", then

<<A9{P))<<A9{P)) = LA0(P') ö) + tu{9{p") <\^bt>8) by Lemma 3.20

== L„{p'S) +Lu(p"<^b> S) by (IH).

Wee now distinguish cases: if v(b) = T, then t„(9(p)) — Lv(p') + 6 = iv{p) by (A6); otherwise,, if v(b) = J_, then by (Al ) and (A6) t„(0(p)) = 5 + t [ /(p") = tv(p). Iff P = J2X P'ithen by Lemma 3.21 iv(Q{p)) = tv(Hx 0(p'))< and from the induction hypothesiss we get tt/(6(p')[x := d]) = iv{p'\x := d]) for all d e D; hence,

UHp))UHp)) = EWmp')[x:=d\) | d G D}

== £ M y [ x : = d ] ) | d e D} = t , ( £ ^ ' ) -

Thiss completes the proof of the lemma. D

Forr technical purposes it is convenient to impose some extra restrictions on how aa tree form is written down. Let t be a tree form; t is ordered if

tt = ti + --- + tm + tm+1 + ... + <„, (3.7)

wheree tt is a simple tree form with an ordered continuation for all 1 < i < m and titi is a simple tree form without continuation for all m < i < n. By convention, if mm = 0 then t = tm+i H h tn\ if m = n, then t — t\ H h im; and if m = n = 0, thenn t — 6. We denote the set of ordered tree forms by T0.

Moduloo the commutativity and the associativity of + and using that S is a neutrall element for +, any tree form can be written as an ordered tree form. Hence,, 6 is easily modified so that it yields only ordered tree forms; let 90 be the recursivee function that results from this modification.

Corol laryy 3.23 The recursive function 0o : V — % associates with every pCRL expressionn p an ordered tree form 90(p) such that GBPAÓ(„4, D), v |= p « 90(p).

3.66 Value-passing CCS

Insteadd of introducing choice quantifiers and using them to model input, one may choosee to add the input mechanism directly, as a special kind of action. This latterr approach is taken in, e.g., value-passing CCS (Milner, 1989). To enable a comparisonn of both approaches later on, we now define a simple language, which roughlyy corresponds to the finite, sequential fragment of value-passing CCS. We givee a translation of the expressions of this language to pCRL expressions. And wee show that the tree forms associated with these pCRL expressions have a special form. .

Supposee that a € A is an n-ary parametrised action symbol. An input prefix is ann expression of the form

a?x i , . . .,, xn, where x\,..., xn is a sequence of variables.

Ann output prefix is an expression of the form

a!c?i,...,, dn, where d\,..., dn is a sequence of data expressions.

3.66 Value-passing CCS 47 7

Thee set XÖ of input/output expressions is defined by

ioio ::— nil | a?x\:... ,xn.io | a!c?i,..., dn.io | io + io j b — io,

wheree a is an ro-ary parametrised action symbol, # 1 , . . ., xn is a sequence of vari-ables,, di,..., dn is a sequence of data expressions and b is a Boolean expression. Ass usual we shall abbreviate a?a;i,... , a;n.nil by a?£ i , . . ., xn and a!di , . . ., c^.nil byy a!d i , . . ., d^.

Examplee 3.24 We consider again the simple protocol that we described in Chap-terr 2. The sending party (see Example 2.1) may be denoted by the input/output expression n

SS = Ci!m.Ci?:r.

Thee receiving party (see Examples 2.5 and 3.2, and also Example 3.18) may be denotedd by the input/output expression

RR = c2?:r.(V(m) -> c2! l + - V(m) -+ c2!0).

Too provide them with a semantics, we inductively associate a pCRL expression withh every input/out put expression:

ni ll i—» 5;

iff io i-> p, then a?# i ,. . . ,xn.io i-+ 12Xl,...iXn a(^)P:

iff io I—> p, then a!di , . . ., dn.io i—> a(d i , . . ., dn)p;

iff io\ i—> p\ and io2 > P2, then (zoi + io2) i—> pi + p2; and

iff io i— p, then (ft — io) <—> p < 6 > 5.

Wee shall generally not make the distinction between input/output expressions andd the pCRL expressions associated with them; in particular, we shall often call aa pCRL expression p an input/output expression if there is one associated with it.

Iff p is an input/output expression, then in 0o(p), the ordered tree form associated withh p, the construct J2X

o my occurs in a special way.

Definitio nn 3.25 Let t = t\ + - + tm + Un+i + + tn be an ordered tree form with h

__ ƒ S x, Oiti<bi>S 1 Ö m 0:

OiOi = &i(xi) for some parametrised action symbol a of arity \xi\

(\xi\(\xi\ denotes the length of the sequence xl).


Lemmaa 3.26 If p is an input/output expression, then the ordered tree form 90(p) associatedd with p has explicit instantiation.

Proof.. The proof is by induction on the structure of input/output expressions; wee treat two of the five cases.

1.. Suppose p is associated wi tha?x i , . . ., xn.io, i.e., suppose that p' is the pCRL expressionn associated with to and let

pp = E I l r . . , I na ( ; E i K - M ^ y .

Byy the induction hypothesis, the ordered tree form 0o(p') associated with p' hass explicit instantiation; hence

6o(p)6o(p) = Sr i , . . . ,X n a(:ci, - - , xn)0o(p') < T > S

hass explicit instantiation.

2.. Suppose p is associated with b — io and let p' be the pCRL expression associatedd with io; then

0C(P)0C(P) = 0cnd(0o(p'), b) + Ocnd(eo(S)^ b) = 0cnd(6o(p')} b) + 6.

Fromm the induction hypothesis we get that the tree form 0o(p') has explicit instantiation.. Moreover, it is easily shown by induction on the structure of treee forms that then also 0Cïl^(9o{p'), b) has explicit instantiation. It follows thatt 90(p) has explicit instantiation. D

Thus,, value-passing CCS gives rise to a proper subfragment of pCRL. In the next chapter,, where we study the complexity of choice quantification, we shall see that thiss subfragment is essentially less complex than full pCRL, due to the restricted formm of choice quantification.


Afterr Milner's proposal to provide value-passing CCS with a semantics via a trans-lationn into pure CCS (Milner, 1983), research was focused for a while on the pure variant.. The 1990's showed a renewed interest in the input mechanism with a seriess of papers on value-passing CCS started by Hennessy (1991), and with the introductionn of the 7r-calculus by Milner et al. (1992).

Inn retrospect, the transition from pure CCS to value-passing CCS consists of distinguishingg input and output actions, and giving input actions binding param-eters.. It is essential for this transition that actions are prefixes. In languages with ann associative binary operation for sequential composition a scoping ambiguity has too be solved; e.g., since

QP.XQP.X - (p - q) ~ (a?x p) • q,

&?x&?x cannot bind x in q. Baeten and Bergstra (1994) propose to circumvent the scopingg ambiguity by adding prefixes as primitive constructs to AC P.

3.66 Value-passing CCS 49 9

Inn the process specification languages PSF (Mauw and Veltink, 1990) and /JCRL (Grootee and Ponse, 1995), which are also based on ACP, the scoping ambiguity is solvedd by means of choice quantifiers; e.g., in the expression Yix &(x)p the choice quantifierr establishes a link between the variable x in a(x) and possible occurrences off a: in p. Thus, the binding aspect of the input mechanism is detached from the actionn of receiving input. This accounts for greater expressiveness compared to whenn the input mechanism is included as a prefix. For instance, in //CRL we can specify y

restricted input: if x ranges over natural numbers and the predicate even(x) holdss if, and only if, x is even, then the expression

Y^Y^xx in (a;) p <l even(a;) > 5

specifiess the process that inputs an even natural number n and proceeds as thee process p[x := n]; and

nondeterministic output: if N' C N is a finite subset of the set N of natural numbers,, then the recursion equation

X(N')) = Ex out(z) X ( N ' - M ) < x G N ' > S

specifiess the process that outputs the elements of N' in random order.

Bothh features have proved to be useful for the specification and verification of protocolss (see, e.g., Shankland and Van der Zwaag, 1998), which is the main applicationn area of /iCRL. Note that the displayed occurrences of choice quantifiers aree compatible with the requirement of explicit instantiation (Definition 3.25).

Wee see a similar phenomenon in the fusion calculus of Parrow and Victor (1998), whichh is a generalisation of the 7r-calculus. Also there, input actions have no bind-ingg effect themselves; the binding effect is achieved by means of scope operators. Furthermore,, there is a special kind of actions, called fusion actions, which keep trackk of certain identifications of names. Fusion actions and scope operators to-getherr are used to express the passing of names between components. In addition, delayeddelayed input, which cannot be specified directly in the 7r-calculus, has a straight-forwardd specification in the fusion calculus.

AA correspondence between pCRL andd first-order logic

Thee language pCRL is parametrised with a data algebra D. As explained in Sec-tionn 3.4, its expressions correspond with certain infinitely branching trees. Which treess correspond with pCRL expressions depends in part on D. For instance, for thee infinitely branching tree pictured in Figure 3.2 on p. 39 we need that the do-mainn of D consists of integers, and that D has a relation < or a function |_| that computess the absolute value.

Itt is to be expected that the validity in TD(*4) of pCRL equations also depends inn some way on D. For instance, if d and e are closed data expressions and a is a unaryy parametrised action, then

TD(-4)) \= &{d) « a(e) if, and only if, D |= d « e.

Also,, if & is a closed Boolean expression and p and q are closed pCRL expressions, then n

TT (A\^fP<b:>(l~P if D M ~ T ; and -LDI^ JJ i=y p q ~ q if D f= & as i .

Andd even if the validity of data equations and Boolean equation in D is decidable, thee validity of a pCRL equation in T D ( . 4) may still be undecidable.

Examplee 4.1 Suppose that we take as data the natural numbers with Kleene's T-predicate:: if z is the encoding (i.e., Gödel number) of Turing machine Z, then

T(z,T(z, x,y) = T if, and only if, y encodes a computation1 of Z on x.2

Kleene'ss T-predicate is known to be primitive recursive. Now, consider the pCRL expression n

p(z,x)p(z,x) — ^2 c <l T(z,x,y) > 6, where c is any closed action expression. : AA computation is a sequence of pairs consisting of a state and a string that represents the

contentss of the tape, such that the last state in the sequence is a final state. 2I nn the recursion theory literature (e.g., Davis, 1982; Rogers, Jr., 1992) one finds the predicates

TTnn{z,xi,...{z,xi,... ,xn, y), where Z takes the sequence x i , . . ., xn as input; we shall only use T\ and dropp the subscript.

51 1

522 Chapter 4 A correspondence between pCRL and first-order logic

Iff Z has a successful computation on input x, then To (-4) (= p(z, x) « c: otherwise T D ( * 4 )) (= p(z,x) ~ 5. So p(z,x) ~ c holds in TD( .A ) if, and only if, the first-order formula a

(3y)T(z,x,y) (3y)T(z,x,y)

holdss in D. This formula defines an undecidable relation on the natural numbers --i tt corresponds to the halting problem (Turing, 1936)— so validity in T D ( - 4 ) is undecidable. .

Althoughh existential quantifiers are not part of our definition of Boolean expres-sions,, they pop up when we consider validity in T D ( « 4 ). Example 4.1 shows that thee validity in Tu(A) of a pCRL equation may be undecidable if there exist unde-cidablee first-order assertions about the data. We shall see below that it is necessary andd sufficient for the decidability of validity in Trt(A) that all first-order assertions aboutt the data are decidable.

Thee set <E> of first-order formulas is generated by

cpcp ::= r(di,...,d„.) | -><£ \ fVf \ (Bx)<p,

wheree d\,..., dn are data expressions, r is a relation symbol of arity n, and x is aa variable. The construct (3x) binds the variable x in its argument; we adopt Conventionn 3.7 also for first-order formulas. For a given valuation v : X — D we definee the satisfaction relation D,i/ \= <p inductively as follows:

1.. T),v \= r(r f i , . . ., dn) if, and only if, R(v(di),..., v{dn)) — T, where R is the n-aryy relation of D corresponding to the relation symbol r;

2.. D , v |= -i if if, and only if, D, u \£ <£>',

3.. D, v \= if V tp if, and only if. D, v |= if or D, v \= ip\ and

4.. D, v \= (3x)ip if, and only if. there exists d G D such that D, v[x := d] (= <~p, wheree v\x := d] is the valuation such that

rr n , , f d if y = x: and v\xv\x := d](y) = ^ , . J

[[ is[y) otherwise.

Iff D, v |= f for all valuations ^, then we write D (= <f. The first-order theory of DD is the set of all formulas f such that D |= f.

Wee also define the pCRL theory of D, as the set of all pCRL equations p « q suchh that Trj(w4 ) (= p ~ q. We shall reveal the following intimate relationship betweenn the pCRL theory of D and the first-order theory of D:

Thee pCRL theory of D and the first-order theory of D are recursively isomorphic. .

Thatt is. there exists a recursive bijection between both theories (see Rogers, Jr., 1992).. To prove this, it is by a theorem of Myhil l (1955) enough to show that thee pCRL theory of D and the first-order theory of D have the same degree of unsolvabilityy with respect to one-one reducibility (Rogers, Jr., 1992). That is, it sufficess to define two one-one recursive functions:

4.11 Boolean expressions and open first-order formulas 53 3

1.. a one-one recursive function <f> : V x V —> $ such that for every valuation v

TD( -A) ,, V |= p « g if, and only if, D, i/ |= 0(p, 9); and

2.. a one-one recursive function 77 : $ — P x P such that for every valuation v

Ty,uTy,u \= <p if, and only if, TD(-4), v \= p « g, where 7/(<p) = {p, g).

Thee function 0 wil l be defined in Section 4.2 (see Theorem 4.10). The function r\ wil ll be defined in Section 4.3 (see Theorem 4.17). First, however, it is convenient too devote a preliminary section on discussing the precise connection between the Booleann expressions used as conditions in pCRL expressions, and certain first-order formulas. .

4.11 Boolean expressions and open first-order formulas

Following,, e.g., Shoenfield (1967) and Chang and Keisler (1990), we call a first-orderr formula is open if it contains no quantifiers. Syntactically, every open first-orderr formula is also a Boolean expression, and the following proposition provides thee semantical justification for this ambiguity.

Proposi t ionn 4.2 If p is an open first-order formulas, then

D,, v (= tp if, and only if, D, v \= v H <P ~ T

Iff tp — -1 ip, then, according to the definition of v on p. 32,

ü(p)ü(p) — T if, and only if, v{ip) ^ T;

hence,, with an application of the induction hypothesis,

Iff ip — tp V X) then, according to the definition of ü on p. 32,

v(tp)v(tp) — T if, and only if, D(ip) = T or P(x) = T;

hence,, with an application of the induction hypothesis,

D , y | = ^ o D , i / ^ o r D , i / ( =x x

Thee proof is complete.


Ourr definition of first-order formula deviates slightly from that of Shoenfield (1967);; Shoenfield presupposes a binary relation symbol with a fixed interpretation ass equality. The reason for our deviation is that, for the rest of this chapter, it is convenientt to have that every open first-order formula is automatically a Boolean expression,, whence may be used as a condition in a pCRL expression. If we now add equalityy as a special requirement on data algebras, then, of course, this property iss maintained.

Definitio nn 4.3 We say that a data algebra D has equality if, among the relations off D, there is a binary relation denoted by the relation symbol eq such that for everyy valuation v.

if v{x) ^ v{y).

Notee that, syntactically, Boolean expressions are open first-order formula, unless theyy contain occurrences of the symbols T, _L or A. But it is well-known that A is definablee with —* and V, and with equality as a binary relation in D, T and _L turn outt to be definable as well. We get that every Boolean expression is semantically equivalentt to a first-order formula.

Proposit ionn 4.4 If D has equality, then for every Boolean expression b there existss an open first-order formula tp such that D f= b ss <p.

Proof.. We make three observations. Firstly,, according to Definition 4.3, for every variable x € X

DD êq{x,x) % T, (4.1)

soo if b — T, then we can select x £ X and put ip = eq(:c, x). Secondly,, since -> T = J_ by definition,

D h - T « l ,, (4.2)

soo if b = then we can put b V ->c) for all b.c e B,

D H ^ A ^ - ( ^ V n x ) .. (4.3)

soo we can put [~^tp V -> \)-Withh these observations the proposition follows by structural induction on b. D Forr the most part, we shall be working with Boolean expressions modulo semantic equivalence,, and with a data algebra that has equality. Then, according to the abovee proposition, every Boolean expression may be conceived as an open first-orderr formula: by (4.1)-(4.3) we may interpret occurrences of T, J_ and tp A ip as abbreviationss of eq(x,x), - iT , and ~,{~'*p V ~|V) ) respectively.

Wee introduce a few more standard abbreviations: —> ip abbreviates -> tp V ip; (p(p <- tp abbreviates (ip — ip) A (i> —> ip); and (Vx)p abbreviates ->(3x)~i(p. Fur-thermore,, if m > 1 and n > 0, then we define the formula \Jm<l<n p>i inductively ass follows:

4.22 The definition of <j> 55 5

1.. if n = 0, then V m<K n <Pi = -L; and

2.. if n > m, then V m<i<n <fi = V m<;<n- i <Pi v W

4.22 The definition of cj>

Wee start with an analysis of when a valuation v satisfies t =^ : % x T0 —> <E> such that for all ordered tree forms t and u

D,i // |= 4>^{t,u) if, and only if, TD ( ,4 ) ,^ |= £ =<! u.

Wee shall then obtain <fi from 0^ and the function 0 that assigns to every pCRL expressionn an equivalent ordered tree form.

First,, we distinguish cases according to the form of t: Supposee that t — ö. Since S is the least element with respect to < in every generalisedd basic process algebra with deadlock,

Tn(A),v\=6*$u.Tn(A),v\=6*$u. (4.4)

Supposee that t = t' + t", then, since an alternative composition is the least upper boundd of its components in every generalised basic process algebra with deadlock,

TD( .4),, v \=t' + t" 4u if, and only if, TU(A), v \= t' *$ u, t" u. (4.5)

Supposee t is a simple tree form, say t — J2z t* <! b o 6. We need some notation: iff x = 3?i,..., xn is a sequence of variables, and d = d i , . . ., dn is a sequence of elementss of D, then with [x := d] we shall mean the sequence

[x[xnn := d„] [xi := di] .

(Thee inversion is for convenience of notation; e.g., we have, for a sequence of variabless x = xu.. .,xn, that ^(J^^p) = ^2W(p[x := d]) j d = d i , . . ., dn G D} , alsoo if some variable occurs more than once in x.)

Lemmaa 4.5 Suppose that f = ï i , . . . , i n is a sequence of variables such that {£}} n FV(«) = 0; then

T D M ) ,, v |= Y,x l* (A),v[x := d] |= t* 4 u. (4.6)

Proof.. Let t = ^ ~ t* S, and let iu be the interpretation homomorphism fromm Pol(^4, D) into TD(„4) generated by v\ then

Ut)Ut) = ZMt*[x •= d]) | d = d i , . . ., dn e D s.t. v(b\x := d]) = T } .

566 Chapter 4 A correspondence between pCRL and first-orde r logic

UTUTuu{A),u{A),u (= t 4 M, then, by ( G A I ) ,

iivv(t*[x(t*[x := d]) < Ly{u) for all sequences d such that D, iv[x := d] f= b % T.

Sincee 2',; ^ FV(w) for all I < i < n,

iivv(u)(u) = LV{U[X := d]).

Hencee TD{A), v[x := d] (= t* ^ «. Conversely,, suppose

D.. £ := d] |= b « T implies T D ( . 4 ), £/[£ := d] |= £* ^ u for all d.

Byy ( G A 2 ) ,

TTuu{A),v[x:=ó\{A),v[x:=ó\ \= t 4 u.

Hence,, since iu(u) = iv{u\x := d]), T^(A).v |= t ^ w. D

So.. if f — £i + - + tn and tz is simple for all 1 v f= t ^ w is t rue is determined byy whether s tatements of the form T D ( . 4 ) , ^ |= ^ ^ « are true. Furthermore, iff £j = Y^z t* <5, then, by (4.6), whether the statement TD ( .A) , v \= U =4 u iss t rue is determined by whether a statement of the form T D ( ^ 4 ) , ^ |= * ^ u is t rue.. Note that if U is simple, then t* is either an action expression or a sequential composit ionn that s tar ts with an action expression.

Lett us fix an action expression a and a tree form t\ and suppose that t* — a orr t* = at'. We shall now analyse when v satisfies t* ^ u in TD ( *4) : again we dist inguishh cases, this t ime according to the form of u: Supposee that u = 5: then, by Lemma 2.7(i),

lit*lit* = a or t* = at', then TD ( .4 ), v ft t* *$ 5. (4.7)

Supposee that u = u' + u"\ then, by Lemma 2.7(h),

iff t* — a or t* — at', then

TTDD(A),(A), v f= t* ^ u + u" if, and only if,

Tj>(A),i>Tj>(A),i> \=t* 4u' or T D ( i ) , ! / H N u'. (4.8)

Forr the case that u is a simple expression, we first prove a lemma.

L e m m aa 4.6 Suppose t* — a or t* — at', and let x = X\,..., xn be a sequence of variabless such that {x} n FV(£*) = 0; then

T D ( - 4 ) ,, v \= t* = £ ~ M* <a 6 D> ö if, and only if,

theree is a sequence d = d i , . . ., dTl 6 D such that

D ,, v[x := d] (= ft % T and TD ( .A) , i/[x := d] (= i* ^ u\ (4.9)

4.22 T he definit ion of cp 57 7

Proo f.. Let u — ^2£ u* < b Cx5, and let iv be the interpretation homomorphism fromm Pol(„4, D) into T o ( . 4) generated by u\ then

t l / (u)) = £ { ^ ( u * [ ; r : = d]) | d = d i , . . . , d„ € D s.t. D,v[x:=ó] |= 6 « T } .

Sincee t„(^* ) = LU{CL) or tj,(£*) = i^(a) £,,(£') and i „ (a ) is a tree action, we find by

Lemmaa 2.7(iii) that Lv{t*) < iy{u) if, and only if, there exists d = d i , . .. ,d„ G D

suchh that D, u[x :— d] (= b » T and £„(£*) < t„(u*[ x := d]); the lemma follows. D

Now,, suppose that u is a simple expression, say u — ]T^ u* S with ii* = a' orr u* = a'u'\ we conclude our analysis by distinguishing cases according to the formss of t* and u*\ iff t* = a and u* = a', then, by Lemma 2.7(v),

T D ( ^ ) , vv (= i* =$ w* if, and only if, T0(A),v M * ~ u*: (4.10)

iff i* = a i' and u* = a'u', then, by Lemma 2.7(vi).

T D ( ^ ) ,, V\= t* 4U* if, and only if, TD ( .A) , v \= a « a', i ' « u'; (4.11)

iff t* — at' and u* = a', or f = a and u* = a'it ', then, by Lemma 2.7(iv),

TTDD{A),v^t*{A),v^t* û*. (4.12)

Ourr analysis shows that a statement T-D(A),v (= t =4 u is equivalent to a first-orderfirst-order combination of statements of the form

1.. D , v |= 6 S3 T, with 6 a Boolean expression;

2.. T D ( » 4 ) ,^ \= a & a', where a and a' are action expressions; and

3.. TD(A),U \= t' =4 U' and TE>(A),V j= u' =4 t\ where t' and u' are continua-

tionss of simple expressions in t and u, respectively.

I tt is straightforward to associate an appropriate first-order formula with a state-mentt of the first form: conceive b as an open first-order formula (cf. Proposit ion 4.4 andd the remarks directly following its proof).

De f in i t i onn 4 .7 Suppose that D has equality; we associate with every two ac-tionn expressions a = a ( d i , . . ., d,n) and a' — a ' ( e i , . . ., en) a Boolean expression eq(a,, a') as follows:

(( '\ — > ecl(î > ei) A A cq(dm, eri) if a = a' and m = n: and '' ' otherwise

Iff we take eq(a, a') as a first-order formula, then we have the following lemma.

L e m maa 4.8 If D has equality, then

T D ( - 4 ) ,, ^ |= a ~ a' if, and only if, D , v |= eq(a, a').

588 Chapter 4 A correspondence between pCRL and first-orde r logic

P roo f .. We have

T D ( - 4 ) ,^^ h « ~ a'

^^ a ( P ( d i ) , . .. ^(dm)) = a!(v(ei),... ,v{en))

•&•& a = a', m = n and v{di) = v{ei) for all 1 <=> a = a', m = n and D, f |= eq(dj, et) for all 1 > D,z; |= eq(a, a'),

byy which the lemma is proved. D

Thus,, we associate with a statement of the second form the first-order formula eq(a,, a'). Wi t h s tatements of the third form we are going to deal recursively. First,, we associate with every tree form t a natural number | i |:

|<5|| = 0; | £ * a < ft ><5| = 1;

\t'\t' + t"\ = \t'\ + \t"\; | Y.S at' 8\ = \t'\ + 1.

Iff t' is the continuation of a simple expression in t, then \t'\ < \t\. Consequently, iff t' and u' are continuations of simple expressions in t and u, respectively, then

\t'\\t'\ + \u'\ < \t\ + \u\.

Hence,, by induct ion on \t\ + \u\ it follows that the expression T D ( - 4 ) , V |= t ^ u is equivalentt to a first-order combination of expressions of the first two forms. The recursivee algorithm in Table 4.1 reflects our analysis, except that it applies (4.6) andd (4.9) wi thout verifying the provisos of Lemmas 4.5 and 4.6. Let us say that thee algorithm in Table 4.1 is correct for t and u if for every variable x

(i)) if ^2x occurs in t, then x does not occur at all in u; and

(ii )) if ^2x occurs in u, then x does not occur at all in t.

P r o p o s i t i onn 4 .9 Suppose that D has equality. If the algorithm in Table 4.1 is correctt for t and u, then it associates with t and u a first-order formula 0 ^ ( i , u) suchh that

T D ( * 4 ) ,, u\=tû\f, and only if, D, u \= <fi^(t, u).

Proof .. The proof is by induction on \t\ + \u\. If \t\ + \u\ = 0, then t — 5, so T D ( - 4 ) ^^ (= t =<; u by (4.4) and D , i / f= <f)^(t,u) since <f>^(t,u) — T. Suppose thatt \t\ + \u\ > 0; we proceed by distinguishing cases according to the form of t.t. We shall only t reat the cases that involve an application of the induction hypothesis. . Fi rst,, suppose that t = ^ - at' 6. Since the algorithm is correct for t and w, {xi\{xi\ n FV(ai ') = 0 for all 1 < i < m, so by (4.9) and (4.11)

T D ( - 4 ) ,, V |= at' =<! Uj if, and only if, there exists a sequence d such that

D , f [ £ ii := d] (= 6 ~ T, and T D ( - 4 ) , ^[ i ^ := d] |= a ~ Oj, £' % ut'.

4.22 The definition of 4> 59 9

computee 0^(2, u):

lett « = «H \- Um + Um+i H + «„,

wheree «. - ƒ ^ f t > * 1 < * < ™!

case e

tt = S: retur nn T.

tt = Ex a Ö:

retur n n

(Vz)) 6 — V (3 f i ) (6» A eq(a, a*))

m<i<n m<i<n

tt = ^2sa-t' 6: computee <fi^(t', u[) for all 1 ^{ul, t') for all 1 \ / (3 f i ) (6, A eq(a, a,) A <^(«', u,') A <Mu,', 0 ) K i < m m

<< = t' + t": computee (t>^(t',u); computee 4>^(t", u); retur nn </>=$(£', u) A 4>^(t", u).

end. .

Tablee 4.1: The algorithm that computes 0^.


Byy Lemma 4.8

Tr>(A),v[xiTr>(A),v[xi := d] (= a w a^ if, and only if, D, u[xi := d] (= eq(a, a*),

soo with two applications of the induction hypothesis, using that T D ( ^ ) , V )= p ~ q if,, and. only if, T o (-4), f h | ) ^ ? and. T D ( - 4 ), ^ (= g ^ p, we get

T D ( - 4 ) , ^ [ Ï !! := d] \= t' w « if, and only if,

D,^[f,, :=d] |=<M*>i ) A ^ « , 0 -

Hence e

T D ( - 4 ) ,, f |= ai' =<! itj if, and only if,

D,z// h ( 3 x i ) ( 6 i A e q ( a , ai ) A ^ ( i ' , u ï 0 A ^ « , O )-

Consequently,, by (4.8) and (4.12)

T DD (A) ,u \= at' =<; u if, and only if,

D, i / |== \J (3xl){biAeci{a1al)A(j)4{t',u'l)A^{u'i,t')). l S 4 u ii, and only if,

J 7 i < i <n n

forr all sequences d such that D , z / [ : r : =d ] | =&^T.

Hencee Tjy(A), v\=tûif, and only if, D, v (= <fi^(t,u). Next,, suppose that t = t' + t"; by the induction hypothesis

TD(.4), i// (= £' ^ u if, and only if, D,i/ |= 4>^(t',u),

and d

TD(„4) ,, i/ |= £" ^ u if, and only if, D, ^ |= <^(t", u),

soo by (4.5), T D ( - 4 ) ,^ (= ^ « if, and. only if, D, v |= <fr4(t,u). D Thee algorithm in Table 4.1 yields a partial recursive function 0^ : T0 x 7 —> $

thatt is defined on £ and it if the algorithm is correct for t and u. It induces a totall function on a-congruence classes of tree forms which is by Convention 3.7 alsoo denoted by 0^; we have that

T D ( ^ ) ,, v \= t ^ u if, and only if, D, v |= <£=<;(£, u).

Sincee TD( .4), i/ |= p « g if, and only if, T D ( - 4 ), ^ |= p =4 q and TD( .4), v (= g ^ p, andd by Corollary 3.23, we get that

T D ( ^ ) , i // |= p « q if, and only if, D ,^ |= <M0ofa)A(?)) A 0^(0o(g)A(p)).

4.33 The definition of 77 61

Thus,, we have a candidate for 0, except that it is not one-one. (If t is an ordered treee form, then 80{t + 6) = t, so (f>^{6o(t),0o(q)) = 4>^{90(t + 6),0o{q)) for all q.)q.) We obtain a one-one function as follows. Let r_n : V — (u> — {0} ) be any recursivee injection of V into the set of positive natural numbers (any recursive codingg of strings over the set of symbols used to write pCRL expressions will do;; it is well-known that such codings exist for finite strings over a countable alphabet).. For n > 1 we define (_L)n by (X)1 = J_ and n + 1 = (.L)n V _L; note thatt D,i/ |= if V (_L)n if, and only if, D,i/ (= <p, for all formulas p. Now, let 00 : V x V —> <& be such that for all p and g

<P,, ?> - {M9o(p),0o(q)) A M0o{q)MP))) v r»n v r*n

Then,, 0 is the one-one recursive function we needed to define; we have proved

Theoremm 4.10 Suppose that D has equality. Then there exists a one-one recur-sivee function ( ^ : ? x ? - »$ such that for all pCRL expressions p and q

TD( *4 ) ,, v |= p Ri q if, and only if, D, v |= 0(p, g).

4.33 The definition of 77

Wee shall now associate with every first-order formula ip a pair of pCRL expressions rj(<p)rj(<p) = (p, g) such that D, 1/ (= y if, and only if T D ( - 4 ), v \= p ~ q. Recall that an openn first-order formula may be viewed as a Boolean expression (cf. Section 4.1).

Lemmaa 4.11 If ip is an open first-order formula and c is a closed action expres-sion,, then

TD(-<4)>> v\=c<$p>6zzc if, and only if, D, v j= <p.

Proof.. By Proposition 4.2, D, v f= ip if, and only if, D, u \= S) = tv{c)\ otherwise iv[c t> 6) = 5. Since iu(c) ^ J thee lemma follows. D

AA formula p is in prenex form if it has the form

{Qxi)...{Qx{Qxi)...{Qxnn)il> )il>

wheree each (Qx{) is either (3xl) or (Va^), the variables x i , . . . ,xn are all distinct, andd ip is open. We call {Qx$... (Qxn) the prefix of </> and ip the matrix.

Lemmaa 4.12 There exists a recursive function n : & —> $ that associates with everyy first-order formula </? a prenex form Tr((p) such that

D,, v \= n(<p) if, and only if, D, v \= <p.

Proof.. See Shoenfleld (1967) or Rogers, Jr. (1992). D


Lemmaa 4.11 shows how an open first-order formula can be expressed as a pCRL equation.. We shall prove now that universal and existential quantifiers can be expressedd as transformations on pairs of pCRL expressions. Then, we shall conclude thatt every prenex form is expressible as a pCRL equation, and we shall define the functionn i] using 7r (with a similar trick as in the definition of </> to ensure that rj iss one-one).

Sincee universal quantification generalises conjunction, it is instructive to see how conjunctionn is expressible.

Examp lee 4.13 Suppose that t i , t2, uj and u2 are trees. We wish to construct treess t and u such that t = u if, and only if, ti = Ui and t2 = u2. Let ai and a2

bee distinct tree actions; we define t = ai ti + a2 t2 and u = Z\ • u\ + a2 u2 (see Figuree 4.1).

Figuree 4.1: t = u if, and only if, ti = ui and t2 = u2.

Byy Lemma 2.7(vi) ai -ti = ai ui if, and only if, ti = u1; and also, since ai ^ a2, aii -ti ^ a2-u2. Hence by Lemma 2.7(h) ai-ti < u if, and only if, ti = Ui. Similarly i tt follows that a2 t2 < u if, and only if, t2 = u2, so t < u if, and only if, ti = Ui andd t2 = u2. By a symmetric argument it also follows that u < t if, and only if, t ii = Ui and t2 = u2: we get t = u if, and only if, ti = iij and t2 = u2.

Lett a be a unary parametrised action symbol; we define

(\/x)(\/x)11(p,q)(p,q) = J2xa(x)p; and

(Vx)(Vx)22(p,q)(p,q) = E xa< » 4-

Intuitively,, a(ar) pairs a particular instance of p with the same instance of q: if d i ,d22 G D are distinct, then it is possible that iv(p[x : = di]) = iu(q[x := d2]) for somee valuation v, while i iy(a(di)) ^ t^(a(d2)) implies that

^(a(di))) L„(p[x := di]) 7 t„(a(d2)) iv{q[x := d2]) .

Comparee this to the use of ai and a2 in Figure 4.1: it follows from ai ^ a2 that aii ti 7 a2 u2.

4.33 The definition of rj 63 3

Lemmaa 4.14 (V-introduction) If p and q are pCRL expressions, then

Tj>(A),v\=Tj>(A),v\= {Vxh(p,q) « (Vx)2<p, q) if, and only if,

T D ( i ) ,, W# := d] f= p w ? for all d G D.

Proof. .

)) If Tn(A),v h (Vx)i{p,«> « (Va;)2{p,?), then

E K ( a ( d i ) ) - ^ ( p [ ^ : = d i ] ) | d1 € D}} =

E K ( a ( d2 ) ) - ^ ( g [ a : : = d2 ] )) | d2 e D} ,

soo by, Lemma 2.7(iii,vi), for every di G D there exists d2 € D such that a(di)) = a(d2) and tv{p\x := di]) = tu(q[x := d2]). Since a(di) = a(d2) impliess di = d2, it follows that

LLuu{p[x{p[x :— d]) = Lu(q[x :— d]) for all d G D;

hencee T-D(A), V\X := ó}\= p ^ q.

(<=)(<=) If T0(A),v[x : = d ] ( = p «? for all d G D, then

t„(a(d))) ty(p[x := d]) = *„(a(d)) Lv{q[x := d]),

soo TD(.4), i/ h (Vx)i(p, <?} « (V:r)2<p, g>. D

Existentiall quantification generalises disjunction; the following example explains howw disjunction is expressible.

Examplee 4.15 Suppose that t i , t2, ui and u2 are trees. We wish to construct treess t and u such that t = u if, and only if, ti = Ui or t2 = u2. Let ax, a2 and c bee distinct tree actions; we define t = c (ai ti + a2 u2) + c (ai ui -f a2 t2) and uu = c (aT ti 4- a2 u2) + c (ai ui + a2 t2) + c (a! - ti + a2 t2) (see Figure 4.2).

Clearly,, t < u and c (ai ti + a2 u2) + c (ai ui + a2 t2) < t; so t = u if, and onlyy if, c (ai ti + a2 t2) < t. Hence, by Lemma 2.7(ii,vi), t = u if, and only if, tii = ui or t2 = u2.

Lett c be a closed action expression and let a be a unary parametrised action symbol;; we define

(3x)i{p,q)(3x)i{p,q) = J2xc(I2xA(x)P + a(x)(i)^ a nd

(3x)2{p ,, q) = (3x)l(p, q)+c {J2X a{x)p).

Notee that in the definition of (3x)i (p, q) the first (i.e., left-most) occurrence of J2X

bindss the variable x in a,(x)q, while the second occurrence binds the variable x in a.(x)p.a.(x)p. Intuitively, by executing c an instance a(d) q[x := d] of &(x)q is fixed, but fromm the execution of c it cannot be seen which particular element of D is selected. Comparee this to the function of the tree action c in Figure 4.2: by executing c a choicee is made between a* t{ and a Uj for i = 1,2.


Figuree 4.2: t = u if, and only if, ti = Ui or t2 = ii2-

Lemmaa 4.16 (3-introduction ) If p and q are pCRL expressions, then

T D ( .4 ) ,ff (= (3x)i(p, q) ~ (3x)2(p,g) if, and only if,

theree exists d G D such that T D ( - 4 ) , I>[X := d] |= p « q.

Proof. . Notee that

TTDD(A),i^(A),i^ \= (3x)1{p,q) ^ (3x)2(p,q)

«-- T D ( ^ ) , I/ h c ( Ex a(i)p) * E , c ( E, a(x)p + a(z)g) >> there exists d S D such that

TD(7l) ,, i/[x := d] |= E^ a(x)p « E x a(x)p + &(x)q

>> there exists d G D such that Trj(-4) , i/[x := d] |= a,(x)q =4 E a(x)p

and,, since a(di) = a(d2) if, and only if, d\ = d2,

<4>> there exists d G D such that T D ( . A ) , f[ x := d] (= p « g.

Theoremm 4.17 There exists a one-one recursive function 77 : <É> —> "P x V such thatt for every first-order formula ip

D,, z/ |= (p if, and only if, TD(»4), V |= p « g, where 77(9) = (p, g)

(providedd there are at least a closed action expression and a parametrised action symboll with arity > 0).

Proof.. Let ip be a prenex form; we define pCRL expressions P(<p) and Q(<p) as follows: :

4.44 A universal fragment 65 5

1.. if the prefix of Ö andd Q(<£>) = c, where c is a closed action expression;

2.. if the prefix of <f begins with a universal quantifier, say f = (Va:)i/?, then

P(V?)) = (Va:)i(V0, W ) > and Q(y>) = (Va;)2{P(V), Q(i/>)); and

3.. if the prefix of <f begins with an existential quantifier, say and Q M - (3x)2(P{il>), Q{if>)).

Byy Lemmas 4.11, 4.14 and 4.16 and an easy induction on the length of the prefix off f it follows that

B,vB,v \= <f if, and only if, T D ^ ) , i / (= P(y?) « Q(y>).

Too ensure that 77 is one-one, we use a recursive injection r_~l : $ —> (u> — {0} ) of $ intoo the set of positive natural numbers; we define the function 77 : $ —> P x P by

wheree (5)1 = <5 and (ó)n +1 - 5 ön for n > 1.

Clearly,, r\ satisfies the requirements of the theorem, so the proof is complete. D

Byy Theorem 4.10 the pCRL theory of D is one-one reducible to the first-order theoryy of D, and Theorem 4.17 proves the converse. Hence, the pCRL theory and thee first-order theory of D have the same degree of unsolvability with respect to one-onee reducibility. By a theorem of Myhil l (see Rogers, Jr., 1992) we get the followingg corollary.

Corollar yy 4.18 If D has equality, then the pCRL theory of D and the first-order theoryy of D are recursively isomorphic (provided there are at least a closed action expressionn and a parametrised action symbol with arity > 0).

4.44 A universal fragment

Thee choice quantifier is a powerful construct: it may be used to simulate both the universall and the existential quantifier of first-order logic. Indeed, the algorithm off Table 4.1 yields an open formula when applied to tree forms t and u without choicee quantifiers, and with any open formula Lemma 4.11 associates a pCRL expressionn without choice quantifiers. The main application of choice quantifiers iss to model input. We shall now investigate how much of the expressiveness of choicee quantifiers persists if we only use it to model input.

Inn Section 3.6 we have introduced a fragment of value-passing CCS. We have as-sociatedd with every process expression of that language a pCRL expression. Thus, value-passingg CCS gives rise to a fragment of pCRL; a pCRL expression that is associatedd with some process expression of value-passing CCS we have called an


i npu t /ou tputt expression. The input/output theory of D consists of all pCRL equa-tionss p ~ <7, with p and q input /output expressions, such that T D ( * 4 ) |= p ~ q. Wee shall see below that the input /output theory of D is essentially less com-plexx than the full pCRL theory of D: it is recursively isomorphic to the universal fragmentt of the first-order theory of D . We easily get a variant of Lemma 4.11.

L e m m aa 4 .19 Suppose that c) « c if, and only if, D , v \= ip.

Iff p and q are inpu t /ou tput expressions, then (Vx)i{p , q) and (Wx)2(p., q) are also i npu t /ou tputt expressions:

(\fx)i(p,(\fx)i(p, q) = a?.r.p; and

{Vx){Vx)22{p,q){p,q) = &?x.q.

Hence,, we have the following lemma.

L e m m aa 4 .20 (V- in t roduct ion ) If p and q are input /ou tput expressions, then

TT>(A),I>TT>(A),I> h (V*h<p, q) « (Vx)2{p , q) if, and only if,

T D ( . 4 ),, v[x :=d]\= p ^ q for all d e D.

AA first-order formula is universal if it is in prenex form and all quantifiers in it ss prefix are universal; we denote by Qu the set of universal formulas. From Lemmass 4.19 and 4.20 we straightforwardly get a variant of Theorem 4.17.

T h e o r emm 4.21 There exists a one-one recursive function rjio : <&u —> ZO x TO suchh that for every universal first-order formula </?

D ,, v (= if if, and only if, TD ( ^ l ) , v |= p % q, where ijio((p) = (p, q)

(providedd there is a closed output action and a parametrised action symbol with arityy > 0).

Thee transformation {(3x)i , (3x)2) defined in Section 4.3 uses a distinct feature off the choice quantifier that is not expressible by means of an input prefix: the variablee x, bound by the left-most choice quantifier in

E ï ^ a ^ PP + a W ?)

doess not occur in the action expression c that immediately follows it . Recall that, intuitively,, by executing c an instance a(d) q[x :— d] of &(x)q is fixed, but from thee execution of c it cannot be seen which part icular element of D is selected.

Fromm Lemma 3.26 on p. 48 we get that if p is an input /ou tput expression, then thee ordered tree form 60{p) associated to p has explicit instantiation. We shall now provee that all existential quantifiers can be eliminated from the formula <p^(t, u) iff t and u are ordered tree forms with explicit instantiat ion.


Theoremm 4.22 Suppose that D has equality, and let t and u be ordered tree formss with explicit instantiation. Then there exists a universal first-order formula ifif such that D |= </>=<;(£, u) <-> <p.

Proof.. We shall apply a few elementary results of first-order logic that are proved,, e.g., by Shoenfield (1967); in particular we need the following results on quantifiers: :

((Var)v?? A ip) <-> (V:r)(v? A -0), provided that x & FV(^); (4.13)

{{Vx)<p{{Vx)); (4.14)

{if{if — (yx)ip) <-) {Vx){(p — V7), provided that x ^ FV(c^); (4.15)

(3a;)(eq(x,, d) A <£>) <-> t^[x := d]. (4-16)

Thee proof is by induction on \t\ + \u\; we shall only do the induction step. Suppose \t\\t\ + |«| > 0; we distinguish cases according to the form of t. Iff t = <5, then (f>^{t, u) — T, which is a universal formula. Iff t — t' + t", then by the induction hypothesis 0^(i ', u) and <f)^{t", u) are equiv-alentt to universal first-order formulas, say (Va;i)... {Wxk)<f' and (Vg/i)... {Vyi)f"'• Withoutt loss of generality we may assume that X{ ^ y^ X{ £ F V (<£>") and yj $. FV(</),, for all 1 ")-

Inn the two cases that remain t is a simple expression; we shall only treat the case thatt t has a continuation. Suppose t — Y2x at' S and let u — u\ + - • • + um + Um+iUm+i H h Un wi th

UiUi = J2xiJ2xi ai' ui<bi> S 1 6 m < i < n.

Then n

Mt,Mt, u) = (Vf) lb -+ \J (3fi) (6» A eq(a, a,) A <^(£', vi) A <^K' , t'))

\\ l < i < m

Noww consider the subformula

(3£i)) (ft, A eq(a, a*) A ^ ( t ' , u-) A <^K' , t'))

Byy (4.14) and (4.15) it suffices to prove that it is equivalent to a universal formula. Byy the induction hypothesis <j!> (£', tt2') and <^(u2', t') are equivalent to universal formulas,, say (Vzi) . .. {Vxk)f and (Vg/i)... {\/yi)ip. If | ^| = 0, then the theorem followss immediately from (4.13), and if eq(a,Oj) = , then the theorem follows sincee (3x)J_ <-+ . Otherwise a and ^ are instances of the same parametrised


actionn symbol and, since u has explicit instantiation, a, — &(xi). Let a = a(d), wheree d is a sequence of data expressions with \xz\ — \d\. Then,

eq(a,a*)) = eq(xli,d1) A Aeq(xife, 4 ),

whencee by (4.16)

{BiCi){BiCi) {bt A eq(a, a*) A <? A */;) <- * := d] A ip[xt := d] A Vf ë := d\).

Fromm this the theorem follows, since by (4.13) the right-hand side is equivalent to aa universal formula.

Hence,, the universal fragment of the first-order theory of D is one-one reducible too the input-output theory of D, and from Lemma 3.26 and Theorem 4.22 we get thee converse. Hence, the input/output theory of D and the universal fragment of thee first-order theory of D have the same degree of unsolvability with respect to one-onee reducibility. Consequently, by a theorem of My hill (see Rogers. Jr., 1992) wee get the following

Corol laryy 4.23 If D has equality, then the input/output theory of D and the universall fragment of the first-order theory of D are recursively isomorphic (pro-videdd there exist a closed output action and a parametrised action symbol with arityy > 0).


Ponsee (1996) investigated the complexity of another fragment of /iCRL. He consid-erss data algebras with recursive functions and relations, and, with respect to our fragment,, he omits the choice quantifiers and includes data-parametric recursion. Forr (pairs of) specifications in this fragment he classifies a number of properties in thee Arithmetical Hierarchy. In particular, he shows that, restricting to computable data,, equivalence between two recursive specifications in his fragment is complete inn n?. So. approximately, the contribution of data-parametric recursion to yuCRL correspondss to the contribution of universal quantifiers to first-order logic.

Hennessyy and Lin (1995) have already proved part of Corollary 4.23 for value-passingg CCS, giving an algorithm that associates to each pair of finite value-passing processess a universal formula that holds if, and only if, the processes are bisimilar. Theoremm 4.21 extends their result with the converse, that the universal quantifiers introducedd by their algorithm cannot be eliminated.

Theree is a vast literature exploring the connection between process theory and modall logic (see Bradfield and Stirling (2001) and Stirling (2001) for recent ac-counts).. The connection proceeds via labeled transition systems: a process can be viewedd as a labeled transition system modulo bisimulation, a modal formula can bee viewed as the specifation of a property of a state in a labeled transition system. Incidentally,, a labeled transition system may be conceived as a first-order model, interpretingg the transition relation as a family of binary relations indexed by the labels.. This point of view gives rise to a correspondence between process theory


andd first-order logic quite different from the one considered in this chapter. In this context,, Hollenberg (1998) studies which operations on labeled transition systems aree first-order definable, i.e., definable through a set of first-order formulas.

5 5

AA deductive system for pCRL

Lett us call a pCRL equation p % q valid if GBPA,5(*4, D) f= p « q; e.g., the equationss 0(p) ~ p, where 9 is the function of Section 3.5 which associates a tree formm with every pCRL expression, are valid (cf. Lemma 3.22). To prove that a pCRL equationn is valid, can be quite a laborious enterprise. The general technique is to presupposee an arbitrary valuation v and an arbitrary element P of GBPA<s(.A, D), andd prove by means of the axioms of GBPA^'s that tv{jp) — ^(q), where iv is thee interpretation homomorphism from Pol(.4, D) into P generated by v. We illustratee this in the following example.

Examplee 5.1 Suppose that p denotes the pCRL expression

Y^Y^xx v(x)s(x) < 0 < x \> r(x)s(—x)

fromm Example 3.14, and let q be the tree form

J2J2XX T(X)S(X) <0<X>5 + ^2X r(x)s(-x) < -i(0 < x) > 6

thatt we associated with it in Example 3.18. We want to prove that p « q is valid.. To this end, we fix an arbitrary valuation v and an arbitrary element P of GBPAtf (AD);; then,

^(P)^(P) = E(K( r (n )s (n)) | n > 0} U {^(r(n)s(-n)) | n < 0}), and

i-Mi-M = EK( r (n )s (n )) | n > 0} + £ K ( r ( n ) s ( - n )) | n < 0} .

Byy (GAl),

t^(r(n)s(n))) < iv{p) for all n > 0, and

ijy(r(n)s(-n))) < tu(p) for all n < 0;

soo by (GA2),

I]{Ai/(r(n)s(n) )) | n > 0} < t„(p), and

S K ( r ( n ) s ( - n ) ) | n < 0 } °} for a11 n > 0; a nd

^(r (n)s(-n))) < £ K ( r ( n ) s ( - n )) I n < 0} for all n< 0;

71 1

72 2 Chapterr 5 A deductive system for pCRL

so,, by (Al ) and (A2),

ti,(r(n)s(n))) < Lu(q) for all n > 0, and

t„(r(n)s(( —n)) < i„{q) for all n < 0;

hence,, by ( G A 2 ), i„{p) < Lu{q). Fromm iL/{q) < iv{p) and Lv{p) < Lv{q)i we conclude, by (Al) , that iy{p) — t^(q).

Hence,, p « q is valid.

Itt is easily verified that the specific form of the subexpressions r(x)s(x) and r(x)s(—x)r(x)s(—x) is not relevant for the calculations in the above example. We have actuallyy proved for all pCRL expressions p and q the validity of

J2J2xxpq^Y,pq^Y,xxP<P<bbtt>S>S + Y,x(l<^ b>ó- t 5- 1)

Thiss equation, in turn, is a consequence of two more general equations, which are alsoo valid:

pq^pS+q<-'b\>8]pq^pS+q<-'b\>8] and (5.2)

£*(p++ ?)«£*!>+ £*</ (5-3)

Too get (5.1), we first apply (5.2) to the subexpression p 5 + q<] -> 6 [>S to obtain ^ x ( p 6 + q< -> b ><$); too justify this replacement, we postulate that for pCRL expressions p and g

pp w 9 implies £ x p ^ £ x g. (5.4)

Subsequently,, we apply (5.3) to the expression £ x ( p <\b>S+q<\->b[> 5) to get thee right-hand side of (5.1). If for all pCRL expressions p, q and r

pp ?a q and q « r implies p ~ r, (5.5)

thenn we may conclude (5.1). Startingg from (5.2) and (5.3), we have deduced (5.1) using (5.4) and (5.5). Of

course,, to conclude from this deduction that the pCRL expressions of Example 5.1 aree equivalent under any interpretation in any element of GBPA$(„4,D), we still needd to apply the technique of Example 5.1 to verify that (5.2) and (5.3) are indeed valid,, and that the validity of the antecedents of the implications (5.4) and (5.5) impliess the validity of the conclusions. However, a verification of (5.2)-(5.5) has a muchh wider applicability than the verification in Example 5.1. It follows that not onlyy (5.1) is valid for all pCRL expressions p and q, but also any other equation thatt can be deduced with (5.2)-(5.5).

Inn Chapter 3, we have introduced the language pCRL to describe elements of generalisedd basic process algebras with deadlock. In this chapter, we associate withh it a deductive system to facilitate formal proofs of valid equations. We shall designatee particular valid equations as axioms (e.g., (5.3)), and certain valid impli-cationss between equations as inference rules (e.g., (5.4) and (5.5)). Our inference ruless correspond to the elementary steps of equational reasoning; e.g., (5.5) says

5.11 The deductive system 73 3

thatt « is a transitive relation on pCRL expressions. Each of our axioms expresses aa property of a construct or a combination of constructs of pCRL that we consider basic;; e.g., (5.3) expresses that choice quantifiers distribute over alternative com-positions.. From the axioms we require a certain degree of generality. For instance, wee shall see that (5.2) can be deduced from more general valid equations, and we shalll take this as an argument not to include it as an axiom.

Intuitively,, the proof that an equation p w q is valid consists of three parts: a partt that establishes some necessary properties of D; a part that describes how thesee properties prove the validity of pCRL equations; and a part that involves reasoningg about the constructs of pCRL, independent of any data occurring in p andd q. The design of our deductive system reflects this trichotomy. Reasoning aboutt data is delegated to a subsidiary deductive system S for data equations and forr Boolean equations. Two simple laws explain how the provable equations of SS give rise to valid pCRL equations: if S proves the data equation d ^ e and a pCRLL expression q is obtained from another pCRL expression p by replacing an occurrencee of d by e, then p « q is valid; and if S proves the Boolean equation bb ~ c, then p <\b> q1^ p < O q is valid.

Thee remaining axioms and rules of our deductive system are independent of specificc properties of the data; they express certain fundamental properties of thee constructs of pCRL. A deduction within our deductive system may thus be thoughtt of as the explanation of a valid equation in terms of these fundamental properties,, with an occasional reference to the subsidiary deductive system S for thee explanation of a property of the data. Then, the question naturally arises whetherr every valid pCRL equation may be explained in this way, i.e., whether ourr deductive system is complete. Clearly, this depends to a large extent on the deductivee power of the subsidiary system S for the data. We shall investigate completenesss under the assumption that D is fixed and that S is powerful enough too infer any property of D that may be needed to establish the validity of a pCRL equation.. Such a powerful enough S acts as an oracle for D, and the result that we shalll prove may be called relative completeness: our deductive system is complete iff it may consult an oracle that answers any question about the data.

5.11 The deductive system

Inn the process specification language //CRL, on which the language pCRL is based, abstractt data types are defined by means of many-sorted algebraic specifications. Wee wish to stay close to this, so we take many-sorted equational logic as a basis forr our subsidiary deductive system for the data.

Definitio nn 5.2 A data specification S is a two-sorted equational specification

S = ( A U £ B , £ D , £ B ) )

withh sorts D and B that consists of

(i)) the language A of a data algebra, extended with the signature of Boolean


(BAl ) ) ( B A 2 ) )

( B A 3 ) )

( B A 4 ) )

( B A 5 ) )

(BAl ' ) ) ( B A 2 ' ) )

( B A 3 ' ) )

( B A 4 ' ) )

( B A 5 ' ) )

aa V (6 V c) ; bb V c i

bb V (6 A c) ; aa V (6 A c) J

bVbV ^b ',

aa A (i A c) : 66 A c ? b A ( W c )) J a A ( ^ V c ) : : 66 A^f r ?

^ ( f l V i ) V c c

533 c V b

=33 6

«« (a V 6) A (a V c) =ss T

^^ (a A b) A c «« c A 6 «« 6 «« (a A 6) V (a A c) «« JL

Tablee 5.1: The Boolean axioms that are included in every data specification.

algebras s

SBB = {V,A: B x B - ^ B , ^ : B ^ B, T,_L :-> B};

(ii )) a sequence £D = (d\ « ei), (^ ~ e2) , . .. of data equations; and

(iii )) a sequence E& = (h w ci), (62 ~ c2) , . .. of Boolean equations such that £B att least contains all the instances of the axiom schemata in Table 5.1 with Booleann expressions for the meta variables a, b and c.

Wee shall call A the language of 5, the equations in £Q are called the data axioms off S and the equations in £*B are called the Boolean axioms of S.

Wee write S h d % e if the data equation d ~ e can be deduced from the equationss in £0 and £B by means of many-sorted equational logic (cf., e.g., Goguen andd Meseguer, 1985); and similarly, we write S h b ~ c if the Boolean equation fefe ~ c can be deduced from the equations in £Q and £B- It is easily verified from Definitionn 3.3 on p. 31 that the Boolean axioms generated by the schemata in Tablee 5.1 hold in every data algebra D. Whenever S is a two-sorted equational specificationn with language A, D is a data algebra with the same language A, and allall the axioms of $ hold in D, then D is called a model of S. If D is a model of 5,, then it follows from the soundness of many-sorted equational logic that

1.. S h d ~ e implies D |= d ~ e for all data expressions d and e; and

2.. S \~ b « c implies D |= b ~ c for all Boolean expressions 6 and c.

Iff also the converses of 1 and 2 hold, then we say that *S is a complete (equational) specificationn of D.

Wee define a deductive system U(A,S), parametrised with a set of parametrised actionn symbols A and a data specification 5, as follows: the axioms of 11( 4, <S) are thee instances of the axiom schemata listed in Table 5.2 with pCRL expressions for

5.11 T he deduct ive sys tem 75 5

S-S-independentindependent a x i om s c h e m a t a:

(Al ) ) (A2) ) (A3) ) (A4) ) (A5) ) (A6) ) (A7) )

(CI) ) (C2) ) (C3) ) (C4) ) (C5) ) (C6) )

(CQl) ) (CQ2) ) ( C Q 3) )

( C Q 4) )

(CQ5) ) ( C Q 6) )

pp + q pp + {q+r)

PP + P {p{p + q)-r

(pp q)-r pp + ö 66 p

pp <\ T O q

pp q (p(p <\ b > q) (p(p + q) (p(p <l b ï> q)

EEXXP P E * P P

Y,Y,XXP P E * ( P + 9) ) (J2(J2XXP)-Q P)-Q

«« q + p

~~ {p + q) + r «« p ~~ p r + q r »» p-(q-r) ww p « 5 5

«« p «« q O -i 6 t> p

<\<\ ct> q zz p <\ b A c> q >> (r + s) &p<]b[>r+q<ibl>s SS ^pS + p<]c!>5 (rs)&p-r<b\>q-s (rs)&p-r<b\>q-s

^^ p if x $. FV(p)

« E y P [ z : = y]] i f y^FV(p )

~~ HXP + P[X:= d]

~~ E xP + E x9 ^Y,^Y,XXP-1P-1 i f x^FV(g )

J2J2XX P Ylx 9 ~ EÔ7 q) if a; does not occur in b

5 - i n d u c edd a x i om s c h e m a t a:

( D A T A )) p[x :— d] » p[x := e] if 5 h d « e

( B O O L)) p < & i > g £ i p <? i f S h & ^ c

I n f e r e n cee r u le s c h e m a t a:

( R E F L) ) ( S Y M ) )

(CONG(+) )

(CONG( < t | > )) )

pp ^ p

Pii ~ ?1, P2 92 2

PiPi + P2~ q-i + qi

PiPi ~ qi, P2~ 02

( T R A N S) )

(CONG(.) )

p~q,p~q, q~r

pp w r

Pii ~ 9i, P2 ~ 92

PiPi <3 b \> p2 zz qi \> q2 ( C o N G ( £ J J

Pii P2 « 9i 92

pp « g

Exx P ~ Ex 9

Tablee 5.2: The deductive system for pCRL with respect to a data specification S; p,, q and r range over pCRL expressions; a: is a data variable, d and e range over dataa expressions and b and c range over Boolean expressions.

76 6 C h a p t err 5 A deduct ive sys tem for pCRL

thee meta variables p, q, etc.; the inference rules are the instances of the inference rulee schemata listed in Table 5.2. Formally, a deduction (within 11(^4, S)) is a finite sequencee of pCRL equations

{Pi{Pi ~ QI)AP2 ~ 9 2 ) , - . . , ( P n« qn)

suchh each pi TH qx is either an axiom of H(A,S) or the conclusion of an inference rulee of which the premisses occur earlier in the sequence. We call the last equation ppnn PS qn of a deduction its conclusion, and we write I1(A,$) \~ p ~ q if the axioms andd the inference rules in Table 5.2 permit a deduction that has the equation p « q ass conclusion; we shall then also say that p and q are provably equivalent. If it holdss that p and q are provably equivalent only if p ^ q is valid, then II(A,$) is calledd sound with respect to GBP/\$(A./D). Before we prove that our deductive systemm is sound with respect to GBPA<5(.4, D) whenever D is a model of *S, we makee a few comments about the axioms and the inference rules, and we give a few deductionss to i l lustrate their use.

Thee inference rules are the well-known laws of equational reasoning, adapted to ourr sett ing. Namely, ( R E F L) ( T R A N S) ensure that provable equivalence is indeed ann equivalence relation on pCRL expressions, and ( C O N G (+ ) ) - ( C O N G ( VJ )) allow thee inference of p « q if q can be obtained from p by replacing a subexpression of pp by a provably equivalent expression.

R e m a rkk 5.3 Our presentat ion is nonstandard in that it omits the so-called "sub-st i tut ionn rules." Note, however, that our definition of pCRL expression does not involvee a notion of "variable" for which one might want to subst i tute another pCRLL expression. I t is folklore that, in general, if one is only interested in "ground" terms,, i.e., in terms without this kind of variables, then it is possible to do without subst i tut ionn rules by taking all instances with ground terms of the axioms.

Byy (A1)- (A7), the set of pCRL expressions modulo provable equivalence is a BPAöö (cf. Table 2.1 on p. 17); we write I I ( i , 5 ) h p ^ q for U{A,S) \- q % q + p.

L e m maa 5.4 Il(A,S) h p « q if, and only if, U(A,S) h p ^ q, q ^ p.

P r o o f.. To prove the implication from left to right, consider a deduction

Oii ~ 0 i ) , - . - , ( pn ~ Qn) = ( p~ q) (5-6)

thatt justifies writ ing n ( . 4, S) h p ~ q. We append to it the sequence

( P ^ P M PP + P ^ P + Ï M P + P * P), {P~ P + P),(P~P + <I)- (5-7)

Sincee p « p by ( R E F L ), p+p « p+q can be inferred with (CONG(+)). Furthermore, byy (A3), p + p « p, so, by ( S Y M ) , p ^ p + p, and, subsequently, p « p + q can be

inferredd with ( T R A N S ). Hence, the concatenation of (5.6) and (5.7) is a deduction thatt justifies U(A,S) h q ^ p. If we interchange p and q in the sequence (5.7) andd moreover prefix it with the equation g ~ p, which can be inferred from p ~ q byy ( S Y M ) , we get a deduction that justifies 11(^4,5) \- p =4 q. We conclude that I1(A,I1(A, S)\- p ~ q implies I I ( .4 ,5) h p =$ q and 11(^4, S) h q 4 P-

5.11 The deduct ive system 77 7

Too prove the implication from right to left, suppose there are deductions with conclusionss p sa p + q and q w q + p. We concatenate these deductions and subsequentlyy append the sequence

(p(p + q « q + p), (p w q + p), (q + p ~ q), {p ~ ?)-

Promm p £z p + q and the equation p + q ~ q + p, which is by (A l ) , we infer pp « g + p by (TRANS). From g « g + p we get (/ + p ~ <7 by ( S Y M ) . Hence, by ( T R A N S ),, p ~ q. We conclude that H(A,S) \- p ^ q and U(A,S) \- q ^ p implies Tl{A,S)\-p^q.Tl{A,S)\-p^q. D

Wee have given a very detailed proof of Lemma 5.4 to demonstrate a precise applicationn of our deductive system. Henceforth, we shall sacrifice some detail forr the sake of succinctness, leaving out all references to applications of inference rules;; e.g., to prove the implication from right to left of Lemma 5.4 we confine ourselvess to assuming (*) p « p + q and (|) q ~ q + p, and giving the following derivation: :

pp « p + q by (*)

KqKq + p by (A l )

«« Q by (f) .

Notee that we have proved that H(A, S) \~ p ^ q, q =4 p implies Tl(A,S) \- p ~ q withoutt using any special properties of the deductions of p ^ q and q ^ p. That is,, the implication may be considered as a derived inference rule, sanctioned by thee axioms and inference rules of Tl(A,S). Later, we shall add axioms to H(A,S), andd then it is convenient to know that we may still deduce p « q from p ^ q and qq =<; p. We write

Il(A,S),piIl(A,S),pi « qi,...,pn « qn h p ^ q

iff /? ~ q may be deduced in the deductive system that consists of the axioms and inferencee rules of H(A>S) with pi ~ qi, • • • ,pn ~ qn added as axioms.

(C1)- (C5)) are adapted from a paper by Manes (1985) about the equational theoryy of abelian monoids extended with an if-then-else construct (every gener-alisedd basic process algebra with deadlock is an abelian monoid with + as binary operationn and 5 as neutral element). These axioms express fundamental relations betweenn the conditional on the one hand, and the Boolean operations T, ->, A and V,, and the operations + and 5 on the other hand. We have added (C6), which definess the interaction between conditionals and sequential composition. We shall noww derive (5.2), which we used in the deduction following Example 5.1, with these axioms;; the deduction is due to Manes.

L e m m aa 5.5 I l ( . 4 , S ) \ - p < \ b t > q ^ p < ] b > 5 + q<l^b\>5.

Proof.. The proof is by the following deduction:

pq^{ppq^{p + 5){5 + q) by (A l ) , (A6)

?z?z p <lb> 5 + 5 <ib> q by (C4)

^^ p 5 + q<ï^b\> 5 by (C2).


Conditionalss of the form p<\ b t>5 correspond to Dijkstra's "guarded commands" (seee Dijkstra. 1976); in such a conditional the Boolean expression b may be viewed ass a guard for p. Guards distribute over alternative and sequential compositions.

Lemmaa 5.6 (i) II (A S) \- (p + q) ö % {p <d b o S) + (q óm(p<bl>S)-(qö).

Proof.. By (A6), {p + q) 5 ^ (p + q) <\ b \> {S + S), so (i) follows by (C4). Thee proof of (ii) is similar, using (A7) and (C6). D

( C Q I )) ( C Q 6) reflect a few properties of quantification in general, and of choice quantificationn in particular. If x does not occur free in p, then the quantifier ^2X

hass no effect on p\ this is expressed by ( C Q I ). By (CQ2) we may rename the boundd variable x in the expression ^2X p to y if y does not already occur free in p.p. Data expressions refer to elements of the domain over which Y2X quantifies, so ( C Q 3)) reflects the intuition that any instance p[x := d] of p is a summand of J^x P (cf.. ( G A I ) in Table 2.2 on p. 19). According to ( C Q 4 ), a choice quantifier dis-tributess over alternative composition. According to ( C Q 5) sequential composition distributess from the right over choice quantification, provided Ylx bas no effect onn the second argument of the sequential composition (cf. ( G A 3) in Table 2.2). Accordingg to ( C Q 6 ), a choice quantifier £^. distributes over conditionals if x does nott occur free in the condition.

Lemmaa 5.7 U(A,S),p =$ q^Y,xP ^ XL ?

Proof.. If (*) p » p + q, then we have the deduction

E * PP « £ * ( * + « ) by(*)

* £ * ?? + £ * * by(CQ4);

thiss proves the lemma.(DATA )) and (BOOL) import into our deductive system for pCRL all the data

equationss and all the Boolean equations that can be deduced from the subsidiary dataa specification S. If q can be obtained from p by replacing an occurrence in p off the data expression d by another data expression e such that S h d ~ e, then, accordingg to (DATA) , p « q is an axiom. According to (BOOL), conditionals are equivalentt if S proves the conditions equivalent. The proof of the following lemma showss an application of (BOOL).

Lemmaa 5.8 U(A,S) \-p<\b>p^p.

Proof.. Since $ h b V -p^p<}bt>öp<]bi>p^p<}bt>ö + p<i-'boó by Lcm. 5.5

^^ p <bV ^b> ö by (C5)

%% p < T > S by (BOOL)

*p*p by (CI):

thiss proves the lemma. D

5.11 The deductive system 79 9

Wee may use the above lemma to prove that sequential compositions distribute fromm the right over guarded commands.

Lemmaa 5.9 I I ( . 4 ,S ) \ - p - q6^ (p< \b \>S ) - q .

Proof.. Since S h b V -5^p-q<\b\>5-qp-q<\b>5^p-q<\b\>5-q by (A7)

~~ (p 6) • (q q) by (C6)

«« (p <\ b > 5) • q by Lem. 5.8;

thiss proves the lemma.

Wee shall now show that if pCRL expressions p and q are provably equivalent, thenn p ^ q is valid. We need the following lemma.

Lemmaa 5.10 The relation

&& = {(p, Q) e Polp(D) x Polp(D) | GBPAÓ(„4, D) (= p « q}

respectss the constructs of pCRL.

Proof.. Since the interpretation mappings iv are homomorphisms from Pol(.4,, D) into elements of GBPA^(^l, D), it is routine to show that $ is a congru-encee on Pol(.4, D). So, it remains to prove that $ preserves choice quantifiers and conditionals.. Suppose p $ q. Then p[x := d] $ q[x := d] for all d € D, so

£ ** P = E0>[* == d] | d £ D} i? £{<?[* := d] J d e D} = E , ?

Hence,, # preserves choice quantifiers. Too prove that ê preserves conditionals, suppose that pi # q\ and p2 'd qi- Let

i / b eaa valuation and let iv be the interpretation homomorphism from Pol(.A, D) intoo an arbitrary element of GBPAj(,4, D); it suffices to show that

LLyy(pi(pi < bpol > p2) = tv{qi < öpo/ O <?2).

Wee distinguish cases: Iff ü(bpol) — T, then ^ (pi < bpol t> p2) = ii/(pi ) = t-v(qi) = ^(<7i < bpol > g2). Iff 9(bpol) = _L, then ^ (pi < 6po/1> p2) = ^(^2) = ^(92) = ^( g2). Hence,, $ respects conditionals.

Wee are now in a position to prove the soundness of our deductive system.

Theoremm 5.11 Let S be a data specification, and let D be a model of S. Then, forr all pCRL expressions p and g, 11(^4,5) \- p ~ q implies GBPA^(.A, D) |= p « q.

Proof.. Consider the relation

tftf = {{P: q) e Pol^(D) x Polp(D) I GBPA5(^, D ) (= p « g}.

800 C h a p t er 5 A deduct ive sys tem for pCRL

Byy Lemma 5.10 it preserves the constructs of pCRL, so it is closed under the ruless in Table 5.2. Therefore, i t remains to prove that (p, q) € $ if p ~ q is an instancee of an axiom in Table 5.2. For this we fix an arbi trary valuation v and thee interpretat ion homomorphism iv associated with v from Pol ( .4, D) into an arb i t raryy element of GBPA<s(.4, D), and we prove that tv(p) = Lv(q)-

Sincee every element of GBPA,5(.4, D) is a generalised basic process algebra with deadlock,, it is clear that tu(p) = Lu{q) if p ~ q is an instance of one of (A l ) - (A7 ) .

Too show that iv{p) = tu{q) if p ~ q is an instance of one of (C1) - (C6), one distinguishess cases according to whether the conditions evaluate to T or to 1 underr v. We consider, by way of example, the instances of (C5) and (C6):

(C5)) \iv{b) = T and P(c) = T, then v{b V c) = T; hence, since + is idempotent inn every generalised basic process algebra with deadlock,

ttuu{p{p 8 + p<c>8).

Iff v{b) = T and P(c) = 1, then v{b V c) = T; hence, since tv{8) = S iss a neutral element for + in every generalised basic process algebra with deadlock, ,

ttvv{p{p <\ bV O ö) = Lv(p)

== Lv{p) + iv{6)

== ty{p <b\> 5 + p < c\> S).

Thee case where P(ft) = _L and 0(c) — T is symmetric to the previous case.

Uü(b)Uü(b) — and v(c) = _L, then P(& V c) = X; hence, since + is idempotent inn every generalised basic process algebra with deadlock,

ttvv(p(p <] & V c > 5) = iv{5) = iu{8) + LV{8) = Lv(p <b\>8 + p< c\>8).

(C6)) If v{b) = T, then

iivv{{p{{p q) ( r < 6 > s)) = iv{p) • Lv{r)

== iu{p • r)

—— Lv(p r <\ b > q s).

Iff P(&) = , then

iivv{(p{(p <3 ft O q) • (r s)) = iv(q) • LU{S)

== iv{q • s)

== iv(p • r q s).

Too show that tu(p) — tv{q) if p sa q is an instance of one of ( C Q 1 ) - ( C Q 6 ), onee employs the axioms ( G A 1 ) - ( G A 3) of generalised basic process algebras with deadlock.. Again by way of example, we consider the instances of ( C Q 3) and (CQ5): :

5.22 Tree forms revisited 81 1

( C Q 3)) We get by induction on the structure of pCRL polynomials that

(*)) t„(p[x := v{d)\) = Lu(p[x := d}).

Itt enables us to make the following derivation:

^ ( £ . P)) = £ K b [ z : = d ] ) | d € D}

== ZMP[* - d]) I d € D} + Lv(p[x := ü(d)]) by ( G A I )

(v(d)(v(d) is, after all, an element of D)

== £ K ( p [ * ••= d]) | d E 0} + Lv{p[x := d]) by (*)

== ^(ExP + pfc:= dD-

(CQ5)) If a; £ FV(g), then (*) tl/(g[a; := d]) = t„{q) for all d € D, so

^ ( ( E** P) " ?) = £ K ( P [ * := dj) | d € D} 6,(9)

== E M M * := d]) iu(q) | d € D} by ( G A 3)

== ZMP[X •= d]) " iu{q[x := d]) | d 6 D} by (*)

Forr (DATA) , suppose that d and e are data expressions such that S \- d ^ e; then, sincee D is a model of S, v{d) — P(e), and hence

t„(p[: rr := d\) - t„(p[a; := P(<f)]) = iv{p[x := P(e)] = t„(p[z := e]).

Forr (BOOL), suppose that b and c are Boolean expressions such that S h 6 ?» c; wee distinguish cases: if P(6) = T, then, since D is a model of 5, also 9(c) = T, so

iivv(p(p <\b> q) = i„(p) = iv{p < c t> q);

otherwisee P(b) = _L, whence also 9(c) = _L, so

t„( pp < 6 > tf) = i„(g ) = iv{p < O q).

Thee proof is of the theorem is now complete.

5.22 Tree forms revisited

Byy Theorem 5.11, the deductive system II(«4,5) may be used to circumvent the techniquee of Example 5.1, and to give a formal proof of the validity of a pCRL equation.. We shall now illustrate this by giving a formal proof of the result, obtainedd in Section 3.5, that each pCRL expression is equivalent to the tree form associatedd to it by the function 6. First, we present three lemmas in which we derivee the correctness of the auxiliary functions 0seq, #Cnd and #Sum-

Lemmaa 5.12 II(.4, <S) h 0se(l(t, u) ~ t • u for all tree forms t and u.


Proof.. By ( C Q 2) we may assume, without loss of generality, that the bound variabless in t are distinct from the free variables in u1; we show by induction on tt that 0seq(t, u) ~ t • u is derivable. Iff t = ö, then 9seq{t7 u) = 6 « t • u by (A7). Iff t = J2x t* ^ b >S, with t* — a or t* — at' for some action expression a and some treee form t', then, by the induction hypothesis and (A5), a • 8seq(t', u) « (at') u; hence e

6>seq(£,, w) w 5Zx > <5

~~ E* (** < * > <*)" by Lem. 5.9 ww i u by ( C Q 5 ).

Iff £ = t' -+- £", then 0seq(t, u) ~ t • u by the induction hypothesis and (A4). D

Lemmaa 5.13 U(A,$) \~ @Cnd{t,b) ?s t <\ b t> S for every tree form £ and every Booleann expression b.

Proof.. By ( C Q 2) we may assume, without loss of generality, that the bound variabless in t are distinct from the variables in 6; we show by induction on t that #cnd( ^ b) ~ t Ö is derivable. Iff t = <5, then Öcnd(£, b)=S^S5 by Lemma 5.8. Iff t = J2x l* < c > ^ t h en

0cnd(*,, b) « £- (£* « c o <5) « 6 > £ by (C3)

&t'£&t'£££66 by (CQ6)

«« t < 6 > 5 by (CQl).

Iff f = t' + *" , then

00CCnd(t,b)nd(t,b) « t ' < & > £ + £" < ]6o5 by (IH)

» ( * '' + *")<&>(< $ + <5) by (C4) «« t < 6 > J by (A6).


Lemmaa 5.14 II(.4,5) \~ Osum(x,t) « J2X t for every tree form t and variable x.

Proof.. We show by induction on t that 0sum(x, t) « Ylx ^ '1S derivable. Iff t = «5, then 0sum(x, t) = S « £ E i by (Cql). Iff i is a simple tree form, then ösum(x, t) = ^2X ^ by definition. Iff t = t' + £", then #SUm(£, 0 ~ Ex * by the induction hypothesis and (CQ4). D

St r i c t lyy speaking, the renamings that are needed to achieve this ought to be incorporated in thee definition of Öseq, and ( C Q 2) justifies such a modification.

5.33 Relative completeness 83 3

Now,, we can also derive the correctness of 9.

Lemmaa 5.15 (Tree forms) H{A,S) \~ 0(p) « p for every pCRL expression p.

Proof.. We prove the lemma by structural induction on p. Iff p — <5, then 8(p) = p by definition. Iff p is an action expression, then 0(p) =p<\T\>S?zpby (CI). Iff p = p' + p", then 9{p) = 9{p') + 9(p") ~ p by the induction hypothesis. Iff p — p' - p", then 9(p) « p by Lemma 5.12 and the induction hypothesis. Iff p = p' <j 6 > p", then

0(p)) ~ 6>(p') < 6 > 5 + 0(p") < - b t> 5 by Lem. 5.13

«« p' < 6 ><5 + p" < -> b > 5 by (IH)

«« p' < 6 > p" by Lem. 5.5.

Iff p = ^ p', then 9(p) « p by Lemma 5.14 and the induction hypothesis. D

5.33 Relative completeness

Thee main purpose of our deductive system n(„4,S) is to formalise those parts off validity proofs that are independent of specific properties of D. Reasoning aboutt D is entirely delegated to the subsidiary system «S, and incorporated in aa straightforward manner via (DATA ) and (BOOL). The previous section shows aa typical application of U(A,S): the lion's share of the deduction consists of applicationss of ^-independent axioms; in the deduction of Lemma 5.9, which is usedd in Lemma 5.12, a property of D is needed, namely that b V -> b « T for every Booleann expression b, and it is incorporated via (BOOL). Mindful of its particular purpose,, we shall now analyse the adequacy of our deductive system.

5.3.11 Data requirements

First,, we formulate three requirements on S and D, which together ensure that «S iss sufficiently powerful to infer all the properties of D needed to establish that a pCRLL equation is valid.

Clearly,, if a is a unary parametrised action symbol and d and e are data ex-pressionss such that D (= d sa e, then a(d) % a(e) is valid. Similarly, if a is an actionn expression and b and c are Boolean expressions such that D \= b a* c, then a<\b>Sâ<lc>5isa<\b>Sâ<lc>5is valid. This brings us to the first requirement:

(I)) S must be a complete specification of D.

Notee that if S and 5' are both complete specifications of D, then the deductive systemss U(A,S) and Ii(A,S') are equally powerful; i.e., they prove exactly the samee equations. To abstract from the particular choice of axioms for D, we shall henceforthh write II(,4, D) to refer to some instance II(.4, S) of our deductive system withh a complete specification S of D; in deductions of II(.4.,D), we shall write D ( = ( i « ee and D | = i i « c instead of $ h d « e and S h b w c, respectively.


Inn Chapter 4 we established a correspondence between the pCRL theory of D (i.e.,, the set of valid pCRL equations) and the first-order theory of D. The other twoo data requirements serve to upgrade the set of Boolean expressions so that it hass full first-order expressiveness.

Examplee 5.16 We take as data the natural numbers with a binary operation (m,n)) i—> mn for exponentiation, a binary operation (m,n) i—> m mod n, which yieldss the remainder of m on division by n, and a unary relation P such that P(n)) = T if, and only if, n is prime. Then

a(xa(xyy mod y) <1 P(y) O 6 ~ a(x mod y) < P(y) t> ö

iss valid by Fermat's Littl e Theorem: if p is prime, then np = n (mod p). If we assumee that there is also a binary relation eq(m, n) such that eq(m,n) = T if, andd only if, m = n, then we may express Fermat's Littl e Theorem by the Boolean expression n

—>P(y)—>P(y) V eq(xy mod y, x mody).

Ourr second requirement is:

(II )) D must have equality (cf. Definition 4.3, p. 54).

Examplee 5.17 In the data algebra R of Example 3.5 an equality relation eq is definablee as eq(ri, X2) = ri < r2 A r2 < ri.

Inn Chapter 4 we proved that, for every first-order assertion <p about D, there is aa pCRL equation p % q such that D (= tp if, and only if, GBPAs(A, D) |= p « q (cf. Theoremm 4.17). That is, for every true first-order assertion about D there exists a validd pCRL equation that essentially depends on it. In the light of our stance that reasoningg about D should be entirely delegated to the subsidiary system S, every suchh first-order assertion about D should be expressible within <S. We now give a criterionn that ensures that every first-order assertion about D is equivalent to a Booleann expression.

Definitio nn 5.18 A data algebra D has quantifier elimination if there exists for everyy first-order formula ip an open formula ip such that FV(<p) = FV ) and

DD |= tp <-> ij).

Recalll that every open first-order formula is a Boolean expression. If D has quan-tifierr elimination, then, in view of Proposition 4.2, there exists a mapping

thatt associates with every first-order formula cp a Boolean expression @(ip) such that t

D,, v (= 9? if, and only if, D,f (= (3(<p) ~ T.

Ourr third requirement reads:

5.33 Relat ive comple teness 85 5

(EQ)) &(di,...,dn) <eq{duel) A A e q ( 4 , en ) >S ^^ a ( c i , . . ., e„) < eq(d i, ex) A A eq(d„, en) O 5

( Q E)) £x p < & > < S « p < / ? ( ( 3 a ; ) & ) l > <$ i f x ^ F V ( p )

Tablee 5.3: Ext ra axioms for a da ta algebra with equality and quantifier elimination

(III )) D must have quantifier elimination.

E x a m p lee 5.19 By a classical result of Tarski (1951) the algebra R of Example 3.5 hass quantifier elimination.

5.3.22 C o m p l e t e n e ss

Requirementss (II ) and (III ) demand a certain additional expressiveness of the Booleans.. To make use of this addit ional expressiveness in deductions, we need to addd axioms for conditionals according to the schemata in Table 5.3.

Wee denote by n ( .4, D)gq the deductive system that consists of 11(^4, D) with thee axioms of Table 5.3 added. I t is complete in the following sense.

T h e o r emm 5.20 If D has equality and quantifier elimination, then

U{A,U{A, D)^q h p « q if, and only if, GBPA5{.4 , D) |= p « q

forr all pCRL expressions p and q.

Lett us first prove the implication from left to right:

L e m maa 5.21 If D has equality and quantifier elimination, then

I I ( .4 ,D)3qq \- p^ q implies G B P A ^ D ) |= p « q


Proo f.. In view of Theorem 5.11 it suffices to verify the validity of the axioms inducedd by ( E Q) and ( Q E ). Let us fix again an arbitrary valuation v and the inter-pretat ionn homomorphism tv associated with v from Po l ( . 4 ,D) into an arbi trary elementt of GBPA$(.A, D ). We prove the soundness of ( E Q) by a case distinction onn P(eq(di, ei)) A A P(eq(d„, en)) : Iff P(eq(di, ei) A A eq(dn, en)) = T, then D{di) = 9{et) for all 1 (en) )

== i „ ( a ( e i , . . . , e „ ) ),


andd hence

iil/l/(a(di,(a(di,...,..., dn) < eq(du ei) A A eq(d„, en) t> 6) =

i „(a(ei, . ... , en) <eq(d i ,e i) A A eqfck, e„) > 5):

Onn the other hand, if p(eq(di, ei) A A eq(c , en)) = _L, then

iivv(a{di,(a{di, ...,dn)< eq(di, ei) A A eq(dn, en) > 6) = L„{8) =

^ (a fe i , . . .,, en) <eq(di, ei) A A eq(c^,en) C> 5).

Forr ( Q E) note that if x g FV(p). then iu{p[x := d]) = t„(p) for all d 6 D, and hence e

LL"(Hx"(Hx P <bt> S) = J2{LAP) I d G D such that ü(b[x := d]) = T} .

Iff P(/3((E3:E)&)) = T, then the set on the right-hand side is {t„{p)}, so that

^ ( E ** P S) = ^ ( P) = ^ (P < /?((3x)6) D> J);

otherwise,, the set on the right-hand side is empty, so that

^(E ** P O b > S) = L»(ö) = 1AP < ^ (W O > S)-

Soo n (A D)|f is sound with respect to GBPA$(„4, D). D

Thee other implication of Theorem 5.20 we prove by induction on the depth of sequentiall nesting in p and q\ we inductively define a mapping # from pCRL expressionss to natural numbers by

#(* )) - 0; # ( a ( d j , . . .,, dn)) = 1 if a is a parametrised action symbol of arity n;

# ( PP 9) = # ( P )+ # (?);

#(PP + 9) = # (p < & > 9) = max{#(/>), #(?) }; and

# ( E , P)) = #(P)-

I tt is easily deduced from the definition of 6 on p. 45 that #(p) > #(#(p)) for everyy pCRL expression p. Moreover, sequential nesting depth is preserved under applicationss of (Al) , (A2) and (A6) (i.e., if there is a deduction with p ss q as conclusionn that merely consists of applications of these axioms, then #(p) = #(<?))Hence,, and by Lemma 5.15, we may throughout the proof always replace a pCRL expressionn by a provably equivalent ordered tree form (cf. (3.7) on p. 46).

Lemmaa 5.22 For every pCRL expression p there exists an ordered tree form t suchh that I I ( A D ) \- p tn t and #(p) > #(<).

Inn particular, it suffices to prove the implication from right to left of Theorem 5.20 onlyy for ordered tree forms. Furthermore, by (Al ) and since GSPAs(A, D) (= p « q


impliess GBPA^(^., D) f= p =4 q, q =4 p, it is enough to show that for all ordered treee forms t and u

G B P A ^,, U)\=t4u implies II(.A , D) |q h t 4 u. (5.8)

Iff t = S, then (5.8) is immediate by (A6). UtUt = ti-\ h tm for some ra > 0, then GBPA^-A, D) |= t% ^ u for all 1 < i < m. Iff we would know in addition that 11( 4, D) |q h U ^ w for all 1 S and u = U\ H + Un (ui simple for all 1 l , D) |= U 4 u% for all 1 S,2 and

qq = <7i + <fc, where qx = Y^x,y in(a;)out(y) < y < - 2x > 5 and

922 = Ex,y in(x)out(y) < y < x > J.

Notee that a;2 < —2x if, and only if, — 2 < x < 0, and x2 < x if, and only if, 00 < x < 1 (see Figure 5.1 on the next page). We now split p into two pCRL expressions s

PiPi — E i ^ n ( x ) o u t ( l 2 ) <] - 2 < x < 0 t> c>, and

pipi = X ^ in(x)out(x2) < 0 < x < 1 >ó.

Then,, since P( -2 < x < 0) = T implies GBPAÂ D), v \= in(x)out(x2) ^ qly

GBPA,s(AD)|=pii ^«1

and,, since i>(0 < x < 1) = T implies GBPA ( 4, D), v |= in(x)out(x2) =<; 92,

GBPAÓ(AD)) h P 2 ^ 9 2-

Sincee R (= ( -2 < x < 1) « ( -2 < x < 0 V 0 < x < 1), L1(A D) has the following deduction: :

VV ~ Ex in(x)out(x2) < d - 2 < x < O V O < x < l [ > (5 by (BOOL)

( in(x)out(x2)) < - 2 < x < 0 t >5 \ ++ by (C5)

in(x)out(x2)) <0 < x < 1 > S ) ^pi+p^pi+p22 by (CQ4).

22rr < s < t abbreviates the Boolean expression r < s A s < t, and x2 abbreviates x • x.

Chapterr 5 A deductive system for pCRL

Figuree 5.1: Graphical rendering of the correlations between input (x) and output (y)) as defined by the pCRL expressions p, qi and qi of Example 5.23.

Thee pCRL expression p of the preceding example has been split by means of thee Boolean expressions — 2 < x < 0 and 0 < x < 1. These Boolean expressions characterisee precisely the sets of real numbers r such that in(r)out(r2) < gi, and suchh that in(r)out(r2) < g2, respectively. In general, to split a simple tree form tt = y \ t* 5 into n simple tree forms t\,... ,tn given the hypothesis that GBPA,5(.4,D)) |= t ^ u\+- •- + un, we shall use Boolean expressions b\,..., bn which respectivelyy characterise the valuations v such that GBP As (A. ID) •i' \= t* =<; %.

Definitio nn 5.24 Let p and q be pCRL expressions; a p-simulation condition for qq is a Boolean expression b such that, for every valuation v,

D.. v (= 6 ss T if, and only if, G B P A 5 ( A D ) , F |= p ^ q.

Examplee 5.25 In the setting of Example 5.23, the Boolean expression

- 22 < x < 0

iss an in(r)out(r2)-simulation condition for q\, and the Boolean expression

00 < x < 1

iss an in(r)out(r2)-simulation condition for 52-


Thatt there exist ^-simulation conditions bi,.,.,bn for ui,...,Un, respectively, followss from Theorem 4.10 on p. 61 in combination with our assumption that D hass equality and quantifier elimination.3

Theoremm 5.26 If D has equality and quantifier elimination, then, for any two pCRLL expressions p and q, there exists a ^-simulation condition for q.

Proof.. Since D has equality there exists, by Theorem 4.10, a first-order formula (p(p such that D,v \= (p if, and only if, GBPA^( l , D), v \= p =<; g, and since D has quantifierr elimination there exists a mapping (3 from first-order formulas to Boolean expressionss such that D, v {= @(<p) % T if, and only if, D, v j= ip; this proves the theorem.. D

Byy the theorem above, each of the properties (4.4)-(4.12) that we have derived inn Section 4.2 may be reformulated as properties of simulation conditions: (4.4) sayss that T is a 5-simulation condition for u; (4.5) says that if b' is a ^'-simulation conditionn for u and b" is a f "-simulation condition for u, then b' A b" is a t' + t"-simulationn condition for u; etc. Henceforth, we shall frequently validate properties off simulation conditions by referring to (4.4)-(4.12). For the remainder, it is convenientt to introduce an abbreviation: for Boolean expressions b and c we write DD h b ^ c if

D,, v \= b ~ T implies D, v |= c « T, for every valuation v.

Thenn we have the following lemma.

Lemmaa 5.27 For all Boolean expressions b and c,

DD |= b ^ c if, and only if, D |= c « c V 6 if, and only if, D (= b w b A c. (5.9)

Proof.. The second "if, and only if," is a well-known property of lattices (see, e.g.,, McKenzie et al, 1987), and every Boolean algebra is a lattice. We prove the firstt "if, and only if,".

"if "" Suppose D |= b ^ c, and let u be an arbitrary valuation. Then, if v{c) — T, alsoo v(c) V 9(b) = T, and conversely, if v(c) — _L, then also v{b) — _L, since ü(b)ü(b) = T implies v(c) = T, so v(c) V v(b) — _L

"onlyy if" Suppose D |= c ^ c V 6, and let v be a valuation such that v{b) = T; thenn also v(c) = T since P(c) = 9(c) V 9(b). D

3Strictlyy speaking, the results of Chapter 4 are about the algebra T D ( - 4 ) , and we ought to ap-plyy Corollary 3.16 to translate them into results about GBPA,;(.4, D); we leave such applications off Corollary 3.16 implicit.


Thee following lemma is a straightforward consequence of Lemma 4.5.

Lemmaa 5.28 Suppose that p — Y^xP* ö and q are pCRL expressions, and supposee that {x} D FV(#) = 0. If b* is a p*-simulation condition for q, then

GBPAd(.A,, D) f= p 4 q if, and only if, D |= b 4 b*.

Lemmaa 5.29 (Split Lemma) Suppose D has equality and quantifier elimina-tion. . Iff t and wi , . . ., Un are simple tree forms such that GBPA ( 4, D) |= t 4 u\+- • - + Un, thenn there exist simple tree forms t\,..., tn such that #(£) > #(£i),

U{A,T>)U{A,T>) \- t « h 4- \-tn, and GBPA<s(„4,D) \= U 4 u, (l<i<n).

Proof.. Suppose t = ]T)- t* S, with t* = a or t* = at'. Iff n — 0, then u\ + + un — 5 by convention, so it is enough to show that Il(.4,, D) I- t pa S. Since _L is a £*-simulation condition for S (cf. (4.7) on p. 56), wee get by Lemma 5.28 that D |= b ss . This justifies the following deduction:

* * E i ' * < 1 > < 55 by (BOOL)

« E ^ o T o * ** by(C2)

*£* ** by(ci)

«« 5 by (CQl).

Forr the remainder of the proof we assume n > 0 and {x} n FV(UJ) = 0 for all 11 6 (1 #(£*) Since D |= b A bt ^ (b A bi) A bi, we may conclude byy (5.9) that T> \= (b A bi) 4 ^, so, by Lemma 5.28, GBPA$(.4,D) \= U 4 w» forr all 1 < i < n. It remains to show that LT( 4, D) h £ ~ ti 4- 4- tn. Since &xx V V bn is a ^-simulation condition for u\ + 4- Un (cf. (4.8) on p. 56) and GBPA<j(.4,D)) \= t 4 u\ + • • • + Un, we obtain by Lemma 5.28 and (5.9) that

DD |= b « b A (&i V V bn) sa (6 A 6^ V V (b A bn).

Consequently,, we have the following derivation:

tt ^ ^2st* < (b A b^ V • • • y (b A bn) > ö by (BOOL)

~~ E x ( r <bAb1t>ö+---+t*<bAbn>ö) by (C4)

«« ii 4- + tn by (CQ4).



Byy means of the Split Lemma we have reduced the proof obligation for (5.8) to thee case where both t and u are simple expressions. As an il lustration, let us first finishh the proof that we began in Example 5.23.

E x a m p l ee 5.30 Let p, p i , p2, #, q\ and </2 be as in Example 5.23. Wee want to prove LT(.4, D) h p ^ q; for this it is, by (A l ) and (A2), enough to show II(.4 ,, D) h pi ^ q{ for i = l , 2. For i = 1 we use that ü ^ - 2 < x < 0 ^ x 2 < -lx (seee Figure 5.1), and we derive

V\V\ ~ Y.x in(:r)out(:r2) < x2 < -2x > ö by ( B O O L)

^^ Y,x y in(x)out(y) < y < -2x > S = qx by ( C Q 3 ), Lemma 5.7.

Forr i = 2 a similar deduction can be given, using that T)\=0<x<l~x2<x.

Actually,, that T> \= ~2 < x < 0 ^ x2 < —2x is not essential for the first step off the above deduction. According to the following lemma, it would have been enoughh that T>\=-2<x<0^.x2< -2x.

L e m m aa 5.31 If D (= b ^ c, then 11(^4, D)\-p<\b>54p<c>5.

Proof.. If D |= b =4 CJ then, by (5.9), D |= c ~ c V b, so that we may derive

pp < c > Ö sa p < cV 6 > J by ( B O O L)

»p<]c[><!>> + p< ]& [> £ by (C5);


Forr the application of ( C Q 3) in the second step of the deduction in Example 5.30 i tt is crucial that the pCRL expression in(x)out (x2) < x2 < —2x \> S is obtained fromm the pCRL expression m(x)out(y) < y < —2x t> 5 by substi tut ion of a data expressionn (a;2) for a variable (y). In general, there may not be an appropriate da taa expression to facilitate an application of ( C Q 3 ).

E x a m p l ee 5 .32 We take, again, as data the algebra R of Example 3.5, and con-siderr the pCRL expressions

pp = J2X fn(x)out(x) < 0 < x \> 5, and

?? = Ex,y in(x)out(y2) < y2 < x > 6,

Thatt GBPAs{A, R) \= p =4 q essentially follows from the fact that r = ( v ^ ) 2 for everyy nonnegative real number r. To give a formal deduction of p ^ q similar to thee one in Example 5.30, we would need a data expression yfx that satisfies

ü{\fx)ü{\fx) = y/u(x) for every valuation u such that 0 < u(x). (5.10)

Givenn the language of R, it is clear that if v : X —» R is a valuation that assigns ann integer to each variable, then ü(d) is also an integer. Hence, since, e.g., \/2 is nott an integer, a data expression d that satisfies (5.10) does not exist.


Nevertheless,, the "result of substituting yfx for y" in a pCRL expression r is, in aa semantical sense, expressible; we define

rhrh := v^H = E y r < eq(j/2-2") > S.

Notee that, since D |= eq(y2,x) ^ (y2 < x), by (C3), (5.9) and (BOOL)

(in(x)out(y2)<]y22 <x>S){y:=^ « J2y in(x)out(y2)< eq(y2,x) >S. (5.11)

Hence,, since D \= (0 < x) w /3((3y)eq(y2,x)), we get

n (AD) e3

qq h p « £x( in(x)out(y2) < y2 < x > 5){jy := v^R-

fromm the deduction

pp « Ea. in(x)out(x) < /3((3j/)eq(y2,a;)) >S by (BOOL)

££ in(x)out(x) < eq(y% x) > ö by (QE) 'x,y 'x,y

~~ Ex v in(x)out(y2) <! eq(y2, x) O Ó by Lem. 5.6(h) and ( E Q)

«« ^ ( m ( x ) o u t ( y2 ) < y2 < x > S^y := v 7 ^ by (5.11).

Sincee D (= eq(y2,x) ^ (y2 < x), we get, by Lemma 5.31. that

U{A,U{A, D)e3q h I^(m(x)out(y2) <3 y2 < x > ö)$y := v ^ H 9,

soo it follows that II(.4, D ) |q h p ^ q.

Notee that, in the above example, eq(y2, x) is an in(x)out(x)-simulation condition forr in(x)out(y2), and P((3y)eq(y2,x)) is an in(x)out(x)-simulation condition for q. Intuitively,, we use these simulation conditions to prove p equivalent to a semantical substitutionn instance of J2x in(x)out(y2) < y2 < x D> S. We shall now generalise thiss technique so that it proves (5.8) for all simple expressions t and u. Suppose thatt GBPAÂD ) \= t 4 u with

tt = Y^jx t* S and u = ^ - u* <\ c D> 6.

Wee proceed in two steps: we shall first prove that II(.4, D)^q h t ^ u under the hypothesiss that I I ( A D) |q h t* < b* D> 5 » u* < ft* t> S, where b* is a i*-simulation conditionn for u* (Lemma 5.34), and subsequently we shall prove the hypothesis (Lemmaa 5.39). We need a lemma about conditionals.

Lemmaa 5.33 If D |= b ^ c, then

n(.4,, D), p<c>ötaq<c>5\-p6xiq6.

Proof.. If D [= ft ^ c, then, by (5.9), D |= ft % b A c, so if

( * ) p<c [><5«g< ]c [>£, ,

thenn we have the following derivation

p6^(p<c>S)Sp6^(p<c>S)S by (BOOL), (C3)

«« (g < cO 5) < ft > S by (*)

%g<f t r>óó by (C3), (BOOL);


5.33 Relat ive completeness 93 3

L e m m aa 5.34 Suppose that t = J2s t* ö and u — £ - u* <\ ct> 6 are simple treee forms such that GBPA^(^4 , D) |= t 4 u, and let b* be a £ "-simulation condition forr u*; then

U{A,U{A, D ) |q , t* < b* o S « u* < b* > 5 h t 4 u.

Proof .. There is no loss of generality in assuming that

{£ }} H (FV(w) U {y}) = 0 and {j?} n (FV(i ) U {£} ) - 0

(otherwisee we first do some renamings of variables by means of ( C Q 2 ) ). Byy Lemma 4.6 on p. 56, 0((3y)(b* A c)) is a ^"-simulation condition for u, so,

byy Lemma 5.28, D |= b 4 P{{3y)(b* A c)). Hence, if (*) t* < b* >6 & u* <b* >6, then n

MM £ * ** < P{{^y){b* Ac))>5 by Lem. 5.31, Lem. 5.7

« £ * £ * ' * < & ** A O * b y ( Q E)

w £ ^ £ ^ u * < 6 ** A c > (5 by {*) , Lem. 5.33

^^ £ x £ y u* < c l > ** by Lem. 5.31, Lem. 5.7

- E y u + < c > ^^ by (CQl);

thiss proves the lemma. D

I tt remains to prove that n(*4,D)gq h t* < b* > 5 ^ u* < b* >S if 6* is a T-simulationn condition for u*. Let us first deal with the case that t* and u* are bothh action expressions. Recall that with every two action expressions a and a' wee have associated a Boolean expression eq(a, a') (see Definition 4.7 on p. 57); it iss an a-simulation condition for a'.

L e m m aa 5.35 Let a and a1 be action expressions; then

Tl(A,Tl(A, D)gq \~ a< eq(a, a') > (5 « a' < eq(a, a') > 5.

Proof.. Let a = a(<f i , . . ., dm) and a' = a ' ( e i , . . ., e„); there are two cases: Iff a = a' and m = n, then eq(a, a') = eq(di, ei) A A eq(dn, em) ; hence,

aa < eq(a, a') > J

== a ( d i , . . ., <£„) < eq(di, ei) A A eq(d„, em) t> S

«« a'(ei, . . . , em ) < eq(dl t ei) A - A eqfc , em) > 5 by ( E Q)

== a' <] eq(a, a') t> Ö.

Otherwisee eq(a, a') = _L, so that we get

aa < eq(a, a') > S % S w a' < eq(a, a') [> <5

byy ( B O O L ), (C l ) and (C2). D

94 4 Chapterr 5 A deduct ive system for pCRL

Next,, suppose that t* and u* are both sequential compositions, say t* — at' andd u* = a'u'\ we want to prove that

U(A.U(A. D)'* 1 I- r < ft* > 8 ^ v* < ly t> 5.

Byy Lemma 5.6(h). we may distribute the simulation condition ft"1 over the se-quentiall compositions, and since D f= ft* ^ eq(«. a'), we get by Lemma 5.35 and Lemmaa 5.33 that

I I ( AA D ) " 1 h o < 6 * > ( ) ' « a' < ft* t> d'.

I tt remains to prove that

I I ( A D ) ^^ h t' < ft* >S « -«' « ft* O 5:

wee shall see that this can be established by means of the induction hypothesis. However,, before we may apply the induction hypothesis, we need to establish that

GBPAd(AA D) |= t' <3 ft* > S % u' < ft* > 8.

Thee following definition is helpful in this respect.

Def in i t i o nn 5.36 Let p and q be pCRL expressions: a bisimulation condition for pp and q is a Boolean expression ft such that, for every valuation ZA

T>.v\=b^TT>.v\=b^T if. and only if. GBPAd-(AD) . v \= p * q.

Clearly,, if ft is a /^-simulation condition for q and c is a (/-simulation condition for p.p. then ft A c is a bisimulation condition for p and </, so we get as an immediate corollaryy to Theorem 5.26 that there exists a bisimulation condition for every two pCRLL expressions.

Coro l la r yy 5.37 If D has equality and quantifier elimination, then, for any two pCRLL expressions p and q, there exists a bisimulation condition for p and q.

L e m m aa 5.38 If ft is a bisimulation condition for p and q, then

GBPAd-(AA T>)\=p6*q6.

Proof .. Let v be a valuation and let tv be the interpretation homomorphism associatedd with v from P o l ( A D ) into an arbi trary element of GBPA<$(AD). Iff 0(b) = T, then, since ft is a bisimulation condition for p and q, tu(p) = tu(q): h e n cee iv(p <\ ft \> 8) — tl/(p) — t„(q) — tv(q <\ ft > 8).

Onn the other hand, if 0(b) — _L then iu(p <\ ft o 8) — iu(8) = iu(q <3 ft E> 8). D


So,, if b' is a bisimulation condition for t' and u', then, by the preceding lemma, wee may apply the induction hypothesis to obtain

TL(A,TL(A, D)* q h t' < b' > S « u' < 6' > 5.

Inn the next lemma we show how 11( 4, D ) ^ \- t* < b* > 6 & u* < b* > 6 then follows. .

Lemmaa 5.39 Let b* be a £*-simulation condition for u*.

(i)) If t* and w* are action expressions, then

U{A,U{A, D ) ^ h t* < b* > 5 « u* < ft* > S.

(ii )) If £* = at' and u* = a'u' and 6' is a bisimulation condition for t' and u', then n

n (AA D ) ^ , i ' < ft' > d" « w' < 6' ><5 h t* < b* > S « u* < 6* > S.

(iii )) If i* = at' and u* is an action expression, or t* is an action expression and u*u* = a'w', then

n ( AA D) |q h r < &* > 5 w «* < &* > <5.

Proof.. If £* and u* are action expressions, then b* is a bisimulation condition forr t* and it* (cf. (4.10) on p. 57), so, by Lemma 4.8 on p. 57, D \= b* « eq(T, «*). Hence,, we conclude (i) by Lemma 5.35 and (BOOL).

Iff £* = ai' and u* — a'u' and b' is a bisimulation condition for t' and u', then D h ^ NN eq(a, a') A ft' (cf. (4.11) on p. 57), whence D ^ N eq(a, a'), 6* ^ b'. Fromm D |= 6* ^ eq(a, a') we conclude by Lemma 5.35 and Lemma 5.33 that

U(A,U(A, D)* q h a < fc* > 5 « a' < 6* > S; (5.12)

fromm D (= b* =<! 6' we conclude by Lemma 5.33 that

II(.4,, D) |q, t' < 6' ><5 « u' < 6' ><5 h t' < 6* C> 6 « u' < b* > J. (5.13)

So,, if (*) t' <1 b' > ö ~ u' <1 b' > &, then we can make the following derivation:

t*t* <\ b* \> S ÏZ (a < b* \> S)(t' <b* > ö) by Lem. 5.6(h)

«« (a' < 6* O 5){u' <lb*> S) by (5.12), (5.13)

£z£z u* <1 b* [> Ó by Lem. 5.6(h);

thiss proves (ii) . Iff t* — at' and u* is an action expression, or t* is an action expression and u* —

a'u',a'u', then D f= b* « J_ (cf. (4.12) on p. 57); hence t* < b* > 6 & ö & u* < b* > S byy (BOOL), (CI) and (C2); this proves (iii) . Ü


Wee have now established all the necessary facts that are needed to prove Theo-remm 5.20; let us now put everything together.

Prooff of Theorem 5.20. The implication from left to right is by Lemma 5.21; forr the implication from right to left we prove that

GBPAd(AD )) \=tû implies U{A,U)e3q h t =$ u (5.14)

forr all ordered tree forms t and u (this is enough by Lemma 5.15); we proceed by inductionn on #(£) + #(«)

Firstt we consider the case that t and u are both simple tree forms; suppose thatt t = YJX t* <S b> Ö and u = £ - u* < c ><5. By Theorem 5.26 there exists a ^-simulationn condition b* for u*, and for the implication (5.14) it suffices to prove

n(.4,, D)* q \-t* <b*>ÖKu*<b*>6; (5.15)

forr then, (5.14) follows by Lemma 5.34. To see that (5.15) holds, we distinguish casess according to the syntactic forms that t* and u* may take:

1.. If t* and u* are both action expressions, then we get (5.15) by Lemma 5.39(i).

2.. Suppose t* — at' and u* = au'. By Corollary 5.37 there exists a bisimulation conditionn b' for t' and u'; by Lemma 5.38

GBPAó-(„4,, D) |= t' < b' > 6 « u' < b' > Ö.

Lett t" and u" be ordered tree forms, provably equivalent to t' <J b' > Ö and u'u' o b' t> <5, respectively; by Lemma 5.22 we may assume #(£") < #(£*) and # ( M " )) < #(«*), so we obtain by the induction hypothesis that

IT (AD) e3

qht"" W ,

andd hence

I I ( AA D) |q h t' < 6' D> (5 « u' <3 6' o <S.

Wee now get (5.15) with an application of Lemma 5.39(ii).

3.. If t* — at' and u* is an action expression, or t* is an action expression and u*u* = a'u'. then we apply Lemma 5.39(iii) to get (5.15).

Hence,, (5.14) holds for simple tree forms. To prove that (5.14) holds for all tree forms,, we proceed by distinguishing cases according to the syntactic form of t\

1.. If t — 6, then (5.14) is immediate by (A6).

2.. If t is a simple tree form, then it remains to consider the case that u is not simple,, so suppose that u = ux H \- v^ for some n ^ 1, and suppose that GBPAa(.A,D)) (= t ^ u. We apply the Split Lemma (Lemma 5.29) to split t intoo n simple expressions t\,..., tn such that # ( i ) > # ( ^ ),

U(A,U(A, D) h t « ix + + £n, and G B P A ^, D) (= ^ ^ u,- (1 < i < n).


Itt follows that n ( A D ) |q I- U 4 ik for all 1 2 and with each U (1 < i < m) a simple treee form, then GBPA5(„4,D) \= U =$ u for all 1 < i < m. It now follows fromm the previous case (2) that n(.4,D)gq \~ U =4 u tor all 1 < i < m, and hence,, by (A2), n ( A D ) ? \-t ^ u.

Thiss completes the proof of Theorem 5.20.

Remarkk 5.40 With the inclusion of ( E Q) and ( Q E) (see Table 5.3), the axioms (DATA )) and ( C Q 3) have become redundant. This follows from Theorem 5.20 and thee observation that the proof of this theorem does not involve applications of thesee axioms. Note that (DATA ) and ( C Q 3) are the only axioms of our deductive systemm in which the general notion of 'substituting an arbitrary data expression dd for x in p' is used; (CQ2) only involves a simpler variant, that of 'substituting aa variable y for x in p. Thus, by deleting (DATA ) and ( C Q 3) from Ii(A, D)^q we gett a deductive system for pCRL that is conceptually simpler. We shall return to thiss issue in Chapter 6.

5.3.33 Skolem expressions

Recalll the deduction of pi ^ qi in Example 5.30; it does not involve ( Q E ). In-stead,, it uses ( C Q 3 ), and the fact that in(x)out(;r2) < x2 < -2x>6 is obtained by substitutingg x2 for y in in(a:)out(y) < y < -2x > S. We have remarked that such aa deduction cannot be generalised to prove that

GBPAt f(AD)) h t ^ u implies n (^ ,D)gq h t 4u

forr all simple tree forms i = £ )- i* < 6 >J and u = ^ - M+ <l c > S. For, t* 6 mayy not be a substitution instance of u* O c > S, because the appropriate data expressionss to substitute for the y are not available (see Example 5.32).

Ourr stance in this chapter has been that questions about data that arise when provingg that a pCRL equation is valid in GBPA5(.4, D), should be delegated to the subsidiaryy deductive system for the data. Perhaps we should expect that it also providess the data expressions needed in the circumstances described above? We shalll now prove that if we do, then ( Q E) becomes redundant. We strengthen our requirementt (III ) that D has quantifier elimination, adapting a definition from Changg and Keisler (1990).

Definitionn 5.41 Suppose that D is a data algebra and consider a first-order for-mulaa <p with FV(^J) - {x} = {xi,...,xn}. A data expression d = d(xi,...,xn) (thee variables with an occurrence in d must be among the x\,... ,xn) we call a Skolem,Skolem, expression 4 for (3x) v?[z := d]. 4Changg and Keisler (1990) call it a "Skolem function".


Wee say that D has Skolem expressions if it has a Skolem expression for every first-orderr formula. If D is a data algebra with Skolem expressions, then Sk(x. <p) denotess a Skolem expression for (3x)tp.

Examplee 5.42 We expand the data algebra R of Example 3.5 with a function sqrtt : R —> R such that

^/^/ \ f \ft if r > 0: and S q r t ( r)) = \ 0 oth. otherwise. .

Thee data expression sqrt(x) is a Skolem expression for the formula (3y)eq{y2, x) (cf.. Example 5.32); for, (sqrt(r))2 = r if, and only if, r > 0.

Iff D has Skolem expressions, then we may define a mapping j3 from first-order formulass to Boolean expressions by

/3{r(d/3{r(duu........ dn)) = r(rfi,. . . , 4 ):

B{<pB{) = ƒ?(</?) V 0{ij))\ and

6((3x)^)6((3x)^) = 3(^)[x^Sk(x.p)}.

Iff ^ is a first-order formula, then

DD (= (3x)p <- <p[x := Sk(x,v3)].

(Thee implication from left to right is valid since Sk(x, p) is a Skolem expression forr (3x)<p\ the other implication is trivial.) Hence, (p and 3{ip) are equivalent, and moreover,, 3 yields a formula from which all quantifiers have been eliminated, i.e., 3(ip)3(ip) is an open first-order formula. So. we get the following proposition.

Proposit ionn 5.43 If D has Skolem expressions, then it has quantifier elimination.

Wee now show that ( Q E) can be deduced within II(.4, D) if D has Skolem ex-pressions. .

Lemmaa 5.44 If D has Skolem expressions, then, for every Boolean expression b,

U(A,U(A, D) h J2X P ö ~ p < .3((3x)b) > Ö, provided that x £ FV(p).

Proof. .

(=<;)) Since D |= 3((3x)b) ss (3((3x)b) V 6, we have the following derivation:

pp < 0{{3x)b) >Ö^Y,xp< P{(3x)b) >S by (CQl)

~ExP< /3 ( (3x )6)) V b>S by (BOOL)

&Y,&Y,xx{P<0((3x)l>)>6{P<0((3x)l>)>6 + P6) by (C5)

~Y,~Y,xxP<P((3x)t>)>6P<P((3x)t>)>6 + 1£lxp6 by(CQ4)

«« p<l3{(3x)b) >ó + J2.rP<b[>ó J2.rP<b[>ó by (CQl).

Consequently,, U(A. D) h Y,x V S ^ p < /i((3.r)&) t> <5.


(;>=)) Clearly, S[x :— d] = 6, and since x g. FV(_p), p — p[x := d}; so

5252xxp6mY!p6mY!llxPxP<i<ib>5b>5 + p<b[x:= Sk(ar, b)] > 5

== E a ; P < l è c > 5 + ^ < ] /#((3 : r)è) > S

iss an instance of C Q 3.

Hence,, n ( / , D) \-p < P((3x)b) > 6 4 E i P < 6 > 5-

Itt follows that n ( ^ , D) r - £a . p < & i > < 5 « p< 0{(3x)b) > 6. D

Lett us denote by H(A, D)eq the deductive system that consists of 11( 4, D) to-getherr with ( E Q) from Table 5.3. By Proposition 5.43 and Lemma 5.44 we get the followingg corollary to Theorem 5.20.

Corollar yy 5.45 If D has equality and Skolem expressions, then

n ( ^ , D )eqq h p « q if, and only if, G B P A ^, D) |= p « g



Ponsee (1991) proves relative completeness of a proof system for deriving partial correctnesss assertions about processes.

Hennessyy (1991) advocates the idea of designing a deductive system for value-passingg processes in which reasoning about data is factored out as much as possible. Hiss deductive system is for a version of value-passing CCS, and he proves a relative completenesss result with respect to a model based on Acceptance Trees (Hennessy, 1985).. This work was continued by Hennessy and Lin (1996), who present a seriess of deductive systems that are proved relatively complete for finite processes moduloo a series of symbolic bisimulation equivalences (Hennessy and Lin, 1995), andd subsequently extended to settings with recursion, by Hennessy and Lin (1997) andRathkee (1997).

Thesee deductive systems are designed to infer sequents of the form

bt>p^bt>p^ q,

meaningg that the equation p « q holds for every valuation v such that v{b) = T. Thus,, in our terminology, the sequents correspond to pCRL equations of the form

p<]b>Sïzq<]bl>S. p<]b>Sïzq<]bl>S.

Wee have already seen in Section 4.4 that value-passing CCS, having input prefixing ass a primitive instead of choice quantification, is strictly less expressive than pCRL. Everyy equation of expressions of value-passing CCS corresponds to a universal first-orderr formula, and every universal formula is logically equivalent to a Boolean expressionn (with free variables). This explains why Hennessy and Lin (1996) only needd our first two requirements (that the presupposed subsidiary deductive system


allowss the inference of all valid data equations and all valid Boolean equations, andd that D has equality) is needed to obtain a relative completeness result.

Thee technique of splitting expressions by means of conditions (cf. our Split Lemmaa on p. 90) seems to be standard in settings with operations that involve choicee quantification over a certain domain (e.g., input prefixing, choice quantifi-cation,, integration), but it may appear in different guises. Our form of splitting iss with respect to some other pCRL expression. Hennessy and Lin's proof shows a similarr kind of splitting. Also Parrow and Sangiorgi (1995) use this kind of split-tingg in completeness proofs for their axiomatisations of early bisimulation and earlyy congruence in a 7T-calculus-like setting. Fokkink and Klusener (1995), on thee other hand, associate with every process expression of a variant of real time ACPP with prefix integration a unique partition of intervals of real numbers, and splittingg is with respect to this partition. They use splitting to reduce each process expressionn to a normal form. Since these normal forms are unique, it follows that theirr set of axioms is complete.

Grootee and Ponse (1994) have proposed a formal framework for //CRL in which reasoningg about data and reasoning about processes is fully integrated. In their framework,, a property of a fiCRL specification is expressed, roughly, as a Boolean combinationn of data equations, Boolean equations or /uCRL equations. The basis off their deductive system is a hybrid between (classical) natural deduction (but withoutt the rules for existential and universal quantifiers), and equational logic. Axiomss are added in a modular fashion. For instance, there is a module called pCRL,, which contains (Al)-(A7) , ( C Q 1 ) - ( C Q 5) (see Table 5.2), and

PP ~ Q ~> Ex P ~ E* Q-

Notee that this implication corresponds to our (CoNG(yj )). Too facilitate reasoning about Boolean expressions and data expressions with

(free)) variables, Groote and Ponse include induction schemata based on a presup-posedd set of constructors. In particular, for Boolean expressions, they include the laww of the excluded middle ^(& ?«T) -^ (ft fï 1 ). Thus, the soundness of their deductivee system hinges on the assumptions that the data algebra is minimal, and thatt there are no more than two Booleans. In contrast, our deductive system is alsoo usable if the data algebra is not minimal (cf. Remark 3.10 on p. 35). If the dataa algebra happens to be minimal, then, since Boolean expressions and data expressionss may contain variables, our requirement that $ is a complete specifi-cationn of D implies that S is inductively complete (i.e., it admits the inference of alll valid equations that can be proved by means of structural induction).

Grootee and Ponse only demonstrate the soundness of their deductive system; theyy do not address the issue of completeness. In fact, completeness would take aa different form in their setting, since their deductive system allows the inference off Boolean combinations of equations (in particular, negations of equations). So, too get a complete system, it would be necessary to also add axioms such as, e.g., -i(a-i(a « a'p) for all action expressions a and a', and for every /xCRL expression p.p. Then, to prove the result, one would still need similar requirements about the dataa as we presented at the beginning of Section 5.3, except, perhaps, that the


firstt requirement could be relaxed to ground completeness5. Thee completeness result presented in this chapter may be reused to obtain com-

pletenesss results in related settings. For instance, Groote and Luttik (1998b) considerr pCRL expressions modulo branching bisimulation. They add the stan-dardd laws for branching bisimulation (Van Glabbeek and Weijland, 1996) to the deductivee system U(A, D)^q and then show that every pCRL expression is prov-ablyy equal to a compact expression. Since compact pCRL expressions p and q are branchingg bisimilar if, and only if, p « q is valid, it follows from the results in thiss chapter that the resulting deductive system is relatively complete. By means off a similar technique, Luttik (1999a) has obtained relatively complete deductive systemss for pCRL expressions modulo weak-, delay-, and ^-bisimulation. Likewise, Vann der Zwaag (2000) and Groote et al. (2000) have proved that with respect to theirr deductive systems for timed versions of pCRL and ^.CRL, respectively, each expressionn is provably equal to a so-called well-timed deadlock-saturated expres-sion,, and that two such expressions p and q are timed bisimilar if, and only if, pp « q is valid in GBPA^(^4, D). Thus, also in their settings, relative completeness followss from our result.

5AA data specification is ground complete if all valid data equations without variables and all validd Boolean equations without variables can be deduced.

6 6

Algebraicc pCRL

Wee now have a formal system to reason about elements of generalised basic process algebrass with deadlock. Taking a sequence A of parametrised action symbols and aa data algebra D with equality and quantifier elimination as parameters, it has twoo ingredients:

1.. a set of meaningful expressions (here: the set of pCRL expressions), and

2.. a deductive system (here: the deductive system 11( 4, D) |q) .

Thee axioms of the deductive system are all in the form of equations, and its inferencee rules closely resemble the conventional rules of equational logic. The temptationn to qualify our formal system with the adjective 'algebraic' is therefore hardd to resist. However, from an algebraic point of view, it is not wholly satis-factory.. What is unsatisfactory about it, is best illustrated in comparison with aa related deductive system that we do consider satisfactory. We enter a minor digressionn and review the situation in the theory of basic process algebras with deadlock. .

I tt is not unusual to present the theory of basic process algebras with deadlock in thee following manner. One starts with the declaration of an alphabet A of constant symbolss that serves as a parameter of a formal system. The set of meaningful expressionss of this formal system consists of the terms that can be built from the elementss of A, another constant symbol 5, and binary function symbols -+- and ; lett us, for the moment, use the symbol V to denote this set. The deductive system associatedd with this formal system has as axioms the equations generated by the schemataa (A1)-(A7) in Table 5.2 on p. 75, and as inference rules the first five rules listedd in Table 5.2 (i.e., (REFL) (CONG(.))), with the meta variables ranging over V.V. We write BPA^(A) h p w q if the deductive system permits a deduction that hass the equation p « q as conclusion.

Whatt is algebraic about this formal system? For one thing, the set V is in a naturall way the universe of an algebra

P e== OP,+,-,£},

Ass an immediate consequence of the inference rules of the deductive system asso-ciatedd with BPA^(A), the relation

•Q•Q = {(p, q) e V x V | BPAj(A) hp^q}

103 3

104 4 Chapterr 6 Algebraic pCRL

iss a congruence on Pe. Butt there is a more profound reason why we may rightfully call it algebraic.

Notee that each of the schemata (A1)-(A7) associates with Pe a binary relation:

(Al)p ee = {{P + q,q + p)\p1qeV};

(A2)Pee = {{p + {q + r).{p + q) + r) \p,q,r£V};

(A7)Pee = {(5-p,6) \P£V}.

Inn these definitions, the occurrences of +, and S may be understood as referring too the algebraic structure of Pe, instead of to the syntactic structure of V. This makess them essentially independent of the syntactic structure of the elements of V\V\ the only thing that matters is that V is the universe of an algebra Pe with two binaryy operations + and -, and with a distinguished element ö (e.g., Pe could just ass well be the set of pCRL expressions with +, and 5 defined as before, or it could bee the set of natural numbers with addition, multiplication, and the distinguished naturall number 0).

Thatt the schemata (A1)-(A7) make sense independent of the (syntactic) nature off the elements of "P, that is what makes this formal system genuinely algebraic. Wee define that an arbitrary algebraic structure A — (A, +, , Ö) satisfies (Al)-(A7 ) iff each of the relations ( A 1 ) A ~ ( A 7 )A is included in the identity relation on A. The congruencee $ induced on the algebra Pe includes each of the relations (A l )p e-(A7)pe,, and from this it is easily concluded that the quotient algebra P e /$ satisfies (A1)-(A7).. Incidentally, among the algebraic structures that satisfy (A1)-(A7), P e /$$ is a special one, namely a free one with as free generators the congruence classess that contain an element of A.

Soo much for our digression, let us return to our earlier convention that V denotes thee set of pCRL expressions associated with A and D. It seems quite natural to conceivee V as an algebraic structure

Pee = (P, +, , <5, £ x , )xex,beB-

Whatt we mean, is that Pe is an algebraic structure with binary operations + and -,, and a distinguished element <5, and that it is further equipped with a sequence off unary operations ]> indexed by a set of variables X, and with a sequence of binaryy operations indexed by a set of Boolean expressions B. Additional justificationn for this point of view is provided by the fact that the relation

&& = {(p, q) (z>PxV\ n ( A D ) ? hp^q}

iss a congruence on Pe, due to the inference rules of II(»4, D)^q. Thee proper question to ask next, is whether the axiom schemata of our deductive

systemm make sense for arbitrary algebraic structures with two plus a ^-indexed sequencee of binary operations, an X-indexed sequence of unary operations, and aa distinguished element. From our earlier remarks it is clear that the schemata (A1)-(A7)) make sense, and about the schemata (C1)-(C6), (BOOL) and (CQ4)

Chapterr 6 Algebraic pCRL 105 5

similarr remarks can be made. The remaining schemata deserve a more careful examination. .

Considerr the axiom schema (CQl). It associates with Pe the binary relation

(CQl)pee = { ( £ x P , p) I P e P and x € X such that x <£ FV(p)} .

Thee difficulty is manifest: the definition of the relation (CQl)pe involves the predicatee x £ FV(_), and thus it refers to a syntactic property of pCRL expressions. Similarr difficulties arise when we consider the schemata ( C Q 2 ), ( C Q 5) and ( Q E ).

Thee schema ( C Q 3) reveals another kind of difficulty, which it shares with ( C Q 2) andd (DATA) . The binary relation

(CQ3)pee = { {E 1P>ExP + P [ j : : = r f ] ) | P ^ 1 ^ 1 a nd d € V)

dependss on a particular syntactic accordance between p and p[x := d]. To com-pletee our inventarisation of difficulties: the schema (CQ6) refers to a syntactic propertyy of a condition, and the schema ( E Q) refers to a syntactic relation be-tweenn action expressions and a condition.

Havingg identified the algebraically unsatisfactory axiom schemata, we may won-derr whether they tell us anything at all about the quotient algebra Pe/-d. One sourcee of algebraic dissatisfaction was a proviso with the predicate x $ FV(_). Notee that x ^ FV(^ ; r p) for all pCRL expressions p, so if we replace p by £ ] x P in ( C Q I ) ,, then we may safely omit the proviso; the quotient algebra Pe/i? satisfies thee schema

(CQi)'' E x E x P * E x P-

Similarly,, ( C Q 5) may be transformed into

(CQ5)'' (ZXP)-(ZXQ)*T,X{P-ZX1)-

Notee that, in view of ( C Q I ), replacing uq such that x £ FV(</)" by E x Q m ( C Q 5)

doess not really result in a weaker schema. In the same manner, ( Q E) may be broughtt into an algebraically more pleasant (but equivalent) form.

Wee have found the algebraic counterpart of the statement "x ^ FV(p)"; it correspondss to saying that "p is a pCRL expression that satisfies E x P ~ P"- ^n

thee present chapter we shall deal with the other algebraically unsatisfactory aspects ass well, with the goal of finding a complete, and purely algebraic characterisation off the quotient algebra Pe/#. At this point we lack the language to explain the algebraicc counterparts of the other difficulties mentioned above. Nevertheless, theree is an underlying idea that deserves mention ahead of things: if x does not occurr in d, then

I1(AA D)gq h p[x := d] « J2X P < eqOz, d) > 5 (see Corollary 6.11 below).

Thiss will be used to eliminate the notion of substitution from the schemata con-cerned. .

Beforee we move on to lay out the algebraic framework in which our project iss to be carried out, it is appropriate to make two further remarks regarding


thee conditional. The first remark concerns its arity. We have announced that thee conditional gives rise to a sequence of binary operations indexed by Boolean expressions.. But actually, as a brief glance on earlier chapters will readily reveal, wee have a strong preference for conditionals in the form of guarded commands (i.e.,, with 5 in the position of its right argument). To make our preference official, thee algebras to be defined wil l be equipped with a sequence of unary guarded commands,, instead of a sequence of binary conditional compositions.

Thee other remark is about the index set. To make our treatment still more independentt of syntax, and thus more algebraic in spirit, we use as indices the elementss of an algebra, rather than the expressions of a language. Naturally, this algebra,, say B, should be a Boolean algebra. Furthermore, this is a good moment too take advantage of our experience. We have argued that, in view of the results off Chapter 4, there are good reasons to require full first-order expressiveness of thee Booleans (see the beginning of Section 5.3). Therefore, we shall require in additionn that B is equipped with a sequence of unary operations (3x) (one for everyy x E X) and that it contains a sequence of distinguished elements eq(x, y) (onee for every two x,y G X), so that B is a cylindric algebra. Cylindric algebras havee been introduced by Tarski and others, and they stand to first-order predicate logicc with equality in the same relation as Boolean algebras stand to propositional logic. .

6.11 Lj-dimensional basic process modules

Considerr the generalised basic process algebra with deadlock TD(„4) introduced in Sectionn 3.4. We have shown that it is a pCRL-complete generalised basic process algebraa with deadlock (i.e., an element of GBPA,$(„4, D)), and hence suitable as a semanticss of our formal system. As a matter of fact, it is an initial element of the classs GBPAj(^4, D) (cf. Theorem 3.15 on p. 40). In Section 3.3 we have explained howw a pCRL expression p together with a valuation v denotes a unique pCRL tree Lu(p),Lu(p), via the interpretation homomorphism iv : Pol(„4, D) —> TD(.4).

Lett us now fix, for the remainder of this chapter, a particular enumeration (withoutt repetitions) of the variables

XX = x0,xi,...,xk,... (k<u).

I tt gives rise to a one-to-one correspondence between valuations and elements of thee cartesian power D^ (precisely: the valuation v corresponds to the element iy(xo)iy(xo)iiv(xi),v(xi),...,..., i/(xfc),... (k < u) of Dw). It requires only this minor shift of perspectivee to regard a pCRL expression p as a finite specification of the function fromm D^ into T D ( - 4 ) that associates with every valuation v the pCRL tree tv{p).

Sincee T D ( . 4 ) is initial in GBPA^X, D), and since Tl(A, D)gq is sound and com-pletee with respect to GBPA^(^4, D), two pCRL expressions are provably equivalent if,, and only if, they specify the same function. This gives us a mathematically at-tractivee alternative for the elements of Pe/#; we may view them as functions fromm D^ into Tr>(A). It is also convenient to be a littl e more general. Let AA = (A, +, -,6, J2) De the maximal generalisation of an arbitrary basic process

6.11 u-dimensional basic process modules 107 7

algebraa with deadlock (A, + , , S). We consider

j r = ( D " ^ A ) , ,

thee set of all functions from D^ into A. An element do,d i , . .. ,dfc,... {k < to) off Dw we call a point, and we denote it by {dfc} ; for each i < w, dj is the ith coordinatecoordinate of {d fc} . An element of T assigns a process from A to each point, and mayy thus be thought of as an u;-dimensional Cartesian space with in each point a processs from A. We denote by 6 the space that has 5 in each point, and we define pointwisee binary operations + and on T. That is, for all F,G G T and for all {d{dkk}} e Dw,

(F(F + G)({dk})=F({dk})+G({dk}),

(F-G)({d(F-G)({dkk})=F({d})=F({dkk})-G({d})-G({dkk})tmd })tmd

6({d6({dkk})}) = S.

Wee could now proceed to define on JF a generalised operation ]T, also pointwise, butt we prefer an alternative that makes use of the extra structure of T. We write {dfc}} ~i {efc} if the points {d^} and {efc} agree on each coordinate except possibly thee ith, i.e.,

{djt }} ~i {ek} if, and only if, dk = ek for all k G UJ - {i}.

Thee set of all points {e/J such that {dfc} ~j {e^} we shall henceforth refer to as thee line through {dfc} parallel to the ith coordinate axis. We associate with every ii < u) a partial unary operation s : T — T such that

(SïF)({dfc} )) - E W W } ) I K } ~< K} } ;

SiSi is defined on F provided that, for all {ók} G Dw, the set {F({e fe} ) \ {ek}~i{dk}} iss admissible for ^ in A. That is, the operation st replaces the element in every pointt {dk} by the generalised sum of all the elements on the line through {dfc} parallell to the ith coordinate axis; we call s the projective summation along i. Notee that if F = SiG for some G G T, then the elements of A on the line through aa point {d fc} G D^ parallel to the ith coordinate axis are all the same; formally:

{d{dkk}} ~< K } implies F({dfc} ) = F({efe}) , for all {d fc} , {efc} G Dw. (6.1)

Iff F G T satisfies (6.1) we call it uniform along i. Thee operations s (i < u) satisfy the equalities in Table 6.1 with p and q

rangingg over T. We shall not detail a proof of this; what we shall do is give some intuitions.. According to (Csl), projective summations commute; the composition SjSjj is the transformation that replaces the element in every point {d* } G Dw by thee generalised sum of the elements at the points {ek} such that {ek} ~* {dfc} orr {ek} ~j {d fe} . If F G T is uniform along i, then, since Y^{P} = P m every GBPA ,, applying s to it has no effect; this explains (Cs2) and (Cs6), since s F andd stö are both uniform along i. According to (Cs3), F < s F with respect too the partial order < induced on T by -f; this is an immediate consequence of

108 8 C h a p t err 6 Algebraic pCRL

(Csl) ) (Cs2) ) (Cs3) ) (Cs4) ) (Cs5) ) (Cs6) )

SiSjP SiSjP

S,SiP P

XX + s^

Si(pp + q)

Sj(p-s,-q) )

SiS SiS

== SjSiP

== SiP

== s2p == Sjp + s,q

== s,p s,q == 6

Tablee 6.1: The axioms for the projective summations in an to-dimensional basic processs algebra with deadlock (i.j < UJ).

( G A I )) in Table 2.2. By (Cs4), projective summations distr ibute over alternative composit ions,, an immediate consequence of the fact that

£ { P '' + p" | p' e P', p" e P"} = E P' + E P"

inn every generalised basic process algebra with deadlock. To understand why (Cs5) iss valid, first note that, by definition,

{si{F{si{F s,G))({df c} ) = E W ( e / J) (*C?)({efc} ) \ {ek} ^ {dk}}.

Sincee (s;G) is uniform along i, (sjG)({ejc}) = (sjC)({dfc} ) for all {e/J such that {efc}} ~2 {dfc},so

(si(F(si(F • s,G))({df c} ) = E ( ^ ( {e f e} ) (s?G)({d fc} ) | {efc} ^ {d , } } .

W i t hh an application of ( G A 3 ) we may pull out (szG)({dfe} ) in the right-hand side too obtain (sî7 slG)({dji}).

D e f i n i t i onn 6.1 An UJ-dimensional basic process algebra with deadlock is an al-gebraa P = (P, +, , J, Si)t<ul that consists of a basic process algebra with deadlock (P,, +, -,ö) (see Table 2.1 on p. 17) together with a sequence

s0.S i,, sfc (k < UJ)

off unary operat ions that satisfy the equalities in Table 6.1 for all p,q 6 P. For ii < UJ, the operat ion s is called the ith projective summation.

Wee shall see later that the projective summations just introduced correspond to thee unary operat ions that choice quantifiers induce on the set of pCRL expressions moduloo provable equivalence. We now wish to define on JF unary operations that correspondd to guarded commands. We have already announced that we would like too incorporate them as a sequence of unary operations indexed by the elements of aa cylindric algebra. Let us first recapitulate a few basic facts and intuitions from thee theory of cylindric algebras (see the books of Henkin et al. (1971, 1985) for a thoroughh t reatment ).

6.11 ü>dimensional basic process modules 109 9

(BAl ) ) ( B A 2 ) )

( B A 3 ) )

( B A 4 ) )

( B A 5 ) )

(BAl ' ) ) ( B A 2 ' ) )

( B A 3 ' ) )

( B A 4 ' ) )

( B A 5 ' ) )

aa V (b V c) bb V c bb V (b A c) aa V (b A c) b V ^ b b

aa A (b A c) bb A c bb A (b V c) aa A (b Vc) b A - b b

== (a V b) == c V b == b == (a V b) == T

== (a A b) == c A b -- b == (a A b) == _L

Tablee 6.2: The axioms of Boolean algebras.

Thee idea of conceiving pCRL expressions modulo provable equivalence as func-tionss from Dw into TD(*4 ) has an analogy for Boolean expressions modulo equiva-lencee in D. Accordingly, a Boolean expression b may thought of as a specification of aa function from D^ into the two-element Boolean algebra. We consider a Boolean expressionn & as a specification of the set of valuations under which b evaluates to TT (this amounts to the same thing), and proceed to consider the powerset of Dw.

Definitio nn 6.2 A Boolean algebra is an algebra (B,V,A,-i,T,_L) that satisfies forr all a, b, c 6 B the equalities in Table 6.2.

Itt is well-known that the powerset of any set is the universe of a Boolean al-gebraa with V, A, -i as (set-theoretic) union, intersection and complementation, respectively,, and with the entire set as the distinguished element T and 0 as the distinguishedd element _L (see, e.g., Koppelberg, 1989). We consider the powerset off Dw as such a Boolean algebra, and additionally, we correlate with every i < UJ aa unary operation ct on the powerset of Dw such that for all U C D^

dUdU = {{dfe} e Dw | there exists {ek} e U such that {ók} ~* {efc}} .

AA set U C Dw such that {dk} G U implies {e^} £ U for all {efc} ~i {dfc} , is called aa cylinder parallel to the 2th axis or, for brevity, an i-cylinder. The operation Cj iss called the ith. cylindrification; when applied to the set U C Dw, it yields the i-cylinderr cJJ swept out by all translations of U parallel to the ith coordinate axis.. Furthermore, we treat, for every i,j < OJ, the set

ddl3l3 = {{d fc} G Dw | di - dj}

ass a distinguished element. The set d^ is called a diagonal element; it consists of alll points whose ith coordinates are equal to their j t h coordinates. The cylindri-flcationss and diagonal elements satisfy the equalities in Table 6.3, and this makes thee powerset of D^ into an o;-dimensional cylindric algebra.

110 0 Chap terr 6 Algebraic pCRL

(CM) ) ( C A 2) )

( C A 3) )

( C A 4) )

( C A 5) )

( C A 6) )

(CA7) )

=bb V c,b = Cjb cz(bb A Cib;) = c^b A c^b' C_-- ï t_< -1 U — C_- Ti Ks i \J

d«« = T iff i / jf, fc, then dj f c — c^(dji A d2fc) iff z T^ j , then cz(dj j A b) A Cj(d?J A -> b) - _L L

Tablee 6.3: The axioms for cylindrifications and diagonal elements in an UJ-dimensionall cylindric algebra (i,j,k < UJ).

D e f i n i t i o nn 6.3 An u>-dimensional cylindric algebra is an algebra

CC = (C,V,A,- ,T,_L,c i ,d i j - ) i i j < Ü J

t hatt consists of a Boolean algebra (C, V, A, ->, T, _L) (see Table 6.2), with unary operat ionss Cj : C —> C (i ) and distinguished elements d - G C (i,j < UJ) thatt satisfy the axioms in Table 6.3 for all b, b' G C. The operations o,x are called cylindrificationscylindrifications,, and the elements d^ are called diagonal elements.

Thee theory of cylindric algebras has been designed for the purpose of algebraising first-orderr predicate logic with equality. To il lustrate the correspondence between thee i t h cylindrification and the existential quantifier (3a?j), let U be the set of all valuationss under which the Boolean expression b evaluates to T. If {d^ } G CiU, thenn there exists a valuation {e^} G U such that {d^ } ~* {^k}', the formula (3xl)b evaluatess to T under any such valuation {d^} . Conversely, if (Bxi)b evaluates to TT under the valuation {dk}, then there exists a valuation {e^} ~£ {dfc} such that bb evaluates to T under {e^} , so {d^} G CiU by definition. There is a similar corre-spondencee between the diagonal element d^ and the Boolean expression e q ^, Xj); dijdij consists precisely of those valuations under which eq(xl1 x}) evaluates to T.

Wee now combine the theory of cylindric algebras with that of cj-dimensional basicc process algebras with deadlock. If p is a pCRL expression, describing a functionn F from Dw into T o (-4), and b is a Boolean expression, describing a subset UU of D^, then the pCRL expression p<\ b t>6 describes the function G from Dw into T D ( . 4)) such that G({dk}) = F{{6k}) if {d fc} 6 U, and G{{dk}) = S otherwise. Wee associate with every U C Dw a transformation U\—> on T that replaces the elementt in a point outside U by 6 and leaves the points in U unchanged, i.e.,

Wee contend that the transformations U\—> satisfy the equalities in Table 6.4 with pp and q ranging over T. The verifications are fairly straightforward; we shall only discusss ( G c 9 ) - ( G c l l ).

Too demonstrate the validity of (Gc9), let U C D^ and F G JF, and consider a linee I parallel to the i t h coordinate axis. Note that it suffices to show that the

6.11 u;-dimensional basic process modules 111 1

(Ge l )) T : ^ p = p (GC5) b:^S =6 (Gc2)) p =5 (Gc6) b :^ (p + q) = b : ^ p + b:-^q (Gc3)) b V c : - » p = b : ^ p + c : ^ p (Gc7) b:->(p q) = ( b : - *p ) -q (GC4)) b : - (c : -»p) = b A c : - > p (Gc8) (b:-> p) q = { b : ^ p) ( b : - q)

(Gc9)) Si(b:-*Sip) = c^b:^s p (GclO)) Sj(cjb:-+p) = Cib:^SiP

( G c l l )) if i / j , then dij:^si(dij:^ p) = d ^ : - >p

Tablee 6.4: The axioms for the guarded command in an ^-dimensional basic process

modulee over C (i,j < to and b, c e C ).

setss (si(U:—>SiF))(£) and (ciU:^slF)(£) are singletons and equal. Since SjF is uniformm along i, (siF){£) is a singleton, say (siF)(£) = {a} with a an element of A .. Now there are two cases. If U contains a point on £, then C{U contains every pointt on £, so (aU:^SiF)(i) = {a} . To see that also {sl{U:^slF)){£) = {a} , observee that an application of [/:— has the effect of replacing perhaps some, butt certainly not all elements on £ by S, i.e., (£/:— SjF)( ) = {6,a}, and that aa subsequent application of s* replaces every element on t by ]T ] {^ a} - Since X]{<5 ,, a} = a in A , it follows that (SJ([/ :—»SiF))( ) = {a} . In the other case, U doess not contain a point on £, so that ct£7 does not contain a point on £ either, whencee (ciU:-+SiF)(£) = {S}. To see that also {sl{U:-^slF)){£) = {£} , note thatt an application of £/:— has the effect of replacing all elements on £ by <5, i.e., (U:^SiF)(£)(U:^SiF)(£) = {Ö}; since £ { £ } = S in A , it follows that ( S l ( £ / : ^S ïF ) ) ( £) = {Ó}.

Next,, we want to demonstrate the validity of (GclO). To this end, we assume thatt £ƒ C Dw and F € J7, and we consider a line £ parallel to the i th coordinate axis.. Note that CjU, being an ^-cylinder, either contains every point on £ or no pointt on £ at all. In the first case, (CiU:—> F)(£) = F(£), whence

(Sl(c^:^F))( )) = {£F(m

andd also

{ciU-.^SiFW){ciU-.^SiFW) = (SlF)(£) = { £ F ( £ ) } .

Inn the second case, (ciU:^SiF)(£) = {<5} , and also (ciU:^>F)(£) = {<$} , whence,

sincee £ { J } = ó i n A - MaU:^ F)){£) = {Ó}.

Wee assume i / j , and prove the equality of ( G c l l ) . Consider a line £ paral-lell to the i th coordinate axis. The effect of df,:—> is that the element in every pointt on £ is replaced by 5, except the element in the single point {dfe} on £ with thee jih coordinate equal to the ith. coordinate (note that for {d^} to be unique i tt is imperative that i ^ j ) , i.e., for all F e J7, (d^-:-» F)({d f c} ) = F({d f c} ) and (d^-:—>> F)({efc} ) — 6 if {e^} is another point on £, distinct from {djt} . The effect of Sii is that each element on £ is replaced by the generalised sum of the set of all the elementss on £. Hence, since ^ { a } = a for every a in A , the composite transforma-tionn s,-d,-j:— replaces every element on £ by the element in {d^} . What mat ters


iss that the element in {d^} is invariant under the transformations Sjdjj:—>, i.e., thatt ( st ( d ^ F ) ) ( { d f c } ) = F({dfc}) . So. (dy:->si (d0-:^F))({d f c} ) = F({ók}), whereass (d^:-^ Si(d^:^F))({efc}) = 5 if {ek} is another point on I, distinct from {dfc} .. We conclude that d^^s^d^-:— »F) = d -:—* F for all F € T.

Definitio nn 6.4 Let C be an w-dimensional cylindric algeba with universe C. An UJ-dimensionalUJ-dimensional basic process module over C is an algebra

PP = (P, + , -, 6, s^ b:-»)t<w, b€C

consistingg of ann a;-dimensional basic process algebra with deadlock (P, +, , S, Si)i<u!

equippedd with unary operations b :^ (b G C) that satisfy the equalities in Table 6.4 forr all p, q £ P. The operations b:—> are called guarded commands and b is the guardguard of b:—+. The class of all ü>dimensional basic process modules over C we denotee by C-BPM^ .

Recalll that the unary operations s on T are partial; their definition depends on thee presence of generalised sums in A . As a consequence, to get a decent algebraic structure,, we need to take a subset of T that is closed under the operations of cylindricc basic process algebras, in particular under Sj for every i < UJ. Let T* be anyy subset of T that contains 6, and that is closed under +, , st (i < u) and £/:—»( Ï /CD W ) ;; then

F** = {ƒ"*,+,- , S, Sj, U:—>)i<0J, t/CD"

iss an cj-dimensional basic process module over the cylindric algebra of subsets of

Remarkk 6.5 The definitions above can be generalised by replacing 'cu' everywhere byy an arbitrary ordinal (Henkin et al. do this for cylindric algebras in their books). Then,, e.g., the theory of basic process algebras with deadlock coincides with the theoryy of O-dimensional basic process algebras with deadlock. We do not need suchh generality here. For the sake of conciseness, we shall often suppress the adjectivee '^-dimensional', adopting the convention that 'cylindric algebra' always meanss 'u;-dimensional cylindric algebra', and that 'basic process module1 always meanss 'u;-dimensional basic process module'. In contrast, 'basic process algebra withh deadlock' will retain its old meaning; if we mean 'u;-dimensional basic process algebraa with deadlock', then we shall always explicitly say so.

6.22 Comparing formal systems

Iff we have an algebraic framework that subsumes a certain formal system, then it frequentlyy provides a convenient context for discussing the correspondence between thiss formal system and other formal systems. In this section we shall encounter twoo examples of this.

Ourr first example concerns the correspondence between the set & of first-order formulass and the set B of Boolean expressions associated with a data algebra D;

6.22 Comparing formal systems 113 3

wee shall discuss it in the framework of cylindric algebras. Consider the set $ of first-orderr formulas associated with D as an algebraic structure

Fmm = {$, V, A, --, T, _L, ci} dij)itj<^

withh c; : $ -> $ defined by ctip = (3^)^?, and di3 = eq{xi,Xj) E $, for all i,j <UJ (wee assume that D has equality). The relation

^ DD = {(<A ^ > ) € $ x $ | D | = }

iss a congruence on Fm, and the quotient algebra satisfies the axioms of cylindric algebrass (as listed in Tables 6.2 and 6.3).

Theoremm 6.6 Suppose that D has equality. The algebra F m / «D is a cylindric algebra;; it is called the cylindric algebra of formulas associated with D.

Proof.. See Henkin et al. (1985) for details.

Next,, consider the set B of Boolean expressions, it is in a natural way the universee of an algebraic structure

B ee = (S,V,A,-. ,T,_L )

similarr to Boolean algebras, and the relation

~DD = { ( M ) e £ x ö | D M ~ c }

iss a congruence on Be. Clearly, the quotient B e / ^D is a Boolean algebra. Recalll that every open first-order formula is a Boolean expression; according to

thee following proposition, the relations *->D and « D coincide on the set of open first-orderr formulas.

Propositionn 6.7 If ip and -0 are open first-order formulas, then

D\=(p<-^>ij)if,D\=(p<-^>ij)if, and only if, D |= ip ~ IJJ.

Proof.. By Proposition 4.2 on p. 53 and (4.3) on p. 54, it suffices to prove that

D ,, v |= (p w V ^ a nd o n l y if' D ' v h (" f v VO A (" v <P) ~ T

forr every valuation v. Too establish the implication from left to right, we assume D((p) = v(ip) and derive

P((-></?? V xp) A (~rip V tp)) = T. Note that -> b V b — T for all b € B, so that we mayy conclude from u(ip) = P( ) that ->P(<?) V ü{tp) = T and ^v{ip) V P(y>) = T. Then,, using the definitions on p. 32, we derive

P((-><££ V i') A {-îpV <p))

== (-«P(<?) V P(i/>)) A (- 9{ip) V P(y>)) = T A T = T.

114 4 C h a p t err 6 Algebraic pCRL

Too establish the implication from right to left, we assume v(<p) =/ P(IJJ) and derivee v{{-> tjj V p>)) = _L Note that, since B has two elements and by thee definition of - \ v{tp) 7 u{ip) implies

-ii i>((^) = Ï>(TJJ) a nd -> P(i/>) = P(</?).

Hence,, since b V b = b for all b G B,

->i>(^)) V P(^) = ^("0) a nd ^^(ip) V (</?) = P(v?)-

Furthermore,, since -> b A b = _L for all b € B,

v{tp)v{tp) A i>((^) - _L.

So,, we get

v((^<pVip)v((^<pVip) A (- -^ Vy?))

== (-P{v?) V P(i/>)) A (-t>(^) V i>(^)) = //(</>) A P(^) = _L

Thee proof of the proposit ion is complete.

Lett us write [b] for the equivalence class of Boolean expressions in B e / wD that containss the Boolean expression b. and [ip] for the equivalence class of first-order formulass in Fm/ * ->D that contains ip. If D has equality, then, by Proposit ion 4.4 onn p. 54, every element [b] of B e / ô contains an open first-order formula. If D hass quantifier elimination, then every element [<p] of F m / « D also contains an openn first-order formula. Hence, we may conclude from the above proposition, t hatt if D has equality and quantifier elimination, then B e / ^ rj and Fm/ f ->D are isomorphicc as Boolean algebras. The isomorphism is given by the association

W W M ,, (6.2)

wheree /J is the mapping that associates with every first-order formula an equivalent Booleann expression (cf. the definition of 0 on p. 84).

Vi aa the isomorphism, B e / ^ rj inherits from F m / ^ n cylindrifications and di-agonall elements such that for all i.j < LO

ccii[b][b] = [0{(3xi)b)]; a nd

dijdij = [eq(xi,Xj)].

Henceforth,, if D has equality and quantifier elimination, then we shall always assumee that B e / ô has unary operations c and distinguished elements dtj sat-isfyingg the requirements in (6.3). Furthermore, for the sake of brevity, we shall wri t ee B instead of B e / ~ D- We summarise the above in the following theorem.


BB = B e / ^ D

iss a cylindric algebra with cylindrifications and diagonal elements defined as in (6.3). .


Thiss concludes our discussion of the correspondence between the first-order for-mulass and the Boolean expressions associated with D. For our second example we returnn to the formal system of pCRL expressions modulo provable equivalence in thee deductive system 11( 4, D)gq. We shall first explain how it is a basic process modulee over B. Then, we shall modify it to the effect that the notion of 'sub-stitutingg an arbitrary data expression d for a variable x in a pCRL expression p' (whichh presently, e.g., occurs in the axiom schemes ( C Q 3) and (DATA) ) is elim-inatedd from the formalisation. It is replaced by the conceptually simpler notion off 'substituting another variable y for x in p\ The resulting formal system also givess rise to a basic process module over B, which turns out to be isomorphic to thee basic process module of pCRL expressions modulo provable equivalence.

Thee set V of pCRL expressions associated with A and D, is the universe of an algebraicc structure

Pee = {P,+,-><S,Si)*<w,

withh the obvious definitions for +, and S, and with the unary operations s (i < to) definedd by

s*PP = J2Xi P-

Thee deductive system Il( v4, D)gq induces, because of its inference rules (see Ta-blee 5.2 on p. 75), a congruence

VV = {(p,q)eVxV\ TL{At D)e3q h p « 9 }

onn the algebra Pe. We write [p] to denote the equivalence class of pCRL expressions moduloo provable equivalence that contains p, i.e.,

\p]={qeV\n{A,T>)f\-p*>q}. \p]={qeV\n{A,T>)f\-p*>q}.

Owingg to (BOOL) and ( C O N G ^ O )) in Table 5.2, we can expand the quotient algebraa Pe /# with unary operations [&]:—> ([b] £ B) defined by

[&]:- [p]=[p<&><5] . .

Thus,, we obtain an algebra similar to basic process modules, the algebra of pCRL expressionsexpressions modulo provable equivalence associated with A and D:

pCRL(.4,, D) = {V/ti, +, -, S, Si, [b]:^)i<0J, {b]€U-

Ourr next task is to prove that pCRL( 4, D) is a basic process module over B. Theree are essentially two methods at our disposal. The first method consists of formalisingg the correspondence between the equivalence classes of pCRL expres-sionss modulo provable equivalence and certain functions from Dw into TD(V4). In thee previous section we have established that any set of functions

JF** C ( D W ^ T D ( ^ ) )


closedd under the operations of basic process modules (with as guards the subsets of Dw)) constitutes a basic process module over the cylindric algebra of subsets of D^. I tt suffices to show that pCRL( 4, D) can be embedded into such a basic process module.. This can be done with an application of the completeness theorem of the previouss chapter (Theorem 5.20 on p. 85). Instead, we use the second method. I tt consists of deriving the validity in pCRL(,4, D) of the axioms of basic process moduless directly, as propositions about the deductive system II(„4 , D) |q .

Theoremm 6.9 The algebra pCRL(„4, D) is an o;-dimensional basic process module overr B.

Proof.. That pCRL(„4 , D) satisfies the axioms of basic process algebras with deadlockk (Table 2.1 on p. 17) is clear by the schemes (A1)-(A7) in Table 5.2.

Wee verify that the unary operations s (i < to) to) in pCRL(.4, D) satisfy the axioms off projective summations (see Table 6.1). For (Csl), we need to show that, for all pCRLL expressions p, sts3[p] = SjSi[p] in pCRL(,4,D). Since x,y & F V f ^ p), we havee the following deduction within 14( 4, D)*^q:

EEyy,,xx P * Ey,x Ex ,y V by (CQ3) and Lem. 5.7 on p. 78

^ E , , y PP by(CQl).

Byy a symmetric argument we may also deduce

^x,y^x,y P ^ Ly,3: P-

Hencee £] x, p and ^2x x p are provably equivalent, so

SiSjfp]] = [T,Xi,Xi P\ = [ E , , I t P] = sjsi[p}-

Forr (Cs2) and (Cs5) the crucial observation is that xi <£ FV(â.. p); because of this,, their validity in pCRL(.A, D) is immediate by ( C Q I) and (CQ5), respectively. Similarly,, since X{ £ FV(£), the validity of (Cs6) in pCRL(„4,D ) follows from ( C Q I ) .. Since p[x := x] = p, the validity of (Cs3) is by (CQ3). The validity of (Cs4)) is immediate by ( C Q 4 ).

I tt remains to verify that pCRL(.4, D) also satisfies (Gc l ) - (Gc l l ). That (Gel) holdss in pCRL(„4,D) is immediate by (CI), that (Gc2) holds follows from (C2) andd (CI), and (Gc3) and (Gc4) correspond with (C5) and (C3). We obtain thee validity of (Gc5) in pCRL(.4,D) by Lemma 5.8 on p. 78, (Gc6) by (i) of Lemmaa 5.6, (Gc7) by Lemma 5.9, and (Gc8) by Lemma 5.6(h) and Lemma 5.9. Sincee Xi £ F V ( £^ p), it follows from (QE) that (Gc9) holds in pCRL(,4,D). We gett from ( C Q I) that 11( 4, D)gq h ^ x . S « S; hence, since xi does not occur in P((3xi)b)P((3xi)b) (cf. Definition 5.18), we obtain (GclO) by (CQ6). For the verification off (Gc l l ) we need the following lemma and its corollary.

Lemmaa 6.10 If d is a data expression and x is a variable, then

H(A,H(A,D)|D)|qq h p < eq{x, d)>6^ p[x := d] < eq(x, d) > 6 (6.4)

forr every pCRL expression p.


Proof.. The proof is by structural induction on p. Supposee that p is an action expression, say p — a(do,. . ., dn-\) with a £ A of arityy n and d — do, . . ., <4i_i a sequence of data expressions. Let eo,.. -, en_i be suchh that &i = di[x :— d] (1 < i < n), and let us denote with eq(d, e) the boolean expressionn eq(do, eo) A A eq(dn-i, en_i). Then, since D |= eq(x, d) ^ eq(d, e), (6.4)) follows from ( E Q) with an application of Lemma 5.33 on p. 92. Iff p = S, then (6.4) is trivial, and if p = p\ + pi or p — p\ • pi, then (6.4) is by Lemmaa 5.6 on p. 78 and the induction hypothesis. Iff p — pi p2, then (6.4) is proved by means of Lemmas 5.5 and 5.6(i) on p.. 77, (C3), Lemma 5.33 on p. 92 and the induction hypothesis. Iff V — Y2 v'i w e m ay assume by ( C Q 2) that y ^ x and that y has no occurrence inn d\ then, (6.4) follows by (CQl), (CQ6) and the induction hypothesis. Thee proof of the lemma is now complete. D

Corollar yy 6.11 If the variable x does not occur in the data expression d, then

Il{A,Il{A, B)e3q h p[x := d] « £ * P < eq(.T, d) > S


Proof.. Note that x <£ FV(p[x := d\) and D |= 0((3x)eq(x, d)) « T. Hence

p\xp\x := d] w p[x := d] < /3((3x)eq(x, d)) D><5 by (CI)

~~ J2XP[X := d\ <eq(x, d) \>5 by (QE) ~~ YlxP ^ eqf i d) O 5 by Lem. 6.10

byy which the corollary is proved.

Withh the above lemma and its corollary we can complete the verification that pCRL(.4,, D) is a basic process module: since i ^ j implies Xi ^ Xj, we have the followingg deduction

(52xi(52xi P <eq{xi,Xj) > 6) <eq(xi,Xj) > S

£z£z p[xi := Xj] O eq(î, Xj) ï> 6 by Cor. 6.11

ww p < eq(xi,Xj) > d by Lem. 6.10.

Hence,, also (Gcl l) holds in pCRL(,4, D), so the proof of the theorem is complete.

Corollaryy 6.11 shows that if d is a data expression, and x is a variable that does nott occur in d, then the result of substituting d for x in the pCRL expression p cann be obtained from p by applications of the constructs of pCRL. We shall now usee this observation to realise a conceptual simplification. We design a formal systemm in which data expressions play a less prominent role. We shall then prove thatt this formal system gives rise to a basic process module that is isomorphic too pCRL(v4, D), thereby demonstrating that the new formal system has the same expressivee and demonstrative power as the original one.


Definitio nn 6.12 An action expression a is flat if a = a(y0, , yn-i), where a € A iss of arity n and yo,..., yn-\ is a sequence of variables. A pCRL expression p is flatflat if all occurrences of the action expressions in p are flat: we denote by Vi\at the sett of fiat pCRL expressions.

Examplee 6.13 With R as data algebra (see Example 3.5), the pCRL expression

X) xin(x)out(a:2) )

iss not flat. However, by Corollary 6.11 it is provably equivalent to the pCRL expression n

E : r i n ( ^ ) ( E yo u t( y )) <leq(y,x2) > S)

andd this one is flat.

Wee are going to define a mapping / that associates with every pCRL expression aa provably equivalent flat pCRL expression. For this it is convenient to have a shortt notation for expressions that wil l be used to simulate substitution: if d is a dataa expression, and x is a variable that does not occur in d, let

P\xP\x := 4 = £ * P < eq(;r, d) > 6. (6.5)

Lett / : V —> Pfiat be a mapping from pCRL expressions to flat pCRL expressions thatt satisfies the following conditions:

1.. if p = S, or p is a flat action expression, then F(p) = p;

2.. if p is a nonflat action expression, say p = a(db, , ^n-i) with a G A of arityy n and ÓQ, ..., dn-\ a sequence of data expressions of which at least one iss not a variable, then

r{p)r{p) = &{yo,...,yn-iHyo •= dbfr hn-i •= 4 - 4,

wheree y0,..., yn i is a sequence of distinct variables that do not occur in anyy of the di (0 q) = / (p) / (q); and

r(Zr(Zxxp)p) = T,xF{p).

Lemmaa 6.14 If D has equality and quantifier elimination, then

n(AD)?hp«/ - (P) )



( E Q )'' a(y0, . - - ,yn- i) <eq(y0,z0) A A eq(j/„_i, zn_i) > 6 ww a(2;0, . . . , 2n - i ) <eq(y0,20) A A eq(yn_i,2„_i ) > ö

Tablee 6.5: Those instances of ( E Q) that preserve flatness; y0,... ,yn^\ and ZQ,ZQ, ... i zn-i range over X (repetitions are allowed).

Proof.. The proof is by structural induction on p, and clearly the only nontrivial casee is when p is a nonflat action expression. So, suppose p = a(do,. . ., dn-i) and

F(p)) = a(s/o,---,ï/n-i)flï/o := cfofr "flyn- i := <k-i|f-

Byy Corollary 6.11

n ^ D f ^ r b )) «a(y0, .- . ,2/n-i)[yo := do]---[yn-i := 4 - i ] ,

andd since the variables in the sequence yo,...,yn-i are all distinct and without occurrencee in the dz (0 < i < n), &(yo,... ,yn-i)[yo '•= M [Vn-i := <4-i] = P-

D D Thus,, there is no loss in expressivity if we confine ourselves to flat pCRL ex-

pressions.. To prove the validity of an equation of flat pCRL expressions, we could, off course, use the deductive system II(-4, D)^q and only allow deductions that exclusivelyy involve flat pCRL expressions. The question is whether we then still havee a relatively complete system. Note that this is not clear beforehand, since applicationss of ( C Q 3 ), (DATA ) and (EQ) do not always preserve flatness. On the otherr hand, recall that our completeness proof of the previous chapter did not involvee applications of (DATA ) and ( C Q 3) (see Remark 5.40), so if we just leave themm out we still have a relatively complete deductive system. Furthermore, in-steadd of ( E Q) we could include the variant shown in Table 6.5, both sides of which aree flat. We denote the resulting deductive system for flat pCRL expressions by H(A,H(A, D)f|at. That is, with the understanding that the meta variables range over flatflat pCRL expressions, II(.A, D)fiat consists of

1.. the axioms and the inference rules in Table 5.2 on p. 75 except (DATA ) and (CQ3); ;

2.. ( Q E) from Table 5.3 on p. 85; and

3.. ( E Q )' from Table 6.5.

Wee shall establish below that II(,4, D)f|at has a deduction for every valid equation off flat pCRL expressions. The key step consists of showing that Lemma 6.10 and Corollaryy 6.11 can be deduced within U(A, D)f|at. We need the following lemma.

Lemmaa 6.15 If p is a flat pCRL expression, b and c are boolean expressions, and xx is a variable that does not occur in c, then

II(.4,, D)f,at \-(J2xP5)<ct>Ó^J2xP<bAc>ó-


Proof.. We have that

(Exx PS)<]c>S^ ( £x P<3b>S) <c>J2xS by ( C Q I)

~~ Y,X(P <ib\>6)<]c>S by (CQ6)

^Y,^Y,xxP<bAc>5P<bAc>5 by (C3),

soo the lemma is proved. D

Lemmaa 6.16 If d is a data expression and x is a variable, then

n (AD) f l a tt h r(p) <eq(x,d)ï> S^ I (p[x :=d]) < eq(ar, d) D> 5. (6.6)

Proof.. We proceed by structural induction on p. Supposee p is an action expression, say p = a(do, . . ., rfn_i), and let eo, . . ., e„_i bee such that p[x :— d) = a(eo, . . . .en_i) . i.e., et — di[x :— d] (0 5, (6.7)

wheree eq(jT, d) is an abbreviation for eq(yo, do) A A eq(t/n_i, dn_i). Indeed, if pp is not flat, then f (p) = a,{yo,...,yn-i)§yo :— db[f "Az/n-i := dn-i|h so that (6.7)) follows by Lemma 6.15. On the other hand, if p happens to be flat, then do , . . .,, dn-i is a sequence of variables; using that D |= /3((3y)eq(y, d)) % T, we deducee (6.7) as follows:

i(p)i(p) « a(db, , dn-i) < T t> 6 by (CI)

«« a(do, , dn-i) < /3((3y)eq(y, d)) ><S by (BOOL)

~~ Eya{ ô - - - - r f n- i )<eq (y, d) ><* by ( Q E)

~~ Eya(yo5- - - , yn - i) <eq(y, d) > S by ( E Q ) '.

Byy similar reasoning, we also have, for any sequence y = yo,..., yn-i of distinct variabless that do not occur in the e; (0 5, (6.8)

wheree eq(y, e) is an abbreviation for eq(yo< eo) A A eq(yn_i, en_i). Since

DD |= eq(y, d) A eq(:r, d) ~ eq(y, e) A eq(x, d),

(6.6)) is easily obtained from (6.7) and (6.8) by Lemma 6.15 and (BOOL).

Iff p = Ö, then (6.6) is trivial. Notee that for flat pCRL expressions Lemma 5.5 on p. 77, Lemma 5.6 on p. 78 and Lemmaa 5.33 on p. 92 hold with Yi(A, D)f|at instead of 11( 4, D). Hence, since F distributess over +, , and £\ , the proof in these cases is analogous to that off Lemma 6.10. D

6.22 Compar ing formal sys tems 121 1

Thee following corollary is obtained from Lemma 6.16 in the same way as we have obtainedd Corollary 6.11 from Lemma 6.10.

C o r o l l a ryy 6.17 Let p be a pCRL expression, let d be a da ta expression and let a;; be a variable that does not occur in d; then

n ( A D ) t aa r- F{p[x := d]) « F(pHx := 4 -

Wee are now in a position to prove that the deduction of an equation of flat pCRL expressionss may be assumed to consist of flat pCRL expressions only.


U{A,U{A, D)5q h p « q if, and only if, II(.4 , D) f l a t ^p^q

forr all flat pCRL expressions p and q.

Proof .. Clearly, every deduction within 11(^4, D)f|at is also a deduction within n( .4,, D ) |q , so we only need to prove the implication from left to right. For that, i tt suffices to prove that, for all pCRL expressions p and q, if p » q is an axiom off I I ( .4,D)gq, then n ( ^ , D ) f | a t h f ( p ) ^ F(q). For then any deduction within H(A,H(A, D)^q proving the validity of an equation p « q may be transformed into a deductionn within 11(^4,D)f|at proving the validity of [ (p) « F{q). From this the theoremm follows, since F{p) = P if P is already flat. In most cases, p « q being an axiomm of U(A, D ) |q implies that F {p) ~ F (q) is an axiom of II(„4 , D) f l a t ; the only nontriviall cases are when p « <? is an instance of ( E Q ), ( D A T A ) or ( C Q 3 ). Forr ( E Q) we need to show that

II(.A,D)fia tt h -F(a (c?o , . . . ,dn_ i ) ) <eq(d,e) >S

«« r ( a (eo , . . ., en_i ) ) <3 eq(d, e) E> 5, (6.9)

usingg eq(d, e) as an abbreviation for eq(cfo, e0) A A eq(dn_i, en-\). Suppose thatt y = yoi • • • •> 2/n-i is a sequence of variables that do not occur in any of the d\ andd &i (0 ö

~ E ya( ? / o , - - . , ? / n - i)) Oeq(y, d) A eq(rf, e) > 6;

byy ( B O O L ), using D (= eq(y, d) A eq(d, e) « eq(y, e) A eq(d, e),

« E ga( 2 / o , - - - , Z / n - i)) <eq{y, e) A eq(d, e) > <5;

andd by Lemma 6.15 and Corollary 6.17

%% r ( a ( e0 , . . ., e„_ i )) <3eq(d, e) > 5.

Thiss proves (6.9).


Forr (DATA ) we need to show that if D (= d « e, then

n (^ ,D)f l a tt h r(p[a: := d]) «F(p[a? := e]). (6.10)

First,, observe that we may assume without loss of generality that x does not occurr in ii or in e. For if x happens to occur in d or in e, then we select a variablee y distinct from x and with no occurrence in d, e and p; we note that p[xp[x :— d] = p[x := y][y := d] and p[x :— e] — p[x :— y][y :— e]; and we continue thee proof with p[x :— y] instead of p, and with y instead of x. Now, given that x doess not occur in d or e, we may apply Corollary 6.17 to both F{p[x :— d]) and r{p[xr{p[x := e]), and, since D |= d ~ e implies D (= eq(ar, d) « eq(x, e), we obtain (6.10)) by (BOOL).

I tt remains to consider ( C Q 3 ); we need to show that

K{A,K{A, D)f la t h E x F (p) « E x ^ ( P) + np[x •= d})- (6.11)

Notee that for fiat pCRL expressions Lemma 5.31 on p. 91 holds with II(*4 , D)f|at

insteadd of U(A, D); we use it to conclude from D (= eq(x, d) = T that

II(.4,, D)f la t \- F(p) < eq(x, d) > Ö =$ F(p) < T > S,

soo that by (Cl)

n(AA D)flat h r(p) ~ r (p) + A (P) < eq(x, d) > 5. (6.12)

Wee now first derive (6.11) for the special case that x has no occurrence in d:

EExxr(r(PP) ) ~~ E X ( ^ ( P) + F(V) < eq^»<0 > <*) by (6-12) *E*Exxr(p)r(p) + Y,xF(p)<eq(x,d)t>6 by(CQ4)

~~ Ex F(P) + F(P\X := d\) by C o r-6-1 7-

Forr the general case, let y be a variable such that y j^ x, y has no occurrence in d andd y $ FV(p). By the first two conditions on y we may apply the special case to conclude e

n (AA D)flat h E X t (P) « Ex f (P) + H P [* := y]) a nd (6-13) n ( A D WW I" E y F(p[x := ï/]) « Ey F(p[* := ï/]) + F(p[x := y][y := d]).

(6.14) )

Thee third condition on y ensures that y £ FV(EX F{p)), so if we apply E v to both sidess of (6.13), and subsequently apply ( C Q I) to the left-hand side and (CQ4) and ( C Q I )) to the right-hand side, then we get

n(AD)„att i- E , F ( P) « E,r(p) + Eyr(P[x •.= y}). (6.15)

Sincee p[x := y][y :— d] = p[x :— d], the general case now follows by combining (6.14)) and (6.15). D

6.33 Dimension-restricted free basic process modules 123 3

Fromm the set Pf|at of flat pCRL expressions we obtain an algebra pCRL(.A, D)f|at

off flat pCRL expressions modulo provable equivalence, dividing out the congruence inducedd on Vnat by n(.4, D)f|at. The construction is completely analogous to the onee that turned V into pCRL(*4, D); we do not spell out the details. Combining Lemmaa 6.14 and Theorem 6.18, if p and q are pCRL expressions, then

I I ( AA D)f lat I- F(p) « F(q) if, and only if, U(A, D) h p « q.

Hence,, and since F is surjective onto the set of flat pCRL expressions, the associ-ation n

[F(p)\[F(p)\ .

definess a surjective embedding from pCRL( 4, D)f|at into pCRL(*4, D). Therefore, wee have the following corollary.

Corollar yy 6.19 Suppose that D has equality and quantifier elimination. The algebraa pCRL(„4 , D)f|at of flat pCRL expressions modulo provable equivalence is a basicc process module over B, and it is isomorphic to the algebra pCRL(^4,D) of pCRLL expressions modulo provable equivalence.

6.33 Dimension-restr icted free basic process modules

Ourr goal in this section is to find a complete abstract algebraic characterisation of pCRL(.4,, D). We have proved in the previous section that pCRL(„4, D) is a basic processs module over B; to complete our characterisation we determine the dis-tinctivee properties of pCRL(.4, D) in comparison with other basic process modules overr B.

Withh the transition from basic process algebras with deadlock to ^-dimensional basicc process modules, we have added a notion of 'dimension'. The dimension set dimm p associated with an element p of an w-dimensional basic process algebra P iss the set of all i < w such that s p ^ p in P. In the case of the basic process moduless F* (discussed in Section 6.1) the dimension set dim F of an element F off F* consists of a l i i < u such that F is not uniform along i. In the case of the e basicc process modules pCRL(.4, D) and pCRL(.4, D)f|at of pCRL expressions modulo provablee equivalence (discussed in Section 6.2) the dimension set dim[p] consists off all i < UJ such that ^2X. p and p are not provably equivalent. Since FV(p) is finitee for every pCRL expression p, and Xi ^ FV(p) implies that ^2X. p and p are provablyy equivalent by an application of ( C Q I ), we conclude that dim[p] is finite forr every pCRL expression p (both in pCRL(„4, D) and pCRL(^4, D)f |at). This is a distinctt property of pCRL(.4, D) and pCRL(*4, D)f|at that not every basic process modulee has.

Definitio nn 6.20 An oj-dimensional basic process module P is locally finite if dim p iss finite for all elements p of P.


Remarkk 6.21 Our notions "dimension set" and "local finiteness" are analogous too the corresponding notions in the theory of cylindric algebras (cf. Henkin et al, 1971).. Naturally, a cylindric algebra C is locally finite if for every element b of C thee equality czb = b is true in C for all but finitely many i . The cylindric algebraa of formulas F m / «D is a locally finite cylindric algebra, so B is locally finitee too, by Theorem 6.8.

Ourr remarks preceding Definition 6.20 establish the following lemma.

Lemmaa 6.22 pCRL( 4, D) is a locally finite basic process module over B.

Thus,, for the sake of our comparison of pCRL(„4, D) with other basic process moduless over B, we now zoom in at the locally finite ones. The principal way too compare algebras is through their homomorphisms. Let C be an arbitrary cylindricc algebra, and consider a homomorphism h : P —> Q between two locally finitee basic process modules P and Q over C. Then h is dimension-preserving in thee sense that

dimm h(p) C dim p for all p in P.

Indeed,, if s p = p in P, then, since h is a homomorphism, s^(p) = h(sip) = h(p) inn Q. Hence, if PQ is a subset of P and ƒ : Po —* Q is an arbitrary mapping from Poo into the universe Q of Q that extends to a homomorphism from P into Q, then ƒƒ must be dimension-preserving. From the fact that there exist locally finite basic processs modules for which there is no finite upper bound on the dimensions of theirr elements (pCRL(*4, D) and pCRL(„4 , D)flat are examples), we conclude: if an algebraa is free for the class of locally finite basic process modules over C, then the dimensionn sets associated with its free generators must be infinite (and, in fact, equall to u)). In other words, there is no nontrivial free locally finite basic process modulee over C (the trivial basic process module over C is the one with {5} as its universe). .

Thiss is a pity, because the free algebras in a class are often very useful for thee description of the algebras belonging to the class. Fortunately, in the case off locally finite basic process modules, there is a way out that requires only a minorr curtailment of freedom. Suppose that P is a locally finite basic process modulee over C, and suppose that Po is a set of generators for P. Then P0 is dimension-restricteddimension-restricted free for P if every dimension-preserving mapping from Po intoo the universe Q of any other locally finite basic process module over C can be extendedd to a homomorphism h : P — Q. In this case we shall also say that P iss dimension-restricted free on Po- A locally finite basic process module is called dimension-restrictedd free if it has a dimension-restricted free set of generators.

Proposit ionn 6.23 Let C be a cylindric algebra. If P and Q are locally finite basic processs modules over C, dimension-restricted free on PQ and Qo, respectively, and theree exists a bijection ƒ : Po — Qo such that both ƒ and f"1 are dimension-preserving,, then P and Q are isomorphic.


Proof.. Let hi : P —> Q and /i2 : Q -» P be the unique homomorphic ex-tensionss of ƒ and / ~ \ respectively. Then h2 o hi homomorphically extends the identityy mapping on P0, and therefore it is the identity mapping on the universe off P. Similarly, hx o h2 homomorphically extends the identity mapping on Q0

andd therefore is the identity mapping on the universe of Q. Consequently, the homomorphismss hi and h2 are bijections, and hence isomorphisms. D

So,, if we prove that pCRL(.A, D) is a dimension-restricted free locally finite basic processs module over B, then we have characterised it up to isomorphism, and this iss the purpose of the remainder of this section. The first thing we should do is to selectt a set of generators for pCRL(.4, D). The definition of pCRL expressions (see (3.4)) on p. 33) suggests a candidate: the set of equivalence classes in pCRL(.4, D) thatt contain an action expression. Needless to say, it generates pCRL(.4, D), but Corollaryy 6.11 may be used to show that it cannot be dimension-restricted free.

Examplee 6.24 Let a € A be a unary parametrised action symbol, and suppose thatt the universe of D contains at least two distinct elements, say do and di. Then,, the action expressions a(x0) and a(xi) are not provably equivalent (if u is a valuationn such that V(XQ) = d0 and v(xx) = di, then T D ( i ) , f ^ a(x0) ~ a(xi)). Now,, observe that, by Corollary 6.11, So(d0i:-+[a(x0)]) = [a(î) l i n pCRL(.4,D). Hence,, a mapping ƒ that maps the equivalence classes in pCRL(^4, D) that contain ann action expression into another locally finite basic process module over B can onlyy be extended to a homomorphism if /[a(:ci)] = s0(doi:— /[a(aro)]). Conse-quently,, as soon as we have fixed a value for ƒ at [a(a;0)], we no longer have any freedomm at all in choosing a value for ƒ at [a(xi)].

Thee rationale of the above example is that a dimension-restricted free set of gen-eratorss for pCRL(^4, D) perhaps contains [a(:r0)] or [a(xi)], but certainly not both. (Itt seems quite natural to prefer [a(z0)] over ja(ari)], [a(x0,xi)] over [a(x6, x9)] , etc.)) We prove below that

{[a(xo,, ,xn_i)] | a G A of arity n} (6.16)

iss a dimension-restricted free set of generators for pCRL(*4,D). Caution: the sequencee Xo,... ,xn-i consists of the first n variables in the enumeration of X fixedd at the beginning of Section 6.1; henceforth, we shall call it the nth initial segmentsegment of X. Note that the association

a^** [a(x0,...,a;n_i)] (6-17)

definess a bijection between A and the set in (6.16). It is notationally conve-nientt to use the parametrised action symbol as a constant symbol denoting the correspondingg equivalence class, and, more generally, to use B-BPM^ -terms over AA (i.e., terms built from the constant symbols A by means of another constant symboll <5, unary function symbols Si (i < ui) and [&]:— {[b] e B), and binary functionn symbols + and ) as formal expressions denoting equivalence classes of pCRL(AD). .


Examplee 6.25 If a <E A then s0(d0i:— a) is an example of a B-BPM^-term over A.A. which (if a's arity happens to be 2) denotes the equivalence class that contains thee pCRL expression

Ex00 a(xo- *i ) < eq(x0, xl) t> 5.

Iff in and out are unary parametrised action symbols, and associated with D is a Booleann expression 0 < x0. then s0([0 < x0]:-> in out) is a B-BPM^-term over A thatt denotes the equivalence class in pCRL(A D) containing

HxHx00 in(2-0)out(j-0) < 0 < x0 t> 6.

Too say that the set in (6.16) generates pCRL(A D) means that every equivalence classs in pCRL(AD ) is denoted by a B-BPM^-term over A. To prove it, we shall definee a mapping £ from flat pCRL expressions to B-BPM^-terms over A such that £(p)) denotes the equivalence class in pCRL(AD ) that contains p (this is enough sincee every equivalence class in pCRL(A D) contains a flat pCRL expression). The definitionn of £ makes extensive use of the algebraic counterpart of substitution off the variable Xj for the variable i^, expressed as a composition of a projective summationn s?; and a guarded command . Therefore, it is convenient to introducee an abbreviation: if C is a cylindric algebra of dimension w and P is a basicc process module over C, then we define for all i,j < to a unary operation cr{

onn the elements p of P by

fjnfjn ==[[ S*( dü:-*P) i f i ^ j : and

]P]P I P if i=j.

Thee following lemma is to record that cr^ behaves as expected on pCRL(AD) .

Lemmaa 6.26 If i,j < u;, then tr)\p] = \p[xi := xj}} in pCRL(AD) .

Proof.. If i = j , then this is trivial. If i ^ j , then, by the definition of cylindric summationss and guarded commands in pCRL(AD) , the element trjbp] contains thee pCRL expression

J2J2XX,,!! p<eq(xp<eq(xii,x,xjj)) >S.

Thiss expression is, by Corollary 6.11, provably equivalent to p[xt := x3]\ hence <y)[p]<y)[p] contains p[xt := x.j]; this proves the lemma. D

Definitio nn 6.27 We define f as the unique mapping from flat pCRL expressions too B-BPM^ -terms over A such that

(i)) if p = a(xi() rin_ ,) with a G A of arity n. and m is the least element of LÜLÜ such that m > n — 1, z0, . . . .i n - \^ then

(ii )) if jo is a conditional, say p = q <} b t> r, then £(p) = [6]:-+ £(g) + -i[&] :-> £(r).


(iii )) £ respects the other constructs of pCRL, i.e.,

*(<$)) = * ap-q) = ap)-a<i), and Z{pZ{p + 9) = £(P) + C(«), É(E* 4 P) = S^ (P ) -

Lemmaa 6.28 For every flat pCRL expression p, £(p) denotes [p] in pCRL( 4, D).

Proof.. The proof is by structural induction on p. Supposee p = &(xia,... ,Xin_1) with a G .4 of arity n, and let m > n— 1, io , . .. , in-i< soo that

Byy Lemma 6.26, the equivalence class denoted by cr^nJ^n_1 • • <xâ contains the actionn expression a(xo,. .. ,xn-i)[xo '•= xm] • - • [xn-\ •— x m + n_ i ] , which is (syn-tactically)) equal to

&\Xmi&\Xmi • • • t %m + n— 1)

sincee the variables in the sequences x0,..., xn_i and xm,..., xm + n_i are all mu-tuallyy distinct. Then, by Lemma 6.26, we find that £(p) is the equivalence class inn pCRL(AD) that contains &(xm,... ,xm+n-i)[xm+n-i '•= xin_l] • • • [xm := xio]. Sincee the variables in the sequence xm,... ,xm+n-i are mutually distinct and also distinctt from the variables in the sequence xl0,..., Xim_r, this action expression is (syntactically)) equal to

&\Xi&\Xi aa , . . . , X{n_l) p.

Supposee that p ~ q < b\> r. By the induction hypothesis and the definition of guardedd commands in pCRL(.4,D), £(p) contains the pCRL expression

q<Sb>S+r<]-^b\>ö, q<Sb>S+r<]-^b\>ö,

whichh is by Lemma 5.5 on p. 77 provably equivalent to p. Forr the other cases, the proof is straightforward. Ü

Sincee by Theorem 6.18 every element of pCRL( 4, D) contains a flat pCRL ex-pression,, by the lemma just proved, every equivalence class in pCRL( 4, D) is de-notedd by an element from the set of B-BPIVL-term over A. Since the latter set iss generated by A, it follows that the set of equivalence classes denoted by the elementss of A, i.e., the set in (6.16), generates pCRL( 4, D). Consequently, it now remainss to establish that this set is dimension-restricted free, and for this, the set off B-BPM^ -terms over A may also be of help. Namely, there is a straightforward wayy to transform it into a dimension-restricted free algebra. We define a deductive systemm B-BPM^(^4 ) for equations of the form t ~ w, where t and u are B-BPM^ -termss over A. As inference rules it has the rules of equational logic associated withh basic process modules over B. As axioms it has

1288 Chapter 6 Algebraic pCRL

(Cs7)) Sja « a if a E A of arity < i.

Tablee 6.6: The dimension-restriction axioms for parametr ised action symbols.

1.. the equations generated by the axioms of basic process modules over B (cf.. Tables 2.1 on p. 17, 6.1 on p. 108, and 6.4 on p. I l l ) , replacing each occurrencee of ' = ' by ' ~' and lett ing p. q and r range over B-BPM^-terms overr A, and

2.. the dimension-restriction axioms for the elements of A as generated by the schemaa (Cs7) in Table 6.6.

Iff t w u has a deduction within this deductive system, then we call t and u provably equivalentequivalent and we write B-BPMW(,4) h < ^ « . The set of B-BPM^ - terms over A iss natural ly the universe of an algebra similar to basic process modules over B andd provable equivalence is a congruence on this algebra. We shall denote the quotient,, i.e., the algebra of B-BPM^-terms over A modulo provable equivalence, byy I ( A B ) . If t is a B-BPM^-term over A, then we write [t] for the equivalence classs in 1(^4, B) that contains it .

P r o p o s i t i onn 6.29 The algebra 1(^4, B) is a locally finite basic process module overr B , and the set {[a] | a E A} is dimension-restricted free for 1(^4, B ).

Proof-- Clearly, 1(^4, B) is a basic process module over B . Iff t is a B-BPM^- term over A, then we write dim t for the set of all i < UJ

suchh that B -BPN/L^ ) \f stt % t. To prove that 1(A, B) is locally finite, it is enoughh to show that dim t is finite; we proceed by structural induction on J: If tt = 5, then dim t = 0 by (Cs6), and if t is a parametrised action symbol of ari tyy n. then dim t C { 0 , . . . , n - 1} by (Cs7). If t — u + v or t = u v, then dimm t C (dim u U dim v) by (Cs4) and (Cs5), respectively; since dim u and dim v aree finite by the induction hypothesis, dim t is finite too. If t — [b]:—*t\ then dimtdimt C ( d i m i ' U { i < w | d[b] ^ [b] in B} ) by (Gc9) or (GclO). The set d i m t' iss finite by the induction hypothesis, and the set {i < UJ \ Ci[b] / [b] in B } is finite sincee B is locally finite (cf. Remark 6.21). Hence dim t is finite. If t — s ^ ', then d i mtt C (d im t' — {i}) according to (Cs2); since d i m t' is finit e by the induction hypothesis,, also dim t is finite.

T h att the set {[a] | a € A} generates 1(^4, B) is clear; it remains to prove that it iss dimension-restricted free for I ( .4 ,B). So, suppose that P is an arbitrary locally finitefinite basic process module over B and consider a dimension-preserving mapping

ƒƒ :{[a ] | a € ^ } ^ P .

Wee define a mapping g from the set of all B-BPMW -terms over A into the universe off P as the homomorphic extension of the association that sends a € A to / [ a ] :

g(&)g(&) - / [a] g(t • u) = g(t) • g{u) g([b}:^ t) = [b]:^g{t)

g(S)g(S) = 6 g{t + u) = g(t) + g{u) gfat) = stg(t).

6.33 Dimens ion- res t r ic ted free basic process modu les 129 9

Sincee ƒ is dimension-preserving, g maps each a € A of arity n to an element p of PP such that dim p C { 0 , . . . , ra - 1} ; hence, Sjfl(a) = g(a) for all i > n. From this, andd since P is a basic process module over B , we get that if B-BPMW(.A) h t « « , thenn g(t) — g(u) in P. That is, g maps all the elements of an equivalence class inn l(A, B) to the same element in P, and therefore there exists a function h from 1(^4,, B) into P that sends [t] to g(t). I t is immediate from the definition of g that hh is a homomorphism and that it extends ƒ.

R e m a rkk 6.30 The theory of basic process algebras with deadlock is usually pre-sentedd as an algebraic specification parametrised by a set of constant symbols (actionn symbols). Similarly, one might view the theory of basic process modules overr B as an algebraic specification parametrised by a set of constant symbols (parametrisedd action symbols) and a set of axioms that specify the dimension of eachh of these constant symbols (the axioms generated by the schema (Cs7) in Ta-blee 6.6). The algebra I (.A, B) is the initial algebra associated with this algebraic specification. .

Thee usefulness of Proposit ion 6.29 is in that we do not have to exhibit a homo-morphismm from pCRL(*4, D) into every other locally finit e basic process module overr B to show that i t is dimension-restricted free. I t is now sufficient to exhibit ann isomorphism between pCRL(.4, D) and 1(^4, B ) . This, in turn, can be achieved byy proving the following completeness theorem: for all flat pCRL expressions p andd q

U(A,U(A, D) f l a t h p « q if, and only if, B-BPMw(^l ) h £(p) w £(<?).

Wee shall prove the completeness theorem below as Theorem 6.37. I t s proof consists mainlyy in showing how the axioms of LT(„4, D)f|at, when reformulated as equations off B-BPMW -terms over A, can be deduced by means of the axioms of basic process moduless and the dimension-restriction axioms. Before we come to that, however, wee shall make a few preparations. In particular, we shall demonstrate that the syntacticc notions lXi & FV(p)' and 'p[xi := x3\\ which play a prominent role in thee axioms of II(.4 , D)f|at, are adequately represented by their algebraic counter-partss in the theory of basic process modules (see Lemma 6.33 and Lemma 6.35, respectively). .

First,, we establish a few facts about the unary subst i tut ion operations <x*- on basicc process modules. For the formulation thereof it is convenient to also define themm on cylindric algebras: let C be a cylindric algebra of dimension CJ; we define forr all z, j < UJ a unary operation <r* on elements b of C by

ii ƒ Ci(dij A b) if i + j ; and ^ D __ \ b iU = j .

Inn the proof of following lemma we shall make use of certain derived identities of cylindricc algebras; they are all established in Henkin et al. (1971).

L e m maa 6.31 Let C be a cylindric algebra of dimension u, let i,j,k,l < a;, and lett b e C; then, in every basic process module over C,


(i)) tr'jS — 5, <r%- distributes over -f and , and <r*(b:^ p) = (<r*-b):—><7*-p;

(ii )) dij:^Kr%p = dij:->(Ttjp;

(iii )) if k ^ ij, then sfc<r}p - <xjsfcp;

ivjj o-t-Sip - s^;

(v)) <TêrJkskp = <T3

iskp

(vi)) o-f<rj.sjfcs/p = cr'cr/s/Sfcp; and

i i cr^cr^pcr^cr^p if i — I] and crfcr^pcrfcr^p otherwise.

Proof. .

(i)) This is trivial if i — j , so we assume i j . We then obtain a^S — S by (Gc5) andd (Cs6), and tr){p + q) - a)p + erjq by (Gc6) and (Cs4). Furthermore, wee have

cr)(pcr)(p - q) = Si((dij:^> p) (dif-

== Si((dij:^p)- (dij\-

== cr)p-<T)q

- q )) ) - ^ q ) ) )

byy (Gc7), (GC8)

byy (Gc l l)

byy (Gc8), (Cs5);

so o

andd o-;.(b:->p) = {cr)b):â)p can be deduced with (Gc4), (Gc9), (Gc l l) andd commutativity, associativity and idempotency of A.

(ii )) If i = j , then, trivially , d*j:-> erfp = d;j:—> ak3 p.

Iff i ^ j , but i = k, then d»j-:-> erfp = d^:^ p = dy-:-> o-Jp by (Gc l l ), and thee case that i ^ j , but j = k, is similar. So,, suppose that i, j and A; are distinct; then

1*}} ? d ? J d i i T dA ,, (Henkin e* oL 1971),

(**)(**) dij A dki = dij A dkj v y '

d ^ - x r f pp = dij:->sfc(dfci:-> p)

== sf c (d i i : ^(df c i :^p)) by (GclO) and (*)

== s ^ d ^ ^ d ^ i ^ p )) by (Gc4) and (** )

== dij:^>sk(dkj:->p) by (GclO) and (*)

== dii :->«rjp.

(iii )) If fc T i, j , then sfc<r*p = <r]sfcp by (Csl), (GclO) and (*).

(iv)) If i ~ j , then «rJ-Sip = s p is by definition. If i ^ j , then, since c^dy = T (cf.. Henkin et a/., 1971), <r*-s<p = szp is by (Gc9) and (Gel).

6.33 D imens ion- res t r ic ted free basic process modu les 131 1

(v)) If k = i or k — j , then cr^(TkSkp — «T-Sfcp by definition. If k 7 i,j, then we

obtainn cr^crkSkP = c^Sfcp from (ii)-(iv) :

arfco-Jfcsfcpp = (T f^sf c p

== <T?sfc<rJp

== sfc<x^p

== O-^SfeP

byy (ü)

byy (iii )

byy (iv)

byy (iii )

(vi)) That cr^cTjkSkSip = cr\cr\s^SfcP follows from (v) and (Cs l ).

(vii )) IfkîJ, then, by (iii ) and (i), tr)trfp = sfc((<T}d fc/):-><r}p).

Iff i = /, then, since <r*dfcl = d^j (cf. Henkin et al., 1971), the right-hand

sidee is equivalent to <r^cr*p.

Onn the other hand, if i ^ /, then, since also i / fc, <x*dfci = d^ (cf. Henkin

ett a/., 1971), so the right-hand side is equivalent to trfcr^p. D

Notee that the proof of Lemma 6.31 does not involve any applications of (Cs3). Ass an amusing and instructive aside, we can use Lemma 6.31(v) to prove that (Cs3)) is superfluous in the definition of locally finite tridimensional basic process modules.. We establish this in the following corollary. (Clearly, our definitions of 'dimensionn set' and 'local finiteness' make sense for every algebraic structure with aa sequence s0, s i , . . ., Sfc,... (A: < UJ) of unary operations.)

C o r o l l a ryy 6.32 Let C be a cylindric algebra, and let P be an algebraic structure similarr to basic process modules over C. The following are equivalent:

(i)) P is locally finite, and satisfies the equalities in Table 2.1 on p. 17, the equalitiess (Cs l ), (Cs2) and (Cs4)- (Cs6) from Table 6.1 on p. 108, and the equalitiess in Table 6.4 on p. 111.

(ii )) P is a locally finite basic process module over C.

P roo f.. That (ii ) implies (i) is immediate; we prove that (i) implies (ii) . Lett p be an element of P; we prove that s p = s p + p for all i . Using that

PP is locally finite, let j < u) be such that j ^ i and j £ dim p. We conclude that

si pp = sïp + Sj<r*p (6.18)

fromm the following deduction:

SiPP = SiSj-p j ^ d i m p

== sl sJ( ( du V - . d y ) : — p) by ( G e l)

== SiSj-fdf,-:-» p + -"d^-:-* p) by (Gc3)

== SiSjiidij-.^- p + - d y - : - p) + dtj:^ p) by (A1)- (A3)

== s{ Sj(p + dij-:— p) by (Gc3), ( G e l)

== StP + S jS jd i j : -vp by (Cs4), j £ dim p

== sip + sjaljp by (Cs l ).


Then,, observe that by omitting all occurrences of Sj in the above deduction, we gett a deduction that proves s p = s p + a\ p, whence

s,a)ps,a)p = Sja)p + al^p.

Sincee j j? dimp we get by Lemma 6.31(v) that crja^p — crâ^Sjp = Sj-p = p, so

sJ-(T}pp = sjo-jp + p. (6.19)

Hence, ,

Sipp = SiP + Sj<Tjp by (6.18)

== s,-p + (sj-crjp + p) by (6.19)

== (sip + Sj<T}p) + p by (A2)

== si P + p by (6.18).

Consequently,, P is a locally finite cj-dimensional basic process module over C. D Whenn we demonstrated the local finiteness of pCRL(A D), we established that

xxtt g FV(p) implies that J2X P an(^ P a re provably equivalent, whence i $ dim[p] inn pCRL(./LD). The proof involved an application of ( C Q I) (cf. our remarks precedingg Definition 6.20). We now deduce this same property again, but this time wee only use axioms of basic process modules and dimension-restriction axioms. Thiss shows that the algebraic notion of 'dimension' adequately represents the syntacticc notion of 'free variables in an expression'.

Lemmaa 6.33 If p is a fiat pCRL expression such that xt ^ FV(p), then

B-BPIVU.4)) h s^(p) « £(P). (6.20)

Proof.. We assume Xi £ FV(p) and prove (6.20) by structural induction on p. Supposee that p = a(xi<:),..., xin l) with a 6 A of arity n, let m be the least element off u) such that m > n — 1, i o , . . ., ïn- i ? so that

S\P)S\P) ~ °ia • • • ain._ ! ° W n - l ma-

Notee that i £ {zo,... ,in-i} by the assumption that x^ £ FV(p). We now distin-

guishh three cases: Iff i < n. then we may interchange Sv and cr™ • • • o-7l+n-1o""~lL 1 • • • crl^]_ •, , in thee left-hand side of (6.20) by Lemma 6.31(iii), and subsequently delete st with ann application of (Cs2); this gives the right-hand side of (6.20). Likewise,, if m < i < m + n, say i — m + j with 0 < j < n, then starting from thee left-hand side of (6.20) we interchange Sj and <x™ crl~'] , so that we may subsequentlyy delete s, to obtain the right-hand side of (6.20). Inn the case that remains, n m -+- n, so by Lemma 6.31 (iii ) and (Cs7), ,


Supposee that p is a conditional, say p = q <] b > r. Clearly, ^ ^ FV(p) implies thatt #i does not occur in 6, and therefore Ci[b] = [b] and c f-1 b] = [-> 6] in B. We noww prove (6.20) with the following deduction:

^ ( p ) = si ( c i [ 6 ] : - . e ( ?)) + Cih&]:-C(r) )

«si ( c i [& ] : - . ^ (g ) )+s i ( c i h6 ] : - ^ ( r ))) by (Cs4)

«« Ci[6] :-> *£(?) + Cih 6]:-> s^( r) by (GclO)

« ci [ 6 ] : - » ^ ) + c i h 6 ] : - . 4 (00 by (IH)

== C(P)-

Iff p = <5, then s^(p) ~ É(p) by (Cs6). tfptfp = q+r, then s,£(p) w s^(?) + s£(r) by (Cs4), so s£{p) « £(p) follows by thee induction hypothesis. Iff p = q r, then £(r) « s^( r) by the induction hypothesis,

Sit(p)Sit(p) « Si(^(g) Si£(r)) « s»£(g) s»£(r)

byy (Cs5), and s^£(p) « £(p) by another two applications of the induction hypoth-esis. . Iff p — Y^x. q, then there are two cases: if Xi = Xj, then s^(p) « £(p) by (Cs2); otherwisee ^ £ FV(g), whence s^( ) « £(<?) by the induction hypothesis, and hencee s£(p) « Sj-s^(g) « £(p) by (Csl). D

Intuitively,, the sequence of natural numbers m,..., m + n — 1 in the defini-tionn of £ (Definition 6.27) refers to a sequence of 'fresh' variables xm,... 7Xm+n~\ ('fresh'' here means 'without an occurrence in the sequence x0, • • • ,xn-\ or in the sequencee X{0,... ,Xin_1''). Freshness is ensured by choosing m larger than n — 1 andd io, • • •, i n- i ; that we took for m the least such number, was a quite arbitrary choice.. The following lemma shows that any m > n — l,io,... , i n - i does the job.

Lemmaa 6.34 If a — &(xio,..., Xin_1) is a fiat action expression, then

B-BPIvU.4)) h £(a) « < < t r " l o - m + » -i < a

forr all m > n — l,io, ,in-i-

Proof.. By definition

<•(<•( „ \ —rn _m+n—l in-l 0 _

wheree m is the least element of UJ that is greater than n — 1, io, , in-i- We need too show that, in fact, m may be any element of u) greater than n — 1, i0,..., in-i, andd this is easily obtained as a consequence of the following claim.

Claimm Let P be a basic process module and suppose that p is an element of P; if m , . . .,, ra + n $ dimp and m > io, , in-\i then

_mm ^ . m + n -l _ n - l __0 _ „ ~rn+l _ m + n _ n -l 0 _


Iff n — 0, then there is nothing to prove. Assume,, inductively, that n > 0 and m.,.. ,m + n £ dim p. Then

pm+n—— I n — 1 iinn~i~i m+i

TTii m+Ti-1 n -1 ° i 00 " " ' in-\ " m + n-1

ö'^+Tl_2'"" P m , . . ., m + n £ dim p mm m + n — I n — 1

° i oo ' " t „ _ i " m + n - r m + n - l S m +n

. n - 22 _ 0 7711 + Tl —2 <r mpp by Lem. 6.31(iii)

_mm _m+n —2 _m+n _n—1

°"m"+2n-22 "'" fflp by Lem. 6.31 (vi) _mm _m + n —2 _m + n _n—1 _n —2 _0 _. 1 T a 01 \

-- ffio " " " ° X - 2 ^ „ - j <Tm + 7i<Tm+n-2 " " " °VnP by Lem. 6.31(lll)

_mm + n _m _m+n —2_n —2 _0 _n —1 _ 1 T ? 01/ --\ == « V x ° V ^ ^ - 2 « W n -2 " ffmffm+«P by Lem. 6.31(vil),

whence,, since m , . . ., m + n - 1 0 dimfcr^^p) by Lemma 6.31(iii),

_.77i+nn _m+l _m+n —1

o"m+2n_!! crQ

m+j c r ^ p by ( IH) _ m +ll _Tn+n_n—1 _0 „ i T C 0 1/ - -\

== Éri 0, V i f f m + n - <T m + i P by Lem. 6.3l(vn).

Thee claim has been proved, and the lemma follows from it. D

Wee can now prove that the syntactic notion of 'substituting the variable x3 for thee free occurrences of the variable x{' is adequately represented by its algebraic counterpart,, the unary operation a1-.

Lemmaa 6.35 For every flat pCRL expression p.

B-BPMW(.4)) h v)t{p) « Z(p[Xi := xj]). (6.21)

Proof.. If i = j , then the lemma is trivial. If X{ <£ FV(jo), then p = p[x{ := Xj] andd £(p) « s^(p) by Lemma 6.33, and hence (6.21) follows by Lemma 6.31 (iv). Forr the remainder of the proof, we therefore assume that i / j and that xi £ FV(p); wee proceed by structural induction on p. Supposee that p = a(xi o , . . ., Xin_1) and p[x{ :— Xj] — &(xj0,...,xJn J; clearly, j'jtt = ik if ü 7 h a nd jfc = j if ik = i (0 < k < n — 1). Let us now fix

mm > n - l,i0,.. . , in_i , j "o, . . ., j n - i -

Inn particular m > i, since i G {io,.- ,^n-i} by our assumption that xt e FV(p), so,, with a few applications of Lemma 6.31 (iii ) and a subsequent application of eitherr (Cs2) or (Cs7), we easily get

B-BPMW(„4)) h < " 1n _ 1 a « s ^ " 1 ^ ^ a . (6.22)


Wee now deduce (6.21) as follows

a j 00 • •

£(p[Xj £(p[Xj

m+n—ln—1m+n—ln—1 _0 ' " ' " u - ii am+n~l" '{Tma

__m+n-ll _i _ n - l 0

—— m+n — l i - , _n — 1 _0 „

m + n -11 n -1 0 ^ n - ii ^ ^ m + n - l °Vna

ra+n-1ra+n-1 re-1 0 CTCTj„_ij„_i " m + n -1 " ' ° m a

:== a:*])

byy Lem. 6.34

byy Lem. 6.31 (vii)

byy (6.22)

byy Lem. 6.31 (iv)

byy (6.22)

byy Lem. 6.34.

Iff p = <5} then (6.21) is immediate by Lemma 6.31 (i). Iff p = pi -\- p2: p — p1 • p2, or p — pi £>2> then (6.21) is easily deduced from Lemmaa 6.31(i) and the induction hypothesis. Iff p — Y2x p'^ then k ^ j by our assumption about substitutions (see p. 33). Moreover,, k 7 i by our assumption that a;z 6 FV(p). By the induction hypothesis, wee get that <xj-£(p') ^ £(p'[£i := 2^]), so (6.21) follows by Lemma 6.31(iii). Thee proof is complete.

Wee shall prove the completeness theorem by establishing a correspondence be-tweenn the axioms of II(„4 , D)f|at and the axioms of basic process modules. To prove thatt the equivalents of the axioms for the binary conditionals of II(.4, D)f|at can bee derived with the axioms for guarded commands in basic process modules will bee to a large extent straightforward. The deduction of the equivalent of (C6) is aa minor exception, and it is convenient to prove it ahead of things, as a separate lemma. .

Lemmaa 6.36 Let C be a cylindric algebra, and let b be an element of C; then

(b:->> p + -1 b:-» q) (b:-> r + -1 b :^ s) = b :^ (p r) + -. b:^(q s)

forr all elements p, q, r and s of a basic process module over C.

Proof.. We get

( b : -- p) ( b : - q + - b:^ r) = b:^(p q); (6.23)

for,, since b A b — b and b A ^ b ^ - L i n C , we have the following deduction:

( b : ^ p ) - ( b : ^ qq + - b : ^ r )

== (b:-> p) (b:-> q + !_:- r) by (Gc8), (Gc6) and (Gc4)

== ( b : ^ p ) - ( b : ^q + 5) by (Gc2)

== ( b : - p ) - ( b : - q) by (A6)

== b :^ (p q) by (Gc8) and (Gc7).

Then,, by (A4) and (Al) , and since -> -> b = b in C,

(b :^pp + -^b:^q)- (b :^ r + - b : ^ s ) =

( b : -- p) (b:-> r + - b:^ s) + ( - b:^ q) . (-, b:— s + -< - b:^ r).

Thee lemma follows by applying (6.23) to the right-hand side. D


Wee now prove the completeness theorem.

Theoremm 6.37 Suppose that D has equality and quantifier elimination. Then

n(X } D) f l a tt h p « q if, and only if, B-BPMW(^) h £(p) « £(?)

forr all flat pCRL expressions p and 9.

Proof.. We first prove that if p ~ g is an instance of an axiom of II(.4, D)f|at, thenn B-BPMW(.4) h £(p) « £(g). Note that £ distributes over the operations +,

and 6. Hence, since every basic process module satisfies (A1)-(A7), if p ~ q is ann instance of one of (A1)-(A7), then B-BPMW(.4) h £(p) « £(q). Next, we treat thee instances of (C1)-(C6):

(CI)) Consider ( ( p < ] T [ > g ) = [T]:->£(p) + -^[T] :->£(?). By (Gel) the first summandd of the right-hand side is provably equal to £(p), and, since ""'[T]] = [_l_] in B, the second summand is provably equal to S by (Gc2), whencee may be removed by (A6).

(C2)) Consider $,(p<\ b\>q) = [b]:—> p+-<[b]:—> q, and interchange the summands inn the right-hand side with an application of (Al) ; since [b] = -i[-> b] in B thee result is £(q <j -1 b t> p).

(C3)) Consider

£((pp < & o 9) < c > q)

== [c]:-([&]:-£(p) + -[&]:-+£(<?)) + -[c]:-C(?)ï

inn the right-hand side, distribute [c]:—> over the alternative composition withh (Gc6), and combine the guards with (Gc4) to obtain

([cc A b]:^((p) + [c A -& ] : -£ (? )) + - [ * ] : -£(* )

Rearrangee the summands with (A2) and combine the guards [c A -> 6] and -i[c]] with (Gc3); since [c A -< b] V ->[c] = -i[& A c] in B, the result is

[b[b A c]:->£(p) + -«[&A c]:-+£(g) = £(p O 6 A c\> q).

(C4)) Consider

C((pp + ? )< &>( r + s))

== [6]:-«(p)+C(9)) + -[&]:->(C(r)+^));

inn the right-hand side, with applications of (Gc6) distribute the guards overr the alternative compositions, and rearrange summands with (Al ) and (A2);; the result is

([6]:^C(P )) + - f l : ^ ( r ) ) + ([&]:->*(? ) + -[&]:-£(«) ) == £(p <b\>r + q<->b\>s).


(C5)) Consider £(p 6) = [b V c]:->£(p) + -i[6 V c]:-» 5. The first sum-mandd of the right-hand side is provably equal to \b]:—>£(p) + [c]:—>£(p) byy (Gc3), and the second summand may be deleted by (Gc5) and (A6).

(C6)) That B-BPMîA) r-£((P q) -{r s)) « £(p- r q-s) follows fromm Lemma 6.36.

Iff D |= b « c, then [6] = [c], so if p « </ is an instance of (BOOL), then

Withh the instances of ( C Q I ), (CQ2) and ( C Q 4 ) - ( C Q 6) (recall that ( C Q 3) was omittedd from the deductive system II(.4, D)f|3t) we deal as follows:

( C Q I)) Immediate by Lemma 6.33.

( C Q 2)) If i = j , then £(£,.. P) = €(Hx- P\X* : = x i ] ) ' so ass1 1 1 1 16 t n at * ¥" 3- If XjXj $ FV(p), then £(p) w Sj£(p) by Lemma 6.33; hence, since d^ = d^ in everyy cylindric algebra,

* (£* ,, p) « *<r&(p ) by Lem. 6.31(iv)

«« s^ je (p) by (CS1)

~~ £(£x., P N := xjD by Lem. 6.35.

( C Q 4)) Immediate by (Cs4).

( C Q 5)) If Xi £ FV(<?), then £(</) « st£(g) by Lemma 6.33, so we get

£((£*,, P) 9) « S ^ ( P) s^(?) « £(£*[&] = c2 ->[&] in B; so

£(£*,, P ^ > L ^ ) == C»[&]:->Si4(p) +Ci--[&]:-^s^(qr)

«si ci [6]:-^C(p)) + sici -.[&]:-.^(g ) by (GclO)

== ^(£Xi (P< *>«))

Forr the instances of ( Q E ), note that if X{ $ FV(p), then (*) £(p) m s^(p) by Lemmaa 6.33; hence, using that C{[6] = [p((3xi)b)} in B, we obtain

£(£x< 5) « *{[*>]--+ *ittP)) by (*)

«Ci[6]:->s^(p)) by (Gc9)

*S(p<l3{{3x*S(p<l3{{3xii)b)>6))b)>6) by (*) .

Supposee that p ss ^ is an instance of (EQ) ', say

pp = ai(xi0,...,xin_1) <eq(xio,xjo) A A eq(xin_ï,xjn_l) > 6, and

gg = &{x30,...,xjn_1) <eq{xiü,xJO) A A eq(xi 7 i _1, xjn_l) > S.


Wee fix m > n - l,i0,... ,zn_i, j 0 . . . . , j n _ i ; then

B-BPMÂ)B-BPMÂ) h d,OJO A - A dln_lJn_v:- < < + r X *

^ d ^ A - . - A d ^ ^ ^ ^ ^ o r - - - - ^ ^ - ^ ^

forr every B-BPM^-term t over A by Lem. 6.31(ii), (vii) , (Gc4) and a straight-forwardd induction on n. From this, B-BPM^fA) h £(p) % £(g) is obtained with Lemmaa 6.34.

Hence,, if p % q is an axiom of U(A,D)f|at, then B-BPM^(.4) h £(p) sa £(<?). Moreover,, it is at once clear that an application of an inference rule of I I ( A D)f|at

translatess to an application of the corresponding rule of equational logic in the settingg of basic process modules. It follows that any deduction within n(„4,D)f|at

provingg the validity of an arbitrary equation p w q of flat pCRL expressions p and qq can be transformed into a deduction that proves B-BPMÂ) h £(p) sa £(<?); thiss concludes the proof of the implication from left to right.

Forr the other implication, note that the dimension-restriction axioms are true inn pCRL(.4, D) under the interpretation of B-BPM^-terms over A as equivalence classess of pCRL(,4, D) induced by the association in (6.17). Furthermore, by The-oremm 6.9 pCRL(.A,D) is a basic process module over B, and satisfies, a fortiori, thee instances of the axioms of basic process modules over B with respect to this particularr interpretation. That is, if B-BPMW(.A) h £(p) ~ £(<?), then the equiv-alencee class in pCRL(*4, D) denoted by £(p) must be the same as the equivalence classs denoted by £(<?). By Lemma 6.28, £(p) denotes [p] and £(q) denotes [q], and fromm [p] — [q] we conclude that 11( 4, D) |q h p ss q. Hence, by Theorem 6.18 n(^4,, D)fiat (~ P ~ <? This concludes the proof of the implication from right to left, andd the proof of the theorem.

Too conclude that the set in (6.16) is a dimension-restricted free set of generators forr pCRL(.4, D) we still need to close one small gap. By Theorem 6.37 it is now clearr that the mapping £ induces an embedding from pCRL(.4, D)f|at into 1(A, D), andd hence, by Theorem 6.18, that

[P][P] " K(P)] (6.24)

definess an embedding from pCRL(„4, D) into 1(^4, D). What we need, however, is ann isomorphism, i.e., a surjective embedding, and one that extends the association

[a(x0,.. ..,xn-i)] i-> [a]. (6.25)

Actually,, since we already know that the sets {[a(;ro,...,xn~i)] I a € A of arity n) andd {[a] | a E A} generate pCRL(.4, D) and I(„4,D) , respectively, it suffices that thee embedding defined in (6.24) extends (6.25), and this is a consequence of the followingg lemma.

L e m maa 6.38 If a is a parametrised action symbol of arity n, then

B-BPMÂ)) h £(a(:ro, , xn- i ) ) ~ a.


Proof.. According to Definition 6.27,

£(aOr0,, . . . ,£ „_ ! )) = a2âl~\ • cr°na.

Wee prove by induction on j < n that

Iff j = 0, then this is immediate; if j > 0, then n + j — 1 > n — 1, and we deduce

1^_ 1---CT°a a ^ - r 1 ^ - - ii <r%+ j _ia by (Cs7)

°"?-ll _1^nij-l Sn+j-l^n+j-2 ' " " °"na bY L e m - 6.31(Üi)

<Tj +^~2sn + j_i(T^._22 cr°a by Lem. 6.31(v)

ö-^2~2°"n+j-22 CTSsn+j-ia by Lem. 6.31(iii)

«« < t2<+)-2 • • <a by (Cs7)

«« a by (IH).


So,, the association in (6.24) defines an isomorphism between pCRL(.4, D) and I(.4,, D) that extends (6.25), and hence by Proposition 6.29:

Corollar yy 6.39 The algebra pCRL(.A, D) is a locally finite basic process module overr B, and the set {[a(xo,..., xn- i ) ] I a £ A of arity n} is a dimension-restricted freee set of generators for pCRL(*4, D).

Wee have characterised the algebra pCRL(.A, D) up to isomorphism, roughly, by provingg that the axioms of basic process modules constitute an axiomatisation of thee ground equational theory of pCRL(*4, D) (expanded with parametrised action symbolss as constant symbols). An interesting question is whether there are still somee identities of pCRL(^4, D) (equations between terms built from variables and thee operations of basic process modules over B that are valid in pCRL(.4, D)) that aree specific to pCRL(.4, D) in comparison with other locally finite basic process moduless over B. We conjecture that this is not the case:

Conjecturee 6.40 If t and u are B-BPM^- terms in variables from some countably infinitee set, then t « u is an identity of pCRL(.A, D) if, and only if, t « u identically holdss in every locally finite basic process module over B.


Forr the material of this chapter we have drawn inspiration from a branch of math-ematicss called "Algebraic Logic". Excellent introductions to the subject are by Halmoss (1956b), and Halmos and Givant (1998); they concentrate on algebraising (monadic)) first-order predicate logic. For a general theory about associating an


algebraicc semantics to a (not necessarily classical) logic we refer to a monograph byy Blok and Pigozzi (1989). In establishing the correspondence between our for-mall system and basic process modules, we have borrowed techniques from the twoo principal algebraic versions of first-order predicate logic: cylindric algebras (Henkinn et a/., 1971, 1985) and polyadic algebras (Halmos, 1956a).

Thee idea that a pCRL expression describes a function from the Cartesian power Dww into an arbitrary generalised basic process algebra P resembles Halmos' point of vieww that a propositional function is a function from some Cartesian power into an arbitraryy Boolean algebra (of propositions). The set of all such functions is again aa Boolean algebra, with respect to pointwise operations, on which in addition onee may define existential quantifiers (based on the infinite joins of the Boolean algebraa of propositions) and substitution operations. A Boolean subalgebra of propositionall functions that is moreover closed under existential quantifiers and unaryy substitution operations is an example of a polyadic algebra.

Ourr transition from the deductive system 11( 4, D) |q to the deductive system associatedd with B-BPM^-terms over A parallels a series of three articles in a 1965 issuee of the Archiv für Mathematische Logik und Grundlagenforschung by Tarski (1965),, by Kalish and Montague (1965), and by Monk (1965).

Tarskii considers a system of first-order predicate logic with equality but without operationn symbols and individual constants. He observes that ip[x :— y], the result off substituting a variable y for the free occurrences of a variable x in the first-order formulaa <p, is equivalent to (Va;)(eq(x,y) —» (f) (cf. our Corollary 6.11). He then usess this observation to simplify his system, eliminating the notion of a variable occurringg free in a given formula and replacing the general notion of substitution byy 'replacement of one variable for another in an atomic formula'. Kalish and Montaguee extend Tarski's result to a system of first-order predicate logic with operationn symbols and individual constants. Taking their articles together, one obtainss a simplification of first-order predicate logic with equality comparable to thee simplification that was achieved by means of our transition from pCRL to flat pCRL. .

Monkk subsequently proves that, without loss of expressivity or demonstrative power,, it is possible to work exclusively with formulas in which every non-logical predicatee is followed by some fixed sequence of variables. Then, atomic formulas mayy be thought of as constants, and this ultimately leads to dimension-restricted freee cylindric algebras (see Henkin et ah, 1971, 1985). Compare this to our function ££ that explains how a flat pCRL expression may be translated to a B-BPM^-term overr A. The idea behind the translation is to interpret an element a 6 A of arityy n as a constant that denotes the action expresion a(#o,. .. , : rn_i), where XQ,XQ, . . ., xn-i is the (fixed) nth initial segment of variables.

Ann advantage of the theory of basic process modules is that, as opposed to pCRL, itt does not involve binders. It is well-known that binders introduce a consider-ablee amount of complexity into a syntax. They ensue the need for a distinction betweenn free and bound occurrences of a variable, and for a more complicated notionn of substitution (see Chapter 3). The A-calculus (Barendregt, 1984) gives a systematicc treatment of such things and is often incorporated in a formal language too organise the variable binding aspects. Alternatively, when there is a desire to

6.33 Dimension-restricted free basic process modules 141

stayy within the realm of purely equational logic, Combinatory Logic (Curry, 1930) mayy be incorporated for this purpose. In the context of process algebra, this ap-proachh is taken by Bergstra et al. (1994). They define an extension of ACP with unaryy operations ^2 on processes that are similar to our choice quantifiers, except thatt they have no binding effect themselves. In their setting, a binding effect is simulatedd by means of the incorporated (typed) Combinatory Logic.

7 7

Concludingg remarks

Wee have investigated how the choice quantifiers of yuCRL fit in with process algebra inn the style of Bergstra and Klop (1984). Our starting point was their theory BPA off basic process algebras with deadlock.

Inn Chapter 2 we have introduced the theory GBPA , extending BPA<s with an abstractt algebraic definition of generalised summation, a partial operation from setss of processes to processes satisfying a few requirements. These requirements, formulatedd as axioms in the form of equations, are to ensure that generalised summationn indeed generalises alternative composition, and that sequential com-positionn distributes from the right over it. We have proved that our abstract algebraicc definition of generalised summation coincides with the natural general-isationn of binary alternative composition in algebras of transition trees, and we concludee from this that our axioms are rightly chosen.

Inn Chapter 3 we have employed the theory GBPAj to formalise our intuition thatt choice quantification is a syntactic abbreviation mechanism, used to denote sumss of large (possibly infinite) sets of processes. The precise formalisation of the correspondencee between choice quantification and generalised summation turned outt to be a complex task. One source of discomfort was that we had to fix a data domainn D to be able to say precisely which sum is denoted by a choice quantifier. Ass a consequence, the whole subsequent theory about pCRL is parametrised by thiss data domain. However, it hardly plays a meaningful role in our general theory aboutt pCRL.

Recalll that we have advertised to separate the specification of relevant data from thee specification of a process. Our results in Chapter 4 may be so interpreted that inn pCRL this separation is not achieved completely. Although a first-order assertion aboutt the data can always be expressed as an equation of pCRL expressions, it is nott necessarily expressible as an equation of data expressions. One might call this ann anomaly in the design of pCRL, and at least from a theoretical point of view, it is anotherr source of discomfort. For instance, a relatively complete axiomatisation of thee equational theory of pCRL can only be obtained under additional assumptions withh respect to the expressiveness of the data language (cf. Chapter 5).

Inn Chapter 6, we have used the results of the earlier chapters to improve the presentationn of the theory of choice quantification. Recall that a data algebra consistss of two parts: a Boolean algebra of conditions and a data part to serve ass domain for the choice quantifiers. In the theory of basic process modules, the Booleann part is still present, in the form of the imported cylindric algebra. The

143 3

144 4 Chapterr 7 Concluding remarks

dataa domain has been eliminated altogether from the general theory. By taking a cylindricc algebra (i.e., a Boolean algebra with existential quantifiers and equality) off conditions, we have achieved a complete separation of pure data aspects (in the cylindricc algebra) from pure process aspects (in the cj-dimensional basic process algebra). .

AA further advantage of the theory of basic process modules is that it defines a varietyy of algebras in the universal algebraic sense, i.e., consisting of a universe andd an indexed set of finitary operations on this universe. Using the theory of universall algebra, our definition yields at the same time, and in a manner that is completelyy standard, a semantic class of algebras and a formal system to reason aboutt the elements of these algebras. Whereas the introduction of the language pCRL,, its semantics and its deductive system is lengthy and complex, the theory off basic process modules provides an elegant shortcut in the form of an abstract algebraicc theory of parametrised processes.

Bibliography y

Aceto,, L., Fokkink, W. J., and Verhoef, C. (2001). Structural operational seman-tics.. In Bergstra et al. (2001), chapter 3, pages 197-292.

Baeten,, J. C. M. and Bergstra, J. A. (1991). Real time process algebra. Formal AspectsAspects of Computing, 3(2), 142-188.

Baeten,, J. C. M. and Bergstra, J. A. (1994). On sequential composition, action prefixess and process prefix. Formal Aspects of Computing, 6(3), 250-268.

Baeten,, J. C. M. and Weijland, W. P. (1990). Process Algebra. Number 18 inn Cambridge Tracts in Theoretical Computer Science. Cambridge University Press. .

Barendregt,, H. P. (1984). The Lambda Calculus — its syntax and semantics, volumee 103 of Studies in Logic and The Foundations of Mathematics. North-Holland,, Amsterdam New-York Oxford, revised edition.

Bergstra,, J. A. and Klop, J. W. (1984). Process algebra for synchronous commu-nication.. Information and Control, 60(1-3), 109-137.

Bergstra,, J. A. and Klop, J. W. (1985). Algebra of communicating processes with abstraction.. Theoretical Computer Science, 37(1), 77-121.

Bergstra,, J. A., Heering, J., and Klint , P., editors (1989). Algebraic specification. Frontierr Series. ACM Press, New York.

Bergstra,, J. A., Bethke, I., and Ponse, A. (1994). Process algebra with iteration andd nesting. The Computer Journal, 37(4), 243-258.

Bergstra,, J. A., Ponse, A., and Smolka, S. A., editors (2001). Handbook of Process Algebra.Algebra. North-Holland.

Blok,, W. J. and Pigozzi, D. (1989). Algebraizable logics. Memoirs of the American MathematicalMathematical Society, 77(396).

Blom,, S-, Fokkink, W., Groote, J. F., van Langevelde, I., Lisser, B., and van de Pol, J.. (2001). /iCRL: a toolset for analysing algebraic specifications. In G. Berry, H.. Comon, and A. Finkel, editors, Proceedings of the 13th International Conferenceference on Computer Aided Verification (CAV 2001), volume 2102 of Lecture NotesNotes in Computer Science, pages 250-254. Springer.

145 5

146 6 Bibliography y

Bolognesi,, T. and Brinksma. E. (1987). An introduction to the ISO specification languagee LOTOS. Computer Networks and ISDN System, 14(1), 25-59.

Bradfield.. J. and Stirling, C. (2001). Modal logics and mu-calculi: An introduction. Inn Bergstra et al. (2001). chapter 4, pages 293 330.

Brookes,, S. D.. Hoare, C. A. R.. and Roscoe, A. W. (1984). A theory of commu-nicatingg sequential processes. Journal of the ACM, 31, 560 599.

Burris,, S. and Sankappanavar. H. P. (1981). A Course in Universal Algebra. Num-berr 78 in Graduate Texts in Mathematics. Springer-Verlag, New York Heidelberg Berlin. .

Chang,, C. C. and Keisler, H. J. (1990). Model Theory, volume 73 of Studies in logiclogic and the foundations of mathematics. North-Holland. Amsterdam - New Yorkk - Oxford - Tokyo, 3rd edition.

Curry,, H. B. (1930). Grundlagen der kombinatorischen Logik. American Journal ofof Mathematics, 52, 509-536, 789-834.

Davis,, M. (1982). Computability and Unsolvability. Dover Publications, Inc.

Fokkink,, W. and Klusener, S. (1995). An effective axiomatization for real time ACP.. Information and Computation, 122(2), 286-299.

Fokkink.. W. J. (2000). Introduction to Process Algebra. Texts in Theoretical Computerr Science. Springer.

Fokkink,, W. J. and Luttik, S. P. (2000). An ^-complete equational specification of interleaving.. In U. Montanari, J. D. Rolim, and E. Welzl, editors, Proceedings of thethe 21th Colloquium on Automata, Languages and Programming (ICALP 2000), volumee 1853 of LNCS, pages 729-743, Geneva, Switzerland. Springer.

Vann Glabbeek, R. J. and Weijland. W. P. (1996). Branching time and abstraction inn bisimulation semantics. Journal of the ACM, 43(3), 555 600.

Goguen,, J. A. and Meseguer, J. (1985). Completeness of many-sorted equational logic.. Houston Journal of Mathematics, 11(3), 307-334.

Groote,, J. F. and Luttik, S. P. (1998a). Undecidability and completeness results for processs algebras with alternative quantification over data. Report SEN-R9806, CWI.. The Netherlands. Available from ht tp: / /www.cwi .n l /.

Groote,, J. F. and Luttik, S. P. (1998b). A complete axiomatisation of branching bisimulationn for process algebras with alternative quantification over data. Re-portt SEN-R9830, CWI, The Netherlands. Available from http://www . cwi .n l / .

Groote,, J. F. and Ponse, A. (1994). Proof theory for /^CRL: A language for processess with data. In D. J. Andrews, J. F. Groote, and C. A. Middelburg, editors.. Proceedings of the International Workshop on Semantics of Specification Languages,Languages, Workshops in Computing, pages 232 251, Utrecht, The Netherlands. Springer-Verlag. .

http://www.cwi.nl/

http://www

Bibliography y 147 7

Groote,, J. F. and Ponse, A. (1995). The syntax and semantics of / JCRL. In A.. Ponse, C. Verhoef, and S. F. M. van Vlijmen, editors, Algebra of Communicatingcating Processes, Workshops in Computing, pages 26-62, Utrecht, The Nether-lands.. Springer-Ver lag.

Groote,, J. F. and Reniers, M. A. (2001). Algebraic process verification. In Bergstra etet al. (2001), chapter 17, pages 1151-1208.

Groote,, J. F., Reniers, M. A., Van Wamel, J. J., and Van der Zwaag, M. B. (2000).. Completeness of timed /iCRL. Report SEN-R0034, CWI. Available fromm h t t p: //www. cwi. n l / .

Groote,, J. F., Ponse, A., and Usenko, Y. S. (2001). Linearization in parallel pCRL. JournalJournal of Logic and Algebraic Programming, 48, 39 70.

Halmos,, P. and Givant, S. (1998). Logic as Algebra. Number 21 in Dolciani Mathematicall Expositions. Mathematical Association of America, Washington, DC. .

Halmos,, P. R. (1956a). Algebraic logic, II . Homogeneous locally finite polyadic Booleann algebras of infinite degree. Fundamenta Mathematicae, 43, 255 325.

Halmos,, P. R. (1956b). The basic concepts of algebraic logic. American Mathematicalmatical Monthly, 53, 363-387.

Halmos,, P. R. (1974). Naive Set Theory. Undergraduate Texts in Mathematics. Springer-Verr lag, New York, 2 edition. First edition (1960) published by D. Van Nostrandd Co., Princeton, N.J.-Toronto-London-New York.

Henkin,, L., Monk, J. D., and Tarski, A. (1971). Cylindric Algebras - Part I, volumee 64 of Studies in Logic and the Foundations of Mathematics. North-Hollandd Publishing Company.

Henkin,, L., Monk, J. D., and Tarski, A. (1985). Cylindric Algebras - Part II, volumee 115 of Studies in Logic and the Foundations of Mathematics. North-Hollandd Publishing Company.

Hennessy,, M. (1985). Acceptance trees. Journal of the ACM, 32(4), 896-928.

Hennessy,, M. (1991). A proof system for communicating processes with value-passing.. Formal Aspects of Computing, 3, 346 366.

Hennessy,, M. and Lin, H. (1995). Symbolic bisimulations. Theoretical Computer Science,Science, 138(2), 353-389.

Hennessy,, M. and Lin, H. (1996). Proof systems for message-passing process algebras.. Formal Aspects of Computing, 8(4), 379 407.

Hennessy,, M. and Lin, H. (1997). Unique fixpoint induction for message-passing processs calculi. In Proceedings of CATS'97, Australia Computer Science Com-munications,, pages 122 131. Sidney.


Hoare,, C. A. R. (1985). Communicating Sequential Processes. Series in Computer Science.. Prentice-Hall International. London.

Hollenberg,, M. (1998). Logic and Bisimulation. Ph.D. thesis, Utrecht University.

Hungerford,, T. W. (1974). Algebra, volume 73 of Graduate Texts in Mathematics. Springer. .

Kalish,, D. and Montague, R. (1965). On Tarski's formalization of predicate logic withh identity. Archiv für Mathematische Logik und Grundlagenforschung, 7. 81-101. .

Koppelberg,, S. (1989). Elementary arithmetic. In J. D. Monk and R. Bonnet, editors,, Handbook of Boolean Algebras (Vol. I), pages 5-46. North-Holland.

Loeckx.. J.. Ehrich, H.-D., and Wolf, M. (1996). Specification of abstract data types.types. John Wiley & Sons Ltd., Chichester.

Luttik ,, B. (2000). A note on unique factorisation of communicating processes. Availablee from ht tp : / /www.cwi .n l /~ lu t t i k /.

Luttik ,, B. and Rodenburg, P. (1996). Transformations of reduction systems. Re-portt P9615, Programming Research Group, University of Amsterdam.

Luttik ,, B. and Visser, E. (1997). Specification of rewriting strategies. In M. Sell-ink,, editor, Proceedings of the 2nd International Workshop on the Theory and PracticePractice of Algebraic Specifications (ASF+SDF'97), Electronic Workshops in Computing,, pages 1-16, Berlin. Springer-Ver lag.

Luttik ,, S. P. (1997). Description and formal specification of the link layer of P1394. Inn I. Lovrek, editor, Proceedings of the 2nd International Workshop on Applied FormalFormal Methods in System Design, Zagreb, Croatia.

Luttik ,, S. P. (1999a). Complete axiomatisations of weak-, delay- and eta-bisimulationn for process algebras with alternative quantification over data. Re-portt SEN-R9914. CWI. Available from ht tp: / /www.cwi.n l /.

Luttik ,, S. P. (1999b). Cylindric process algebras with conditionals give substitu-tionlesss perl. Report SEN-R9912, CWI. Available from ht tp: / /www.cwi.n l /.

Luttik ,, S. P., Rodenburg, P. H., and Verma, R. M. (1998). Correctness cri-teriaa for transformations of rewrite systems (with an application to Thatte's transformation).. Revision of (Luttik and Rodenburg, 1996); available from h t tp : / /www.cwi .n l /~ lu t t i k. .

Manes,, E. G. (1985). Guard modules. Algebra Universalis, 21, 103-110.

Mauw,, S. and Veltink, G. J. (1990). A process specification formalism. Fundamenta InformaticaeInformaticae,, XIII , 85-139.

Dijkstra,, E. W. (1976). A Discipline of Programming. Prentice-Hall Series in Automaticc Computation. Prentice-Hall.

http://www.cwi.nl/~luttik/

http://www.cwi.nl/

http://www.cwi.nl/

http://www.cwi.nl/~luttik

Bibliography y 149 9

McKenzie,, R. N., McNulty, G. F., and Taylor, W. F. (1987). Algebras, Lattices, VarietiesVarieties — Volume I. Wadsworth & Brooks/Cole, Monterey, California.

Milner,, R. (1980). A Calculus of Communicating Systems, volume 92 of Lecture NotesNotes in Computer Science. Springer.

Milner,, R. (1983). Calculi for synchrony and asynchrony. Theoretical Computer Science,Science, 28(3), 267-310.

Milner,, R. (1989). Communication and Concurrency. Prentice-Hall International, Englewoodd Cliffs.

Milner,, R. (1999). Communicating and Mobile Systems: the n-calculus. Cambridge Universityy Press.

Milner,, R., Parrow, J., and Walker, D. (1992). A calculus of mobile processes, I andd II . Information and Computation, 100, 1-77.

Monk,, D. (1965). Substitutionless predicate logic with identity. Archiv für Mathematischeematische Logik und Grundlagenforschung, 7, 102-121.

Myhill ,, J. (1955). Creative sets. Zeitschrift für mathematische Logik und Grund-lagenlagen der Mathematik, 1, 97-108.

Parrow,, J. and Sangiorgi, D. (1995). Algebraic theories for name-passing calculi. Inform,Inform, and Comput., 120(2), 174-197.

Parrow,, J. and Victor, B. (1998). The fusion calculus: Expressiveness and sym-metryy in mobile processes. In Proceedings of LICS'98, pages 176 185. IEEE Computerr Society Press.

Ponse,, A. (1991). Process expressions and Hoare's logic: Showing an irreconcil-abilityy of context-free recursion with Scott's induction rule. Information and Computation,Computation, 95, 192-217.

Ponse,, A. (1996). Computable processes and bisimulation equivalence. Formal AspectsAspects of Computing, 8(6), 648-678.

Ponse,, A. and Usenko, Y. S. (2001). Equivalence of recursive specifications in processs algebra. Information Processing Letters, 80, 59 65.

Rasiowa,, H. and Sikorski, R. (1963). The mathematics of metamathematics. Paristwowee wydawnictwo naukowe, Warszawa, Poland.

Rathke,, J. (1997). Unique fixpoint induction for value-passing processes. In Proceedingsceedings of LICS'97, 12t/l Annual Symposium on Logic in Computer Science, Warsaw,Warsaw, pages 140-148. IEEE Computer Society Press.

Rodenburg,, P. H. (2000). On adding certain constants to basic process algebra. Unpublishedd manuscript.


Rogers,, Jr., H. (1992). Theory of Recursive Functions and Effective Computability. Thee MIT Press. Paperback edition. Original edition published by McGraw-Hill Bookk Company, 1967.

Shankland,, C. and Van der Zwaag, M. B. (1998). The tree identify protocol of IEEEE 1394 in ^CRL Formal Aspects of Computing. 10(5-6), 509-531.

Shoenfield,, J. R. (1967). Mathematical Logic. Addison-Wesley Publishing Com-pany. .

Stirling,, C. (2001). Modal and Temporal Properties of Processes. Graduate Texts inn Computer Science. Springer.

Tarski,, A. (1951). A decision method for elementary algebra and geometry. Uni-versityy of California Press, Berkeley and Los Angeles, Calif. 2nd ed.

Tarski,, A. (1965). A simplified formalization of predicate logic with identity. Archiv fürfür Mathematische Logik und Grundlagenforschung, 7(3-4), 61 79.

Turing,, A. M. (1936). On computable numbers, with an application to the Entscheidungsproblem.. Proceedings of the London Mathematical Society, 42. 230-265.. corrections in Ibid, vol. 43, pp. 544 546.

Vann der Zwaag, M. B. (2000). Time-stamped actions in pCRL algebras. Report SEN-R0002,, CWI. Available from ht tp: / /www.cwi .n l /.

http://www.cwi.nl/

Indexx of notations

SYMBOL L

PP + Q V-V- Q S S

EP EP a(d i ,.. ..,dn) pp <b\> q

E.rP P a?ari,.. ..,xn.p a!a?i,. ... ,ar„.p S j p p

b : ^ p p

*j p p

p < q q pp w g

PP ^ 9

T T _L L - 11 6 , - 1 <y5

bb V c, ip \/ ip bb A c, ( A -0 (3x)<£ £

eq(z,2/) ) tp-*il) tp-*il) (p(p <- ^

(Vx)<^ ^

Vm<i<mVm<i<m <Pi

m~ m~ C j b b

d^jb b <xjb b

A\X>,, 5 FV(p) )

M E A N I N G G

alternativee composition sequentiall composition deadlock k generalisedd summation actionn expression conditional l choicee quantifier inputt prefix outputt prefix projectivee summation guardedd command substitutionn operation

partiall order induced by + on a pCRLL equation pCRLL summand inclusion

true e false e complement,, negation join,, disjunction meet,, conjunction existentiall quantifier equalityy relation implication n bi-implication n universall quantifier generalisedd disjunction

BPAs BPAs

first-orderfirst-order formula <p conceived as a Boolean expression cylindrification n diagonall element substitutionn operation

sett of variables, data expressions Booleann expressions sett of variables with a free occurrence in p

PAGE E

17,, 33 17,, 33 17,, 33

19 9 33 3 33 3 33 3 47 7 47 7

108 8 112 2 126 6

18 8 38 8 38 8

31,, 54 31,, 54 31,, 52 31,, 52 31,, 54

52 2 54 4 54 4 54 4 54 4 54 4 84 4

110 0 110 0 129 9

32 2 33 3

151 1

152 2 Indexx of notations

A A V.V. Pf |at

T,TT,T0 0

$,, <&u [b].[b]. [P] dimm p

BPA, , GBPAj j GBPAÂD) ) n(A5) ) n(^,D)|q q

C-BPM . . n (AD) f , at t

T«(£) ) R R P o l ( A D) ) A c t ( A D ) ) T D M ) ) F* * B B pCRL(AD) ) pCRL(AD)f la t t

I ( A B ) )

p[xp[x := cf] p[:rr := d] V,V, V

lu lu

9977 9 0

<t>< <t>< <P <P V V f f p{x:=d§ p{x:=d§

S S

nonemptyy set of parametrised actions sett of pCRL expressions, of flat pCRL expressions sett of tree forms, of ordered tree forms sett of first-order formulas, universal first-order formulas equivalencee class containing b, p dimensionn set of p

classs of basic process algebras with deadlock classs of generalised basic process algebras with deadlock classs of pCRL-complete GBPA^'s basicc deductive system for pCRL extendedd deductive system for pCRL classs of ü>dimensional basic process modules over C deductivee system for flat pCRL

algebraa of transition trees with branching degree < K orderedd field of real numbers algebraa of pCRL polynomials associated with A and D subalgebraa of Pol(.4, D) generated by the pCRL actions algebraa of pCRL trees associated with A and D functionall basic process module over D^ cylindricc algebra of Boolean expressions basicc process module of pCRL expressions basicc process module of flat pCRL expressions initiall basic process module

substitutionn of data expression d for x in p replacementt of x by a data element d in p valuation,, its homomorphic extension interpretationn homomorphism generated by u fromm pCRL expressions to (ordered) tree forms fromm summand inclusions to first-order formulas fromm pCRL equations to first-order formulas fromm first-order formulas to pCRL equations fromm pCRL expressions to flat pCRL expressions semanticc substitution of data expression d for x in p fromm flat pCRL expressions to B-BPMw-terms over A

33 3 33,, 118

41,, 46 52,, 66

114,, 115 123 3

17 7 20 0 40 0 74 4 85 5

112 2 119 9

22 2 31 1 35 5 37 7 39 9

112 2 114 4 115 5 123 3 128 8

33 3 35 5

32,, 37 38 8

45,, 46 59 9 61 1 64 4

118 8 118 8 126 6

Indexx of subjects

ACP,, 9, 49, 100 action,, 18, 21, 23, 26 actionn expression, 41 actionn symbol, 10, 29 admissiblee set, 19, 25 algebra,, 8 algebraicc logic, 139 algebraicc specification, 36, 129 a-congruence,, 34 alternativee composition, 8, 17, 22, 24

basicc process algebra with deadlock, 17 generalised,, 20 w-dimensional,, 108 withh actions, 9

basicc process module, 112 binder,, 26 bisimulation,, 68 Boolean n

algebra,, 19, 31, 109 expression,, 32 polynomial,, 35

Booleann equation, 33 boundd variable, 33 BPAö,, 9 branchingg bisimulation, 101 branchingg degree, 21

CCS,, 7 pure,, 26, 48 value-passing,, 26, 46 49, 65, 99

choice,, see alternative composition choicee quantification, 12 choicee quantifier, 12, 33 closed: :

pCRLL expression, 33 underr generalised summation, 21

combinatoryy logic, 141

conditional,, 33 continuation,, 41 coordinate,, 107 correct: :

algorithm,, 58 substitution,, 33

CSP,, 7 cylinder,, 109 cylindricc algebra, 110

off formulas, 113 cylindrification,, 110

data,, 3 algebra,, 31 equation,, 33 expression,, 32 polynomial,, 35 variable,, 32

dataa specification, 73 complete,, 74 model,, 74 sound,, 74

deadlock,, 9, 17, 22, 24 deduction,, 76 deductivee system, 74

sound,, 76 degreee of unsolvability, 52 diagonall element, 110 dimensionn set, 123 dimension-preserving,, 124 dimension-restrictedd free, 124

equality,, 54 equationall logic, 74 explicitt instantiation, 47 extension: :

off a function, 25 off an algebra, 26

153 3

154 4 Indexx of subjects

first-orderr formula, 19, 52 open,, 53 universal,, 66

first-orderr logic, 19, 52 first-orderr theory, 52 flat,flat, 118 freee generating set, 25 freee variable, 33 functionn symbol, 31 fusionn calculus, 49

generalisation,, 19 trivial ,, Unitary, maximal, 20

generalisedd algebra, 19 congruence,, 39 free,, 25 generators,, 21 homomorphism,, 24 quotient,, 39 subalgebra,, 21

generalisedd choice, see summation generalisedd operation, 19, 22 generalisedd summation, 11 guard,, 78, 112 guardedd command, 78, 112

haltingg problem, 52

infinitaryy operation, see generalised op-eration n

infinit ee joins and meets, 19 infinit ee sum, see summation, gener-

alised d initiall algebra, 27, 40, 129 initiall segment, 125 input,, 26

delayed,, 49 restricted,, 49

inputt prefix, 46 input/output t

expressions,, 47 theory,, 66

integrationn operation, 35 interpretation n

A-,, 36 homomorphism,, 36

/c-complete,, 26 Kleene'ss T-predicate, 51

label,, 21, 24 labeledd transition system, 7, 68 A-calculus,, 34, 140 language,, 24, 32 leastt upper bound, 18 leftt distributivity, 17, 23, 25 line,, 107 lineariser.. 7 locallyy finite, 123 LOTOS,, 5

minimall algebra, 35 modall logic, 68 modell of concurrency, 7 AiCRL,, 5, 35, 49, 100

timed,, 101 /iCRLL specification, 5

neutrall element, see deadlock nondeterministicc output, 49

observationn equivalence, 7 one-onee reducibility, 52 output,, see nondeterministic output outputt prefix, 46

parallell composition, 8 parametrisedd action symbol, 29, 33 partiall order, 18 7r-calculus,, 48, 100 pCRL,, 29

action,, 36 expression,, 33 polynomial,, 35 summandd inclusion, 38 theory,, 52 tree,, 39

pCRLL equation, 38 pCRL-complete,, 37 point,, 107 polyadicc algebra, 140 prenexx form, 61 process,, 1, 17

equation,, 10

Indexx of subjects 155 5

expression,, 9 specification,, 1, 10 variable,, 10

processs algebra, 8, 27 reall time, 35

processs calculus, 7 processs theory, 7, 68 protocol l

example,, 18, 21 provablyy equivalent, 76 PSF,, 5, 49

quantification n existential,, 19 universal,, 19

quantifierr elimination, 84

reall numbers, 31 recursivelyy isomorphic, 52 relationn symbol, 32 relativee completeness, 73

satisfaction,, 52 semilattice,, 17 sequentiall composition, 8, 17, 22, sett theory, 17 simplee expression, 41

simulationn condition, 88 Skolemm expression, 97 solution,, 9 Splitt Lemma, 90 state,, 2 structurall operational semantics, 27 substitution,, 33 summandd inclusion, 18 summation n

generalised,, 19, 22, 24 projective,, 108

symbolism,, 31

transitionn tree, 21, 26 treee action, 23 treee form, 41

ordered,, 46

uniform,, 107 universall algebra, 17

valid,, 38, 71 valuation,, 32 variable,, 4 variablee convention, 34 variety,, 25

Keuzekwantificatiee in procesalgebra Samenvattingg (Dutch summary)

Inn dit proefschrift bestuderen we een fragment van de processpecificatietaal /iCRL Dezee taal is ontworpen voor de formele specificatie en verificatie van het gedrag vann complexe systemen, met name van systemen die bestaan uit een aantal parallel executerendee componenten. Een belangrijk aspect aan tCRL is dat het de moge-lijkheidd biedt om bij de specificatie van gedrag gebruik te maken van abstracte datatypen,datatypen, apart gedefinieerd middels een meer-soortige algebraïsche specificatie. Inn het eerste deel van hoofdstuk 1 bespreken we het conceptuele voordeel van deze mogelijkheid,, en introduceren we informeel de constructie uit /iCRL die de hoofdrol speeltt in de rest van dit werk: keuzekwantificatie.

Inn het tweede deel van hoofdstuk 1 komen een aantal aspecten van de proces-theoriee aan de orde. In het bijzonder brengen we de voordelen van de algebraïsche benaderingg onder de aandacht. De meeste constructies van /iCRL zijn ontleend aann de algebraïsche procestheorie ACP. Het ligt dus voor de hand om deze theorie tee gebruiken om ^CRL-specificaties van een semantiek te voorzien. We beargu-menterenn dat dit een generalisatie vereist van de notie van keuze zoals die in ACP iss bevat. Een voorkomen van de keuzekwantor uit fiCRL kan namelijk aanleiding gevenn tot een keuze tussen oneindig veel alternatieven, terwijl met de operaties van ACPP alleen keuzes tussen eindig veel alternatieven uitdrukbaar zijn. In het derde deell van hoofdstuk 1 belichten we kort de onderwerpen van de latere hoofdstukken.

InIn hoofdstuk 2 beschouwen we theorie BPA , het fragment van ACP dat gaat overr een binaire operatie + voor keuze, een binaire operatie voor sequentiële compositie,compositie, en een constante 6 die deadlock representeert. We definiëren de theorie GBPA.5,, een uitbreiding van BPA<s met gegeneraliseerde sommatie. Gegeven een universumm P van processen is dit een operatie

££ : V -* P, met V C {P' | P' C P}

diee aan elke (mogelijkerwijs oneindige) verzameling van processen in V weer een process toekent, zo dat een drietal axioma schema's geldt. Twee van deze schema's drukkenn tezamen uit dat de gegeneraliseerde som van een verzameling processen dee kleinste bovengrens is met betrekking tot de partiële ordening die de binaire operatiee 4- induceert op het universum van processen. Het derde schema zegt datt de binaire operatie - van rechts distribueert over gegeneraliseerde sommatie. Omm onze nieuwe axioma schema's te motiveren, beschouwen we algebra's van transitiebomenn waarvan bekend is dat ze worden geaxiomatiseerd door BPAÓ-. We latenn zien dat de natuurlijke uitbreidingen van deze algebra's met gegeneraliseerde

157 7

158 8 Samenvattingg (Dutch summary)

sommatiee geaxiomatiseerd worden door GBPA^. Inn de eerste helft van hoofdstuk 3 geven we een precieze definitie van pCRL, het

fragmentt van ^CRL waar het ons in de rest van dit proefschrift om gaat. Het is geparametriseerdd met een data-algebra, een verzameling met functies en relaties. Voorr de specificatie van gedrag bevat het de constructies van BPA^, en daarnaast: actiess geparametriseerd met dataexpressies, een conditional, en keuzekwantificatie. Dezee laatste constructie kwantificeert over het universum van de data-algebra. We voorzienn de taal pCRL van een semantiek door een precies verband te leggen met dee operaties van GBPA . Keuzekwantificatie wordt daarbij opgevat als een vorm vann gegeneraliseerde sommatie. Twee pCRL-expressies heten equivalent als ze in elkk geschikt model van de theorie GBPA hetzelfde proces aanduiden. Equivalente pCRL-expressiess duiden dus dezelfde transitieboom aan, maar ook het omgekeerde blijk tt het geval: als twee pCRL-expressies dezelfde transitieboom aanduiden, dan zijnzijn ze equivalent.

Inn de tweede helft van hoofdstuk 3 presenteren we een tweetal hulpresultaten die betrekkingg hebben op de syntactische structuur van pCRL-expressies. Ten eerste definiërenn we boomvorrnen. pCRL-expressies die aan bepaalde syntactische eisen voldoen.. We bewijzen dat er voor elke pCRL-expressie een equivalente boomvorm bestaat.. Ten tweede geven we een vertaling van het eindige, sequentiële fragment vann 'value-passing CCS' naar pCRL. De pCRL-expressies in het bereik van deze vertalingg noemen we 'input/output'-expressies. 'Value-passing CCS' heeft niet een apartee constructie voor keuzekwantificatie. maar is gebaseerd op het zogenaamde 'input'input prefix'-mechanisme, een combinatie van keuzekwantificatie en een beperkte vormm van sequentiële compositie. Voor elke ïnput/output'-expressie bestaat er natuurlijkk weer een equivalente boomvorm, en het blijk t dat die boomvorm nog aann een extra syntactische eis voldoet die we expliciete instantiatie noemen.

Inn hoofdstuk 4 leggen we een verband tussen de equivalentie van pCRL-expressies enerzijdss en de geldigheid van eerste-orde beweringen over de data-algebra ander-zijds.. Zo is het altijd mogelijk om. gegeven een tweetal pCRL-expressies p en q, een eerste-ordee formule met betrekking tot de data-algebra te vinden die waar is dan enn slechts dan als p en q equivalent zijn. Er geldt bovendien dat het altijd mogelijk iss om, gegeven een eerste-orde formule (p met betrekking tot de data algebra, een tweetall pCRL-expressies te vinden die equivalent zijn dan en slechts dan als if waar is.. Het blijk t dat keuze kwantificatie bij deze correspondentie verantwoordelijk is voorr de simulatie in pCRL van zowel de universele als de existentiële kwantifi-catiee uit de eerste-orde logica. Het 'input prefix'-mechanisme van Value-passing CCS'' is minder expressief dan keuzekwantificatie. We concluderen dit uit het feit datt vergelijkingen tussen 'input/output'-expressies corresponderen met universele eerste-ordee beweringen over de data. Bijgevolg kan existentiële kwantificatie in principee niet worden gesimuleerd met de constructies van 'value-passing CCS'.

Omm het rekenen met pCRL expressies te vergemakkelijken, presenteren we in de eerstee helft van hoofdstuk 5 een deductiesysteem voor pCRL. De axioma's van dit systeemm drukken fundamentele eigenschappen van de constructies van pCRL uit; ze zeggenn bijvoorbeeld dat keuzekwantificatie distribueert over alternatieve compo-sitie.. De afieidingsregels van dit systeem zijn gebaseerd op de equationele logica. Aangezienn de axioma's en de afleidingsregels geldig zijn met betrekking tot onze

Samenvatt ingg (Dutch summary) 159 9

semantiekk van pCRL-expressies, kan een afleiding van ons deductiesysteem worden gezienn als een volledig syntactisch bewijs dat twee pCRL-expressies equivalent zijn.

Vervolgenss zou men de vraag kunnen stellen of ons deductiesysteem ook volledig is,, dat wil zeggen, of ons deductiesysteem krachtig genoeg is om elke equivalentie vann een dergelijk syntactisch bewijs te voorzien. De expressiviteitsresultaten uit hoofdstukk 4 laten onmiddellijk zien dat dit niet het geval kan zijn. Al s er namelijk eenn volledig deductiesysteem voor pCRL-equivalenties zou bestaan, dan zou er ook voorr elke data-algebra een algoritme zijn dat de geldigheid van een eerste-orde be-weringg met betrekking tot deze data-algebra kan vaststellen. In het bijzonder zou err dan volgen dat de eerste-orde theorie van de natuurli jke getallen met optelling, vermenigvuldigingg en een kleiner-dan relatie beslisbaar is, en dit is in strijd met dee onvolledigheidsstelling van Gödel.

Dee volgende vraag die zich opwerpt, is voor welke deelklasse van data-algebra's onss systeem dan wel volledig is. Deze vraag komt aan de orde in de tweede helft vann hoofdstuk 5. We formuleren een drietal algemene eisen op data-algebra's, namelijk k

1.. dat ze ÜJ-volledig algebraïsch moeten zijn gespecificeerd,

2.. dat ze een gelijkheidspredicaat moeten bevatten, en

3.. dat ze eliminatie van kwantoren moeten toelaten.

Onss deductiesysteem blijk t volledig te zijn, mits de data-algebra voldoet aan deze driee eisen, en na toevoeging van nog twee extra axiomaschema's. Verder conclu-derenn we dat met een subtiele verzwaring van de derde eis de toevoeging van één vann deze twee extra axiomaschema's overbodig is.

Watt opvalt aan de in hoofdstukken 2, 3 en 5 ontwikkelde theorie, is dat er eenn duidelijk onderscheid is tussen een syntactisch gedeelte (de taal pCRL, het bijbehorendee deductiesysteem) en een semantisch gedeelte (de algebraïsche theo-riee GBPA5). Het verband tussen beide delen, en met name de interpretatie van keuzee kwantificatie als een speciaal soort gegeneraliseerde sommatie, is complex. Hieroverr kan het volgende worden opgemerkt. Enerzijds is gegeneraliseerde som-matiee een operatie is met mogelijkerwijs oneindig veel argumenten, en daardoor niett geschikt als constructie van een formele taal. Anderzijds is keuzekwantificatie weliswaarr een geschikte constructie voor een formele taal, maar ook afhankelijk vann de syntactische structuur van zijn argument, en daardoor niet geschikt als operatiee van een algebraïsche theorie.

Doorr deze scheiding van syntax en semantiek, mist de theorie de wiskundige elegantiee van haar voorganger, de algebraïsche theorie BPAj . In hoofdstuk 6 de-finiërenn we de theorie van de basis procesmodules met als doel de syntax, het deductiesysteemm en de semantiek van pCRL in één algebraïsche theorie te vere-nigen.. We geven een vertaling van pCRL-expressies naar termen in de signatuur vann de basis procesmodules. We bewijzen vervolgens dat twee pCRL-expressies equivalentt zijn dan en slechts dan als hun vertalingen equivalent zijn volgens de axioma'ss van basis procesmodules.

Di tt proefschrift eindigt, in hoofdstuk 7, met enige conclusies.

Titless in the IPA Dissertation Series

J.O.. Blanco. The State Operator in Process Algebra.Algebra. Faculty of Mathematics and Com-putingg Science, TUE. 1996-1

A.M .. Geerl ing. Transformational Developmentment of Data-Parallel Algorithms. Faculty off Mathematics and Computer Science, KUN. 1996-2 2

P.M.. Achten. Interactive Functional Programs:grams: Models, Methods, and Implementation.tion. Faculty of Mathematics and Computer Science,, KUN. 1996-3

M.G.A .. Verhoeven. Parallel Local Search. Facultyy of Mathematics and Computing Sci-ence,, TUE. 1996-4

M.H.G.K .. Kesseler. The Implementationtion of Functional Languages on Parallel Machineschines with Distrib. Memory. Faculty of Mathematicss and Computer Science, KUN. 1996-5 5

D .. Alstein. Distributed Algorithms for Hard Real-TimeReal-Time Systems. Faculty of Mathematics andd Computing Science, TUE. 1996-6

J.H .. Hoepman. Communication, Synchronization,nization, and Fault-Tolerance. Faculty of Mathematicss and Computer Science, UvA. 1996-7 7

H.. Doornbos. Reductivity Arguments and ProgramProgram Construction. Faculty of Mathemat-icss and Computing Science, TUE. 1996-8

D.. Turi . Functorial Operational Semantics andand its Denotational Dual. Faculty of Mathe-maticss and Computer Science, VUA. 1996-9

A.M.G .. Peeters. Single-Rail Handshake Circuits.Circuits. Faculty of Mathematics and Com-putingg Science, TUE. 1996-10

N . W . A .. Arends. A Systems Engineering SpecificationSpecification Formalism. Faculty of Mechani-call Engineering, TUE. 1996-11

P.. Severi de Sant iago. Normalisation in LambdaLambda Calculus and its Relation to Type Inference.ference. Faculty of Mathematics and Comput-ingg Science, TUE. 1996-12

D.R.. Dams. Abstract Interpretation and PartitionPartition Refinement for Model Checking. Facultyy of Mathematics and Computing Sci-ence,, TUE. 1996-13

M.M .. Bonsangue. Topological Dualities in Semantics.Semantics. Faculty of Mathematics and Com-puterr Science, VUA . 1996-14

B.L.E .. de Fluiter . Algorithms for Graphs ofof Small Treewidth. Faculty of Mathematics andd Computer Science, UU. 1997-01

W . T . M .. Kars . Process-algebraic Transformationsmations in Context. Faculty of Computer Sci-ence,, UT. 1997-02

P.F.. Hoogendi jk. A Generic Theory of DataData Types. Faculty of Mathematics and Computingg Science, TUE. 1997-03

T.D.L .. Laan. The Evolution of Type Theory inin Logic and Mathematics. Faculty of Mathe-maticss and Computing Science, TUE. 1997-04

C.J.. Bloo. Preservation of Termination for ExplicitExplicit Substitution. Faculty of Mathematics andd Computing Science, TUE. 1997-05

J.J.. Vereijken. Discrete-Time Process Algebra.bra. Faculty of Mathematics and Computing Science,, TUE. 1997-06

F.A .M ,, van den Beuken. A Functional ApproachApproach to Syntax and Typing. Faculty of Mathematicss and Informatics, KUN. 1997-07

A . W .. Heerink . Ins and Outs in Refusal Testing.Testing. Faculty of Computer Science, UT. 1998-01 1

G.. Naumoski and W . Alber ts . A Discrete-EventDiscrete-Event Simulator for Systems Engineering.neering. Faculty of Mechanical Engineering, TUE.. 1998-02

J.. Verriet . Scheduling with Communicationtion for Multiprocessor Computation. Faculty off Mathematics and Computer Science, UU. 1998-03 3

J.S.H.. van Gage ldonk. An Asynchronous Low-PowerLow-Power 80C51 Microcontroller. Faculty of Mathematicss and Computing Science, TUE. 1998-04 4

A.A .. Basten. In Terms of Nets: System DesignDesign with Petri Nets and Process Algebra. Facultyy of Mathematics and Computing Sci-ence,, TUE. 1998-05

E.. Voermans. Inductive Datatypes with LawsLaws and Subtyping - A Relational Model. Facultyy of Mathematics and Computing Sci-ence,, TUE. 1999-01

H .. ter Doest. Towards Probabilistic Unification-basedUnification-based Parsing. Faculty of Com-puterr Science, UT. 1999-02

J.P.L.. Segers. Algorithms for the Simulationtion of Surface Processes. Faculty of Mathe-maticss and Computing Science. TUE. 1999-03

C.H .M ,, van Kemenade. Recombmative EvolutionaryEvolutionary Search. Faculty of Mathematics andd Natural Sciences. Univ. Leiden. 1999-04

E.I .. Barakova. Learning Reliability: a Study onon Indecisiveness in Sample Selection. Fac-ultyy of Mathematics and Natural Sciences, RUG.. 1999-05

M.P .. Bodlaender. Schedulere Optimizationtion in Real-Time Distributed Databases. Fac-ultyy of Mathematics and Computing Science. TUE.. 1999-06

M.A .. Reniers. Message Sequence Chart: SyntaxSyntax and Semantics. Faculty of Mathemat-icss and Computing Science, TUE. 1999-07

J.P.. Warners. Nonlinear approaches to satisfiabilityisfiability problems. Faculty of Mathematics andd Computing Science, TUE. 1999-08

J . M . T .. Romi jn . Analysing Industrial Protocolstocols with Formal Methods. Faculty of Com-puterr Science, UT. 1999-09

P.R.. D 'Argenio . Algebras and Automata forfor Timed and Stochastic Systems. Faculty off Computer Science, UT. 1999-10

G.. Fabian. A Language and Simulator for HybridHybrid Systems. Faculty of Mechanical Engi-neering,, TUE. 1999-11

J.. Zwanenburg. Object-Oriented Concepts andand Proof Rules. Faculty of Mathematics and Computingg Science, TUE. 1999-12

R.S.. Venema. Aspects of an Integrated Neuralral Prediction System. Faculty of Mathemat-icss and Natural Sciences, RUG. 1999-13

J.. Saraiva. A Purely Functional Implementationmentation of Attribute Grammars. Faculty off Mathematics and Computer Science, UU. 1999-14 4

R.. Schiefer. Viper, A Visualisation Tool forfor Parallel Progam Construction. Faculty of Mathematicss and Computing Science, TUE. 1999-15 5

K . M . M ,, de Leeuw. Cryptology and Statecraftcraft in the Dutch Republic. Faculty of Math-ematicss and Computer Science, UvA. 2000-01

T.E.J .. Vos. UNITY in Diversity. A stratifiedfied approach to the verification of distributed algorithms.algorithms. Faculty of Mathematics and Com-puterr Science, UU. 2000-02

W .. Mal lon . Theories and Tools for the DesignDesign of Delay-Insensitive Communicating Processes.Processes. Faculty of Mathematics and Natu-rall Sciences, RUG. 2000-03

W . O . D .. Griffioen . Studies in Computer AidedAided Verification of Protocols. Faculty of Science,, KUN. 2000-04

P.H.F.M .. Verhoeven. The Design of the MathSpadMathSpad Editor. Faculty of Mathematics andd Computing Science. TUE. 2000-05

J.. Fey. Design of a Fruit Juice Blending and PackagingPackaging Plant. Faculty of Mechanical En-gineering,, TUE. 2000-06

M .. Franssen. Cocktail: A Tool for Derivinging Correct Programs. Faculty of Mathemat-icss and Computing Science, TUE. 2000-07

P.A.. Olivier . A Framework for Debugging HeterogeneousHeterogeneous Applications. Faculty of Natu-rall Sciences, Mathematics and Computer Sci-ence,, UvA. 2000-08

E.. Saaman. Another Formal Specification Language.Language. Faculty of Mathematics and Natu-rall Sciences, RUG. 2000-10

M .. Jelasity. The Shape of Evolutionary SearchSearch Discovering and Representing Search SpaceSpace Structure. Faculty of Mathematics and Naturall Sciences, UL. 2001-01

R.. Ahn . Agents, Objects and Events a computationalputational approach to knowledge, observation andand communication. Faculty of Mathematics andd Computing Science, TU/e. 2001-02

M .. Huisman. Reasoning about Java programsgrams in higher order logic using PVS and Isabelle.Isabelle. Faculty of Science, KUN. 2001-03

I .M.M.J .. Reymen. Improving Design Processescesses through Structured Reflection. Fac-ultyy of Mathematics and Computing Science, TU/e.. 2001-04

S.C.C.. B lom. Term Graph Rewriting: syntaxtax and semantics. Faculty of Sciences, Di-visionn of Mathematics and Computer Science, VUA .. 2001-05

R.. van Liere. Studies in Interactive Visualization.ization. Faculty of Natural Sciences, Mathe-maticss and Computer Science, UvA. 2001-06

A.G .. Engels. Languages for Analysis and TestingTesting of Event Sequences. Faculty of Math-ematicss and Computing Science, TU/e. 2001-07 7

J.. Hage. Structural Aspects of Switching Classes.Classes. Faculty of Mathematics and Natu-rall Sciences, UL. 2001-08

M.H .. Lamers. Neural Networks for Analysisysis of Data in Environmental Epidemiology: AA Case-study into Acute Effects of Air Pollutionlution Episodes. Faculty of Mathematics and Naturall Sciences, UL. 2001-09

T.C .. Ruys. Towards Effective Model Checking.ing. Faculty of Computer Science, UT. 2001-10 0

D.. Chkl iaev. Mechanical verification of concurrencycurrency control and recovery protocols. Fac-ultyy of Mathematics and Computing Science, TU/e.. 2001-11

M . D .. Oostdijk . Generation and presentationtion of formal mathematical documents. Fac-ultyy of Mathematics and Computing Science, TU/e.. 2001-12

A.T .. Hofkamp. Reactive machine control: AA simulation approach using \. Faculty of Mechanicall Engineering, TU/e. 2001-13

D.. Bosriacki. Enhancing state space reductiontion techniques for model checking. Faculty of Mathematicss and Computing Science, TU/e. 2001-14 4

M . C .. van Wezel. Neural Networks for Intelligenttelligent Data Analysis: theoretical and experimentalimental aspects.. Faculty of Mathematics and Naturall Sciences, UL. 2002-01

V .. Bos and J .J .T. Kleijn . Formal Specificationification and Analysis of Industrial Systems. Facultyy of Mathematics and Computer Sci-encee and Faculty of Mechanical Engineering, TU/e.. 2002-02

T .. Kuipers . Techniques for Understanding LegacyLegacy Software Systems. Faculty of Natural Sciences,, Mathematics and Computer Science, UvA.. 2002-03

S.P.. Lutt ik . Choice Quantification in Processcess Algebra. Faculty of Natural Sciences, Mathematicss and Computer Science, UvA. 2002-04 4

ISBNN 90-90156-24-0

Documents

Thesis - Research Explorer - Universiteit van Amsterdam