P jQ jR - Semantic Scholar

Download PDF
Comment
Report 5 Downloads 196 Views
The Tau-Laws of Fusion

Joachim Parrow  Bjorn Victor y DRAFT of March 18, 1998, 15:59 Abstract

We present complete axiomatizations of weak hypercongruence in the nite fragment of the fusion calculus, an extension and simpli cation of the  -calculus. We treat both the full fusion calculus and the subcalculus without mismatch operators. The axiomatizations are obtained from the laws for hyperequivalence and adding so called tau-laws. These are similar to the well known tau-laws for CCS and the  -calculus, but there is an interesting di erence which highlights an aspect of the higher expressive power of the fusion calculus.

1 Introduction The fusion calculus [PV97] is an extension of the -calculus [MPW92], allowing actions with a special kind of side e ect. The idea is that these so called fusion actions make names identical, and that this fact can be tested by all agents within the scope of the names. Its theory of strong bisimulations (i.e., bisimulations that make no special provisions for an internal action to be \unobservable") has been completely axiomatized in [PV97]. In this paper we shall provide the extra axioms for weak bisimulation, and prove completeness for a few di erent varieties. As we have demonstrated in our previous papers the fusion calculus gains not only in expressiveness but also in simplicity over . There is only one scoping operator, and there is a complete duality between input and output actions, neither of which needs to bind names. A typical example is fy=zg P j Q j R xy : P j xz : Q j R ???!

Here the action pre x xy can be though of as \receive y along x" and xz as \send z along x"; their interaction results in a fusion fy = zg a ecting all agents in the scope of y and z. In particular, if R is within this scope it can use a match construct [y = z] to test if y and z are equal. For example, 1 (y )((P j Q j [y = z ]R)fy=z g) (y)(z)(xy : P j xz : Q j [y = z]R) ?!  y

Dept. of Teleinformatics, Royal Institute of Technology, Sweden. Email: [email protected]. Dept. of Computer Systems, Uppsala University, Sweden. Email: [email protected].

1

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

In the agent to the left R cannot execute since y and z are not the same. The interaction results in the internal action 1, and in that y and z are fused (formally, that means they are substituted by the same name). Assume that y and z are only used in the match [y = z], then the agent to the right can be written P j Q j [y = y]R, and [y = y]R has exactly the actions of R. Thus the fusion a ects the rightmost parallel component [y = z]R even though it does not take part in the interaction. In our previous paper [PV97] we have explored the algebraic theory of bisimulation congruence. A bisimulation here is a binary relation on agents such that if two agents are related and one has an action, then the other has the same action so that the derivatives are again related. The example above makes clear that for an equivalence to be a congruence it must be closed under substitution of names (since an environment of an agent can accomplish a substitution without the agent taking part). Although this is true also for the standard equivalences in the -calculus the e ect is more dramatic in the fusion calculus, where it turns out that this substitution closure is required after every transition. In other words, the bisimulation congruence (called hyperequivalence) comes out as the largest bisimulation which is closed under arbitrary substitutions. The e ect on the algebraic theory is perhaps most clearly demonstrated through an example. Consider the law [x 6= y] : P = [x 6= y] : [x 6= y]P () This law holds in the -calculus equivalences: If x 6= y then these names will continue to be distinct within the agent, so inserting an extra test for inequality is harmless. In the fusion calculus this law is invalid since the agent may be a component in a parallel composition where another agent may fuse x and y; so even if x 6= y holds initially it may not hold after . In this paper we shall study the theory of weak bisimulation equivalence. The main idea is that the internal action 1 needs not be simulated. This can be expressed formally in di erent ways, leading to di erent weak equivalences. To nd the most appropriate one we use the barbed equivalence in [VP98]. This means that we de ne an observation predicate (corresponding to the ability to observe the ports where communications occur) 1 ). In CCS the resulting and a reduction relation (corresponding to internal transitions ?! congruence becomes observation congruence, and in the -calculus it becomes weak early congruence. In the fusion calculus with guarded summation it becomes weak hyperequivalence, , which can be given a pleasant bisimulation-like de nition, without quantifying over contexts. One characteristic of it is that fusion actions cannot be \observed" as such, although their e ects on other agents may be observable. However, the e ect of two fusions fx = yg and fu = vg in sequence is exactly the same as the e ect of one polyadic fusion fx = y; u = vg. Therefore it will hold that fx = yg : fu = vg : P  fx = yg : fu = vg : P + fx = y; u = vg : P () since the e ect of the extra summand in the right hand side is simulated by the left hand side performing two fusions in sequence. 2

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

Algebraic laws for observation equivalence were rst presented in [Mil80], and the rst completeness proof for weak bisimulation equivalence is by Hennessy and Milner [HM85]. For the -calculus weak early and late bisimulation has been axiomatized by Lin [Lin95a]. Axiomatizations are usually formulated in a set of so called tau-laws,  being the name of the unobservable action in CCS. We will in this paper keep the by now well established epithet \tau-law" even though the unobservable action in the fusion calculus is denoted 1. Milner's original tau-laws can thus be written T1 :1:P = :P T2 P + 1:P = 1:P T3 : (P + 1 : Q) = : (P + 1 : Q) + : Q The main result in this paper is to give a complete axiomatization of weak hypercongruence in the fusion calculus. It might be expected that adding the three laws T1-T3 to an axiomatization of hyperequivalence would be enough, just as in CCS and in the -calculus. However this turns out not to be the case, for two independent reasons. The rst reason has to do with the mismatch operator [x 6= y]P . In the fusion calculus we have fewer laws for it since () above does not hold. So it turns out that we actually need a stronger version of T3, involving an arbitrary sequence M~ of mismatches ~ :Q T3a : (P + M~ 1 : Q) = : (P + M~ 1 : Q) + M In the -calculus all instances of T3a are derivable from the other axioms including T3; this is not the case in the fusion calculus. The second reason is that weak hyperequivalence allows a fusion to be simulated by several smaller fusions with the same combined e ect, as in () above. None of T1-T3 caters for this. So we need an additional law. As in T3a it needs a sequence of mismatches. T3b ' : (P + M~ : Q) = ' : (P + M~ : Q) + M~ (' ^ ) : Q Here ' and are fusion actions, ' ^ is a fusion with the same e ect as ' and combined, and a side condition says that if M~ ) x 6= y then x and y may not be fused by ' (otherwise the law would be unsound). The rest of the paper is organized as follows. In Section 2 we recapitulate the syntax and semantics of the fusion calculus, and in Section 3 the de nition of hyperequivalence and its algebraic theory. The paper is formally self contained but a reader is referred to our previous papers [PV97, VP98] for explanations and motivations. In Section 4 we recall the de nition of weak hyperbisimulation, and there the original contribution of the present paper starts. We de ne weak hypercongruence and prove it is the largest congruence in weak hyperequivalence (this is analogous to observation congruence being the largest congruence in observation equivalence). We then show that T1, T2, T3a and T3b yield a complete axiomatization. In Section 5 we consider the subcalculus without mismatch and show that simpler versions of T3a and T3b, without the mismatch sequences, suce for completeness. Finally in Section 6 we characterize the equivalence obtained by omitting T3b. Although this it turns out to be ner than the weak barbed congruence it may hold interest since its algebraic theory is closer to the weak equivalences in the -calculus. 3

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

2 Syntax and Semantics

We assume an in nite set N of names ranged over by u; v; : : : ; z. We write x~ for a (possibly empty) nite sequence x    xn of names. ' ranges over total equivalence relations over N (i.e. equivalence relations with dom(') = N ) with only nitely many non-singular equivalence classes. We write fx~ = y~g to mean the smallest such equivalence relation relating each xi with yi, and write 1 for the identity relation. De nition 1 The free actions, ranged over by , and the agents, ranged over by P; Q; : : :, are de ned by ::= ux~ (Input) P ::= 0 (Inaction) ux~ (Output) :Q (Pre x) ' (Fusion) Q+R (Summation) QjR (Composition) (x)Q (Scope) [x = y]Q (Match) [x 6= y]Q (Mismatch) Input and output actions are collectively called communication actions. In these x~ are the objects of the action, and the name u is the subject. We write a to stand for either u or u, thus ax~ is the general form of a communication action. Fusion actions have neither subject nor objects. We often omit a trailing 0 and write for : 0 if no confusion can arise. The name x is said to be bound in (x)P . We write (~x)P for (x )    (xn )P . The free names in P , denoted fn(P ), are the names in P with a non-bound occurrence, here the names occurring in the fusion ' is de ned to be the names in the non-singular equivalence classes, i.e. in the relation ' ? 1. As usual we will not distinguish between alpha-variants of agents, i.e., agents di ering only in the choice of bound names. We use M; N to stand for a match or a mismatch operator, and write \match sequence" for a sequence of match and mismatch operators, ranged over by M~ , N~ , and we say that M~ implies N~ , written M~ ) N~ , if the conjunction of all matches and mismatches in M~ logically implies all elements in N~ , and P that M~ , N~ if M~ and N~ imply each other. We write i2I Pi for nite general summation, P +    + Pn . The action of a transition may be free or bound: De nition 2 The actions, ranged over by , consist of the fusion actions and of communication actions of the form (z )    (zn)ax~ (written (~z )ax~), where n  0 and all elements in z~ are also in x~. If n > 0 we say it is a bound action. In the bound actions above, z~ are the bound objects and the elements in x~ that are not in z~ are the free objects. Free actions have no bound objects. We further write n( ) to mean all names occurring in (i.e., also including the subject of communication actions and the names in non-singular equivalence classes in fusion actions). For convenience we de ne 'nz to mean ' \ (N ? fzg) [ f(z; z)g, i.e., the equivalence relation ' with all references to z removed (except for the identity). For example, fx = z; z = ygnz = fx = yg, and fx = ygny = 1. 1

1

1

1

2

4

DRAFT of March 18, 1998, 15:59

pref

? P : P ?!

sum

Parrow & Victor: The Tau-Laws of Fusion P0 ?! P + Q ? ! P 0

P

? ! P 0 [x = x]P ?! P0

com P

x P 0; Q ? u! y Q0; jx ?u! ~j = jy~j f x y g 0 P j Q ???! P j Q0

pass P

?! P 0 ; z 62 n( ) (z)P ?! (z)P 0

~

P ? ! P 0 P j Q ? ! P 0 j Q

0 mismatch P ?! P ; x 6= y0 [x 6= y]P ?! P

match

P

par

scope P

~

~=~

open P

' ?! P 0 ; z ' x; z 6= x z P 0 fx=z g (z)P ?'?n!

y ax ??? ! P 0; z 2 x~ ? y~; a 62 fz; zg zy a x (z)P ???? ! P0 (~) ~

( ~) ~

Table 1: The Fusion Calculus: Laws of action. We now de ne a structural congruence which equates all agents we will never want to distinguish for any semantic reason, and then use this when giving the transitional semantics. De nition 3 The structural congruence, , between agents is the least congruence satisfying the abelian monoid laws for Summation and Composition (associativity, commutativity and 0 as identity), and the scoping laws (x)0  0; (x)(y)P  (y)(x)P; (x)(P +Q)  (x)P +(x)Q (x)MP  M (x)P; if x 62 n(M ) and also the scope extension law P j (z )Q  (z )(P j Q) where z 62 fn(P ).

De nition 4 The family of transitions P ?! Q is the least family satisfying the laws in Table 1. In this de nition structurally equivalent agents are considered the same, i.e., if

Q then also P 0 ?!

Q0 . P  P 0 and Q  Q0 and P ?!

3 Hyperequivalence This section recalls pertinent de nitions and results from [PV97]. De nition 5 A substitution  agrees with the fusion ' if 8x; y : x ' y , (x) = (y). A substitutive e ect of a fusion ' is a substitution  agreeing with ' such that 8x; y : (x) = y ) x ' y (i.e.,  sends all members of the equivalence class to one representative of the class). The only substitutive e ect of a communication action is the identity substitution. De nition 6 A bisimulation is a binary symmetric relation S between agents such that P S Q implies:

P 0 with bn( ) \ fn(Q) = ; then If P ?!

Q0 and P 0 S Q0 for some substitutive e ect  of . Q ?!

5

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

Summation S1 P +0 =P S2 P +Q=Q+P S3 P + (Q + R) = (P + Q) + R Scope R0 (x)0 = 0 R1 (x)(y)P = (y)(x)P R2 (x)(P + Q) = (x)P + (x)Q Match and Scope RM1 (x)[y = z]P = [y = z](x)P if x 6= y; x 6= z Table 2: Axioms from structural congruence. A hyperbisimulation is a substitution closed bisimulation, i.e., a bisimulation S with the property that P S Q implies P  S Q for any substitution . Two agents P and Q are hyperequivalent, written P  Q, if they are related by a hyperbisimulation. For the axiomatization of hyperequivalence we subsume the fact that the equivalence is a congruence. We also use some of the laws for structural congruence (see Table 2). The axioms are given in Table 3, and in Table 4 we present some derived rules (whose names start with D). De nition 7 A substitution  agrees with a match sequence M~ , and M~ agrees with , if for all x; y which appear in M~ it holds that (x) = (y) i M~ ) [x = y]. De nition 8 The depth of an agent P , d(P ), is de ned inductively as follows: d(0) = 0, d( : P ) = 1 + d(P ), d((~x)P ) = d(MP ) = d(P ), d(P j Q) = d(P ) + d(Q), d(P + Q) = max(d(P ); d(Q)). De nition 9 A match sequence M~ is complete on a set of names V if for some equivalence relation R on V , called the equivalence relation corresponding to M~ , it holds that M~ ) [x = y] i x R y; and M~ ) [x 6= y] i :(x R y) Lemma 1 [PS95] Let V be a set of names and let M~ be complete on V . 1. If N~ is another match sequence with names in V , then either M~ N~ is unsatis able or M~ N~ , M~ . 2. If N~ is another match sequence complete on V such that M~ and N~ both agree with the same substitution , then M~ , N~ .

De nition 10 An agent P is in head normal form (HNF) on V (a nite set of names) if P is on the form

X M~ (~x ) : P i2I

i

i

i

i

where for all i, x~i \ V = ;, x~i  obj( i) and M~ i is complete on V .

6

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

Summation S4 P +P = P Match ~ = NP ~ M1 MP if M~ , N~ M2 [x = y]P = [x = y](P fx=yg) M3 MP + MQ = M (P + Q) M4 [x = 6 x]P = 0 M5 P = [x = y ]P + [x = 6 y]P Scope R3 (x) : P = : (x)P if x 62 n( ) R4 (x) : P = 0 if x is the subject of Match and Scope RM2 (x)[x = y]P = 0 if x = 6 y Fusion F1 ' : P = ' : [x = y ]P if x ' y F2 (z)' : P = 'nz : P if z 62 fn(P ) Expansion E for P  iMi (~xi)P i :Pi , Q  j Nj (~yj ) j :Q j, P P jQ = Mi (~xi ) i : (Pi j Q) + Nj (~yj ) j : (P j Qj ) iP j Mi Nj (~xi y~j )[ui = vj ]fz~i = w~j g : (Pi j Qj ) + where iopp j means i  uiz~i and j  vj w~j . i opp j

Table 3: Axioms.

Match DM1 [x = x]P = P DM2 [x = y] : P = [x = y] : [x = y]P ~ = M~ (P ) DM3 MP DM4 M0 = 0 DM5 MP + P = P Match and Scope DRM1 (x)[y =6 z]P = [y 6= z](x)P DRM2 (x)[x =6 y]P = (x)P Fusion DF1 ' : P = ' : (P  ) DF2 (z)' : P = 'nz : (P fw=zg) Table 4: Derived rules. 7

for  agreeing with M~ if x 6= y; x 6= z if x 6= y where  agrees with ' if z'w and z 6= w

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

For the sake of brevity we will use the derived bound pre x ((~x)az~) : P to mean (~x)az~ : P when x~  z~ and a 62 x~, and let range over any (free or bound) pre x. A HNF can then ~ :P. be written as a sum of terms of type M Lemma 2 [PV97] For all agents P and nite V such that fn(P )  V , there is an agent H such that d(H )  d(P ), H is in HNF on V , and ` P = H from the axioms of tables 2 and 3. Theorem 3 [PV97] P  Q i ` P = Q from the axioms of tables 2 and 3.

4 Weak hypercongruence The de nition of weak hyperequivalence is from [VP98]. The original contribution in this paper begins with the de nition of weak hypercongruence and its axiomatization.

4.1 De nitions

De nition 11 De ne the composition of two transitions, , by P (?!  ?! )Q i there

0 0 0 exists an agent P such that P ?! P and P  ?! Q, where  is a substitutive e ect of

. De ne the conjunction of two fusions ' and , written ' ^ , to be the least equivalence relation containing ' and . De ne the weak transition = ) by the following: P = ) Q

Q and either of means that for some n  0, P ?!      ?! 1. is a communication and = i for some i and j = 1 for all j = 6 i, or 2. and all i are fusions and = ^    ^ n . Here we allow n = 0 where the empty conjunction is 1, in other words P =1) P holds for all P . De nition 12 A weak simulation is a binary relation S between agents such that P S Q 0

0

1

n

1

implies:

If P ?! P 0 with bn( ) \ fn(Q) = ; then

Q =) Q0 and P 0 S Q0 for some substitutive e ect  of A weak bisimulation is a relation S such that both S and S ?1 are weak simulations. A weak hyperbisimulation is a substitution closed weak bisimulation. Two agents P and Q are weakly hyperequivalent, written P  Q, if they are related by a weak hyperbisimulation. 1 = ) Q if = 1. De nition 13 De ne P = )+ Q to mean P = ) Q if 6= 1, and P ?! Two agents P and Q are weakly hypercongruent, written P + Q, i for any substitution 

P 0 and bn( ) \ fn(Q) = ; implies Q = ) Q0 and P 0   Q0 P  ?! +

(where  is a substitutive e ect of ) and vice versa.

Proposition 4 Weak hypercongruence is the largest congruence in weak hyperequivalence. Proof: Very much as for the corresponding result in [Mil89], pages 153{154.

8

2

DRAFT of March 18, 1998, 15:59

T1 T2 T3a T3b

Parrow & Victor: The Tau-Laws of Fusion

:1:P = :P P + 1:P = 1:P ~ : Q if is a communication : (P + M~ 1 : Q) = : (P + M~ 1 : Q) + M ' : (P + M~ : Q) = ' : (P + M~ : Q) + M~ (' ^ ) : Q if 8x; y : M~ ) x 6= y implies :x'y

Table 5: Axioms for weak hypercongruence

4.2 Axiomatization

Table 5 contains the additional axioms for weak hypercongruence. Let W be the axioms in the axioms in tables 2,3 and 5. We write `W P = Q if P and Q can be proven equal from W . Axioms T1 and T2 are direct counterparts of the familiar two rst \tau-laws" from Milner. The third law, which in Milner reads : (P +  : Q) = : (P +  : Q) + : Q, needs more care. Here, in T3a and T3b we need to distinguish between communication and fusion actions, and in both these cases a sequence M~ appear. Note the condition in T3b which forbids e.g. ' = fx = yg and M~ = [x 6= y]. Without this condition the law would be invalid. T3a generalizes to bound pre xes. For any free or bound pre x with bn( ) \ fn(M~ ) = ; we can use R2, RM1, DRM1 to derive the more general form of T3a where a bound communication pre x replaces . Proposition 5 The axioms in Table 5 are sound for  . ~ is true the so is Proof: Directly from the de nition of  . For T3b, note that if M ~ ' because of the side condition. M 2 The completeness proof stretches over several lemmas.

P 0 then P 0  P 0  . Lemma 6 If P  ?! Proof: By alpha-conversion we can assume does not bind names in dom( ). By induction over transitions it is easy to establish that fn(P 0)  fn(P ) [ bn( ). So dom() \ fn(P 0) is empty and the result follows. 2

0 Lemma 7 Let P be in HNF on V , where fn(P )  V . If P  ?! P then `W P = ~ : P 0 where M~ agrees with  and is complete on V . P + M

~ 0 : Q such that (N ~ 0 : Q) ?! Proof: Since P is in HNF it has a summand N P 0, for N~ complete on V and agreeing with . So = 0 and P 0 = Q. So by DM3, ~ 0 : Q = N~ ( 0 : Q)  N ~ : P 0. Now M~ and N~ are complete on V and agree with , `W N ~ : P 0 = M ~ : P 0. So by S4, `W P = P + M ~ : P: 2 so M~ , N~ . So by M1, `W N

Lemma 8 (Saturation lemma) Let P be in HNF on V , where fn(P )  V . If P  =) ~ : P 0 where M~ agrees with  and is complete on V . P 0 then `W P = P + M Proof: By induction on the depth of P . There are four cases for P  = ) P 0 , the rst of which also covers the base of the induction. +

+

+

+

9

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

Case 1 P  ?! P 0 . The result is immediate from Lemma 7.

Q and Q =1) P 0 , where is a communication ( a fusion is handled Case 2 P  ?! +

by Case 4 below). Let M~ agree with  and be complete on V . By Lemma 7 we ~ : Q. By alpha-conversion we can assume fn(M~ ) \ bn( ) = ;. get `W P = P + M By Lemma 6 Q  Q. So Q =1) P 0. By induction then `W Q = Q + N~ 1 : P 0. Since M~ and N~ are complete and agree with  we have M~ , N~ . So by M1, `W Q = Q + M~ 1 : P 0. In summary, ~ : (Q + M~ 1 : P 0) `W P = P + M () T3a ~ : P 0) = P + M~ ( : (Q + M~ 1 : P 0) + M M3 ~ : (Q + M~ 1 : P 0) + M~ M ~ :P0 = P + M M1 ~ : (Q + M~ 1 : P 0) + M ~ :P0 = P + M  ~ :P0 = P + M +

( )

as required.

1 Q and Q = ) Case 3 P  ?!

P 0 , where is a communication ( a fusion is handled by Case 4 below). Let M~ agree with  and be complete on V . By Lemma 7 we get `W P = P + M~ 1 : Q. By Lemma 6 Q  Q. So Q = )+ P 0. By induction ~ : P 0. Since M~ and N~ are complete and agree with  we have then `W Q = Q + N ~ : P 0. In summary, M~ , N~ . So by M1, `W Q = Q + M +

`W P =

T2 = S4 = T2 = M3 = M1 =

=

~ : P 0) P + M~ 1 : (Q + M ~ : P 0) + Q + M ~ : P 0) P + M~ (1 : (Q + M ~ : P 0) + Q + M ~ : P 0 + M ~ : P 0) P + M~ (1 : (Q + M ~ : P 0) + M ~ : P 0) P + M~ (1 : (Q + M ~ : P 0) + M~ M ~ :P0 P + M~ 1 : (Q + M ~ : P 0) + M ~ :P0 P + M~ 1 : (Q + M ~ :P0 P + M

as required.

Case 4 P  ?'! Q, and Q' =) P 0 where ' agrees with ', and is a fusion with

= ' ^ . Let M~ agree with  and be complete on V . By Lemma 7 we get ~ : Q. By Lemma 6 Q  Q. So Q' =) P 0. By induction then `W P = P + M' Q `W Q + N~ : P 0 where N~ agrees with ' and is complete on V . So, ~ : (Q + N~ : P 0) `W P = P + M' ~ : (Q + N~ : P 0) + M~ (' ^ ) : P 0 = P + M' = P + M~ (' ^ ) : P 0 +

+

( )

~ :P0 = P + M

10

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

as required, where there remains to prove (). Let [F ] be a sequence of matches corresponding to the fusion ', i.e. [F ] ) x = y i x'y. Let M~ ? be formed from M~ by removing every mismatch [x 6= y] where x'y. It follows that M~ ? [F ] , N~ since both are complete on V and agree with '. Now, `W ' : (Q + N~ : P 0) M1 = ' : (Q + M~ ? [F ] : P 0 ) DF1;DM1 = ' : (Q + M~ ? : P 0 ) T3b = ' : (Q + M~ ? : P 0 ) + M~ ? (' ^ ) : P 0 = ' : (Q + N~ : P 0 ) + M~ ? (' ^ ) : P 0 Note that the side condition in T3b is ful lled by construction of M~ ? . Therefore, ~ : (Q + N~ : P 0) = M~ (' : (Q + N~ : P 0) + M~ ? (' ^ ) : P 0) `W M' M3 ~ : (Q + N~ : P 0) + M~ M~ ? ' ^ ) : P 0 = M' M1 ~ : (Q + N~ : P 0) + M~ (' ^ ) : P 0 = M' as required, where the last step follows since all matches/mismatches in M~ ? are also in M~ . This completes Case 4 and the proof of the lemma. 2 De nition 14 A HNF P on V is called a full HNF on V if it has all summands implied by Lemma 8. Proposition 9 For any HNF on V there is a provably equivalent full HNF on V . Proof: Just apply Lemma 8 repeatedly. Eventually the HNF becomes a full HNF since there are only a nite number of derivatives and a nite number of substitutions on V to consider. 2 Lemma 10 P  Q i (P  Q or P  1 : Q or 1 : P  Q). Proof: Precisely as in [Mil89], Proposition 11 on page 156{157. 2 Theorem 11 (Completeness) P  Q implies `W P = Q. Proof: By induction on the sum of the depths of P and Q. We can assume that P and Q are full HNFs on V , for fn(P ) [ fn(Q)  V , by Proposition 9. The base case P  Q  0 ~ : P 0 be a summand of of P . By is trivial. For the inductive step assume P  Q. Let M alpha-conversion we can assume that does not bind any name in M~ . We shall prove that Q has a provably equivalent summand. Let  agree with M~ and be complete on V . Then +

+

+

+

+

From P  Q we get that

P  ? ! P 0 

+

Q = )+ Q00 where P   Q00 for a substitutive e ect  of . Since Q is a full HNF, Q must have

a summand

~ 0 : Q0 N 11

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

such that Q0  Q00 and 0 =  and  agrees with N~ and N~ is complete on V . So M~ , N~ and P 0   Q0 . Therefore, ~ : P 0 DM3 `W M = M~ ( : P 0)

= M~ ( : P 0)

DF1 = M~ ( : P 0 )

(where the last step is void if is a communication). We cannot immediately apply induction to P 0 since we only know P 0  Q0 , and not that they are hypercongruent. So we use Lemma 10 to consider three cases. Case 1 P 0  Q0 . Then by induction they are provably equal, so `W M~ ( : P 0 ) = M~ ( : Q0 ) = M~ (  : Q0 ) = M~ ( 0 : Q0 ) M1 = N~ ( 0 : Q0 ) ~ 0 : Q0 = N +

Case 2 P 0  1 : Q0 . We can now apply induction because the sum of the depths +

is one less than that for P and Q. So `W M~ ( : P 0 ) = M~ ( : 1 : Q0 ) T1 = M~ ( : Q0 ) ~ 0 : Q0 = N where the last equality is similar to Case 1 above. Case 3 1 : P 0   Q0 . This is symmetric to Case 2. We have proved that each summand in P has a provably equal summand in Q. The converse is symmetric. S1-S4 thus completes the induction and proof of the theorem, giving us `W P = Q. 2 +

5 The subcalculus without mismatch

In this section we consider the calculus without Mismatch, and let M~ etc. range over sequences of Match operators. From [PV97] we recall that by dropping axioms M4 and M5, and promoting DM5 to an axiom, we get an axiomatization of hyperequivalence without mismatch. Call the new set of axioms M. De nition P 15 An agent P is in mismatch-free head normal form (mHNF) if P is on the form i2I M~ i(x~i ) i : Pi , where 1. 8i : x~i \ fn(P ) = ;, and x~i  obj( i) 12

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

2. if i 6= j then M~ i (x~i) i : Pi 6 M~ i (x~i ) i : Pi + M~ j (x~j ) j : Pj

As in the previous section we use the derived bound pre x, so the terms in a mHNF are ~ :P. on the form M Lemma 12 [PV97] For all agents P there is an agent H such that d(H )  d(P ), H is in mHNF, and `M P = H . Theorem 13 [PV97] If P and Q contain no mismatch operators, then P  Q i `M P = Q. For the weak hypercongruence it turns out that simpler versions of T3a and T3b suce: there is no longer a need for the match sequences to be part of the axioms. The simpler versions are called Tm3a and Tm3b and are given in Table 6.

Tm3a Tm3b

: (P + 1 : Q) = : (P + 1 : Q) + : Q ' : (P + : Q) = ' : (P + : Q) + (' ^ ) : Q

Table 6: T3-laws for the calculus without mismatch Let MW be the axioms T1, T2, Tm3a and Tm3b plus the axioms in M. Then MW is easily seen to be sound for  . Note that in Tm3a can be a fusion (that would be equivalent to Tm3b with = 1). Again the completeness proof stretches over several lemmas.

~ : P 0 where M~ agrees with . Lemma 14 If P  ?! P 0 then `MW P = P + M

Proof: By Lemma 12 we can assume that P is in mHNF. Suppose P  ?! P 0 . Let ~ 0 : Q0 such that M~ ) N~ , this means that M~ agree with  . Then P has a summand N M~ , L~ N~ for some L~ , and further 0  = and Q0  P 0 . So we have: +

`MW P S4 =

~ 0 : Q0 P + N DM5 ~ 0 : Q0 + L~ N ~ 0 : Q0 = P + N M1 ~ 0 : Q0 + M ~ 0 : Q0 = P + N S4 ~ 0 : Q0 = P + M DM3 ~ 0  : Q0  = P + M ~ :P0 = P + M

2

The proof of the saturation lemma (Lemma 8) does not carry over immediately since it relies on complete match sequences. Without mismatches we instead prove it as follows. ~ : P 0 where M~ Lemma 15 (Saturation lemma) If P  = ) P 0 then `MW P = P + M agrees with . Proof: By induction on the depth of P . There are four cases for P  = ) P 0 , the rst of which also covers the base of the induction.

Case 1 P  ?! P 0 . The result is immediate from Lemma 14. +

+

13

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

Case 2 P  ?! Q and Q =1)

P 0 , where is a communication ( a fusion is handled by ~ : Q. Case 4 below). Let M~ agree with . By Lemma 14 we get that `MW P = P + M By induction and DM1, `MW Q = Q + 1 : P 0. So, +

`MW P

= Tm3a = M3 = =

~ : (Q + 1 : P 0) P + M P + M~ ( : (Q + 1 : P 0 ) + : P 0 ) ~ : (Q + 1 : P 0) + M ~ :P0 P + M ~ :P0 P + M

1 Q and Q = ) P 0 , where is a communication ( a fusion is handled by Case 3 P  ?! Case 4 below). Let M~ agree with . By Lemma 14 we get that `MW P = P + M~ 1 : Q. By induction, `MW Q = Q + : P 0. So, `MW P = P + M~ 1 : (Q + : P 0) T2 = P + M~ (1 : (Q + : P 0) + Q + : P 0) S4;T2 = P + M~ (1 : (Q + : P 0) + : P 0) M3 ~ : P 0) = P + M~ 1 : (Q + : P 0) + M +

~ :P0 P + M

=

Case 4 P  ?'! Q, and Q' =) P 0 where ' agrees with ', and is a fusion with

= ' ^ . Let M~ agree with  . By Lemma 14 we get ~ : Q DF1 ~ : Q' `MW P = P + M' = P + M' Induction gives `MW Q' = Q' + : P 0. So, ~ : (Q' + : P 0) `MW P = P + M' Tm3b = P + M~ (' : (Q' + : P 0) + (' ^ ) : P 0) M3 ~ : (Q' + : P 0) + M~ (' ^ ) : P 0 = P + M' = P + M~ (' ^ ) : P 0 +

~ :P0 P + M

=

This completes the proof of the lemma. 2 For the completeness proof we need a variant of mHNF which uses weak hypercongruence: De nition 16 An agent P is in mismatch-free weak head normal form (mwHNF) if P is P on the form i2I M~ i (x~i) i : Pi , where 1. 8i : x~i \ fn(P ) = ;, and x~i  obj( i) 2. if i 6= j then M~ i (x~i) i : Pi 6 M~ i (x~i) i : Pi + M~ j (x~j ) j : Pj +

14

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

~ :P. Again we use the derived bound pre xes, so the terms in a mwHNF are on the form M De nition 17 A substitution  satis es a match/mismatch sequence M , written  j= M , if for all x; y, M ) x = y implies (x) = (y) and M ) x 6= y implies (x) 6= (y). De nition 18 A full mwHNF is a mwHNF with the property that if P  = ) P 0 then P ~ 0 : Q0 such that  j= M~ , 0 = and Q0  P 0 . has a summand M The following lemma and theorem are proved by a simultaneous induction on depth: Lemma 16 For all agents P there is an agent H such that d(H )  d(P ), H is in full mwHNF, and `MW P = H . Theorem 17 P  Q i `MW P = Q. Soundness is easily established, and we turn to completeness. We here only outline how the proof di ers from previous completeness proofs. It uses induction on the depth of the agents involved. Lemma 16 uses Theorem 17 for agents of strictly smaller depth than the agents in the lemma. Theorem 17 uses Lemma 16 for agents of equal or smaller depth than the agents in the theorem. For Lemma 16 rst apply Lemma 15 repeatedly to P ; there are only a nite number of substitutions that matter (those a ecting fn(P )) and a nite number of derivatives. The resulting agent P 0 has all terms implied by Lemma 15. But it may not be in full mwHNF because of condition 2 in the de nition of mwHNF. Let Q and R be two summands in P 0 such that Q  Q + R. We can then prove `MW Q = Q + R much as in the proof of Lemma 17 in [PV97]. Thus we can repeatedly remove such summands R from P 0 until we gain a mwHNF. Obviously removing summands in that way will preserve the condition in the de nition of a full mHNF. Also the proof of Theorem 17 follows the proof of Theorem 18 in [PV97] closely. The di erences here (and also in the proof that `MW Q = Q + R mentioned above) are the following. Obviously  replaces , and therefore simulating transitions are = ) , but

by saturation we obtain that there are simulating transitions ?! . Resulting derivatives are related by  (rather than ) and we then use Lemma 10 to consider three cases. Any actions 1 introduced by that lemma will disappear by T1, just as in the proof of Theorem 3. +

+

+

+

+

+

6 A more traditional T3

The law T3b (and similarly Tm3b) captures the circumstance when two fusions can be simulated by one. In the same way, in CCS and in the -calculus, the tau-laws say when two actions can be simulated by one. In those calculi one of the actions has to be the unobservable action  . It is therefore natural to ask what the e ect would be if T3b were restricted to the case = 1. Call this restricted form T3b0: ~ : Q if 8x; y : M~ ) x 6= y implies :x ' y T3b0 ' : (P +M~ 1 : Q) = ' : (P +M~ 1 : Q)+M'

15

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

This is structurally more similar to T3a. In fact, by de ning \x y" to never hold when is a communication, T3a and T3b0 can now easily be formulated as one law: ~ : Q if 8x; y : M~ ) x 6= y implies :x y T30 : (P + M~ 1 : Q) = : (P + M~ 1 : Q)+ M Given the tau-laws of CCS and the -calculus, the laws T1, T2 and T30 might be thought of as the \traditional" laws of the fusion calculus. Let W 0 consist of these axioms plus the axioms for hypercongruence in tables 2 and 3. We will here characterize the equivalence generated by W 0 coinductively, and demonstrate that it is strictly ner than weak hypercongruence. For the purpose of this section, make the following changes in the previous de nitions: In De nition 11, rede ne the weak transition = ) by the following:

1 i P = ) Q means that for some n  0, P ?!      ? ! Q and = i for some and j = 1 for all j 6= i. We allow n = 0 and = 1, in other words P =1) P holds for all P . Note that the special case when is a fusion has disappeared. This has consequences for the de nitions of weak hyperequivalence and weak hypercongruence, which with the amended de nition are denoted 0 and 0 . That these are smaller than  and  can be seen with a simple instance of T3b: ' : : P 60 ' : : P + (' ^ ) : P '^ since RHS == ) P can no longer be simulated by LHS. However, fusions still exhibit some absorptions that communications do not. For example, n

+

+

' : ' : P 0 ' : P

holds by DF2 and T1.

Theorem 18 P 0

+

Q i `W P = Q. 0

Proof: Soundness is easily established. For completeness we only indicate where the

proofs of Theorem 11 and its supporting lemmas change. The only signi cant change is in the proof of Lemma 8. Here Case 4 disappears because of the amended de nition of = ). On the other hand Case 2 and 3 must now also consider the case that is a fusion. For Case 3 this represents no problem, the demonstrated derivation works also for a fusion. For Case 2, if is a fusion we need to apply T3b0. This is proved exactly as in Case 4 with the additional requirement that = 1 (since T3b0 is just the special case of T3b where = 1). The rest of the completeness proof is unchanged. 2 In the subcalculus without mismatch a similar e ect is obtained by requiring = 1 in Tm3b. Since Tm3a admits to be a fusion this means that Tm3b can be dropped altogether. Let MW 0 be the axioms of M plus T1, T2 and Tm3b. Note that these three laws correspond exactly to the three tau-laws of CCS! Theorem 19 In the subcalculus without mismatch, P 0 Q i `MW P = Q. Proof: The proof is completely analogous to the proof of Theorem 18. Only Lemma 15 changes in that in case 4, = 1 is now sucient. So Tm3a suces for this case. Cases 2 and 3 need to be strengthened to consider that is a fusion, but that is trivial. 2 +

16

0

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

with mismatch S

no mismatch

M3 M4

R M1,M2 DM5 RM F E

T3a (T3b')

T1 T2

Tm3a

strong

traditional weak

Tm3b

T3b

weak

Figure 1: Overview of the axiom systems.

7 Conclusion We have given complete axiomatizations of weak hypercongruence in the fusion calculus, both with and without mismatch. An overview is shown in Figure 1. There are several obvious avenues of further work. The axiomatization can presumably be extended to cover the nite-control fragment of the fusion calculus, following ideas from Lin [Lin95b]. A variant for weak open equivalence in the -calculus is also probably straightforward by extending Victor's proofs for strong open equivalence in [Vic98]. Proving the axioms independent is probably less straightforward. Indeed, formal independence proofs have attracted very little attention so far. For example, we are not aware of a formal proof that the three tau-laws of CCS are independent (though such a proof is probably not very hard). Of the laws presented in this paper we conjecture that T3a, with its sequences of matches and mismatches, cannot be derived from Tm3a (without these sequences) and the other laws. On the other hand it is not dicult to show that a version of T3a with only mismatches is sucient. There is a wide spectrum of behavioural equivalences which do not discriminate on the basis of internal actions, for an overview see e.g. [Gla93]. It is not at this point clear how interesting they are for the fusion calculus and its applications, though our work on concurrent constraints in the fusion calculus [VP98] indicates that relevant equivalences should in some ways respect divergence.

17

DRAFT of March 18, 1998, 15:59

Parrow & Victor: The Tau-Laws of Fusion

References [Gla93]

R. v. Glabbeek. The linear time { branching time spectrum II; the semantics of sequential systems with silent moves (extended abstract). In E. Best, ed, Proceedings of CONCUR'93, volume 715 of LNCS, pages 66{81. Springer, 1993. [HM85] M. Hennessy and R. Milner. Algebraic laws for nondeterminism and concurrency. Journal of the ACM, 32(1):137{161, 1985. [Lin95a] H. Lin. Complete inference systems for weak bisimulation equivalences in the -calculus. In P. D. Mosses, M. Nielsen and M. I. Schwarzbach, eds, Proceedings of TAPSOFT '95, volume 915 of LNCS, pages 187{201. Springer, 1995. Presented in the CAAP-section. Available as Technical Report ISCAS-LCS-94-11, Institute of Software, Chinese Academy of Sciences, 1994. [Lin95b] H. Lin. Unique xpoint induction for mobile processes. In I. Lee and S. A. Smolka, eds, Proceedings of CONCUR '95, volume 962 of LNCS, pages 88{102. Springer, 1995. [Mil80] R. Milner. A Calculus of Communicating Systems, volume 92 of LNCS. Springer, 1980. [Mil89] R. Milner. Communication and Concurrency. Prentice-Hall, 1989. [MPW92] R. Milner, J. Parrow and D. Walker. A calculus of mobile processes, Parts I and II. Journal of Information and Computation, 100:1{77, Sept. 1992. [PS95] J. Parrow and D. Sangiorgi. Algebraic theories for name-passing calculi. Journal of Information and Computation, 120(2):174{197, 1995. [PV97] J. Parrow and B. Victor. The fusion calculus: Expressiveness and symmetry in mobile processes. Technical Report 97/96, Department of Computer Systems, Uppsala University, Sweden, Dec. 1997. Extended abstract accepted for publication in the Proc. of LICS'98. Available from http://www.docs.uu.se/~victor/tr/fusion.html. [Vic98] B. Victor. Symbolic characterizations and algorithms for hyperequivalence and open bisimulation. Submitted for publication. Available from http://www.docs.uu.se/~victor/tr/ symhyper.html, Mar. 1998. [VP98] B. Victor and J. Parrow. Concurrent constraints in the fusion calculus. Accepted for publication in the Proc. of ICALP'98. Available from http://www.docs.uu.se/~victor/tr/ccfc.html, Jan. 1998.

18

Recommend Documents